2015-05-24 12:27:40 +08:00
# asdf-nodejs
2016-03-16 12:24:18 +08:00
Node.js plugin for [asdf ](https://github.com/asdf-vm/asdf ) version manager
2015-05-24 12:27:40 +08:00
2017-02-23 06:17:36 +08:00
## Requirements
+ _(MacOS)_ [GNU Core Utils ](http://www.gnu.org/software/coreutils/coreutils.html˙˚ ) - `brew install coreutils`
2015-05-24 12:27:40 +08:00
## Install
```
2016-03-16 12:24:18 +08:00
asdf plugin-add nodejs https://github.com/asdf-vm/asdf-nodejs.git
2015-05-24 12:27:40 +08:00
```
2017-02-13 03:44:21 +08:00
## Bootstrap trust for signature validation
2017-02-14 17:40:46 +08:00
The plugin properly valides OpenPGP signatures.
All you have to do is to bootstrap the trust once as follows.
2017-02-13 03:44:21 +08:00
2017-02-14 17:40:46 +08:00
You can either import the OpenPGP public keys in your main OpenPGP keyring or use a dedicated keyring (recommended in order to mitigate https://github.com/nodejs/node/issues/9859).
2017-02-13 03:44:21 +08:00
If you decided to do the later, prepare the dedicated keyring and make it temporarily the default one in your current shell:
```Shell
export GNUPGHOME="$HOME/.asdf/keyrings/nodejs" & & mkdir -p "$GNUPGHOME" & & chmod 0700 "$GNUPGHOME"
```
2017-02-21 02:21:05 +08:00
Then import the OpenPGP public keys of the [Release Team ](https://github.com/nodejs/node/#release-team ) as documented on the linked page or run the `import-release-team-keyring` script which is bundled with this plugin.
2017-02-13 03:44:21 +08:00
For more details, refer to [Verifying Node.js Binaries ](https://blog.continuation.io/verifying-node-js-binaries/ ).
2017-02-14 17:40:46 +08:00
Note that only versions greater or equal to 0.10.0 are checked. Before that version, signatures for SHA2-256 hashes might not be provided (and can not be installed with the `strict` setting for that reason).
2017-02-13 03:44:21 +08:00
This behavior can be influenced by the `NODEJS_CHECK_SIGNATURES` variable which supports the following options:
`no` : Do not check signatures/checksums.
`yes` : Check signatures/checksums if they should be present (enforced for >= 0.10.0).
2017-02-13 15:16:28 +08:00
`strict` (default): Check signatures/checksums and don’ t operate on package versions which did not provide signatures/checksums properly (< 0.10.0 ).
2017-02-13 03:44:21 +08:00
2015-05-24 12:27:40 +08:00
## Use
2016-03-16 12:24:18 +08:00
Check [asdf ](https://github.com/asdf-vm/asdf ) readme for instructions on how to install & manage versions of Node.js.
2015-05-24 12:27:40 +08:00
When installing Node.js using `asdf install` , you can pass custom configure options with the following env vars:
* `NODEJS_CONFIGURE_OPTIONS` - use only your configure options
* `NODEJS_EXTRA_CONFIGURE_OPTIONS` - append these configure options along with ones that this plugin already uses