Prepare for EPEL 7 uplift
- Use %{?epel} tag to maintain a single specfile - Relax openssl requirement to 1.0.1+ for EPEL 7 - Don't use weak dependencies in EPEL
This commit is contained in:
parent
86c043c7a1
commit
b9ddd6c483
76
0001-Use-Fedora-OpenSSL-build-flags.patch
Normal file
76
0001-Use-Fedora-OpenSSL-build-flags.patch
Normal file
@ -0,0 +1,76 @@
|
||||
From 6ecf32b36eab498da24a5e23d08713e19ab341a5 Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Thu, 8 Sep 2016 12:54:20 -0400
|
||||
Subject: [PATCH] Use Fedora OpenSSL build flags
|
||||
|
||||
---
|
||||
deps/openssl/config/Makefile | 5 ++++-
|
||||
deps/openssl/openssl.gypi | 9 ++++++---
|
||||
2 files changed, 10 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/deps/openssl/config/Makefile b/deps/openssl/config/Makefile
|
||||
index c8155b16d8dcfbc7ade7cd463248236d989b0599..7a319fd13b06b0520b3e118691381f27fdccf1a0 100644
|
||||
--- a/deps/openssl/config/Makefile
|
||||
+++ b/deps/openssl/config/Makefile
|
||||
@@ -1,8 +1,11 @@
|
||||
PERL = perl
|
||||
CONFIGURE = ./Configure
|
||||
-COPT = no-shared no-symlinks
|
||||
+COPT = no-shared no-symlinks \
|
||||
+ zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \
|
||||
+ enable-cms enable-md2 enable-rc5 \
|
||||
+ no-mdc2 no-ec2m no-gost no-srp
|
||||
|
||||
ARCHS = aix-gcc aix64-gcc BSD-x86 BSD-x86_64 VC-WIN32 \
|
||||
VC-WIN64A darwin64-x86_64-cc darwin-i386-cc linux-aarch64 \
|
||||
linux-armv4 linux-elf linux-x32 linux-x86_64 linux-ppc \
|
||||
linux-ppc64 linux32-s390x linux64-s390x solaris-x86-gcc \
|
||||
diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi
|
||||
index 3620e45c41074647ef54f040a539c0d1c4f9b7d9..549e87348fb8c929f80ffd651df1bf6591b071d2 100644
|
||||
--- a/deps/openssl/openssl.gypi
|
||||
+++ b/deps/openssl/openssl.gypi
|
||||
@@ -383,11 +383,10 @@
|
||||
'openssl/crypto/evp/m_dss1.c',
|
||||
'openssl/crypto/evp/m_ecdsa.c',
|
||||
'openssl/crypto/evp/m_md2.c',
|
||||
'openssl/crypto/evp/m_md4.c',
|
||||
'openssl/crypto/evp/m_md5.c',
|
||||
- 'openssl/crypto/evp/m_mdc2.c',
|
||||
'openssl/crypto/evp/m_null.c',
|
||||
'openssl/crypto/evp/m_ripemd.c',
|
||||
'openssl/crypto/evp/m_sha.c',
|
||||
'openssl/crypto/evp/m_sha1.c',
|
||||
'openssl/crypto/evp/m_sigver.c',
|
||||
@@ -420,12 +419,10 @@
|
||||
'openssl/crypto/lhash/lhash.c',
|
||||
'openssl/crypto/md4/md4_dgst.c',
|
||||
'openssl/crypto/md4/md4_one.c',
|
||||
'openssl/crypto/md5/md5_dgst.c',
|
||||
'openssl/crypto/md5/md5_one.c',
|
||||
- 'openssl/crypto/mdc2/mdc2_one.c',
|
||||
- 'openssl/crypto/mdc2/mdc2dgst.c',
|
||||
'openssl/crypto/mem.c',
|
||||
'openssl/crypto/mem_dbg.c',
|
||||
'openssl/crypto/modes/cbc128.c',
|
||||
'openssl/crypto/modes/ccm128.c',
|
||||
'openssl/crypto/modes/cfb128.c',
|
||||
@@ -1261,10 +1258,16 @@
|
||||
# Heartbeat is a TLS extension, that couldn't be turned off or
|
||||
# asked to be not advertised. Unfortunately this is unacceptable for
|
||||
# Microsoft's IIS, which seems to be ignoring whole ClientHello after
|
||||
# seeing this extension.
|
||||
'OPENSSL_NO_HEARTBEATS',
|
||||
+
|
||||
+ # Taken from Fedora package:
|
||||
+ 'OPENSSL_NO_SRP',
|
||||
+ 'OPENSSL_NO_GOST',
|
||||
+ 'OPENSSL_NO_MDC2',
|
||||
+ 'OPENSSL_NO_EC2M',
|
||||
],
|
||||
'openssl_default_defines_win': [
|
||||
'MK1MF_BUILD',
|
||||
'WIN32_LEAN_AND_MEAN',
|
||||
'OPENSSL_SYSNAME_WIN32',
|
||||
--
|
||||
2.7.4
|
||||
|
23
nodejs-openssl-fix-no-srp.patch
Normal file
23
nodejs-openssl-fix-no-srp.patch
Normal file
@ -0,0 +1,23 @@
|
||||
From 249270c8047486892b64a169ff16567b506ec1cb Mon Sep 17 00:00:00 2001
|
||||
From: Richard Levitte <levitte@openssl.org>
|
||||
Date: Fri, 22 Jul 2016 21:48:05 +0200
|
||||
Subject: [PATCH] Correct misspelt OPENSSL_NO_SRP
|
||||
|
||||
RT#4619
|
||||
---
|
||||
ssl/statem/statem_clnt.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
|
||||
index b0f508c..5fb0080 100644
|
||||
--- a/ssl/statem/statem_clnt.c
|
||||
+++ b/ssl/statem/statem_clnt.c
|
||||
@@ -2451,7 +2451,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
|
||||
|
||||
static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al)
|
||||
{
|
||||
-#ifndef OPENSSL_NO_SRT
|
||||
+#ifndef OPENSSL_NO_SRP
|
||||
if (s->srp_ctx.A != NULL) {
|
||||
/* send off the data */
|
||||
*len = BN_num_bytes(s->srp_ctx.A);
|
@ -1,7 +1,35 @@
|
||||
#!/bin/sh
|
||||
|
||||
SCRIPTROOT=$(pwd)
|
||||
version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
|
||||
wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz
|
||||
|
||||
if [ ! -e node-v${version}.tar.gz ]; then
|
||||
wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz
|
||||
fi
|
||||
|
||||
tar -zxf node-v${version}.tar.gz
|
||||
rm -rf node-v${version}/deps/openssl
|
||||
tar -zcf node-v${version}-stripped.tar.gz node-v${version}
|
||||
rm -rf node-v${version}/deps/openssl/openssl
|
||||
|
||||
rm -rf openssl
|
||||
fedpkg clone -a openssl
|
||||
pushd openssl
|
||||
fedpkg prep
|
||||
openssl_version=$(rpm -q --specfile --qf='%{version}\n' openssl.spec | head -n1)
|
||||
|
||||
pushd openssl-${openssl_version}
|
||||
git init
|
||||
git add .
|
||||
git commit -m "Initial commit" --no-gpg-sign
|
||||
./config
|
||||
pushd include/openssl
|
||||
#../../../../copy_symlink.sh *.h
|
||||
popd # include/openssl
|
||||
|
||||
git add include/ crypto/opensslconf.h
|
||||
git commit -m "Include headers" --no-gpg-sign
|
||||
git clean -f
|
||||
popd # openssl-${openssl_version}
|
||||
|
||||
popd # openssl
|
||||
mv openssl/openssl-${openssl_version} node-v${version}/deps/openssl/openssl
|
||||
|
||||
tar -zcf node-v${version}-hobbled.tar.gz node-v${version}
|
||||
|
53
nodejs.spec
53
nodejs.spec
@ -63,7 +63,9 @@ Name: nodejs
|
||||
Epoch: 1
|
||||
Version: %{nodejs_version}
|
||||
# Keep this release > 100 for F25+ due to a complicated npm upgrade bug
|
||||
Release: 103%{?dist}
|
||||
# Always increase this release, never reset it to 1 until and unless we
|
||||
# bump epoch again
|
||||
Release: 103%{?dist}.8
|
||||
Summary: JavaScript runtime
|
||||
License: MIT and ASL 2.0 and ISC and BSD
|
||||
Group: Development/Languages
|
||||
@ -72,9 +74,9 @@ URL: http://nodejs.org/
|
||||
ExclusiveArch: %{nodejs_arches}
|
||||
|
||||
# nodejs bundles openssl, but we use the system version in Fedora
|
||||
# because openssl contains prohibited code, we remove openssl completely from
|
||||
# the tarball, using the script in Source100
|
||||
Source0: node-v%{nodejs_version}-stripped.tar.gz
|
||||
# because openssl contains prohibited code, we replace the bundled copy in the
|
||||
# tarball with the current latest Fedora version, using the script in Source100
|
||||
Source0: node-v%{nodejs_version}-hobbled.tar.gz
|
||||
Source100: %{name}-tarball.sh
|
||||
|
||||
# The native module Requires generator remains in the nodejs SRPM, so it knows
|
||||
@ -90,6 +92,9 @@ Patch1: nodejs-disable-gyp-deps.patch
|
||||
# http://patch-tracker.debian.org/patch/series/view/nodejs/0.10.26~dfsg1-1/2014_donotinclude_root_certs.patch
|
||||
Patch2: nodejs-use-system-certs.patch
|
||||
|
||||
# When building against the bundled OpenSSL, use the same flags as Fedora would
|
||||
Patch3: 0001-Use-Fedora-OpenSSL-build-flags.patch
|
||||
|
||||
# build fails at configure when we build node v6.3.0 with shared libraries,
|
||||
# so we need to patch node.gyp too
|
||||
# this patch might be redundant in another release, since it seems to work with current upstream master
|
||||
@ -102,8 +107,14 @@ BuildRequires: libicu-devel
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: gcc >= 4.8.0
|
||||
BuildRequires: gcc-c++ >= 4.8.0
|
||||
# Node.js requires some features from openssl 1.0.1 for SPDY support
|
||||
|
||||
%if 0%{?fedora}
|
||||
# Node.js requires some features from openssl 1.0.2
|
||||
BuildRequires: openssl-devel >= 1:1.0.2
|
||||
%else
|
||||
# EPEL currently builds with the OpenSSL pulled from Fedora and
|
||||
# copied into the buildroot
|
||||
%endif
|
||||
|
||||
# we need the system certificate store when Patch2 is applied
|
||||
Requires: ca-certificates
|
||||
@ -152,10 +163,21 @@ Provides: bundled(v8) = %{v8_version}
|
||||
Provides: bundled(http-parser) = %{http_parser_version}
|
||||
|
||||
# Make sure we keep NPM up to date when we update Node.js
|
||||
%if 0%{?rhel}
|
||||
Requires: npm = %{npm_epoch}:%{npm_version}
|
||||
%else
|
||||
Recommends: npm = %{npm_epoch}:%{npm_version}
|
||||
%endif
|
||||
|
||||
Conflicts: npm < %{npm_epoch}:%{npm_version}
|
||||
|
||||
|
||||
# On EPEL, we don't yet have a sufficiently-new version of OpenSSL, so
|
||||
# we have to carry it bundled
|
||||
%if 0%{?rhel}
|
||||
Provides: bundled(openssl) = 1.0.2h
|
||||
%endif
|
||||
|
||||
%description
|
||||
Node.js is a platform built on Chrome's JavaScript runtime
|
||||
for easily building fast, scalable network applications.
|
||||
@ -218,11 +240,23 @@ The API documentation for the Node.js JavaScript runtime.
|
||||
rm -rf deps/uv \
|
||||
deps/zlib
|
||||
|
||||
%if 0%{?rhel}
|
||||
# On RHEL, we need to build the bundled (hobbled) OpenSSL
|
||||
pushd deps/openssl/openssl
|
||||
#./config
|
||||
popd
|
||||
%else
|
||||
# On Fedora, we link with the system version, so completely
|
||||
# delete the bundled openssl to be certain it doesn't get used.
|
||||
rm -rf deps/openssl
|
||||
%global CONFIGURE_OPENSSL --shared-openssl
|
||||
%endif
|
||||
|
||||
# remove bundled CA certificates
|
||||
%patch2 -p1
|
||||
rm -f src/node_root_certs.h
|
||||
|
||||
#%patch3 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
# build with debugging symbols and add defines from libuv (#892601)
|
||||
@ -232,7 +266,7 @@ export CFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-de
|
||||
export CXXFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-delete-null-pointer-checks'
|
||||
|
||||
./configure --prefix=%{_prefix} \
|
||||
--shared-openssl \
|
||||
%{?CONFIGURE_OPENSSL} \
|
||||
--shared-zlib \
|
||||
--shared-libuv \
|
||||
--without-dtrace \
|
||||
@ -372,6 +406,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node -
|
||||
%{_pkgdocdir}/npm/doc
|
||||
|
||||
%changelog
|
||||
* Thu Sep 08 2016 Stephen Gallagher <sgallagh@redhat.com> - 1:6.%.0-104
|
||||
- Prepare for EPEL 7 uplift
|
||||
- Use %%{?epel} tag to maintain a single specfile
|
||||
- Don't use weak dependencies in EPEL
|
||||
|
||||
* Mon Aug 29 2016 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.5.0-103
|
||||
- Update to 6.5.0
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user