[kirkstone,20/24] npm: replace 'npm pack' call by 'tar czf'

Message ID	8a83fbca45a74c30265168767a716e1a272df89b.1662559557.git.steve@sakoman.com
State	Accepted, archived
Commit	8a83fbca45a74c30265168767a716e1a272df89b
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.49, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 20/24] npm: replace 'npm pack' call by 'tar czf' Date: Wed, 7 Sep 2022 04:20:21 -1000 Message-Id: <8a83fbca45a74c30265168767a716e1a272df89b.1662559557.git.steve@sakoman.com> In-Reply-To: <cover.1662559557.git.steve@sakoman.com> References: <cover.1662559557.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/24] sqlite: add CVE-2022-35737 patch to SRC_URI \| expand [kirkstone,01/24] sqlite: add CVE-2022-35737 patch to SRC_URI [kirkstone,02/24] curl: Backport patch for CVE-2022-35252 [kirkstone,03/24] binutils : CVE-2022-38533 [kirkstone,04/24] classes: cve-check: Get shared database lock [kirkstone,05/24] cve-check: close cursors as soon as possible [kirkstone,06/24] vim: Upgrade 9.0.0242 -> 9.0.0341 [kirkstone,07/24] libtasn1: upgrade 4.18.0 -> 4.19.0 [kirkstone,08/24] liburcu: upgrade 0.13.1 -> 0.13.2 [kirkstone,09/24] libwpe: upgrade 1.12.2 -> 1.12.3 [kirkstone,10/24] libatomic-ops: upgrade 7.6.12 -> 7.6.14 [kirkstone,11/24] lz4: upgrade 1.9.3 -> 1.9.4 [kirkstone,12/24] insane.bbclass: Skip patches not in oe-core by full path [kirkstone,13/24] maintainers: update opkg maintainer [kirkstone,14/24] apr: Cache configure tests which use AC_TRY_RUN [kirkstone,15/24] bitbake.conf: set BB_DEFAULT_UMASK using ??= [kirkstone,16/24] pseudo: Update to include recent upstream minor fixes [kirkstone,17/24] scripts/runqemu.README: fix typos and trailing whitespaces [kirkstone,18/24] meta: introduce UBOOT_MKIMAGE_KERNEL_TYPE [kirkstone,19/24] kernel-fitimage.bbclass: add padding algorithm property in config nodes [kirkstone,20/24] npm: replace 'npm pack' call by 'tar czf' [kirkstone,21/24] npm: return content of 'package.json' in 'npm_pack' [kirkstone,22/24] npm: take 'version' directly from 'package.json' [kirkstone,23/24] lib:npm_registry: initial checkin [kirkstone,24/24] npm: use npm_registry to cache package

Message ID

8a83fbca45a74c30265168767a716e1a272df89b.1662559557.git.steve@sakoman.com

State

Accepted, archived

Commit

8a83fbca45a74c30265168767a716e1a272df89b

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 20/24] npm: replace 'npm pack' call by 'tar czf'
Date: Wed,  7 Sep 2022 04:20:21 -1000
Message-Id: 
 <8a83fbca45a74c30265168767a716e1a272df89b.1662559557.git.steve@sakoman.com>
In-Reply-To: <cover.1662559557.git.steve@sakoman.com>
References: <cover.1662559557.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/24] sqlite: add CVE-2022-35737 patch to SRC_URI | expand

Commit Message

Steve Sakoman Sept. 7, 2022, 2:20 p.m. UTC

From: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>

'npm pack' is a maintainer tool which tries to execute 'prepare'
and similar scripts.  This fails usually in OE because it requires
completely installed 'node_modules'.

Earlier nodejs versions supported an undocumented 'ignore-scripts'
option.  This has been removed in nodejs 16.

We could patch 'package.json' and remove the unwanted scripts.  But
this might complicate local workflows (applying patches) and installed
packages will contain the modified 'package.json'.

Instead of, package it manually by 'tar czf'.  As a sideeffect,
'do_configure' is running much faster now.

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68b480d64ffb6750699cc8fa00d2ac0bc6a2e58a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/classes/npm.bbclass | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/meta/classes/npm.bbclass b/meta/classes/npm.bbclass
index ba50fcac20..91f8f36b0d 100644
--- a/meta/classes/npm.bbclass
+++ b/meta/classes/npm.bbclass
@@ -57,13 +57,36 @@  def npm_global_configs(d):
     configs.append(("cache", d.getVar("NPM_CACHE")))
     return configs
 
+## 'npm pack' runs 'prepare' and 'prepack' scripts. Support for
+## 'ignore-scripts' which prevents this behavior has been removed
+## from nodejs 16.  Use simple 'tar' instead of.
 def npm_pack(env, srcdir, workdir):
-    """Run 'npm pack' on a specified directory"""
-    import shlex
-    cmd = "npm pack %s" % shlex.quote(srcdir)
-    args = [("ignore-scripts", "true")]
-    tarball = env.run(cmd, args=args, workdir=workdir).strip("\n")
-    return os.path.join(workdir, tarball)
+    """Emulate 'npm pack' on a specified directory"""
+    import subprocess
+    import os
+    import json
+
+    src = os.path.join(srcdir, 'package.json')
+    with open(src) as f:
+        j = json.load(f)
+
+    # base does not really matter and is for documentation purposes
+    # only.  But the 'version' part must exist because other parts of
+    # the bbclass rely on it.
+    base = j['name'].split('/')[-1]
+    tarball = os.path.join(workdir, "%s-%s.tgz" % (base, j['version']));
+
+    # TODO: real 'npm pack' does not include directories while 'tar'
+    # does.  But this does not seem to matter...
+    subprocess.run(['tar', 'czf', tarball,
+                    '--exclude', './node-modules',
+                    '--exclude-vcs',
+                    '--transform', 's,^\./,package/,',
+                    '--mtime', '1985-10-26T08:15:00.000Z',
+                    '.'],
+                   check = True, cwd = srcdir)
+
+    return tarball
 
 python npm_do_configure() {
     """

[kirkstone,20/24] npm: replace 'npm pack' call by 'tar czf'

Commit Message

Patch