diff options
-rw-r--r-- | community/nodejs-current/APKBUILD | 18 | ||||
-rw-r--r-- | community/nodejs-current/use-system-ca-certs.patch | 63 |
2 files changed, 6 insertions, 75 deletions
diff --git a/community/nodejs-current/APKBUILD b/community/nodejs-current/APKBUILD index 1f46f7dd1f..c93f534849 100644 --- a/community/nodejs-current/APKBUILD +++ b/community/nodejs-current/APKBUILD @@ -2,8 +2,8 @@ # Maintainer: Jose-Luis Rivas <ghostbar@riseup.net> pkgname=nodejs-current # The current stable version, i.e. non-LTS. -pkgver=7.2.1 -pkgrel=2 +pkgver=7.5.0 +pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine - current stable version" url="http://nodejs.org/" arch="all" @@ -17,16 +17,12 @@ subpackages="$pkgname-dev $pkgname-doc" provides="nodejs" replaces="nodejs nodejs-lts" # nodejs-lts for backward compatibility source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz - use-system-ca-certs.patch dont-run-gyp-files-for-bundled-deps.patch" builddir="$srcdir/node-v$pkgver" prepare() { default_prepare || return 1 - # Remove bundled CA certificates. - rm -f src/node_root_certs.h - # Remove bundled dependencies that we're not using. rm -rf deps/http_parser deps/openssl deps/uv deps/zlib } @@ -39,6 +35,7 @@ build() { --shared-libuv \ --shared-openssl \ --shared-http-parser \ + --openssl-use-def-ca-store \ || return 1 # we need run mksnapshot at build time so paxmark it early @@ -60,12 +57,9 @@ package() { done } -md5sums="20167fa2b3ef3e17430af4fae9a26427 node-v7.2.1.tar.gz -a785f2e6018cdace456b0ab518474453 use-system-ca-certs.patch +md5sums="8b648e7f83ec6f1aa52b3e3b87999761 node-v7.5.0.tar.gz 5b1b27a33063602990f5495d3b01b587 dont-run-gyp-files-for-bundled-deps.patch" -sha256sums="fd08b8ba43b0596a7160b09a37113ac03b4b0976ec7e48980b7b8c078aa51b02 node-v7.2.1.tar.gz -e0384006b04fef35c2c5e65d0cde6aae7efbc314d38c3c9ade0ae599f2b77bc2 use-system-ca-certs.patch +sha256sums="0da8e0288b5c0f136e650b7119219968720caf88b5a67ef0591555113f0844c2 node-v7.5.0.tar.gz 6886ee83f76eb68dc948da844e548f060caf360ca039bb2c1ee7ea0cd2d8dbf3 dont-run-gyp-files-for-bundled-deps.patch" -sha512sums="501f23cbe42bcb5eef785113d05b35e4507fb7e5b9ae474eeef2d9dd12270f08653493b5bc28306f2b3e0db54a3703ba6c3606de66ac8eeb0212670fe192b978 node-v7.2.1.tar.gz -877669ed466606bc6afd67083d82b365a969b6626f4248a7f41249958a96e7bb6a6c656715c7b80e763bb53c6cf5789e604e15e05ff74f58e5441acc560350af use-system-ca-certs.patch +sha512sums="e5f1b37c5d313ca6cc91cb46f49443855d44718599543894f34aad6b921b9fbbc91b8bde720a2e6526d0cdb68ce77f74e1d770dec2b582ad964cd9d1d3c5bfbd node-v7.5.0.tar.gz ba95f21b1e80717ef63941854e7ed412f64a91da068c0dbf0d6d9697333ee266c9f4cd7bf1a01111eeb28aa66adefd8a58cfb3e82debb84b43e35e9dc914dd36 dont-run-gyp-files-for-bundled-deps.patch" diff --git a/community/nodejs-current/use-system-ca-certs.patch b/community/nodejs-current/use-system-ca-certs.patch deleted file mode 100644 index 6e46c74b40..0000000000 --- a/community/nodejs-current/use-system-ca-certs.patch +++ /dev/null @@ -1,63 +0,0 @@ -From: Jakub Jirutka <jakub@jirutka.cz> -Date: Sat, 26 Nov 2016 21:18:00 +0200 -Subject: Use system-provided CA certificates instead of bundled ones - ---- a/src/node_crypto.cc -+++ b/src/node_crypto.cc -@@ -116,8 +116,8 @@ - - static Mutex* mutexes; - --const char* const root_certs[] = { --#include "node_root_certs.h" // NOLINT(build/include_order) -+const char* root_certs[] = { -+ NULL - }; - - X509_STORE* root_cert_store; -@@ -688,25 +688,33 @@ - - - static X509_STORE* NewRootCertStore() { -+ X509_STORE* store = X509_STORE_new(); -+ - if (!root_certs_vector) { - root_certs_vector = new std::vector<X509*>; - -- for (size_t i = 0; i < arraysize(root_certs); i++) { -- BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); -- X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); -- BIO_free(bp); -- -- if (x509 == nullptr) { -- // Parse errors from the built-in roots are fatal. -- ABORT(); -- return nullptr; -- } -+ BIO* bio = BIO_new(BIO_s_file()); -+ if (bio == nullptr) { -+ abort(); -+ return nullptr; -+ } -+ -+ if (BIO_read_filename(bio, "/etc/ssl/certs/ca-certificates.crt") == 1) { -+ STACK_OF(X509_INFO)* certs = PEM_X509_INFO_read_bio(bio, nullptr, nullptr, nullptr); - -- root_certs_vector->push_back(x509); -+ for (int i = 0; i < sk_X509_INFO_num(certs); i++) { -+ X509* cert = sk_X509_INFO_value(certs, i)->x509; -+ -+ if (cert) { -+ X509_up_ref(cert); -+ root_certs_vector->push_back(cert); -+ } -+ } -+ sk_X509_INFO_pop_free(certs, X509_INFO_free); - } -+ BIO_free_all(bio); - } - -- X509_STORE* store = X509_STORE_new(); - for (auto& cert : *root_certs_vector) { - X509_up_ref(cert); - X509_STORE_add_cert(store, cert); |