Commit d2ab8972 authored by Jakub Jirutka's avatar Jakub Jirutka

main/nodejs: upgrade to 9.10.0

parent 066b35bd
...@@ -7,8 +7,8 @@ ...@@ -7,8 +7,8 @@
pkgname=nodejs pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream. # Odd-numbered versions are supported only for 9 months by upstream.
pkgver=6.9.5 pkgver=6.10.0
pkgrel=1 pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version" pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="http://nodejs.org/" url="http://nodejs.org/"
arch="all" arch="all"
...@@ -29,9 +29,6 @@ builddir="$srcdir/node-v$pkgver" ...@@ -29,9 +29,6 @@ builddir="$srcdir/node-v$pkgver"
prepare() { prepare() {
default_prepare || return 1 default_prepare || return 1
# Remove bundled CA certificates.
rm -f src/node_root_certs.h
# Remove bundled dependencies that we're not using. # Remove bundled dependencies that we're not using.
rm -rf deps/http_parser deps/openssl deps/uv deps/zlib rm -rf deps/http_parser deps/openssl deps/uv deps/zlib
} }
...@@ -44,6 +41,7 @@ build() { ...@@ -44,6 +41,7 @@ build() {
--shared-libuv \ --shared-libuv \
--shared-openssl \ --shared-openssl \
--shared-http-parser \ --shared-http-parser \
--openssl-use-def-ca-store \
|| return 1 || return 1
# we need run mksnapshot at build time so paxmark it early # we need run mksnapshot at build time so paxmark it early
...@@ -67,7 +65,12 @@ package() { ...@@ -67,7 +65,12 @@ package() {
dev() { dev() {
provides="nodejs-lts-dev=$pkgver" # for backward compatibility provides="nodejs-lts-dev=$pkgver" # for backward compatibility
default_dev
default_dev || return 1
# Remove some junk.
rm -r "$subpkgdir"/usr/lib/node_modules
rmdir -p "$subpkgdir"/usr/lib || :
} }
npm() { npm() {
...@@ -82,12 +85,6 @@ npm() { ...@@ -82,12 +85,6 @@ npm() {
mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/ mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
} }
md5sums="a2a820b797fb69ffb259b479c7f5df32 node-v6.9.5.tar.gz sha512sums="79d3d0854dea1a733175eaa9c5ba0d697d0c57cbcaf2920457eca2d77cc5edadcff8b9eef047156183d05b933582af1b7ef0e64071a9be1c79903af3e7437a92 node-v6.10.0.tar.gz
14ce8e0fb44d5bf75974026900e0d8c2 use-system-ca-certs.patch 316a09f697e244c48d4dcf26ca2bb7e2441fc01ed61ad6b987e24741f93cfcf29f2e6de736ab9e4c014355cd14dd63ae7de1f8c28b5274e3225b1b3412db11d4 use-system-ca-certs.patch
5d99a53ef07e15fe882d449ed995bd91 dont-run-gyp-files-for-bundled-deps.patch"
sha256sums="f7e9ab702c5d1f5a3521199c04cc670fda3cf4b0e48548b09ac7ac874ccb504a node-v6.9.5.tar.gz
fcd2becd2cb9a62537ae11f51f448fd1061aaae17835bb0f2d2aa71bdf9652c0 use-system-ca-certs.patch
c20a62b9dd64591b91a0c1dae649ac04cf7aec402672b349f8daa04f2a08a77b dont-run-gyp-files-for-bundled-deps.patch"
sha512sums="59e544909742d2b3e88b11bbdad6bf713b55e82f32f993b17b7eff83cd1cbac3c10fb2445304245d44ce1c2c219f439acd51f872ecb285535d8ae471bf4c8410 node-v6.9.5.tar.gz
c540878495761f4c38f3cccd61da75fa5619637ba9887b7946964a7cef790178e26678fe0aabe400e32c8f0f65e97a519ceee1534bbf18a1a14bc6e9fe067637 use-system-ca-certs.patch
a8be538158b7c96341a407acba30450ddc5c3ad764e7efe728d1ceff64efc3067b177855b9ef91b54400be6a02600d83da4c21a07ae9d7dc0774f92b2006ea8b dont-run-gyp-files-for-bundled-deps.patch" a8be538158b7c96341a407acba30450ddc5c3ad764e7efe728d1ceff64efc3067b177855b9ef91b54400be6a02600d83da4c21a07ae9d7dc0774f92b2006ea8b dont-run-gyp-files-for-bundled-deps.patch"
From: Jakub Jirutka <jakub@jirutka.cz> From f1a0660b9186c3f4d55d7c07219126e199c787f9 Mon Sep 17 00:00:00 2001
Date: Sat, 26 Nov 2016 01:32:00 +0200 From: Adam Majer <amajer@suse.de>
Subject: Use system-provided CA certificates instead of bundled ones Date: Wed, 21 Dec 2016 11:16:38 +0100
Subject: [PATCH] crypto: Use system CAs instead of using bundled ones
Forwarded: need some feedback before submitting the matter upstream NodeJS can already use an external, shared OpenSSL library. This
Author: Jérémy Lal <kapouer@melix.org> library knows where to look for OS managed certificates. Allow
Last-Update: 2014-03-02 a compile-time option to use this CA store by default instead of
using bundled certificates.
Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the In case when using bundled OpenSSL, the paths are also valid for
correct path for Fedora majority of Linux systems without additional intervention. If
this is not set, we can use SSL_CERT_DIR to point it to correct
location.
Modified 2015-12-01 by Stephen Gallagher <sgallagh@redhat.com> to update for Fixes: https://github.com/nodejs/node/issues/3159
Node.js 4.2 PR-URL: https://github.com/nodejs/node/pull/8334
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Modified 2016-03-04 by Stephen Gallagher <sgallagh@redhat.com> to update for Source: http://pkgs.fedoraproject.org/cgit/rpms/nodejs.git/tree/0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch
Node.js 5.4.1 ---
configure | 7 +++++++
src/node_crypto.cc | 4 ++++
2 files changed, 11 insertions(+)
Modified 2016-07-26 by Haikel Guemar <hguemar@fedoraproject.org> to update for diff --git a/configure b/configure
Node.js 4.4.7 index 821b8771bc8909d8453bc31e3c8d8dc65368c0e4..e64bad9a030693b726e0974f48aefa6e1ad87723 100755
--- a/configure
Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> for Alpine Linux +++ b/configure
@@ -142,10 +142,15 @@ parser.add_option("--openssl-no-asm",
--- a/src/node_crypto.cc parser.add_option('--openssl-fips',
+++ b/src/node_crypto.cc action='store',
@@ -192,8 +192,8 @@ static X509_NAME *cnnic_ev_name = dest='openssl_fips',
help='Build OpenSSL using FIPS canister .o file in supplied folder')
static Mutex* mutexes;
-const char* const root_certs[] = { +parser.add_option('--openssl-use-def-ca-store',
-#include "node_root_certs.h" // NOLINT(build/include_order) + action='store_true',
+const char* root_certs[] = { + dest='use_openssl_ca_store',
+ NULL + help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.')
}; +
shared_optgroup.add_option('--shared-http-parser',
action='store_true',
dest='shared_http_parser',
help='link to a shared http_parser DLL instead of static linking')
X509_STORE* root_cert_store; @@ -937,10 +942,12 @@ def configure_v8(o):
@@ -847,29 +847,17 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
CHECK_EQ(sc->ca_store_, nullptr);
if (!root_cert_store) { def configure_openssl(o):
- root_cert_store = X509_STORE_new(); o['variables']['node_use_openssl'] = b(not options.without_ssl)
- o['variables']['node_shared_openssl'] = b(options.shared_openssl)
- for (size_t i = 0; i < arraysize(root_certs); i++) { o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0
- BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); + if options.use_openssl_ca_store:
- if (bp == nullptr) { + o['defines'] += ['NODE_OPENSSL_CERT_STORE']
- return; if options.openssl_fips:
- } o['variables']['openssl_fips'] = options.openssl_fips
- fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips')
- X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld'))
- if (x509 == nullptr) { o['make_fips_settings'] = [
- BIO_free_all(bp); diff --git a/src/node_crypto.cc b/src/node_crypto.cc
- return; index c5630f30d0bef75ced53b36062bb1f0324dbdb9d..873b37d71b51aa62c8ebd56ea5b182567675e2dd 100644
- } --- a/src/node_crypto.cc
- +++ b/src/node_crypto.cc
- X509_STORE_add_cert(root_cert_store, x509); @@ -803,14 +803,18 @@ static X509_STORE* NewRootCertStore() {
- root_certs_vector->push_back(x509);
- BIO_free_all(bp);
- X509_free(x509);
+ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/ssl/certs/ca-certificates.crt", NULL) == 1) {
+ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
+ } else {
+ // empty store
+ root_cert_store = X509_STORE_new();
} }
+ } else {
+ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
} }
sc->ca_store_ = root_cert_store; X509_STORE* store = X509_STORE_new();
- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); +#if defined(NODE_OPENSSL_CERT_STORE)
+ X509_STORE_set_default_paths(store);
+#else
for (auto& cert : *root_certs_vector) {
X509_up_ref(cert);
X509_STORE_add_cert(store, cert);
}
+#endif
return store;
} }
-- --
2.9.0 2.12.0
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment