Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --cafile command line option. #837

Merged
merged 2 commits into from
Dec 10, 2015
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 70 additions & 47 deletions lib/install.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@

module.exports = exports = install

module.exports.test = { download: download, readCAFile: readCAFile }

exports.usage = 'Install node development files for the specified node version.'

/**
Expand Down Expand Up @@ -110,45 +112,6 @@ function install (gyp, argv, callback) {
go()
}

function download (url) {
log.http('GET', url)

var req = null
var requestOpts = {
uri: url
, headers: {
'User-Agent': 'node-gyp v' + gyp.version + ' (node ' + process.version + ')'
}
}

// basic support for a proxy server
var proxyUrl = gyp.opts.proxy
|| process.env.http_proxy
|| process.env.HTTP_PROXY
|| process.env.npm_config_proxy
if (proxyUrl) {
if (/^https?:\/\//i.test(proxyUrl)) {
log.verbose('download', 'using proxy url: "%s"', proxyUrl)
requestOpts.proxy = proxyUrl
} else {
log.warn('download', 'ignoring invalid "proxy" config setting: "%s"', proxyUrl)
}
}
try {
// The "request" constructor can throw sometimes apparently :(
// See: https://github.com/nodejs/node-gyp/issues/114
req = request(requestOpts)
} catch (e) {
cb(e)
}
if (req) {
req.on('response', function (res) {
log.http(res.statusCode, url)
})
}
return req
}

function getContentSha(res, callback) {
var shasum = crypto.createHash('sha256')
res.on('data', function (chunk) {
Expand Down Expand Up @@ -218,8 +181,11 @@ function install (gyp, argv, callback) {
return
}

var req = download(release.tarballUrl)
if (!req) return
try {
var req = download(gyp, process.env, release.tarballUrl)
} catch (e) {
return cb(e)
}

// something went wrong downloading the tarball?
req.on('error', function (err) {
Expand Down Expand Up @@ -311,8 +277,12 @@ function install (gyp, argv, callback) {
var shasumsPath = path.resolve(devDir, 'SHASUMS256.txt')

log.verbose('checksum url', release.shasumsUrl)
var req = download(release.shasumsUrl)
if (!req) return
try {
var req = download(gyp, process.env, release.shasumsUrl)
} catch (e) {
return cb(e)
}

req.on('error', done)
req.on('response', function (res) {
if (res.statusCode !== 200) {
Expand Down Expand Up @@ -358,8 +328,12 @@ function install (gyp, argv, callback) {
if (err) return done(err)
log.verbose('streaming 32-bit ' + release.name + '.lib to:', libPath32)

var req = download(release.libUrl32)
if (!req) return
try {
var req = download(gyp, process.env, release.libUrl32, cb)
} catch (e) {
return cb(e)
}

req.on('error', done)
req.on('response', function (res) {
if (res.statusCode !== 200) {
Expand All @@ -384,8 +358,12 @@ function install (gyp, argv, callback) {
if (err) return done(err)
log.verbose('streaming 64-bit ' + release.name + '.lib to:', libPath64)

var req = download(release.libUrl64)
if (!req) return
try {
var req = download(gyp, process.env, release.libUrl64, cb)
} catch (e) {
return cb(e)
}

req.on('error', done)
req.on('response', function (res) {
if (res.statusCode !== 200) {
Expand Down Expand Up @@ -444,3 +422,48 @@ function install (gyp, argv, callback) {
}

}

function download (gyp, env, url) {
log.http('GET', url)

var requestOpts = {
uri: url
, headers: {
'User-Agent': 'node-gyp v' + gyp.version + ' (node ' + process.version + ')'
}
}

var cafile = gyp.opts.cafile
if (cafile) {
requestOpts.ca = readCAFile(cafile)
}

// basic support for a proxy server
var proxyUrl = gyp.opts.proxy
|| env.http_proxy
|| env.HTTP_PROXY
|| env.npm_config_proxy
if (proxyUrl) {
if (/^https?:\/\//i.test(proxyUrl)) {
log.verbose('download', 'using proxy url: "%s"', proxyUrl)
requestOpts.proxy = proxyUrl
} else {
log.warn('download', 'ignoring invalid "proxy" config setting: "%s"', proxyUrl)
}
}

var req = request(requestOpts)
req.on('response', function (res) {
log.http(res.statusCode, url)
})

return req
}

function readCAFile (filename) {
// The CA file can contain multiple certificates so split on certificate
// boundaries. [\S\s]*? is used to match everything including newlines.
var ca = fs.readFileSync(filename, 'utf8')
var re = /(-----BEGIN CERTIFICATE-----[\S\s]*?-----END CERTIFICATE-----)/g
return ca.match(re)
}
1 change: 1 addition & 0 deletions lib/node-gyp.js
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ proto.package = require('../package')
proto.configDefs = {
help: Boolean // everywhere
, arch: String // 'configure'
, cafile: String // 'install'
, debug: Boolean // 'build'
, directory: String // bin
, make: String // 'build'
Expand Down
40 changes: 40 additions & 0 deletions test/fixtures/ca-bundle.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
-----BEGIN CERTIFICATE-----
MIIDJjCCAg4CAhnOMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZMBcGA1UECgwQU3Ryb25n
TG9vcCwgSW5jLjESMBAGA1UECwwJU3Ryb25nT3BzMRowGAYDVQQDDBFjYS5zdHJv
bmdsb29wLmNvbTAeFw0xNTEyMDgyMzM1MzNaFw00MzA0MjQyMzM1MzNaMBkxFzAV
BgNVBAMMDnN0cm9uZ2xvb3AuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwOYI7OZ2FX/YjRgLZoDQlbPc5UZXU/j0e1wwiJNPtPEax9Y5Uoza0Pnt
Ikzkc2SfvQ+IJrhXo385tI0W5juuqbHnE7UrjUuPjUX6NHevkxcs/flmjan5wnZM
cPsGhH71WDuUEEflvZihf2Se2x+xgZtMhc5XGmVmRuZFYKvkgUhA2/w8/QrK+jPT
n9QRJxZjWNh2RBdC1B7u4jffSmOSUljYFH1I2eTeY+Rdi6YUIYSU9gEoZxsv3Tia
SomfMF5jt2Mouo6MzA+IhLvvFjcrcph1Qxgi9RkfdCMMd+Ipm9YWELkyG1bDRpQy
0iyHD4gvVsAqz1Y2KdRSdc3Kt+nTqwIDAQABoxkwFzAVBgNVHREEDjAMhwQAAAAA
hwR/AAABMA0GCSqGSIb3DQEBBQUAA4IBAQAhy4J0hML3NgmDRHdL5/iTucBe22Mf
jJjg2aifD1S187dHm+Il4qZNO2plWwAhN0h704f+8wpsaALxUvBIu6nvlvcMP5PH
jGN5JLe2Km3UaPvYOQU2SgacLilu+uBcIo2JSHLV6O7ziqUj5Gior6YxDLCtEZie
Ea8aX5/YjuACtEMJ1JjRqjgkM66XAoUe0E8onOK3FgTIO3tGoTJwRp0zS50pFuP0
PsZtT04ck6mmXEXXknNoAyBCvPypfms9OHqcUIW9fiQnrGbS/Ri4QSQYj0DtFk/1
na4fY1gf3zTHxH8259b/TOOaPfTnCEsOQtjUrWNR4xhmVZ+HJy4yytUW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDbzCCAlcCAmm6MA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZMBcGA1UECgwQU3Ryb25n
TG9vcCwgSW5jLjESMBAGA1UECwwJU3Ryb25nT3BzMRowGAYDVQQDDBFjYS5zdHJv
bmdsb29wLmNvbTAeFw0xNTEyMDgyMzM1MzNaFw00MzA0MjQyMzM1MzNaMH0xCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZ
MBcGA1UECgwQU3Ryb25nTG9vcCwgSW5jLjESMBAGA1UECwwJU3Ryb25nT3BzMRow
GAYDVQQDDBFjYS5zdHJvbmdsb29wLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANfj86jkvvYDjHBgiqWhk9Cj+bqiMq3MqnV0CBO4iuK33Fo6XssE
H+yVdXlIBFbFe6t655MdBVOR2Sfj7WqNh96vhu6PyDHiwcQlTaiLU6nhIed1J4Wv
lvnJHFmp8Wbtx5AgLT4UYu03ftvXEl2DLi3vhSL2tRM1ebXHB/KPbRWkb25DPX0P
foOHot3f2dgNe2x6kponf7E/QDmAu3s7Nlkfh+ryDhgGU7wocXEhXbprNqRqOGNo
xbXgUI+/9XDxYT/7Gn5LF/fPjtN+aB0SKMnTsDhprVlZie83mlqJ46fOOrR+vrsQ
mi/1m/TadrARtZoIExC/cQRdVM05EK4tUa8CAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAQ7k5WhyhDTIGYCNzRnrMHWSzGqa1y4tJMW06wafJNRqTm1cthq1ibc6Hfq5a
K10K0qMcgauRTfQ1MWrVCTW/KnJ1vkhiTOH+RvxapGn84gSaRmV6KZen0+gMsgae
KEGe/3Hn+PmDVV+PTamHgPACfpTww38WHIe/7Ce9gHfG7MZ8cKHNZhDy0IAYPln+
YRwMLd7JNQffHAbWb2CE1mcea4H/12U8JZW5tHCF6y9V+7IuDzqwIrLKcW3lG17n
VUG6ODF/Ryqn3V5X+TL91YyXi6c34y34IpC7MQDV/67U7+5Bp5CfeDPWW2wVSrW+
uGZtfEvhbNm6m2i4UNmpCXxUZQ==
-----END CERTIFICATE-----
21 changes: 21 additions & 0 deletions test/fixtures/ca.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDbzCCAlcCAmm6MA0GCSqGSIb3DQEBCwUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZMBcGA1UECgwQU3Ryb25n
TG9vcCwgSW5jLjESMBAGA1UECwwJU3Ryb25nT3BzMRowGAYDVQQDDBFjYS5zdHJv
bmdsb29wLmNvbTAeFw0xNTEyMDgyMzM1MzNaFw00MzA0MjQyMzM1MzNaMH0xCzAJ
BgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZ
MBcGA1UECgwQU3Ryb25nTG9vcCwgSW5jLjESMBAGA1UECwwJU3Ryb25nT3BzMRow
GAYDVQQDDBFjYS5zdHJvbmdsb29wLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANfj86jkvvYDjHBgiqWhk9Cj+bqiMq3MqnV0CBO4iuK33Fo6XssE
H+yVdXlIBFbFe6t655MdBVOR2Sfj7WqNh96vhu6PyDHiwcQlTaiLU6nhIed1J4Wv
lvnJHFmp8Wbtx5AgLT4UYu03ftvXEl2DLi3vhSL2tRM1ebXHB/KPbRWkb25DPX0P
foOHot3f2dgNe2x6kponf7E/QDmAu3s7Nlkfh+ryDhgGU7wocXEhXbprNqRqOGNo
xbXgUI+/9XDxYT/7Gn5LF/fPjtN+aB0SKMnTsDhprVlZie83mlqJ46fOOrR+vrsQ
mi/1m/TadrARtZoIExC/cQRdVM05EK4tUa8CAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAQ7k5WhyhDTIGYCNzRnrMHWSzGqa1y4tJMW06wafJNRqTm1cthq1ibc6Hfq5a
K10K0qMcgauRTfQ1MWrVCTW/KnJ1vkhiTOH+RvxapGn84gSaRmV6KZen0+gMsgae
KEGe/3Hn+PmDVV+PTamHgPACfpTww38WHIe/7Ce9gHfG7MZ8cKHNZhDy0IAYPln+
YRwMLd7JNQffHAbWb2CE1mcea4H/12U8JZW5tHCF6y9V+7IuDzqwIrLKcW3lG17n
VUG6ODF/Ryqn3V5X+TL91YyXi6c34y34IpC7MQDV/67U7+5Bp5CfeDPWW2wVSrW+
uGZtfEvhbNm6m2i4UNmpCXxUZQ==
-----END CERTIFICATE-----
19 changes: 19 additions & 0 deletions test/fixtures/server.crt
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDJjCCAg4CAhnOMA0GCSqGSIb3DQEBBQUAMH0xCzAJBgNVBAYTAlVTMQswCQYD
VQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEZMBcGA1UECgwQU3Ryb25n
TG9vcCwgSW5jLjESMBAGA1UECwwJU3Ryb25nT3BzMRowGAYDVQQDDBFjYS5zdHJv
bmdsb29wLmNvbTAeFw0xNTEyMDgyMzM1MzNaFw00MzA0MjQyMzM1MzNaMBkxFzAV
BgNVBAMMDnN0cm9uZ2xvb3AuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwOYI7OZ2FX/YjRgLZoDQlbPc5UZXU/j0e1wwiJNPtPEax9Y5Uoza0Pnt
Ikzkc2SfvQ+IJrhXo385tI0W5juuqbHnE7UrjUuPjUX6NHevkxcs/flmjan5wnZM
cPsGhH71WDuUEEflvZihf2Se2x+xgZtMhc5XGmVmRuZFYKvkgUhA2/w8/QrK+jPT
n9QRJxZjWNh2RBdC1B7u4jffSmOSUljYFH1I2eTeY+Rdi6YUIYSU9gEoZxsv3Tia
SomfMF5jt2Mouo6MzA+IhLvvFjcrcph1Qxgi9RkfdCMMd+Ipm9YWELkyG1bDRpQy
0iyHD4gvVsAqz1Y2KdRSdc3Kt+nTqwIDAQABoxkwFzAVBgNVHREEDjAMhwQAAAAA
hwR/AAABMA0GCSqGSIb3DQEBBQUAA4IBAQAhy4J0hML3NgmDRHdL5/iTucBe22Mf
jJjg2aifD1S187dHm+Il4qZNO2plWwAhN0h704f+8wpsaALxUvBIu6nvlvcMP5PH
jGN5JLe2Km3UaPvYOQU2SgacLilu+uBcIo2JSHLV6O7ziqUj5Gior6YxDLCtEZie
Ea8aX5/YjuACtEMJ1JjRqjgkM66XAoUe0E8onOK3FgTIO3tGoTJwRp0zS50pFuP0
PsZtT04ck6mmXEXXknNoAyBCvPypfms9OHqcUIW9fiQnrGbS/Ri4QSQYj0DtFk/1
na4fY1gf3zTHxH8259b/TOOaPfTnCEsOQtjUrWNR4xhmVZ+HJy4yytUW
-----END CERTIFICATE-----
28 changes: 28 additions & 0 deletions test/fixtures/server.key
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDA5gjs5nYVf9iN
GAtmgNCVs9zlRldT+PR7XDCIk0+08RrH1jlSjNrQ+e0iTORzZJ+9D4gmuFejfzm0
jRbmO66psecTtSuNS4+NRfo0d6+TFyz9+WaNqfnCdkxw+waEfvVYO5QQR+W9mKF/
ZJ7bH7GBm0yFzlcaZWZG5kVgq+SBSEDb/Dz9Csr6M9Of1BEnFmNY2HZEF0LUHu7i
N99KY5JSWNgUfUjZ5N5j5F2LphQhhJT2AShnGy/dOJpKiZ8wXmO3Yyi6jozMD4iE
u+8WNytymHVDGCL1GR90Iwx34imb1hYQuTIbVsNGlDLSLIcPiC9WwCrPVjYp1FJ1
zcq36dOrAgMBAAECggEACg60Xm2xsHNG/ixHw+NpfLSxCr89JGKxlJD88tIDcOK1
S8AOoxA3BHhTddteeenALmJV7fbkkuC6SICmtgBcnfppmuxyRd6vsGT6o6ut2tR1
gxRy1WYMYKg8WhOshlH8RspscODeyKDhorvDUJd5cNGBDuTwQ68PwxiUe3La6iac
EVQoKohg9EmRIhMF1i8I00zXE8p3XENrlTc491ipc+gLPIP5vtqHyQztEUkZHkWd
dXbs+n1hGCr+4FxrphGYEW80HINzmume7dGChr8nvF4ZZcuWW13DJuNim6pQno1i
hM8VdXm8XphLh0XEGI5OCfu/CetkBILZRXKltZk6AQKBgQDoBqJzRlp7regYNU4q
usfS+43tPNaJ0o4DIzcLawqpmK/B/cZStzHl14Sm62BVkKV6cnWAJPeLkENPMFoV
7Q7wLZBJxpPzqXkpeiDkKN4Wovca891Rffne5Sz6IDB5mOxMjfKIEPd5RkmB5Lkp
qQLwm3YJ2AJcLagG/Gi1DFDRAQKBgQDU1G9T43Mjke6TXG0u7gCSb+VwyDRsrvJA
u2vy6+MANRc1EEF31YLmTKOU5XxUmhtIu7TUbgPoNi0HuRFXx4Zul3BPlAosLMJv
kNQbA/9d0YQAfSgTsploN5CX65dLZ4ejIzVgDZREzpIBWTze6YZTA2DT5iOIet84
DD5DujY4qwKBgG0PuUo/9oYOD3tZiv1wwD5+uY6auykbTF9TLStzzBY9y9d+hrsY
mx6zOAoRtz1g+TdeF7b9KVJzo//T9XQ68nuYnyreaWrt7SK+4jj8sK+pOEd1+0Cz
20CXLpX/jWmKpP+y9R5aA0kA7cpdjV90rwoTuN8Vpr5XQ5TNDhaTzGUBAoGABYig
fGXlkH8y3NICZL37ddNC+/O4qTrDQbudyusnM9ItkEuj6CG9DY/gkPaGjQyUuQdo
ZD2YDGmcMh81vDqL3ERDv03yFcP0KkJxwWIRObdA32JhsGFsa7FGKS0O+f7vH+bC
dITl3gQg97gCRSl9PJtR4TCSq/HF7Acld01YK5ECgYEAwLFB5JIuxrowJe74cCMP
n5Rwuc8vWdOsg+ytvQTv0/hVCdzcaLet6YvagnWTWaU7PUwTFxZs/mLQ9CAWVutK
IRzs/GWxGFjH5xotDaJdDDzSdQye4tUqvUVxv7zzzsVycCPBYFkyRQ8Tmr5FLtUJ
Cl48TZ6J8Rx5avjdtOw3QC8=
-----END PRIVATE KEY-----
102 changes: 102 additions & 0 deletions test/test-download.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
'use strict'

var fs = require('fs')
var http = require('http')
var https = require('https')
var test = require('tape')
var install = require('../lib/install')

test('download over http', function (t) {
t.plan(2)

var server = http.createServer(function (req, res) {
t.strictEqual(req.headers['user-agent'],
'node-gyp v42 (node ' + process.version + ')')
res.end('ok')
server.close()
})

var host = '127.0.0.1'
server.listen(0, host, function () {
var port = this.address().port
var gyp = {
opts: {},
version: '42',
}
var url = 'http://' + host + ':' + port
var req = install.test.download(gyp, {}, url)
req.on('response', function (res) {
var body = ''
res.setEncoding('utf8')
res.on('data', function(data) {
body += data
})
res.on('end', function() {
t.strictEqual(body, 'ok')
})
})
})
})

test('download over https with custom ca', function (t) {
t.plan(3)

var cert = fs.readFileSync(__dirname + '/fixtures/server.crt', 'utf8')
var key = fs.readFileSync(__dirname + '/fixtures/server.key', 'utf8')

var cafile = __dirname + '/fixtures/ca.crt'
var ca = install.test.readCAFile(cafile)
t.strictEqual(ca.length, 1)

var options = { ca: ca, cert: cert, key: key }
var server = https.createServer(options, function (req, res) {
t.strictEqual(req.headers['user-agent'],
'node-gyp v42 (node ' + process.version + ')')
res.end('ok')
server.close()
})

server.on('clientError', function (err) {
throw err
})

var host = '127.0.0.1'
server.listen(8000, host, function () {
var port = this.address().port
var gyp = {
opts: { cafile: cafile },
version: '42',
}
var url = 'https://' + host + ':' + port
var req = install.test.download(gyp, {}, url)
req.on('response', function (res) {
var body = ''
res.setEncoding('utf8')
res.on('data', function(data) {
body += data
})
res.on('end', function() {
t.strictEqual(body, 'ok')
})
})
})
})

test('download with missing cafile', function (t) {
t.plan(1)
var gyp = {
opts: { cafile: 'no.such.file' },
}
try {
install.test.download(gyp, {}, 'http://bad/')
} catch (e) {
t.ok(/no.such.file/.test(e.message))
}
})

test('check certificate splitting', function (t) {
var cas = install.test.readCAFile(__dirname + '/fixtures/ca-bundle.crt')
t.plan(2)
t.strictEqual(cas.length, 2)
t.notStrictEqual(cas[0], cas[1])
})