From 982c5528049512b62cee1567eedea2b37941528d Mon Sep 17 00:00:00 2001 From: Zuzana Svetlikova Date: Fri, 12 May 2017 13:54:03 +0200 Subject: [PATCH 1/3] Rebuild without bootstrap --- nodejs.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/nodejs.spec b/nodejs.spec index 8debc37..2383a44 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -1,6 +1,6 @@ %global with_debug 1 -%{!?_with_bootstrap: %global bootstrap 1} +%{!?_with_bootstrap: %global bootstrap 0} %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}} @@ -21,7 +21,7 @@ %global nodejs_patch 3 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} -%global nodejs_release 2 +%global nodejs_release 3 # == Bundled Dependency Versions == # v8 - from deps/v8/include/v8-version.h @@ -447,6 +447,9 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node - %{_pkgdocdir}/npm/doc %changelog +* Fri May 12 2017 Zuzana Svetlikova - 1:6.10.3-3 +- Rebuild without bootstrap + * Thu May 11 2017 Zuzana Svetlikova - 1:6.10.3-2 - Provide bundled http-parser in case of boostraping From 8cf702090d039ca8fa20e5ff955f9008b7ff4c62 Mon Sep 17 00:00:00 2001 From: Zuzana Svetlikova Date: Fri, 9 Jun 2017 12:59:25 +0200 Subject: [PATCH 2/3] Update to 6.11.0, remove merged system CA patch --- .gitignore | 1 + nodejs.spec | 20 +++++++++----------- sources | 2 +- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index e92f336..863b931 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,4 @@ /node-v6.10.1-stripped.tar.gz /node-v6.10.2-stripped.tar.gz /node-v6.10.3-stripped.tar.gz +/node-v6.11.0-stripped.tar.gz diff --git a/nodejs.spec b/nodejs.spec index 2383a44..b2d14fb 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -17,18 +17,18 @@ # than a Fedora release lifecycle. %global nodejs_epoch 1 %global nodejs_major 6 -%global nodejs_minor 10 -%global nodejs_patch 3 +%global nodejs_minor 11 +%global nodejs_patch 0 %global nodejs_abi %{nodejs_major}.%{nodejs_minor} %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch} -%global nodejs_release 3 +%global nodejs_release 1 # == Bundled Dependency Versions == # v8 - from deps/v8/include/v8-version.h %global v8_major 5 %global v8_minor 1 %global v8_build 281 -%global v8_patch 101 +%global v8_patch 102 # V8 presently breaks ABI at least every x.y release while never bumping SONAME %global v8_abi %{v8_major}.%{v8_minor} %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch} @@ -99,10 +99,6 @@ Patch1: 0001-Disable-running-gyp-files-for-bundled-deps.patch # EPEL only has OpenSSL 1.0.1, so we need to carry a patch on that platform Patch2: 0002-Use-openssl-1.0.1.patch -# use system certificates instead of the bundled ones -# Backported from upstream 7.5.0+ -Patch3: 0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch - # Backported upstream patch to allow building with GCC 7 from # https://github.com/nodejs/node/commit/2bbee49e6f170a5d6628444a7c9a2235fe0dd929 Patch4: 0004-Fix-compatibility-with-GCC-7.patch @@ -252,9 +248,6 @@ rm -rf deps/icu-small \ deps/uv \ deps/zlib -# Use system CA certificates -%patch3 -p1 - # Fix GCC7 build %patch4 -p1 @@ -447,6 +440,11 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node - %{_pkgdocdir}/npm/doc %changelog +* Fri May 12 2017 Zuzana Svetlikova - 1:6.11.0-1 +- Update to 6.11.0 +- remove system CA patch since it was merged upstream +- https://github.com/nodejs/node/pull/8334 + * Fri May 12 2017 Zuzana Svetlikova - 1:6.10.3-3 - Rebuild without bootstrap diff --git a/sources b/sources index fee1521..77400eb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (node-v6.10.3-stripped.tar.gz) = 0750e6c1597c2379df59fafb5945d3af7d59f371c7996c56394f0cac5361627cebde3f6e46468ef76b0eb6d242e77538ec0c8136f75b98c140f1c6235df596bd +SHA512 (node-v6.11.0-stripped.tar.gz) = a23e0d8461dcf87048555d2e4e62c0bacecf6d2a6a8d6d27ed08f6f0911ec31f9a7abc48ab45478eaf3ba6af593714e628a194340168581f2f9c3c8dbf0c7a1d From 12757baada724c2ddb5f3092fcadac901f38911f Mon Sep 17 00:00:00 2001 From: Zuzana Svetlikova Date: Fri, 9 Jun 2017 14:51:29 +0200 Subject: [PATCH 3/3] Fix spec --- ...em-CAs-instead-of-using-bundled-ones.patch | 84 ------------------- nodejs.spec | 2 +- 2 files changed, 1 insertion(+), 85 deletions(-) delete mode 100644 0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch diff --git a/0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch b/0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch deleted file mode 100644 index 8c6db97..0000000 --- a/0003-crypto-Use-system-CAs-instead-of-using-bundled-ones.patch +++ /dev/null @@ -1,84 +0,0 @@ -From f1a0660b9186c3f4d55d7c07219126e199c787f9 Mon Sep 17 00:00:00 2001 -From: Adam Majer -Date: Wed, 21 Dec 2016 11:16:38 +0100 -Subject: [PATCH 3/4] crypto: Use system CAs instead of using bundled ones - -NodeJS can already use an external, shared OpenSSL library. This -library knows where to look for OS managed certificates. Allow -a compile-time option to use this CA store by default instead of -using bundled certificates. - -In case when using bundled OpenSSL, the paths are also valid for -majority of Linux systems without additional intervention. If -this is not set, we can use SSL_CERT_DIR to point it to correct -location. - -Fixes: https://github.com/nodejs/node/issues/3159 -PR-URL: https://github.com/nodejs/node/pull/8334 -Reviewed-By: Sam Roberts -Reviewed-By: James M Snell -Reviewed-By: Fedor Indutny ---- - configure | 7 +++++++ - src/node_crypto.cc | 4 ++++ - 2 files changed, 11 insertions(+) - -diff --git a/configure b/configure -index 821b8771bc8909d8453bc31e3c8d8dc65368c0e4..e64bad9a030693b726e0974f48aefa6e1ad87723 100755 ---- a/configure -+++ b/configure -@@ -142,10 +142,15 @@ parser.add_option("--openssl-no-asm", - parser.add_option('--openssl-fips', - action='store', - dest='openssl_fips', - help='Build OpenSSL using FIPS canister .o file in supplied folder') - -+parser.add_option('--openssl-use-def-ca-store', -+ action='store_true', -+ dest='use_openssl_ca_store', -+ help='Use OpenSSL supplied CA store instead of compiled-in Mozilla CA copy.') -+ - shared_optgroup.add_option('--shared-http-parser', - action='store_true', - dest='shared_http_parser', - help='link to a shared http_parser DLL instead of static linking') - -@@ -937,10 +942,12 @@ def configure_v8(o): - - def configure_openssl(o): - o['variables']['node_use_openssl'] = b(not options.without_ssl) - o['variables']['node_shared_openssl'] = b(options.shared_openssl) - o['variables']['openssl_no_asm'] = 1 if options.openssl_no_asm else 0 -+ if options.use_openssl_ca_store: -+ o['defines'] += ['NODE_OPENSSL_CERT_STORE'] - if options.openssl_fips: - o['variables']['openssl_fips'] = options.openssl_fips - fips_dir = os.path.join(root_dir, 'deps', 'openssl', 'fips') - fips_ld = os.path.abspath(os.path.join(fips_dir, 'fipsld')) - o['make_fips_settings'] = [ -diff --git a/src/node_crypto.cc b/src/node_crypto.cc -index c5630f30d0bef75ced53b36062bb1f0324dbdb9d..873b37d71b51aa62c8ebd56ea5b182567675e2dd 100644 ---- a/src/node_crypto.cc -+++ b/src/node_crypto.cc -@@ -803,14 +803,18 @@ static X509_STORE* NewRootCertStore() { - root_certs_vector->push_back(x509); - } - } - - X509_STORE* store = X509_STORE_new(); -+#if defined(NODE_OPENSSL_CERT_STORE) -+ X509_STORE_set_default_paths(store); -+#else - for (auto& cert : *root_certs_vector) { - X509_up_ref(cert); - X509_STORE_add_cert(store, cert); - } -+#endif - - return store; - } - - --- -2.12.0 - diff --git a/nodejs.spec b/nodejs.spec index b2d14fb..aa28b3f 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -440,7 +440,7 @@ NODE_PATH=%{buildroot}%{_prefix}/lib/node_modules %{buildroot}/%{_bindir}/node - %{_pkgdocdir}/npm/doc %changelog -* Fri May 12 2017 Zuzana Svetlikova - 1:6.11.0-1 +* Fri Jun 09 2017 Zuzana Svetlikova - 1:6.11.0-1 - Update to 6.11.0 - remove system CA patch since it was merged upstream - https://github.com/nodejs/node/pull/8334