Revert "Prepare for EPEL 7 uplift"

This reverts commit b9ddd6c483. This was pushed accidentally
2016-09-09 08:16:32 -04:00 · 2016-09-09 08:16:32 -04:00 · 74b97c6ec1
commit 74b97c6ec1
parent b9ddd6c483
4 changed files with 11 additions and 177 deletions
--- a/0001-Use-Fedora-OpenSSL-build-flags.patch
+++ b/0001-Use-Fedora-OpenSSL-build-flags.patch
@ -1,76 +0,0 @@
-From 6ecf32b36eab498da24a5e23d08713e19ab341a5 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Thu, 8 Sep 2016 12:54:20 -0400
-Subject: [PATCH] Use Fedora OpenSSL build flags
-
---
- deps/openssl/config/Makefile | 5 ++++-
- deps/openssl/openssl.gypi    | 9 ++++++---
- 2 files changed, 10 insertions(+), 4 deletions(-)
-
-diff --git a/deps/openssl/config/Makefile b/deps/openssl/config/Makefile
-index c8155b16d8dcfbc7ade7cd463248236d989b0599..7a319fd13b06b0520b3e118691381f27fdccf1a0 100644
--- a/deps/openssl/config/Makefile
-+++ b/deps/openssl/config/Makefile
-@@ -1,8 +1,11 @@
- PERL    = perl
- CONFIGURE = ./Configure
-COPT = no-shared no-symlinks
-+COPT = no-shared no-symlinks \
-+	zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \
-+	enable-cms enable-md2 enable-rc5 \
-+	no-mdc2 no-ec2m no-gost no-srp
- 
- ARCHS = aix-gcc aix64-gcc BSD-x86 BSD-x86_64 VC-WIN32 \
- VC-WIN64A darwin64-x86_64-cc darwin-i386-cc linux-aarch64 \
- linux-armv4 linux-elf linux-x32 linux-x86_64 linux-ppc \
- linux-ppc64 linux32-s390x linux64-s390x solaris-x86-gcc \
-diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi
-index 3620e45c41074647ef54f040a539c0d1c4f9b7d9..549e87348fb8c929f80ffd651df1bf6591b071d2 100644
--- a/deps/openssl/openssl.gypi
-+++ b/deps/openssl/openssl.gypi
-@@ -383,11 +383,10 @@
-       'openssl/crypto/evp/m_dss1.c',
-       'openssl/crypto/evp/m_ecdsa.c',
-       'openssl/crypto/evp/m_md2.c',
-       'openssl/crypto/evp/m_md4.c',
-       'openssl/crypto/evp/m_md5.c',
-      'openssl/crypto/evp/m_mdc2.c',
-       'openssl/crypto/evp/m_null.c',
-       'openssl/crypto/evp/m_ripemd.c',
-       'openssl/crypto/evp/m_sha.c',
-       'openssl/crypto/evp/m_sha1.c',
-       'openssl/crypto/evp/m_sigver.c',
-@@ -420,12 +419,10 @@
-       'openssl/crypto/lhash/lhash.c',
-       'openssl/crypto/md4/md4_dgst.c',
-       'openssl/crypto/md4/md4_one.c',
-       'openssl/crypto/md5/md5_dgst.c',
-       'openssl/crypto/md5/md5_one.c',
-      'openssl/crypto/mdc2/mdc2_one.c',
-      'openssl/crypto/mdc2/mdc2dgst.c',
-       'openssl/crypto/mem.c',
-       'openssl/crypto/mem_dbg.c',
-       'openssl/crypto/modes/cbc128.c',
-       'openssl/crypto/modes/ccm128.c',
-       'openssl/crypto/modes/cfb128.c',
-@@ -1261,10 +1258,16 @@
-       # Heartbeat is a TLS extension, that couldn't be turned off or
-       # asked to be not advertised. Unfortunately this is unacceptable for
-       # Microsoft's IIS, which seems to be ignoring whole ClientHello after
-       # seeing this extension.
-       'OPENSSL_NO_HEARTBEATS',
-+
-+      # Taken from Fedora package:
-+      'OPENSSL_NO_SRP',
-+      'OPENSSL_NO_GOST',
-+      'OPENSSL_NO_MDC2',
-+      'OPENSSL_NO_EC2M',
-     ],
-     'openssl_default_defines_win': [
-       'MK1MF_BUILD',
-       'WIN32_LEAN_AND_MEAN',
-       'OPENSSL_SYSNAME_WIN32',
-- 
-2.7.4
-
--- a/nodejs-openssl-fix-no-srp.patch
+++ b/nodejs-openssl-fix-no-srp.patch
@ -1,23 +0,0 @@
-From 249270c8047486892b64a169ff16567b506ec1cb Mon Sep 17 00:00:00 2001
-From: Richard Levitte <levitte@openssl.org>
-Date: Fri, 22 Jul 2016 21:48:05 +0200
-Subject: [PATCH] Correct misspelt OPENSSL_NO_SRP
-
-RT#4619
---
- ssl/statem/statem_clnt.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
-index b0f508c..5fb0080 100644
--- a/ssl/statem/statem_clnt.c
-+++ b/ssl/statem/statem_clnt.c
-@@ -2451,7 +2451,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
- 
- static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
- {
-#ifndef OPENSSL_NO_SRT
-+#ifndef OPENSSL_NO_SRP
-     if (s->srp_ctx.A != NULL) {
-         /* send off the data */
-         *len = BN_num_bytes(s->srp_ctx.A);
--- a/nodejs-tarball.sh
+++ b/nodejs-tarball.sh
@ -1,35 +1,7 @@
 #!/bin/sh
-SCRIPTROOT=$(pwd)
+
 version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
-
-if [ ! -e node-v${version}.tar.gz ]; then
-    wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz
-fi
-
+wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz
 tar -zxf node-v${version}.tar.gz
-rm -rf node-v${version}/deps/openssl/openssl
-
-rm -rf openssl
-fedpkg clone -a openssl
-pushd openssl
-fedpkg prep
-openssl_version=$(rpm -q --specfile --qf='%{version}\n' openssl.spec | head -n1)
-
-pushd openssl-${openssl_version}
-git init
-git add .
-git commit -m "Initial commit" --no-gpg-sign
-./config
-pushd include/openssl
-#../../../../copy_symlink.sh *.h
-popd # include/openssl
-
-git add include/ crypto/opensslconf.h
-git commit -m "Include headers" --no-gpg-sign
-git clean -f
-popd # openssl-${openssl_version}
-
-popd # openssl
-mv openssl/openssl-${openssl_version} node-v${version}/deps/openssl/openssl
-
-tar -zcf node-v${version}-hobbled.tar.gz node-v${version}
+rm -rf node-v${version}/deps/openssl
+tar -zcf node-v${version}-stripped.tar.gz node-v${version}
--- a/nodejs.spec
+++ b/nodejs.spec
@ -63,9 +63,7 @@ Name: nodejs
 Epoch: 1
 Version: %{nodejs_version}
 # Keep this release > 100 for F25+ due to a complicated npm upgrade bug
-# Always increase this release, never reset it to 1 until and unless we
-# bump epoch again
-Release: 103%{?dist}.8
+Release: 103%{?dist}
 Summary: JavaScript runtime
 License: MIT and ASL 2.0 and ISC and BSD
 Group: Development/Languages
@ -74,9 +72,9 @@ URL: http://nodejs.org/
 ExclusiveArch: %{nodejs_arches}

 # nodejs bundles openssl, but we use the system version in Fedora
-# because openssl contains prohibited code, we replace the bundled copy in the
-# tarball with the current latest Fedora version, using the script in Source100
-Source0: node-v%{nodejs_version}-hobbled.tar.gz
+# because openssl contains prohibited code, we remove openssl completely from
+# the tarball, using the script in Source100
+Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source100: %{name}-tarball.sh

 # The native module Requires generator remains in the nodejs SRPM, so it knows
@ -92,9 +90,6 @@ Patch1: nodejs-disable-gyp-deps.patch
 # http://patch-tracker.debian.org/patch/series/view/nodejs/0.10.26~dfsg1-1/2014_donotinclude_root_certs.patch
 Patch2: nodejs-use-system-certs.patch

-# When building against the bundled OpenSSL, use the same flags as Fedora would
-Patch3: 0001-Use-Fedora-OpenSSL-build-flags.patch
-
 # build fails at configure when we build node v6.3.0 with shared libraries,
 # so we need to patch node.gyp too
 # this patch might be redundant in another release, since it seems to work with current upstream master
@ -107,14 +102,8 @@ BuildRequires: libicu-devel
 BuildRequires: zlib-devel
 BuildRequires: gcc >= 4.8.0
 BuildRequires: gcc-c++ >= 4.8.0
-
-%if 0%{?fedora}
-# Node.js requires some features from openssl 1.0.2
+# Node.js requires some features from openssl 1.0.1 for SPDY support
 BuildRequires: openssl-devel >= 1:1.0.2
-%else
-# EPEL currently builds with the OpenSSL pulled from Fedora and
-# copied into the buildroot
-%endif

 # we need the system certificate store when Patch2 is applied
 Requires: ca-certificates
@ -163,21 +152,10 @@ Provides: bundled(v8) = %{v8_version}
 Provides: bundled(http-parser) = %{http_parser_version}

 # Make sure we keep NPM up to date when we update Node.js
-%if 0%{?rhel}
-Requires: npm = %{npm_epoch}:%{npm_version}
-%else
 Recommends: npm = %{npm_epoch}:%{npm_version}
-%endif
-
 Conflicts: npm < %{npm_epoch}:%{npm_version}


-# On EPEL, we don't yet have a sufficiently-new version of OpenSSL, so
-# we have to carry it bundled
-%if 0%{?rhel}
-Provides: bundled(openssl) = 1.0.2h
-%endif
-
 %description
 Node.js is a platform built on Chrome's JavaScript runtime
 for easily building fast, scalable network applications.
@ -240,23 +218,11 @@ The API documentation for the Node.js JavaScript runtime.
 rm -rf deps/uv \
       deps/zlib

-%if 0%{?rhel}
-# On RHEL, we need to build the bundled (hobbled) OpenSSL
-pushd deps/openssl/openssl
-#./config
-popd
-%else
-# On Fedora, we link with the system version, so completely
-# delete the bundled openssl to be certain it doesn't get used.
-rm -rf deps/openssl
-%global CONFIGURE_OPENSSL --shared-openssl
-%endif
-
 # remove bundled CA certificates
 %patch2 -p1
 rm -f src/node_root_certs.h

-%patch3 -p1
+#%patch3 -p1

 %build
 # build with debugging symbols and add defines from libuv (#892601)
@ -266,7 +232,7 @@ export CFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-de
 export CXXFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-delete-null-pointer-checks'

 ./configure --prefix=%{_prefix} \
-           %{?CONFIGURE_OPENSSL} \
+           --shared-openssl \
           --shared-zlib \
           --shared-libuv \
           --without-dtrace \
@ -406,11 +372,6 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -
 %{_pkgdocdir}/npm/doc

 %changelog
-* Thu Sep 08 2016 Stephen Gallagher <sgallagh@redhat.com> - 1:6.%.0-104
- Prepare for EPEL 7 uplift
- Use %%{?epel} tag to maintain a single specfile
- Don't use weak dependencies in EPEL
-
 * Mon Aug 29 2016 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.5.0-103
 - Update to 6.5.0