Prepare for EPEL 7 uplift
- Use %{?epel} tag to maintain a single specfile
- Relax openssl requirement to 1.0.1+ for EPEL 7
- Don't use weak dependencies in EPEL
			
			
This commit is contained in:
		
							parent
							
								
									86c043c7a1
								
							
						
					
					
						commit
						b9ddd6c483
					
				
							
								
								
									
										76
									
								
								0001-Use-Fedora-OpenSSL-build-flags.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										76
									
								
								0001-Use-Fedora-OpenSSL-build-flags.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,76 @@ | |||||||
|  | From 6ecf32b36eab498da24a5e23d08713e19ab341a5 Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Stephen Gallagher <sgallagh@redhat.com> | ||||||
|  | Date: Thu, 8 Sep 2016 12:54:20 -0400 | ||||||
|  | Subject: [PATCH] Use Fedora OpenSSL build flags | ||||||
|  | 
 | ||||||
|  | ---
 | ||||||
|  |  deps/openssl/config/Makefile | 5 ++++- | ||||||
|  |  deps/openssl/openssl.gypi    | 9 ++++++--- | ||||||
|  |  2 files changed, 10 insertions(+), 4 deletions(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/deps/openssl/config/Makefile b/deps/openssl/config/Makefile
 | ||||||
|  | index c8155b16d8dcfbc7ade7cd463248236d989b0599..7a319fd13b06b0520b3e118691381f27fdccf1a0 100644
 | ||||||
|  | --- a/deps/openssl/config/Makefile
 | ||||||
|  | +++ b/deps/openssl/config/Makefile
 | ||||||
|  | @@ -1,8 +1,11 @@
 | ||||||
|  |  PERL    = perl | ||||||
|  |  CONFIGURE = ./Configure | ||||||
|  | -COPT = no-shared no-symlinks
 | ||||||
|  | +COPT = no-shared no-symlinks \
 | ||||||
|  | +	zlib sctp enable-camellia enable-seed enable-tlsext enable-rfc3779 \
 | ||||||
|  | +	enable-cms enable-md2 enable-rc5 \
 | ||||||
|  | +	no-mdc2 no-ec2m no-gost no-srp
 | ||||||
|  |   | ||||||
|  |  ARCHS = aix-gcc aix64-gcc BSD-x86 BSD-x86_64 VC-WIN32 \ | ||||||
|  |  VC-WIN64A darwin64-x86_64-cc darwin-i386-cc linux-aarch64 \ | ||||||
|  |  linux-armv4 linux-elf linux-x32 linux-x86_64 linux-ppc \ | ||||||
|  |  linux-ppc64 linux32-s390x linux64-s390x solaris-x86-gcc \ | ||||||
|  | diff --git a/deps/openssl/openssl.gypi b/deps/openssl/openssl.gypi
 | ||||||
|  | index 3620e45c41074647ef54f040a539c0d1c4f9b7d9..549e87348fb8c929f80ffd651df1bf6591b071d2 100644
 | ||||||
|  | --- a/deps/openssl/openssl.gypi
 | ||||||
|  | +++ b/deps/openssl/openssl.gypi
 | ||||||
|  | @@ -383,11 +383,10 @@
 | ||||||
|  |        'openssl/crypto/evp/m_dss1.c', | ||||||
|  |        'openssl/crypto/evp/m_ecdsa.c', | ||||||
|  |        'openssl/crypto/evp/m_md2.c', | ||||||
|  |        'openssl/crypto/evp/m_md4.c', | ||||||
|  |        'openssl/crypto/evp/m_md5.c', | ||||||
|  | -      'openssl/crypto/evp/m_mdc2.c',
 | ||||||
|  |        'openssl/crypto/evp/m_null.c', | ||||||
|  |        'openssl/crypto/evp/m_ripemd.c', | ||||||
|  |        'openssl/crypto/evp/m_sha.c', | ||||||
|  |        'openssl/crypto/evp/m_sha1.c', | ||||||
|  |        'openssl/crypto/evp/m_sigver.c', | ||||||
|  | @@ -420,12 +419,10 @@
 | ||||||
|  |        'openssl/crypto/lhash/lhash.c', | ||||||
|  |        'openssl/crypto/md4/md4_dgst.c', | ||||||
|  |        'openssl/crypto/md4/md4_one.c', | ||||||
|  |        'openssl/crypto/md5/md5_dgst.c', | ||||||
|  |        'openssl/crypto/md5/md5_one.c', | ||||||
|  | -      'openssl/crypto/mdc2/mdc2_one.c',
 | ||||||
|  | -      'openssl/crypto/mdc2/mdc2dgst.c',
 | ||||||
|  |        'openssl/crypto/mem.c', | ||||||
|  |        'openssl/crypto/mem_dbg.c', | ||||||
|  |        'openssl/crypto/modes/cbc128.c', | ||||||
|  |        'openssl/crypto/modes/ccm128.c', | ||||||
|  |        'openssl/crypto/modes/cfb128.c', | ||||||
|  | @@ -1261,10 +1258,16 @@
 | ||||||
|  |        # Heartbeat is a TLS extension, that couldn't be turned off or | ||||||
|  |        # asked to be not advertised. Unfortunately this is unacceptable for | ||||||
|  |        # Microsoft's IIS, which seems to be ignoring whole ClientHello after | ||||||
|  |        # seeing this extension. | ||||||
|  |        'OPENSSL_NO_HEARTBEATS', | ||||||
|  | +
 | ||||||
|  | +      # Taken from Fedora package:
 | ||||||
|  | +      'OPENSSL_NO_SRP',
 | ||||||
|  | +      'OPENSSL_NO_GOST',
 | ||||||
|  | +      'OPENSSL_NO_MDC2',
 | ||||||
|  | +      'OPENSSL_NO_EC2M',
 | ||||||
|  |      ], | ||||||
|  |      'openssl_default_defines_win': [ | ||||||
|  |        'MK1MF_BUILD', | ||||||
|  |        'WIN32_LEAN_AND_MEAN', | ||||||
|  |        'OPENSSL_SYSNAME_WIN32', | ||||||
|  | -- 
 | ||||||
|  | 2.7.4 | ||||||
|  | 
 | ||||||
							
								
								
									
										23
									
								
								nodejs-openssl-fix-no-srp.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										23
									
								
								nodejs-openssl-fix-no-srp.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,23 @@ | |||||||
|  | From 249270c8047486892b64a169ff16567b506ec1cb Mon Sep 17 00:00:00 2001 | ||||||
|  | From: Richard Levitte <levitte@openssl.org> | ||||||
|  | Date: Fri, 22 Jul 2016 21:48:05 +0200 | ||||||
|  | Subject: [PATCH] Correct misspelt OPENSSL_NO_SRP | ||||||
|  | 
 | ||||||
|  | RT#4619 | ||||||
|  | ---
 | ||||||
|  |  ssl/statem/statem_clnt.c | 2 +- | ||||||
|  |  1 file changed, 1 insertion(+), 1 deletion(-) | ||||||
|  | 
 | ||||||
|  | diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
 | ||||||
|  | index b0f508c..5fb0080 100644
 | ||||||
|  | --- a/ssl/statem/statem_clnt.c
 | ||||||
|  | +++ b/ssl/statem/statem_clnt.c
 | ||||||
|  | @@ -2451,7 +2451,7 @@ static int tls_construct_cke_gost(SSL *s, unsigned char **p, int *len, int *al)
 | ||||||
|  |   | ||||||
|  |  static int tls_construct_cke_srp(SSL *s, unsigned char **p, int *len, int *al) | ||||||
|  |  { | ||||||
|  | -#ifndef OPENSSL_NO_SRT
 | ||||||
|  | +#ifndef OPENSSL_NO_SRP
 | ||||||
|  |      if (s->srp_ctx.A != NULL) { | ||||||
|  |          /* send off the data */ | ||||||
|  |          *len = BN_num_bytes(s->srp_ctx.A); | ||||||
| @ -1,7 +1,35 @@ | |||||||
| #!/bin/sh | #!/bin/sh | ||||||
| 
 | SCRIPTROOT=$(pwd) | ||||||
| version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1) | version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1) | ||||||
| wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz | 
 | ||||||
|  | if [ ! -e node-v${version}.tar.gz ]; then | ||||||
|  |     wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz | ||||||
|  | fi | ||||||
|  | 
 | ||||||
| tar -zxf node-v${version}.tar.gz | tar -zxf node-v${version}.tar.gz | ||||||
| rm -rf node-v${version}/deps/openssl | rm -rf node-v${version}/deps/openssl/openssl | ||||||
| tar -zcf node-v${version}-stripped.tar.gz node-v${version} | 
 | ||||||
|  | rm -rf openssl | ||||||
|  | fedpkg clone -a openssl | ||||||
|  | pushd openssl | ||||||
|  | fedpkg prep | ||||||
|  | openssl_version=$(rpm -q --specfile --qf='%{version}\n' openssl.spec | head -n1) | ||||||
|  | 
 | ||||||
|  | pushd openssl-${openssl_version} | ||||||
|  | git init | ||||||
|  | git add . | ||||||
|  | git commit -m "Initial commit" --no-gpg-sign | ||||||
|  | ./config | ||||||
|  | pushd include/openssl | ||||||
|  | #../../../../copy_symlink.sh *.h | ||||||
|  | popd # include/openssl | ||||||
|  | 
 | ||||||
|  | git add include/ crypto/opensslconf.h | ||||||
|  | git commit -m "Include headers" --no-gpg-sign | ||||||
|  | git clean -f | ||||||
|  | popd # openssl-${openssl_version} | ||||||
|  | 
 | ||||||
|  | popd # openssl | ||||||
|  | mv openssl/openssl-${openssl_version} node-v${version}/deps/openssl/openssl | ||||||
|  | 
 | ||||||
|  | tar -zcf node-v${version}-hobbled.tar.gz node-v${version} | ||||||
|  | |||||||
							
								
								
									
										53
									
								
								nodejs.spec
									
									
									
									
									
								
							
							
						
						
									
										53
									
								
								nodejs.spec
									
									
									
									
									
								
							| @ -63,7 +63,9 @@ Name: nodejs | |||||||
| Epoch: 1 | Epoch: 1 | ||||||
| Version: %{nodejs_version} | Version: %{nodejs_version} | ||||||
| # Keep this release > 100 for F25+ due to a complicated npm upgrade bug | # Keep this release > 100 for F25+ due to a complicated npm upgrade bug | ||||||
| Release: 103%{?dist} | # Always increase this release, never reset it to 1 until and unless we | ||||||
|  | # bump epoch again | ||||||
|  | Release: 103%{?dist}.8 | ||||||
| Summary: JavaScript runtime | Summary: JavaScript runtime | ||||||
| License: MIT and ASL 2.0 and ISC and BSD | License: MIT and ASL 2.0 and ISC and BSD | ||||||
| Group: Development/Languages | Group: Development/Languages | ||||||
| @ -72,9 +74,9 @@ URL: http://nodejs.org/ | |||||||
| ExclusiveArch: %{nodejs_arches} | ExclusiveArch: %{nodejs_arches} | ||||||
| 
 | 
 | ||||||
| # nodejs bundles openssl, but we use the system version in Fedora | # nodejs bundles openssl, but we use the system version in Fedora | ||||||
| # because openssl contains prohibited code, we remove openssl completely from | # because openssl contains prohibited code, we replace the bundled copy in the | ||||||
| # the tarball, using the script in Source100 | # tarball with the current latest Fedora version, using the script in Source100 | ||||||
| Source0: node-v%{nodejs_version}-stripped.tar.gz | Source0: node-v%{nodejs_version}-hobbled.tar.gz | ||||||
| Source100: %{name}-tarball.sh | Source100: %{name}-tarball.sh | ||||||
| 
 | 
 | ||||||
| # The native module Requires generator remains in the nodejs SRPM, so it knows | # The native module Requires generator remains in the nodejs SRPM, so it knows | ||||||
| @ -90,6 +92,9 @@ Patch1: nodejs-disable-gyp-deps.patch | |||||||
| # http://patch-tracker.debian.org/patch/series/view/nodejs/0.10.26~dfsg1-1/2014_donotinclude_root_certs.patch | # http://patch-tracker.debian.org/patch/series/view/nodejs/0.10.26~dfsg1-1/2014_donotinclude_root_certs.patch | ||||||
| Patch2: nodejs-use-system-certs.patch | Patch2: nodejs-use-system-certs.patch | ||||||
| 
 | 
 | ||||||
|  | # When building against the bundled OpenSSL, use the same flags as Fedora would | ||||||
|  | Patch3: 0001-Use-Fedora-OpenSSL-build-flags.patch | ||||||
|  | 
 | ||||||
| # build fails at configure when we build node v6.3.0 with shared libraries, | # build fails at configure when we build node v6.3.0 with shared libraries, | ||||||
| # so we need to patch node.gyp too | # so we need to patch node.gyp too | ||||||
| # this patch might be redundant in another release, since it seems to work with current upstream master | # this patch might be redundant in another release, since it seems to work with current upstream master | ||||||
| @ -102,8 +107,14 @@ BuildRequires: libicu-devel | |||||||
| BuildRequires: zlib-devel | BuildRequires: zlib-devel | ||||||
| BuildRequires: gcc >= 4.8.0 | BuildRequires: gcc >= 4.8.0 | ||||||
| BuildRequires: gcc-c++ >= 4.8.0 | BuildRequires: gcc-c++ >= 4.8.0 | ||||||
| # Node.js requires some features from openssl 1.0.1 for SPDY support | 
 | ||||||
|  | %if 0%{?fedora} | ||||||
|  | # Node.js requires some features from openssl 1.0.2 | ||||||
| BuildRequires: openssl-devel >= 1:1.0.2 | BuildRequires: openssl-devel >= 1:1.0.2 | ||||||
|  | %else | ||||||
|  | # EPEL currently builds with the OpenSSL pulled from Fedora and | ||||||
|  | # copied into the buildroot | ||||||
|  | %endif | ||||||
| 
 | 
 | ||||||
| # we need the system certificate store when Patch2 is applied | # we need the system certificate store when Patch2 is applied | ||||||
| Requires: ca-certificates | Requires: ca-certificates | ||||||
| @ -152,10 +163,21 @@ Provides: bundled(v8) = %{v8_version} | |||||||
| Provides: bundled(http-parser) = %{http_parser_version} | Provides: bundled(http-parser) = %{http_parser_version} | ||||||
| 
 | 
 | ||||||
| # Make sure we keep NPM up to date when we update Node.js | # Make sure we keep NPM up to date when we update Node.js | ||||||
|  | %if 0%{?rhel} | ||||||
|  | Requires: npm = %{npm_epoch}:%{npm_version} | ||||||
|  | %else | ||||||
| Recommends: npm = %{npm_epoch}:%{npm_version} | Recommends: npm = %{npm_epoch}:%{npm_version} | ||||||
|  | %endif | ||||||
|  | 
 | ||||||
| Conflicts: npm < %{npm_epoch}:%{npm_version} | Conflicts: npm < %{npm_epoch}:%{npm_version} | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
|  | # On EPEL, we don't yet have a sufficiently-new version of OpenSSL, so | ||||||
|  | # we have to carry it bundled | ||||||
|  | %if 0%{?rhel} | ||||||
|  | Provides: bundled(openssl) = 1.0.2h | ||||||
|  | %endif | ||||||
|  | 
 | ||||||
| %description | %description | ||||||
| Node.js is a platform built on Chrome's JavaScript runtime | Node.js is a platform built on Chrome's JavaScript runtime | ||||||
| for easily building fast, scalable network applications. | for easily building fast, scalable network applications. | ||||||
| @ -218,11 +240,23 @@ The API documentation for the Node.js JavaScript runtime. | |||||||
| rm -rf deps/uv \ | rm -rf deps/uv \ | ||||||
|        deps/zlib |        deps/zlib | ||||||
| 
 | 
 | ||||||
|  | %if 0%{?rhel} | ||||||
|  | # On RHEL, we need to build the bundled (hobbled) OpenSSL | ||||||
|  | pushd deps/openssl/openssl | ||||||
|  | #./config | ||||||
|  | popd | ||||||
|  | %else | ||||||
|  | # On Fedora, we link with the system version, so completely | ||||||
|  | # delete the bundled openssl to be certain it doesn't get used. | ||||||
|  | rm -rf deps/openssl | ||||||
|  | %global CONFIGURE_OPENSSL --shared-openssl | ||||||
|  | %endif | ||||||
|  | 
 | ||||||
| # remove bundled CA certificates | # remove bundled CA certificates | ||||||
| %patch2 -p1 | %patch2 -p1 | ||||||
| rm -f src/node_root_certs.h | rm -f src/node_root_certs.h | ||||||
| 
 | 
 | ||||||
| #%patch3 -p1 | %patch3 -p1 | ||||||
| 
 | 
 | ||||||
| %build | %build | ||||||
| # build with debugging symbols and add defines from libuv (#892601) | # build with debugging symbols and add defines from libuv (#892601) | ||||||
| @ -232,7 +266,7 @@ export CFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-de | |||||||
| export CXXFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-delete-null-pointer-checks' | export CXXFLAGS='%{optflags} -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fno-delete-null-pointer-checks' | ||||||
| 
 | 
 | ||||||
| ./configure --prefix=%{_prefix} \ | ./configure --prefix=%{_prefix} \ | ||||||
|            --shared-openssl \ |            %{?CONFIGURE_OPENSSL} \ | ||||||
|            --shared-zlib \ |            --shared-zlib \ | ||||||
|            --shared-libuv \ |            --shared-libuv \ | ||||||
|            --without-dtrace \ |            --without-dtrace \ | ||||||
| @ -372,6 +406,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node - | |||||||
| %{_pkgdocdir}/npm/doc | %{_pkgdocdir}/npm/doc | ||||||
| 
 | 
 | ||||||
| %changelog | %changelog | ||||||
|  | * Thu Sep 08 2016 Stephen Gallagher <sgallagh@redhat.com> - 1:6.%.0-104 | ||||||
|  | - Prepare for EPEL 7 uplift | ||||||
|  | - Use %%{?epel} tag to maintain a single specfile | ||||||
|  | - Don't use weak dependencies in EPEL | ||||||
|  | 
 | ||||||
| * Mon Aug 29 2016 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.5.0-103 | * Mon Aug 29 2016 Zuzana Svetlikova <zsvetlik@redhat.com> - 1:6.5.0-103 | ||||||
| - Update to 6.5.0 | - Update to 6.5.0 | ||||||
| 
 | 
 | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user