bump dev bundle again
sigh. in trying to work around a silly bug (npm creates ~/tmp), it
turns out that you can't actually install npm like that --- because it
reverts the hack done by 'make install PORTABLE=1' to make npm find node
properly (because that hack literally rewrites a file in the npm module)
Changes:
- Drop keypress; it hasn't been used since we rewrote prompts to use
built-in readline
- Use a slightly newer version of npm, to avoid strange thing where it
creates ~/tmp
- Drop node-aes-gcm and bcrypt: we now can support cross-platform
package deploys directly! (A follow-up commit will add them
to the corresponding packages.)
- Drop heapdump: it was only there for convenience, and now can also be
added via a package
- upddate some comments
This is basically the same as curl-install, except without:
- figure out which OS you're using (ie, figure out the URL)
- actually wget the tarball (comes from disk instead)
- setting up the /usr/local/bin/meteor script
They are not safe for spaces in paths. There might be other places to look for trouble.
I've run the following command to produce this commit: (on OS X, copy-and-pasting the below exactly)
find . -type f -name '*.sh' -print0 | # Find all .sh files
xargs -0 fgrep -H -- '`' | # See all places with backticks in them
fgrep 'cd `dirname $0' | # I deemed these problematic (variable assignments are safe)
cut -d ':' -f 1 | # Take the <file> from <file>:<line> produced by "grep -H"
tr '\n' '\0' | # Also here, spaces can be problematic - always do "xargs -0"!
xargs -0 -- sed -i '' 's/cd `dirname $0`/cd "`dirname "$0"`"/g'
The significance of adding the two levels of "'s can be verified by running the following in your Terminal:
$ node -e 'console.log(process.argv.splice(1))' -- `echo 1 2`
[ '1', '2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo 1 2`"
[ '1 2' ]
$ node -e 'console.log(process.argv.splice(1))' -- "`echo "1 2"`"
[ '1 2' ]
The large number of conflicts is because release-0.8.1.1 was branched
off of release/0.8.1 instead of master.
Conflicts:
History.md
docs/.meteor/release
docs/lib/release-override.js
examples/clock/.meteor/release
examples/leaderboard/.meteor/release
examples/parties/.meteor/release
examples/todos/.meteor/release
examples/wordplay/.meteor/release
scripts/admin/banner.txt
scripts/admin/notices.json
The previous version of openssl (1.0.1f) was vulnerable to the 'heartbleed'
attack, though Meteor did not use this version in a way that opened
it to attack. The build of openssl here is used only for mongod, not
node, and was used only as a client, not a server. But lets upgrade anyway.
