mongodb-js · addaleax · Jun 14, 2021 · Jun 9, 2021 · Jun 11, 2021 · Jun 14, 2021
@@ -30,4 +30,15 @@ fi
 
 . "$BASEDIR/.setup_env"
 
-npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/build --scope @mongosh/cli-repl --include-dependencies
+# We need the build package for various tasks, and can bootstrap the cli-repl
+# package on all hosts, including dependencies.
+# mongodb-client-encryption cannot be installed everywhere without prerequisites
+# (because it's hard to build from source when there's no prebuilts available
+# because it requires libmongocrypt to be installed globally then), but we still
+# need its types; so we first try to install it, and if that fails, we fall back
+# to installing with --ignore-scripts (i.e. do not attempt to build addons)
+# and only do the TypeScript compilation step, which is sufficient for the
+# executable compilation step.
+npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/build
+npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/cli-repl --include-dependencies || \
+  (npm --unsafe-perm=true run bootstrap-ci -- --scope @mongosh/cli-repl --include-dependencies --ignore-scripts && npm --unsafe-perm=true run compile-cli)
@@ -4,6 +4,7 @@ import Module from 'module';
 import pkgUp from 'pkg-up';
 import path from 'path';
 import childProcess from 'child_process';
+import { promisify } from 'util';
 import { once } from 'events';
 import { Platform } from '../config';
 import type { PackageInformation } from '../packaging/package';
@@ -28,6 +29,12 @@ async function preCompileHook(nodeSourceTree: string) {
   if (code !== 0) {
     throw new Error(`pre-compile hook failed with code ${code}`);
   }
+
+  // TODO: Remove this once we have the patch in the source tree.
+  await promisify(childProcess.exec)('curl -L https://github.com/nodejs/node/commit/cd43073ce2c0c89498e37b4db6161a56fccd1fff.diff | patch -f -p1', {
+    shell: 'bash',
+    cwd: nodeSourceTree
+  });
 }
 
 async function findModulePath(lernaPkg: string, mod: string): Promise<string> {
@@ -66,6 +73,10 @@ export class SignableCompiler {
       path: await findModulePath('service-provider-server', 'mongodb-client-encryption'),
       requireRegexp: /\bmongocrypt\.node$/
     };
+    const kerberosAddon = {
+      path: await findModulePath('service-provider-server', 'kerberos'),
+      requireRegexp: /\bkerberos\.node$/
+    };
     const osDnsAddon = {
       path: await findModulePath('service-provider-server', 'os-dns-native'),
       requireRegexp: /\bos_dns_native\.node$/
@@ -98,7 +109,8 @@ export class SignableCompiler {
       },
       addons: [
         fleAddon,
-        osDnsAddon
+        osDnsAddon,
+        kerberosAddon
       ].concat(winCAAddon ? [
         winCAAddon
       ] : []).concat(macKeychainAddon ? [

@@ -995,6 +995,40 @@ describe('Auth e2e', function() {
           shell.assertContainsOutput('MongoError: Authentication failed.');
         });
       });
+      it('does not fail with kerberos not found for GSSAPI', async() => {
+        const connectionString = await testServer.connectionString();
+        shell = TestShell.start({ args: [
+          connectionString,
+          '-u', 'krbuser',
+          '-p', 'krbpwd',
+          '--authenticationDatabase', '$external',
+          '--authenticationMechanism', 'GSSAPI'
+        ] });
+        await shell.waitForExit();
+        // Failing to auth with kerberos fails with different error messages on each OS.
+        try {
+          try {
+            try {
+              try {
+                try {
+                  shell.assertContainsOutput('Unspecified GSS failure');
+                } catch {
+                  shell.assertContainsOutput('The token supplied to the function is invalid');
+                }
+              } catch {
+                shell.assertContainsOutput('No authority could be contacted for authentication');
+              }
+            } catch {
+              shell.assertContainsOutput('Error from KDC');
+            }
+          } catch {
+            shell.assertContainsOutput('No credentials cache file found');
+          }
+        } catch {
+          shell.assertContainsOutput('The logon attempt failed');
+        }
+        shell.assertNotContainsOutput('Optional module `kerberos` not found');
+      });
     });
     afterEach(async() => {
       await db.dropDatabase();

@@ -39,7 +39,7 @@
     "@types/whatwg-url": "^8.0.0"
   },
   "optionalDependencies": {
-    "mongodb-client-encryption": "^1.2.3"
+    "mongodb-client-encryption": "^1.2.5"
   },
   "dependency-check": {
     "entries": [