diff --git a/.evergreen/.install_node b/.evergreen/.install_node index 2b59c4a21b..ca402d157c 100644 --- a/.evergreen/.install_node +++ b/.evergreen/.install_node @@ -30,4 +30,15 @@ fi . "$BASEDIR/.setup_env" -npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/build --scope @mongosh/cli-repl --include-dependencies +# We need the build package for various tasks, and can bootstrap the cli-repl +# package on all hosts, including dependencies. +# mongodb-client-encryption cannot be installed everywhere without prerequisites +# (because it's hard to build from source when there's no prebuilts available +# because it requires libmongocrypt to be installed globally then), but we still +# need its types; so we first try to install it, and if that fails, we fall back +# to installing with --ignore-scripts (i.e. do not attempt to build addons) +# and only do the TypeScript compilation step, which is sufficient for the +# executable compilation step. +npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/build +npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/cli-repl --include-dependencies || \ + (npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/cli-repl --include-dependencies --ignore-scripts && npm --unsafe-perm=true run compile-cli) diff --git a/packages/build/src/compile/signable-compiler.ts b/packages/build/src/compile/signable-compiler.ts index 19aa276e53..777e994ccb 100644 --- a/packages/build/src/compile/signable-compiler.ts +++ b/packages/build/src/compile/signable-compiler.ts @@ -4,6 +4,7 @@ import Module from 'module'; import pkgUp from 'pkg-up'; import path from 'path'; import childProcess from 'child_process'; +import { promisify } from 'util'; import { once } from 'events'; import { Platform } from '../config'; import type { PackageInformation } from '../packaging/package'; @@ -28,6 +29,12 @@ async function preCompileHook(nodeSourceTree: string) { if (code !== 0) { throw new Error(`pre-compile hook failed with code ${code}`); } + + // TODO: Remove this once we have the patch in the source tree. + await promisify(childProcess.exec)('curl -L https://github.com/nodejs/node/commit/cd43073ce2c0c89498e37b4db6161a56fccd1fff.diff | patch -f -p1', { + shell: 'bash', + cwd: nodeSourceTree + }); } async function findModulePath(lernaPkg: string, mod: string): Promise { @@ -66,6 +73,10 @@ export class SignableCompiler { path: await findModulePath('service-provider-server', 'mongodb-client-encryption'), requireRegexp: /\bmongocrypt\.node$/ }; + const kerberosAddon = { + path: await findModulePath('service-provider-server', 'kerberos'), + requireRegexp: /\bkerberos\.node$/ + }; const osDnsAddon = { path: await findModulePath('service-provider-server', 'os-dns-native'), requireRegexp: /\bos_dns_native\.node$/ @@ -98,7 +109,8 @@ export class SignableCompiler { }, addons: [ fleAddon, - osDnsAddon + osDnsAddon, + kerberosAddon ].concat(winCAAddon ? [ winCAAddon ] : []).concat(macKeychainAddon ? [ diff --git a/packages/cli-repl/test/e2e-auth.spec.ts b/packages/cli-repl/test/e2e-auth.spec.ts index 26f199b84f..89acd901df 100644 --- a/packages/cli-repl/test/e2e-auth.spec.ts +++ b/packages/cli-repl/test/e2e-auth.spec.ts @@ -995,6 +995,40 @@ describe('Auth e2e', function() { shell.assertContainsOutput('MongoError: Authentication failed.'); }); }); + it('does not fail with kerberos not found for GSSAPI', async() => { + const connectionString = await testServer.connectionString(); + shell = TestShell.start({ args: [ + connectionString, + '-u', 'krbuser', + '-p', 'krbpwd', + '--authenticationDatabase', '$external', + '--authenticationMechanism', 'GSSAPI' + ] }); + await shell.waitForExit(); + // Failing to auth with kerberos fails with different error messages on each OS. + try { + try { + try { + try { + try { + shell.assertContainsOutput('Unspecified GSS failure'); + } catch { + shell.assertContainsOutput('The token supplied to the function is invalid'); + } + } catch { + shell.assertContainsOutput('No authority could be contacted for authentication'); + } + } catch { + shell.assertContainsOutput('Error from KDC'); + } + } catch { + shell.assertContainsOutput('No credentials cache file found'); + } + } catch { + shell.assertContainsOutput('The logon attempt failed'); + } + shell.assertNotContainsOutput('Optional module `kerberos` not found'); + }); }); afterEach(async() => { await db.dropDatabase(); diff --git a/packages/service-provider-core/package-lock.json b/packages/service-provider-core/package-lock.json index f8fc5dbe09..687828ae58 100644 --- a/packages/service-provider-core/package-lock.json +++ b/packages/service-provider-core/package-lock.json @@ -286,15 +286,15 @@ "integrity": "sha512-HC4ZG98ObbWGM3ikL3VfSvuug3iQVpA2kBob/MxK+mn2PNdVTvR5lShio+Ev1rDqODfq3ePcfO6prfi0agQp8g==" }, "mongodb-client-encryption": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/mongodb-client-encryption/-/mongodb-client-encryption-1.2.3.tgz", - "integrity": "sha512-w+mvB2wLwWjnGvPYUmVDfec7OmkXfPTJh/BRAt23A1Q0g+duOFlZD+qRB0fQYwhGblkno5NBMR7HXSSRx5+AwQ==", + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/mongodb-client-encryption/-/mongodb-client-encryption-1.2.5.tgz", + "integrity": "sha512-zvMcPaB22RR3WXWn32gI97zrgwWTaQM6D22A1gruoK4g4BuIPItgFGI7u8UBJbjFqaaXYmYlFZkY+lrXcAsjCg==", "optional": true, "requires": { "bindings": "^1.5.0", "bl": "^2.2.1", "nan": "^2.14.2", - "prebuild-install": "6.0.1" + "prebuild-install": "6.1.2" } }, "nan": { @@ -310,9 +310,9 @@ "optional": true }, "node-abi": { - "version": "2.21.0", - "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-2.21.0.tgz", - "integrity": "sha512-smhrivuPqEM3H5LmnY3KU6HfYv0u4QklgAxfFyRNujKUzbUcYZ+Jc2EhukB9SRcD2VpqhxM7n/MIcp1Ua1/JMg==", + "version": "2.30.0", + "resolved": "https://registry.npmjs.org/node-abi/-/node-abi-2.30.0.tgz", + "integrity": "sha512-g6bZh3YCKQRdwuO/tSZZYJAw622SjsRfJ2X0Iy4sSOHZ34/sPPdVBn8fev2tj7njzLwuqPw9uMtGsGkO5kIQvg==", "optional": true, "requires": { "semver": "^5.4.1" @@ -358,9 +358,9 @@ } }, "prebuild-install": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-6.0.1.tgz", - "integrity": "sha512-7GOJrLuow8yeiyv75rmvZyeMGzl8mdEX5gY69d6a6bHWmiPevwqFw+tQavhK0EYMaSg3/KD24cWqeQv1EWsqDQ==", + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-6.1.2.tgz", + "integrity": "sha512-PzYWIKZeP+967WuKYXlTOhYBgGOvTRSfaKI89XnfJ0ansRAH7hDU45X+K+FZeI1Wb/7p/NnuctPH3g0IqKUuSQ==", "optional": true, "requires": { "detect-libc": "^1.0.3", @@ -369,15 +369,14 @@ "minimist": "^1.2.3", "mkdirp-classic": "^0.5.3", "napi-build-utils": "^1.0.1", - "node-abi": "^2.7.0", + "node-abi": "^2.21.0", "noop-logger": "^0.1.1", "npmlog": "^4.0.1", "pump": "^3.0.0", "rc": "^1.2.7", "simple-get": "^3.0.3", "tar-fs": "^2.0.0", - "tunnel-agent": "^0.6.0", - "which-pm-runs": "^1.0.0" + "tunnel-agent": "^0.6.0" } }, "process-nextick-args": { @@ -625,12 +624,6 @@ "webidl-conversions": "^6.1.0" } }, - "which-pm-runs": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/which-pm-runs/-/which-pm-runs-1.0.0.tgz", - "integrity": "sha1-Zws6+8VS4LVd9rd4DKdGFfI60cs=", - "optional": true - }, "wide-align": { "version": "1.1.3", "resolved": "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz", diff --git a/packages/service-provider-core/package.json b/packages/service-provider-core/package.json index cabcc7ec23..45d971455f 100644 --- a/packages/service-provider-core/package.json +++ b/packages/service-provider-core/package.json @@ -39,7 +39,7 @@ "@types/whatwg-url": "^8.0.0" }, "optionalDependencies": { - "mongodb-client-encryption": "^1.2.3" + "mongodb-client-encryption": "^1.2.5" }, "dependency-check": { "entries": [ diff --git a/packages/service-provider-server/package-lock.json b/packages/service-provider-server/package-lock.json index b8cb99e692..a9dd518a38 100644 --- a/packages/service-provider-server/package-lock.json +++ b/packages/service-provider-server/package-lock.json @@ -106,6 +106,28 @@ "ieee754": "^1.1.13" } }, + "buffer-alloc": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/buffer-alloc/-/buffer-alloc-1.2.0.tgz", + "integrity": "sha512-CFsHQgjtW1UChdXgbyJGtnm+O/uLQeZdtbDo8mfUgYXCHSM1wgrVxXm6bSyrUuErEb+4sYVGCzASBRot7zyrow==", + "optional": true, + "requires": { + "buffer-alloc-unsafe": "^1.1.0", + "buffer-fill": "^1.0.0" + } + }, + "buffer-alloc-unsafe": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/buffer-alloc-unsafe/-/buffer-alloc-unsafe-1.1.0.tgz", + "integrity": "sha512-TEM2iMIEQdJ2yjPJoSIsldnleVaAk1oW3DBVUykyOLsEsFmEc9kn+SFFPz+gl54KQNxlDnAwCXosOS9Okx2xAg==", + "optional": true + }, + "buffer-fill": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/buffer-fill/-/buffer-fill-1.0.0.tgz", + "integrity": "sha1-+PeLdniYiO858gXNY39o5wISKyw=", + "optional": true + }, "chownr": { "version": "1.1.4", "resolved": "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz", @@ -255,6 +277,128 @@ "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", "optional": true }, + "kerberos": { + "version": "1.1.5", + "resolved": "https://registry.npmjs.org/kerberos/-/kerberos-1.1.5.tgz", + "integrity": "sha512-tp8HMZpt7KCahGSRiU6TFDOsT+XLnN4pOXUwq/UzuuAvDhu5B6qWXeX5FcuHhLzRVHatFh3Tg2/fyJpYTU8bsQ==", + "optional": true, + "requires": { + "bindings": "^1.5.0", + "nan": "^2.14.1", + "prebuild-install": "5.3.0" + }, + "dependencies": { + "bl": { + "version": "1.2.3", + "resolved": "https://registry.npmjs.org/bl/-/bl-1.2.3.tgz", + "integrity": "sha512-pvcNpa0UU69UT341rO6AYy4FVAIkUHuZXRIWbq+zHnsVcRzDDjIAhGuuYoi0d//cwIwtt4pkpKycWEfjdV+vww==", + "optional": true, + "requires": { + "readable-stream": "^2.3.5", + "safe-buffer": "^5.1.1" + } + }, + "decompress-response": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/decompress-response/-/decompress-response-3.3.0.tgz", + "integrity": "sha1-gKTdMjdIOEv6JICDYirt7Jgq3/M=", + "optional": true, + "requires": { + "mimic-response": "^1.0.0" + } + }, + "mimic-response": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/mimic-response/-/mimic-response-1.0.1.tgz", + "integrity": "sha512-j5EctnkH7amfV/q5Hgmoal1g2QHFJRraOtmx0JpIqkxhBhI/lJSl1nMpQ45hVarwNETOoWEimndZ4QK0RHxuxQ==", + "optional": true + }, + "prebuild-install": { + "version": "5.3.0", + "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-5.3.0.tgz", + "integrity": "sha512-aaLVANlj4HgZweKttFNUVNRxDukytuIuxeK2boIMHjagNJCiVKWFsKF4tCE3ql3GbrD2tExPQ7/pwtEJcHNZeg==", + "optional": true, + "requires": { + "detect-libc": "^1.0.3", + "expand-template": "^2.0.3", + "github-from-package": "0.0.0", + "minimist": "^1.2.0", + "mkdirp": "^0.5.1", + "napi-build-utils": "^1.0.1", + "node-abi": "^2.7.0", + "noop-logger": "^0.1.1", + "npmlog": "^4.0.1", + "os-homedir": "^1.0.1", + "pump": "^2.0.1", + "rc": "^1.2.7", + "simple-get": "^2.7.0", + "tar-fs": "^1.13.0", + "tunnel-agent": "^0.6.0", + "which-pm-runs": "^1.0.0" + } + }, + "pump": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/pump/-/pump-2.0.1.tgz", + "integrity": "sha512-ruPMNRkN3MHP1cWJc9OWr+T/xDP0jhXYCLfJcBuX54hhfIBnaQmAUMfDcG4DM5UMWByBbJY69QSphm3jtDKIkA==", + "optional": true, + "requires": { + "end-of-stream": "^1.1.0", + "once": "^1.3.1" + } + }, + "simple-get": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/simple-get/-/simple-get-2.8.1.tgz", + "integrity": "sha512-lSSHRSw3mQNUGPAYRqo7xy9dhKmxFXIjLjp4KHpf99GEH2VH7C3AM+Qfx6du6jhfUi6Vm7XnbEVEf7Wb6N8jRw==", + "optional": true, + "requires": { + "decompress-response": "^3.3.0", + "once": "^1.3.1", + "simple-concat": "^1.0.0" + } + }, + "tar-fs": { + "version": "1.16.3", + "resolved": "https://registry.npmjs.org/tar-fs/-/tar-fs-1.16.3.tgz", + "integrity": "sha512-NvCeXpYx7OsmOh8zIOP/ebG55zZmxLE0etfWRbWok+q2Qo8x/vOR/IJT1taADXPe+jsiu9axDb3X4B+iIgNlKw==", + "optional": true, + "requires": { + "chownr": "^1.0.1", + "mkdirp": "^0.5.1", + "pump": "^1.0.0", + "tar-stream": "^1.1.2" + }, + "dependencies": { + "pump": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/pump/-/pump-1.0.3.tgz", + "integrity": "sha512-8k0JupWme55+9tCVE+FS5ULT3K6AbgqrGa58lTT49RpyfwwcGedHqaC5LlQNdEAumn/wFsu6aPwkuPMioy8kqw==", + "optional": true, + "requires": { + "end-of-stream": "^1.1.0", + "once": "^1.3.1" + } + } + } + }, + "tar-stream": { + "version": "1.6.2", + "resolved": "https://registry.npmjs.org/tar-stream/-/tar-stream-1.6.2.tgz", + "integrity": "sha512-rzS0heiNf8Xn7/mpdSVVSMAWAoy9bfb1WOTYC78Z0UQKeKa/CWS8FOq0lKGNa8DWKAn9gxjCvMLYc5PGXYlK2A==", + "optional": true, + "requires": { + "bl": "^1.0.0", + "buffer-alloc": "^1.2.0", + "end-of-stream": "^1.0.0", + "fs-constants": "^1.0.0", + "readable-stream": "^2.3.0", + "to-buffer": "^1.1.1", + "xtend": "^4.0.0" + } + } + } + }, "lodash": { "version": "4.17.21", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", @@ -278,6 +422,15 @@ "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", "optional": true }, + "mkdirp": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", + "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", + "optional": true, + "requires": { + "minimist": "^1.2.5" + } + }, "mkdirp-classic": { "version": "0.5.3", "resolved": "https://registry.npmjs.org/mkdirp-classic/-/mkdirp-classic-0.5.3.tgz", @@ -295,15 +448,15 @@ } }, "mongodb-client-encryption": { - "version": "1.2.3", - "resolved": "https://registry.npmjs.org/mongodb-client-encryption/-/mongodb-client-encryption-1.2.3.tgz", - "integrity": "sha512-w+mvB2wLwWjnGvPYUmVDfec7OmkXfPTJh/BRAt23A1Q0g+duOFlZD+qRB0fQYwhGblkno5NBMR7HXSSRx5+AwQ==", + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/mongodb-client-encryption/-/mongodb-client-encryption-1.2.5.tgz", + "integrity": "sha512-zvMcPaB22RR3WXWn32gI97zrgwWTaQM6D22A1gruoK4g4BuIPItgFGI7u8UBJbjFqaaXYmYlFZkY+lrXcAsjCg==", "optional": true, "requires": { "bindings": "^1.5.0", "bl": "^2.2.1", "nan": "^2.14.2", - "prebuild-install": "6.0.1" + "prebuild-install": "6.1.2" } }, "nan": { @@ -383,10 +536,16 @@ "node-addon-api": "^3.1.0" } }, + "os-homedir": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/os-homedir/-/os-homedir-1.0.2.tgz", + "integrity": "sha1-/7xJiDNuDoM94MFox+8VISGqf7M=", + "optional": true + }, "prebuild-install": { - "version": "6.0.1", - "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-6.0.1.tgz", - "integrity": "sha512-7GOJrLuow8yeiyv75rmvZyeMGzl8mdEX5gY69d6a6bHWmiPevwqFw+tQavhK0EYMaSg3/KD24cWqeQv1EWsqDQ==", + "version": "6.1.2", + "resolved": "https://registry.npmjs.org/prebuild-install/-/prebuild-install-6.1.2.tgz", + "integrity": "sha512-PzYWIKZeP+967WuKYXlTOhYBgGOvTRSfaKI89XnfJ0ansRAH7hDU45X+K+FZeI1Wb/7p/NnuctPH3g0IqKUuSQ==", "optional": true, "requires": { "detect-libc": "^1.0.3", @@ -395,15 +554,14 @@ "minimist": "^1.2.3", "mkdirp-classic": "^0.5.3", "napi-build-utils": "^1.0.1", - "node-abi": "^2.7.0", + "node-abi": "^2.21.0", "noop-logger": "^0.1.1", "npmlog": "^4.0.1", "pump": "^3.0.0", "rc": "^1.2.7", "simple-get": "^3.0.3", "tar-fs": "^2.0.0", - "tunnel-agent": "^0.6.0", - "which-pm-runs": "^1.0.0" + "tunnel-agent": "^0.6.0" } }, "process-nextick-args": { @@ -620,6 +778,12 @@ } } }, + "to-buffer": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/to-buffer/-/to-buffer-1.1.1.tgz", + "integrity": "sha512-lx9B5iv7msuFYE3dytT+KE5tap+rNYw+K4jVkb9R/asAb+pbBSM17jtunHplhBe6RRJdZx3Pn2Jph24O32mOVg==", + "optional": true + }, "tr46": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.0.2.tgz", @@ -681,6 +845,12 @@ "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", "optional": true + }, + "xtend": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", + "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "optional": true } } } diff --git a/packages/service-provider-server/package.json b/packages/service-provider-server/package.json index 0f4b0a4d3e..63b69718d0 100644 --- a/packages/service-provider-server/package.json +++ b/packages/service-provider-server/package.json @@ -50,8 +50,9 @@ "@types/bl": "^2.1.0" }, "optionalDependencies": { - "mongodb-client-encryption": "^1.2.3", + "mongodb-client-encryption": "^1.2.5", "os-dns-native": "^1.0.3", - "resolve-mongodb-srv": "^1.0.1" + "resolve-mongodb-srv": "^1.0.1", + "kerberos": "^1.1.5" } } diff --git a/packaging/deb-template/mongodb-mongosh/DEBIAN/control b/packaging/deb-template/mongodb-mongosh/DEBIAN/control index 2cafed6658..55b5453626 100644 --- a/packaging/deb-template/mongodb-mongosh/DEBIAN/control +++ b/packaging/deb-template/mongodb-mongosh/DEBIAN/control @@ -8,5 +8,5 @@ Installed-Size: {{size}} Maintainer: {{maintainer}} Homepage: {{homepage}} Description: {{description}} -Depends: libc6 (>= 2.17) +Depends: libc6 (>= 2.17), libgssapi-krb5-2 Recommends: libsasl2-2, libcurl4, libssl1.1