Allow file: in sharp_libvips_binary_host

[kelvinlouis]

What are you trying to achieve?
It would be nice to provide pre-built binaries from the file system directly to circumvent the need for a proxy. I work in a very restrictive environment and would like to provide the binaries in the repository itself. When trying to fetch the pre-built binary I get the following error:

info sharp Downloading https://github.com/lovell/sharp-libvips/releases/download/v8.10.0/libvips-8.10.0-win32-x64.tar.gz
ERR! sharp self signed certificate in certificate chain

I tried to set sharp_libvips_binary_host in the .npmrc file of the project to file:bin/ but received the following error:

info sharp Downloading file:bin//v8.10.0/libvips-8.10.0-win32-x64.tar.gz
ERR! sharp Protocol "file:" not supported. Expected "http:"

Have you searched for similar feature requests?
Yes

What would you expect the API to look like?
Allowing the file protocol to serve the binary.
sharp_libvips_binary_host=file:bin/

What alternatives have you considered?

• Setting up a proxy to serve the pre-built binaries. But this would require our procurement / IT team to be involved.
• Using custom builds but won't work because it isn't supported on Windows.
• Or is there a way to circumvent the following error: ERR! sharp self signed certificate in certificate chain?

[lovell]

Before downloading libvips tarballs, sharp will look in npm's cache:

sharp/install/libvips.js

Lines 95 to 98 in f4e259d

	const tarPathCache = path.join(libvips.cachePath(), tarFilename);
	if (fs.existsSync(tarPathCache)) {
	npmLog.info('sharp', `Using cached ${tarPathCache}`);
	extractTarball(tarPathCache);

sharp/lib/libvips.js

Lines 31 to 38 in f4e259d

	const cachePath = function () {
	const npmCachePath = env.npm_config_cache || /* istanbul ignore next */
	(env.APPDATA ? path.join(env.APPDATA, 'npm-cache') : path.join(os.homedir(), '.npm'));
	mkdirSync(npmCachePath);
	const libvipsCachePath = path.join(npmCachePath, '_libvips');
	mkdirSync(libvipsCachePath);
	return libvipsCachePath;
	};

On Windows, this directory should be %APPDATA%\npm-cache\_libvips

[kelvinlouis]

Wow that was fast.

I just checked and placing the tar file in the cache dir worked. Are you doing something similar for sharp-v0.26.3-napi-v3-win32-x64.tar.gz?

info sharp Using cached C:\Users\XXXXX\AppData\Roaming\npm-cache\_libvips\libvips-8.10.0-win32-x64.tar.gz
info sharp Creating C:\Users\XXXXX\projects\temp\node_modules\sharp\build\Release
info sharp Copying DLLs from C:\Users\XXXXX\projects\temp\node_modules\sharp\vendor\8.10.0\lib to C:\Users\XXXXX\projects\temp\node_modules\sharp\build\Release
prebuild-install info begin Prebuild-install version 6.0.0
prebuild-install info looking for cached prebuild @ C:\Users\XXXXX\AppData\Roaming\npm-cache\_prebuilds\6b1ede-sharp-v0.26.3-napi-v3-win32-x64.tar.gz
prebuild-install http request GET https://github.com/lovell/sharp/releases/download/v0.26.3/sharp-v0.26.3-napi-v3-win32-x64.tar.gz
prebuild-install WARN install self signed certificate in certificate chain

Not sure however if relying on the npm-cache dir is the way to go. Especially, considering that on the build server I will not have access to ensure that the file is there. I also do not know how npm handles the cache directory.

I also tried to provide my custom cert files in order to mitigate the self signed certificate issue, but that did not work.
What iritates me is that I get an error when trying to access https://github.com/lovell/sharp-libvips/releases/download/v8.10.0/libvips-8.10.0-win32-x64.tar.gz, but only a warning when trying do download https://github.com/lovell/sharp/releases/download/v0.26.3/sharp-v0.26.3-napi-v3-win32-x64.tar.gz

info sharp Downloading https://github.com/lovell/sharp-libvips/releases/download/v8.10.0/libvips-8.10.0-win32-x64.tar.gz
ERR! sharp self signed certificate in certificate chain

// The error above disappears if the file is found in the npm-cache
prebuild-install WARN install self signed certificate in certificate chain

I tried all the solutions outlined here, but I kept getting that error. Any idea how to resolve that?

[lovell]

https://nodejs.org/api/cli.html#cli_node_extra_ca_certs_file

[kelvinlouis]

Thanks @lovell

I tried it with the env variable before, but the certificates that I was using weren't correct. I asked the IT dep to look into it and they provided me with a new cert file. It worked using that file.

So, there is no need for this workaround.

I will now have to convice the IT team to allow accessing github on our build agents. This is currently blocked by the firewall, but there is nothing you can do about it :) You already helped enough. Thanks again!

[gochax]

Hi,

I have the same issue. I am also working in a restricted Linux build environment where I do not have access to the npm cache directory.

We are forced to manually upload the libvips headers into our internal artifact repository which does not follow the required path structure explained here.

Is there any possibility to set an env variable pointing to the path of the local file?

[lovell]

@gochax Please subscribe to prebuild/prebuild-install#137