rpms
/
nodejs
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import nodejs-16.18.1-3.el9_1

This commit is contained in:
CentOS Sources 2023-03-28 11:26:13 +00:00 committed by Stepan Oksanichenko
parent 1d149a4dd8
commit 0729ac8045
7 changed files with 133 additions and 506 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -1,2 +1,6 @@
SOURCES/icu4c-70_1-src.tgz
SOURCES/node-v16.14.0-stripped.tar.gz
SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-71_1-src.tgz
SOURCES/node-v16.18.1-stripped.tar.gz
SOURCES/undici-5.10.0.tar.gz
SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

8
.nodejs.metadata
View File

@ -1,2 +1,6 @@
f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz
31555f8ebd7aaf06fe98409799e6a873a855ad3a SOURCES/node-v16.14.0-stripped.tar.gz
b0a91341ecf6c68a9d59a1c57d000fbbcc771679 SOURCES/cjs-module-lexer-1.2.2.tar.gz
406b0c8635288b772913b6ff646451e69748878a SOURCES/icu4c-71_1-src.tgz
71f2019e8d646be20ec962859e6a356b13663313 SOURCES/node-v16.18.1-stripped.tar.gz
a2668423c8ed5321e39ce08e239141b084563bb5 SOURCES/undici-5.10.0.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
900a50a32f0079d53c299db92b88bb3c5d2022b8 SOURCES/wasi-sdk-wasi-sdk-14.tar.gz

15
SOURCES/0001-Disable-running-gyp-on-shared-deps.patch
View File

@ -1,19 +1,18 @@
From b0b4d1ddbc720db73fb8ab13cdbbf1ce6524eebd Mon Sep 17 00:00:00 2001
From 61fd3e74ff223cd59476ef8a69880c57e3312af7 Mon Sep 17 00:00:00 2001
From: Zuzana Svetlikova <zsvetlik@redhat.com>
Date: Fri, 17 Apr 2020 12:59:44 +0200
Subject: [PATCH 1/2] Disable running gyp on shared deps
Subject: [PATCH] Disable running gyp on shared deps
Signed-off-by: rpm-build <rpm-build>
---
Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e9676f176 100644
index dc6f08b..c865e72 100644
--- a/Makefile
+++ b/Makefile
@@ -136,11 +136,11 @@ endif
.PHONY: test-code-cache
with-code-cache test-code-cache:
@@ -147,7 +147,7 @@ with-code-cache test-code-cache:
$(warning '$@' target is a noop)
out/Makefile: config.gypi common.gypi node.gyp \
@ -22,8 +21,6 @@ index 93d63110ae2e3928a95d24036b86d11885ab240f..79caaec2112cefa8f6a1c947375b517e
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
$(PYTHON) tools/gyp_node.py -f make
# node_version.h is listed because the N-API version is taken from there
--
2.29.2
2.37.3

397
SOURCES/0001-fix-ci-lock-file-validation.patch
View File

@ -1,397 +0,0 @@
From 730dd78c897a28c3df0468ed1fc42d5817badefe Mon Sep 17 00:00:00 2001
From: Ruy Adorno <ruyadorno@hotmail.com>
Date: Wed, 2 Feb 2022 22:10:22 -0500
Subject: [PATCH] fix(ci): lock file validation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Make sure to validate any lock file (either package-lock.json or
npm-shrinkwrap.json) against the current install. This will properly
throw an error in case any of the dependencies being installed don't
match the dependencies that are currently listed in the lock file.
Fixes: https://github.com/npm/cli/issues/2701
Fixes: https://github.com/npm/cli/issues/3947
Signed-off-by: Jan Staněk <jstanek@redhat.com>
---
deps/npm/lib/commands/ci.js | 23 ++++++
deps/npm/lib/utils/validate-lockfile.js | 29 +++++++
.../smoke-tests/index.js.test.cjs | 11 +++
.../test/lib/commands/ci.js.test.cjs | 13 +++
.../lib/utils/validate-lockfile.js.test.cjs | 35 ++++++++
deps/npm/test/lib/commands/ci.js | 82 +++++++++++++++++++
deps/npm/test/lib/utils/validate-lockfile.js | 82 +++++++++++++++++++
7 files changed, 275 insertions(+)
create mode 100644 deps/npm/lib/utils/validate-lockfile.js
create mode 100644 deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
create mode 100644 deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
create mode 100644 deps/npm/test/lib/utils/validate-lockfile.js
diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js
index 2c2f8da..376a85d 100644
--- a/deps/npm/lib/commands/ci.js
+++ b/deps/npm/lib/commands/ci.js
@@ -6,6 +6,7 @@ const runScript = require('@npmcli/run-script')
const fs = require('fs')
const readdir = util.promisify(fs.readdir)
const log = require('../utils/log-shim.js')
+const validateLockfile = require('../utils/validate-lockfile.js')
const removeNodeModules = async where => {
const rimrafOpts = { glob: false }
@@ -55,6 +56,28 @@ class CI extends ArboristWorkspaceCmd {
}),
removeNodeModules(where),
])
+
+ // retrieves inventory of packages from loaded virtual tree (lock file)
+ const virtualInventory = new Map(arb.virtualTree.inventory)
+
+ // build ideal tree step needs to come right after retrieving the virtual
+ // inventory since it's going to erase the previous ref to virtualTree
+ await arb.buildIdealTree()
+
+ // verifies that the packages from the ideal tree will match
+ // the same versions that are present in the virtual tree (lock file)
+ // throws a validation error in case of mismatches
+ const errors = validateLockfile(virtualInventory, arb.idealTree.inventory)
+ if (errors.length) {
+ throw new Error(
+ '`npm ci` can only install packages when your package.json and ' +
+ 'package-lock.json or npm-shrinkwrap.json are in sync. Please ' +
+ 'update your lock file with `npm install` ' +
+ 'before continuing.\n\n' +
+ errors.join('\n') + '\n'
+ )
+ }
+
await arb.reify(opts)
const ignoreScripts = this.npm.config.get('ignore-scripts')
diff --git a/deps/npm/lib/utils/validate-lockfile.js b/deps/npm/lib/utils/validate-lockfile.js
new file mode 100644
index 0000000..29161ec
--- /dev/null
+++ b/deps/npm/lib/utils/validate-lockfile.js
@@ -0,0 +1,29 @@
+// compares the inventory of package items in the tree
+// that is about to be installed (idealTree) with the inventory
+// of items stored in the package-lock file (virtualTree)
+//
+// Returns empty array if no errors found or an array populated
+// with an entry for each validation error found.
+function validateLockfile (virtualTree, idealTree) {
+ const errors = []
+
+ // loops through the inventory of packages resulted by ideal tree,
+ // for each package compares the versions with the version stored in the
+ // package-lock and adds an error to the list in case of mismatches
+ for (const [key, entry] of idealTree.entries()) {
+ const lock = virtualTree.get(key)
+
+ if (!lock) {
+ errors.push(`Missing: ${entry.name}@${entry.version} from lock file`)
+ continue
+ }
+
+ if (entry.version !== lock.version) {
+ errors.push(`Invalid: lock file's ${lock.name}@${lock.version} does ` +
+ `not satisfy ${entry.name}@${entry.version}`)
+ }
+ }
+ return errors
+}
+
+module.exports = validateLockfile
diff --git a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
index c1316e0..5fa3977 100644
--- a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
+++ b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
@@ -40,6 +40,17 @@ Configuration fields: npm help 7 config
npm {CWD}
+`
+
+exports[`smoke-tests/index.js TAP npm ci > should throw mismatch deps in lock file error 1`] = `
+npm ERR! \`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
+npm ERR!
+npm ERR! Invalid: lock file's abbrev@1.0.4 does not satisfy abbrev@1.1.1
+npm ERR!
+
+npm ERR! A complete log of this run can be found in:
+
+
`
exports[`smoke-tests/index.js TAP npm diff > should have expected diff output 1`] = `
diff --git a/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
new file mode 100644
index 0000000..d6a7471
--- /dev/null
+++ b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
@@ -0,0 +1,13 @@
+/* IMPORTANT
+ * This snapshot file is auto-generated, but designed for humans.
+ * It should be checked into source control and tracked carefully.
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
+ * Make sure to inspect the output below. Do not ignore changes!
+ */
+'use strict'
+exports[`test/lib/commands/ci.js TAP should throw error when ideal inventory mismatches virtual > must match snapshot 1`] = `
+\`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
+
+Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0
+
+`
diff --git a/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
new file mode 100644
index 0000000..98a5126
--- /dev/null
+++ b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
@@ -0,0 +1,35 @@
+/* IMPORTANT
+ * This snapshot file is auto-generated, but designed for humans.
+ * It should be checked into source control and tracked carefully.
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
+ * Make sure to inspect the output below. Do not ignore changes!
+ */
+'use strict'
+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on idealTree > should have missing entries error 1`] = `
+Array [
+ "Missing: baz@3.0.0 from lock file",
+]
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on virtualTree > should have no errors if finding virtualTree extra items 1`] = `
+Array []
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP identical inventory for both idealTree and virtualTree > should have no errors on identical inventories 1`] = `
+Array []
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP mismatching versions on inventory > should have errors for each mismatching version 1`] = `
+Array [
+ "Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0",
+ "Invalid: lock file's bar@2.0.0 does not satisfy bar@3.0.0",
+]
+`
+
+exports[`test/lib/utils/validate-lockfile.js TAP missing virtualTree inventory > should have errors for each mismatching version 1`] = `
+Array [
+ "Missing: foo@1.0.0 from lock file",
+ "Missing: bar@2.0.0 from lock file",
+ "Missing: baz@3.0.0 from lock file",
+]
+`
diff --git a/deps/npm/test/lib/commands/ci.js b/deps/npm/test/lib/commands/ci.js
index 537d078..e077c99 100644
--- a/deps/npm/test/lib/commands/ci.js
+++ b/deps/npm/test/lib/commands/ci.js
@@ -19,6 +19,17 @@ t.test('should ignore scripts with --ignore-scripts', async t => {
this.reify = () => {
REIFY_CALLED = true
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
})
@@ -99,6 +110,17 @@ t.test('should use Arborist and run-script', async t => {
this.reify = () => {
t.ok(true, 'reify is called')
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
rimraf: (path, ...args) => {
actualRimrafs++
@@ -138,6 +160,17 @@ t.test('should pass flatOptions to Arborist.reify', async t => {
this.reify = async (options) => {
t.equal(options.production, true, 'should pass flatOptions to Arborist.reify')
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
})
const npm = mockNpm({
@@ -218,6 +251,17 @@ t.test('should remove existing node_modules before installing', async t => {
const nodeModules = contents.filter((path) => path.startsWith('node_modules'))
t.same(nodeModules, ['node_modules'], 'should only have the node_modules directory')
}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
},
})
@@ -231,3 +275,41 @@ t.test('should remove existing node_modules before installing', async t => {
await ci.exec(null)
})
+
+t.test('should throw error when ideal inventory mismatches virtual', async t => {
+ const CI = t.mock('../../../lib/commands/ci.js', {
+ '../../../lib/utils/reify-finish.js': async () => {},
+ '@npmcli/run-script': ({ event }) => {},
+ '@npmcli/arborist': function () {
+ this.loadVirtual = async () => {}
+ this.reify = () => {}
+ this.buildIdealTree = () => {}
+ this.virtualTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ]),
+ }
+ this.idealTree = {
+ inventory: new Map([
+ ['foo', { name: 'foo', version: '2.0.0' }],
+ ]),
+ }
+ },
+ })
+
+ const npm = mockNpm({
+ globalDir: 'path/to/node_modules/',
+ prefix: 'foo',
+ config: {
+ global: false,
+ 'ignore-scripts': true,
+ },
+ })
+ const ci = new CI(npm)
+
+ try {
+ await ci.exec([])
+ } catch (err) {
+ t.matchSnapshot(err.message)
+ }
+})
diff --git a/deps/npm/test/lib/utils/validate-lockfile.js b/deps/npm/test/lib/utils/validate-lockfile.js
new file mode 100644
index 0000000..25939c5
--- /dev/null
+++ b/deps/npm/test/lib/utils/validate-lockfile.js
@@ -0,0 +1,82 @@
+const t = require('tap')
+const validateLockfile = require('../../../lib/utils/validate-lockfile.js')
+
+t.test('identical inventory for both idealTree and virtualTree', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ])
+ ),
+ 'should have no errors on identical inventories'
+ )
+})
+
+t.test('extra inventory items on idealTree', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ['baz', { name: 'baz', version: '3.0.0' }],
+ ])
+ ),
+ 'should have missing entries error'
+ )
+})
+
+t.test('extra inventory items on virtualTree', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ['baz', { name: 'baz', version: '3.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ])
+ ),
+ 'should have no errors if finding virtualTree extra items'
+ )
+})
+
+t.test('mismatching versions on inventory', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ]),
+ new Map([
+ ['foo', { name: 'foo', version: '2.0.0' }],
+ ['bar', { name: 'bar', version: '3.0.0' }],
+ ])
+ ),
+ 'should have errors for each mismatching version'
+ )
+})
+
+t.test('missing virtualTree inventory', async t => {
+ t.matchSnapshot(
+ validateLockfile(
+ new Map([]),
+ new Map([
+ ['foo', { name: 'foo', version: '1.0.0' }],
+ ['bar', { name: 'bar', version: '2.0.0' }],
+ ['baz', { name: 'baz', version: '3.0.0' }],
+ ])
+ ),
+ 'should have errors for each mismatching version'
+ )
+})
--
2.35.1

61
SOURCES/0002-Install-both-binaries-and-use-libdir.patch
View File

@ -1,61 +0,0 @@
diff --git a/configure.py b/configure.py
index 895a0869cb..791c3e4a62 100755
--- a/configure.py
+++ b/configure.py
@@ -722,6 +722,12 @@ parser.add_argument('--shared',
help='compile shared library for embedding node in another project. ' +
'(This mode is not officially supported for regular applications)')
+parser.add_argument('--libdir',
+ action='store',
+ dest='libdir',
+ default='lib',
+ help='a directory to install the shared library into')
+
parser.add_argument('--without-v8-platform',
action='store_true',
dest='without_v8_platform',
@@ -1293,6 +1299,7 @@ def configure_node(o):
o['variables']['node_no_browser_globals'] = b(options.no_browser_globals)
o['variables']['node_shared'] = b(options.shared)
+ o['variables']['libdir'] = options.libdir
node_module_version = getmoduleversion.get_version()
if options.dest_os == 'android':
diff --git a/tools/install.py b/tools/install.py
index 045d406d84..b3ef454199 100755
--- a/tools/install.py
+++ b/tools/install.py
@@ -121,22 +121,19 @@ def subdir_files(path, dest, action):
def files(action):
is_windows = sys.platform == 'win32'
- output_file = 'node'
output_prefix = 'out/Release/'
+ output_libprefix = output_prefix
- if 'false' == variables.get('node_shared'):
- if is_windows:
- output_file += '.exe'
+ if is_windows:
+ output_bin = 'node.exe'
+ output_lib = 'node.dll'
else:
- if is_windows:
- output_file += '.dll'
- else:
- output_file = 'lib' + output_file + '.' + variables.get('shlib_suffix')
+ output_bin = 'node'
+ output_lib = 'libnode.' + variables.get('shlib_suffix')
- if 'false' == variables.get('node_shared'):
- action([output_prefix + output_file], 'bin/' + output_file)
- else:
- action([output_prefix + output_file], 'lib/' + output_file)
+ action([output_prefix + output_bin], 'bin/' + output_bin)
+ if 'true' == variables.get('node_shared'):
+ action([output_libprefix + output_lib], variables.get('libdir') + '/' + output_lib)
if 'true' == variables.get('node_use_dtrace'):
action(['out/Release/node.d'], 'lib/dtrace/node.d')

31
SOURCES/0002-install-keep-installing-dtrace-and-systemtap-files.patch Normal file
View File

@ -0,0 +1,31 @@
From 9872b897d6a9a39e3392c39bca70cfd9dd084558 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Mon, 26 Sep 2022 16:02:39 +0200
Subject: [PATCH] install: keep installing dtrace and systemtap files
Partly reverts commit e27e709d3ca93b3e7036ddc4f4d28dfde228bfb6.
Signed-off-by: rpm-build <rpm-build>
---
tools/install.py | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/tools/install.py b/tools/install.py
index 4b01d67..dc16797 100755
--- a/tools/install.py
+++ b/tools/install.py
@@ -178,6 +178,11 @@ def files(action):
output_lib = 'libnode.' + variables.get('shlib_suffix')
action([output_prefix + output_lib], variables.get('libdir') + '/' + output_lib)
+ if 'true' == variables.get('node_use_dtrace'):
+ action(['out/Release/node.d'], variables.get('libdir') + '/dtrace/node.d')
+
+ action(['src/node.stp'], 'share/systemtap/tapset/')
+
action(['deps/v8/tools/gdbinit'], 'share/doc/node/')
action(['deps/v8/tools/lldb_commands.py'], 'share/doc/node/')
--
2.37.3

119
SPECS/nodejs.spec
View File

@ -30,7 +30,7 @@
# This is used by both the nodejs package and the npm subpackage that
# has a separate version - the name is special so that rpmdev-bumpspec
# will bump this rather than adding .1 to the end.
%global baserelease 5
%global baserelease 3
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
@ -41,8 +41,8 @@
# than a Fedora release lifecycle.
%global nodejs_epoch 1
%global nodejs_major 16
%global nodejs_minor 14
%global nodejs_patch 0
%global nodejs_minor 18
%global nodejs_patch 1
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
%global nodejs_soversion 93
@ -58,7 +58,7 @@
%global v8_major 9
%global v8_minor 4
%global v8_build 146
%global v8_patch 24
%global v8_patch 26
# V8 presently breaks ABI at least every x.y release while never bumping SONAME
%global v8_abi %{v8_major}.%{v8_minor}
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
@ -69,28 +69,28 @@
%global c_ares_version 1.18.1
# llhttp - from deps/llhttp/include/llhttp.h
%global llhttp_version 6.0.4
%global llhttp_version 6.0.10
# libuv - from deps/uv/include/uv/version.h
%global libuv_version 1.43.0
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
%global nghttp2_version 1.45.1
%global nghttp2_version 1.47.0
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
%global nghttp3_major 0
%global nghttp3_minor 1
%global nghttp3_patch 0-DEV
%global nghttp3_minor 7
%global nghttp3_patch 0
%global nghttp3_version %{nghttp3_major}.%{nghttp3_minor}.%{nghttp3_patch}
# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
%global ngtcp2_major 0
%global ngtcp2_minor 1
%global ngtcp2_patch 0-DEV
%global ngtcp2_minor 8
%global ngtcp2_patch 1
%global ngtcp2_version %{ngtcp2_major}.%{ngtcp2_minor}.%{ngtcp2_patch}
# ICU - from tools/icu/current_ver.dep
%global icu_major 70
%global icu_major 71
%global icu_minor 1
%global icu_version %{icu_major}.%{icu_minor}
@ -118,7 +118,7 @@
# npm - from deps/npm/package.json
%global npm_epoch 1
%global npm_version 8.3.1
%global npm_version 8.19.2
# In order to avoid needing to keep incrementing the release version for the
# main package forever, we will just construct one for npm that is guaranteed
@ -127,13 +127,10 @@
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
# uvwasi - from deps/uvwasi/include/uvwasi.h
%global uvwasi_version 0.0.12
%global uvwasi_version 0.0.13
# histogram_c - assumed from timestamps
%global histogram_version 0.9.7
# Node.js 16.9.1 and later comes with an experimental package management tool
%global corepack_version 0.10.0
%global histogram_version 0.11.2
Name: nodejs
Epoch: %{nodejs_epoch}
@ -160,14 +157,29 @@ Source100: %{name}-tarball.sh
# nodejs-packaging SRPM.
Source7: nodejs_native.attr
# These are full sources for dependencies included as WASM blobs in the source of Node itself.
# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
# Recipes for creating these blobs are included in the sources.
# Version: jq '.version' deps/cjs-module-lexer/package.json
# Original: https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/1.2.2.tar.gz
# Adjustments: rm -f cjs-module-lexer-1.2.2/lib/lexer.wasm
Source101: cjs-module-lexer-1.2.2.tar.gz
# The WASM blob was made using wasi-sdk v11; compiler libraries are linked in.
# Version source: Makefile
Source102: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-11/wasi-sdk-wasi-sdk-11.tar.gz
# Version: jq '.version' deps/undici/src/package.json
# Original: https://github.com/nodejs/undici/archive/refs/tags/v5.10.0.tar.gz
# Adjustments: rm -f undici-5.10.0/lib/llhttp/llhttp*.wasm*
Source111: undici-5.10.0.tar.gz
# The WASM blob was made using wasi-sdk v14; compiler libraries are linked in.
# Version source: build/Dockerfile
Source112: https://github.com/WebAssembly/wasi-sdk/archive/wasi-sdk-14/wasi-sdk-wasi-sdk-14.tar.gz
# Disable running gyp on bundled deps we don't use
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
# Patch to install both node and libnode.so, using the correct libdir
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
# CVE-2021-43616
Patch3: 0001-fix-ci-lock-file-validation.patch
Patch2: 0002-install-keep-installing-dtrace-and-systemtap-files.patch
BuildRequires: make
BuildRequires: python3-devel
@ -268,7 +280,6 @@ Provides: bundled(icu) = %{icu_version}
# or there's no option to built it as a shared dependency, so we bundle them
Provides: bundled(uvwasi) = %{uvwasi_version}
Provides: bundled(histogram) = %{histogram_version}
Provides: bundled(corepack) = %{corepack_version}
%if 0%{?fedora}
# Make sure to pull in the appropriate packaging macros when building RPMs
@ -393,6 +404,22 @@ rm -rf deps/brotli
rm -rf deps/v8/third_party/jinja2
rm -rf tools/inspector_protocol/jinja2
# check for correct versions of dependencies we are bundling
check_wasm_dep() {
local -r name="$1" source="$2" packagejson="$3"
local -r expected_version="$(jq -r '.version' "${packagejson}")"
if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
printf '%s version matches\n' "${name}" >&2
else
printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
return 1
fi
}
check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
check_wasm_dep undici '%{SOURCE111}' deps/undici/src/package.json
# Replace any instances of unversioned python' with python3
%if %{with python3_fixup}
pathfix.py -i %{__python3} -pn $(find -type f ! -name "*.js")
@ -440,9 +467,10 @@ export LDFLAGS="%{build_ldflags}"
--shared-brotli \
%{!?with_bundled:--shared-libuv} \
%{!?with_bundled:--shared-nghttp2} \
--with-dtrace \
%{?with_bundled:--without-dtrace}%{!?with_bundled:--with-dtrace} \
--with-intl=small-icu \
--with-icu-default-data-dir=%{icudatadir} \
--without-corepack \
--openssl-use-def-ca-store \
--openssl-default-cipher-list=PROFILE=SYSTEM
@ -558,11 +586,6 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
# Corepack contains a number of executable"shims", including some for Windows
# PowerShell. Drop the executable bit for those so we don't pick up an
# automatic dependency on /usr/bin/pwsh that we cannot satisfy.
chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1
# Drop the NPM default configuration in place
mkdir -p %{buildroot}%{_sysconfdir}
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
@ -618,15 +641,14 @@ end
%dir %{_datadir}/systemtap/tapset
%{_datadir}/systemtap/tapset/node.stp
# corepack
%{_bindir}/corepack
%{_prefix}/lib/node_modules/corepack
%if %{without bundled}
%dir %{_usr}/lib/dtrace
%{_usr}/lib/dtrace/node.d
%endif
%{_rpmconfigdir}/fileattrs/nodejs_native.attr
%{_rpmconfigdir}/nodejs_native.req
%license LICENSE
%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
%doc %{_mandir}/man1/node.1*
@ -677,9 +699,11 @@ end
%doc %{_mandir}/man5/package-lock-json.5*
%doc %{_mandir}/man5/npm-shrinkwrap-json.5*
%doc %{_mandir}/man7/config.7*
%doc %{_mandir}/man7/dependency-selectors.7*
%doc %{_mandir}/man7/developers.7*
%doc %{_mandir}/man7/orgs.7*
%doc %{_mandir}/man7/logging.7*
%doc %{_mandir}/man7/orgs.7*
%doc %{_mandir}/man7/package-spec.7*
%doc %{_mandir}/man7/registry.7*
%doc %{_mandir}/man7/removal.7*
%doc %{_mandir}/man7/scope.7*
@ -695,6 +719,31 @@ end
%changelog
* Wed Dec 07 2022 Jan Staněk <jstanek@redhat.com> - 1:16.18.1-3
- Update sources of undici WASM blobs
Resolves: rhbz#2151617
* Mon Dec 05 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-2
- Add back libs and v8-devel subpackages
- Related: RHBZ#2121126
- Record previously fixed CVE
- Resolves: CVE-2021-44906
* Wed Nov 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:16.18.1-1
- Rebase + CVEs
- Resolves: #2142808
- Resolves: #2142826, #2131745, #2142855
* Tue Sep 27 2022 Jan Staněk <jstanek@redhat.com> - 16.17.1-1
- Rebase to version 16.17.1
Resolves: CVE-2022-35255 CVE-2022-35256
* Tue Aug 23 2022 Jan Staněk <jstanek@redhat.com> - 16.16.0-1
- Rebase to version 16.16.0
Resolves: RHBZ#2106290
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
Resolves: CVE-2022-29244
* Thu Apr 21 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-5
- Decouple dependency bundling from bootstrapping