git-subtree-dir: third_party/nixpkgs git-subtree-split: 76612b17c0ce71689921ca12d9ffdc9c23ce40b2
418 lines
15 KiB
418 lines
15 KiB
{ lib, stdenv, fetchurl, openssl, python, zlib, libuv, http-parser, icu, bash
, ninja, pkgconf, unixtools, runCommand, buildPackages
, testers
# for `.pkgs` attribute
, callPackage
# Updater dependencies
, writeScript, coreutils, gnugrep, jq, curl, common-updater-scripts, nix, runtimeShell
, gnupg
, darwin
, installShellFiles
{ enableNpm ? true, version, sha256, patches ? [] } @args:
inherit (darwin.apple_sdk.frameworks) CoreServices ApplicationServices;
majorVersion = lib.versions.major version;
minorVersion = lib.versions.minor version;
pname = if enableNpm then "nodejs" else "nodejs-slim";
canExecute = stdenv.buildPlatform.canExecute stdenv.hostPlatform;
emulator = stdenv.hostPlatform.emulator buildPackages;
# See valid_os and valid_arch in
destOS =
platform = stdenv.hostPlatform;
if platform.isiOS then
else if platform.isAndroid then
else if platform.isWindows then
else if platform.isDarwin then
else if platform.isLinux then
else if platform.isOpenBSD then
else if platform.isFreeBSD then
throw "unsupported os ${platform.uname.system}";
destCPU =
platform = stdenv.hostPlatform;
if platform.isAarch then
"arm" + lib.optionalString platform.is64bit "64"
else if platform.isMips32 then
"mips" + lib.optionalString platform.isLittleEndian "le"
else if platform.isMips64 && platform.isLittleEndian then
else if platform.isPower then
"ppc" + lib.optionalString platform.is64bit "64"
else if platform.isx86_64 then
else if platform.isx86_32 then
else if platform.isS390x then
else if platform.isRiscV64 then
else if platform.isLoongArch64 then
throw "unsupported cpu ${platform.uname.processor}";
destARMFPU =
platform = stdenv.hostPlatform;
if platform.isAarch32 && platform ? gcc.fpu then
lib.throwIfNot (builtins.elem platform.gcc.fpu [
]) "unsupported ARM FPU ${platform.gcc.fpu}" platform.gcc.fpu
destARMFloatABI =
platform = stdenv.hostPlatform;
if platform.isAarch32 && platform ? gcc.float-abi then
lib.throwIfNot (builtins.elem platform.gcc.float-abi [
]) "unsupported ARM float ABI ${platform.gcc.float-abi}" platform.gcc.float-abi
# TODO: also handle MIPS flags (mips_arch, mips_fpu, mips_float_abi).
useSharedHttpParser = !stdenv.hostPlatform.isDarwin && lib.versionOlder "${majorVersion}.${minorVersion}" "11.4";
sharedLibDeps = { inherit openssl zlib libuv; } // (lib.optionalAttrs useSharedHttpParser { inherit http-parser; });
copyLibHeaders =
(name: "${lib.getDev sharedLibDeps.${name}}/include/*")
(builtins.attrNames sharedLibDeps);
# Currently stdenv sets CC/LD/AR/etc environment variables to program names
# instead of absolute paths. If we add cctools to nativeBuildInputs, that
# would shadow stdenv’s bintools and potentially break other parts of the
# build. The correct behavior is to use absolute paths, and there is a PR for
# that, see As a temporary
# workaround, we use only a single program we need (and that is not part of
# the stdenv).
darwin-cctools-only-libtool =
# Would be nice to have onlyExe builder similar to onlyBin…
runCommand "darwin-cctools-only-libtool" { cctools = lib.getBin buildPackages.cctools; } ''
mkdir -p "$out/bin"
ln -s "$cctools/bin/libtool" "$out/bin/libtool"
package = stdenv.mkDerivation (finalAttrs:
/** the final package fixed point, after potential overrides */
self = finalAttrs.finalPackage;
inherit pname version;
src = fetchurl {
url = "${version}/node-v${version}.tar.xz";
inherit sha256;
strictDeps = true;
env = {
# Tell ninja to avoid ANSI sequences, otherwise we don’t see build
# progress in Nix logs.
# Note: do not set TERM=dumb environment variable globally, it is used in
# test-ci-js test suite to skip tests that otherwise run fine.
NINJA = "TERM=dumb ninja";
} // lib.optionalAttrs (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isx86_64) {
# Make sure libc++ uses `posix_memalign` instead of `aligned_alloc` on x86_64-darwin.
# Otherwise, nodejs would require the 11.0 SDK and macOS 10.15+.
# NB: technically, we do not need bash in build inputs since all scripts are
# wrappers over the corresponding JS scripts. There are some packages though
# that use bash wrappers, e.g. polaris-web.
buildInputs = lib.optionals stdenv.hostPlatform.isDarwin [ CoreServices ApplicationServices ]
++ [ zlib libuv openssl http-parser icu bash ];
nativeBuildInputs =
++ lib.optionals stdenv.buildPlatform.isDarwin [
# gyp checks `sysctl -n hw.memsize` if `sys.platform == "darwin"`.
++ lib.optionals stdenv.hostPlatform.isDarwin [
# For gyp-mac-tool if `flavor == "mac"`.
# We currently rely on Makefile and stdenv for build phases, so do not let
# ninja’s setup hook to override default stdenv phases.
dontUseNinjaBuild = true;
dontUseNinjaCheck = true;
dontUseNinjaInstall = true;
outputs = [ "out" "libv8" ];
setOutputFlags = false;
moveToDev = false;
configureFlags =
++ lib.optionals (destARMFPU != null) [ "--with-arm-fpu=${destARMFPU}" ]
++ lib.optionals (destARMFloatABI != null) [ "--with-arm-float-abi=${destARMFloatABI}" ]
++ lib.optionals (!canExecute) [
# Node.js requires matching bitness between build and host platforms, e.g.
# for V8 startup snapshot builder (see tools/snapshot) and some other
# tools. We apply a patch that runs these tools using a host platform
# emulator and avoid cross-compiling altogether (from the build system’s
# perspective).
++ lib.optionals (lib.versionOlder version "19") [ "--without-dtrace" ]
++ lib.optionals (!enableNpm) [ "--without-npm" ]
++ lib.concatMap (name: [
"--shared-${name}-libpath=${lib.getLib sharedLibDeps.${name}}/lib"
Closure notes: we explicitly avoid specifying --shared-*-includes,
as that would put the paths into bin/nodejs.
Including pkg-config in build inputs would also have the same effect!
FIXME: the statement above is outdated, we have to include pkg-config
in build inputs for system-icu.
]) (builtins.attrNames sharedLibDeps);
configurePlatforms = [ ];
dontDisableStatic = true;
configureScript = writeScript "nodejs-configure" ''
exec ${python.executable} "$@"
enableParallelBuilding = true;
# Don't allow enabling content addressed conversion as `nodejs`
# checksums it's image before conversion happens and image loading
# breaks:
# $ nix build -f. nodejs --arg config '{ contentAddressedByDefault = true; }'
# $ ./result/bin/node
# Check failed: VerifyChecksum(blob).
__contentAddressed = false;
passthru.interpreterName = "nodejs";
passthru.pkgs = callPackage ../../node-packages/default.nix {
nodejs = self;
setupHook = ./;
pos = builtins.unsafeGetAttrPos "version" args;
inherit patches;
__darwinAllowLocalNetworking = true; # for tests
doCheck = canExecute;
# See
enableParallelChecking = false;
# Some dependencies required for tools/doc/node_modules (and therefore
# test-addons, jstest and others) target are not included in the tarball.
# Run test targets that do not require network access.
checkTarget = lib.concatStringsSep " " ([
] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [
# There are some test failures on macOS before v20 that are not worth the
# time to debug for a version that would be eventually removed in less
# than a year (Node.js 18 will be EOL at 2025-04-30). Note that these
# failures are specific to Nix sandbox on macOS and should not affect
# actual functionality.
checkFlags = [
# Do not create __pycache__ when running tests.
] ++ lib.optionals (stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isx86_64) [
# Python 3.12 introduced a warning for calling `os.fork()` in a
# multi‐threaded program. For some reason, the Node.js
# `tools/` program used for PTY‐related tests
# triggers this warning on Hydra, on `x86_64-darwin` only,
# despite not creating any threads itself. This causes the
# Node.js test runner to misinterpret the warnings as part of the
# test output and fail. It does not reproduce reliably off Hydra
# on Intel Macs, or occur on the `aarch64-darwin` builds.
# This seems likely to be related to Rosetta 2, but it could also
# be some strange x86‐64‐only threading behaviour of the Darwin
# system libraries, or a bug in CPython, or something else
# haunted about the Nixpkgs/Hydra build environment. We silence
# the warnings in the hope that closing our eyes will make the
# ghosts go away.
] ++ lib.optionals (!stdenv.buildPlatform.isDarwin || lib.versionAtLeast version "20") [
# Skip some tests that are not passing in this context
"CI_SKIP_TESTS=${lib.concatStringsSep "," ([
# This is a bit weird, but for some reason fs watch tests fail with
# sandbox.
] ++ lib.optionals (!lib.versionAtLeast version "22") [
] ++ lib.optionals stdenv.buildPlatform.isDarwin [
# Disable tests that don’t work under macOS sandbox.
] ++ lib.optionals (stdenv.buildPlatform.isDarwin && stdenv.buildPlatform.isx86_64) [
# These tests fail on x86_64-darwin (even without sandbox).
# TODO: revisit at a later date.
postInstall = ''
HOST_PATH=$out/bin patchShebangs --host $out
${lib.optionalString canExecute ''
$out/bin/node --completion-bash > node.bash
installShellCompletion node.bash
${lib.optionalString enableNpm ''
mkdir -p $out/share/bash-completion/completions
ln -s $out/lib/node_modules/npm/lib/utils/ \
for dir in "$out/lib/node_modules/npm/man/"*; do
mkdir -p $out/share/man/$(basename "$dir")
for page in "$dir"/*; do
ln -rs $page $out/share/man/$(basename "$dir")
# install the missing headers for node-gyp
# TODO: add dev output and use propagatedBuildInputs instead of copying headers.
cp -r ${lib.concatStringsSep " " copyLibHeaders} $out/include/node
# assemble a static v8 library and put it in the 'libv8' output
mkdir -p $libv8/lib
pushd out/Release/obj
find . -path "**/torque_*/**/*.o" -or -path "**/v8*/**/*.o" \
-and -not -name "torque.*" \
-and -not -name "mksnapshot.*" \
-and -not -name "gen-regexp-special-case.*" \
-and -not -name "bytecode_builtins_list_generator.*" \
| sort -u >files
test -s files # ensure that the list is not empty
$AR -cqs $libv8/lib/libv8.a @files
# copy v8 headers
cp -r deps/v8/include $libv8/
# create a pkgconfig file for v8
major=$(grep V8_MAJOR_VERSION deps/v8/include/v8-version.h | cut -d ' ' -f 3)
minor=$(grep V8_MINOR_VERSION deps/v8/include/v8-version.h | cut -d ' ' -f 3)
patch=$(grep V8_PATCH_LEVEL deps/v8/include/v8-version.h | cut -d ' ' -f 3)
mkdir -p $libv8/lib/pkgconfig
cat > $libv8/lib/pkgconfig/v8.pc << EOF
Name: v8
Description: V8 JavaScript Engine
Version: $major.$minor.$patch
Libs: -L$libv8/lib -lv8 -pthread -licui18n -licuuc
Cflags: -I$libv8/include
passthru.tests = {
version = testers.testVersion {
package = self;
version = "v${version}";
passthru.updateScript = import ./update.nix {
inherit writeScript coreutils gnugrep jq curl common-updater-scripts gnupg nix runtimeShell;
inherit lib;
inherit majorVersion;
meta = with lib; {
description = "Event-driven I/O framework for the V8 JavaScript engine";
homepage = "";
changelog = "${version}";
license =;
maintainers = with maintainers; [ aduh95 ];
platforms = platforms.linux ++ platforms.darwin;
mainProgram = "node";
knownVulnerabilities = optional (versionOlder version "18") "This NodeJS release has reached its end of life. See";
passthru.python = python; # to ensure nodeEnv uses the same version
in package