Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install a specific version #33

Closed
hectcastro opened this issue Oct 27, 2014 · 47 comments
Closed

Install a specific version #33

hectcastro opened this issue Oct 27, 2014 · 47 comments
Assignees
Labels

Comments

@hectcastro
Copy link

How would you recommend that someone use this repository to install a specific version of Node.js? Previously, I was attempting to pin the version number, but it looks like older versions of Node.js are being replaced with newer ones.

My goal is to use a specific version of Node.js, but then not update to the newest version until after some testing occurs.

@ggsddu7
Copy link

ggsddu7 commented Oct 29, 2014

This is my question too

@rvagg
Copy link
Contributor

rvagg commented Oct 29, 2014

https://help.ubuntu.com/community/PinningHowto might be the way to go, /etc/apt/preferences

This is something we're only looking at experimenting with ourselves now for our Docker images, we'll let you know if we come up with an approach we can recommend, but for now, have a look at that wiki link.

@zol
Copy link

zol commented Dec 15, 2014

+1 It would be great to keep old versions available in Packages rather than just the latest.

Unfortunately pinning doesn't help when needing to provision new VM's to match machines in the cluster that are running an older version of the package.

@tecto
Copy link

tecto commented Jan 3, 2015

+1 for keeping old versions available in Packages.

Need to be able to apt-get install a specific version (0.10.33 in this case) across multiple servers and then pin the nodejs package to maintain consistency and separately test new versions before rollout.

Reference both https://help.ubuntu.com/community/PinningHowto and http://blog.andrewbeacock.com/2007/03/how-to-install-specific-version-of.html

@chrislea
Copy link
Contributor

chrislea commented Jan 3, 2015

Okay, we certainly understand the need. Unfortunately, the reprepro utility which is part of our tooling for publishing the repositories can't do this, so we'll need to look into using something like aptly instead. I'll update here once we have something ready.

@chris-prince
Copy link

What about at least providing one repo per major release series (e.g. 0.10.x, 0.12.x)?

This is especially relevant now that Node 0.12 is out. I'd like to have control over when I make the switch from 0.10.x to 0.12.x. (But I am okay with receiving bugfix updates on the track that I'm on.)

I feel like SaltStack PPAs do this well. (https://launchpad.net/~saltstack) In their case:

  • ppa:saltstack/salt gives the latest stable release
  • ppa:saltstack/salt2014-7 gives the latest stable v2014.7.x release
  • ppa:saltstack/salt2014-1 gives the latest stable v2014.1.x release
  • etc.

Going forward, I would love to see something similar for Node (e.g. repos node, node-0.10, node-0.12).

@coen-hyde
Copy link

This is an issue for us as well. I've switched to compiling from source for the moment as i'm not sure when the nodesouce repo will switch to a 0.12.x release.

@awithersdd
Copy link

This really should be fixed, like many we test and lock to a specific release for production, we cannot have apt-get install nodejs=specific version fail because a new release was made nor can we accept every new release as if it were the one tested against.

@retrohacker
Copy link
Contributor

https://github.com/nodesource/docker-node has examples of installing specific versions of node/iojs on debian/ubuntu using dpkg and fedora/centos using rpm. You may want to do gpg verification as well, like https://github.com/iojs/docker-iojs/blob/master/1.6/Dockerfile#L11

@shrop
Copy link

shrop commented Jul 25, 2015

Using Meteor and definitely need a way to pin the nodejs since there are version requirements. Thanks for all you you folks do on this distro!

@heston
Copy link

heston commented Dec 10, 2015

Friendly bump on this. I just got bit by a version update causing all of our builds to fail. Very unexpected that previous versions are wiped from the repo when a new one is released.

@retrohacker
Copy link
Contributor

@heston I believe they are only removed from the Release file. They are still in the repo: https://deb.nodesource.com/node_5.x/pool/main/n/nodejs/

Personally I am pinning against specific versions using wget [deb] && dpkg -i [deb].

@heston
Copy link

heston commented Dec 10, 2015

@wblankenship Thanks for the tip. Indeed, I see that the packages are still available, so that's an option. Without them being listed in the repo, it's not as easy to install with a package manager, though.

We're using salt to manage our package installations. It has great support for apt-get, but doesn't work as well with custom installation procedures.

@conatus
Copy link

conatus commented Jan 6, 2016

@wblankenship Thanks for the tip too!

Can someone from @nodesource please reply to this issue? We have occasional breaking builds as a result of this decision not to keep the packages around and we need to pin an exact version.

At the risk of sounding off, an allegedly "enterprise" set of packages should really allow this simply.

@retrohacker
Copy link
Contributor

@conatus, thanks for your comment. We understand that this feature has been a pain point for some. I personally had to work with it when building the Docker images for NodeSource.

@chrislea, @rvagg, and I are all on the @nodesource team.

Our current build uses the reprepro tool from the Debian project to host these repositories. As chrislea commented above, the tool is preventing us from doing this. We are looking into alternatives that will offer this feature.

We understand the need to pin to specific versions of Node in production. The rationale behind our Docker images is to support that specific use case. While we work towards a solution that allows apt to directly pin a version, we have a short term solution that I proposed above.

We religiously keep all of the artifacts generated by our builds, incrementing the trailing digit of the .deb in the event we need to do a rebuild. They all exist on deb.nodesource.com. This allows consumers to pin directly to a version of Node. The pools these artifacts are served from can be found at:

If you are using ansible, as @heston, the apt package supports the deb flag which takes a path to a .deb file on the remote box. Pairing this with get_url will offer a short term solution to version pinning.

There is a similar story for our rpm packages as well.

@conatus
Copy link

conatus commented Jan 6, 2016

Thanks for your reply @wblankenship, very much appreciated.

While this short term fix is certainly acceptable and the Dockerfiles are good examples, NodeSource isn't just any old set of builds. It is the set of builds recommended by the Node.js project itself as an install path. This repo is then a key bit of Node.js infrastructure for anyone running any kind of automation. You at @nodesource seem to intend it to be taken as such. So I hope you will consider working out how to pin versions easily as a matter of some priority in the near term.

Thanks a lot.

@leedm777
Copy link

If it helps, Docker addressed a similar problem using reprepro with their patch at moby/moby#16001. Maybe NodeSource can do something similar.

@nicholascapo
Copy link

Any word on this, aptly [1] works great for out internal repos, served from nginx.

[1] https://www.aptly.info/

@chrislea
Copy link
Contributor

Yes, we will probably move to aptly since it seems like the best tool that will let us do this. Unfortunately the way the builds are currently automated is fairly tied to reprepro so this isn't a trivial change to make. It will almost certainly happen when we move the repos to be served off of S3 / CloudFront. So both of those are things on the TODO list, but right now there are a couple of other infrastructure updates that we have to make first internally, so these aren't at the top of the list right now.

@danielkza
Copy link

Any news on this?

@Daniel15
Copy link

We switched from reprepro to Aptly for Yarn, and it works pretty well. I'd recommend it.

alxhub pushed a commit to angular/angular that referenced this issue May 6, 2020
…36837)

Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).

PR Close #36837
alxhub pushed a commit to angular/angular that referenced this issue May 6, 2020
…36837)

Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).

PR Close #36837
profanis pushed a commit to profanis/angular that referenced this issue Sep 5, 2020
…ngular#36837)

Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).

PR Close angular#36837
@edsadr edsadr assigned igsu and unassigned chrislea Jan 11, 2021
@igsu igsu closed this as completed Jan 21, 2021
alaviss added a commit to alaviss/nimskull-ci that referenced this issue Dec 7, 2021
NodeSource, while handy, does not support version pinning. As such it
would be impossible for us to ensure that the image can be reproduced.

See nodesource/distributions#33.

Included is also a script to update the containers version of NodeJS
automatically, pending integration with CI.
alaviss added a commit to alaviss/nimskull-ci that referenced this issue Dec 7, 2021
NodeSource, while handy, does not support version pinning. As such it
would be impossible for us to ensure that the image can be reproduced.

See nodesource/distributions#33.

Included is also a script to update the containers version of NodeJS
automatically, pending integration with CI.
alaviss added a commit to alaviss/nimskull-ci that referenced this issue Dec 7, 2021
NodeSource, while handy, does not support version pinning. As such it
would be impossible for us to ensure that the image can be reproduced.

See nodesource/distributions#33.

Included is also a script to update the containers version of NodeJS
automatically, pending integration with CI.
@trajano
Copy link

trajano commented Jan 18, 2022

Just to add to #33 (comment) I use the Dockerfile approach for building Expo tooling with Gradle on JDK8.

FROM node:16.13.0 as node

FROM gradle:jdk8
COPY --from=node /usr/local/ /usr/local/
RUN npm install -g expo-cli@4 turtle-cli

@e-dong
Copy link

e-dong commented May 4, 2022

@retrohacker
I'm using a Ubuntu 20.04.3 LTS based docker image

ENV NODE_REPO 16.x
ENV NODE_VERSION 16.15.0

RUN wget -O nodejs_${NODE_VERSION}-1nodesource1_amd64.deb https://deb.nodesource.com/node_${NODE_REPO}/pool/main/n/nodejs/nodejs_${NODE_VERSION}-1nodesource1_amd64.deb
RUN dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb

But i ran into this error:

Step 7/15 : RUN dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb
 ---> Running in 3df495c2ad6f
Selecting previously unselected package nodejs.
(Reading database ... 25329 files and directories currently installed.)
Preparing to unpack nodejs_16.15.0-1nodesource1_amd64.deb ...
Unpacking nodejs (16.15.0-1nodesource1) ...
dpkg: dependency problems prevent configuration of nodejs:
 nodejs depends on python-minimal; however:
  Package python-minimal is not installed.

dpkg: error processing package nodejs (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 nodejs
The command '/bin/bash -c dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb' returned a non-zero code: 1

I tried adding python-minimal beforehand but it fails. python-minimal is deprecated in favor of python2-minimal. Unfortunately that doesn't seem to resolve the issue.
From this post it looks like there is a dependency on python2?
https://www.reddit.com/r/node/comments/g99i2b/ubuntu_2004_is_out_but_nodesource_deb_still/

rogeruiz added a commit to transcom/circleci-docker that referenced this issue Jun 1, 2022
I took the instructions from the GitHub issue which I updated to point
to the exact comment which shows how to pin the Node version to a
specific number. But since this issue is still being updated, as 27 days
ago at the time this was written, I figured I'd leave a link to the
comment which could give us issues updated to this version of Node LTS.

Comment talking about a dependency on python2:
nodesource/distributions#33 (comment)
@slifty
Copy link

slifty commented Oct 6, 2022

@e-dong I faced the python-minimal issue as well and think it may have been linked to a past use of running the 16.x` script.

Running this on a totally fresh machine caused no issues, for instance.

curl -o nodejs.deb https://deb.nodesource.com/node_16.x/pool/main/n/nodejs/nodejs_16.17.1-deb-1nodesource1_arm64.deb
apt -y install ./nodejs.deb

(Sorry this comment isn't fully baked; I wanted to mention the clue for future folks facing the problem)

@curledUpSheep
Copy link

FYI: I was able to resolve the python-minimal issue by switching from nodejs_${NODEJS_VERSION}-1nodesource1_amd64.deb to nodejs_${NODEJS_VERSION}-deb-1nodesource1_amd64.deb

It seems the file with -deb in the filename includes metadata that fixes the issue.

@Gerst20051
Copy link

When I switched to using the -deb version it installed the latest version and printed this message:

root@063d58f6174d:/code# apt-get install -y ./$DEB_FILE
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Note, selecting 'nodejs' instead of './nodejs_16.13.2-deb-1nodesource1_arm64.deb'

@nick4fake
Copy link

Good example why pinning is extremely important:
nodejs/node#48444

We are not sure what to do now with all builds failing

@pulsedynamic
Copy link

FYI: I was able to resolve the python-minimal issue by switching from nodejs_${NODEJS_VERSION}-1nodesource1_amd64.deb to nodejs_${NODEJS_VERSION}-deb-1nodesource1_amd64.deb

It seems the file with -deb in the filename includes metadata that fixes the issue.

you are a legend, thanks

@mkozjak
Copy link

mkozjak commented Aug 30, 2023

A new proper way to do this, per official documentation, is here:

sudo apt install -y ca-certificates gnupg
curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg

NODE_MAJOR=16
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_MAJOR.x nodistro main" | sudo tee /etc/apt/sources.list.d/nodesource.list
sudo apt update
apt-cache policy nodejs
sudo apt install --yes nodejs=16.15.1-1nodesource1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests