Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: bump node to v12.18.0 (master) #23789

Merged
merged 19 commits into from Jun 17, 2020
Merged

chore: bump node to v12.18.0 (master) #23789

merged 19 commits into from Jun 17, 2020

Conversation

electron-bot
Copy link
Contributor

@electron-bot electron-bot commented May 27, 2020
edited

Updating Node.js to v12.18.0.

See all changes in v12.16.3..v12.18.0

Notes: Updated Node.js to v12.18.0.

@electron-bot electron-bot requested a review from a team as a code owner May 27, 2020 13:00
@codebytere codebytere self-assigned this May 27, 2020
@codebytere codebytere force-pushed the roller/node/master branch 4 times, most recently from 5bb5350 to 9e89d7f Compare May 27, 2020 20:09
@kskalski kskalski mentioned this pull request Jun 1, 2020
Closed
3 tasks
@deepak1556
Copy link
Member

Thanks @codebytere for making the zlib changes, but now that I think more, a couple questions come to my mind.

  • How does node track //thrid_party/zlib ? Do they keep updated with ToT ?
  • Our zlib roll tracks ToT as it comes with our nightly chromium updates, if this causes any ABI issues do we take responsibility to fix them ?
  • What is the size implications when we bundle two copies of zlib, can you measure this ?

I would like to bring this up in the upgrades-wg meeting tomorrow, can you add it to the agenda. Thanks!

@deepak1556
Copy link
Member

@jkleinsc why was the sandbox change required for this PR specifically ? Can it be isolated to a separate PR ?

@jkleinsc
Copy link
Contributor

jkleinsc commented Jun 2, 2020

@deepak1556 running with no-sandbox on this PR causes the arm/arm64 tests to fail:
eg: https://github.com/electron/electron/runs/727941638
and https://github.com/electron/electron/runs/727929651.
Those tests do not fail on master.

@deepak1556
Copy link
Member

Weird it starts failing on a node update. The change made doesn't enable sandbox, just fixes the permission of chrome-sandbox used by renderers with webPreference sandbox: true. I am not sure how this relates to the failing tests. Also I thought we don't want to add --cap-add SYS_ADMIN to container

/cc @nornagon

@jkleinsc
Copy link
Contributor

jkleinsc commented Jun 2, 2020

Hmm... looking at this comment: https://github.com/electron/electron/blob/master/spec-main/api-app-spec.ts#L1192, I wonder if I can get a docker seccomp profile working with our CI. I think that might be safer than --cap-add SYS_ADMIN

@electron-bot electron-bot changed the title chore: bump node to v12.17.0 (master) chore: bump node to v12.18.0 (master) Jun 3, 2020
@jkleinsc
Copy link
Contributor

jkleinsc commented Jun 3, 2020

digging into this further it appears that we won't be able to use a docker seccomp profile.

@deepak1556
Copy link
Member

Thanks for checking @jkleinsc , but I still don't have a clarity on why these tests started failing suddenly in this PR and why is fixing suid sandbox permissions turned out to be the fix.

@jkleinsc
Copy link
Contributor

jkleinsc commented Jun 3, 2020

@deepak1556 here's what I'm wondering - the main tests that are failing with --no-sandbox are debugger tests and I'm wondering if the --no-sandbox option isn't being properly passed which would then make sense as to why turning it off would work.

@codebytere
Copy link
Member

@deepak1556

How does node track //thrid_party/zlib ? Do they keep updated with ToT ?

They don't at present

Our zlib roll tracks ToT as it comes with our nightly chromium updates, if this causes any ABI issues do we take responsibility to fix them ?

I would say no - i doubt it would have nontrivial impact potential but even so i think it's an acceptable downside to minimizing our zlib bundle and staying more up-to-date

What is the size implications when we bundle two copies of zlib, can you measure this ?

I believe this change would reduce binary since, since we're de-duplicating a dependency 🤔

@codebytere
Copy link
Member

Seeing a slightly different ARM failure now i'm not quite sure how to approach: https://github.visualstudio.com/electron/_build/results?buildId=72603&view=logs&j=877ace19-74f4-59bc-441c-1ef8c83d8f95&t=f3841320-31a2-57c0-0cc6-7ff521662a00&l=991

@codebytere
Copy link
Member

codebytere commented Jun 17, 2020
edited

@deepak1556 after some investigation, i think we have no choice but to add -cap-add SYS_ADMIN to the sandbox on ARM. What's happening is that Node.js unflagged their implementation of the esmodule loader, and since we're not in sandbox mode, Node.js is enabled and propagates to every renderer process including devtools windows.

Then, because we have a Node.js environment, what's happening is that the devtools windows uses Node.js' implementation of the esmodule loader, which is at present incapable of loading modules from URLs (for good reason). There's no real way to specifically enable sandbox for devtools only, since at the time we're calling CreateContentRendererClient() we don't know what url we're loading (and therefore can't verify it's devtools or not).

@deepak1556
Copy link
Member

@codebytere since #16864 we sandbox devtools renderer by default. I am not sure how node esmloader is leaking into it. Were you able to confirm that the devtool renderer had node environment ?

Also why does this change only affect ARM builds ?

@MarshallOfSound
Copy link
Member

@deepak1556 Since that PR sandbox is enabled by default for devtools webContents. However this case we are overriding the default. The arm tests on VSTS run with the ELECTRON_DISABLE_SANDBOX environment variable which forcefully adds the --disable-sandbox flag to the command line of all processes. This will force the rendererclient to use the ElectronRendererClient (the one with node, this is where the esmloader comes from) and it only affects arm builds because they are the only ones that run with sandbox disabled

@deepak1556
Copy link
Member

deepak1556 commented Jun 17, 2020
edited

The arm tests on VSTS run with the ELECTRON_DISABLE_SANDBOX environment variable

because of container 🤦 now I understand the problem.

In that case I am good with the proposed solution. Thanks for the context.

@deepak1556
Copy link
Member

@codebytere thanks for the context on zlib adoption. I am good with maintaining a single dependency for now, we can revisit the issue incase incompatibility arises.

@deepak1556
Copy link
Member

For future reference, bundling two different zlib only increases the size by 121kb unstripped, zlib is a really minimal library with no dependencies.

codebytere and others added 17 commits June 17, 2020 10:24
@codebytere
Fixup GN build files patch
64b3aaa
@codebytere
Fixup hooks & exceptions patch
8897d25 
nodejs/node#24701
@codebytere
Fixup V8 Reallocate patch
77cfb19 
nodejs/node#31550
@codebytere
Fixup HostCleanupFinalizationGroupCallback patch
f0da5b3
@codebytere
Update filenames and indices
b18cfa7
@codebytere
Fixup InternalCallbackScope patch
ed2d654 
nodejs/node#30959
@codebytere
Add two new patches
4c3656b
@codebytere
update patches
150a1ed
@codebytere
Unconditionally include report feature
fa2634d 
nodejs/node#32242
@codebytere
Disable report tests and new worker test
87aadbc 
The report tests are disabled becuase the test report validator
checks that the `process.versions` object exactly matches that created
by Node.js - ours will always have an extra electron key and fail. I'm
planning to see if I can add an embedder case for this upstream.
@codebytere
update patches
8593ddc
@codebytere
fix: export zlib symbols from //third_party
105852e
@codebytere
Remove obsolete libuv patch
bc9608f 
nodejs/node#32866
@electron-bot @codebytere
chore: bump node in DEPS to v12.18.0
9de0565
@codebytere
update patches
b637ea6
@codebytere
chore: get arm testing working within sandbox
1f4ed44
@codebytere
Update InternalCallbackScope flags
e695ca6
deepak1556
deepak1556 approved these changes Jun 17, 2020
View reviewed changes
Copy link
Member

@deepak1556 deepak1556 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks!

@codebytere codebytere force-pushed the roller/node/master branch 3 times, most recently from c936eb9 to 04a065a Compare June 17, 2020 19:34
@codebytere @deepak1556
Update shell/browser/microtasks_runner.cc
7a3f830 
Co-authored-by: Robo <hop2deep@gmail.com>
@codebytere codebytere merged commit b665eb6 into master Jun 17, 2020
@release-clerk
Copy link

release-clerk bot commented Jun 17, 2020

Release Notes Persisted

Updated Node.js to v12.18.0.

@codebytere codebytere deleted the roller/node/master branch June 17, 2020 22:57
sentialx pushed a commit to sentialx/electron that referenced this pull request Jul 30, 2020
@electron-bot @codebytere @sentialx
chore: bump node to v12.18.0 (master) (electron#23789)
8db08af 
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
sentialx pushed a commit to sentialx/electron that referenced this pull request Apr 8, 2021
@electron-bot @codebytere @sentialx
chore: bump node to v12.18.0 (master) (electron#23789)
ec96213 
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere codebytere left review comments

@deepak1556 deepak1556 deepak1556 approved these changes

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees

@codebytere codebytere

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@electron-bot @deepak1556 @jkleinsc @codebytere @MarshallOfSound