Last modified: 2014-10-14 22:01:20 UTC
I'd like to get a more modern version of node installed in Tools Labs for the anon project. Right now we have v0.8.2 installed but v0.10.31 is available if we add another apt repository: apt-add-repository ppa:chris-lea/node.js I get an error when attempting to npm install packages (see below). I believe this error is the result of an older version of npm that comes with v0.8.2. I installed v0.10.30 locally and the problem went away. I would like to have a more modern node installed so I can use the open grid engine to manage the anon bot. Right now I have it running using a locally installed version of node in /data/project/anon/node/ Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN npm ERR! at ClientRequest.<anonymous> (/usr/lib/nodejs/npm/node_modules/request/main.js:440:26) npm ERR! at ClientRequest.g (events.js:185:14) npm ERR! at ClientRequest.EventEmitter.emit (events.js:88:17) npm ERR! at HTTPParser.parserOnIncomingClient [as onIncoming] (http.js:1445:7) npm ERR! at HTTPParser.parserOnHeadersComplete [as onHeadersComplete] (http.js:111:23) npm ERR! at CleartextStream.socketOnData [as ondata] (http.js:1356:20) npm ERR! at CleartextStream.CryptoStream._push (tls.js:396:27) npm ERR! at SecurePair.cycle (tls.js:750:20) npm ERR! at EncryptedStream.CryptoStream.write (tls.js:131:13) npm ERR! at Socket.ondata (stream.js:38:26) npm ERR! [Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN] npm ERR! You may report this log at: npm ERR! <http://github.com/isaacs/npm/issues> npm ERR! or email it to: npm ERR! <npm-@googlegroups.com> npm ERR! System Linux 3.2.0-59-virtual npm ERR! command "nodejs" "/usr/bin/npm" "install" npm ERR! cwd /home/edsu/Projects/anon npm ERR! node -v v0.8.2 npm ERR! npm -v 1.1.39 npm ERR! message SSL Error: SELF_SIGNED_CERT_IN_CHAIN npm http GET https://registry.npmjs.org/coffee-script npm http GET https://registry.npmjs.org/ipv6 npm ERR! npm ERR! Additional logging details can be found in: npm ERR! /home/edsu/Projects/anon/npm-debug.log npm ERR! not ok code 0
This certificate error is a problem within node 0.8 / npm 1.1.x that was fixed in an update. While we should update to node 0.10, we probably will not do that for an individual page and instead have it happen naturally when we upgrade instances from Ubuntu Precise to Ubuntu Trusty (which comes with node 0.10). This bug should be fixed by updating node 0.8.x and npm to slightly newer minor versions. This was fixed in the integration project as well.
So can we get an upgrade in tools labs to another version of 0.8.x?
See also http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more In short: They used to have a self-signed certificate which was baked into nodejs. They got a proper certificate now, but existing npm installs don't know about this yet. You don't need to upgrade to a major new version (so not the ones in Trusty). A newer nodejs 0.8.x release and npm 1.4.x will suffice.
Raising priority. npm is unusable without this.
*** Bug 69079 has been marked as a duplicate of this bug. ***
That's actually not so much a Labs issue as it is a prod issue. Precise provides 0.6.12 - our current install of nodejs comes from the WMF repo which provides (atm) 0.8.2 (and is in current use by Parsoid so upgrading it blindly is not a possibility). Given that the change may be breaking, upgrading to 0.10 is also not really an option. There are two possibilities: (a) upgrade the WMF nodejs to the latest 0.8 release (requires coordination with the Parsoid people at least) or (b) install a project-local nodejs. (b) is less desirable because it increases maintenance overhead and makes labs diverge from prod (which we try to minimize). I'll look into doing (a) swiftly but if it's not possible I'll fall back to (b).
So is Parsoid not using npm at all? I really just need a working npm more than the most recently version of node. Thanks for your help!
New Trusty VMs should have node 0.10 and a reasonably up to date npm. I'd recommend upgrading or creating a new trusty VM.
Can tools labs easily be upgraded to Trusty?
(In reply to Ed Summers from comment #9) > Can tools labs easily be upgraded to Trusty? Not all of it, but there is a Trusty grid node available, and I'm about to add a Trusty bastion - between them you should be able to debug and run jobs on Trusty. More news on labs-l today.
There is now a Trusty instance available to tool labs (per the email on labs-l) which can be requested with the "-l release=trusty" option to qsub and jsub.
