Compare commits
No commits in common. "c8-beta-stream-12" and "c8-stream-10" have entirely different histories.
c8-beta-st
...
c8-stream-
4
.gitignore
vendored
4
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/icu4c-67_1-src.tgz
|
SOURCES/icu4c-64_2-src.tgz
|
||||||
SOURCES/node-v12.22.12-stripped.tar.gz
|
SOURCES/node-v10.24.0-stripped.tar.gz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
6822a4a94324d1ba591b3e8ef084e4491af253c1 SOURCES/icu4c-67_1-src.tgz
|
3127155ecf2b75ab4835f501b7478e39c07bb852 SOURCES/icu4c-64_2-src.tgz
|
||||||
49c907b1445701724914a0571bf6be62a25583af SOURCES/node-v12.22.12-stripped.tar.gz
|
be0e0b385a852c376f452b3d94727492e05407e4 SOURCES/node-v10.24.0-stripped.tar.gz
|
||||||
|
@ -1,26 +1,31 @@
|
|||||||
From 641730c7d1322dacd8e1020ec0753795d01200f0 Mon Sep 17 00:00:00 2001
|
From 2cd4c12776af3da588231d3eb498e6451c30eae5 Mon Sep 17 00:00:00 2001
|
||||||
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
From: Zuzana Svetlikova <zsvetlik@redhat.com>
|
||||||
Date: Thu, 27 Apr 2017 14:25:42 +0200
|
Date: Thu, 27 Apr 2017 14:25:42 +0200
|
||||||
Subject: [PATCH] Disable running gyp on shared deps
|
Subject: [PATCH] Disable running gyp on shared deps
|
||||||
|
|
||||||
Signed-off-by: rpm-build <rpm-build>
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
---
|
---
|
||||||
Makefile | 2 +-
|
Makefile | 7 +++----
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
1 file changed, 3 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
diff --git a/Makefile b/Makefile
|
diff --git a/Makefile b/Makefile
|
||||||
index 32a8a6c..f44f88a 100644
|
index 73feb4c..45bbceb 100644
|
||||||
--- a/Makefile
|
--- a/Makefile
|
||||||
+++ b/Makefile
|
+++ b/Makefile
|
||||||
@@ -141,7 +141,7 @@ test-code-cache: with-code-cache
|
@@ -123,10 +123,9 @@ with-code-cache:
|
||||||
echo "'test-code-cache' target is a noop"
|
test-code-cache: with-code-cache
|
||||||
|
$(PYTHON) tools/test.py $(PARALLEL_ARGS) --mode=$(BUILDTYPE_LOWER) code-cache
|
||||||
|
|
||||||
out/Makefile: config.gypi common.gypi node.gyp \
|
-out/Makefile: common.gypi deps/uv/uv.gyp deps/http_parser/http_parser.gyp \
|
||||||
- deps/uv/uv.gyp deps/http_parser/http_parser.gyp deps/zlib/zlib.gyp \
|
- deps/zlib/zlib.gyp deps/v8/gypfiles/toolchain.gypi \
|
||||||
+ deps/http_parser/http_parser.gyp \
|
- deps/v8/gypfiles/features.gypi deps/v8/gypfiles/v8.gyp node.gyp \
|
||||||
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
|
- config.gypi
|
||||||
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
|
+out/Makefile: common.gypi deps/http_parser/http_parser.gyp \
|
||||||
|
+ deps/v8/gypfiles/toolchain.gypi deps/v8/gypfiles/features.gypi \
|
||||||
|
+ deps/v8/gypfiles/v8.gyp node.gyp config.gypi
|
||||||
$(PYTHON) tools/gyp_node.py -f make
|
$(PYTHON) tools/gyp_node.py -f make
|
||||||
|
|
||||||
|
config.gypi: configure configure.py
|
||||||
--
|
--
|
||||||
2.26.2
|
2.26.2
|
||||||
|
|
||||||
|
84
SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
Normal file
84
SOURCES/0002-Suppress-NPM-message-to-run-global-update.patch
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
From e7afb2d6e2a6c8f9c9c32e12a10c3c5c4902a251 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Tue, 1 May 2018 08:05:30 -0400
|
||||||
|
Subject: [PATCH] Suppress NPM message to run global update
|
||||||
|
|
||||||
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
deps/npm/bin/npm-cli.js | 54 -----------------------------------------
|
||||||
|
1 file changed, 54 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/deps/npm/bin/npm-cli.js b/deps/npm/bin/npm-cli.js
|
||||||
|
index c0d9be0..0f0892e 100755
|
||||||
|
--- a/deps/npm/bin/npm-cli.js
|
||||||
|
+++ b/deps/npm/bin/npm-cli.js
|
||||||
|
@@ -71,65 +71,11 @@
|
||||||
|
npm.command = 'help'
|
||||||
|
}
|
||||||
|
|
||||||
|
- var isGlobalNpmUpdate = conf.global && ['install', 'update'].includes(npm.command) && npm.argv.includes('npm')
|
||||||
|
-
|
||||||
|
// now actually fire up npm and run the command.
|
||||||
|
// this is how to use npm programmatically:
|
||||||
|
conf._exit = true
|
||||||
|
npm.load(conf, function (er) {
|
||||||
|
if (er) return errorHandler(er)
|
||||||
|
- if (
|
||||||
|
- !isGlobalNpmUpdate &&
|
||||||
|
- npm.config.get('update-notifier') &&
|
||||||
|
- !unsupported.checkVersion(process.version).unsupported
|
||||||
|
- ) {
|
||||||
|
- const pkg = require('../package.json')
|
||||||
|
- let notifier = require('update-notifier')({pkg})
|
||||||
|
- const isCI = require('ci-info').isCI
|
||||||
|
- if (
|
||||||
|
- notifier.update &&
|
||||||
|
- notifier.update.latest !== pkg.version &&
|
||||||
|
- !isCI
|
||||||
|
- ) {
|
||||||
|
- const color = require('ansicolors')
|
||||||
|
- const useColor = npm.config.get('color')
|
||||||
|
- const useUnicode = npm.config.get('unicode')
|
||||||
|
- const old = notifier.update.current
|
||||||
|
- const latest = notifier.update.latest
|
||||||
|
- let type = notifier.update.type
|
||||||
|
- if (useColor) {
|
||||||
|
- switch (type) {
|
||||||
|
- case 'major':
|
||||||
|
- type = color.red(type)
|
||||||
|
- break
|
||||||
|
- case 'minor':
|
||||||
|
- type = color.yellow(type)
|
||||||
|
- break
|
||||||
|
- case 'patch':
|
||||||
|
- type = color.green(type)
|
||||||
|
- break
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
- const changelog = `https://github.com/npm/cli/releases/tag/v${latest}`
|
||||||
|
- notifier.notify({
|
||||||
|
- message: `New ${type} version of ${pkg.name} available! ${
|
||||||
|
- useColor ? color.red(old) : old
|
||||||
|
- } ${useUnicode ? '→' : '->'} ${
|
||||||
|
- useColor ? color.green(latest) : latest
|
||||||
|
- }\n` +
|
||||||
|
- `${
|
||||||
|
- useColor ? color.yellow('Changelog:') : 'Changelog:'
|
||||||
|
- } ${
|
||||||
|
- useColor ? color.cyan(changelog) : changelog
|
||||||
|
- }\n` +
|
||||||
|
- `Run ${
|
||||||
|
- useColor
|
||||||
|
- ? color.green(`npm install -g ${pkg.name}`)
|
||||||
|
- : `npm i -g ${pkg.name}`
|
||||||
|
- } to update!`
|
||||||
|
- })
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
npm.commands[npm.command](npm.argv, function (err) {
|
||||||
|
// https://genius.com/Lin-manuel-miranda-your-obedient-servant-lyrics
|
||||||
|
if (
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -0,0 +1,122 @@
|
|||||||
|
From 0028cc74dac4dd24b8599ade85cb49fdafa9f559 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Fri, 6 Dec 2019 16:40:25 -0500
|
||||||
|
Subject: [PATCH] build: auto-load ICU data from --with-icu-default-data-dir
|
||||||
|
|
||||||
|
When compiled with `--with-intl=small` and
|
||||||
|
`--with-icu-default-data-dir=PATH`, Node.js will use PATH as a
|
||||||
|
fallback location for the ICU data.
|
||||||
|
|
||||||
|
We will first perform an access check using fopen(PATH, 'r') to
|
||||||
|
ensure that the file is readable. If it is, we'll set the
|
||||||
|
icu_data_directory and proceed. There's a slight overhead for the
|
||||||
|
fopen() check, but it should be barely measurable.
|
||||||
|
|
||||||
|
This will be useful for Linux distribution packagers who want to
|
||||||
|
be able to ship a minimal node binary in a container image but
|
||||||
|
also be able to add on the full i18n support where needed. With
|
||||||
|
this patch, it becomes possible to ship the interpreter as
|
||||||
|
/usr/bin/node in one package for the distribution and to ship the
|
||||||
|
data files in another package (without a strict dependency
|
||||||
|
between the two). This means that users of the distribution will
|
||||||
|
not need to explicitly direct Node.js to locate the ICU data. It
|
||||||
|
also means that in environments where full internationalization is
|
||||||
|
not required, they do not need to carry the extra content (with
|
||||||
|
the associated storage costs).
|
||||||
|
|
||||||
|
Refs: https://github.com/nodejs/node/issues/3460
|
||||||
|
|
||||||
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Signed-off-by: rpm-build <rpm-build>
|
||||||
|
---
|
||||||
|
configure.py | 9 +++++++++
|
||||||
|
node.gypi | 7 +++++++
|
||||||
|
src/node.cc | 20 ++++++++++++++++++++
|
||||||
|
3 files changed, 36 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/configure.py b/configure.py
|
||||||
|
index 89f7bf5..d611a88 100755
|
||||||
|
--- a/configure.py
|
||||||
|
+++ b/configure.py
|
||||||
|
@@ -433,6 +433,14 @@ intl_optgroup.add_option('--with-icu-source',
|
||||||
|
'the icu4c source archive. '
|
||||||
|
'v%d.x or later recommended.' % icu_versions['minimum_icu'])
|
||||||
|
|
||||||
|
+intl_optgroup.add_option('--with-icu-default-data-dir',
|
||||||
|
+ action='store',
|
||||||
|
+ dest='with_icu_default_data_dir',
|
||||||
|
+ help='Path to the icuXXdt{lb}.dat file. If unspecified, ICU data will '
|
||||||
|
+ 'only be read if the NODE_ICU_DATA environment variable or the '
|
||||||
|
+ '--icu-data-dir runtime argument is used. This option has effect '
|
||||||
|
+ 'only when Node.js is built with --with-intl=small-icu.')
|
||||||
|
+
|
||||||
|
parser.add_option('--with-ltcg',
|
||||||
|
action='store_true',
|
||||||
|
dest='with_ltcg',
|
||||||
|
@@ -1359,6 +1367,7 @@ def configure_intl(o):
|
||||||
|
locs.add('root') # must have root
|
||||||
|
o['variables']['icu_locales'] = string.join(locs,',')
|
||||||
|
# We will check a bit later if we can use the canned deps/icu-small
|
||||||
|
+ o['variables']['icu_default_data'] = options.with_icu_default_data_dir or ''
|
||||||
|
elif with_intl == 'full-icu':
|
||||||
|
# full ICU
|
||||||
|
o['variables']['v8_enable_i18n_support'] = 1
|
||||||
|
diff --git a/node.gypi b/node.gypi
|
||||||
|
index 466a174..65b97d6 100644
|
||||||
|
--- a/node.gypi
|
||||||
|
+++ b/node.gypi
|
||||||
|
@@ -113,6 +113,13 @@
|
||||||
|
'conditions': [
|
||||||
|
[ 'icu_small=="true"', {
|
||||||
|
'defines': [ 'NODE_HAVE_SMALL_ICU=1' ],
|
||||||
|
+ 'conditions': [
|
||||||
|
+ [ 'icu_default_data!=""', {
|
||||||
|
+ 'defines': [
|
||||||
|
+ 'NODE_ICU_DEFAULT_DATA_DIR="<(icu_default_data)"',
|
||||||
|
+ ],
|
||||||
|
+ }],
|
||||||
|
+ ],
|
||||||
|
}]],
|
||||||
|
}],
|
||||||
|
[ 'node_use_bundled_v8=="true" and \
|
||||||
|
diff --git a/src/node.cc b/src/node.cc
|
||||||
|
index 7c01187..c9840e3 100644
|
||||||
|
--- a/src/node.cc
|
||||||
|
+++ b/src/node.cc
|
||||||
|
@@ -92,6 +92,7 @@
|
||||||
|
|
||||||
|
#if defined(NODE_HAVE_I18N_SUPPORT)
|
||||||
|
#include <unicode/uvernum.h>
|
||||||
|
+#include <unicode/utypes.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(LEAK_SANITIZER)
|
||||||
|
@@ -2643,6 +2644,25 @@ void Init(std::vector<std::string>* argv,
|
||||||
|
// If the parameter isn't given, use the env variable.
|
||||||
|
if (per_process_opts->icu_data_dir.empty())
|
||||||
|
SafeGetenv("NODE_ICU_DATA", &per_process_opts->icu_data_dir);
|
||||||
|
+
|
||||||
|
+#ifdef NODE_ICU_DEFAULT_DATA_DIR
|
||||||
|
+ // If neither the CLI option nor the environment variable was specified,
|
||||||
|
+ // fall back to the configured default
|
||||||
|
+ if (per_process_opts->icu_data_dir.empty()) {
|
||||||
|
+ // Check whether the NODE_ICU_DEFAULT_DATA_DIR contains the right data
|
||||||
|
+ // file and can be read.
|
||||||
|
+ static const char full_path[] =
|
||||||
|
+ NODE_ICU_DEFAULT_DATA_DIR "/" U_ICUDATA_NAME ".dat";
|
||||||
|
+
|
||||||
|
+ FILE* f = fopen(full_path, "rb");
|
||||||
|
+
|
||||||
|
+ if (f != nullptr) {
|
||||||
|
+ fclose(f);
|
||||||
|
+ per_process_opts->icu_data_dir = NODE_ICU_DEFAULT_DATA_DIR;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif // NODE_ICU_DEFAULT_DATA_DIR
|
||||||
|
+
|
||||||
|
// Initialize ICU.
|
||||||
|
// If icu_data_dir is empty here, it will load the 'minimal' data.
|
||||||
|
if (!i18n::InitializeICUDirectory(per_process_opts->icu_data_dir)) {
|
||||||
|
--
|
||||||
|
2.26.2
|
||||||
|
|
@ -1,70 +0,0 @@
|
|||||||
From 63b2d16ea3985b62be372ea1da7987dc32ddcc3b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
||||||
Date: Tue, 2 Jun 2020 05:33:25 +0200
|
|
||||||
Subject: [PATCH 3/3] src: use getauxval in node_main.cc
|
|
||||||
|
|
||||||
This commit suggests using getauxval in node_main.cc.
|
|
||||||
|
|
||||||
The motivation for this is that getauxval was introduced in glibc 2.16
|
|
||||||
and looking at BUILDING.md, in the 'Platform list' section, it looks
|
|
||||||
like we now support glibc >= 2.17 and perhaps this change would be
|
|
||||||
alright now.
|
|
||||||
|
|
||||||
PR-URL: https://github.com/nodejs/node/pull/33693
|
|
||||||
Refs: https://github.com/nodejs/node/pull/12548
|
|
||||||
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
|
||||||
Reviewed-By: David Carlier <devnexen@gmail.com>
|
|
||||||
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
||||||
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
|
|
||||||
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
||||||
---
|
|
||||||
src/node_main.cc | 18 ++----------------
|
|
||||||
1 file changed, 2 insertions(+), 16 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/node_main.cc b/src/node_main.cc
|
|
||||||
index e92c0df94297e2ece43dbdf71166e555713ef6f2..70be5b83fafcde596e65086b08305aa89702fd52 100644
|
|
||||||
--- a/src/node_main.cc
|
|
||||||
+++ b/src/node_main.cc
|
|
||||||
@@ -72,17 +72,11 @@ int wmain(int argc, wchar_t* wargv[]) {
|
|
||||||
return node::Start(argc, argv);
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
// UNIX
|
|
||||||
#ifdef __linux__
|
|
||||||
-#include <elf.h>
|
|
||||||
-#ifdef __LP64__
|
|
||||||
-#define Elf_auxv_t Elf64_auxv_t
|
|
||||||
-#else
|
|
||||||
-#define Elf_auxv_t Elf32_auxv_t
|
|
||||||
-#endif // __LP64__
|
|
||||||
-extern char** environ;
|
|
||||||
+#include <sys/auxv.h>
|
|
||||||
#endif // __linux__
|
|
||||||
#if defined(__POSIX__) && defined(NODE_SHARED_MODE)
|
|
||||||
#include <string.h>
|
|
||||||
#include <signal.h>
|
|
||||||
#endif
|
|
||||||
@@ -107,19 +101,11 @@ int main(int argc, char* argv[]) {
|
|
||||||
sigaction(SIGPIPE, &act, nullptr);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(__linux__)
|
|
||||||
- char** envp = environ;
|
|
||||||
- while (*envp++ != nullptr) {}
|
|
||||||
- Elf_auxv_t* auxv = reinterpret_cast<Elf_auxv_t*>(envp);
|
|
||||||
- for (; auxv->a_type != AT_NULL; auxv++) {
|
|
||||||
- if (auxv->a_type == AT_SECURE) {
|
|
||||||
- node::per_process::linux_at_secure = auxv->a_un.a_val;
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
+ node::per_process::linux_at_secure = getauxval(AT_SECURE);
|
|
||||||
#endif
|
|
||||||
// Disable stdio buffering, it interacts poorly with printf()
|
|
||||||
// calls elsewhere in the program (e.g., any logging from V8.)
|
|
||||||
setvbuf(stdout, nullptr, _IONBF, 0);
|
|
||||||
setvbuf(stderr, nullptr, _IONBF, 0);
|
|
||||||
--
|
|
||||||
2.30.1
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
|||||||
|
diff --git a/deps/npm/node_modules/y18n/index.js b/deps/npm/node_modules/y18n/index.js
|
||||||
|
index d720681628..727362aac0 100644
|
||||||
|
--- a/deps/npm/node_modules/y18n/index.js
|
||||||
|
+++ b/deps/npm/node_modules/y18n/index.js
|
||||||
|
@@ -11,7 +11,7 @@ function Y18N (opts) {
|
||||||
|
this.fallbackToLanguage = typeof opts.fallbackToLanguage === 'boolean' ? opts.fallbackToLanguage : true
|
||||||
|
|
||||||
|
// internal stuff.
|
||||||
|
- this.cache = {}
|
||||||
|
+ this.cache = Object.create(null)
|
||||||
|
this.writeQueue = []
|
||||||
|
}
|
||||||
|
|
@ -1,622 +0,0 @@
|
|||||||
From 7bc4111b770ada25cdd6e1b938ca7a914617ea53 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?V=C3=ADt=20Ondruch?= <vondruch@redhat.com>
|
|
||||||
Date: Tue, 25 Aug 2020 14:04:54 +0200
|
|
||||||
Subject: [PATCH] crypto: make FIPS related options always awailable
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
There is no reason to hide FIPS functionality behind build flags.
|
|
||||||
OpenSSL always provide the information about FIPS availability via
|
|
||||||
`FIPS_mode()` function.
|
|
||||||
|
|
||||||
This makes the user experience more consistent, because the OpenSSL
|
|
||||||
library is always queried and the `crypto.getFips()` always returns
|
|
||||||
OpenSSL settings.
|
|
||||||
|
|
||||||
Fixes #34903
|
|
||||||
|
|
||||||
PR-URL: https://github.com/nodejs/node/pull/36341
|
|
||||||
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
||||||
Reviewed-By: Michael Dawson <midawson@redhat.com>
|
|
||||||
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
|
|
||||||
Signed-off-by: Jan Staněk <jstanek@redhat.com>
|
|
||||||
---
|
|
||||||
doc/api/cli.md | 8 +--
|
|
||||||
lib/crypto.js | 22 ++----
|
|
||||||
node.gypi | 3 -
|
|
||||||
src/node.cc | 6 +-
|
|
||||||
src/node_config.cc | 2 -
|
|
||||||
src/node_crypto.cc | 45 +++++++-----
|
|
||||||
src/node_options.cc | 2 -
|
|
||||||
src/node_options.h | 2 -
|
|
||||||
test/parallel/test-cli-node-print-help.js | 7 +-
|
|
||||||
test/parallel/test-crypto-fips.js | 71 +++++++++----------
|
|
||||||
...rocess-env-allowed-flags-are-documented.js | 11 +--
|
|
||||||
11 files changed, 74 insertions(+), 105 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/doc/api/cli.md b/doc/api/cli.md
|
|
||||||
index 86635f267b..6f14fa6810 100644
|
|
||||||
--- a/doc/api/cli.md
|
|
||||||
+++ b/doc/api/cli.md
|
|
||||||
@@ -183,8 +183,8 @@ code from strings throw an exception instead. This does not affect the Node.js
|
|
||||||
added: v6.0.0
|
|
||||||
-->
|
|
||||||
|
|
||||||
-Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with
|
|
||||||
-`./configure --openssl-fips`.)
|
|
||||||
+Enable FIPS-compliant crypto at startup. (Requires Node.js to be built
|
|
||||||
+against FIPS-compatible OpenSSL.)
|
|
||||||
|
|
||||||
### `--enable-source-maps`
|
|
||||||
<!-- YAML
|
|
||||||
@@ -550,8 +550,8 @@ added: v6.9.0
|
|
||||||
-->
|
|
||||||
|
|
||||||
Load an OpenSSL configuration file on startup. Among other uses, this can be
|
|
||||||
-used to enable FIPS-compliant crypto if Node.js is built with
|
|
||||||
-`./configure --openssl-fips`.
|
|
||||||
+used to enable FIPS-compliant crypto if Node.js is built
|
|
||||||
+against FIPS-enabled OpenSSL.
|
|
||||||
|
|
||||||
### `--pending-deprecation`
|
|
||||||
<!-- YAML
|
|
||||||
diff --git a/lib/crypto.js b/lib/crypto.js
|
|
||||||
index b2bcc4d0a4..93d5e21fa0 100644
|
|
||||||
--- a/lib/crypto.js
|
|
||||||
+++ b/lib/crypto.js
|
|
||||||
@@ -37,12 +37,10 @@ assertCrypto();
|
|
||||||
|
|
||||||
const {
|
|
||||||
ERR_CRYPTO_FIPS_FORCED,
|
|
||||||
- ERR_CRYPTO_FIPS_UNAVAILABLE
|
|
||||||
} = require('internal/errors').codes;
|
|
||||||
const constants = internalBinding('constants').crypto;
|
|
||||||
const { getOptionValue } = require('internal/options');
|
|
||||||
const pendingDeprecation = getOptionValue('--pending-deprecation');
|
|
||||||
-const { fipsMode } = internalBinding('config');
|
|
||||||
const fipsForced = getOptionValue('--force-fips');
|
|
||||||
const {
|
|
||||||
getFipsCrypto,
|
|
||||||
@@ -191,10 +189,8 @@ module.exports = {
|
|
||||||
sign: signOneShot,
|
|
||||||
setEngine,
|
|
||||||
timingSafeEqual,
|
|
||||||
- getFips: !fipsMode ? getFipsDisabled :
|
|
||||||
- fipsForced ? getFipsForced : getFipsCrypto,
|
|
||||||
- setFips: !fipsMode ? setFipsDisabled :
|
|
||||||
- fipsForced ? setFipsForced : setFipsCrypto,
|
|
||||||
+ getFips: fipsForced ? getFipsForced : getFipsCrypto,
|
|
||||||
+ setFips: fipsForced ? setFipsForced : setFipsCrypto,
|
|
||||||
verify: verifyOneShot,
|
|
||||||
|
|
||||||
// Classes
|
|
||||||
@@ -213,19 +209,11 @@ module.exports = {
|
|
||||||
Verify
|
|
||||||
};
|
|
||||||
|
|
||||||
-function setFipsDisabled() {
|
|
||||||
- throw new ERR_CRYPTO_FIPS_UNAVAILABLE();
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
function setFipsForced(val) {
|
|
||||||
if (val) return;
|
|
||||||
throw new ERR_CRYPTO_FIPS_FORCED();
|
|
||||||
}
|
|
||||||
|
|
||||||
-function getFipsDisabled() {
|
|
||||||
- return 0;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
function getFipsForced() {
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
@@ -247,10 +235,8 @@ ObjectDefineProperties(module.exports, {
|
|
||||||
},
|
|
||||||
// crypto.fips is deprecated. DEP0093. Use crypto.getFips()/crypto.setFips()
|
|
||||||
fips: {
|
|
||||||
- get: !fipsMode ? getFipsDisabled :
|
|
||||||
- fipsForced ? getFipsForced : getFipsCrypto,
|
|
||||||
- set: !fipsMode ? setFipsDisabled :
|
|
||||||
- fipsForced ? setFipsForced : setFipsCrypto
|
|
||||||
+ get: fipsForced ? getFipsForced : getFipsCrypto,
|
|
||||||
+ set: fipsForced ? setFipsForced : setFipsCrypto
|
|
||||||
},
|
|
||||||
DEFAULT_ENCODING: {
|
|
||||||
enumerable: false,
|
|
||||||
diff --git a/node.gypi b/node.gypi
|
|
||||||
index 116c1c7149..34f385f652 100644
|
|
||||||
--- a/node.gypi
|
|
||||||
+++ b/node.gypi
|
|
||||||
@@ -320,9 +320,6 @@
|
|
||||||
[ 'node_use_openssl=="true"', {
|
|
||||||
'defines': [ 'HAVE_OPENSSL=1' ],
|
|
||||||
'conditions': [
|
|
||||||
- ['openssl_fips != "" or openssl_is_fips=="true"', {
|
|
||||||
- 'defines': [ 'NODE_FIPS_MODE' ],
|
|
||||||
- }],
|
|
||||||
[ 'node_shared_openssl=="false"', {
|
|
||||||
'dependencies': [
|
|
||||||
'./deps/openssl/openssl.gyp:openssl',
|
|
||||||
diff --git a/src/node.cc b/src/node.cc
|
|
||||||
index 46e8f74cc2..0a5c3ee8ee 100644
|
|
||||||
--- a/src/node.cc
|
|
||||||
+++ b/src/node.cc
|
|
||||||
@@ -964,11 +964,11 @@ InitializationResult InitializeOncePerProcess(int argc, char** argv) {
|
|
||||||
if (credentials::SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs))
|
|
||||||
crypto::UseExtraCaCerts(extra_ca_certs);
|
|
||||||
}
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
// In the case of FIPS builds we should make sure
|
|
||||||
// the random source is properly initialized first.
|
|
||||||
- OPENSSL_init();
|
|
||||||
-#endif // NODE_FIPS_MODE
|
|
||||||
+ if (FIPS_mode()) {
|
|
||||||
+ OPENSSL_init();
|
|
||||||
+ }
|
|
||||||
// V8 on Windows doesn't have a good source of entropy. Seed it from
|
|
||||||
// OpenSSL's pool.
|
|
||||||
V8::SetEntropySource(crypto::EntropySource);
|
|
||||||
diff --git a/src/node_config.cc b/src/node_config.cc
|
|
||||||
index 6ee3164a13..e229eee765 100644
|
|
||||||
--- a/src/node_config.cc
|
|
||||||
+++ b/src/node_config.cc
|
|
||||||
@@ -42,9 +42,7 @@ static void Initialize(Local<Object> target,
|
|
||||||
READONLY_FALSE_PROPERTY(target, "hasOpenSSL");
|
|
||||||
#endif // HAVE_OPENSSL
|
|
||||||
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
READONLY_TRUE_PROPERTY(target, "fipsMode");
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
#ifdef NODE_HAVE_I18N_SUPPORT
|
|
||||||
|
|
||||||
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
|
|
||||||
index 764dcb8720..f142e625ef 100644
|
|
||||||
--- a/src/node_crypto.cc
|
|
||||||
+++ b/src/node_crypto.cc
|
|
||||||
@@ -50,6 +50,11 @@
|
|
||||||
#include <openssl/hmac.h>
|
|
||||||
#include <openssl/rand.h>
|
|
||||||
#include <openssl/pkcs12.h>
|
|
||||||
+// The FIPS-related functions are only available
|
|
||||||
+// when the OpenSSL itself was compiled with FIPS support.
|
|
||||||
+#ifdef OPENSSL_FIPS
|
|
||||||
+#include <openssl/fips.h>
|
|
||||||
+#endif // OPENSSL_FIPS
|
|
||||||
|
|
||||||
#include <cerrno>
|
|
||||||
#include <climits> // INT_MAX
|
|
||||||
@@ -97,6 +102,7 @@ using v8::Signature;
|
|
||||||
using v8::String;
|
|
||||||
using v8::Uint32;
|
|
||||||
using v8::Undefined;
|
|
||||||
+using v8::TryCatch;
|
|
||||||
using v8::Value;
|
|
||||||
|
|
||||||
#ifdef OPENSSL_NO_OCB
|
|
||||||
@@ -3595,12 +3601,10 @@ void CipherBase::Init(const char* cipher_type,
|
|
||||||
HandleScope scope(env()->isolate());
|
|
||||||
MarkPopErrorOnReturn mark_pop_error_on_return;
|
|
||||||
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
if (FIPS_mode()) {
|
|
||||||
return env()->ThrowError(
|
|
||||||
"crypto.createCipher() is not supported in FIPS mode.");
|
|
||||||
}
|
|
||||||
-#endif // NODE_FIPS_MODE
|
|
||||||
|
|
||||||
const EVP_CIPHER* const cipher = EVP_get_cipherbyname(cipher_type);
|
|
||||||
if (cipher == nullptr)
|
|
||||||
@@ -3786,13 +3790,11 @@ bool CipherBase::InitAuthenticated(const char* cipher_type, int iv_len,
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
// TODO(tniessen) Support CCM decryption in FIPS mode
|
|
||||||
if (mode == EVP_CIPH_CCM_MODE && kind_ == kDecipher && FIPS_mode()) {
|
|
||||||
env()->ThrowError("CCM decryption not supported in FIPS mode");
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
// Tell OpenSSL about the desired length.
|
|
||||||
if (!EVP_CIPHER_CTX_ctrl(ctx_.get(), EVP_CTRL_AEAD_SET_TAG, auth_tag_len,
|
|
||||||
@@ -4712,7 +4714,6 @@ static AllocatedBuffer Node_SignFinal(Environment* env,
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline bool ValidateDSAParameters(EVP_PKEY* key) {
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
/* Validate DSA2 parameters from FIPS 186-4 */
|
|
||||||
if (FIPS_mode() && EVP_PKEY_DSA == EVP_PKEY_base_id(key)) {
|
|
||||||
DSA* dsa = EVP_PKEY_get0_DSA(key);
|
|
||||||
@@ -4728,7 +4729,6 @@ static inline bool ValidateDSAParameters(EVP_PKEY* key) {
|
|
||||||
(L == 2048 && N == 256) ||
|
|
||||||
(L == 3072 && N == 256);
|
|
||||||
}
|
|
||||||
-#endif // NODE_FIPS_MODE
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
@@ -6889,7 +6889,6 @@ void InitCryptoOnce() {
|
|
||||||
settings = nullptr;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
/* Override FIPS settings in cnf file, if needed. */
|
|
||||||
unsigned long err = 0; // NOLINT(runtime/int)
|
|
||||||
if (per_process::cli_options->enable_fips_crypto ||
|
|
||||||
@@ -6899,12 +6898,10 @@ void InitCryptoOnce() {
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if (0 != err) {
|
|
||||||
- fprintf(stderr,
|
|
||||||
- "openssl fips failed: %s\n",
|
|
||||||
- ERR_error_string(err, nullptr));
|
|
||||||
- UNREACHABLE();
|
|
||||||
+ auto* isolate = Isolate::GetCurrent();
|
|
||||||
+ auto* env = Environment::GetCurrent(isolate);
|
|
||||||
+ return ThrowCryptoError(env, err);
|
|
||||||
}
|
|
||||||
-#endif // NODE_FIPS_MODE
|
|
||||||
|
|
||||||
|
|
||||||
// Turn off compression. Saves memory and protects against CRIME attacks.
|
|
||||||
@@ -6950,7 +6947,6 @@ void SetEngine(const FunctionCallbackInfo<Value>& args) {
|
|
||||||
}
|
|
||||||
#endif // !OPENSSL_NO_ENGINE
|
|
||||||
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
|
|
||||||
args.GetReturnValue().Set(FIPS_mode() ? 1 : 0);
|
|
||||||
}
|
|
||||||
@@ -6968,17 +6964,33 @@ void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
|
|
||||||
return ThrowCryptoError(env, err);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
-#endif /* NODE_FIPS_MODE */
|
|
||||||
+
|
|
||||||
+void TestFipsCrypto(const v8::FunctionCallbackInfo<v8::Value>& args) {
|
|
||||||
+#ifdef OPENSSL_FIPS
|
|
||||||
+ const auto enabled = FIPS_selftest() ? 1 : 0;
|
|
||||||
+#else // OPENSSL_FIPS
|
|
||||||
+ const auto enabled = 0;
|
|
||||||
+#endif // OPENSSL_FIPS
|
|
||||||
+
|
|
||||||
+ args.GetReturnValue().Set(enabled);
|
|
||||||
+}
|
|
||||||
|
|
||||||
|
|
||||||
void Initialize(Local<Object> target,
|
|
||||||
Local<Value> unused,
|
|
||||||
Local<Context> context,
|
|
||||||
void* priv) {
|
|
||||||
+ Environment* env = Environment::GetCurrent(context);
|
|
||||||
+
|
|
||||||
static uv_once_t init_once = UV_ONCE_INIT;
|
|
||||||
+ TryCatch try_catch{env->isolate()};
|
|
||||||
uv_once(&init_once, InitCryptoOnce);
|
|
||||||
|
|
||||||
- Environment* env = Environment::GetCurrent(context);
|
|
||||||
+ if (try_catch.HasCaught() && !try_catch.HasTerminated()) {
|
|
||||||
+ try_catch.ReThrow();
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
SecureContext::Initialize(env, target);
|
|
||||||
target->Set(env->context(),
|
|
||||||
FIXED_ONE_BYTE_STRING(env->isolate(), "KeyObjectHandle"),
|
|
||||||
@@ -7007,10 +7019,9 @@ void Initialize(Local<Object> target,
|
|
||||||
env->SetMethod(target, "setEngine", SetEngine);
|
|
||||||
#endif // !OPENSSL_NO_ENGINE
|
|
||||||
|
|
||||||
-#ifdef NODE_FIPS_MODE
|
|
||||||
env->SetMethodNoSideEffect(target, "getFipsCrypto", GetFipsCrypto);
|
|
||||||
env->SetMethod(target, "setFipsCrypto", SetFipsCrypto);
|
|
||||||
-#endif
|
|
||||||
+ env->SetMethodNoSideEffect(target, "testFipsCrypto", TestFipsCrypto);
|
|
||||||
|
|
||||||
env->SetMethod(target, "pbkdf2", PBKDF2);
|
|
||||||
env->SetMethod(target, "generateKeyPairRSA", GenerateKeyPairRSA);
|
|
||||||
diff --git a/src/node_options.cc b/src/node_options.cc
|
|
||||||
index 0240b2ef58..d1230da1ad 100644
|
|
||||||
--- a/src/node_options.cc
|
|
||||||
+++ b/src/node_options.cc
|
|
||||||
@@ -729,7 +729,6 @@ PerProcessOptionsParser::PerProcessOptionsParser(
|
|
||||||
&PerProcessOptions::ssl_openssl_cert_store);
|
|
||||||
Implies("--use-openssl-ca", "[ssl_openssl_cert_store]");
|
|
||||||
ImpliesNot("--use-bundled-ca", "[ssl_openssl_cert_store]");
|
|
||||||
-#if NODE_FIPS_MODE
|
|
||||||
AddOption("--enable-fips",
|
|
||||||
"enable FIPS crypto at startup",
|
|
||||||
&PerProcessOptions::enable_fips_crypto,
|
|
||||||
@@ -738,7 +737,6 @@ PerProcessOptionsParser::PerProcessOptionsParser(
|
|
||||||
"force FIPS crypto (cannot be disabled)",
|
|
||||||
&PerProcessOptions::force_fips_crypto,
|
|
||||||
kAllowedInEnvironment);
|
|
||||||
-#endif
|
|
||||||
#endif
|
|
||||||
AddOption("--use-largepages",
|
|
||||||
"Map the Node.js static code to large pages. Options are "
|
|
||||||
diff --git a/src/node_options.h b/src/node_options.h
|
|
||||||
index aa138c6970..f5e1e7da57 100644
|
|
||||||
--- a/src/node_options.h
|
|
||||||
+++ b/src/node_options.h
|
|
||||||
@@ -236,10 +236,8 @@ class PerProcessOptions : public Options {
|
|
||||||
#endif
|
|
||||||
bool use_openssl_ca = false;
|
|
||||||
bool use_bundled_ca = false;
|
|
||||||
-#if NODE_FIPS_MODE
|
|
||||||
bool enable_fips_crypto = false;
|
|
||||||
bool force_fips_crypto = false;
|
|
||||||
-#endif
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// Per-process because reports can be triggered outside a known V8 context.
|
|
||||||
diff --git a/test/parallel/test-cli-node-print-help.js b/test/parallel/test-cli-node-print-help.js
|
|
||||||
index e115124b04..ed58bf085c 100644
|
|
||||||
--- a/test/parallel/test-cli-node-print-help.js
|
|
||||||
+++ b/test/parallel/test-cli-node-print-help.js
|
|
||||||
@@ -8,8 +8,6 @@ const common = require('../common');
|
|
||||||
|
|
||||||
const assert = require('assert');
|
|
||||||
const { exec } = require('child_process');
|
|
||||||
-const { internalBinding } = require('internal/test/binding');
|
|
||||||
-const { fipsMode } = internalBinding('config');
|
|
||||||
let stdOut;
|
|
||||||
|
|
||||||
|
|
||||||
@@ -29,9 +27,8 @@ function validateNodePrintHelp() {
|
|
||||||
const cliHelpOptions = [
|
|
||||||
{ compileConstant: HAVE_OPENSSL,
|
|
||||||
flags: [ '--openssl-config=...', '--tls-cipher-list=...',
|
|
||||||
- '--use-bundled-ca', '--use-openssl-ca' ] },
|
|
||||||
- { compileConstant: fipsMode,
|
|
||||||
- flags: [ '--enable-fips', '--force-fips' ] },
|
|
||||||
+ '--use-bundled-ca', '--use-openssl-ca',
|
|
||||||
+ '--enable-fips', '--force-fips' ] },
|
|
||||||
{ compileConstant: NODE_HAVE_I18N_SUPPORT,
|
|
||||||
flags: [ '--icu-data-dir=...', 'NODE_ICU_DATA' ] },
|
|
||||||
{ compileConstant: HAVE_INSPECTOR,
|
|
||||||
diff --git a/test/parallel/test-crypto-fips.js b/test/parallel/test-crypto-fips.js
|
|
||||||
index eae3134402..a1ed645184 100644
|
|
||||||
--- a/test/parallel/test-crypto-fips.js
|
|
||||||
+++ b/test/parallel/test-crypto-fips.js
|
|
||||||
@@ -9,27 +9,20 @@ const spawnSync = require('child_process').spawnSync;
|
|
||||||
const path = require('path');
|
|
||||||
const fixtures = require('../common/fixtures');
|
|
||||||
const { internalBinding } = require('internal/test/binding');
|
|
||||||
-const { fipsMode } = internalBinding('config');
|
|
||||||
+const { testFipsCrypto } = internalBinding('crypto');
|
|
||||||
|
|
||||||
const FIPS_ENABLED = 1;
|
|
||||||
const FIPS_DISABLED = 0;
|
|
||||||
-const FIPS_ERROR_STRING =
|
|
||||||
- 'Error [ERR_CRYPTO_FIPS_UNAVAILABLE]: Cannot set FIPS mode in a ' +
|
|
||||||
- 'non-FIPS build.';
|
|
||||||
const FIPS_ERROR_STRING2 =
|
|
||||||
'Error [ERR_CRYPTO_FIPS_FORCED]: Cannot set FIPS mode, it was forced with ' +
|
|
||||||
'--force-fips at startup.';
|
|
||||||
-const OPTION_ERROR_STRING = 'bad option';
|
|
||||||
+const FIPS_UNSUPPORTED_ERROR_STRING = 'fips mode not supported';
|
|
||||||
|
|
||||||
const CNF_FIPS_ON = fixtures.path('openssl_fips_enabled.cnf');
|
|
||||||
const CNF_FIPS_OFF = fixtures.path('openssl_fips_disabled.cnf');
|
|
||||||
|
|
||||||
let num_children_ok = 0;
|
|
||||||
|
|
||||||
-function compiledWithFips() {
|
|
||||||
- return fipsMode ? true : false;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
function sharedOpenSSL() {
|
|
||||||
return process.config.variables.node_shared_openssl;
|
|
||||||
}
|
|
||||||
@@ -75,17 +68,17 @@ testHelper(
|
|
||||||
|
|
||||||
// --enable-fips should turn FIPS mode on
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--enable-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// --force-fips should turn FIPS mode on
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--force-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
@@ -106,7 +99,7 @@ if (!sharedOpenSSL()) {
|
|
||||||
testHelper(
|
|
||||||
'stdout',
|
|
||||||
[`--openssl-config=${CNF_FIPS_ON}`],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : FIPS_DISABLED,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_DISABLED,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
@@ -114,7 +107,7 @@ if (!sharedOpenSSL()) {
|
|
||||||
testHelper(
|
|
||||||
'stdout',
|
|
||||||
[],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : FIPS_DISABLED,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_DISABLED,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_ON }));
|
|
||||||
|
|
||||||
@@ -122,7 +115,7 @@ if (!sharedOpenSSL()) {
|
|
||||||
testHelper(
|
|
||||||
'stdout',
|
|
||||||
[`--openssl-config=${CNF_FIPS_ON}`],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : FIPS_DISABLED,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_DISABLED,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_OFF }));
|
|
||||||
}
|
|
||||||
@@ -136,50 +129,50 @@ testHelper(
|
|
||||||
|
|
||||||
// --enable-fips should take precedence over OpenSSL config file
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--enable-fips', `--openssl-config=${CNF_FIPS_OFF}`],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// OPENSSL_CONF should _not_ make a difference to --enable-fips
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--enable-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_OFF }));
|
|
||||||
|
|
||||||
// --force-fips should take precedence over OpenSSL config file
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--force-fips', `--openssl-config=${CNF_FIPS_OFF}`],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// Using OPENSSL_CONF should not make a difference to --force-fips
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--force-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").getFips()',
|
|
||||||
Object.assign({}, process.env, { 'OPENSSL_CONF': CNF_FIPS_OFF }));
|
|
||||||
|
|
||||||
// setFipsCrypto should be able to turn FIPS mode on
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
[],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : FIPS_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'(require("crypto").setFips(true),' +
|
|
||||||
'require("crypto").getFips())',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// setFipsCrypto should be able to turn FIPS mode on and off
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
[],
|
|
||||||
- compiledWithFips() ? FIPS_DISABLED : FIPS_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_DISABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'(require("crypto").setFips(true),' +
|
|
||||||
'require("crypto").setFips(false),' +
|
|
||||||
'require("crypto").getFips())',
|
|
||||||
@@ -187,27 +180,27 @@ testHelper(
|
|
||||||
|
|
||||||
// setFipsCrypto takes precedence over OpenSSL config file, FIPS on
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
[`--openssl-config=${CNF_FIPS_OFF}`],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : FIPS_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'(require("crypto").setFips(true),' +
|
|
||||||
'require("crypto").getFips())',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// setFipsCrypto takes precedence over OpenSSL config file, FIPS off
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ 'stdout',
|
|
||||||
[`--openssl-config=${CNF_FIPS_ON}`],
|
|
||||||
- compiledWithFips() ? FIPS_DISABLED : FIPS_ERROR_STRING,
|
|
||||||
+ FIPS_DISABLED,
|
|
||||||
'(require("crypto").setFips(false),' +
|
|
||||||
'require("crypto").getFips())',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// --enable-fips does not prevent use of setFipsCrypto API
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--enable-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_DISABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_DISABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'(require("crypto").setFips(false),' +
|
|
||||||
'require("crypto").getFips())',
|
|
||||||
process.env);
|
|
||||||
@@ -216,15 +209,15 @@ testHelper(
|
|
||||||
testHelper(
|
|
||||||
'stderr',
|
|
||||||
['--force-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ERROR_STRING2 : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ERROR_STRING2 : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").setFips(false)',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
// --force-fips makes setFipsCrypto enable a no-op (FIPS stays on)
|
|
||||||
testHelper(
|
|
||||||
- compiledWithFips() ? 'stdout' : 'stderr',
|
|
||||||
+ testFipsCrypto() ? 'stdout' : 'stderr',
|
|
||||||
['--force-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ENABLED : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ENABLED : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'(require("crypto").setFips(true),' +
|
|
||||||
'require("crypto").getFips())',
|
|
||||||
process.env);
|
|
||||||
@@ -233,7 +226,7 @@ testHelper(
|
|
||||||
testHelper(
|
|
||||||
'stderr',
|
|
||||||
['--force-fips', '--enable-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ERROR_STRING2 : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ERROR_STRING2 : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").setFips(false)',
|
|
||||||
process.env);
|
|
||||||
|
|
||||||
@@ -241,6 +234,6 @@ testHelper(
|
|
||||||
testHelper(
|
|
||||||
'stderr',
|
|
||||||
['--enable-fips', '--force-fips'],
|
|
||||||
- compiledWithFips() ? FIPS_ERROR_STRING2 : OPTION_ERROR_STRING,
|
|
||||||
+ testFipsCrypto() ? FIPS_ERROR_STRING2 : FIPS_UNSUPPORTED_ERROR_STRING,
|
|
||||||
'require("crypto").setFips(false)',
|
|
||||||
process.env);
|
|
||||||
diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
|
|
||||||
index 0e0af9471c..af10809634 100644
|
|
||||||
--- a/test/parallel/test-process-env-allowed-flags-are-documented.js
|
|
||||||
+++ b/test/parallel/test-process-env-allowed-flags-are-documented.js
|
|
||||||
@@ -44,17 +44,8 @@ const conditionalOpts = [
|
|
||||||
{ include: common.hasCrypto,
|
|
||||||
filter: (opt) => {
|
|
||||||
return ['--openssl-config', '--tls-cipher-list', '--use-bundled-ca',
|
|
||||||
- '--use-openssl-ca' ].includes(opt);
|
|
||||||
+ '--use-openssl-ca', '--enable-fips', '--force-fips' ].includes(opt);
|
|
||||||
} },
|
|
||||||
- {
|
|
||||||
- // We are using openssl_is_fips from the configuration because it could be
|
|
||||||
- // the case that OpenSSL is FIPS compatible but fips has not been enabled
|
|
||||||
- // (starting node with --enable-fips). If we use common.hasFipsCrypto
|
|
||||||
- // that would only tells us if fips has been enabled, but in this case we
|
|
||||||
- // want to check options which will be available regardless of whether fips
|
|
||||||
- // is enabled at runtime or not.
|
|
||||||
- include: process.config.variables.openssl_is_fips,
|
|
||||||
- filter: (opt) => opt.includes('-fips') },
|
|
||||||
{ include: common.hasIntl,
|
|
||||||
filter: (opt) => opt === '--icu-data-dir' },
|
|
||||||
{ include: process.features.inspector,
|
|
||||||
--
|
|
||||||
2.31.1
|
|
||||||
|
|
@ -161,12 +161,6 @@ grep "define HTTP_PARSER_VERSION_MAJOR" node-v${version}/deps/http_parser/http_p
|
|||||||
grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
|
grep "define HTTP_PARSER_VERSION_MINOR" node-v${version}/deps/http_parser/http_parser.h
|
||||||
grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
|
grep "define HTTP_PARSER_VERSION_PATCH" node-v${version}/deps/http_parser/http_parser.h
|
||||||
echo
|
echo
|
||||||
echo "llhttp"
|
|
||||||
echo "========================="
|
|
||||||
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
|
|
||||||
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
|
|
||||||
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
|
|
||||||
echo
|
|
||||||
echo "libuv"
|
echo "libuv"
|
||||||
echo "========================="
|
echo "========================="
|
||||||
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
|
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
|
||||||
@ -189,16 +183,6 @@ echo "npm"
|
|||||||
echo "========================="
|
echo "========================="
|
||||||
grep "\"version\":" node-v${version}/deps/npm/package.json
|
grep "\"version\":" node-v${version}/deps/npm/package.json
|
||||||
echo
|
echo
|
||||||
echo "uvwasi"
|
|
||||||
echo "========================="
|
|
||||||
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
|
|
||||||
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
|
|
||||||
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
|
|
||||||
echo
|
|
||||||
echo "brotli"
|
|
||||||
echo "========================="
|
|
||||||
grep "#define BROTLI_VERSION" node-v${version}/deps/brotli/c/common/version.h
|
|
||||||
echo
|
|
||||||
echo "Make sure these versions match what is in the RPM spec file"
|
echo "Make sure these versions match what is in the RPM spec file"
|
||||||
|
|
||||||
rm -rf node-v${version}
|
rm -rf node-v${version}
|
||||||
|
@ -1,2 +1 @@
|
|||||||
prefix=/usr/local
|
prefix=/usr/local
|
||||||
python=/usr/bin/python3
|
|
||||||
|
@ -1,9 +1,4 @@
|
|||||||
%global with_debug 0
|
%global with_debug 0
|
||||||
%global with_libs 0
|
|
||||||
|
|
||||||
# set to 1 for RHEL >= 8.3
|
|
||||||
# RHBZ#1856776 - brotli needed for nodejs-devel is not available
|
|
||||||
%bcond_with shared_brotli
|
|
||||||
|
|
||||||
# PowerPC, s390x and aarch64 segfault during Debug builds
|
# PowerPC, s390x and aarch64 segfault during Debug builds
|
||||||
# https://github.com/nodejs/node/issues/20642
|
# https://github.com/nodejs/node/issues/20642
|
||||||
@ -15,7 +10,7 @@
|
|||||||
%bcond_with bootstrap
|
%bcond_with bootstrap
|
||||||
|
|
||||||
# == Master Relase ==
|
# == Master Relase ==
|
||||||
# This is used by both the nodejs package and the npm subpackage thar
|
# This is used by both the nodejs package and the npm subpackage that
|
||||||
# has a separate version - the name is special so that rpmdev-bumpspec
|
# has a separate version - the name is special so that rpmdev-bumpspec
|
||||||
# will bump this rather than adding .1 to the end.
|
# will bump this rather than adding .1 to the end.
|
||||||
%global baserelease 1
|
%global baserelease 1
|
||||||
@ -28,14 +23,12 @@
|
|||||||
# feature releases that are only supported for nine months, which is shorter
|
# feature releases that are only supported for nine months, which is shorter
|
||||||
# than a Fedora release lifecycle.
|
# than a Fedora release lifecycle.
|
||||||
%global nodejs_epoch 1
|
%global nodejs_epoch 1
|
||||||
%global nodejs_major 12
|
%global nodejs_major 10
|
||||||
%global nodejs_minor 22
|
%global nodejs_minor 24
|
||||||
%global nodejs_patch 12
|
%global nodejs_patch 0
|
||||||
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
%global nodejs_abi %{nodejs_major}.%{nodejs_minor}
|
||||||
%if %{?with_libs} == 1
|
|
||||||
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
# nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
|
||||||
%global nodejs_soversion 72
|
%global nodejs_soversion 64
|
||||||
%endif
|
|
||||||
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
|
%global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
|
||||||
%global nodejs_release %{baserelease}
|
%global nodejs_release %{baserelease}
|
||||||
|
|
||||||
@ -45,10 +38,10 @@
|
|||||||
# v8 - from deps/v8/include/v8-version.h
|
# v8 - from deps/v8/include/v8-version.h
|
||||||
# Epoch is set to ensure clean upgrades from the old v8 package
|
# Epoch is set to ensure clean upgrades from the old v8 package
|
||||||
%global v8_epoch 1
|
%global v8_epoch 1
|
||||||
%global v8_major 7
|
%global v8_major 6
|
||||||
%global v8_minor 8
|
%global v8_minor 8
|
||||||
%global v8_build 279
|
%global v8_build 275
|
||||||
%global v8_patch 23
|
%global v8_patch 32
|
||||||
# V8 presently breaks ABI at least every x.y release while never bumping SONAME
|
# V8 presently breaks ABI at least every x.y release while never bumping SONAME
|
||||||
%global v8_abi %{v8_major}.%{v8_minor}
|
%global v8_abi %{v8_major}.%{v8_minor}
|
||||||
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
|
%global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
|
||||||
@ -57,8 +50,8 @@
|
|||||||
# c-ares - from deps/cares/include/ares_version.h
|
# c-ares - from deps/cares/include/ares_version.h
|
||||||
# https://github.com/nodejs/node/pull/9332
|
# https://github.com/nodejs/node/pull/9332
|
||||||
%global c_ares_major 1
|
%global c_ares_major 1
|
||||||
%global c_ares_minor 18
|
%global c_ares_minor 15
|
||||||
%global c_ares_patch 1
|
%global c_ares_patch 0
|
||||||
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
|
%global c_ares_version %{c_ares_major}.%{c_ares_minor}.%{c_ares_patch}
|
||||||
|
|
||||||
# http-parser - from deps/http_parser/http_parser.h
|
# http-parser - from deps/http_parser/http_parser.h
|
||||||
@ -67,16 +60,10 @@
|
|||||||
%global http_parser_patch 4
|
%global http_parser_patch 4
|
||||||
%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
|
%global http_parser_version %{http_parser_major}.%{http_parser_minor}.%{http_parser_patch}
|
||||||
|
|
||||||
# llhttp - from deps/llhttp/include/llhttp.h
|
|
||||||
%global llhttp_major 2
|
|
||||||
%global llhttp_minor 1
|
|
||||||
%global llhttp_patch 4
|
|
||||||
%global llhttp_version %{llhttp_major}.%{llhttp_minor}.%{llhttp_patch}
|
|
||||||
|
|
||||||
# libuv - from deps/uv/include/uv/version.h
|
# libuv - from deps/uv/include/uv/version.h
|
||||||
%global libuv_major 1
|
%global libuv_major 1
|
||||||
%global libuv_minor 40
|
%global libuv_minor 34
|
||||||
%global libuv_patch 0
|
%global libuv_patch 2
|
||||||
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
|
%global libuv_version %{libuv_major}.%{libuv_minor}.%{libuv_patch}
|
||||||
|
|
||||||
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
# nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
|
||||||
@ -86,14 +73,15 @@
|
|||||||
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
|
%global nghttp2_version %{nghttp2_major}.%{nghttp2_minor}.%{nghttp2_patch}
|
||||||
|
|
||||||
# ICU - from tools/icu/current_ver.dep
|
# ICU - from tools/icu/current_ver.dep
|
||||||
%global icu_major 67
|
%global icu_major 64
|
||||||
%global icu_minor 1
|
%global icu_minor 2
|
||||||
%global icu_version %{icu_major}.%{icu_minor}
|
%global icu_version %{icu_major}.%{icu_minor}
|
||||||
|
|
||||||
%global icudatadir %{nodejs_datadir}/icudata
|
%global icudatadir %{nodejs_datadir}/icudata
|
||||||
%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
|
%{!?little_endian: %global little_endian %(%{__python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
|
||||||
# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
|
# " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
|
||||||
|
|
||||||
|
|
||||||
# punycode - from lib/punycode.js
|
# punycode - from lib/punycode.js
|
||||||
# Note: this was merged into the mainline since 0.6.x
|
# Note: this was merged into the mainline since 0.6.x
|
||||||
# Note: this will be unmerged in an upcoming major release
|
# Note: this will be unmerged in an upcoming major release
|
||||||
@ -106,33 +94,21 @@
|
|||||||
%global npm_epoch 1
|
%global npm_epoch 1
|
||||||
%global npm_major 6
|
%global npm_major 6
|
||||||
%global npm_minor 14
|
%global npm_minor 14
|
||||||
%global npm_patch 16
|
%global npm_patch 11
|
||||||
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
|
%global npm_version %{npm_major}.%{npm_minor}.%{npm_patch}
|
||||||
|
|
||||||
# uvwasi - from deps/uvwasi/include/uvwasi.h
|
|
||||||
%global uvwasi_major 0
|
|
||||||
%global uvwasi_minor 0
|
|
||||||
%global uvwasi_patch 11
|
|
||||||
%global uvwasi_version %{uvwasi_major}.%{uvwasi_minor}.%{uvwasi_patch}
|
|
||||||
|
|
||||||
# histogram_c - assumed from timestamps
|
|
||||||
%global histogram_major 0
|
|
||||||
%global histogram_minor 9
|
|
||||||
%global histogram_patch 7
|
|
||||||
%global histogram_version %{histogram_major}.%{histogram_minor}.%{histogram_patch}
|
|
||||||
|
|
||||||
# brotli - from deps/brotli/c/common/version.h
|
|
||||||
%global brotli_major 1
|
|
||||||
%global brotli_minor 0
|
|
||||||
%global brotli_patch 9
|
|
||||||
%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
|
|
||||||
|
|
||||||
# In order to avoid needing to keep incrementing the release version for the
|
# In order to avoid needing to keep incrementing the release version for the
|
||||||
# main package forever, we will just construct one for npm that is guaranteed
|
# main package forever, we will just construct one for npm that is guaranteed
|
||||||
# to increment safely. Changing this can only be done during an update when the
|
# to increment safely. Changing this can only be done during an update when the
|
||||||
# base npm version number is increasing.
|
# base npm version number is increasing.
|
||||||
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
|
%global npm_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
|
||||||
|
|
||||||
|
# brotli - from deps/brotli/c/common/version.h
|
||||||
|
# v10.x doesn't have --shared-brotli configure option, so we have to bundle it
|
||||||
|
%global brotli_major 1
|
||||||
|
%global brotli_minor 0
|
||||||
|
%global brotli_patch 7
|
||||||
|
%global brotli_version %{brotli_major}.%{brotli_minor}.%{brotli_patch}
|
||||||
|
|
||||||
Name: nodejs
|
Name: nodejs
|
||||||
Epoch: %{nodejs_epoch}
|
Epoch: %{nodejs_epoch}
|
||||||
@ -162,17 +138,16 @@ Source7: nodejs_native.attr
|
|||||||
# Disable running gyp on bundled deps we don't use
|
# Disable running gyp on bundled deps we don't use
|
||||||
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
Patch1: 0001-Disable-running-gyp-on-shared-deps.patch
|
||||||
|
|
||||||
%if %{?with_libs} == 1
|
# Suppress the message from npm to run `npm -g update npm`
|
||||||
# Patch to install both node and libnode.so, using the correct libdir
|
# This does bad things on an RPM-managed npm.
|
||||||
Patch2: 0002-Install-both-binaries-and-use-libdir.patch
|
Patch2: 0002-Suppress-NPM-message-to-run-global-update.patch
|
||||||
%endif
|
|
||||||
|
|
||||||
# Upstream patch to use getauxval
|
# Upstream patch to enable auto-detection of full ICU data
|
||||||
Patch3: 0003-src-use-getauxval-in-node_main.cc.patch
|
# https://github.com/nodejs/node/pull/30825
|
||||||
|
Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch
|
||||||
|
|
||||||
# Make FIPS always available
|
# CVE-2020-7774
|
||||||
# https://github.com/nodejs/node/issues/34903
|
Patch4: 0004-CVE-2020-7774-nodejs-y18n-prototype-pollution-vulnerability.patch
|
||||||
Patch4: 0004-always-available-fips-options.patch
|
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: python2-devel
|
BuildRequires: python2-devel
|
||||||
@ -186,29 +161,20 @@ BuildRequires: gcc-c++ >= 6.3.0
|
|||||||
BuildRequires: nodejs-packaging
|
BuildRequires: nodejs-packaging
|
||||||
BuildRequires: chrpath
|
BuildRequires: chrpath
|
||||||
BuildRequires: libatomic
|
BuildRequires: libatomic
|
||||||
BuildRequires: systemtap-sdt-devel
|
|
||||||
|
|
||||||
%if %{with bootstrap}
|
%if %{with bootstrap}
|
||||||
Provides: bundled(http-parser) = %{http_parser_version}
|
Provides: bundled(http-parser) = %{http_parser_version}
|
||||||
Provides: bundled(libuv) = %{libuv_version}
|
Provides: bundled(libuv) = %{libuv_version}
|
||||||
Provides: bundled(nghttp2) = %{nghttp2_version}
|
Provides: bundled(nghttp2) = %{nghttp2_version}
|
||||||
%else
|
%else
|
||||||
|
BuildRequires: systemtap-sdt-devel
|
||||||
BuildRequires: libuv-devel >= 1:%{libuv_version}
|
BuildRequires: libuv-devel >= 1:%{libuv_version}
|
||||||
Requires: libuv >= 1:%{libuv_version}
|
Requires: libuv >= 1:%{libuv_version}
|
||||||
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
BuildRequires: libnghttp2-devel >= %{nghttp2_version}
|
||||||
Requires: libnghttp2 >= %{nghttp2_version}
|
Requires: libnghttp2 >= %{nghttp2_version}
|
||||||
%endif
|
BuildRequires: http-parser-devel >= %{http_parser_version}
|
||||||
|
Requires: http-parser >= %{http_parser_version}
|
||||||
|
|
||||||
# Temporarily bundle http-parser and llhttp because the latter
|
|
||||||
# isn't packaged yet and they are controlled by the same
|
|
||||||
# configure flag.
|
|
||||||
Provides: bundled(http-parser) = %{http_parser_version}
|
|
||||||
Provides: bundled(llhttp) = %{llhttp_version}
|
|
||||||
|
|
||||||
%if %{with shared_brotli}
|
|
||||||
BuildRequires: brotli-devel
|
|
||||||
%else
|
|
||||||
Provides: bundled(brotli) = %{brotli_version}
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
BuildRequires: openssl-devel
|
BuildRequires: openssl-devel
|
||||||
@ -216,10 +182,6 @@ BuildRequires: openssl-devel
|
|||||||
# we need the system certificate store
|
# we need the system certificate store
|
||||||
Requires: ca-certificates
|
Requires: ca-certificates
|
||||||
|
|
||||||
%if %{?with_libs} == 1
|
|
||||||
Requires: nodejs-libs%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Pull in the full-icu data by default
|
# Pull in the full-icu data by default
|
||||||
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
|
Recommends: nodejs-full-i18n%{?_isa} = %{nodejs_epoch}:%{version}-%{release}
|
||||||
|
|
||||||
@ -267,19 +229,16 @@ Provides: bundled(v8) = %{v8_version}
|
|||||||
# an ABI-break, so we'll use the bundled copy.
|
# an ABI-break, so we'll use the bundled copy.
|
||||||
Provides: bundled(icu) = %{icu_version}
|
Provides: bundled(icu) = %{icu_version}
|
||||||
|
|
||||||
# Upstream added new dependencies, but so far they are not available in Fedora
|
|
||||||
# or there's no option to built it as a shared dependency, so we bundle them
|
|
||||||
Provides: bundled(uvwasi) = %{uvwasi_version}
|
|
||||||
Provides: bundled(histogram) = %{histogram_version}
|
|
||||||
|
|
||||||
# Make sure we keep NPM up to date when we update Node.js
|
# Make sure we keep NPM up to date when we update Node.js
|
||||||
%if 0%{?rhel} < 8
|
%if 0%{?rhel}
|
||||||
# EPEL doesn't support Recommends, so make it strict
|
# EPEL doesn't support Recommends, so make it strict
|
||||||
Requires: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
|
Requires: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
|
||||||
%else
|
%else
|
||||||
Recommends: npm >= %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
|
Recommends: npm = %{npm_epoch}:%{npm_version}-%{npm_release}%{?dist}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
# Provide bundled brotli until we can build it with system package
|
||||||
|
Provides: bundled(brotli) = %{brotli_version}
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Node.js is a platform built on Chrome's JavaScript runtime
|
Node.js is a platform built on Chrome's JavaScript runtime
|
||||||
@ -295,14 +254,12 @@ Group: Development/Languages
|
|||||||
Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
Requires: %{name}%{?_isa} = %{epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
Requires: openssl-devel%{?_isa}
|
Requires: openssl-devel%{?_isa}
|
||||||
Requires: zlib-devel%{?_isa}
|
Requires: zlib-devel%{?_isa}
|
||||||
%if %{with shared_brotli}
|
|
||||||
Requires: brotli-devel%{?_isa}
|
|
||||||
%endif
|
|
||||||
Requires: nodejs-packaging
|
Requires: nodejs-packaging
|
||||||
|
|
||||||
%if %{with bootstrap}
|
%if %{with bootstrap}
|
||||||
# deps are bundled
|
# deps are bundled
|
||||||
%else
|
%else
|
||||||
|
Requires: http-parser-devel%{?_isa}
|
||||||
Requires: libuv-devel%{?_isa}
|
Requires: libuv-devel%{?_isa}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
@ -319,42 +276,6 @@ Optional data files to provide full-icu support for Node.js. Remove this
|
|||||||
package to save space if non-English locales are not needed.
|
package to save space if non-English locales are not needed.
|
||||||
|
|
||||||
|
|
||||||
%if %{?with_libs} == 1
|
|
||||||
%package libs
|
|
||||||
Summary: Node.js and v8 libraries
|
|
||||||
|
|
||||||
# Compatibility for obsolete v8 package
|
|
||||||
%if 0%{?__isa_bits} == 64
|
|
||||||
Provides: libv8.so.%{v8_major}()(64bit)
|
|
||||||
Provides: libv8_libbase.so.%{v8_major}()(64bit)
|
|
||||||
Provides: libv8_libplatform.so.%{v8_major}()(64bit)
|
|
||||||
%else
|
|
||||||
# 32-bits
|
|
||||||
Provides: libv8.so.%{v8_major}
|
|
||||||
Provides: libv8_libbase.so.%{v8_major}
|
|
||||||
Provides: libv8_libplatform.so.%{v8_major}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Provides: v8 = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
|
|
||||||
Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}%{?dist}
|
|
||||||
Obsoletes: v8 < 1:6.7.17-10
|
|
||||||
|
|
||||||
%description libs
|
|
||||||
Libraries to support Node.js and provide stable v8 interfaces.
|
|
||||||
|
|
||||||
|
|
||||||
%package -n v8-devel
|
|
||||||
Summary: v8 - development headers
|
|
||||||
Epoch: %{v8_epoch}
|
|
||||||
Version: %{v8_version}
|
|
||||||
Release: %{v8_release}%{?dist}
|
|
||||||
Requires: %{name}-devel%{?_isa} = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
|
||||||
|
|
||||||
%description -n v8-devel
|
|
||||||
Development headers for the v8 runtime.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%package -n npm
|
%package -n npm
|
||||||
Summary: Node.js Package Manager
|
Summary: Node.js Package Manager
|
||||||
Epoch: %{npm_epoch}
|
Epoch: %{npm_epoch}
|
||||||
@ -367,7 +288,6 @@ Release: %{npm_release}%{?dist}
|
|||||||
Obsoletes: npm < 0:3.5.4-6
|
Obsoletes: npm < 0:3.5.4-6
|
||||||
Provides: npm = %{npm_epoch}:%{npm_version}
|
Provides: npm = %{npm_epoch}:%{npm_version}
|
||||||
Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
Requires: nodejs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
||||||
Recommends: nodejs-docs = %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}%{?dist}
|
|
||||||
|
|
||||||
# Do not add epoch to the virtual NPM provides or it will break
|
# Do not add epoch to the virtual NPM provides or it will break
|
||||||
# the automatic dependency-generation script.
|
# the automatic dependency-generation script.
|
||||||
@ -398,9 +318,6 @@ The API documentation for the Node.js JavaScript runtime.
|
|||||||
|
|
||||||
# remove bundled dependencies that we aren't building
|
# remove bundled dependencies that we aren't building
|
||||||
rm -rf deps/zlib
|
rm -rf deps/zlib
|
||||||
%if %{with shared_brotli}
|
|
||||||
rm -rf deps/brotli
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Replace any instances of unversioned python' with python2
|
# Replace any instances of unversioned python' with python2
|
||||||
pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
|
pathfix.py -i %{__python2} -pn $(find -type f ! -name "*.js")
|
||||||
@ -413,7 +330,6 @@ find . -type f -exec sed -i "s~python -c~python2 -c~" {} \;
|
|||||||
sed -i "s~which('python')~which('python2')~" configure
|
sed -i "s~which('python')~which('python2')~" configure
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
|
||||||
|
|
||||||
%ifarch s390 s390x %{arm} %ix86
|
%ifarch s390 s390x %{arm} %ix86
|
||||||
# Decrease debuginfo verbosity to reduce memory consumption during final
|
# Decrease debuginfo verbosity to reduce memory consumption during final
|
||||||
@ -421,6 +337,7 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
|||||||
%global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
|
%global optflags %(echo %{optflags} | sed 's/-g /-g1 /')
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
|
||||||
export CC='%{__cc}'
|
export CC='%{__cc}'
|
||||||
export CXX='%{__cxx}'
|
export CXX='%{__cxx}'
|
||||||
|
|
||||||
@ -444,83 +361,24 @@ export CXXFLAGS="$(echo ${CXXFLAGS} | tr '\n\\' ' ')"
|
|||||||
|
|
||||||
export LDFLAGS="%{build_ldflags}"
|
export LDFLAGS="%{build_ldflags}"
|
||||||
|
|
||||||
# we're not building with libs in RHEL, so let's comment this out
|
|
||||||
# for the sake of readability
|
|
||||||
#%if %{?with_libs} == 1
|
|
||||||
#%if %{with bootstrap}
|
|
||||||
#./configure --prefix=%{_prefix} \
|
|
||||||
# --shared \
|
|
||||||
# --libdir=%{_lib} \
|
|
||||||
# --shared-openssl \
|
|
||||||
# --shared-zlib \
|
|
||||||
# --shared-brotli \
|
|
||||||
# --without-dtrace \
|
|
||||||
# --with-intl=small-icu \
|
|
||||||
# --openssl-use-def-ca-store
|
|
||||||
#%else
|
|
||||||
#./configure --prefix=%{_prefix} \
|
|
||||||
# --shared \
|
|
||||||
# --libdir=%{_lib} \
|
|
||||||
# --shared-openssl \
|
|
||||||
# --shared-zlib \
|
|
||||||
# --shared-brotli \
|
|
||||||
# --shared-libuv \
|
|
||||||
# --shared-nghttp2 \
|
|
||||||
# --with-dtrace \
|
|
||||||
# --with-intl=%{icu_flag} \
|
|
||||||
# --with-icu-default-data-dir=%{icudatadir} \
|
|
||||||
# --debug-nghttp2 \
|
|
||||||
# --openssl-use-def-ca-store
|
|
||||||
#%endif
|
|
||||||
|
|
||||||
%if %{with shared_brotli}
|
|
||||||
|
|
||||||
%if %{with bootstrap}
|
|
||||||
./configure --prefix=%{_prefix} \
|
|
||||||
--shared-openssl \
|
|
||||||
--shared-zlib \
|
|
||||||
--shared-brotli \
|
|
||||||
--without-dtrace \
|
|
||||||
--with-intl=small-icu \
|
|
||||||
--openssl-use-def-ca-store \
|
|
||||||
--openssl-default-cipher-list=PROFILE=SYSTEM
|
|
||||||
%else
|
|
||||||
./configure --prefix=%{_prefix} \
|
|
||||||
--shared-openssl \
|
|
||||||
--shared-zlib \
|
|
||||||
--shared-brotli \
|
|
||||||
--shared-libuv \
|
|
||||||
--shared-nghttp2 \
|
|
||||||
--with-dtrace \
|
|
||||||
--with-intl=%{icu_flag} \
|
|
||||||
--with-icu-default-data-dir=%{icudatadir} \
|
|
||||||
--openssl-use-def-ca-store \
|
|
||||||
--openssl-default-cipher-list=PROFILE=SYSTEM
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%else
|
|
||||||
|
|
||||||
%if %{with bootstrap}
|
%if %{with bootstrap}
|
||||||
./configure --prefix=%{_prefix} \
|
./configure --prefix=%{_prefix} \
|
||||||
--shared-openssl \
|
--shared-openssl \
|
||||||
--shared-zlib \
|
--shared-zlib \
|
||||||
--without-dtrace \
|
--without-dtrace \
|
||||||
--with-intl=small-icu \
|
--with-intl=small-icu \
|
||||||
--openssl-use-def-ca-store \
|
--openssl-use-def-ca-store
|
||||||
--openssl-default-cipher-list=PROFILE=SYSTEM
|
|
||||||
%else
|
%else
|
||||||
./configure --prefix=%{_prefix} \
|
./configure --prefix=%{_prefix} \
|
||||||
--shared-openssl \
|
--shared-openssl \
|
||||||
--shared-zlib \
|
--shared-zlib \
|
||||||
--shared-libuv \
|
--shared-libuv \
|
||||||
|
--shared-http-parser \
|
||||||
--shared-nghttp2 \
|
--shared-nghttp2 \
|
||||||
--with-dtrace \
|
--with-dtrace \
|
||||||
--with-intl=%{icu_flag} \
|
--with-intl=small-icu \
|
||||||
--with-icu-default-data-dir=%{icudatadir} \
|
--with-icu-default-data-dir=%{icudatadir} \
|
||||||
--openssl-use-def-ca-store \
|
--openssl-use-def-ca-store
|
||||||
--openssl-default-cipher-list=PROFILE=SYSTEM
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{?with_debug} == 1
|
%if %{?with_debug} == 1
|
||||||
@ -576,21 +434,6 @@ chrpath --delete %{buildroot}%{_bindir}/node
|
|||||||
install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
|
install -Dpm0755 out/Debug/node %{buildroot}/%{_bindir}/node_g
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%if %{?with_libs} == 1
|
|
||||||
# Install library symlink
|
|
||||||
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/libnode.so
|
|
||||||
|
|
||||||
# Install v8 compatibility symlinks
|
|
||||||
for header in %{buildroot}%{_includedir}/node/libplatform %{buildroot}%{_includedir}/node/v8*.h; do
|
|
||||||
header=$(basename ${header})
|
|
||||||
ln -s %{_includedir}/node/${header} %{buildroot}%{_includedir}/${header}
|
|
||||||
done
|
|
||||||
for soname in libv8 libv8_libbase libv8_libplatform; do
|
|
||||||
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so
|
|
||||||
ln -s libnode.so.%{nodejs_soversion} %{buildroot}%{_libdir}/${soname}.so.%{v8_major}
|
|
||||||
done
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# own the sitelib directory
|
# own the sitelib directory
|
||||||
mkdir -p %{buildroot}%{_prefix}/lib/node_modules
|
mkdir -p %{buildroot}%{_prefix}/lib/node_modules
|
||||||
|
|
||||||
@ -627,7 +470,6 @@ ln -sf %{_mandir} %{buildroot}%{_prefix}/lib/node_modules/npm/man
|
|||||||
# Install Gatsby HTML documentation to %{_pkgdocdir}
|
# Install Gatsby HTML documentation to %{_pkgdocdir}
|
||||||
cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
|
cp -pr deps/npm/docs %{buildroot}%{_pkgdocdir}/npm/
|
||||||
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
|
rm -rf %{buildroot}%{_prefix}/lib/node_modules/npm/docs
|
||||||
|
|
||||||
ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
|
ln -sf %{_pkgdocdir}/npm %{buildroot}%{_prefix}/lib/node_modules/npm/docs
|
||||||
|
|
||||||
# Node tries to install some python files into a documentation directory
|
# Node tries to install some python files into a documentation directory
|
||||||
@ -662,23 +504,6 @@ install -Dpm0644 -t %{buildroot}%{icudatadir} deps/icu/source/converted/*
|
|||||||
|
|
||||||
|
|
||||||
%check
|
%check
|
||||||
%if %{?with_libs} == 1
|
|
||||||
# Fail the build if the versions don't match
|
|
||||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
|
|
||||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
|
|
||||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.ares.replace(/-DEV$/, ''), '%{c_ares_version}')"
|
|
||||||
|
|
||||||
# Ensure we have punycode and that the version matches
|
|
||||||
LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"punycode\").version, '%{punycode_version}')"
|
|
||||||
|
|
||||||
# Ensure we have npm and that the version matches
|
|
||||||
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node -e "require(\"assert\").equal(require(\"npm\").version, '%{npm_version}')"
|
|
||||||
|
|
||||||
# Make sure i18n support is working
|
|
||||||
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules LD_LIBRARY_PATH=%{buildroot}%{_libdir} %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
|
|
||||||
|
|
||||||
%else
|
|
||||||
|
|
||||||
# Fail the build if the versions don't match
|
# Fail the build if the versions don't match
|
||||||
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
|
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.node, '%{nodejs_version}')"
|
||||||
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
|
%{buildroot}/%{_bindir}/node -e "require('assert').equal(process.versions.v8.replace(/-node\.\d+$/, ''), '%{v8_version}')"
|
||||||
@ -692,7 +517,6 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/nod
|
|||||||
|
|
||||||
# Make sure i18n support is working
|
# Make sure i18n support is working
|
||||||
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
|
NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules:%{buildroot}%{_prefix}/lib/node_modules/npm/node_modules %{buildroot}/%{_bindir}/node --icu-data-dir=%{buildroot}%{icudatadir} %{SOURCE2}
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%pretrans -n npm -p <lua>
|
%pretrans -n npm -p <lua>
|
||||||
@ -710,38 +534,6 @@ if d_st then
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
-- Replace the npm docs directory with a symlink
|
|
||||||
-- Drop this scriptlet when F31 is EOL
|
|
||||||
path = "%{_prefix}/lib/node_modules/npm/doc"
|
|
||||||
st = posix.stat(path)
|
|
||||||
if st and st.type == "directory" then
|
|
||||||
status = os.rename(path, path .. ".rpmmoved")
|
|
||||||
if not status then
|
|
||||||
suffix = 0
|
|
||||||
while not status do
|
|
||||||
suffix = suffix + 1
|
|
||||||
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
|
|
||||||
end
|
|
||||||
os.rename(path, path .. ".rpmmoved")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
-- Replace the npm HTML docs directory with a symlink
|
|
||||||
-- Drop this scriptlet when F31 is EOL
|
|
||||||
path = "%{_prefix}/lib/node_modules/npm/html"
|
|
||||||
st = posix.stat(path)
|
|
||||||
if st and st.type == "directory" then
|
|
||||||
status = os.rename(path, path .. ".rpmmoved")
|
|
||||||
if not status then
|
|
||||||
suffix = 0
|
|
||||||
while not status do
|
|
||||||
suffix = suffix + 1
|
|
||||||
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
|
|
||||||
end
|
|
||||||
os.rename(path, path .. ".rpmmoved")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
-- Replace the npm man directory with a symlink
|
-- Replace the npm man directory with a symlink
|
||||||
-- Drop this scriptlet when F31 is EOL
|
-- Drop this scriptlet when F31 is EOL
|
||||||
path = "%{_prefix}/lib/node_modules/npm/man"
|
path = "%{_prefix}/lib/node_modules/npm/man"
|
||||||
@ -759,26 +551,6 @@ if st and st.type == "directory" then
|
|||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
%if %{?with_libs} == 1
|
|
||||||
%pretrans -n v8-devel -p <lua>
|
|
||||||
-- Replace the v8 libplatform include directory with a symlink
|
|
||||||
-- Drop this scriptlet when F30 is EOL
|
|
||||||
path = "%{_includedir}/libplatform"
|
|
||||||
st = posix.stat(path)
|
|
||||||
if st and st.type == "directory" then
|
|
||||||
status = os.rename(path, path .. ".rpmmoved")
|
|
||||||
if not status then
|
|
||||||
suffix = 0
|
|
||||||
while not status do
|
|
||||||
suffix = suffix + 1
|
|
||||||
status = os.rename(path .. ".rpmmoved", path .. ".rpmmoved." .. suffix)
|
|
||||||
end
|
|
||||||
os.rename(path, path .. ".rpmmoved")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%files
|
%files
|
||||||
%{_bindir}/node
|
%{_bindir}/node
|
||||||
%dir %{_prefix}/lib/node_modules
|
%dir %{_prefix}/lib/node_modules
|
||||||
@ -797,7 +569,7 @@ end
|
|||||||
%{_rpmconfigdir}/fileattrs/nodejs_native.attr
|
%{_rpmconfigdir}/fileattrs/nodejs_native.attr
|
||||||
%{_rpmconfigdir}/nodejs_native.req
|
%{_rpmconfigdir}/nodejs_native.req
|
||||||
%license LICENSE
|
%license LICENSE
|
||||||
%doc AUTHORS CHANGELOG.md onboarding.md GOVERNANCE.md README.md
|
%doc AUTHORS CHANGELOG.md COLLABORATOR_GUIDE.md GOVERNANCE.md README.md
|
||||||
%doc %{_mandir}/man1/node.1*
|
%doc %{_mandir}/man1/node.1*
|
||||||
|
|
||||||
|
|
||||||
@ -806,9 +578,6 @@ end
|
|||||||
%{_bindir}/node_g
|
%{_bindir}/node_g
|
||||||
%endif
|
%endif
|
||||||
%{_includedir}/node
|
%{_includedir}/node
|
||||||
%if %{?with_libs} == 1
|
|
||||||
%{_libdir}/libnode.so
|
|
||||||
%endif
|
|
||||||
%{_datadir}/node/common.gypi
|
%{_datadir}/node/common.gypi
|
||||||
%{_pkgdocdir}/gdbinit
|
%{_pkgdocdir}/gdbinit
|
||||||
|
|
||||||
@ -818,25 +587,6 @@ end
|
|||||||
%{icudatadir}/icudt%{icu_major}*.dat
|
%{icudatadir}/icudt%{icu_major}*.dat
|
||||||
|
|
||||||
|
|
||||||
%if %{?with_libs} == 1
|
|
||||||
%files libs
|
|
||||||
%{_libdir}/libnode.so.%{nodejs_soversion}
|
|
||||||
%{_libdir}/libv8.so.%{v8_major}
|
|
||||||
%{_libdir}/libv8_libbase.so.%{v8_major}
|
|
||||||
%{_libdir}/libv8_libplatform.so.%{v8_major}
|
|
||||||
%dir %{nodejs_datadir}/
|
|
||||||
|
|
||||||
|
|
||||||
%files -n v8-devel
|
|
||||||
%{_includedir}/libplatform
|
|
||||||
%{_includedir}/v8*.h
|
|
||||||
%{_libdir}/libv8.so
|
|
||||||
%{_libdir}/libv8_libbase.so
|
|
||||||
%{_libdir}/libv8_libplatform.so
|
|
||||||
%ghost %{_includedir}/libplatform.rpmmoved
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%files -n npm
|
%files -n npm
|
||||||
%{_bindir}/npm
|
%{_bindir}/npm
|
||||||
%{_bindir}/npx
|
%{_bindir}/npx
|
||||||
@ -871,93 +621,47 @@ end
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon May 16 2022 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.12-1
|
* Wed Feb 24 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.24.0-1
|
||||||
- Resolves: RHBZ#2084651
|
- Resolves: RHBZ#1932373, RHBZ#1932426
|
||||||
- Resolves: #2086773, #2086777, #2086781, #2086786, #2086790
|
- Resolves CVE-2021-22883 and CVE-2021-22884
|
||||||
- Resolves: #2086795, #2086799, #2086804, #2086809, #2086813
|
- remove -debug-nghttp2 flag (1930775)
|
||||||
- Rebase to last v12.x release
|
- remove ini patch merged upstream
|
||||||
- Remove patch for CVE-2021-23343
|
|
||||||
|
|
||||||
* Mon Aug 16 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.5-1
|
* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.23.1-1
|
||||||
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940,
|
- January Security release
|
||||||
- Resolves CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
|
|
||||||
- Resolves: RHBZ#1951621 (make FIPS always available)
|
|
||||||
- Resolves: RHBZ#1988596, RHBZ#1993814, RHBZ#1993808, RHBZ#1993094
|
|
||||||
- Resolves: RHBZ#1986742, RHBZ#1993946, RHBZ#1993939, RHBZ#1989426
|
|
||||||
|
|
||||||
* Mon Aug 09 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-3
|
|
||||||
- Resolves CVE-2021-23362 CVE-2021-27290
|
|
||||||
- Resolves: RHBZ#1945512, RHBZ#1945286
|
|
||||||
- Add missing CVE trackers
|
|
||||||
|
|
||||||
* Thu Jul 08 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-2
|
|
||||||
- Resolves: RHBZ#1979843, RHBZ#1977759
|
|
||||||
- Resolves: RHBz#1952915
|
|
||||||
- Fix typo, BR systemtap-sdt-level always, remove y18n patch
|
|
||||||
|
|
||||||
* Wed Jul 07 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.22.3-1
|
|
||||||
- Resolves: RHBZ#1979843, RHBZ#1977759
|
|
||||||
- Resolves: RHBz#1952915
|
|
||||||
- Resolves CVE-2021-22918(libuv), use system cipher list
|
|
||||||
|
|
||||||
* Tue Mar 02 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.21.0-1
|
|
||||||
- Resolves: RHBZ#1934566, RHBZ#1934598
|
|
||||||
- remove --debug-nghttp2 option
|
|
||||||
- remove ini patch
|
|
||||||
- Backport patch to use getauxval
|
|
||||||
|
|
||||||
* Mon Jan 18 2021 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.20.1-1
|
|
||||||
- Security rebase for January security release
|
|
||||||
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
|
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
|
||||||
- Resolves: RHBZ#1913000, RHBZ#1912952
|
- Rebase to 10.23.1
|
||||||
- Resolves: RHBZ#1912635, RHBZ#1893984
|
- Resolves: RHBZ#1916461, RHBZ#1914789
|
||||||
|
- Resolves: RHBZ#1914783, RHBZ#1916462, RHBZ#1916395, RHBZ#1916459
|
||||||
|
- Resolves: RHBZ#1916691, RHBZ#1916689, RHBZ#1916388
|
||||||
|
- Remove dot-prop patch, as it is fixed by npm rebase
|
||||||
|
|
||||||
* Tue Nov 24 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.19.1-1
|
* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 1:10.22.1-1
|
||||||
- Resolves: RHBZ#1861602, #1874302, #1898598, #1898765
|
- Security rebase to 10.22.1
|
||||||
- c-ares, ajv and y18n CVEs and yarn installability issues
|
|
||||||
|
|
||||||
* Mon Oct 05 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.4-2
|
* Wed Jun 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-3
|
||||||
- Fix RHBZ#1856776 - nodejs-devel not installable due to missing brotli
|
- Resolves: RHBZ#1845307
|
||||||
- Some spec fixes
|
- Remove brotli-devel requires from nodejs-devel
|
||||||
|
|
||||||
* Tue Sep 22 2020 Jan Staněk <jstanek@redhat.com> - 12.18.4-1
|
* Tue Jun 16 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-2
|
||||||
- Rebase to 12.18.4
|
- Resolves: RHBZ#1845307
|
||||||
|
- Turn off debug builds
|
||||||
|
|
||||||
* Tue Jun 30 2020 Jan Staněk <jstanek@redhat.com> - 12.18.2-1
|
* Mon Jun 15 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.21.0-1
|
||||||
- Rebase to 12.18.2
|
- Security update to 10.21.0
|
||||||
|
- Resolves: RHBZ#1845307
|
||||||
|
- Fixes CVE-2020-11080, CVE-2020-8174, CVE-2020-10531
|
||||||
|
- Bundle brotli, because --shared-brotli configure option is missing
|
||||||
|
- Add i18n subpackage
|
||||||
|
|
||||||
* Thu Jun 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.1-1
|
* Wed Mar 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.19.0-2
|
||||||
- Rebase
|
- Resolves: RHBZ#1811499
|
||||||
- Spec clean up
|
|
||||||
- Provide i18n package, bundle icu
|
|
||||||
- Resolves: RHBZ#1845311, RHBZ#1845692
|
|
||||||
|
|
||||||
* Thu Jun 18 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.18.0-1
|
* Mon Feb 10 2020 Jan Staněk <jstanek@redhat.com> - 1:10.19.0-1
|
||||||
- Security update to 12.18.0
|
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
|
||||||
- Resolves: RHBZ#1845311, RHBZ#1845692
|
|
||||||
|
|
||||||
* Tue Mar 17 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-2
|
* Tue Sep 10 2019 Jan Staněk <jstanek@redhat.com> - 1:10.16.3-1
|
||||||
- Fix CVE-2020-10531
|
- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
|
||||||
|
|
||||||
* Thu Feb 20 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.16.1-1
|
|
||||||
- Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381
|
|
||||||
- Rebase to 12.16.1
|
|
||||||
|
|
||||||
* Wed Jan 15 2020 Jan Staněk <jstanek@redhat.com> - 1:12.14.1-1
|
|
||||||
- Rebase to 12.14.1
|
|
||||||
|
|
||||||
* Fri Nov 29 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.13.1-1
|
|
||||||
- Resolves: RHBZ# 1773503, update to 12.13.1
|
|
||||||
- minor clean up and sync with Fedora spec
|
|
||||||
- turn off debug builds
|
|
||||||
|
|
||||||
* Thu Aug 01 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-2
|
|
||||||
- Resolves:RHBZ#1685191
|
|
||||||
- Add condition to libs
|
|
||||||
|
|
||||||
* Wed Jun 12 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:12.4.0-1
|
|
||||||
- Update to v12.x
|
|
||||||
- Add v8-devel and libs subpackages from fedora
|
|
||||||
|
|
||||||
* Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
|
* Thu Mar 14 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:10.14.1-2
|
||||||
- move nodejs-packaging BR out of conditional
|
- move nodejs-packaging BR out of conditional
|
||||||
|
Loading…
Reference in New Issue
Block a user