added NodeJS 0.11.15 as devel

[imrefazekas]

No description provided.

[DomT4]

shudders #31538 (comment)

[MikeMcQuaid]

@DomT4 Is the OpenSSL stuff still an issue? Can you elaborate a bit there? Thanks!

[DomT4]

@MikeMcQuaid It's still an issue in the sense that Node isn't very reactive to OpenSSL flaws and bending their slow release schedule to fit that. The last three devel releases have been on 2 May 2014, 25 Sep 2014 and 20 Jan 2015.

2 May 2014 Release - 25 Sept Release:

• 5th of June: 7 OpenSSL vulns announced
• 6th of August: 9 OpenSSL vulns announced.
• 25th of Sept: New Node-devel version lands with OpenSSL update.

25th Sept 2014 - 20 Jan 2015 Release:

• 15th October: 4 OpenSSL vulns announced, including POODLE, which remained unpatched in devel until this release. I've raised this issue with upstream here before, as have others. Upstream actually fixed the POODLE vuln 3 months ago but no new release was cut.
• 8th Jan 2015: 4 OpenSSL vulns announced.
• 20 Jan 2015: New Node-devel version lands with OpenSSL update.

Opening up the new Node devel tarball the internal OpenSSL is still on 1.0.1j, which means the 8th Jan vulns are still unfixed in the Node release. This is confirmed by the README in Node's git.

The stable branch consistently gets OpenSSL updates much quicker than the devel branch, and I don't really want to get stuck in a position again where we're shipping a known vulnerable OpenSSL inside Node.

I appreciate I'm more tetchy and precious about this than almost anyone else, heh, so I won't dump my bus on devel going back in, but I do loosely dump an objection on record that Node continues to lose pace against SSL releases, and I'd probably personally consider writing in at least an optional dependency on a Homebrew-shipped OpenSSL (Although for this purpose, it'd probably be worth creating an OpenSSL101 in Homebrew/Versions).

[MikeMcQuaid]

I appreciate I'm more tetchy and precious about this than almost anyone else, heh, so I won't dump my bus on devel going back in, but I do loosely dump an objection on record that Node continues to lose pace against SSL releases, and I'd probably personally consider writing in at least an optional dependency on a Homebrew-shipped OpenSSL

This seems like a happy middle-ground. Does Node just pick it up if we add a depends_on "openssl" or is there other stuff we need to do too?

[DomT4]

Does Node just pick it up if we add a depends_on "openssl" or is there other stuff we need to do too?

Needs to be fed an arg. Something like --with-shared-openssl=dir I believe, but I'll check in a bit.

[DomT4]

SSL link here please. It doesn't auto-redirect.

[DomT4]

I don't want to steal your PR, so this is what needs to be done IMO. Maintainers can agree/disagree as desired:

• devel needs to have the icu4c element that HEAD does. It might be better being optional in devel.
• the no-ssl2 and no-ssl3 elements need extending to devel in addition to stable.

Something like:

  devel do
    url "https://nodejs.org/dist/v0.11.15/node-v0.11.15.tar.gz"
    sha256 "e613d274baa4c99a0518038192491433f7877493a66d8505af263f6310991d01"

    depends_on "pkg-config" => :build
    depends_on "icu4c" => :optional
    depends_on "openssl" => :optional
  end

    if !build.stable?
      ENV.prepend_path "PKG_CONFIG_PATH", "#{Formula["icu4c"].opt_prefix}/lib/pkgconfig"
      args << "--with-intl=system-icu"
    end

args << "--without-ssl2" << "--without-ssl3" if build.stable? || build.devel? && build.without? "openssl"

• OpenSSL as an option. Something like:

args << "--shared-openssl=#{Formula["openssl"].opt_prefix}" if build.devel? && build.with? "openssl"

I'm literally bashing this code off the top of my head, and it's quite a tired weary head so please check it beforehand, but that's roughly the devel "enhancements".

[imrefazekas]

Tried to add the changes you proposed (had to alter a little bit for correct syntax), but I stopped that icu4c installation. The moment I add that as a dependency, the install fails. (Even with the head option as well).

  devel do
    url "https://nodejs.org/dist/v0.11.15/node-v0.11.15.tar.gz"
    sha256 "e613d274baa4c99a0518038192491433f7877493a66d8505af263f6310991d01"

    depends_on "pkg-config" => :build
    depends_on "icu4c" => :optional
    depends_on "openssl" => :optional
      end

Result is:

    to the PKG_CONFIG_PATH environment variable
    No package 'icu-i18n' found
    creating  ./icu_config.gypi
    Error: could not load pkg-config data for "icu-i18n".

Tried to fix it, but package ICU fails to install constantly on my system. Yosemite 10.10.2 (14C106a)

[rljohnsn]

How about refactor head section to accept branch as a parameter?

--with-branch=v0.11.15-release

Literally just hacked that into the head section and it installed without issue. Mavericks 10.9.5 (13F34)

  head do
#    url "https://github.com/joyent/node.git", :branch => "v0.12"
    url "https://github.com/joyent/node.git", :branch => "v0.11.15-release"

    depends_on "pkg-config" => :build
    depends_on "icu4c"
  end

[DomT4]

Pushed a PR: #36222 - I gave you some whacked out syntax off the top of my head, which probably compounded the errors you were getting.

devel --with-openssl --with-icu4c:

==> Summary
🍺  /usr/local/Cellar/node/0.11.15_3: 2166 files, 23M, built in 4.9 minutes

otool -L /usr/local/bin/node
/usr/local/bin/node:
    /usr/local/opt/openssl/lib/libssl.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib (compatibility version 1.0.0, current version 1.0.0)
    /usr/local/opt/icu4c/lib/libicui18n.54.dylib (compatibility version 54.0.0, current version 54.1.0)
    /usr/local/opt/icu4c/lib/libicuuc.54.dylib (compatibility version 54.0.0, current version 54.1.0)
    /usr/local/opt/icu4c/lib/libicudata.54.1.dylib (compatibility version 54.0.0, current version 54.1.0)
    /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1152.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0)
    /usr/lib/libstdc++.6.dylib (compatibility version 7.0.0, current version 104.1.0)
    /usr/lib/libgcc_s.1.dylib (compatibility version 1.0.0, current version 283.0.0)

And HEAD:

==> Summary
🍺  /usr/local/Cellar/node/HEAD: 2167 files, 25M, built in 8.1 minutes

All build options verified to be working fine locally on 10.10.2. If you wanted to test the other PR, that'd be more than welcome - Thanks in advance if you do.

How about refactor head section to accept branch as a parameter?

The HEAD section is ideally supposed to point at things that actually have no release tarball at all. Unless there are git submodules involved, Homebrew has a record of using tarballs. Release tarballs are considerably easier to manage and update than the HEAD section of formulae.

[DomT4]

ICU fails to install constantly on my system.

If the icu4c formula is failing to build for you, 'tis probably worth opening an issue on that.

[MikeMcQuaid]

Thanks @imrefazekas; we went with @DomT4's PR but appreciate your work here ❤️!

[DomT4]

Aye, Appreciate the PR here. Apologies I ended up jumping over it; It became a case of "Easier to fix than explain" but that's nothing against your PR at all, just against my ability to communicate such things 😉.

[imrefazekas]

It is ok. what does it matter is to have the feature done and I learned a lot!
Thanks guys! :)