node-gyp assumes nodejs 8 is compiled against openssl 1.0, but it might not

[kapouer]

Hi,

the nodejs 8.11 debian (testing/sid) debian package is built against openssl 1.1.0.
When one compiles a module using directly the node-gyp debian package, it's all
right because headers are available where expected. In the module directory,
node-gyp rebuild succeeds.
When one compiles using manually installed npm 5.8.0 (and maybe olders), it pulls
its own node-gyp copy, which in turn gets nodejs headers for the installed version it
finds, but there node-gyp seems to install openssl 1.0 headers, making npm install
fail.
You can see that behavior with @kapouer/[email protected] which will fail
to compile using openssl 1.0 headers.

[kapouer]

@nodejs/delivery-channels might be interested by that kind of problem.

[kapouer]

{ http_parser: '2.8.1',
  node: '8.11.1',
  v8: '6.2.414.50',
  uv: '1.18.0',
  zlib: '1.2.8',
  ares: '1.14.0',
  modules: '57',
  nghttp2: '1.31.0',
  openssl: '1.1.0h',
  icu: '57.1',
  unicode: '8.0',
  cldr: '29.0',
  tz: '2016b' }

[bnoordhuis]

node-gyp gets the download URL from process.release.headersUrl. Override that with ./configure --release-urlbase=https://example.org/download/release/. The default ishttps://nodejs.org/download/release/.

[kapouer]

Good to know. I suppose it would be up to nodejs to bundle its headers / expose a path to them somehow.
Or would it be possible for node-gyp to accept a directory path for headersUrl (typically /usr/include/nodejs/ on debian) instead of an url-to-tarball ?

[bnoordhuis]

it would be up to nodejs to bundle its headers / expose a path to them somehow.

Not sure what you mean.

would it be possible for node-gyp to accept a directory path for headersUrl [..] instead of an url-to-tarball

I guess it could. If you want to look into that, you probably need a patch like this:

diff --git a/lib/configure.js b/lib/configure.js
index bc39302..44cc472 100644
--- a/lib/configure.js
+++ b/lib/configure.js
@@ -50,6 +50,10 @@ function configure (gyp, argv, callback) {
     // 'python' should be set by now
     process.env.PYTHON = python
 
+    if (RegExp('^file://').test(release.tarballUrl)) {
+      gyp.opts.nodedir = release.tarballUrl.slice('file://'.length)
+    }
+
     if (gyp.opts.nodedir) {
       // --nodedir was specified. use that for the dev files
       nodeDir = gyp.opts.nodedir.replace(/^~/, osenv.home())

[kapouer]

it would be up to nodejs to bundle its headers / expose a path to them somehow.
Not sure what you mean.

I meant: if nodejs bundled/installed its headers, then node-gyp would naturally have to use them instead of downloading them.

I'll try the patch. What's missing ? Tests ?

[bnoordhuis]

Yep, needs tests.

[rvagg]

This comes back to the detect-local-headers problem that's been lingering for a long time, node-gyp should first try and find them locally before downloading them, it'd solve many problems (probably introduce a few too!) but it needs someone to put in that work.

[rvagg]

Ref: #1247 is where we could track local-headers work