[Pkg-javascript-devel] Bug#920468: node-libnpx accesses the network at build-time
Steve Langasek
steve.langasek at canonical.com
Fri Jan 25 22:30:42 GMT 2019
Package: node-libnpx
Version: 10.2.0-2
Severity: important
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu disco ubuntu-patch
Dear Pirate,
In Ubuntu, the node-libnpx has failed to build because it tries to access
the network in order to download test dependencies:
[...]
# Subtest: test/index.js
# Subtest: npx --always-spawn
not ok 1 - Command failed: node /<<PKGBUILDDIR>>/test/util/npx-bin.js --always-spawn echo-cli hewwo
---
stack: |
ChildProcess.child.on.code (child.js:41:21)
at:
line: 41
column: 21
file: child.js
function: ChildProcess.child.on.code
isOperational: true
stderr: >
npm ERR! code ENOTFOUND
npm ERR! errno ENOTFOUND
npm ERR! network request to https://registry.npmjs.org/echo-cli failed,
reason: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
npm ERR! network This is a problem related to network connectivity.
[...]
# Subtest: npx with custom installer stdio
not ok 1 - Command failed: node /<<PKGBUILDDIR>>/test/util/npx-bin-inherit-stdio.js say-shalom at 1.2.7
---
stack: |
ChildProcess.child.on.code (child.js:41:21)
at:
line: 41
column: 21
file: child.js
function: ChildProcess.child.on.code
isOperational: true
stderr: >
npm ERR! code ENOTFOUND
npm ERR! errno ENOTFOUND
npm ERR! network request to https://registry.npmjs.org/say-shalom failed,
reason: getaddrinfo ENOTFOUND registry.npmjs.org registry.npmjs.org:443
npm ERR! network This is a problem related to network connectivity.
[...]
(https://launchpad.net/ubuntu/+source/node-libnpx/10.2.0-2/+build/15638838)
Packages should not be accessing sites on the Internet at build time. Since
I can't find either echo-cli or say-shalom as a package in Debian, I think
the right solution here is to disable these tests.
Please find attached a patch which does this. I have uploaded this patch to
Ubuntu.
Regards,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
diff -Nru node-libnpx-10.2.0/debian/patches/disable-network-test.patch node-libnpx-10.2.0/debian/patches/disable-network-test.patch
--- node-libnpx-10.2.0/debian/patches/disable-network-test.patch 1969-12-31 16:00:00.000000000 -0800
+++ node-libnpx-10.2.0/debian/patches/disable-network-test.patch 2019-01-25 14:26:43.000000000 -0800
@@ -0,0 +1,73 @@
+Description: Disable tests that require network access
+ Tests in this package require access to https://registry.npmjs.org/echo-cli
+ and https://registry.npmjs.org/say-shalom at build time. Disable these
+ tests, since NPM is inaccessible at build time per policy.
+Author: Steve Langasek <steve.langasek at ubuntu.com>
+Last-Modified: 2018-01-25
+
+Index: node-libnpx-10.2.0/test/index.js
+===================================================================
+--- node-libnpx-10.2.0.orig/test/index.js
++++ node-libnpx-10.2.0/test/index.js
+@@ -16,39 +16,6 @@
+
+ const NPX_ESC = isWindows ? child.escapeArg(NPX_PATH) : NPX_PATH
+
+-test('npx --always-spawn', t => {
+- return child.spawn('node', [
+- NPX_ESC, '--always-spawn', 'echo-cli', 'hewwo'
+- ], {stdio: 'pipe'}).then(res => {
+- t.equal(res.stdout.trim(), 'hewwo')
+- })
+-})
+-
+-test('npx --always-spawn resolves promise after command is executed', t => {
+- const _runCommand = child.runCommand
+- const parsed = main.parseArgs([
+- process.argv[0],
+- '[fake arg]',
+- '--always-spawn',
+- 'echo-cli',
+- 'hewwo'
+- ], NPM_PATH)
+- child.runCommand = (command, opts) => {
+- child.runCommand = _runCommand
+- return Promise.resolve([command, opts])
+- }
+- return main(parsed)
+- .then(args => {
+- const command = args[0]
+- const opts = args[1]
+- t.ok(command.includes('node'), 'node executes the command')
+- t.equal(opts.alwaysSpawn, true, 'set opts.alwaysSpawn')
+- t.equal(opts.command, 'echo-cli', 'set opts.command')
+- t.ok(opts.cmdOpts[0].includes('echo-cli'), 'set opts.cmdOpts[0]')
+- t.equal(opts.cmdOpts[1], 'hewwo', 'set opts.cmdOpts[1]')
+- })
+-})
+-
+ test('npx --shell-auto-fallback', t => {
+ return child.spawn('node', [
+ NPX_ESC, '--shell-auto-fallback', 'zsh'
+@@ -293,21 +260,6 @@
+ })
+ })
+
+-test('npx with custom installer stdio', t => {
+- const NPX_PATH = path.resolve(__dirname, 'util', 'npx-bin-inherit-stdio.js')
+- const NPX_ESC = isWindows ? child.escapeArg(NPX_PATH) : NPX_PATH
+-
+- return child.spawn('node', [
+- NPX_ESC, 'say-shalom at 1.2.7'
+- ], {stdio: 'pipe'}).then(res => {
+- t.equal(res.code, 0, 'command succeeded')
+- t.match(
+- res.stdout.toString(), /"added":/, 'installer output printed directly to console'
+- )
+- t.end()
+- })
+-})
+-
+ test('noisy npx with --quiet arg on windows', {
+ skip: !isWindows && 'Only on Windows does the path to the downloaded module get printed'
+ }, t => {
diff -Nru node-libnpx-10.2.0/debian/patches/series node-libnpx-10.2.0/debian/patches/series
--- node-libnpx-10.2.0/debian/patches/series 2018-10-16 06:40:45.000000000 -0700
+++ node-libnpx-10.2.0/debian/patches/series 2019-01-25 14:26:53.000000000 -0800
@@ -1,2 +1,3 @@
disable-which-test.patch
disable-dotenv-test.patch
+disable-network-test.patch
More information about the Pkg-javascript-devel
mailing list