bump dev bundle again
sigh. in trying to work around a silly bug (npm creates ~/tmp), it
turns out that you can't actually install npm like that --- because it
reverts the hack done by 'make install PORTABLE=1' to make npm find node
properly (because that hack literally rewrites a file in the npm module)
Changes:
- Drop keypress; it hasn't been used since we rewrote prompts to use
built-in readline
- Use a slightly newer version of npm, to avoid strange thing where it
creates ~/tmp
- Drop node-aes-gcm and bcrypt: we now can support cross-platform
package deploys directly! (A follow-up commit will add them
to the corresponding packages.)
- Drop heapdump: it was only there for convenience, and now can also be
added via a package
- upddate some comments
They are not safe for spaces in paths. There might be other places to look for trouble.
I've run the following command to produce this commit: (on OS X, copy-and-pasting the below exactly)
find . -type f -name '*.sh' -print0 | # Find all .sh files
xargs -0 fgrep -H -- '`' | # See all places with backticks in them
fgrep 'cd `dirname $0' | # I deemed these problematic (variable assignments are safe)
cut -d ':' -f 1 | # Take the <file> from <file>:<line> produced by "grep -H"
tr '\n' '\0' | # Also here, spaces can be problematic - always do "xargs -0"!
xargs -0 -- sed -i '' 's/cd `dirname $0`/cd "`dirname "$0"`"/g'
The significance of adding the two levels of "'s can be verified by running the following in your Terminal:
$ node -e 'console.log(process.argv.splice(1))' -- `echo 1 2`
[ '1', '2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo 1 2`"
[ '1 2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo "1 2"`"
[ '1 2' ]
The previous version of openssl (1.0.1f) was vulnerable to the 'heartbleed'
attack, though Meteor did not use this version in a way that opened
it to attack. The build of openssl here is used only for mongod, not
node, and was used only as a client, not a server. But lets upgrade anyway.
The tool no longer uses it. Simplify webapp_server to do a dumb check
for a flag instead of using optimist.
ctl-helper still uses optimist; ideally it should use our parser from
main.js instead.
Also, remove a debugging "|| true" that was causing "LISTENING" to be
output even without --keepalive.
I am not actually planning to rebuild the dev bundle just to drop
optimist.
Also upgrade to 2.4.8 while we're at it.
(In the meteor/mongo repository, we've created an ssl-2.4.8 branch, and
also added a backported-from-Mongo-2.5 change to poll the repl set
config more often on startup.)
This will make it much easier to upgrade them and test new versions.
(They are still called from the bundler, so changes to how we access them (eg
source map support) will require modifying tools, but just "upgrade to new
version" now is much easier.)
