Community Packages

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#73268 - [nodejs] 17.3.0 is built with OpenSSL 1.1 and prevents binary packages from working

Attached to Project: Community Packages
Opened by Momtchil Momtchev (mmomtchev) - Wednesday, 05 January 2022, 18:35 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 19 January 2022, 06:00 GMT
Task Type Bug Report
Category Packages
Status Assigned   Reopened
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 0
Private No

Details

Description:

Node.js 17.3.0 as included in Archlinux is a Frankenstein version, built against a shared version of OpenSSL 1.1

Normally, Node.js 17 should use OpenSSL 3.0 included as a static library

Why is it such a big deal if it works?

Because binary (native in Node lingo) modules come with prebuilt binaries for each Node ABI. Those built for Node 17 are built against the included OpenSSL 3 and won't work on ArchLinux.


Steps to reproduce:

Try to install a prebuilt native module which uses OpenSSL - I am the author of gdal-async (npm i gdal-async) and if you run the network unit tests you will get an unresolved symbol - SSL_CTX_load_verify_file - which does not exist in 1.1

Generally, my advice is to not distribute binary Node versions which are built in a substantially different way than the Nodesource distribution which should probably be your baseline.

Or maybe ask the core developers for an advice on that matter.
This task depends upon

Comment by Momtchil Momtchev (mmomtchev) - Wednesday, 05 January 2022, 18:57 GMT
I have opened an issue in Node.js asking this question: https://github.com/nodejs/node/issues/41410
Comment by Momtchil Momtchev (mmomtchev) - Thursday, 06 January 2022, 12:42 GMT
Please, refer to https://github.com/nodejs/node/issues/41410#issuecomment-1006005145

If you want to continue building Node.js 17 with a shared version of OpenSSL 1.1.1m, you should request to be assigned an ABI identification number, so that native modules can identify this Node.js and eventually provide pre-built binaries for it.
Comment by Momtchil Momtchev (mmomtchev) - Tuesday, 11 January 2022, 13:23 GMT
Following the discussion in the Node.js issue, Node.js' core team position is that Node.js can be compiled with both OpenSSL 1.1 and OpenSSL 3.0 without breaking the ABI

Loading...