From e5762aa4899cff0e186e017c8fc8b5b75625fb3e Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Thu, 7 Sep 2023 11:05:00 -0400 Subject: [PATCH] nodejs10 --- user/nodejs/APKBUILD | 160 +++++++----------- .../dont-run-gyp-files-for-bundled-deps.patch | 21 +++ .../link-with-libatomic-on-mips32.patch | 22 +-- 3 files changed, 82 insertions(+), 121 deletions(-) create mode 100644 user/nodejs/dont-run-gyp-files-for-bundled-deps.patch diff --git a/user/nodejs/APKBUILD b/user/nodejs/APKBUILD index 4e62b79..e5c439a 100644 --- a/user/nodejs/APKBUILD +++ b/user/nodejs/APKBUILD @@ -6,56 +6,9 @@ # Maintainer: Jakub Jirutka # # secfixes: -# 14.21.3-r0: -# - CVE-2023-23918 -# - CVE-2023-23920 -# 14.20.1-r0: -# - CVE-2022-32213 -# - CVE-2022-32214 -# - CVE-2022-32215 -# - CVE-2022-35256 -# 14.19.0-r0: -# - CVE-2022-21824 -# - CVE-2021-44533 -# - CVE-2021-44532 -# - CVE-2021-44531 -# 14.18.1-r0: -# - CVE-2021-22959 -# - CVE-2021-22960 -# 14.17.6-r0: -# - CVE-2021-37701 -# - CVE-2021-37712 -# - CVE-2021-37713 -# - CVE-2021-39134 -# - CVE-2021-39135 -# 14.17.5-r0: -# - CVE-2021-3672 -# - CVE-2021-22931 -# - CVE-2021-22939 -# 14.17.4-r0: -# - CVE-2021-22930 -# 14.17.3-r0: -# - CVE-2021-22918 -# 14.16.1-r0: +# 10.24.1-r0: # - CVE-2020-7774 -# 14.16.0-r0: -# - CVE-2021-22883 -# - CVE-2021-22884 -# 14.15.5-r0: -# - CVE-2021-21148 -# 14.15.4-r0: -# - CVE-2020-8265 -# - CVE-2020-8287 -# 14.15.1-r0: -# - CVE-2020-8277 -# 12.18.4-r0: -# - CVE-2020-8201 -# - CVE-2020-8252 -# 12.18.0-r0: -# - CVE-2020-8172 -# - CVE-2020-11080 -# - CVE-2020-8174 -# 12.15.0-r0: +# 10.19.0-r0: # - CVE-2019-15606 # - CVE-2019-15605 # - CVE-2019-15604 @@ -93,39 +46,26 @@ # - CVE-2017-14919 # 6.11.1-r0: # - CVE-2017-1000381 -# 0: -# - CVE-2022-32212 -# - CVE-2022-32223 # pkgname=nodejs # Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! # Odd-numbered versions are supported only for 9 months by upstream. -pkgver=14.21.3 +pkgver=10.24.1 pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine - LTS version" url="https://nodejs.org/" -arch="all !mips64 !mips64el !riscv64" +arch="all !mips64 !mips64el" license="MIT" -depends="ca-certificates nghttp2-libs>=1.41" -makedepends=" - brotli-dev - c-ares-dev - icu-dev - linux-headers - nghttp2-dev - openssl-dev - python3 - zlib-dev - " -install="$pkgname.post-upgrade" -subpackages="$pkgname-dev $pkgname-doc" -provider_priority=100 # highest priority (other provider is nodejs-current) +depends="ca-certificates" +# gold is needed for mksnapshot +makedepends="$depends_dev python2 openssl-dev zlib-dev libuv-dev linux-headers + paxmark binutils-gold http-parser-dev ca-certificates c-ares-dev" +subpackages="$pkgname-dev $pkgname-doc npm::noarch" provides="nodejs-lts=$pkgver" # for backward compatibility replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz - disable-running-gyp-on-shared-deps.patch + dont-run-gyp-files-for-bundled-deps.patch link-with-libatomic-on-mips32.patch - fix-build-with-system-c-ares.patch " builddir="$srcdir/node-v$pkgver" @@ -133,20 +73,11 @@ prepare() { default_prepare # Remove bundled dependencies that we're not using. - rm -rf deps/brotli deps/cares deps/openssl deps/zlib + rm -rf deps/http_parser deps/openssl deps/zlib } build() { - # Add defines recommended in libuv readme. - local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" - - # Compiling with O2 instead of Os increases binary size by ~10% - # (53.1 MiB -> 58.6 MiB), but also increases performance by ~20% - # according to v8/web-tooling-benchmark. Node.js is quite huge anyway; - # there are better options for size constrained environments. - export CFLAGS="${CFLAGS/-Os/-O2} $common_flags" - export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags" - export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags" + cd "$builddir" case "$CARCH" in mips*) _carchflags="--with-mips-arch-variant=r1 --with-mips-float-abi=soft";; @@ -156,27 +87,21 @@ build() { # compatibility and it has happened several times in past that we # couldn't upgrade nodejs package in stable branches to fix CVEs due to # libuv incompatibility. - # - # NOTE: We don't package the bundled npm - it's a separate project with - # its own release cycle and version numbering, so it's better to keep - # it in a standalone aport. - # - # TODO: After icu package is modified to split data into multiple - # variants, change --with-intl to "system-icu". - python3 configure.py --prefix=/usr \ + ./configure --prefix=/usr \ $_carchflags \ - --shared-brotli \ --shared-zlib \ --shared-openssl \ + --shared-http-parser \ --shared-cares \ - --shared-nghttp2 \ - --openssl-use-def-ca-store \ - --with-icu-default-data-dir=$(icu-config --icudatadir) \ - --with-intl=small-icu \ - --without-corepack \ - --without-npm + --openssl-use-def-ca-store - make BUILDTYPE=Release + # We need run mksnapshot at build time so paxmark it early. + make -C out mksnapshot BUILDTYPE=Release + paxmark -m out/Release/mksnapshot + make + + # paxmark so JIT works + paxmark -m out/Release/node } # TODO Run provided test suite. @@ -188,7 +113,25 @@ check() { } package() { + cd "$builddir" + make DESTDIR="$pkgdir" install + + # It's strange, but it really needs to be paxmarked again... + paxmark -m "$pkgdir"/usr/bin/node + + cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share + local d; for d in docs man; do + rm -r "$pkgdir"/usr/lib/node_modules/npm/$d + done + + # XXX: Workaround for https://github.com/npm/cli/issues/780. + (cd "$pkgdir"/usr/share/man/man5 && find * \ + -type f ! \( -name 'package-json.*' -or -name 'npmrc.*' -or -name 'npm-*' \) \ + -exec mv {} npm-{} \;) + (cd "$pkgdir"/usr/share/man/man7 && find * \ + -type f ! \( -name 'semver.*' -or -name 'npm-*' \) \ + -exec mv {} npm-{} \;) } dev() { @@ -196,9 +139,20 @@ dev() { default_dev } -sha512sums=" -36e91d15f8e3687deb74f05e4e635c824410b586ebe9b7a410006d1e864093a45d0d350fa9b8536ff9d48d81907ac5f551c17a010707f9776a2f53d5711be0cb node-v14.21.3.tar.gz -8033162669e01a1cd6d5103e5b86c3a6cc49d9a40c1715538be08a181d2c30eb588b251ef7520e73bf6ca8fccb90d81d139ba933927a0869f02546489e3df281 disable-running-gyp-on-shared-deps.patch -44e81fbf254bd79e38b813f7f5a1336df854588939cba50aaec600660495f9b7745a7049a99eb59d15a51100b3a44f66892a902d7fc32e1399b51883ad4c02cf link-with-libatomic-on-mips32.patch -30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f fix-build-with-system-c-ares.patch -" +npm() { + pkgdesc="A package manager for JavaScript" + depends="$pkgname" + # for backward compatibility + provides="nodejs-npm=$pkgver-r$pkgrel nodejs-current-npm=$pkgver-r$pkgrel" + replaces="nodejs-npm nodejs-current-npm $pkgname" + + mkdir -p "$subpkgdir"/usr/bin + mv "$pkgdir"/usr/bin/np[mx] "$subpkgdir"/usr/bin/ + + mkdir -p "$subpkgdir"/usr/lib/node_modules + mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/ +} + +sha512sums="1ce82fd404a434e48ebd16dc83792a4b3cff18433c1cce53b09b85dda2fbf1abf372574e3ab113e99c884012caadc13b246698ce071aaa329577bc08cdc2be46 node-v10.24.1.tar.gz +c27cb338eea8c817042d58b8fbadc234fb586f490020677f28f900ade31d2f4dd7bcdd4e52fddf209d9221b7e1fa57f629bd38787456995413cee79311f9571f dont-run-gyp-files-for-bundled-deps.patch +4fd3f10bd82d1e851ed000169c2635c001a4a051283edf96f1efb2260e2d395199dd5843f79f1cff8f2c0c65462c44241c508ea67835dfbd9880d9196fae290a link-with-libatomic-on-mips32.patch" diff --git a/user/nodejs/dont-run-gyp-files-for-bundled-deps.patch b/user/nodejs/dont-run-gyp-files-for-bundled-deps.patch new file mode 100644 index 0000000..2c2ebe2 --- /dev/null +++ b/user/nodejs/dont-run-gyp-files-for-bundled-deps.patch @@ -0,0 +1,21 @@ +From: Jakub Jirutka +Date: Sat, 26 Nov 2016 01:32:00 +0200 +Subject: Disable running gyp files for bundled deps + +Author: Stephen Gallagher + +Modified 2016-11-26 by Jakub Jirutka to update for +Node.js 7.2.0 + +--- a/Makefile ++++ b/Makefile +@@ -123,8 +123,7 @@ + test-code-cache: with-code-cache + $(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache + +-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \ +- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \ ++out/Makefile: common.gypi deps/uv/uv.gyp deps/v8/gypfiles/toolchain.gypi \ + deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \ + config.gypi + $(PYTHON) tools/gyp_node.py -f make diff --git a/user/nodejs/link-with-libatomic-on-mips32.patch b/user/nodejs/link-with-libatomic-on-mips32.patch index ed20033..c4988a0 100644 --- a/user/nodejs/link-with-libatomic-on-mips32.patch +++ b/user/nodejs/link-with-libatomic-on-mips32.patch @@ -1,20 +1,6 @@ ---- a/tools/v8_gypfiles/v8.gyp -+++ b/tools/v8_gypfiles/v8.gyp -@@ -1266,6 +1266,11 @@ - ['want_separate_host_toolset', { - 'toolsets': ['host', 'target'], - }], -+ [ 'host_arch=="mips" or host_arch=="mipsel"', { -+ 'link_settings': { -+ 'libraries': [ '-latomic' ], -+ }, -+ }], - ['component=="shared_library"', { - 'direct_dependent_settings': { - 'defines': ['USING_V8_PLATFORM_SHARED'], --- a/node.gyp +++ b/node.gyp -@@ -381,6 +381,11 @@ +@@ -478,6 +478,11 @@ 'msvs_disabled_warnings!': [4244], 'conditions': [ @@ -23,6 +9,6 @@ + 'libraries': [ '-latomic' ], + }, + }], - [ 'error_on_warn=="true"', { - 'cflags': ['-Werror'], - 'xcode_settings': { + [ 'node_code_cache_path!=""', { + 'sources': [ '<(node_code_cache_path)' ] + }, {