nodegit · zawata · Nov 14, 2025 · Nov 11, 2025 · Oct 16, 2025 · Nov 11, 2025
diff --git a/.github/workflows/build-openssl-packages.yml b/.github/workflows/build-openssl-packages.yml
@@ -10,10 +10,10 @@ jobs:
     strategy:
       matrix:
         include:
+          - os: windows-latest
+            arch: arm64
           - os: windows-latest
             arch: x64
-          # - os: windows-latest
-          #   arch: arm64
           - os: macos-15
             arch: arm64
           - os: macos-15-intel
@@ -29,28 +29,19 @@ jobs:
         with:
           node-version: 22
 
-      - name: Install Toolchain
-        if: matrix.os == 'windows-latest' && matrix.arch == 'arm64'
-        uses: msys2/setup-msys2@v2
-        with:
-          update: true
-          install: >
-            mingw-w64-aarch64-toolchain
-            mingw-w64-aarch64-cmake
-            mingw-w64-aarch64-ninja
-
       - name: Install dependencies
         run: npm install
 
       - name: Build OpenSSL packages
         env:
-          TARGET_ARCH: ${{ matrix.arch }}
+          npm_config_arch: ${{ matrix.arch }}
           NODEGIT_OPENSSL_BUILD_PACKAGE: 1
           OPENSSL_MACOS_DEPLOYMENT_TARGET: "11.0"
         run: node utils/acquireOpenSSL.mjs
 
       - name: Push OpenSSL package to S3
         env:
+          npm_config_arch: ${{ matrix.arch }}
           node_pre_gyp_bucket: ${{ secrets.node_pre_gyp_bucket }}
           AWS_ACCESS_KEY_ID: ${{ secrets.node_pre_gyp_accessKeyId }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.node_pre_gyp_secretAccessKey }}

diff --git a/generate/input/descriptor.json b/generate/input/descriptor.json
@@ -1526,6 +1526,11 @@
         }
       }
     },
+    "email": {
+      "cDependencies": [
+        "git2/sys/email.h"
+      ]
+    },
     "email_create_options": {
       "hasConstructor": true
     },

diff --git a/generate/input/libgit2-supplement.json b/generate/input/libgit2-supplement.json
@@ -294,6 +294,54 @@
           "isErrorCode": true
         }
       },
+      "git_email_create_from_diff": {
+        "file": "sys/email.h",
+        "type": "function",
+        "isAsync": true,
+        "group": "email",
+        "args": [
+          {
+            "name": "out",
+            "type": "git_buf *"
+          },
+          {
+            "name": "diff",
+            "type": "git_diff *"
+          },
+          {
+            "name": "patch_idx",
+            "type": "size_t"
+          },
+          {
+            "name": "patch_count",
+            "type": "size_t"
+          },
+          {
+            "name": "commit_id",
+            "type": "const git_oid *"
+          },
+          {
+            "name": "summary",
+            "type": "const char *"
+          },
+          {
+            "name": "body",
+            "type": "const char *"
+          },
+          {
+            "name": "author",
+            "type": "const git_signature *"
+          },
+          {
+            "name": "opts",
+            "type": "git_email_create_options *"
+          }
+        ],
+        "return": {
+          "type": "int",
+          "isErrorCode": true
+        }
+      },
       "git_diff_get_perfdata": {
         "file": "sys/diff.h",
         "args": [
@@ -2619,6 +2667,9 @@
     "blame": [
       "git_blame_file"
     ],
+    "email": [
+      "git_email_create_from_diff"
+    ],
     "note": [
       "git_note_author",
       "git_note_commit_create",

diff --git a/lifecycleScripts/install.js b/lifecycleScripts/install.js
@@ -2,6 +2,8 @@ var buildFlags = require("../utils/buildFlags");
 var spawn = require("child_process").spawn;
 var path = require("path");
 
+const nodePreGypModulePath = require.resolve("@mapbox/node-pre-gyp");
+
 module.exports = function install() {
   console.log("[nodegit] Running install script");
 
@@ -30,7 +32,10 @@ module.exports = function install() {
 
   return new Promise(function(resolve, reject) {
     const gypPath = path.join(__dirname, "..", "node_modules", "node-gyp", "bin", "node-gyp.js");
-    var spawnedNodePreGyp = spawn(nodePreGyp, args, {
+
+    const nodePreGypPath = path.resolve(path.dirname(nodePreGypModulePath), path.join("..", "bin", nodePreGyp));
+    console.log("node-pre-gyp path", nodePreGypPath);
+    var spawnedNodePreGyp = spawn(nodePreGypPath, args, {
       env: {
         ...process.env,
         npm_config_node_gyp: gypPath

diff --git a/utils/acquireOpenSSL.mjs b/utils/acquireOpenSSL.mjs
@@ -1,4 +1,5 @@
 import crypto from "crypto";
+import { spawn } from "child_process";
 import execPromise from "./execPromise.js";
 import got from "got";
 import path from "path";
@@ -19,6 +20,28 @@ const vendorPath = path.resolve(import.meta.dirname, "..", "vendor");
 const opensslPatchPath = path.join(vendorPath, "patches", "openssl");
 const extractPath = path.join(vendorPath, "openssl");
 
+const exists = (filePath) => fs.stat(filePath).then(() => true).catch(() => false);
+
+const convertArch = (archStr) => {
+  const convertedArch = {
+    'ia32': 'x86',
+    'x86': 'x86',
+    'x64': 'x64',
+    'arm64': 'arm64'
+  }[archStr];
+
+  if (!convertedArch) {
+    throw new Error('unsupported architecture');
+  }
+
+  return convertedArch;
+}
+
+const hostArch = convertArch(process.arch);
+const targetArch = process.env.npm_config_arch
+  ? convertArch(process.env.npm_config_arch)
+  : hostArch;
+
 const pathsToIncludeForPackage = [
   "include", "lib"
 ];
@@ -82,8 +105,10 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
     throw new Error("Expected macOsDeploymentTarget to be specified");
   }
 
+  const buildConfig = targetArch === "x64" ? "darwin64-x86_64-cc" : "darwin64-arm64-cc";
+
   const configureArgs = [
-    process.arch === "x64" ? "darwin64-x86_64-cc" : "darwin64-arm64-cc",
+    buildConfig,
     // speed up ecdh on little-endian platforms with 128bit int support
     "enable-ec_nistp_64_gcc_128",
     // compile static libraries
@@ -107,7 +132,7 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
 
   await applyOpenSSLPatches(buildCwd, "darwin");
 
-  // only build the libraries, not the tests/fuzzer or apps
+  // only build the libraries, not the fuzzer or apps
   await execPromise("make build_libs", {
     cwd: buildCwd
   }, { pipeOutput: true });
@@ -123,8 +148,10 @@ const buildDarwin = async (buildCwd, macOsDeploymentTarget) => {
 };
 
 const buildLinux = async (buildCwd) => {
+  const buildConfig = targetArch === "x64" ? "linux-x86_64" : "linux-aarch64";
+
   const configureArgs = [
-    "linux-x86_64",
+    buildConfig,
     // Electron(at least on centos7) imports the libcups library at runtime, which has a
     // dependency on the system libssl/libcrypto which causes symbol conflicts and segfaults.
     // To fix this we need to hide all the openssl symbols to prevent them from being overridden
@@ -146,7 +173,7 @@ const buildLinux = async (buildCwd) => {
 
   await applyOpenSSLPatches(buildCwd, "linux");
 
-  // only build the libraries, not the tests/fuzzer or apps
+  // only build the libraries, not the fuzzer or apps
   await execPromise("make build_libs", {
     cwd: buildCwd
   }, { pipeOutput: true });
@@ -162,13 +189,7 @@ const buildLinux = async (buildCwd) => {
   }, { pipeOutput: true });
 };
 
-const buildWin32 = async (buildCwd, vsBuildArch) => {
-  if (!vsBuildArch) {
-    throw new Error("Expected vsBuildArch to be specified");
-  }
-
-  const exists = (filePath) => fs.stat(filePath).then(() => true).catch(() => false);
-
+const buildWin32 = async (buildCwd) => {
   let vcvarsallPath = undefined;
 
   if (process.env.npm_config_vcvarsall_path && await exists(process.env.npm_config_vcvarsall_path)) {
@@ -219,29 +240,57 @@ const buildWin32 = async (buildCwd, vsBuildArch) => {
     }
   }
 
-  console.log('using', vcvarsallPath);
-
   let vcTarget;
-  switch (vsBuildArch) {
-    case "x64": {
+  switch (targetArch) {
+    case "x64":
       vcTarget = "VC-WIN64A";
       break;
-    }
 
-    case "x86": {
+    case "x86":
       vcTarget = "VC-WIN32";
       break;
-    }
-
-    default: {
-      throw new Error(`Unknown vsBuildArch: ${vsBuildArch}`);
-    }
+
+    case "arm64":
+      vcTarget = "VC-WIN64-ARM";
+      break;
   }
 
-  await execPromise(`"${win32BatPath}" "${vcvarsallPath}" ${vsBuildArch} ${vcTarget}`, {
-    cwd: buildCwd,
-    maxBuffer: 10 * 1024 * 1024 // we should really just use spawn
-  }, { pipeOutput: true });
+  let vsBuildArch = hostArch === targetArch
+    ? hostArch
+    : `${hostArch}_${targetArch}`;
+
+  console.log("Using vcvarsall.bat at: ", vcvarsallPath);
+  console.log("Using vsBuildArch: ", vsBuildArch);
+  console.log("Using vcTarget: ", vcTarget);
+
+  await new Promise((resolve, reject) => {
+    const buildProcess = spawn(`"${win32BatPath}" "${vcvarsallPath}" ${vsBuildArch} ${vcTarget}`, {
+      cwd: buildCwd,
+      shell: process.platform === "win32",
+      env: {
+        ...process.env,
+        NODEGIT_SKIP_TESTS: targetArch !== hostArch ? "1" : undefined
+      }
+    });
+
+    buildProcess.stdout.on("data", function(data) {
+      console.info(data.toString().trim());
+    });
+
+    buildProcess.stderr.on("data", function(data) {
+      console.error(data.toString().trim());
+    });
+
+    buildProcess.on("close", function(code) {
+      if (!code) {
+        resolve();
+      } else {
+        reject(code);
+      }
+    });
+  });
+
+
 };
 
 const removeOpenSSLIfOudated = async (openSSLVersion) => {
@@ -285,8 +334,7 @@ const makeOnStreamDownloadProgress = () => {
 
 const buildOpenSSLIfNecessary = async ({
   macOsDeploymentTarget,
-  openSSLVersion,
-  vsBuildArch
+  openSSLVersion
 }) => {
   if (process.platform !== "darwin" && process.platform !== "win32" && process.platform !== "linux") {
     console.log(`Skipping OpenSSL build, not required on ${process.platform}`);
@@ -330,7 +378,7 @@ const buildOpenSSLIfNecessary = async ({
   } else if (process.platform === "linux") {
     await buildLinux(buildCwd);
   } else if (process.platform === "win32") {
-    await buildWin32(buildCwd, vsBuildArch);
+    await buildWin32(buildCwd);
   } else {
     throw new Error(`Unknown platform: ${process.platform}`);
   }
@@ -383,14 +431,7 @@ const downloadOpenSSLIfNecessary = async ({
 }
 
 export const getOpenSSLPackageName = () => {
-  let arch = process.arch;
-  if (process.platform === "win32" && (
-    process.arch === "ia32" || process.env.NODEGIT_VS_BUILD_ARCH === "x86"
-  )) {
-    arch = "x86";
-  }
-
-  return `openssl-${OPENSSL_VERSION}-${process.platform}-${arch}.tar.gz`;
+  return `openssl-${OPENSSL_VERSION}-${process.platform}-${targetArch}.tar.gz`;
 }
 
 export const getOpenSSLPackagePath = () => path.join(import.meta.dirname, getOpenSSLPackageName());
@@ -450,18 +491,9 @@ const acquireOpenSSL = async () => {
       }
     }
 
-    let vsBuildArch;
-    if (process.platform === "win32") {
-      vsBuildArch = process.env.NODEGIT_VS_BUILD_ARCH || (process.arch === "x64" ? "x64" : "x86");
-      if (!["x64", "x86"].includes(vsBuildArch)) {
-        throw new Error(`Invalid vsBuildArch: ${vsBuildArch}`);
-      }
-    }
-
     await buildOpenSSLIfNecessary({
       openSSLVersion: OPENSSL_VERSION,
-      macOsDeploymentTarget,
-      vsBuildArch
+      macOsDeploymentTarget
     });
     if (process.env.NODEGIT_OPENSSL_BUILD_PACKAGE) {
       await buildPackage();

diff --git a/utils/build-openssl.bat b/utils/build-openssl.bat
@@ -1,9 +1,18 @@
+rem Build OpenSSL for Windows
+rem %1 - path to vcvarsall.bat
+rem %2 - architecture argument for vcvarsall.bat
+rem %3 - OpenSSL Configure target
+
 @call %1 %2
 
 perl .\Configure %3 no-shared no-ssl2 no-ssl3 no-comp --prefix="%cd%\.." --openssldir="%cd%\.." || goto :error
 
 nmake || goto :error
-nmake test || goto :error
+
+if "%NODEGIT_SKIP_TESTS%" NEQ "1" (
+  nmake test || goto :error
+)
+
 nmake install || goto :error
 
 goto :EOF

diff --git a/utils/uploadOpenSSL.mjs b/utils/uploadOpenSSL.mjs
@@ -19,7 +19,9 @@ export const uploadOpenSSL = async () => {
   const packageName = path.basename(getOpenSSLPackageName());
   const packagePath = getOpenSSLPackagePath();
   console.log(`Uploading ${packagePath} to s3://${pkgJson.binary.bucket_name}/${packageName}`);
-  return uploadBinaryToS3(packageName, pkgJson.binary.bucket_name, packagePath);
+  await uploadBinaryToS3(packageName, pkgJson.binary.bucket_name, packagePath);
+  const sha256PackageName = `${packageName}.sha256`;
+  await uploadBinaryToS3(sha256PackageName, pkgJson.binary.bucket_name, `${packagePath}.sha256`);
 };
 
 if (process.argv[1] === import.meta.filename) {