pyrox.dev / nixpkgs
lol
fork atom

nodejs: fix sandboxed build on darwin

Ivan Trubach ce685a84 5bf99d06

options
unified split
Changed files
+128 -7
pkgs
development
web
nodejs
gyp-patches-pre-v22-import-sys.patch
gyp-patches-v22-import-sys.patch
gyp-patches.nix
nodejs.nix
v18.nix
v20.nix
v22.nix
+24
pkgs/development/web/nodejs/gyp-patches-pre-v22-import-sys.patch 
···

       

       
1

       
+

       
Add missing import statement for gyp-patches.nix.


     

       

       
2

       
+

       



     

       

       
3

       
+

       
--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py


     

       

       
4

       
+

       
+++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py


     

       

       
5

       
+

       
@@ -25,6 +25,7 @@


     

       

       
6

       
+

       
 import os


     

       

       
7

       
+

       
 import re


     

       

       
8

       
+

       
 import subprocess


     

       

       
9

       
+

       
+import sys


     

       

       
10

       
+

       
 import gyp


     

       

       
11

       
+

       
 import gyp.common


     

       

       
12

       
+

       
 import gyp.xcode_emulation


     

       

       
13

       
+

       



     

       

       
14

       
+

       
--- a/tools/gyp/pylib/gyp/generator/make.py


     

       

       
15

       
+

       
+++ b/tools/gyp/pylib/gyp/generator/make.py


     

       

       
16

       
+

       
@@ -25,6 +25,7 @@


     

       

       
17

       
+

       
 import os


     

       

       
18

       
+

       
 import re


     

       

       
19

       
+

       
 import subprocess


     

       

       
20

       
+

       
+import sys


     

       

       
21

       
+

       
 import gyp


     

       

       
22

       
+

       
 import gyp.common


     

       

       
23

       
+

       
 import gyp.xcode_emulation


     

       

       
24

       
+
+14
pkgs/development/web/nodejs/gyp-patches-v22-import-sys.patch 
···

       

       
1

       
+

       
For some reason Node.js v22 has two different GYP versions vendored, and


     

       

       
2

       
+

       
only one of them contains `import sys`.


     

       

       
3

       
+

       



     

       

       
4

       
+

       
--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py


     

       

       
5

       
+

       
+++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py


     

       

       
6

       
+

       
@@ -25,6 +25,7 @@


     

       

       
7

       
+

       
 import os


     

       

       
8

       
+

       
 import re


     

       

       
9

       
+

       
 import subprocess


     

       

       
10

       
+

       
+import sys


     

       

       
11

       
+

       
 import gyp


     

       

       
12

       
+

       
 import gyp.common


     

       

       
13

       
+

       
 import gyp.xcode_emulation


     

       

       
14

       
+
+22
pkgs/development/web/nodejs/gyp-patches.nix 
···

       

       
1

       
+

       
{ fetchpatch2 }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  name = "gyp-darwin-sandbox.patch";


     

       

       
4

       
+

       
  url = "https://github.com/nodejs/gyp-next/commit/706d04aba5bd18f311dc56f84720e99f64c73466.patch";


     

       

       
5

       
+

       
in


     

       

       
6

       
+

       
[


     

       

       
7

       
+

       
  # Fixes builds with Nix sandbox on Darwin for gyp.


     

       

       
8

       
+

       
  # See https://github.com/NixOS/nixpkgs/issues/261820


     

       

       
9

       
+

       
  # and https://github.com/nodejs/gyp-next/pull/216


     

       

       
10

       
+

       
  (fetchpatch2 {


     

       

       
11

       
+

       
    inherit name url;


     

       

       
12

       
+

       
    hash = "sha256-l8FzgLq9CbVJCkXfnTyDQ+vXKCz65wpaffE74oSU+kY=";


     

       

       
13

       
+

       
    stripLen = 1;


     

       

       
14

       
+

       
    extraPrefix = "tools/gyp/";


     

       

       
15

       
+

       
  })


     

       

       
16

       
+

       
  (fetchpatch2 {


     

       

       
17

       
+

       
    inherit name url;


     

       

       
18

       
+

       
    hash = "sha256-UVUn4onXfJgFoAdApLAbliiBgM9rxDdIo53WjFryoBI=";


     

       

       
19

       
+

       
    stripLen = 1;


     

       

       
20

       
+

       
    extraPrefix = "deps/npm/node_modules/node-gyp/gyp/";


     

       

       
21

       
+

       
  })


     

       

       
22

       
+

       
]
+53 -4
pkgs/development/web/nodejs/nodejs.nix 
···

       
131

       
131

       
 

       



     

       
132

       
132

       
 

       
    inherit patches;


     

       
133

       
133

       
 

       



     

       
134

       

       
-

       
    doCheck = lib.versionAtLeast version "16"; # some tests fail on v14


     

       

       
134

       
+

       
    __darwinAllowLocalNetworking = true; # for tests


     

       

       
135

       
+

       



     

       

       
136

       
+

       
    # TODO: what about tests when cross-compiling?


     

       

       
137

       
+

       
    # Note that currently stdenv does not run check phase if build ≠ host.


     

       

       
138

       
+

       
    doCheck = true;


     

       
135

       
139

       
 

       



     

       
136

       
140

       
 

       
    # Some dependencies required for tools/doc/node_modules (and therefore


     

       
137

       
141

       
 

       
    # test-addons, jstest and others) target are not included in the tarball.


     

       
138

       
142

       
 

       
    # Run test targets that do not require network access.


     

       
139

       

       
-

       
    checkTarget = lib.concatStringsSep " " [


     

       

       
143

       
+

       
    checkTarget = lib.concatStringsSep " " ([


     

       
140

       
144

       
 

       
      "build-js-native-api-tests"


     

       
141

       
145

       
 

       
      "build-node-api-tests"


     

       
142

       
146

       
 

       
      "tooltest"


     

       
143

       
147

       
 

       
      "cctest"


     

       

       
148

       
+

       
    ] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [


     

       

       
149

       
+

       
      # There are some test failures on macOS before v20 that are not worth the


     

       

       
150

       
+

       
      # time to debug for a version that would be eventually removed in less


     

       

       
151

       
+

       
      # than a year (Node.js 18 will be EOL at 2025-04-30). Note that these


     

       

       
152

       
+

       
      # failures are specific to Nix sandbox on macOS and should not affect


     

       

       
153

       
+

       
      # actual functionality.


     

       
144

       
154

       
 

       
      "test-ci-js"


     

       
145

       

       
-

       
    ];


     

       

       
155

       
+

       
    ]);


     

       
146

       
156

       
 

       



     

       
147

       
157

       
 

       
    checkFlags = [


     

       
148

       
158

       
 

       
      # Do not create __pycache__ when running tests.


     

       
149

       
159

       
 

       
      "PYTHONDONTWRITEBYTECODE=1"


     

       

       
160

       
+

       
    ] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [


     

       
150

       
161

       
 

       
      "FLAKY_TESTS=skip"


     

       
151

       
162

       
 

       
      # Skip some tests that are not passing in this context


     

       
152

       

       
-

       
      "CI_SKIP_TESTS=test-setproctitle,test-tls-cli-max-version-1.3,test-tls-client-auth,test-child-process-exec-env,test-fs-write-stream-eagain,test-tls-sni-option,test-https-foafssl,test-child-process-uid-gid,test-process-euid-egid,test-process-initgroups,test-process-uid-gid,test-process-setgroups"


     

       

       
163

       
+

       
      "CI_SKIP_TESTS=${lib.concatStringsSep "," ([


     

       

       
164

       
+

       
        "test-child-process-exec-env"


     

       

       
165

       
+

       
        "test-child-process-uid-gid"


     

       

       
166

       
+

       
        "test-fs-write-stream-eagain"


     

       

       
167

       
+

       
        "test-https-foafssl"


     

       

       
168

       
+

       
        "test-process-euid-egid"


     

       

       
169

       
+

       
        "test-process-initgroups"


     

       

       
170

       
+

       
        "test-process-setgroups"


     

       

       
171

       
+

       
        "test-process-uid-gid"


     

       

       
172

       
+

       
        "test-setproctitle"


     

       

       
173

       
+

       
        "test-tls-cli-max-version-1.3"


     

       

       
174

       
+

       
        "test-tls-client-auth"


     

       

       
175

       
+

       
        "test-tls-sni-option"


     

       

       
176

       
+

       
      ] ++ lib.optionals stdenv.hostPlatform.isDarwin [


     

       

       
177

       
+

       
        # Disable tests that don’t work under macOS sandbox.


     

       

       
178

       
+

       
        "test-macos-app-sandbox"


     

       

       
179

       
+

       
        "test-os"


     

       

       
180

       
+

       
        "test-os-process-priority"


     

       

       
181

       
+

       
        # This is a bit weird, but for some reason fs watch tests fail with


     

       

       
182

       
+

       
        # sandbox.


     

       

       
183

       
+

       
        "test-fs-promises-watch"


     

       

       
184

       
+

       
        "test-fs-watch"


     

       

       
185

       
+

       
        "test-fs-watch-encoding"


     

       

       
186

       
+

       
        "test-fs-watch-non-recursive"


     

       

       
187

       
+

       
        "test-fs-watch-recursive-add-file"


     

       

       
188

       
+

       
        "test-fs-watch-recursive-add-file-to-existing-subfolder"


     

       

       
189

       
+

       
        "test-fs-watch-recursive-add-file-to-new-folder"


     

       

       
190

       
+

       
        "test-fs-watch-recursive-add-file-with-url"


     

       

       
191

       
+

       
        "test-fs-watch-recursive-add-folder"


     

       

       
192

       
+

       
        "test-fs-watch-recursive-assert-leaks"


     

       

       
193

       
+

       
        "test-fs-watch-recursive-promise"


     

       

       
194

       
+

       
        "test-fs-watch-recursive-symlink"


     

       

       
195

       
+

       
        "test-fs-watch-recursive-sync-write"


     

       

       
196

       
+

       
        "test-fs-watch-recursive-update-file"


     

       

       
197

       
+

       
        "test-fs-watchfile"


     

       

       
198

       
+

       
        "test-runner-run"


     

       

       
199

       
+

       
        "test-runner-watch-mode"


     

       

       
200

       
+

       
        "test-watch-mode-files_watcher"


     

       

       
201

       
+

       
      ])}"


     

       
153

       
202

       
 

       
    ];


     

       
154

       
203

       
 

       



     

       
155

       
204

       
 

       
    postInstall = ''
+5 -1
pkgs/development/web/nodejs/v18.nix 
···

       
16

       
16

       
 

       
    buildPackages = buildPackages // { stdenv = ensureCompatibleCC buildPackages; };


     

       
17

       
17

       
 

       
    python = python311;


     

       
18

       
18

       
 

       
  };


     

       

       
19

       
+

       



     

       

       
20

       
+

       
  gypPatches = callPackage ./gyp-patches.nix { } ++ [


     

       

       
21

       
+

       
    ./gyp-patches-pre-v22-import-sys.patch


     

       

       
22

       
+

       
  ];


     

       
19

       
23

       
 

       
in


     

       
20

       
24

       
 

       
buildNodejs {


     

       
21

       
25

       
 

       
  inherit enableNpm;


     
···

       
33

       
37

       
 

       
      url = "https://github.com/nodejs/node/commit/534c122de166cb6464b489f3e6a9a544ceb1c913.patch";


     

       
34

       
38

       
 

       
      hash = "sha256-4q4LFsq4yU1xRwNsM1sJoNVphJCnxaVe2IyL6AeHJ/I=";


     

       
35

       
39

       
 

       
    })


     

       
36

       

       
-

       
  ];


     

       

       
40

       
+

       
  ] ++ gypPatches;


     

       
37

       
41

       
 

       
}
+5 -1
pkgs/development/web/nodejs/v20.nix 
···

       
5

       
5

       
 

       
    inherit openssl;


     

       
6

       
6

       
 

       
    python = python3;


     

       
7

       
7

       
 

       
  };


     

       

       
8

       
+

       



     

       

       
9

       
+

       
  gypPatches = callPackage ./gyp-patches.nix { } ++ [


     

       

       
10

       
+

       
    ./gyp-patches-pre-v22-import-sys.patch


     

       

       
11

       
+

       
  ];


     

       
8

       
12

       
 

       
in


     

       
9

       
13

       
 

       
buildNodejs {


     

       
10

       
14

       
 

       
  inherit enableNpm;


     
···

       
23

       
27

       
 

       
      url = "https://github.com/nodejs/node/commit/14863e80584e579fd48c55f6373878c821c7ff7e.patch";


     

       
24

       
28

       
 

       
      hash = "sha256-I7Wjc7DE059a/ZyXAvAqEGvDudPjxQqtkBafckHCFzo=";


     

       
25

       
29

       
 

       
    })


     

       
26

       

       
-

       
  ];


     

       

       
30

       
+

       
  ] ++ gypPatches;


     

       
27

       
31

       
 

       
}
+5 -1
pkgs/development/web/nodejs/v22.nix 
···

       
5

       
5

       
 

       
    inherit openssl;


     

       
6

       
6

       
 

       
    python = python3;


     

       
7

       
7

       
 

       
  };


     

       

       
8

       
+

       



     

       

       
9

       
+

       
  gypPatches = callPackage ./gyp-patches.nix { } ++ [


     

       

       
10

       
+

       
    ./gyp-patches-v22-import-sys.patch


     

       

       
11

       
+

       
  ];


     

       
8

       
12

       
 

       
in


     

       
9

       
13

       
 

       
buildNodejs {


     

       
10

       
14

       
 

       
  inherit enableNpm;


     
···

       
16

       
20

       
 

       
    ./node-npm-build-npm-package-logic.patch


     

       
17

       
21

       
 

       
    ./use-correct-env-in-tests.patch


     

       
18

       
22

       
 

       
    ./bin-sh-node-run-v22.patch


     

       
19

       

       
-

       
  ];


     

       

       
23

       
+

       
  ] ++ gypPatches;


     

       
20

       
24

       
 

       
}