import nodejs-16.16.0-1.el9_0
This commit is contained in:
parent
3e3166622a
commit
76192e4fa8
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
||||
SOURCES/icu4c-70_1-src.tgz
|
||||
SOURCES/node-v16.14.0-stripped.tar.gz
|
||||
SOURCES/node-v16.16.0-stripped.tar.gz
|
||||
|
@ -1,2 +1,2 @@
|
||||
f7c1363edee6be7de8b624ffbb801892b3417d4e SOURCES/icu4c-70_1-src.tgz
|
||||
31555f8ebd7aaf06fe98409799e6a873a855ad3a SOURCES/node-v16.14.0-stripped.tar.gz
|
||||
03ce6ba30288cf950d91146cb7ae8f30fc6a30aa SOURCES/node-v16.16.0-stripped.tar.gz
|
||||
|
@ -1,397 +0,0 @@
|
||||
From 730dd78c897a28c3df0468ed1fc42d5817badefe Mon Sep 17 00:00:00 2001
|
||||
From: Ruy Adorno <ruyadorno@hotmail.com>
|
||||
Date: Wed, 2 Feb 2022 22:10:22 -0500
|
||||
Subject: [PATCH] fix(ci): lock file validation
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Make sure to validate any lock file (either package-lock.json or
|
||||
npm-shrinkwrap.json) against the current install. This will properly
|
||||
throw an error in case any of the dependencies being installed don't
|
||||
match the dependencies that are currently listed in the lock file.
|
||||
|
||||
Fixes: https://github.com/npm/cli/issues/2701
|
||||
Fixes: https://github.com/npm/cli/issues/3947
|
||||
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
||||
---
|
||||
deps/npm/lib/commands/ci.js | 23 ++++++
|
||||
deps/npm/lib/utils/validate-lockfile.js | 29 +++++++
|
||||
.../smoke-tests/index.js.test.cjs | 11 +++
|
||||
.../test/lib/commands/ci.js.test.cjs | 13 +++
|
||||
.../lib/utils/validate-lockfile.js.test.cjs | 35 ++++++++
|
||||
deps/npm/test/lib/commands/ci.js | 82 +++++++++++++++++++
|
||||
deps/npm/test/lib/utils/validate-lockfile.js | 82 +++++++++++++++++++
|
||||
7 files changed, 275 insertions(+)
|
||||
create mode 100644 deps/npm/lib/utils/validate-lockfile.js
|
||||
create mode 100644 deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
|
||||
create mode 100644 deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
|
||||
create mode 100644 deps/npm/test/lib/utils/validate-lockfile.js
|
||||
|
||||
diff --git a/deps/npm/lib/commands/ci.js b/deps/npm/lib/commands/ci.js
|
||||
index 2c2f8da..376a85d 100644
|
||||
--- a/deps/npm/lib/commands/ci.js
|
||||
+++ b/deps/npm/lib/commands/ci.js
|
||||
@@ -6,6 +6,7 @@ const runScript = require('@npmcli/run-script')
|
||||
const fs = require('fs')
|
||||
const readdir = util.promisify(fs.readdir)
|
||||
const log = require('../utils/log-shim.js')
|
||||
+const validateLockfile = require('../utils/validate-lockfile.js')
|
||||
|
||||
const removeNodeModules = async where => {
|
||||
const rimrafOpts = { glob: false }
|
||||
@@ -55,6 +56,28 @@ class CI extends ArboristWorkspaceCmd {
|
||||
}),
|
||||
removeNodeModules(where),
|
||||
])
|
||||
+
|
||||
+ // retrieves inventory of packages from loaded virtual tree (lock file)
|
||||
+ const virtualInventory = new Map(arb.virtualTree.inventory)
|
||||
+
|
||||
+ // build ideal tree step needs to come right after retrieving the virtual
|
||||
+ // inventory since it's going to erase the previous ref to virtualTree
|
||||
+ await arb.buildIdealTree()
|
||||
+
|
||||
+ // verifies that the packages from the ideal tree will match
|
||||
+ // the same versions that are present in the virtual tree (lock file)
|
||||
+ // throws a validation error in case of mismatches
|
||||
+ const errors = validateLockfile(virtualInventory, arb.idealTree.inventory)
|
||||
+ if (errors.length) {
|
||||
+ throw new Error(
|
||||
+ '`npm ci` can only install packages when your package.json and ' +
|
||||
+ 'package-lock.json or npm-shrinkwrap.json are in sync. Please ' +
|
||||
+ 'update your lock file with `npm install` ' +
|
||||
+ 'before continuing.\n\n' +
|
||||
+ errors.join('\n') + '\n'
|
||||
+ )
|
||||
+ }
|
||||
+
|
||||
await arb.reify(opts)
|
||||
|
||||
const ignoreScripts = this.npm.config.get('ignore-scripts')
|
||||
diff --git a/deps/npm/lib/utils/validate-lockfile.js b/deps/npm/lib/utils/validate-lockfile.js
|
||||
new file mode 100644
|
||||
index 0000000..29161ec
|
||||
--- /dev/null
|
||||
+++ b/deps/npm/lib/utils/validate-lockfile.js
|
||||
@@ -0,0 +1,29 @@
|
||||
+// compares the inventory of package items in the tree
|
||||
+// that is about to be installed (idealTree) with the inventory
|
||||
+// of items stored in the package-lock file (virtualTree)
|
||||
+//
|
||||
+// Returns empty array if no errors found or an array populated
|
||||
+// with an entry for each validation error found.
|
||||
+function validateLockfile (virtualTree, idealTree) {
|
||||
+ const errors = []
|
||||
+
|
||||
+ // loops through the inventory of packages resulted by ideal tree,
|
||||
+ // for each package compares the versions with the version stored in the
|
||||
+ // package-lock and adds an error to the list in case of mismatches
|
||||
+ for (const [key, entry] of idealTree.entries()) {
|
||||
+ const lock = virtualTree.get(key)
|
||||
+
|
||||
+ if (!lock) {
|
||||
+ errors.push(`Missing: ${entry.name}@${entry.version} from lock file`)
|
||||
+ continue
|
||||
+ }
|
||||
+
|
||||
+ if (entry.version !== lock.version) {
|
||||
+ errors.push(`Invalid: lock file's ${lock.name}@${lock.version} does ` +
|
||||
+ `not satisfy ${entry.name}@${entry.version}`)
|
||||
+ }
|
||||
+ }
|
||||
+ return errors
|
||||
+}
|
||||
+
|
||||
+module.exports = validateLockfile
|
||||
diff --git a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
|
||||
index c1316e0..5fa3977 100644
|
||||
--- a/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
|
||||
+++ b/deps/npm/tap-snapshots/smoke-tests/index.js.test.cjs
|
||||
@@ -40,6 +40,17 @@ Configuration fields: npm help 7 config
|
||||
|
||||
npm {CWD}
|
||||
|
||||
+`
|
||||
+
|
||||
+exports[`smoke-tests/index.js TAP npm ci > should throw mismatch deps in lock file error 1`] = `
|
||||
+npm ERR! \`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
|
||||
+npm ERR!
|
||||
+npm ERR! Invalid: lock file's abbrev@1.0.4 does not satisfy abbrev@1.1.1
|
||||
+npm ERR!
|
||||
+
|
||||
+npm ERR! A complete log of this run can be found in:
|
||||
+
|
||||
+
|
||||
`
|
||||
|
||||
exports[`smoke-tests/index.js TAP npm diff > should have expected diff output 1`] = `
|
||||
diff --git a/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
|
||||
new file mode 100644
|
||||
index 0000000..d6a7471
|
||||
--- /dev/null
|
||||
+++ b/deps/npm/tap-snapshots/test/lib/commands/ci.js.test.cjs
|
||||
@@ -0,0 +1,13 @@
|
||||
+/* IMPORTANT
|
||||
+ * This snapshot file is auto-generated, but designed for humans.
|
||||
+ * It should be checked into source control and tracked carefully.
|
||||
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
|
||||
+ * Make sure to inspect the output below. Do not ignore changes!
|
||||
+ */
|
||||
+'use strict'
|
||||
+exports[`test/lib/commands/ci.js TAP should throw error when ideal inventory mismatches virtual > must match snapshot 1`] = `
|
||||
+\`npm ci\` can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with \`npm install\` before continuing.
|
||||
+
|
||||
+Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0
|
||||
+
|
||||
+`
|
||||
diff --git a/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
|
||||
new file mode 100644
|
||||
index 0000000..98a5126
|
||||
--- /dev/null
|
||||
+++ b/deps/npm/tap-snapshots/test/lib/utils/validate-lockfile.js.test.cjs
|
||||
@@ -0,0 +1,35 @@
|
||||
+/* IMPORTANT
|
||||
+ * This snapshot file is auto-generated, but designed for humans.
|
||||
+ * It should be checked into source control and tracked carefully.
|
||||
+ * Re-generate by setting TAP_SNAPSHOT=1 and running tests.
|
||||
+ * Make sure to inspect the output below. Do not ignore changes!
|
||||
+ */
|
||||
+'use strict'
|
||||
+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on idealTree > should have missing entries error 1`] = `
|
||||
+Array [
|
||||
+ "Missing: baz@3.0.0 from lock file",
|
||||
+]
|
||||
+`
|
||||
+
|
||||
+exports[`test/lib/utils/validate-lockfile.js TAP extra inventory items on virtualTree > should have no errors if finding virtualTree extra items 1`] = `
|
||||
+Array []
|
||||
+`
|
||||
+
|
||||
+exports[`test/lib/utils/validate-lockfile.js TAP identical inventory for both idealTree and virtualTree > should have no errors on identical inventories 1`] = `
|
||||
+Array []
|
||||
+`
|
||||
+
|
||||
+exports[`test/lib/utils/validate-lockfile.js TAP mismatching versions on inventory > should have errors for each mismatching version 1`] = `
|
||||
+Array [
|
||||
+ "Invalid: lock file's foo@1.0.0 does not satisfy foo@2.0.0",
|
||||
+ "Invalid: lock file's bar@2.0.0 does not satisfy bar@3.0.0",
|
||||
+]
|
||||
+`
|
||||
+
|
||||
+exports[`test/lib/utils/validate-lockfile.js TAP missing virtualTree inventory > should have errors for each mismatching version 1`] = `
|
||||
+Array [
|
||||
+ "Missing: foo@1.0.0 from lock file",
|
||||
+ "Missing: bar@2.0.0 from lock file",
|
||||
+ "Missing: baz@3.0.0 from lock file",
|
||||
+]
|
||||
+`
|
||||
diff --git a/deps/npm/test/lib/commands/ci.js b/deps/npm/test/lib/commands/ci.js
|
||||
index 537d078..e077c99 100644
|
||||
--- a/deps/npm/test/lib/commands/ci.js
|
||||
+++ b/deps/npm/test/lib/commands/ci.js
|
||||
@@ -19,6 +19,17 @@ t.test('should ignore scripts with --ignore-scripts', async t => {
|
||||
this.reify = () => {
|
||||
REIFY_CALLED = true
|
||||
}
|
||||
+ this.buildIdealTree = () => {}
|
||||
+ this.virtualTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
+ this.idealTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
},
|
||||
})
|
||||
|
||||
@@ -99,6 +110,17 @@ t.test('should use Arborist and run-script', async t => {
|
||||
this.reify = () => {
|
||||
t.ok(true, 'reify is called')
|
||||
}
|
||||
+ this.buildIdealTree = () => {}
|
||||
+ this.virtualTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
+ this.idealTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
},
|
||||
rimraf: (path, ...args) => {
|
||||
actualRimrafs++
|
||||
@@ -138,6 +160,17 @@ t.test('should pass flatOptions to Arborist.reify', async t => {
|
||||
this.reify = async (options) => {
|
||||
t.equal(options.production, true, 'should pass flatOptions to Arborist.reify')
|
||||
}
|
||||
+ this.buildIdealTree = () => {}
|
||||
+ this.virtualTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
+ this.idealTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
},
|
||||
})
|
||||
const npm = mockNpm({
|
||||
@@ -218,6 +251,17 @@ t.test('should remove existing node_modules before installing', async t => {
|
||||
const nodeModules = contents.filter((path) => path.startsWith('node_modules'))
|
||||
t.same(nodeModules, ['node_modules'], 'should only have the node_modules directory')
|
||||
}
|
||||
+ this.buildIdealTree = () => {}
|
||||
+ this.virtualTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
+ this.idealTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
},
|
||||
})
|
||||
|
||||
@@ -231,3 +275,41 @@ t.test('should remove existing node_modules before installing', async t => {
|
||||
|
||||
await ci.exec(null)
|
||||
})
|
||||
+
|
||||
+t.test('should throw error when ideal inventory mismatches virtual', async t => {
|
||||
+ const CI = t.mock('../../../lib/commands/ci.js', {
|
||||
+ '../../../lib/utils/reify-finish.js': async () => {},
|
||||
+ '@npmcli/run-script': ({ event }) => {},
|
||||
+ '@npmcli/arborist': function () {
|
||||
+ this.loadVirtual = async () => {}
|
||||
+ this.reify = () => {}
|
||||
+ this.buildIdealTree = () => {}
|
||||
+ this.virtualTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
+ this.idealTree = {
|
||||
+ inventory: new Map([
|
||||
+ ['foo', { name: 'foo', version: '2.0.0' }],
|
||||
+ ]),
|
||||
+ }
|
||||
+ },
|
||||
+ })
|
||||
+
|
||||
+ const npm = mockNpm({
|
||||
+ globalDir: 'path/to/node_modules/',
|
||||
+ prefix: 'foo',
|
||||
+ config: {
|
||||
+ global: false,
|
||||
+ 'ignore-scripts': true,
|
||||
+ },
|
||||
+ })
|
||||
+ const ci = new CI(npm)
|
||||
+
|
||||
+ try {
|
||||
+ await ci.exec([])
|
||||
+ } catch (err) {
|
||||
+ t.matchSnapshot(err.message)
|
||||
+ }
|
||||
+})
|
||||
diff --git a/deps/npm/test/lib/utils/validate-lockfile.js b/deps/npm/test/lib/utils/validate-lockfile.js
|
||||
new file mode 100644
|
||||
index 0000000..25939c5
|
||||
--- /dev/null
|
||||
+++ b/deps/npm/test/lib/utils/validate-lockfile.js
|
||||
@@ -0,0 +1,82 @@
|
||||
+const t = require('tap')
|
||||
+const validateLockfile = require('../../../lib/utils/validate-lockfile.js')
|
||||
+
|
||||
+t.test('identical inventory for both idealTree and virtualTree', async t => {
|
||||
+ t.matchSnapshot(
|
||||
+ validateLockfile(
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ]),
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ])
|
||||
+ ),
|
||||
+ 'should have no errors on identical inventories'
|
||||
+ )
|
||||
+})
|
||||
+
|
||||
+t.test('extra inventory items on idealTree', async t => {
|
||||
+ t.matchSnapshot(
|
||||
+ validateLockfile(
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ]),
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ['baz', { name: 'baz', version: '3.0.0' }],
|
||||
+ ])
|
||||
+ ),
|
||||
+ 'should have missing entries error'
|
||||
+ )
|
||||
+})
|
||||
+
|
||||
+t.test('extra inventory items on virtualTree', async t => {
|
||||
+ t.matchSnapshot(
|
||||
+ validateLockfile(
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ['baz', { name: 'baz', version: '3.0.0' }],
|
||||
+ ]),
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ])
|
||||
+ ),
|
||||
+ 'should have no errors if finding virtualTree extra items'
|
||||
+ )
|
||||
+})
|
||||
+
|
||||
+t.test('mismatching versions on inventory', async t => {
|
||||
+ t.matchSnapshot(
|
||||
+ validateLockfile(
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ]),
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '2.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '3.0.0' }],
|
||||
+ ])
|
||||
+ ),
|
||||
+ 'should have errors for each mismatching version'
|
||||
+ )
|
||||
+})
|
||||
+
|
||||
+t.test('missing virtualTree inventory', async t => {
|
||||
+ t.matchSnapshot(
|
||||
+ validateLockfile(
|
||||
+ new Map([]),
|
||||
+ new Map([
|
||||
+ ['foo', { name: 'foo', version: '1.0.0' }],
|
||||
+ ['bar', { name: 'bar', version: '2.0.0' }],
|
||||
+ ['baz', { name: 'baz', version: '3.0.0' }],
|
||||
+ ])
|
||||
+ ),
|
||||
+ 'should have errors for each mismatching version'
|
||||
+ )
|
||||
+})
|
||||
--
|
||||
2.35.1
|
||||
|
@ -1,6 +1,17 @@
|
||||
# bundle dependencies that are not available as Fedora modules
|
||||
%bcond_without bootstrap
|
||||
%global __bootstrap %{nil}
|
||||
# The following macros control the usage of dependencies bundled from upstream.
|
||||
#
|
||||
# When to use what:
|
||||
# - Regular (presumably non-modular) build: use neither (the default in Fedora)
|
||||
# - Early bootstrapping build that is not intended to be shipped:
|
||||
# use --with=bootstrap; this will bundle deps and add `~bootstrap` release suffix
|
||||
# - Build with some dependencies not avalaible in necessary versions (i.e. module build):
|
||||
# use --with=bundled; will bundle deps, but do not add the suffix
|
||||
#
|
||||
# create bootstrapping build with bundled deps and extra release suffix
|
||||
%bcond_with bootstrap
|
||||
# bundle dependencies that are not available in CentOS
|
||||
# currently hardcoded to bundle; see Fedora spec on how to make this dependent on bootstrap
|
||||
%bcond_without bundled
|
||||
|
||||
%if 0%{?rhel} && 0%{?rhel} < 9
|
||||
%bcond_without python3_fixup
|
||||
@ -19,7 +30,7 @@
|
||||
# This is used by both the nodejs package and the npm subpackage that
|
||||
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||
# will bump this rather than adding .1 to the end.
|
||||
%global baserelease 4
|
||||
%global baserelease 1
|
||||
|
||||
%{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -30,7 +41,7 @@
|
||||
# than a Fedora release lifecycle.
|
||||
%global nodejs_epoch 1
|
||||
%global nodejs_major 16
|
||||
%global nodejs_minor 14
|
||||
%global nodejs_minor 16
|
||||
%global nodejs_patch 0
|
||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||
@ -58,13 +69,13 @@
|
||||
%global c_ares_version 1.18.1
|
||||
|
||||
# llhttp - from deps/llhttp/include/llhttp.h
|
||||
%global llhttp_version 6.0.4
|
||||
%global llhttp_version 6.0.7
|
||||
|
||||
# libuv - from deps/uv/include/uv/version.h
|
||||
%global libuv_version 1.43.0
|
||||
|
||||
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
||||
%global nghttp2_version 1.45.1
|
||||
%global nghttp2_version 1.47.0
|
||||
|
||||
# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
|
||||
%global nghttp3_major 0
|
||||
@ -107,7 +118,7 @@
|
||||
|
||||
# npm - from deps/npm/package.json
|
||||
%global npm_epoch 1
|
||||
%global npm_version 8.3.1
|
||||
%global npm_version 8.11.0
|
||||
|
||||
# In order to avoid needing to keep incrementing the release version for the
|
||||
# main package forever, we will just construct one for npm that is guaranteed
|
||||
@ -121,9 +132,6 @@
|
||||
# histogram_c - assumed from timestamps
|
||||
%global histogram_version 0.9.7
|
||||
|
||||
# Node.js 16.9.1 and later comes with an experimental package management tool
|
||||
%global corepack_version 0.10.0
|
||||
|
||||
Name: nodejs
|
||||
Epoch: %{nodejs_epoch}
|
||||
Version: %{nodejs_version}
|
||||
@ -155,9 +163,6 @@ Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||
# Patch to install both node and libnode.so, using the correct libdir
|
||||
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
|
||||
|
||||
# CVE-2021-43616
|
||||
Patch3: 0001-fix-ci-lock-file-validation.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: python3-setuptools
|
||||
@ -178,19 +183,18 @@ BuildRequires: chrpath
|
||||
BuildRequires: libatomic
|
||||
BuildRequires: systemtap-sdt-devel
|
||||
|
||||
%if %{with bootstrap}
|
||||
%if %{with bundled}
|
||||
Provides: bundled(libuv) = %{libuv_version}
|
||||
Provides: bundled(nghttp2) = %{nghttp2_version}
|
||||
%else
|
||||
BuildRequires: libuv-devel >= 1:%{libuv_version}
|
||||
Requires: libuv >= 1:%{libuv_version}
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 9
|
||||
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
||||
Requires: libnghttp2 >= %{nghttp2_version}
|
||||
%else
|
||||
%define nghttp2_configure %{nil}
|
||||
Provides: bundled(nghttp2) = %{nghttp2_version}
|
||||
Requires: libuv-devel >= 1:%{libuv_version}
|
||||
%endif
|
||||
|
||||
%if %{with bundled} || !(0%{?fedora} || 0%{?rhel} >= 9)
|
||||
Provides: bundled(nghttp2) = %{nghttp2_version}
|
||||
%else
|
||||
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
||||
Requires: libnghttp2-devel >= %{nghttp2_version}
|
||||
%endif
|
||||
|
||||
# Temporarily bundle llhttp because the upstream doesn't
|
||||
@ -258,7 +262,6 @@ Provides: bundled(icu) = %{icu_version}
|
||||
# or there's no option to built it as a shared dependency, so we bundle them
|
||||
Provides: bundled(uvwasi) = %{uvwasi_version}
|
||||
Provides: bundled(histogram) = %{histogram_version}
|
||||
Provides: bundled(corepack) = %{corepack_version}
|
||||
|
||||
%if 0%{?fedora}
|
||||
# Make sure to pull in the appropriate packaging macros when building RPMs
|
||||
@ -285,9 +288,7 @@ Requires: zlib-devel%{?_isa}
|
||||
Requires: brotli-devel%{?_isa}
|
||||
Requires: nodejs-packaging
|
||||
|
||||
%if %{with bootstrap}
|
||||
# deps are bundled
|
||||
%else
|
||||
%if %{without bundled}
|
||||
Requires: libuv-devel%{?_isa}
|
||||
%endif
|
||||
|
||||
@ -432,32 +433,20 @@ export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')"
|
||||
|
||||
export LDFLAGS="%{build_ldflags}"
|
||||
|
||||
%if %{with bootstrap}
|
||||
%{__python3} configure.py --prefix=%{_prefix} \
|
||||
--shared \
|
||||
--libdir=%{_lib} \
|
||||
--shared-openssl \
|
||||
--shared-zlib \
|
||||
--shared-brotli \
|
||||
--with-dtrace \
|
||||
--with-intl=small-icu \
|
||||
--openssl-use-def-ca-store \
|
||||
--openssl-default-cipher-list=PROFILE=SYSTEM
|
||||
%else
|
||||
%{__python3} configure.py --prefix=%{_prefix} \
|
||||
--shared \
|
||||
--libdir=%{_lib} \
|
||||
--shared-openssl \
|
||||
--shared-zlib \
|
||||
--shared-brotli \
|
||||
--shared-libuv \
|
||||
--shared-nghttp2 \
|
||||
%{!?with_bundled:--shared-libuv} \
|
||||
%{!?with_bundled:--shared-nghttp2} \
|
||||
--with-dtrace \
|
||||
--with-intl=small-icu \
|
||||
--with-icu-default-data-dir=%{icudatadir} \
|
||||
--without-corepack \
|
||||
--openssl-use-def-ca-store \
|
||||
--openssl-default-cipher-list=PROFILE=SYSTEM
|
||||
%endif
|
||||
|
||||
make BUILDTYPE=Release %{?_smp_mflags}
|
||||
|
||||
@ -571,11 +560,6 @@ find %{buildroot}%{_prefix}/lib/node_modules/npm \
|
||||
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
|
||||
chmod 0755 %{buildroot}%{_prefix}/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js
|
||||
|
||||
# Corepack contains a number of executable"shims", including some for Windows
|
||||
# PowerShell. Drop the executable bit for those so we don't pick up an
|
||||
# automatic dependency on /usr/bin/pwsh that we cannot satisfy.
|
||||
chmod -x %{buildroot}%{_prefix}/lib/node_modules/corepack/shims/*.ps1
|
||||
|
||||
# Drop the NPM default configuration in place
|
||||
mkdir -p %{buildroot}%{_sysconfdir}
|
||||
cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
|
||||
@ -631,10 +615,6 @@ end
|
||||
%dir %{_datadir}/systemtap/tapset
|
||||
%{_datadir}/systemtap/tapset/node.stp
|
||||
|
||||
# corepack
|
||||
%{_bindir}/corepack
|
||||
%{_prefix}/lib/node_modules/corepack
|
||||
|
||||
%dir %{_usr}/lib/dtrace
|
||||
%{_usr}/lib/dtrace/node.d
|
||||
|
||||
@ -708,6 +688,14 @@ end
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Aug 23 2022 Jan Staněk <jstanek@redhat.com> - 16.16.0-1
|
||||
- Rebase to version 16.16.0
|
||||
Resolves: RHBZ#2106290
|
||||
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
|
||||
|
||||
* Thu Apr 21 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-5
|
||||
- Decouple dependency bundling from bootstrapping
|
||||
|
||||
* Tue Apr 05 2022 Jan Staněk <jstanek@redhat.com> - 16.14.0-4
|
||||
- Apply lock file validation fixes
|
||||
Resolves: CVE-2021-43616
|
||||
|
Loading…
Reference in New Issue
Block a user