-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: add glibcCompiler and glibcRuntime to process.versions #41338
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
-1 For a couple of reasons:
- Just supporting glibc isn't very useful, especially within the original context of package installation. Adding support for other platforms makes things even more complicated (e.g. Windows). That is a lot to maintain in node core for little benefit IMO.
process.versions
is typically a static list of values, something where libc runtime information doesn't really fit in
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Co-authored-by: Anna Henningsen <github@addaleax.net>
@mscdex So what's your suggestions here, where can we put this information into? The installation size is a big problem and we don't want to avoid it by
But installation in the other platform doesn't have any problem. On For native addon packages, the only problem with distributing via |
why does this need to be added here if it's currently in |
@devsnek ok, I see, thanks for your explain! |
My suggestion is that this doesn't need to belong in node core and is solvable in userland. Additionally, the only real information you need here is the runtime libc information, not the compile-time libc information. Obtaining this information does not require anything from node core because it's a property of the entire OS and libraries like While solving the issue of avoiding the need for build environments to install addons is important, I don't think there are any other use cases for obtaining libc information.
I'm not talking about just the name of the libc runtime, even obtaining libc runtime versions and other information properly is not always straightforward (especially on Windows).
That seems like a design flaw with the packages in question that can easily be dealt with in userland. For example, I've recently created my own system for consuming prebuilt addons that downloads the appropriate binary on installation instead of including them in the module/package itself. This avoids the problem you're describing. |
I don't like
Moreover, if npm/rfcs#488 is landed, the
Now the situation is npm/rfcs#488 is killing the |
Technically
Only if you are installing packages you don't trust. Trusting scripts is no different than trusting the dependency code you'll be using at runtime.
Can you explain what you mean by this? A lock file would include the specific version of the module installed. If your addon loader/downloader is downloading version-specific binaries, there isn't an issue that I can see.
I think this is far from being a common scenario. Most addons come with some kind of JS-level API that interfaces with the binding and don't just merely export (or set as "main" in package.json) the binding directly, so the dependency is not "useless." Additionally, the dependency should still have a source-based fallback (whether the source is included in the package or not) if a suitable binary is not available, making the dependency even less "useless".
I don't see this as any different than the solution you proposed where you would conditionally install another separate package from npm's registry based on the system's libc runtime. In the particular case of my solution, it's downloading from github rather than npm.
Because it's the only sensible solution that's available. If scripts are disabled by default, then addon authors that utilize binaries will just have to amend their READMEs to include whatever relevant npm command line argument to re-enable scripts for the particular install. If npm ends up not providing such interfaces to re-enable (selectively or otherwise) scripts, or provide some appropriate alternative, then either people will have to resort to hacks like installing dependencies from binding.gyp for example or moving to an entirely different package manager that is more flexible. Anyway, this particular discussion is diverging from the subject of this PR and is probably better discussed elsewhere? My point still stands that detecting libc runtimes is better suited for userland for the reasons I stated previously. |
Oh good point! This already works today since Node.js 11: process.report.getReport().header.glibcVersionRuntime A better API would be exposing I'm not sure if Node.js currently detects musl though so that would need to be implemented 🤔 |
In Next.js [12.0.1]( https://packagephobia.com/result?p=next@12.0.1), musl support was added which caused linux to install both glibc and musl binaries. This PR adds the `install` script to prevent installing unused binaries, reducing the install size by 47MB. We originally thought this could be added to Node.js core and thus npm but [it was rejected](nodejs/node#41338). Note getReport() works on Node.js [`>=11.8.0`](https://nodejs.org/api/process.html#processreportgetreporterr) which is safe to use since Next.js requires [`"node": ">=12.22.0"`](https://github.com/vercel/next.js/blob/265f71e225ed18fcb099c28cf1b5c83519acc3b0/packages/next/package.json#L280).
In Next.js [12.0.1]( https://packagephobia.com/result?p=next@12.0.1), musl support was added which caused linux to install both glibc and musl binaries. This PR adds the `install` script to prevent installing unused binaries, reducing the install size by 47MB. We originally thought this could be added to Node.js core and thus npm but [it was rejected](nodejs/node#41338). Note getReport() works on Node.js [`>=11.8.0`](https://nodejs.org/api/process.html#processreportgetreporterr) which is safe to use since Next.js requires [`"node": ">=12.22.0"`](https://github.com/vercel/next.js/blob/265f71e225ed18fcb099c28cf1b5c83519acc3b0/packages/next/package.json#L280).
#39877 has been closed so I'll go ahead and close this out as well. Apropos detecting glibc at
@styfle musl (intentionally) has nothing to aid feature detection, its rationale being it "only implements standard functionality." |
You could make the same argument for "What If I rsync my project from macOS to Linux"? I don't think that scenario needs to be considered–its safe to say the platform you install and build on should also be the platform you run on. That being said, the purpose of this PR was not so much to get glibc/musl detection into Node.js core–it was to get it supported in npm. However, the npm team suggested supporting in core so that all package mangers could reuse the same logic (there is a proposal for complex installation distributions that would benefit from this npm/rfcs#519). Since both yarn and pnpm have implemented it in userland, it seems like npm could too without waiting for full blown distributions. Related comment: npm/rfcs#438 (comment) |
Issue
TODO