https://github.com/npm/fstream/issues/26
We were working around this before, but this is a better fix. Plus might
be a (probably unobservable?) performance improvement since we do fewer
fs ops.
bump dev bundle again
sigh. in trying to work around a silly bug (npm creates ~/tmp), it
turns out that you can't actually install npm like that --- because it
reverts the hack done by 'make install PORTABLE=1' to make npm find node
properly (because that hack literally rewrites a file in the npm module)
Changes:
- Drop keypress; it hasn't been used since we rewrote prompts to use
built-in readline
- Use a slightly newer version of npm, to avoid strange thing where it
creates ~/tmp
- Drop node-aes-gcm and bcrypt: we now can support cross-platform
package deploys directly! (A follow-up commit will add them
to the corresponding packages.)
- Drop heapdump: it was only there for convenience, and now can also be
added via a package
- upddate some comments
They are not safe for spaces in paths. There might be other places to look for trouble.
I've run the following command to produce this commit: (on OS X, copy-and-pasting the below exactly)
find . -type f -name '*.sh' -print0 | # Find all .sh files
xargs -0 fgrep -H -- '`' | # See all places with backticks in them
fgrep 'cd `dirname $0' | # I deemed these problematic (variable assignments are safe)
cut -d ':' -f 1 | # Take the <file> from <file>:<line> produced by "grep -H"
tr '\n' '\0' | # Also here, spaces can be problematic - always do "xargs -0"!
xargs -0 -- sed -i '' 's/cd `dirname $0`/cd "`dirname "$0"`"/g'
The significance of adding the two levels of "'s can be verified by running the following in your Terminal:
$ node -e 'console.log(process.argv.splice(1))' -- `echo 1 2`
[ '1', '2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo 1 2`"
[ '1 2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo "1 2"`"
[ '1 2' ]
The previous version of openssl (1.0.1f) was vulnerable to the 'heartbleed'
attack, though Meteor did not use this version in a way that opened
it to attack. The build of openssl here is used only for mongod, not
node, and was used only as a client, not a server. But lets upgrade anyway.
The tool no longer uses it. Simplify webapp_server to do a dumb check
for a flag instead of using optimist.
ctl-helper still uses optimist; ideally it should use our parser from
main.js instead.
Also, remove a debugging "|| true" that was causing "LISTENING" to be
output even without --keepalive.
I am not actually planning to rebuild the dev bundle just to drop
optimist.
Also upgrade to 2.4.8 while we're at it.
(In the meteor/mongo repository, we've created an ssl-2.4.8 branch, and
also added a backported-from-Mongo-2.5 change to poll the repl set
config more often on startup.)
