Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Install a specific version #33

Closed
hectcastro opened this issue Oct 27, 2014 · 41 comments
Closed

Install a specific version #33

hectcastro opened this issue Oct 27, 2014 · 41 comments

Comments

@hectcastro
Copy link

hectcastro commented Oct 27, 2014

How would you recommend that someone use this repository to install a specific version of Node.js? Previously, I was attempting to pin the version number, but it looks like older versions of Node.js are being replaced with newer ones.

My goal is to use a specific version of Node.js, but then not update to the newest version until after some testing occurs.

@Freewavs
Copy link

Freewavs commented Oct 29, 2014

This is my question too

@rvagg
Copy link
Contributor

rvagg commented Oct 29, 2014

https://help.ubuntu.com/community/PinningHowto might be the way to go, /etc/apt/preferences

This is something we're only looking at experimenting with ourselves now for our Docker images, we'll let you know if we come up with an approach we can recommend, but for now, have a look at that wiki link.

@zol
Copy link

zol commented Dec 15, 2014

+1 It would be great to keep old versions available in Packages rather than just the latest.

Unfortunately pinning doesn't help when needing to provision new VM's to match machines in the cluster that are running an older version of the package.

@tecto
Copy link

tecto commented Jan 3, 2015

+1 for keeping old versions available in Packages.

Need to be able to apt-get install a specific version (0.10.33 in this case) across multiple servers and then pin the nodejs package to maintain consistency and separately test new versions before rollout.

Reference both https://help.ubuntu.com/community/PinningHowto and http://blog.andrewbeacock.com/2007/03/how-to-install-specific-version-of.html

@chrislea
Copy link
Contributor

chrislea commented Jan 3, 2015

Okay, we certainly understand the need. Unfortunately, the reprepro utility which is part of our tooling for publishing the repositories can't do this, so we'll need to look into using something like aptly instead. I'll update here once we have something ready.

@chris-prince
Copy link

chris-prince commented Feb 7, 2015

What about at least providing one repo per major release series (e.g. 0.10.x, 0.12.x)?

This is especially relevant now that Node 0.12 is out. I'd like to have control over when I make the switch from 0.10.x to 0.12.x. (But I am okay with receiving bugfix updates on the track that I'm on.)

I feel like SaltStack PPAs do this well. (https://launchpad.net/~saltstack) In their case:

  • ppa:saltstack/salt gives the latest stable release
  • ppa:saltstack/salt2014-7 gives the latest stable v2014.7.x release
  • ppa:saltstack/salt2014-1 gives the latest stable v2014.1.x release
  • etc.

Going forward, I would love to see something similar for Node (e.g. repos node, node-0.10, node-0.12).

@coen-hyde
Copy link

coen-hyde commented Feb 11, 2015

This is an issue for us as well. I've switched to compiling from source for the moment as i'm not sure when the nodesouce repo will switch to a 0.12.x release.

@awithersdd
Copy link

awithersdd commented Apr 3, 2015

This really should be fixed, like many we test and lock to a specific release for production, we cannot have apt-get install nodejs=specific version fail because a new release was made nor can we accept every new release as if it were the one tested against.

@retrohacker
Copy link
Contributor

retrohacker commented Apr 4, 2015

https://github.com/nodesource/docker-node has examples of installing specific versions of node/iojs on debian/ubuntu using dpkg and fedora/centos using rpm. You may want to do gpg verification as well, like https://github.com/iojs/docker-iojs/blob/master/1.6/Dockerfile#L11

@shrop
Copy link

shrop commented Jul 25, 2015

Using Meteor and definitely need a way to pin the nodejs since there are version requirements. Thanks for all you you folks do on this distro!

@heston
Copy link

heston commented Dec 10, 2015

Friendly bump on this. I just got bit by a version update causing all of our builds to fail. Very unexpected that previous versions are wiped from the repo when a new one is released.

@retrohacker
Copy link
Contributor

retrohacker commented Dec 10, 2015

@heston I believe they are only removed from the Release file. They are still in the repo: https://deb.nodesource.com/node_5.x/pool/main/n/nodejs/

Personally I am pinning against specific versions using wget [deb] && dpkg -i [deb].

@heston
Copy link

heston commented Dec 10, 2015

@wblankenship Thanks for the tip. Indeed, I see that the packages are still available, so that's an option. Without them being listed in the repo, it's not as easy to install with a package manager, though.

We're using salt to manage our package installations. It has great support for apt-get, but doesn't work as well with custom installation procedures.

@conatus
Copy link

conatus commented Jan 6, 2016

@wblankenship Thanks for the tip too!

Can someone from @nodesource please reply to this issue? We have occasional breaking builds as a result of this decision not to keep the packages around and we need to pin an exact version.

At the risk of sounding off, an allegedly "enterprise" set of packages should really allow this simply.

@retrohacker
Copy link
Contributor

retrohacker commented Jan 6, 2016

@conatus, thanks for your comment. We understand that this feature has been a pain point for some. I personally had to work with it when building the Docker images for NodeSource.

@chrislea, @rvagg, and I are all on the @nodesource team.

Our current build uses the reprepro tool from the Debian project to host these repositories. As chrislea commented above, the tool is preventing us from doing this. We are looking into alternatives that will offer this feature.

We understand the need to pin to specific versions of Node in production. The rationale behind our Docker images is to support that specific use case. While we work towards a solution that allows apt to directly pin a version, we have a short term solution that I proposed above.

We religiously keep all of the artifacts generated by our builds, incrementing the trailing digit of the .deb in the event we need to do a rebuild. They all exist on deb.nodesource.com. This allows consumers to pin directly to a version of Node. The pools these artifacts are served from can be found at:

If you are using ansible, as @heston, the apt package supports the deb flag which takes a path to a .deb file on the remote box. Pairing this with get_url will offer a short term solution to version pinning.

There is a similar story for our rpm packages as well.

@conatus
Copy link

conatus commented Jan 6, 2016

Thanks for your reply @wblankenship, very much appreciated.

While this short term fix is certainly acceptable and the Dockerfiles are good examples, NodeSource isn't just any old set of builds. It is the set of builds recommended by the Node.js project itself as an install path. This repo is then a key bit of Node.js infrastructure for anyone running any kind of automation. You at @nodesource seem to intend it to be taken as such. So I hope you will consider working out how to pin versions easily as a matter of some priority in the near term.

Thanks a lot.

@leedm777
Copy link

leedm777 commented Jan 25, 2016

If it helps, Docker addressed a similar problem using reprepro with their patch at moby/moby#16001. Maybe NodeSource can do something similar.

@nicholascapo
Copy link

nicholascapo commented Mar 31, 2016

Any word on this, aptly [1] works great for out internal repos, served from nginx.

[1] https://www.aptly.info/

@chrislea
Copy link
Contributor

chrislea commented Mar 31, 2016

Yes, we will probably move to aptly since it seems like the best tool that will let us do this. Unfortunately the way the builds are currently automated is fairly tied to reprepro so this isn't a trivial change to make. It will almost certainly happen when we move the repos to be served off of S3 / CloudFront. So both of those are things on the TODO list, but right now there are a couple of other infrastructure updates that we have to make first internally, so these aren't at the top of the list right now.

@danielkza
Copy link

danielkza commented Feb 3, 2017

Any news on this?

@Daniel15
Copy link

Daniel15 commented Mar 11, 2017

We switched from reprepro to Aptly for Yarn, and it works pretty well. I'd recommend it.

@gazal-k
Copy link

gazal-k commented Jul 8, 2019

On centos, I was able to do:

curl -f --silent --location https://rpm.nodesource.com/setup_8.x | bash - 
yum install -y nodejs-8.8.1

@abitrolly
Copy link

abitrolly commented Apr 1, 2020

For Debian 10 Buster I had to modify @metametadata script for installing specific version of NodeJS and Yarn. The node version is taken from /app/package.json.

RUN set -x \
      && apt-get update && apt-get install -y curl jq \
      && NODE_VERSION=$(jq -r .engines.node /app/package.json) \
      && DEB_FILE="nodejs_${NODE_VERSION}-1nodesource1_amd64.deb" \
      && curl -sLO "https://deb.nodesource.com/node_12.x/pool/main/n/nodejs/${DEB_FILE}" \
      && apt-get install -y ./"${DEB_FILE}" && rm "${DEB_FILE}" \
      && curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
      && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
      && apt-get update && apt-get install -y yarn \
      && rm -rf /var/lib/apt/lists/*

@Daniel15
Copy link

Daniel15 commented Apr 1, 2020

@abitrolly Just be careful, the -1nodesource1 part is part of the package version number and could change.

I'd also recommend installing a fixed version of Yarn, which you can do using something like apt install yarn=1.22.4-1. You can run apt list -a yarn to see all available versions:

root@vps03:~# apt list -a yarn
Listing... Done
yarn/stable,stable,now 1.22.4-1 all [installed]
yarn/stable,stable 1.22.1-1 all
yarn/stable,stable 1.22.0-1 all
yarn/stable,stable 1.21.1-1 all
yarn/stable,stable 1.19.2-1 all
yarn/stable,stable 1.19.1-1 all
yarn/stable,stable 1.19.0-1 all
yarn/stable,stable 1.17.3-1 all
yarn/stable,stable 1.16.0-1 all
yarn/stable,stable 1.15.2-1 all
yarn/stable,stable 1.13.0-1 all
yarn/stable,stable 1.12.3-1 all
yarn/stable,stable 1.12.1-1 all
yarn/stable,stable 1.10.1-1 all
yarn/stable,stable 1.10.0-1 all
yarn/stable,stable 1.9.4-1 all
yarn/stable,stable 1.9.2-1 all
yarn/stable,stable 1.7.0-1 all
yarn/stable,stable 1.6.0-1 all
yarn/stable,stable 1.5.1-1 all
yarn/stable,stable 1.3.2-1 all
yarn/stable,stable 1.2.1-1 all
yarn/stable,stable 1.2.0-1 all
yarn/stable,stable 1.1.0-1 all
yarn/stable,stable 1.0.2-1 all
yarn/stable,stable 1.0.1-1 all
yarn/stable,stable 0.27.5-1 all
yarn/stable,stable 0.27.4-1 all
yarn/stable,stable 0.27.3-1 all
yarn/stable,stable 0.27.2-1 all
yarn/stable,stable 0.24.6-1 all
yarn/stable,stable 0.24.5-1 all
yarn/stable,stable 0.24.4-1 all
yarn/stable,stable 0.24.3-1 all
yarn/stable,stable 0.23.4-1 all
yarn/stable,stable 0.23.3-1 all
yarn/stable,stable 0.23.2-1 all
yarn/stable,stable 0.22.0-1 all
yarn/stable,stable 0.21.3-1 all
yarn/stable,stable 0.20.3-1 all
yarn/stable,stable 0.19.1-1 all
yarn/stable,stable 0.18.1-1 all
yarn/stable,stable 0.17.10-1 all
yarn/stable,stable 0.17.9-1 all
yarn/stable,stable 0.17.8-1 all
yarn/stable,stable 0.17.6-1 all
yarn/stable,stable 0.17.5-1 all
yarn/stable,stable 0.17.4-1 all
yarn/stable,stable 0.17.3-1 all
yarn/stable,stable 0.17.2-1 all
yarn/stable,stable 0.17.0-1 all
yarn/stable,stable 0.16.1-1 all
yarn/stable,stable 0.16.0-1 all
yarn/stable,stable 0.15.0-1 all

gkalpak added a commit to gkalpak/angular that referenced this issue Apr 28, 2020
Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).
gkalpak added a commit to gkalpak/angular that referenced this issue Apr 28, 2020
Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).
gkalpak added a commit to gkalpak/angular that referenced this issue Apr 28, 2020
Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).
gkalpak added a commit to gkalpak/angular that referenced this issue May 2, 2020
Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).
gkalpak added a commit to gkalpak/angular that referenced this issue May 2, 2020
Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).
alxhub pushed a commit to angular/angular that referenced this issue May 6, 2020
…36837)

Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).

PR Close #36837
alxhub pushed a commit to angular/angular that referenced this issue May 6, 2020
…36837)

Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).

PR Close #36837
profanis pushed a commit to profanis/angular that referenced this issue Sep 5, 2020
…ngular#36837)

Previously, in order to remain as deterministic as possible, the
Dockerfile for the preview server Docker image had all dependencies
pinned to specific versions. It turns out that some packages (such as
`nginx`, `nodejs`, and `openssl` - potentially others too) make older
versions unavailable on the repositories once a newer version is
available.

See for example:
- nodesource/distributions#33
- https://askubuntu.com/questions/715104/how-can-i-downgrade-openssl-via-apt-get

This commit, therefore, removes the exact versions for these packages.
The latest versions will be installed everytime the Docker image is
built (subject to Docker caching).

PR Close angular#36837
@edsadr edsadr assigned igsu and unassigned chrislea Jan 11, 2021
@igsu igsu closed this as completed Jan 21, 2021
alaviss added a commit to alaviss/nimskull-ci that referenced this issue Dec 7, 2021
NodeSource, while handy, does not support version pinning. As such it
would be impossible for us to ensure that the image can be reproduced.

See nodesource/distributions#33.

Included is also a script to update the containers version of NodeJS
automatically, pending integration with CI.
alaviss added a commit to alaviss/nimskull-ci that referenced this issue Dec 7, 2021
NodeSource, while handy, does not support version pinning. As such it
would be impossible for us to ensure that the image can be reproduced.

See nodesource/distributions#33.

Included is also a script to update the containers version of NodeJS
automatically, pending integration with CI.
alaviss added a commit to alaviss/nimskull-ci that referenced this issue Dec 7, 2021
NodeSource, while handy, does not support version pinning. As such it
would be impossible for us to ensure that the image can be reproduced.

See nodesource/distributions#33.

Included is also a script to update the containers version of NodeJS
automatically, pending integration with CI.
@trajano
Copy link

trajano commented Jan 18, 2022

Just to add to #33 (comment) I use the Dockerfile approach for building Expo tooling with Gradle on JDK8.

FROM node:16.13.0 as node

FROM gradle:jdk8
COPY --from=node /usr/local/ /usr/local/
RUN npm install -g expo-cli@4 turtle-cli

@e-dong
Copy link

e-dong commented May 4, 2022

@retrohacker
I'm using a Ubuntu 20.04.3 LTS based docker image

ENV NODE_REPO 16.x
ENV NODE_VERSION 16.15.0

RUN wget -O nodejs_${NODE_VERSION}-1nodesource1_amd64.deb https://deb.nodesource.com/node_${NODE_REPO}/pool/main/n/nodejs/nodejs_${NODE_VERSION}-1nodesource1_amd64.deb
RUN dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb

But i ran into this error:

Step 7/15 : RUN dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb
 ---> Running in 3df495c2ad6f
Selecting previously unselected package nodejs.
(Reading database ... 25329 files and directories currently installed.)
Preparing to unpack nodejs_16.15.0-1nodesource1_amd64.deb ...
Unpacking nodejs (16.15.0-1nodesource1) ...
dpkg: dependency problems prevent configuration of nodejs:
 nodejs depends on python-minimal; however:
  Package python-minimal is not installed.

dpkg: error processing package nodejs (--install):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 nodejs
The command '/bin/bash -c dpkg -i nodejs_${NODE_VERSION}-1nodesource1_amd64.deb' returned a non-zero code: 1

I tried adding python-minimal beforehand but it fails. python-minimal is deprecated in favor of python2-minimal. Unfortunately that doesn't seem to resolve the issue.
From this post it looks like there is a dependency on python2?
https://www.reddit.com/r/node/comments/g99i2b/ubuntu_2004_is_out_but_nodesource_deb_still/

rogeruiz added a commit to transcom/circleci-docker that referenced this issue Jun 1, 2022
I took the instructions from the GitHub issue which I updated to point
to the exact comment which shows how to pin the Node version to a
specific number. But since this issue is still being updated, as 27 days
ago at the time this was written, I figured I'd leave a link to the
comment which could give us issues updated to this version of Node LTS.

Comment talking about a dependency on python2:
nodesource/distributions#33 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests