This commit introduces a new configuration flag named
--openssl-is-fips which is intended to be used when linking against
an OpenSSL library that is FIPS compatible.
The motivation for this is that Red Hat Enterprise Linux 8 (RHEL8)
comes with OpenSSL 1.1.1 and includes FIPS support, and we would
like to be able to dynamically link against this version and also have
FIPS features enabled in node, like would be done when statically
linking and using the --openssl-fips flag.
The suggestion here is to introduce a new flag:
$ ./configure --help
...
--openssl-is-fips specifies that the shared OpenSSL version is FIPS
compatible
This flag could be used in combination with the shared-openssl flag:
$ ./configure --shared-openssl ---openssl-is-fips
This will enable FIPS support in node and the runtime flags will be
availalbe to enable FIPS (--enable-fips, --force-fips).
PR-URL: https://github.com/nodejs/node/pull/25412
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
llhttp is modern, written in human-readable TypeScript, verifiable, and
is very easy to maintain.
See: https://github.com/indutny/llhttp
PR-URL: https://github.com/nodejs/node/pull/24059
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
* Make inspector.gypi and v8_external_snapshot.gypi includible targets.
* Make `v8_dump_build_config` an action
* Better separate `js2c` and `natives_blob`
* process action outputs as sources
* trigger v8.gyp:postmortem-metadata from v8.gyp
PR-URL: https://github.com/nodejs/node/pull/23182
Refs: https://github.com/nodejs/node/pull/23156
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Run `node_js2c` and `mkssldef` as actions and not as targets makes sure
they are run only once, just before processing the rest of `node_lib`.
This helps `make` based dependency change detection be more accurate.
Add comments with tagrget names for readability.
Use `process_outputs_as_sources` for automatic inclution of outputs.
PR-URL: https://github.com/nodejs/node/pull/23156
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Remove `--debug-http2` as a compile-time feature and
make all debug statements available using `NODE_DEBUG_NATIVE=http2`
at runtime.
This probably makes the debugging-enabled case a bit slower due to
additional string concatenations, but switching to a runtime-checking
system makes debugging more flexible and can be applied more easily
to other parts of the source code as well.
PR-URL: https://github.com/nodejs/node/pull/20987
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
These flags could make some sections and the GOT entries of node
process read only to avoid being modified after dynamic linking is
done, thus the security could be enhanced.
Fixes: https://github.com/nodejs/node/issues/20122
PR-URL: https://github.com/nodejs/node/pull/20513
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Even if we only use v8_monolith build target, other targets
in v8.gyp with possibly outdated file lists are parsed and
could cause build to fail even with --build-v8-with-gn.
PR-URL: https://github.com/nodejs/node/pull/19201
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
For shared lib build, we leave the signal handling for embedding users.
In these two test cases:
- `parallel/test-process-external-stdio-close-spawn`
- `parallel/test-process-external-stdio-close`
The pipe is used for stdout and is destroied before child process uses
it for logging. So the node executble that uses shared lib build
receives SIGPIPE and the child process ends.
This change ignores the SIGPIPE in node_main.cc for shared lib case.
Refs: https://github.com/nodejs/node/issues/18535
Signed-off-by: Yihong Wang <yh.wang@ibm.com>
PR-URL: https://github.com/nodejs/node/pull/19211
Refs: https://github.com/nodejs/node/issues/18535
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Add libuv and zlib into node executable and shared lib. Also fix an
issue that openssl is not fully included in node executable for macOS.
Signed-off-by: Yihong Wang <yh.wang@ibm.com>
Fixes: https://github.com/nodejs/node/issues/17444
PR-URL: https://github.com/nodejs/node/pull/18383
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
After adding the node_lib target in node.gyp, most of the node source
files are moved to that target. When coverage option is enabled,
corresponding cflags and ldflags are needed in that target as well.
gcovr also needs to check .gcda data for both node and node_lib.
PR-URL: https://github.com/nodejs/node/pull/18409
Fixes: https://github.com/nodejs/node/issues/18402
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
I mistakenly introduced user defined variables using uppercase
characters, reading the gyp documentation they state:
"Predefined variables. By convention, these are named with
CAPITAL_LETTERS. Predefined variables are set automatically by GYP"
and also "By convention, user-defined variables are named with
lowercase_letters."
This commit renames the user defined variables to lowercase to follow
the above mentioned convention.
PR-URL: https://github.com/nodejs/node/pull/16238
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Refine the static and shared lib build process in order
to integrate static and shared lib verfication into CI.
When building both static and shared lib, we still build
node executable now and it uses the shared and static lib.
Signed-off-by: Yihong Wang <yh.wang@ibm.com>
Fixes: https://github.com/nodejs/node/issues/14158
PR-URL: https://github.com/nodejs/node/pull/17604
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
The version of nghttp2 in deps/ does not build on CloudABI, even though
the official version does. Though this is an issue on its own that needs
to be resolved, it is currently a bit hard to work around this. There is
no switch to link against an external version of nghttp2, even though we
do provide this option for other libraries.
This change adds configure flags, similar to the ones we have for
OpenSSL, zlib, http_parser, libuv, etc. and makes the dependency on
deps/nghttp2 optional.
PR-URL: https://github.com/nodejs/node/pull/16788
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Refael Ackermann <refack@gmail.com>
The motivation for this commit is to enable projects embedding Node.js
and building with --enable-static to be able to run the test suite and
linter.
Currently when building with --enable-static no node executable
will be created which means that the tests (apart from the cctest) and
linter cannot be run.
This is currently a work in progress and works on MacOS but I need to
run the CI, and manually on different environments to verify that it
works as expected.
PR-URL: https://github.com/nodejs/node/pull/14986
Refs: https://github.com/nodejs/node/issues/14158
Refs: https://github.com/nodejs/node/pull/14892
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Currently the cctest target compiles sources files even though they are
compiled for the node target. This is my fault as when I worked on the
task of getting the cctest to use the object files from the node target
I missed a few sources that were being included from node.gypi. This
also effects the build time as these sources are compiled twice.
This commit moves the conditions in question into the node target in
node.gyp. With this commit there should be no object files in
out/Release/obj.target/cctest/src/ (the path will vary depending on the
operating system being used).
PR-URL:https://github.com/nodejs/node/pull/16887
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
cctest has `so.59` extension when building node shared library in linux.
The appending is defined in node.gypi and the cctest target in node.gyp
includes node.gypi. Moving the appending from node.gypi to node target
in node.gyp fixes the issue.
Signed-off-by: Yihong Wang <yh.wang@ibm.com>
PR-URL: https://github.com/nodejs/node/pull/16680
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
macOS requires passing the --coverage flag in OTHER_LDFLAGS and
OTHER_CFLAGS in xcode_settings.
PR-URL: https://github.com/nodejs/node/pull/16163
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Khaidi Chu <i@2333.moe>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/16056
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
At long last: The initial *experimental* implementation of HTTP/2.
This is an accumulation of the work that has been done in the nodejs/http2
repository, squashed down to a couple of commits. The original commit
history has been preserved in the nodejs/http2 repository.
This PR introduces the nghttp2 C library as a new dependency. This library
provides the majority of the HTTP/2 protocol implementation, with the rest
of the code here providing the mapping of the library into a usable JS API.
Within src, a handful of new node_http2_*.c and node_http2_*.h files are
introduced. These provide the internal mechanisms that interface with nghttp
and define the `process.binding('http2')` interface.
The JS API is defined within `internal/http2/*.js`.
There are two APIs provided: Core and Compat.
The Core API is HTTP/2 specific and is designed to be as minimal and as
efficient as possible.
The Compat API is intended to be as close to the existing HTTP/1 API as
possible, with some exceptions.
Tests, documentation and initial benchmarks are included.
The `http2` module is gated by a new `--expose-http2` command line flag.
When used, `require('http2')` will be exposed to users. Note that there
is an existing `http2` module on npm that would be impacted by the introduction
of this module, which is the main reason for gating this behind a flag.
When using `require('http2')` the first time, a process warning will be
emitted indicating that an experimental feature is being used.
To run the benchmarks, the `h2load` tool (part of the nghttp project) is
required: `./node benchmarks/http2/simple.js benchmarker=h2load`. Only
two benchmarks are currently available.
Additional configuration options to enable verbose debugging are provided:
```
$ ./configure --debug-http2 --debug-nghttp2
$ NODE_DEBUG=http2 ./node
```
The `--debug-http2` configuration option enables verbose debug statements
from the `src/node_http2_*` files. The `--debug-nghttp2` enables the nghttp
library's own verbose debug output. The `NODE_DEBUG=http2` enables JS-level
debug output.
The following illustrates as simple HTTP/2 server and client interaction:
(The HTTP/2 client and server support both plain text and TLS connections)
```jt client = http2.connect('http://localhost:80');
const req = client.request({ ':path': '/some/path' });
req.on('data', (chunk) => { /* do something with the data */ });
req.on('end', () => {
client.destroy();
});
// Plain text (non-TLS server)
const server = http2.createServer();
server.on('stream', (stream, requestHeaders) => {
stream.respond({ ':status': 200 });
stream.write('hello ');
stream.end('world');
});
server.listen(80);
```
```js
const http2 = require('http2');
const client = http2.connect('http://localhost');
```
Author: Anna Henningsen <anna@addaleax.net>
Author: Colin Ihrig <cjihrig@gmail.com>
Author: Daniel Bevenius <daniel.bevenius@gmail.com>
Author: James M Snell <jasnell@gmail.com>
Author: Jun Mukai
Author: Kelvin Jin
Author: Matteo Collina <matteo.collina@gmail.com>
Author: Robert Kowalski <rok@kowalski.gd>
Author: Santiago Gimeno <santiago.gimeno@gmail.com>
Author: Sebastiaan Deckers <sebdeckers83@gmail.com>
Author: Yosuke Furukawa <yosuke.furukawa@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/14239
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
The `cflags` for `--coverage` included `-O0` so far, but that was
overridden by a later `-O3`. Resolve that by adding
`'cflags!': [ '-O3' ]` and increase coverage accuracy.
Ref: https://coverage.nodejs.org/
PR-URL: https://github.com/nodejs/node/pull/12406
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit tries to make it simpler to add unit tests (cctest) for
code that needs to test node core funtionality but that might not be
appropriate as an addon or a JavaScript test. An example of this could
be adding functionality targeted for situations when Node itself is
embedded.
Currently it was not as easy, or efficient, as one would have hoped to
add such tests. The object output directories vary for different
operating systems which we need to link to so that we don't have an
additional compilation step.
PR-URL: https://github.com/nodejs/node/pull/11956
Ref: https://github.com/nodejs/node/pull/9163
Reviewed-By: James M Snell <jasnell@gmail.com>