-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zlib: warn before crash on invalid internals usage #16657
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a good idea and it doesn’t really cost us anything
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A++
We should likely bundle this with the openssl patch.
Should we remove it after npm releases their next release?
I think it should stay, since the combination of |
@MylesBorins I have no idea when we should remove it, but no, there’s no rush – this won’t show up if you’re using a broken version. |
src/node_zlib.cc
Outdated
if (args.Length() == 5) { | ||
fprintf(stderr, | ||
"WARNING: You are likely using a version of node-tar or npm that " | ||
"uses the internals of Node.js in an invalid way.\nPlease use " |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Micro-nit (totally not blocking): s/uses the internals of Node.js in an invalid way/is incompatible with this version of Node.js/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I prefer the current wording because it gives more of a hint on why the error is occurring. That the versions are incompatible kind of follows from the rest of the message, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess I'm trying to avoid "uses the internals of Node.js in an invalid way" as it seems likely to be seen as throwing a bit of shade at npm. But I may be overthinking it.
Beyond that, my thinking was that the user needs to know the versions are incompatible, and why (or whose responsible for the situation) are secondary.
All that said, I'm fine with the current wording.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Trott yup, updated!
src/node_zlib.cc
Outdated
"uses the internals of Node.js in an invalid way.\nPlease use " | ||
"either the version of npm that is bundled with Node.js, or " | ||
"a version of npm (> 5.5.1 or < 5.4.0) or node-tar (> 4.0.1) " | ||
"that is compatible with Node 9 and above.\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: s/Node 9/Node.js 9/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yup, done!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My nits are not objections, just comments. Feel free ot ignore if you disagree with them or whatever.
Is this intended to be more-or-less permanent or something that gets removed in the foreseeable future? No objections either way. Just trying to be reasonably informed. |
@Trott I would expect this to be removed at some point, but that can probably be just about whenever. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but for my understanding, this is because tar/minizlib calls process.binding('zlib')
? It's graceful-fs all over!
I looked at minizlib/index.js and I can't for the life of me figure out why it does that. It should be able to get along just fine through the public API.
Yup. The reason is that they’re trying to avoid the overhead that comes with the streams API, which is reasonable but really something we should be providing from core. |
CI: https://ci.nodejs.org/job/node-test-commit/13692/ This should be ready. |
Landed in 0300565 |
PR-URL: #16657 Refs: #16649 Refs: #14161 Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Daijiro Wachi <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
PR-URL: #16657 Refs: #16649 Refs: #14161 Reviewed-By: Evan Lucas <[email protected]> Reviewed-By: Refael Ackermann <[email protected]> Reviewed-By: Myles Borins <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Daijiro Wachi <[email protected]> Reviewed-By: Joyee Cheung <[email protected]> Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
I've landed this on 9.x-staging to ensure it comes in the next release. |
@addaleax I've added dont-land-on labels for v6.x and v8.x as they are unaffected by the zlib refactor. please lmk if I am mistaken |
I realize this is a pretty unusual patch but it might make sense to do this given that a lot of people running into #16649 might not understand what is happening or how to fix it.
Refs: #16649
Refs: #14161
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
zlib