main/nodejs-lts: rename to nodejs

Odd-numbered versions are supported by upstream only for 9 months.
Packages in Alpine stable are supported for 2 years, so we should
keep only LTS version of Node.js in stable.

Therefore the former nodejs package has been renamed to nodejs-current
and moved to the community repository, and this one becomes the main
nodejs package.

See https://github.com/nodejs/LTS#lts-schedule
Related to 308944d90df71c773c958a1c5ff4ebdb240526a3

3 files changed, 171 insertions, 0 deletions

diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD
new file mode 100644
index 0000000000..d80625499b
--- /dev/null
+++ b/main/nodejs/APKBUILD
@@ -0,0 +1,78 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Eivind Uggedal <eivind@uggedal.com>
+pkgname=nodejs
+# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
+# Odd-numbered versions are supported only for 9 months by upstream.
+pkgver=6.9.1
+pkgrel=0
+pkgdesc="JavaScript runtime built on V8 engine - LTS version"
+url="http://nodejs.org/"
+arch="all"
+license="MIT"
+depends_dev="libuv"
+# gold is needed for mksnapshot
+makedepends="$depends_dev python2 openssl-dev zlib-dev libuv-dev linux-headers
+	paxmark binutils-gold http-parser-dev ca-certificates"
+subpackages="$pkgname-dev $pkgname-doc"
+provides="nodejs-lts=$pkgver"  # for backward compatibility
+replaces="nodejs-current nodejs-lts"  # nodejs-lts for backward compatibility
+source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
+	use-system-ca-certs.patch
+	dont-run-gyp-files-for-bundled-deps.patch"
+builddir="$srcdir/node-v$pkgver"
+
+prepare() {
+	default_prepare || return 1
+
+	# Remove bundled CA certificates.
+	rm -f src/node_root_certs.h
+
+	# Remove bundled dependencies that we're not using.
+	rm -rf deps/http_parser deps/openssl deps/uv deps/zlib
+}
+
+build() {
+	cd "$builddir"
+
+	./configure --prefix=/usr \
+		--shared-zlib \
+		--shared-libuv \
+		--shared-openssl \
+		--shared-http-parser \
+		|| return 1
+
+	# we need run mksnapshot at build time so paxmark it early
+	make -C out mksnapshot BUILDTYPE=Release \
+		&& paxmark -m out/Release/mksnapshot \
+		&& make || return 1
+}
+
+package() {
+	cd "$builddir"
+
+	make DESTDIR="$pkgdir" install || return 1
+	# paxmark so JIT works
+	paxmark -m "$pkgdir"/usr/bin/node || return 1
+
+	cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share || return 1
+	local d; for d in doc html man; do
+		rm -r "$pkgdir"/usr/lib/node_modules/npm/$d || return 1
+	done
+}
+
+dev() {
+	provides="nodejs-lts-dev=$pkgver"  # for backward compatibility
+	default_dev
+}
+
+md5sums="0d3117846c6704b36108fcdbf30e03c1  node-v6.9.1.tar.gz
+14ce8e0fb44d5bf75974026900e0d8c2  use-system-ca-certs.patch
+5d99a53ef07e15fe882d449ed995bd91  dont-run-gyp-files-for-bundled-deps.patch"
+sha256sums="a98997ca3a4d10751f0ebe97839b2308a31ae884b4203cda0c99cf36bc7fe3bf  node-v6.9.1.tar.gz
+fcd2becd2cb9a62537ae11f51f448fd1061aaae17835bb0f2d2aa71bdf9652c0  use-system-ca-certs.patch
+c20a62b9dd64591b91a0c1dae649ac04cf7aec402672b349f8daa04f2a08a77b  dont-run-gyp-files-for-bundled-deps.patch"
+sha512sums="71a6e081006c8b77f34b5cc26b76c56944b4de77d7ed5e6068c72dbaf49fc18ed2894231f6a5cd0308c40e95c2e1eb5ee2abd1470fd646bb8db3b230913c5014  node-v6.9.1.tar.gz
+c540878495761f4c38f3cccd61da75fa5619637ba9887b7946964a7cef790178e26678fe0aabe400e32c8f0f65e97a519ceee1534bbf18a1a14bc6e9fe067637  use-system-ca-certs.patch
+a8be538158b7c96341a407acba30450ddc5c3ad764e7efe728d1ceff64efc3067b177855b9ef91b54400be6a02600d83da4c21a07ae9d7dc0774f92b2006ea8b  dont-run-gyp-files-for-bundled-deps.patch"
diff --git a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
new file mode 100644
index 0000000000..d65b456aaf
--- /dev/null
+++ b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch
@@ -0,0 +1,18 @@
+From: Stephen Gallagher <sgallagh@redhat.com>
+Date: Tue, 1 Dec 2015 16:35:29 -0500
+Subject: Disable running gyp files for bundled deps
+
+--- a/Makefile
++++ b/Makefile
+@@ -70,7 +70,7 @@ $(NODE_G_EXE): config.gypi out/Makefile
+ 	$(MAKE) -C out BUILDTYPE=Debug V=$(V)
+ 	ln -fs out/Debug/$(NODE_EXE) $@
+ 
+-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi
++out/Makefile: common.gypi deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi
+ 	$(PYTHON) tools/gyp_node.py -f make
+ 
+ config.gypi: configure
+-- 
+2.9.0
+
diff --git a/main/nodejs/use-system-ca-certs.patch b/main/nodejs/use-system-ca-certs.patch
new file mode 100644
index 0000000000..014b1cedf1
--- /dev/null
+++ b/main/nodejs/use-system-ca-certs.patch
@@ -0,0 +1,75 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sat, 26 Nov 2016 01:32:00 +0200
+Subject: Use system-provided CA certificates instead of bundled ones
+
+Forwarded: need some feedback before submitting the matter upstream
+Author: Jérémy Lal <kapouer@melix.org>
+Last-Update: 2014-03-02
+
+Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the
+correct path for Fedora
+
+Modified 2015-12-01 by Stephen Gallagher <sgallagh@redhat.com> to update for
+Node.js 4.2
+
+Modified 2016-03-04 by Stephen Gallagher <sgallagh@redhat.com> to update for
+Node.js 5.4.1
+
+Modified 2016-07-26 by Haikel Guemar <hguemar@fedoraproject.org> to update for
+Node.js 4.4.7
+
+Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> for Alpine Linux
+
+--- a/src/node_crypto.cc
++++ b/src/node_crypto.cc
+@@ -192,8 +192,8 @@ static X509_NAME *cnnic_ev_name =
+ 
+ static Mutex* mutexes;
+ 
+-const char* const root_certs[] = {
+-#include "node_root_certs.h"  // NOLINT(build/include_order)
++const char* root_certs[] = {
++  NULL
+ };
+ 
+ X509_STORE* root_cert_store;
+@@ -847,29 +847,17 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) {
+   CHECK_EQ(sc->ca_store_, nullptr);
+ 
+   if (!root_cert_store) {
+-    root_cert_store = X509_STORE_new();
+-
+-    for (size_t i = 0; i < arraysize(root_certs); i++) {
+-      BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
+-      if (bp == nullptr) {
+-        return;
+-      }
+-
+-      X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr);
+-      if (x509 == nullptr) {
+-        BIO_free_all(bp);
+-        return;
+-      }
+-
+-      X509_STORE_add_cert(root_cert_store, x509);
+-
+-      BIO_free_all(bp);
+-      X509_free(x509);
++    if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/ssl/certs/ca-certificates.crt", NULL) == 1) {
++      root_cert_store = SSL_CTX_get_cert_store(sc->ctx_);
++    } else {
++      // empty store
++      root_cert_store = X509_STORE_new();
+     }
++  } else {
++    SSL_CTX_set_cert_store(sc->ctx_, root_cert_store);
+   }
+ 
+   sc->ca_store_ = root_cert_store;
+-  SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_);
+ }
+ 
+ 
+-- 
+2.9.0
+