nodejs: fix sandboxed build on darwin

2024-12-11 08:13:04 +00:00 · 2023-10-19 21:29:09 +03:00 · 2023-10-19 21:29:09 +03:00 · ce685a8422
commit ce685a8422
parent 5bf99d0694
7 changed files with 128 additions and 7 deletions
--- a/pkgs/development/web/nodejs/gyp-patches-pre-v22-import-sys.patch
+++ b/pkgs/development/web/nodejs/gyp-patches-pre-v22-import-sys.patch
@ -0,0 +1,24 @@
+Add missing import statement for gyp-patches.nix.
+
+--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
+++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
+@@ -25,6 +25,7 @@
+ import os
+ import re
+ import subprocess
+import sys
+ import gyp
+ import gyp.common
+ import gyp.xcode_emulation
+
+--- a/tools/gyp/pylib/gyp/generator/make.py
+++ b/tools/gyp/pylib/gyp/generator/make.py
+@@ -25,6 +25,7 @@
+ import os
+ import re
+ import subprocess
+import sys
+ import gyp
+ import gyp.common
+ import gyp.xcode_emulation
+
--- a/pkgs/development/web/nodejs/gyp-patches-v22-import-sys.patch
+++ b/pkgs/development/web/nodejs/gyp-patches-v22-import-sys.patch
@ -0,0 +1,14 @@
+For some reason Node.js v22 has two different GYP versions vendored, and
+only one of them contains `import sys`.
+
+--- a/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
+++ b/deps/npm/node_modules/node-gyp/gyp/pylib/gyp/generator/make.py
+@@ -25,6 +25,7 @@
+ import os
+ import re
+ import subprocess
+import sys
+ import gyp
+ import gyp.common
+ import gyp.xcode_emulation
+
--- a/pkgs/development/web/nodejs/gyp-patches.nix
+++ b/pkgs/development/web/nodejs/gyp-patches.nix
@ -0,0 +1,22 @@
+{ fetchpatch2 }:
+let
+  name = "gyp-darwin-sandbox.patch";
+  url = "https://github.com/nodejs/gyp-next/commit/706d04aba5bd18f311dc56f84720e99f64c73466.patch";
+in
+[
+  # Fixes builds with Nix sandbox on Darwin for gyp.
+  # See https://github.com/NixOS/nixpkgs/issues/261820
+  # and https://github.com/nodejs/gyp-next/pull/216
+  (fetchpatch2 {
+    inherit name url;
+    hash = "sha256-l8FzgLq9CbVJCkXfnTyDQ+vXKCz65wpaffE74oSU+kY=";
+    stripLen = 1;
+    extraPrefix = "tools/gyp/";
+  })
+  (fetchpatch2 {
+    inherit name url;
+    hash = "sha256-UVUn4onXfJgFoAdApLAbliiBgM9rxDdIo53WjFryoBI=";
+    stripLen = 1;
+    extraPrefix = "deps/npm/node_modules/node-gyp/gyp/";
+  })
+]
--- a/pkgs/development/web/nodejs/nodejs.nix
+++ b/pkgs/development/web/nodejs/nodejs.nix
@ -131,25 +131,74 @@ let

    inherit patches;

-    doCheck = lib.versionAtLeast version "16"; # some tests fail on v14
+    __darwinAllowLocalNetworking = true; # for tests
+
+    # TODO: what about tests when cross-compiling?
+    # Note that currently stdenv does not run check phase if build ≠ host.
+    doCheck = true;

    # Some dependencies required for tools/doc/node_modules (and therefore
    # test-addons, jstest and others) target are not included in the tarball.
    # Run test targets that do not require network access.
-    checkTarget = lib.concatStringsSep " " [
+    checkTarget = lib.concatStringsSep " " ([
      "build-js-native-api-tests"
      "build-node-api-tests"
      "tooltest"
      "cctest"
+    ] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [
+      # There are some test failures on macOS before v20 that are not worth the
+      # time to debug for a version that would be eventually removed in less
+      # than a year (Node.js 18 will be EOL at 2025-04-30). Note that these
+      # failures are specific to Nix sandbox on macOS and should not affect
+      # actual functionality.
      "test-ci-js"
-    ];
+    ]);

    checkFlags = [
      # Do not create __pycache__ when running tests.
      "PYTHONDONTWRITEBYTECODE=1"
+    ] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [
      "FLAKY_TESTS=skip"
      # Skip some tests that are not passing in this context
-      "CI_SKIP_TESTS=test-setproctitle,test-tls-cli-max-version-1.3,test-tls-client-auth,test-child-process-exec-env,test-fs-write-stream-eagain,test-tls-sni-option,test-https-foafssl,test-child-process-uid-gid,test-process-euid-egid,test-process-initgroups,test-process-uid-gid,test-process-setgroups"
+      "CI_SKIP_TESTS=${lib.concatStringsSep "," ([
+        "test-child-process-exec-env"
+        "test-child-process-uid-gid"
+        "test-fs-write-stream-eagain"
+        "test-https-foafssl"
+        "test-process-euid-egid"
+        "test-process-initgroups"
+        "test-process-setgroups"
+        "test-process-uid-gid"
+        "test-setproctitle"
+        "test-tls-cli-max-version-1.3"
+        "test-tls-client-auth"
+        "test-tls-sni-option"
+      ] ++ lib.optionals stdenv.hostPlatform.isDarwin [
+        # Disable tests that don’t work under macOS sandbox.
+        "test-macos-app-sandbox"
+        "test-os"
+        "test-os-process-priority"
+        # This is a bit weird, but for some reason fs watch tests fail with
+        # sandbox.
+        "test-fs-promises-watch"
+        "test-fs-watch"
+        "test-fs-watch-encoding"
+        "test-fs-watch-non-recursive"
+        "test-fs-watch-recursive-add-file"
+        "test-fs-watch-recursive-add-file-to-existing-subfolder"
+        "test-fs-watch-recursive-add-file-to-new-folder"
+        "test-fs-watch-recursive-add-file-with-url"
+        "test-fs-watch-recursive-add-folder"
+        "test-fs-watch-recursive-assert-leaks"
+        "test-fs-watch-recursive-promise"
+        "test-fs-watch-recursive-symlink"
+        "test-fs-watch-recursive-sync-write"
+        "test-fs-watch-recursive-update-file"
+        "test-fs-watchfile"
+        "test-runner-run"
+        "test-runner-watch-mode"
+        "test-watch-mode-files_watcher"
+      ])}"
    ];

    postInstall = ''
--- a/pkgs/development/web/nodejs/v18.nix
+++ b/pkgs/development/web/nodejs/v18.nix
@ -16,6 +16,10 @@ let
    buildPackages = buildPackages // { stdenv = ensureCompatibleCC buildPackages; };
    python = python311;
  };
+
+  gypPatches = callPackage ./gyp-patches.nix { } ++ [
+    ./gyp-patches-pre-v22-import-sys.patch
+  ];
 in
 buildNodejs {
  inherit enableNpm;
@ -33,5 +37,5 @@ buildNodejs {
      url = "https://github.com/nodejs/node/commit/534c122de166cb6464b489f3e6a9a544ceb1c913.patch";
      hash = "sha256-4q4LFsq4yU1xRwNsM1sJoNVphJCnxaVe2IyL6AeHJ/I=";
    })
-  ];
+  ] ++ gypPatches;
 }
--- a/pkgs/development/web/nodejs/v20.nix
+++ b/pkgs/development/web/nodejs/v20.nix
@ -5,6 +5,10 @@ let
    inherit openssl;
    python = python3;
  };
+
+  gypPatches = callPackage ./gyp-patches.nix { } ++ [
+    ./gyp-patches-pre-v22-import-sys.patch
+  ];
 in
 buildNodejs {
  inherit enableNpm;
@ -23,5 +27,5 @@ buildNodejs {
      url = "https://github.com/nodejs/node/commit/14863e80584e579fd48c55f6373878c821c7ff7e.patch";
      hash = "sha256-I7Wjc7DE059a/ZyXAvAqEGvDudPjxQqtkBafckHCFzo=";
    })
-  ];
+  ] ++ gypPatches;
 }
--- a/pkgs/development/web/nodejs/v22.nix
+++ b/pkgs/development/web/nodejs/v22.nix
@ -5,6 +5,10 @@ let
    inherit openssl;
    python = python3;
  };
+
+  gypPatches = callPackage ./gyp-patches.nix { } ++ [
+    ./gyp-patches-v22-import-sys.patch
+  ];
 in
 buildNodejs {
  inherit enableNpm;
@ -16,5 +20,5 @@ buildNodejs {
    ./node-npm-build-npm-package-logic.patch
    ./use-correct-env-in-tests.patch
    ./bin-sh-node-run-v22.patch
-  ];
+  ] ++ gypPatches;
 }