diff options
-rw-r--r-- | main/nodejs/APKBUILD | 23 | ||||
-rw-r--r-- | main/nodejs/dont-run-gyp-files-for-bundled-deps.patch | 23 | ||||
-rw-r--r-- | main/nodejs/use-system-ca-certs.patch | 90 |
3 files changed, 64 insertions, 72 deletions
diff --git a/main/nodejs/APKBUILD b/main/nodejs/APKBUILD index efa15e52c7..292efebbcb 100644 --- a/main/nodejs/APKBUILD +++ b/main/nodejs/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Jakub Jirutka <jakub@jirutka.cz> # Maintainer: Jose-Luis Rivas <ghostbar@riseup.net> pkgname=nodejs -pkgver=6.7.0 -pkgrel=1 +pkgver=7.2.0 +pkgrel=0 pkgdesc="JavaScript runtime built on V8 engine" url="http://nodejs.org/" arch="all" @@ -56,12 +57,12 @@ package() { done } -md5sums="a42b7ab2bcf5f8d94a432163d90f3026 node-v6.7.0.tar.gz -14ce8e0fb44d5bf75974026900e0d8c2 use-system-ca-certs.patch -5d99a53ef07e15fe882d449ed995bd91 dont-run-gyp-files-for-bundled-deps.patch" -sha256sums="02b8ee1719a11b9ab22bef9279519efaaf31dd0d39cba4c3a1176ccda400b8d6 node-v6.7.0.tar.gz -fcd2becd2cb9a62537ae11f51f448fd1061aaae17835bb0f2d2aa71bdf9652c0 use-system-ca-certs.patch -c20a62b9dd64591b91a0c1dae649ac04cf7aec402672b349f8daa04f2a08a77b dont-run-gyp-files-for-bundled-deps.patch" -sha512sums="3cd095adc0866b780519006098b434e3b126f67a453e44863c773829de4ce29f573d13efa1c50af001009bdb433728309ef7109e144517ffc5dd5e3251b1f511 node-v6.7.0.tar.gz -c540878495761f4c38f3cccd61da75fa5619637ba9887b7946964a7cef790178e26678fe0aabe400e32c8f0f65e97a519ceee1534bbf18a1a14bc6e9fe067637 use-system-ca-certs.patch -a8be538158b7c96341a407acba30450ddc5c3ad764e7efe728d1ceff64efc3067b177855b9ef91b54400be6a02600d83da4c21a07ae9d7dc0774f92b2006ea8b dont-run-gyp-files-for-bundled-deps.patch" +md5sums="ea2dd2de3e93b601f576bf24c1ab56ec node-v7.2.0.tar.gz +a785f2e6018cdace456b0ab518474453 use-system-ca-certs.patch +5b1b27a33063602990f5495d3b01b587 dont-run-gyp-files-for-bundled-deps.patch" +sha256sums="c3f53a5d8cea145e25706bb21cdac62f1b3314db35785bcf468558a29cfc352f node-v7.2.0.tar.gz +e0384006b04fef35c2c5e65d0cde6aae7efbc314d38c3c9ade0ae599f2b77bc2 use-system-ca-certs.patch +6886ee83f76eb68dc948da844e548f060caf360ca039bb2c1ee7ea0cd2d8dbf3 dont-run-gyp-files-for-bundled-deps.patch" +sha512sums="80a3eab891894064a7669ea08659eb2f675076476e5436b0a1b78f83ea0ebfcfd226dfe1847b5368a07a1f1bbe3038d3011013b3cbe8d8ed093ec7caa29c9603 node-v7.2.0.tar.gz +877669ed466606bc6afd67083d82b365a969b6626f4248a7f41249958a96e7bb6a6c656715c7b80e763bb53c6cf5789e604e15e05ff74f58e5441acc560350af use-system-ca-certs.patch +ba95f21b1e80717ef63941854e7ed412f64a91da068c0dbf0d6d9697333ee266c9f4cd7bf1a01111eeb28aa66adefd8a58cfb3e82debb84b43e35e9dc914dd36 dont-run-gyp-files-for-bundled-deps.patch" diff --git a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch index d65b456aaf..ba521dc4fc 100644 --- a/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch +++ b/main/nodejs/dont-run-gyp-files-for-bundled-deps.patch @@ -1,18 +1,21 @@ -From: Stephen Gallagher <sgallagh@redhat.com> -Date: Tue, 1 Dec 2015 16:35:29 -0500 +From: Jakub Jirutka <jakub@jirutka.cz> +Date: Sat, 26 Nov 2016 01:32:00 +0200 Subject: Disable running gyp files for bundled deps +Author: Stephen Gallagher <sgallagh@redhat.com> + +Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> to update for +Node.js 7.2.0 + --- a/Makefile +++ b/Makefile -@@ -70,7 +70,7 @@ $(NODE_G_EXE): config.gypi out/Makefile +@@ -72,8 +72,7 @@ $(MAKE) -C out BUILDTYPE=Debug V=$(V) ln -fs out/Debug/$(NODE_EXE) $@ --out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi -+out/Makefile: common.gypi deps/v8/build/toolchain.gypi deps/v8/build/features.gypi deps/v8/tools/gyp/v8.gyp node.gyp config.gypi +-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \ +- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \ ++out/Makefile: common.gypi deps/v8/gypfiles/toolchain.gypi \ + deps/v8/gypfiles/features.gypi deps/v8/src/v8.gyp node.gyp \ + config.gypi $(PYTHON) tools/gyp_node.py -f make - - config.gypi: configure --- -2.9.0 - diff --git a/main/nodejs/use-system-ca-certs.patch b/main/nodejs/use-system-ca-certs.patch index 014b1cedf1..6e46c74b40 100644 --- a/main/nodejs/use-system-ca-certs.patch +++ b/main/nodejs/use-system-ca-certs.patch @@ -1,28 +1,10 @@ From: Jakub Jirutka <jakub@jirutka.cz> -Date: Sat, 26 Nov 2016 01:32:00 +0200 +Date: Sat, 26 Nov 2016 21:18:00 +0200 Subject: Use system-provided CA certificates instead of bundled ones -Forwarded: need some feedback before submitting the matter upstream -Author: Jérémy Lal <kapouer@melix.org> -Last-Update: 2014-03-02 - -Modified 2014-05-02 by T.C. Hollingsworth <tchollingsworth@gmail.com> with the -correct path for Fedora - -Modified 2015-12-01 by Stephen Gallagher <sgallagh@redhat.com> to update for -Node.js 4.2 - -Modified 2016-03-04 by Stephen Gallagher <sgallagh@redhat.com> to update for -Node.js 5.4.1 - -Modified 2016-07-26 by Haikel Guemar <hguemar@fedoraproject.org> to update for -Node.js 4.4.7 - -Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> for Alpine Linux - --- a/src/node_crypto.cc +++ b/src/node_crypto.cc -@@ -192,8 +192,8 @@ static X509_NAME *cnnic_ev_name = +@@ -116,8 +116,8 @@ static Mutex* mutexes; @@ -33,43 +15,49 @@ Modified 2016-11-26 by Jakub Jirutka <jakub@jirutka.cz> for Alpine Linux }; X509_STORE* root_cert_store; -@@ -847,29 +847,17 @@ void SecureContext::AddRootCerts(const FunctionCallbackInfo<Value>& args) { - CHECK_EQ(sc->ca_store_, nullptr); +@@ -688,25 +688,33 @@ + + + static X509_STORE* NewRootCertStore() { ++ X509_STORE* store = X509_STORE_new(); ++ + if (!root_certs_vector) { + root_certs_vector = new std::vector<X509*>; - if (!root_cert_store) { -- root_cert_store = X509_STORE_new(); -- - for (size_t i = 0; i < arraysize(root_certs); i++) { - BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i])); -- if (bp == nullptr) { -- return; -- } -- - X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr); +- BIO_free(bp); +- - if (x509 == nullptr) { -- BIO_free_all(bp); -- return; +- // Parse errors from the built-in roots are fatal. +- ABORT(); +- return nullptr; - } -- -- X509_STORE_add_cert(root_cert_store, x509); -- -- BIO_free_all(bp); -- X509_free(x509); -+ if (SSL_CTX_load_verify_locations(sc->ctx_, "/etc/ssl/certs/ca-certificates.crt", NULL) == 1) { -+ root_cert_store = SSL_CTX_get_cert_store(sc->ctx_); -+ } else { -+ // empty store -+ root_cert_store = X509_STORE_new(); ++ BIO* bio = BIO_new(BIO_s_file()); ++ if (bio == nullptr) { ++ abort(); ++ return nullptr; ++ } ++ ++ if (BIO_read_filename(bio, "/etc/ssl/certs/ca-certificates.crt") == 1) { ++ STACK_OF(X509_INFO)* certs = PEM_X509_INFO_read_bio(bio, nullptr, nullptr, nullptr); + +- root_certs_vector->push_back(x509); ++ for (int i = 0; i < sk_X509_INFO_num(certs); i++) { ++ X509* cert = sk_X509_INFO_value(certs, i)->x509; ++ ++ if (cert) { ++ X509_up_ref(cert); ++ root_certs_vector->push_back(cert); ++ } ++ } ++ sk_X509_INFO_pop_free(certs, X509_INFO_free); } -+ } else { -+ SSL_CTX_set_cert_store(sc->ctx_, root_cert_store); ++ BIO_free_all(bio); } - sc->ca_store_ = root_cert_store; -- SSL_CTX_set_cert_store(sc->ctx_, sc->ca_store_); - } - - --- -2.9.0 - +- X509_STORE* store = X509_STORE_new(); + for (auto& cert : *root_certs_vector) { + X509_up_ref(cert); + X509_STORE_add_cert(store, cert); |