Try to fix Provides/Requires

Current binaries are not installable:

nothing provides nodejs-libs(riscv-64) = 1:20.18.0-3.fc41 needed by nodejs-1:20.18.0-3.fc41.0.riscv64.riscv64 from build

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

.fmf/version

@@ -0,0 +1 @@
+1

0001-Remove-unused-OpenSSL-config.patch

@@ -1,4 +1,4 @@
-From ff8035bf1039a63785cbb325b24f1d9520b17854 Mon Sep 17 00:00:00 2001
+From 6c472efbaa21e0ea57f98135f41c9000f4bf039a Mon Sep 17 00:00:00 2001
 From: Stephen Gallagher <sgallagh@redhat.com>
 Date: Fri, 17 Apr 2020 12:59:44 +0200
 Subject: [PATCH] Remove unused OpenSSL config
@@ -13,10 +13,10 @@ Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
  1 file changed, 17 deletions(-)
 
 diff --git a/node.gyp b/node.gyp
-index 6d1b2bf36902cf54f33513873441c403c2e7ee3d..e5c1f696ffb14421df1a5626be6cf1c6738d870e 100644
+index 49e39c3ce8b2e29871333cee99dfd9646358df56..fb5f587d258700ccc390c387bce138c58d2fb078 100644
 --- a/node.gyp
 +++ b/node.gyp
-@@ -421,23 +421,6 @@
+@@ -739,23 +739,6 @@
                ],
              },
            ],
@@ -41,5 +41,5 @@ index 6d1b2bf36902cf54f33513873441c403c2e7ee3d..e5c1f696ffb14421df1a5626be6cf1c6
        ],
      }, # node_core_target_name
 -- 
-2.39.2
+2.41.0
 

README-packaging.md

@@ -0,0 +1,128 @@
+# Packaging Node.js
+These instructions are applicable as of 2023-04-27, following the
+implementation of https://www.fedoraproject.org/wiki/Changes/NodejsRepackaging
+
+These instructions use Node.js 20 as an example, but should be applicable to
+any major version. Exceptions will be identified as needed.
+
+
+## Basic steps to update to a new release
+
+1.  Run the following command to automatically update the specfile and SOURCES:
+
+    ```
+    ./nodejs-sources 20.1.0
+    ```
+
+    This will download the tarball from nodejs.org, strip out the bundled
+    OpenSSL code, extract the versions of the bundled sources, pull down the
+    ICU data files and update the spec file with this new information, also
+    pushing the rebuilt tarball into the Fedora lookaside cache.
+
+2.  Verify that the patches still apply by running `fedpkg prep`. If they do
+    not, follow the steps under "Resolving Patch Conflicts".
+
+3.  (Preferred) Perform a scratch-build on at least one architecture
+
+    ```
+    fedpkg scratch-build [--arch x86_64] --srpm
+    ```
+
+    Verify that it built successfully.
+
+4.  Commit the code locally and push it to all active Fedora branches.
+
+    ```
+    git commit -sam "Update to version 20.1.0"
+    ```
+
+    ```
+    git push origin rawhide rawhide:f38 rawhide:f37
+    ```
+
+5.  Build for all active Fedora branches
+
+    ```
+    for i in f37 f38 rawhide ; do fedpkg --release $i build --nowait ; done
+    ```
+
+
+## Basic steps to update the packaging
+
+1.  Make all changes in the `packaging/nodejs.spec.j2` file.
+
+2.  When finished, run
+
+    ```
+    ./nodejs-sources 20.1.0 --no-push
+    ```
+
+    which will regenerate the nodejs20.spec file with the appropriate values.
+    The `--no-push` argument is used to avoid uploading a new tarball to the
+    lookaside cache.[^1]
+
+3. (Preferred) Perform a scratch-build on at least one architecture
+
+    ```
+    fedpkg scratch-build [--arch x86_64] --srpm
+    ```
+
+    Verify that it built successfully.
+
+4.  Commit the code locally and push it to all active Fedora branches.
+
+    ```
+    git commit -sam "Update to version 20.1.0"
+    ```
+
+    ```
+    git push origin rawhide rawhide:f38 rawhide:f37
+    ```
+
+5.  Build for all active Fedora branches
+
+    ```
+    for i in f37 f38 rawhide ; do fedpkg --release $i build --nowait ; done
+    ```
+
+
+## Resolving Patch Conflicts
+
+1.  Clone the upstream Node.js repository
+
+    ```
+    git clone -o upstream git://github.com/nodejs/node.git nodejs-upstream
+    ```
+
+2. Rebase the Fedora patches atop the latest release
+
+    ```
+    pushd nodejs-upstream
+    ```
+
+    ```
+    git checkout -b fedora-v20 v20.1.0
+    ```
+
+    ```
+    git am -3 ../nodejs-fedora/*.patch
+    ```
+
+    If the patches do not apply cleanly, resolve the merges appropriately. Once
+    they have all been applied, output them again:
+
+    ```
+    git format-patch -M --patience --full-index -o ../nodejs20 v20.1.0..HEAD
+    ```
+
+    ```
+    popd
+    ```
+
+3.  Resume the basic process.
+
+
+[^1]: Due to non-deterministic behavior, stripping out the OpenSSL bits from
+    the upstream tarball and recompressing it will result in a different
+    checksum hash. This isn't harmful, but wastes bandwidth and storage space,
+    so use `--no-push` when possible.

bundled_licenses.py

@@ -0,0 +1,99 @@
+#!/bin/env python3
+
+# Copyright 2024 Red Hat
+# Use of this source code is governed by an MIT-style
+# license that can be found in the LICENSE file or at
+# https://opensource.org/licenses/MIT.
+
+# A Python script bundled_licenses.py should help identifying
+# licenses used in the bundled deps. It simply parses package.json
+# files in the given directory and returns best guess about the
+# License: RPM tag.
+#
+# The expected usage is like this:
+# * run bundled_licenses.py on the binary RPMs to see what is
+#   bundled in the shipped RPMs
+# * validate the output of bundled_licenses.py
+# * add licenses identified in the source code of nodejs itself
+# * validate the resulting License tag suggestion by license-validate tool
+
+import argparse
+import os
+import json
+
+
+def find_package_json(directories):
+    # List to store file paths matching the pattern
+    file_paths = []
+
+    # Walk through the directories and their subdirectories
+    for directory in directories:
+        for root, dirs, files in os.walk(directory):
+            for file in files:
+                if file == 'package.json':
+                    # package.json under a directory test/fixtures are usually not relevant
+                    file_path = os.path.join(root, file)
+                    if 'test/fixtures' in file_path:
+                        print(f"Warning: Skipping {file_path} as it seems to be a fixture that is likely not valid.")
+                        continue
+                    print(f"Found package.json at: {file_path}")
+                    file_paths.append(file_path)
+    return file_paths
+
+
+def parse_license_tag(license_tag):
+    if type(license_tag) == dict and 'type' in license_tag:
+        return license_tag['type']
+    return license_tag
+
+
+def fix_known_spdx_issues(license):
+    if license == 'Apache 2.0':
+        return 'Apache-2.0'
+    return license
+
+
+def license_from_package_json(file_path):
+    with open(file_path, 'r') as json_file:
+        try:
+            data = json.load(json_file)
+            if 'license' in data:
+                return parse_license_tag(data['license'])
+            elif 'licenses' in data:
+                return ' AND '.join([parse_license_tag(license) for license in data['licenses']])
+            else:
+                if 'name' in data and 'version' in data:
+                    print(f"Error: Key license not found in {file_path} despite it looking like a valid package.json file")
+                else:
+                    print(f"Warning: Key license not found in {file_path} but it might not be a valid package.json file at all")
+        except json.JSONDecodeError as e:
+            print(f"Error parsing {file_path}: {e}")
+
+    return None
+
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Find and parse package.json '\
+             'files in specified directories, and return probable License tag to '\
+             'be used in an RPM spec file. It is likely better to run it on '\
+             'unpacked or installed RPMs, rather than unpacked source, because '\
+             'some of the bundled deps are likely not used in the shipped output. '\
+             'It is always necessary to manually verify the results by investigating '\
+             'the files and the resulting License tag may be verified using '\
+             'license-validate tool (check license-validate RPM in Fedora) .')
+    parser.add_argument('directories', nargs='*', default=[os.getcwd()], 
+                        help='Directories to search for package.json files, if none is given, use the current directory.')
+
+    args = parser.parse_args()
+
+    licenses = set()
+
+    package_json_files = find_package_json(args.directories)
+    for f in package_json_files:
+        l = license_from_package_json(f)
+        if l:
+            licenses.add(fix_known_spdx_issues(l))
+            print(f"OK: License detected in {f}: {l}")
+    print('Final license tag to be used in the RPM spec file (please, confirm manually '\
+          'by looking into files and validate using the license-validate tool):')
+    print('License: ' + ' AND '.join(sorted(licenses)))

gating.yaml

@@ -0,0 +1,17 @@
+--- !Policy  # testing repository
+product_versions:
+  - fedora-*
+decision_contexts: [bodhi_update_push_testing]
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.installability.functional}
+--- !Policy  # stable repository
+product_versions:
+  - fedora-*
+decision_contexts: [bodhi_update_push_stable]
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.installability.functional}
+...

nodejs-sources.sh

@@ -5,6 +5,7 @@
 
 # ARG_POSITIONAL_SINGLE([version],[Node.js release version])
 # ARG_OPTIONAL_BOOLEAN([push],[],[Whether to upload to the lookaside cache],[on])
+# ARG_OPTIONAL_BOOLEAN([debug],[],[Print all commands],[off])
 # ARG_DEFAULTS_POS([])
 # ARG_HELP([Tool to aid in Node.js packaging of new releases])
 # ARGBASH_GO()
@@ -35,14 +36,18 @@ _positionals=()
 _arg_version=
 # THE DEFAULTS INITIALIZATION - OPTIONALS
 _arg_push="on"
+_arg_debug="off"
+_arg_install_missing_tools="off"
 
 
 print_help()
 {
 	printf '%s\n' "Tool to aid in Node.js packaging of new releases"
-	printf 'Usage: %s [--(no-)push] [-h|--help] <version>\n' "$0"
+	printf 'Usage: %s [--(no-)push] [--(no-)debug] [-h|--help] <version>\n' "$0"
 	printf '\t%s\n' "<version>: Node.js release version"
 	printf '\t%s\n' "--push, --no-push: Whether to upload to the lookaside cache (on by default)"
+	printf '\t%s\n' "--debug, --no-debug: Print all commands (off by default)"
+	printf '\t%s\n' "--install-missing-tools, --no-install-missing-tools: Automatically install missing tools that this script requires (off by default)"
 	printf '\t%s\n' "-h, --help: Prints help"
 }
 
@@ -58,6 +63,14 @@ parse_commandline()
 				_arg_push="on"
 				test "${1:0:5}" = "--no-" && _arg_push="off"
 				;;
+			--no-debug|--debug)
+				_arg_debug="on"
+				test "${1:0:5}" = "--no-" && _arg_debug="off"
+				;;
+			--no-install-missing-tools|--install-missing-tools)
+				_arg_install_missing_tools="on"
+				test "${1:0:5}" = "--no-" && _arg_install_missing_tools="off"
+				;;
 			-h|--help)
 				print_help
 				exit 0
@@ -108,15 +121,31 @@ assign_positional_args 1 "${_positionals[@]}"
 ### END OF CODE GENERATED BY Argbash (sortof) ### ])
 # [ <-- needed because of Argbash
 
+if [ $_arg_debug = 'on' ]; then
+  set -x
+fi
+
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 
 alias wget='wget --quiet'
 
-packages=("jq" "wget" "tar" "fedpkg" "grep" "sed")
+# wget is actually provided by wget2-wget in F40 and RHEL 10 and beyond,
+# so let's figure out a correct package name based on the current system
+# to not try to find a package that is called differently. Otherwise we
+# would try to install a package that is not necessary or available.
+wget_name=$( . /etc/os-release ; if [ "${PLATFORM_ID:9:2}" = "f4" ] || [ "${PLATFORM_ID:9:3}" = el1 ] ; then echo wget2-wget ; else echo wget ; fi)
+
+packages=("jq" "$wget_name" "tar" "fedpkg" "grep" "sed" "python3-jinja2-cli" "nodejs")
 
 rpm -q ${packages[@]} >/dev/null
 if [ $? -ne 0 ]; then
-  sudo dnf -y install ${packages[@]}
+  echo "Some of the required tools missing: ${packages[@]}" >&2
+  if [ $_arg_install_missing_tools = 'on' ]; then
+    echo "Installing them automatically" >&2
+    sudo dnf -y install ${packages[@]}
+  else
+    die "Please, install them manually or specify --install-missing-tools=on argument."
+  fi
 fi
 
 set -e
@@ -139,6 +168,8 @@ FEDORA_DEFAULT_RELEASE_HIGH=$((NODE_PKG_MAJOR + 20))
 
 if [[ $((NODE_PKG_MAJOR)) -eq 20 ]]
   then RHEL_DEFAULT_RELEASE=" || 0%{?rhel} == 10"
+elif [[ $((NODE_PKG_MAJOR)) -eq 22 ]];
+  then RHEL_DEFAULT_RELEASE=" || 0%{?rhel} == 11"
 fi
 
 rm -rf node-v${version}.tar.gz \
@@ -161,33 +192,11 @@ tar -zxf node-v${version}.tar.gz
 rm -rf node-v${version}/deps/openssl
 tar -zcf node-v${version}-stripped.tar.gz node-v${version}
 
-# Download the cjs-module-lexer sources
+# Record the bundled cjs-module-lexer version
 LEXER_VERSION=$(jq -r '.version' node-v${version}/deps/cjs-module-lexer/package.json)
-wget https://github.com/nodejs/cjs-module-lexer/archive/refs/tags/${LEXER_VERSION}.tar.gz
-tar -zxf ${LEXER_VERSION}.tar.gz
-rm -f cjs-module-lexer-${LEXER_VERSION}/lib/lexer.wasm
-tar -zcf cjs-module-lexer-${LEXER_VERSION}-stripped.tar.gz cjs-module-lexer-${LEXER_VERSION}/
-rm -f ${LEXER_VERSION}.tar.gz
 
-# Download the WASI compiler used to build cjs-module-lexer
-LEXER_WASI_MAJOR=$(grep -oP '(?<=^\W../wasi-sdk-)\d+\.\d+' cjs-module-lexer-${LEXER_VERSION}/Makefile | cut -d'.'  -f1)
-LEXER_WASI_MINOR=$(grep -oP '(?<=^\W../wasi-sdk-)\d+\.\d+' cjs-module-lexer-${LEXER_VERSION}/Makefile | cut -d'.'  -f2)
-wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${LEXER_WASI_MAJOR}/wasi-sdk-${LEXER_WASI_MAJOR}.${LEXER_WASI_MINOR}-linux.tar.gz
-rm -rf cjs-module-lexer-${LEXER_VERSION}/
-
-# Download the undici sources
+# Record the bundled undici version
 UNDICI_VERSION=$(jq -r '.version' node-v${version}/deps/undici/src/package.json)
-wget https://github.com/nodejs/undici/archive/refs/tags/v${UNDICI_VERSION}.tar.gz
-tar -zxf v${UNDICI_VERSION}.tar.gz
-rm -f undici-${UNDICI_VERSION}/lib/llhttp/llhttp*.wasm*
-tar -zcf undici-${UNDICI_VERSION}-stripped.tar.gz undici-${UNDICI_VERSION}/
-rm -f v${UNDICI_VERSION}.tar.gz
-
-# Download the WASI compiler used to build undici
-UNDICI_WASI_MAJOR=$(grep -oP '(?<=WASI_SDK_VERSION_MAJOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile)
-UNDICI_WASI_MINOR=$(grep -oP '(?<=WASI_SDK_VERSION_MINOR=).*' undici-${UNDICI_VERSION}/build/Dockerfile)
-wget https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-${UNDICI_WASI_MAJOR}/wasi-sdk-${UNDICI_WASI_MAJOR}.${UNDICI_WASI_MINOR}-linux.tar.gz
-rm -rf undici-${UNDICI_VERSION}/
 
 ICU_MAJOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\1/g')
 ICU_MINOR=$(jq -r '.[0].url' node-v${version}/tools/icu/current_ver.dep | sed --expression='s/.*release-\([[:digit:]]\+\)-\([[:digit:]]\+\).*/\2/g')
@@ -241,17 +250,32 @@ UV_MAJOR=$(grep -oP '(?<=#define UV_VERSION_MAJOR )\d+' node-v${version}/deps/uv
 UV_MINOR=$(grep -oP '(?<=#define UV_VERSION_MINOR )\d+' node-v${version}/deps/uv/include/uv/version.h)
 UV_PATCH=$(grep -oP '(?<=#define UV_VERSION_PATCH )\d+' node-v${version}/deps/uv/include/uv/version.h)
 LIBUV_VERSION="${UV_MAJOR}.${UV_MINOR}.${UV_PATCH}"
-echo $UV_VERSION
+echo $LIBUV_VERSION
 echo
 echo "nghttp2"
 echo "========================="
 NGHTTP2_VERSION=$(grep -oP '(?<=#define NGHTTP2_VERSION ).*\"' node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h |sed -e 's/^"//' -e 's/"$//')
 echo $NGHTTP2_VERSION
 echo
+echo "nghttp3"
+echo "========================="
+NGHTTP3_VERSION=$(grep -oP '(?<=#define NGHTTP3_VERSION ).*\"' node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGHTTP3_VERSION
+echo
+echo "ngtcp2"
+echo "========================="
+NGTCP2_VERSION=$(grep -oP '(?<=#define NGTCP2_VERSION ).*\"' node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h |sed -e 's/^"//' -e 's/"$//')
+echo $NGTCP2_VERSION
+echo
 echo "ICU"
 echo "========================="
 echo "${ICU_MAJOR}.${ICU_MINOR}"
 echo
+echo "simdutf"
+echo "========================="
+SIMDUTF_VERSION=$(grep -oP '(?<=#define SIMDUTF_VERSION ).*\"' node-v${version}/deps/simdutf/simdutf.h |sed -e 's/^"//' -e 's/"$//')
+echo $SIMDUTF_VERSION
+echo
 echo "punycode"
 echo "========================="
 PUNYCODE_VERSION=$(/usr/bin/node -e "console.log(require('punycode').version)")
@@ -278,12 +302,10 @@ echo
 echo "cjs-module-lexer"
 echo "========================="
 echo "${LEXER_VERSION}"
-echo "WASI-SDK: ${LEXER_WASI_MAJOR}.${LEXER_WASI_MINOR}"
 echo
 echo "undici"
 echo "========================="
 echo "${UNDICI_VERSION}"
-echo "WASI-SDK: ${UNDICI_WASI_MAJOR}.${UNDICI_WASI_MINOR}"
 echo
 echo "ada"
 echo "========================="
@@ -315,18 +337,17 @@ IFS='' read -r -d '' template_json <<EOF
     "LLHTTP_VERSION": $LLHTTP_VERSION,
     "LIBUV_VERSION": $LIBUV_VERSION,
     "NGHTTP2_VERSION": $NGHTTP2_VERSION,
+    "NGHTTP3_VERSION": $NGHTTP3_VERSION,
+    "NGTCP2_VERSION": $NGTCP2_VERSION,
     "ICU_MAJOR": $ICU_MAJOR,
     "ICU_MINOR": $ICU_MINOR,
+    "SIMDUTF_VERSION": $SIMDUTF_VERSION,
     "PUNYCODE_VERSION": $PUNYCODE_VERSION,
     "UVWASI_VERSION": $UVWASI_VERSION,
     "NPM_VERSION": $NPM_VERSION,
     "ZLIB_VERSION": $ZLIB_VERSION,
     "LEXER_VERSION": $LEXER_VERSION,
-    "LEXER_WASI_MAJOR": $LEXER_WASI_MAJOR,
-    "LEXER_WASI_MINOR": $LEXER_WASI_MINOR,
     "UNDICI_VERSION": $UNDICI_VERSION,
-    "UNDICI_WASI_MAJOR": $UNDICI_WASI_MAJOR,
-    "UNDICI_WASI_MINOR": $UNDICI_WASI_MINOR,
     "ADA_VERSION": $ADA_VERSION,
 	"PATCHES": $json_patchlist
 }
@@ -337,11 +358,7 @@ echo ${template_json} | jinja2 ${SCRIPT_DIR}/packaging/nodejs.spec.j2 \
 
 if [ $_arg_push = 'on' ]; then
   fedpkg new-sources node-v${version}-stripped.tar.gz \
-                     icu4c-${ICU_MAJOR}_${ICU_MINOR}-data-bin-*.zip \
-                     cjs-module-lexer-${LEXER_VERSION}-stripped.tar.gz \
-                     wasi-sdk-${LEXER_WASI_MAJOR}.${LEXER_WASI_MINOR}-linux.tar.gz \
-                     undici-${UNDICI_VERSION}-stripped.tar.gz \
-                     wasi-sdk-${UNDICI_WASI_MAJOR}.${UNDICI_WASI_MINOR}-linux.tar.gz
+                     icu4c-${ICU_MAJOR}_${ICU_MINOR}-data-bin-*.zip
 fi
 
 rm -rf node-v${version}

nodejs20.spec

@@ -1,3 +1,21 @@
+# Determine if this should be the default version for this Fedora release
+# The default version will own /usr/bin/node and friends
+%global nodejs_pkg_major 20
+
+%if 0%{?fedora} == 39 || 0%{?fedora} == 40 || 0%{?fedora} == 41 || 0%{?rhel} == 10
+%global nodejs_default %{nodejs_pkg_major}
+%endif
+
+%global nodejs_default_sitelib %{_prefix}/lib/node_modules
+%global nodejs_private_sitelib %{nodejs_default_sitelib}_%{nodejs_pkg_major}
+
+# Break circular dependencies
+%bcond bootstrap 0
+
+# 2024-09-11: Re-enable bundling until a wasm sitelib is sorted out
+%bcond bundled_cjs_module_lexer 1
+%bcond bundled_undici 1
+
 %if 0%{?rhel} && 0%{?rhel} < 8
 %bcond_without bundled_zlib
 %else
@@ -11,11 +29,14 @@
 # bytecompiling files in the node_modules/ directory
 %global __python %{python3}
 
+# Disable OpenSSL engine support
+%bcond openssl_engine %[(0%{?fedora} && 0%{?fedora} < 41) || (0%{?rhel} && 0%{?rhel} < 10)]
+
 # == Master Relase ==
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
 # will bump this rather than adding .1 to the end.
-%global baserelease %autorelease
+%global baserelease %{autorelease -e 0.riscv64}
 
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 
@@ -25,59 +46,54 @@
 # feature releases that are only supported for nine months, which is shorter
 # than a Fedora release lifecycle.
 %global nodejs_epoch 1
-%global nodejs_major 19
-%global nodejs_minor 8
-%global nodejs_patch 1
+%global nodejs_major 20
+%global nodejs_minor 18
+%global nodejs_patch 0
 # nodejs_soversion - from NODE_MODULE_VERSION in src/node_version.h
-%global nodejs_soversion 111
+%global nodejs_soversion 115
 %global nodejs_abi %{nodejs_soversion}
 %global nodejs_version %{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}
 %global nodejs_release %{baserelease}
 %global nodejs_envr %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}
 
-%global nodejs_pkg_major 20
-
 %global nodejs_datadir %{_datarootdir}/node-%{nodejs_pkg_major}
 
-# Determine if this should be the default version for this Fedora release
-# The default version will own /usr/bin/node and friends
-%if 0%{?fedora} == 39 || 0%{?fedora} == 40 || 0%{?rhel} == 10
-%global nodejs_default %{nodejs_pkg_major}
-%endif
-
-%global nodejs_default_sitelib %{_prefix}/lib/node_modules
-%global nodejs_private_sitelib %{nodejs_default_sitelib}_%{nodejs_pkg_major}
-
 
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
 # Epoch is set to ensure clean upgrades from the old v8 package
 %global v8_epoch 3
-%global v8_major 10
-%global v8_minor 8
-%global v8_build 168
-%global v8_patch 25
+%global v8_major 11
+%global v8_minor 3
+%global v8_build 244
+%global v8_patch 8
 %global v8_version %{v8_major}.%{v8_minor}.%{v8_build}.%{v8_patch}
 %global v8_release %{nodejs_epoch}.%{nodejs_major}.%{nodejs_minor}.%{nodejs_patch}.%{nodejs_release}
 
 # zlib - from deps/zlib/zlib.h
-%global zlib_version 1.2.13
+%global zlib_version 1.3.0.1-motley
 
 # c-ares - from deps/cares/include/ares_version.h
 # https://github.com/nodejs/node/pull/9332
-%global c_ares_version 1.19.0
+%global c_ares_version 1.33.1
 
 # llhttp - from deps/llhttp/include/llhttp.h
-%global llhttp_version 8.1.0
+%global llhttp_version 8.1.2
 
 # libuv - from deps/uv/include/uv/version.h
-%global libuv_version 1.44.2
+%global libuv_version 1.46.0
 
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
-%global nghttp2_version 1.52.0
+%global nghttp2_version 1.61.0
+
+# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
+%global nghttp3_version 0.7.0
+
+# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
+%global ngtcp2_version 1.1.0
 
 # ICU - from tools/icu/current_ver.dep
-%global icu_major 72
+%global icu_major 75
 %global icu_minor 1
 %global icu_version %{icu_major}.%{icu_minor}
 
@@ -85,6 +101,8 @@
 %{!?little_endian: %global little_endian %(%{python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 
+# simdutf from deps/simdutf/simdutf.h
+%global simdutf_version 5.5.0
 
 # OpenSSL minimum version
 %global openssl11_minimum 1:1.1.1
@@ -97,7 +115,7 @@
 
 # npm - from deps/npm/package.json
 %global npm_epoch 1
-%global npm_version 9.5.1
+%global npm_version 10.8.2
 
 # In order to avoid needing to keep incrementing the release version for the
 # main package forever, we will just construct one for npm that is guaranteed
@@ -108,7 +126,7 @@
 %global npm_envr %{npm_epoch}:%{npm_version}-%{npm_release}
 
 # uvwasi - from deps/uvwasi/include/uvwasi.h
-%global uvwasi_version 0.0.16
+%global uvwasi_version 0.0.21
 
 # histogram_c - assumed from timestamps
 %global histogram_version 0.9.7
@@ -119,7 +137,8 @@ Epoch: %{nodejs_epoch}
 Version: %{nodejs_version}
 Release: %{nodejs_release}
 Summary: JavaScript runtime
-License: MIT and ASL 2.0 and ISC and BSD
+# see bundled_licenses.py, which helps identify licenses in bundled NPM modules
+License: Apache-2.0 AND Artistic-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC0-1.0 AND ISC AND MIT
 Group: Development/Languages
 URL: http://nodejs.org/
 
@@ -127,7 +146,7 @@ ExclusiveArch: %{nodejs_arches}
 
 # nodejs bundles openssl, but we use the system version in Fedora
 # because openssl contains prohibited code, we remove openssl completely from
-# the tarball, using the script in Source100
+# the tarball, using the script in Source200
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
@@ -135,18 +154,10 @@ Source2: btest402.js
 Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-b.zip
 Source4: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-l.zip
 Source200: nodejs-sources.sh
+Source201: npmrc.builtin.in
 Source202: nodejs.pc.in
 Source203: v8.pc.in
 
-# These are full sources for dependencies included as WASM blobs in the source of Node itself.
-# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
-# Recipes for creating these blobs are included in the sources.
-# These are generated by nodejs-sources.sh
-Source101: cjs-module-lexer-1.2.2-stripped.tar.gz
-Source102: wasi-sdk-11.0-linux.tar.gz
-Source111: undici-5.21.0-stripped.tar.gz
-Source112: wasi-sdk-14.0-linux.tar.gz
-
 Patch: 0001-Remove-unused-OpenSSL-config.patch
 
 %if 0%{?nodejs_default}
@@ -195,6 +206,18 @@ BuildRequires: unzip
 
 %if 0%{?nodejs_default}
 Provides: nodejs = %{nodejs_envr}
+# To keep the upgrade path clean, we Obsolete nodejsXX from the nodejs
+# package and nodejsXX-foo from individual subpackages.
+# Note that using Obsoletes without package version is not standard practice.
+# Here we assert that *any* version of the system's default interpreter is
+# preferable to an "extra" interpreter. For example, nodejs-20.5.0 will
+# replace nodejs20-20.6.0.
+%define unversioned_obsoletes_of_nodejsXX_if_default() %{expand:\
+Obsoletes: nodejs%{nodejs_pkg_major}%{?1:-%{1}}\
+Provides: nodejs%{nodejs_pkg_major}%{?1:-%{1}} = %{nodejs_envr}\
+}
+%else
+%define unversioned_obsoletes_of_nodejsXX_if_default() %{nil}
 %endif
 
 %if %{with bundled}
@@ -207,6 +230,8 @@ Requires:      libuv >= 1:%{libuv_version}
 # Node.js frequently bumps this faster than Fedora can follow,
 # so we will bundle it.
 Provides: bundled(nghttp2) = %{nghttp2_version}
+Provides: bundled(nghttp3) = %{nghttp3_version}
+Provides: bundled(ngtcp2) = %{ngtcp2_version}
 
 # Temporarily bundle llhttp because the upstream doesn't
 # provide releases for it.
@@ -229,7 +254,7 @@ BuildRequires: openssl-devel >= %{openssl11_minimum}
 %global openssl_fips_configure %{nil}
 %endif
 
-%global ssl_configure --shared-openssl %{openssl_fips_configure}
+%global ssl_configure --shared-openssl --openssl-conf-name=openssl_conf %{openssl_fips_configure}
 %endif
 
 
@@ -295,10 +320,30 @@ Provides: bundled(icu) = %{icu_version}
 # or there's no option to built it as a shared dependency, so we bundle them
 Provides: bundled(uvwasi) = %{uvwasi_version}
 Provides: bundled(histogram) = %{histogram_version}
+Provides: bundled(simdutf) = %{simdutf_version}
 
 # Upstream has added a new URL parser that has no option to build as a shared
 # library (19.7.0+)
-Provides: bundled(ada) = 1.0.4
+Provides: bundled(ada) = 2.9.0
+
+
+# undici and cjs-module-lexer ship with pre-built WASM binaries.
+%if %{with bundled_cjs_module_lexer}
+Provides: bundled(nodejs-cjs-module-lexer) = 1.4.1
+%else
+BuildRequires: nodejs-cjs-module-lexer
+Requires: nodejs-cjs-module-lexer
+%endif
+
+%if %{with bundled_undici}
+Provides: bundled(nodejs-undici) = 6.19.8
+%else
+BuildRequires: nodejs-undici
+Requires: nodejs-undici
+%endif
+
+
+%unversioned_obsoletes_of_nodejsXX_if_default
 
 
 %description
@@ -338,6 +383,7 @@ Requires: libuv-devel%{?_isa}
 %if 0%{?nodejs_default}
 Provides: nodejs-devel = %{nodejs_envr}
 %endif
+%unversioned_obsoletes_of_nodejsXX_if_default devel
 
 Provides: nodejs-devel-pkg = %{nodejs_envr}
 Conflicts: nodejs-devel-pkg
@@ -367,6 +413,7 @@ Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}
 Obsoletes: v8 < 1:6.7.17-10
 
 Provides: nodejs-libs = %{nodejs_envr}
+%unversioned_obsoletes_of_nodejsXX_if_default libs
 
 %description -n %{pkgname}-libs
 Libraries to support Node.js and provide stable v8 interfaces.
@@ -376,6 +423,8 @@ Libraries to support Node.js and provide stable v8 interfaces.
 Summary: Non-English locale data for Node.js
 Requires: %{pkgname}%{?_isa} = %{nodejs_envr}
 
+%unversioned_obsoletes_of_nodejsXX_if_default full-i18n
+
 
 %description -n %{pkgname}-full-i18n
 Optional data files to provide full-icu support for Node.js. Remove this
@@ -416,12 +465,18 @@ Recommends: %{pkgname}-docs = %{nodejs_envr}
 # the automatic dependency-generation script.
 Provides: npm(npm) = %{npm_version}
 
+
+%if 0%{?nodejs_default}
 # Satisfy dependency requests for "npm"
 Provides: npm = %{npm_envr}
 
-%if 0%{?nodejs_default}
 # Obsolete the old 'npm' package
 Obsoletes: npm < 1:9
+
+# Obsolete others. We can't use %%unversioned_obsoletes_of_nodejsXX_if_default
+# here because the Provides: needs its own version
+Obsoletes: nodejs%{nodejs_pkg_major}-npm
+Provides: nodejs%{nodejs_pkg_major}-npm = %{npm_envr}
 %endif
 
 
@@ -437,6 +492,7 @@ BuildArch: noarch
 Requires(meta): %{pkgname} = %{nodejs_envr}
 
 Provides: nodejs-docs = %{nodejs_envr}
+%unversioned_obsoletes_of_nodejsXX_if_default docs
 
 
 %description -n %{pkgname}-docs
@@ -455,21 +511,13 @@ rm -rf deps/brotli
 rm -rf deps/v8/third_party/jinja2
 rm -rf tools/inspector_protocol/jinja2
 
-# check for correct versions of dependencies we are bundling
-check_wasm_dep() {
-  local -r name="$1" source="$2" packagejson="$3"
-  local -r expected_version="$(jq -r '.version' "${packagejson}")"
+%if %{without bundled_cjs_module_lexer}
+rm -rf deps/cjs-module-lexer
+%endif
 
-  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
-    printf '%s version matches\n' "${name}" >&2
-  else
-    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
-    return 1
-  fi
-}
-
-check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
-check_wasm_dep undici           '%{SOURCE111}' deps/undici/src/package.json
+%if %{without bundled_undici}
+rm -rf deps/undici
+%endif
 
 # Replace any instances of unversioned python with python3
 pfiles=( $(grep -rl python) )
@@ -498,8 +546,6 @@ export CXX='%{__cxx}'
 export NODE_GYP_FORCE_PYTHON=%{python3}
 
 # build with debugging symbols and add defines from libuv (#892601)
-# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
-# NULL objects. We need to pass -fno-delete-null-pointer-checks
 # 2022-07-14: There's a bug in either torque or gcc that causes a
 # segmentation fault on ppc64le and s390x if compiled with -O2. Things
 # run fine on -O1 and -O3, so we'll just go with -O3 (like upstream)
@@ -508,8 +554,9 @@ extra_cflags=(
     -D_LARGEFILE_SOURCE
     -D_FILE_OFFSET_BITS=64
     -DZLIB_CONST
-    -fno-delete-null-pointer-checks
     -O3
+    -fno-ipa-icf
+    %{!?with_openssl_engine:-DOPENSSL_NO_ENGINE}
 )
 export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
 export LDFLAGS="%{build_ldflags}"
@@ -530,6 +577,9 @@ export PATH="${cwd}/.bin:$PATH"
            %{ssl_configure} \
            %{dtrace_configure} \
            %{!?with_bundled_zlib:--shared-zlib} \
+           %{!?with_bundled_cjs_module_lexer:--shared-builtin-cjs_module_lexer/lexer-path %{nodejs_private_sitelib}/cjs-module-lexer/lexer.js} \
+           %{!?with_bundled_cjs_module_lexer:--shared-builtin-cjs_module_lexer/dist/lexer-path %{nodejs_private_sitelib}/cjs-module-lexer/dist/lexer.js} \
+           %{!?with_bundled_undici:--shared-builtin-undici/undici-path %{nodejs_private_sitelib}/undici/loader.js} \
            --shared-brotli \
            --shared-libuv \
            --with-intl=small-icu \
@@ -545,7 +595,12 @@ export PATH="${cwd}/.bin:$PATH"
 # The ninja build does not put the shared library in the expected location, so
 # we will move it.
 mv out/Release/lib/libnode.so.%{nodejs_soversion} out/Release/
+
+%if 0%{?nodejs_major} >= 20
+./tools/install.py install --dest-dir %{buildroot} --prefix %{_prefix}
+%else
 ./tools/install.py install %{buildroot} %{_prefix}
+%endif
 
 
 # own the sitelib directory
@@ -570,12 +625,22 @@ mv %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/node-%{nodejs_pkg_major}
 # Move the npm binary to npm-NODEJS_MAJOR
 rm -f %{buildroot}%{_bindir}/npm
 
+# Set the hashbang to use the matching Node.js interpreter
+sed --in-place --regexp-extended \
+    's;^#!/usr/bin/env node($|\ |\t)+;#!/usr/bin/node-%{nodejs_pkg_major};g' \
+    %{buildroot}%{nodejs_private_sitelib}/npm/bin/npm-cli.js
+
 ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/bin/npm-cli.js \
         %{buildroot}%{_bindir}/npm-%{nodejs_pkg_major}
 
-# Move the npx binary to npm-NODEJS_MAJOR
+# Move the npx binary to npx-NODEJS_MAJOR
 rm -f %{buildroot}%{_bindir}/npx
 
+# Set the hashbang to use the matching Node.js interpreter
+sed --in-place --regexp-extended \
+    's;^#!/usr/bin/env node($|\ |\t)+;#!/usr/bin/node-%{nodejs_pkg_major};g' \
+    %{buildroot}%{nodejs_private_sitelib}/npm/bin/npx-cli.js
+
 ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/bin/npx-cli.js \
         %{buildroot}%{_bindir}/npx-%{nodejs_pkg_major}
 
@@ -646,7 +711,7 @@ for i in 1 5 7; do
   mkdir -p %{buildroot}%{_mandir}/man${i}
   for manpage in %{buildroot}%{nodejs_private_sitelib}/npm/man/man$i/*; do
     basename=$(basename ${manpage})
-    ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/man/man${i}/${manpage} \
+    ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/man/man${i}/${basename} \
             %{buildroot}%{_mandir}/man${i}/${basename}
   done
 done
@@ -684,16 +749,19 @@ find %{buildroot}%{nodejs_private_sitelib}/npm \
 chmod 0755 %{buildroot}%{nodejs_private_sitelib}/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
 chmod 0755 %{buildroot}%{nodejs_private_sitelib}/npm/node_modules/node-gyp/bin/node-gyp.js
 
+# Set the hashbang to use the matching Node.js interpreter
+sed --in-place --regexp-extended \
+    's;^#!/usr/bin/env node($|\ |\t)+;#!/usr/bin/node-%{nodejs_pkg_major};g' \
+    %{buildroot}%{nodejs_private_sitelib}/npm/node_modules/node-gyp/bin/node-gyp.js
+
+# Drop the NPM builtin configuration in place
+sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \
+    %{SOURCE201} > %{buildroot}%{nodejs_private_sitelib}/npm/npmrc
+
 # Drop the NPM default configuration in place
 %if 0%{?nodejs_default}
 mkdir -p %{buildroot}%{_sysconfdir}
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
-
-# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
-# This is done in the interests of keeping /usr read-only.
-mkdir -p %{buildroot}%{_prefix}/etc
-ln -rsf %{buildroot}%{_sysconfdir}/npmrc \
-        %{buildroot}%{_prefix}/etc/npmrc
 %endif
 
 # Install the full-icu data files
@@ -782,7 +850,7 @@ end
 %endif
 
 %{_bindir}/node-%{nodejs_pkg_major}
-%{nodejs_private_sitelib}
+%dir %{nodejs_private_sitelib}
 
 %doc %{_mandir}/nodejs-%{nodejs_pkg_major}/man1/node.1*
 
@@ -827,7 +895,6 @@ end
 %if 0%{?nodejs_default}
 %{_bindir}/npm
 %{_bindir}/npx
-%{_prefix}/etc/npmrc
 %config(noreplace) %{_sysconfdir}/npmrc
 %ghost %{_sysconfdir}/npmignore
 

npmrc.builtin.in

@@ -0,0 +1,5 @@
+# This is the distibution-level configuration file for npm.
+# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
+# vim:set filetype=dosini:
+
+globalconfig=@SYSCONFDIR@/npmrc

packaging/nodejs.spec.j2

@@ -1,3 +1,21 @@
+# Determine if this should be the default version for this Fedora release
+# The default version will own /usr/bin/node and friends
+%global nodejs_pkg_major {{ NODE_PKG_MAJOR }}
+
+%if 0%{?fedora} == {{ FEDORA_DEFAULT_RELEASE_LOW }} || 0%{?fedora} == {{ FEDORA_DEFAULT_RELEASE_HIGH }}{{ RHEL_DEFAULT_RELEASE }}
+%global nodejs_default %{nodejs_pkg_major}
+%endif
+
+%global nodejs_default_sitelib %{_prefix}/lib/node_modules
+%global nodejs_private_sitelib %{nodejs_default_sitelib}_%{nodejs_pkg_major}
+
+# Break circular dependencies
+%bcond bootstrap 0
+
+# 2024-09-11: Re-enable bundling until a wasm sitelib is sorted out
+%bcond bundled_cjs_module_lexer 1
+%bcond bundled_undici 1
+
 %if 0%{?rhel} && 0%{?rhel} < 8
 %bcond_without bundled_zlib
 %else
@@ -11,6 +29,9 @@
 # bytecompiling files in the node_modules/ directory
 %global __python %{python3}
 
+# Disable OpenSSL engine support
+%bcond openssl_engine %[(0%{?fedora} && 0%{?fedora} < 41) || (0%{?rhel} && 0%{?rhel} < 10)]
+
 # == Master Relase ==
 # This is used by both the nodejs package and the npm subpackage that
 # has a separate version - the name is special so that rpmdev-bumpspec
@@ -35,19 +56,8 @@
 %global nodejs_release %{baserelease}
 %global nodejs_envr %{nodejs_epoch}:%{nodejs_version}-%{nodejs_release}
 
-%global nodejs_pkg_major {{ NODE_PKG_MAJOR }}
-
 %global nodejs_datadir %{_datarootdir}/node-%{nodejs_pkg_major}
 
-# Determine if this should be the default version for this Fedora release
-# The default version will own /usr/bin/node and friends
-%if 0%{?fedora} == {{ FEDORA_DEFAULT_RELEASE_LOW }} || 0%{?fedora} == {{ FEDORA_DEFAULT_RELEASE_HIGH }}{{ RHEL_DEFAULT_RELEASE }}
-%global nodejs_default %{nodejs_pkg_major}
-%endif
-
-%global nodejs_default_sitelib %{_prefix}/lib/node_modules
-%global nodejs_private_sitelib %{nodejs_default_sitelib}_%{nodejs_pkg_major}
-
 
 # == Bundled Dependency Versions ==
 # v8 - from deps/v8/include/v8-version.h
@@ -76,6 +86,12 @@
 # nghttp2 - from deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
 %global nghttp2_version {{ NGHTTP2_VERSION }}
 
+# nghttp3 - from deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
+%global nghttp3_version {{NGHTTP3_VERSION}}
+
+# ngtcp2 from deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
+%global ngtcp2_version {{NGTCP2_VERSION}}
+
 # ICU - from tools/icu/current_ver.dep
 %global icu_major {{ ICU_MAJOR }}
 %global icu_minor {{ ICU_MINOR }}
@@ -85,6 +101,8 @@
 %{!?little_endian: %global little_endian %(%{python3} -c "import sys;print (0 if sys.byteorder=='big' else 1)")}
 # " this line just fixes syntax highlighting for vim that is confused by the above and continues literal
 
+# simdutf from deps/simdutf/simdutf.h
+%global simdutf_version {{SIMDUTF_VERSION}}
 
 # OpenSSL minimum version
 %global openssl11_minimum 1:1.1.1
@@ -119,7 +137,8 @@ Epoch: %{nodejs_epoch}
 Version: %{nodejs_version}
 Release: %{nodejs_release}
 Summary: JavaScript runtime
-License: MIT and ASL 2.0 and ISC and BSD
+# see bundled_licenses.py, which helps identify licenses in bundled NPM modules
+License: Apache-2.0 AND Artistic-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC0-1.0 AND ISC AND MIT
 Group: Development/Languages
 URL: http://nodejs.org/
 
@@ -127,7 +146,7 @@ ExclusiveArch: %{nodejs_arches}
 
 # nodejs bundles openssl, but we use the system version in Fedora
 # because openssl contains prohibited code, we remove openssl completely from
-# the tarball, using the script in Source100
+# the tarball, using the script in Source200
 Source0: node-v%{nodejs_version}-stripped.tar.gz
 Source1: npmrc
 Source2: btest402.js
@@ -135,18 +154,10 @@ Source2: btest402.js
 Source3: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-b.zip
 Source4: https://github.com/unicode-org/icu/releases/download/release-%{icu_major}-%{icu_minor}/icu4c-%{icu_major}_%{icu_minor}-data-bin-l.zip
 Source200: nodejs-sources.sh
+Source201: npmrc.builtin.in
 Source202: nodejs.pc.in
 Source203: v8.pc.in
 
-# These are full sources for dependencies included as WASM blobs in the source of Node itself.
-# Note: These sources would also include pre-compiled WASM blobs… so they are adjusted not to.
-# Recipes for creating these blobs are included in the sources.
-# These are generated by nodejs-sources.sh
-Source101: cjs-module-lexer-{{ LEXER_VERSION }}-stripped.tar.gz
-Source102: wasi-sdk-{{ LEXER_WASI_MAJOR }}.{{ LEXER_WASI_MINOR }}-linux.tar.gz
-Source111: undici-{{ UNDICI_VERSION }}-stripped.tar.gz
-Source112: wasi-sdk-{{ UNDICI_WASI_MAJOR }}.{{ UNDICI_WASI_MINOR }}-linux.tar.gz
-
 {% for patch in PATCHES -%}
 Patch: {{ patch }}
 {% endfor -%}
@@ -199,6 +210,18 @@ BuildRequires: systemtap-sdt-devel
 
 %if 0%{?nodejs_default}
 Provides: nodejs = %{nodejs_envr}
+# To keep the upgrade path clean, we Obsolete nodejsXX from the nodejs
+# package and nodejsXX-foo from individual subpackages.
+# Note that using Obsoletes without package version is not standard practice.
+# Here we assert that *any* version of the system's default interpreter is
+# preferable to an "extra" interpreter. For example, nodejs-20.5.0 will
+# replace nodejs20-20.6.0.
+%define unversioned_obsoletes_of_nodejsXX_if_default() %{expand:\
+Obsoletes: nodejs%{nodejs_pkg_major}%{?1:-%{1}}\
+Provides: nodejs%{nodejs_pkg_major}%{?1:-%{1}} = %{nodejs_envr}\
+}
+%else
+%define unversioned_obsoletes_of_nodejsXX_if_default() %{nil}
 %endif
 
 %if %{with bundled}
@@ -211,6 +234,8 @@ Requires:      libuv >= 1:%{libuv_version}
 # Node.js frequently bumps this faster than Fedora can follow,
 # so we will bundle it.
 Provides: bundled(nghttp2) = %{nghttp2_version}
+Provides: bundled(nghttp3) = %{nghttp3_version}
+Provides: bundled(ngtcp2) = %{ngtcp2_version}
 
 # Temporarily bundle llhttp because the upstream doesn't
 # provide releases for it.
@@ -233,7 +258,7 @@ BuildRequires: openssl-devel >= %{openssl11_minimum}
 %global openssl_fips_configure %{nil}
 %endif
 
-%global ssl_configure --shared-openssl %{openssl_fips_configure}
+%global ssl_configure --shared-openssl --openssl-conf-name=openssl_conf %{openssl_fips_configure}
 %endif
 
 {% if NODE_MAJOR < 19 -%}
@@ -306,6 +331,7 @@ Provides: bundled(icu) = %{icu_version}
 # or there's no option to built it as a shared dependency, so we bundle them
 Provides: bundled(uvwasi) = %{uvwasi_version}
 Provides: bundled(histogram) = %{histogram_version}
+Provides: bundled(simdutf) = %{simdutf_version}
 
 {% if ADA_VERSION -%}
 # Upstream has added a new URL parser that has no option to build as a shared
@@ -313,6 +339,25 @@ Provides: bundled(histogram) = %{histogram_version}
 Provides: bundled(ada) = {{ ADA_VERSION }}
 {% endif %}
 
+# undici and cjs-module-lexer ship with pre-built WASM binaries.
+%if %{with bundled_cjs_module_lexer}
+Provides: bundled(nodejs-cjs-module-lexer) = {{ LEXER_VERSION }}
+%else
+BuildRequires: nodejs-cjs-module-lexer
+Requires: nodejs-cjs-module-lexer
+%endif
+
+%if %{with bundled_undici}
+Provides: bundled(nodejs-undici) = {{ UNDICI_VERSION }}
+%else
+BuildRequires: nodejs-undici
+Requires: nodejs-undici
+%endif
+
+
+%unversioned_obsoletes_of_nodejsXX_if_default
+
+
 %description
 Node.js is a platform built on Chrome's JavaScript runtime \
 for easily building fast, scalable network applications. \
@@ -350,6 +395,7 @@ Requires: libuv-devel%{?_isa}
 %if 0%{?nodejs_default}
 Provides: nodejs-devel = %{nodejs_envr}
 %endif
+%unversioned_obsoletes_of_nodejsXX_if_default devel
 
 Provides: nodejs-devel-pkg = %{nodejs_envr}
 Conflicts: nodejs-devel-pkg
@@ -379,6 +425,7 @@ Provides: v8%{?_isa} = %{v8_epoch}:%{v8_version}-%{nodejs_release}
 Obsoletes: v8 < 1:6.7.17-10
 
 Provides: nodejs-libs = %{nodejs_envr}
+%unversioned_obsoletes_of_nodejsXX_if_default libs
 
 %description -n %{pkgname}-libs
 Libraries to support Node.js and provide stable v8 interfaces.
@@ -388,6 +435,8 @@ Libraries to support Node.js and provide stable v8 interfaces.
 Summary: Non-English locale data for Node.js
 Requires: %{pkgname}%{?_isa} = %{nodejs_envr}
 
+%unversioned_obsoletes_of_nodejsXX_if_default full-i18n
+
 
 %description -n %{pkgname}-full-i18n
 Optional data files to provide full-icu support for Node.js. Remove this
@@ -428,12 +477,18 @@ Recommends: %{pkgname}-docs = %{nodejs_envr}
 # the automatic dependency-generation script.
 Provides: npm(npm) = %{npm_version}
 
+
+%if 0%{?nodejs_default}
 # Satisfy dependency requests for "npm"
 Provides: npm = %{npm_envr}
 
-%if 0%{?nodejs_default}
 # Obsolete the old 'npm' package
 Obsoletes: npm < 1:9
+
+# Obsolete others. We can't use %%unversioned_obsoletes_of_nodejsXX_if_default
+# here because the Provides: needs its own version
+Obsoletes: nodejs%{nodejs_pkg_major}-npm
+Provides: nodejs%{nodejs_pkg_major}-npm = %{npm_envr}
 %endif
 
 
@@ -449,6 +504,7 @@ BuildArch: noarch
 Requires(meta): %{pkgname} = %{nodejs_envr}
 
 Provides: nodejs-docs = %{nodejs_envr}
+%unversioned_obsoletes_of_nodejsXX_if_default docs
 
 
 %description -n %{pkgname}-docs
@@ -467,21 +523,13 @@ rm -rf deps/brotli
 rm -rf deps/v8/third_party/jinja2
 rm -rf tools/inspector_protocol/jinja2
 
-# check for correct versions of dependencies we are bundling
-check_wasm_dep() {
-  local -r name="$1" source="$2" packagejson="$3"
-  local -r expected_version="$(jq -r '.version' "${packagejson}")"
+%if %{without bundled_cjs_module_lexer}
+rm -rf deps/cjs-module-lexer
+%endif
 
-  if ls "${source}"|grep -q --fixed-strings "${expected_version}"; then
-    printf '%s version matches\n' "${name}" >&2
-  else
-    printf '%s version MISMATCH: %s !~ %s\n' "${name}" "${expected_version}" "${source}" >&2
-    return 1
-  fi
-}
-
-check_wasm_dep cjs-module-lexer '%{SOURCE101}' deps/cjs-module-lexer/package.json
-check_wasm_dep undici           '%{SOURCE111}' deps/undici/src/package.json
+%if %{without bundled_undici}
+rm -rf deps/undici
+%endif
 
 # Replace any instances of unversioned python with python3
 pfiles=( $(grep -rl python) )
@@ -510,8 +558,6 @@ export CXX='%{__cxx}'
 export NODE_GYP_FORCE_PYTHON=%{python3}
 
 # build with debugging symbols and add defines from libuv (#892601)
-# Node's v8 breaks with GCC 6 because of incorrect usage of methods on
-# NULL objects. We need to pass -fno-delete-null-pointer-checks
 # 2022-07-14: There's a bug in either torque or gcc that causes a
 # segmentation fault on ppc64le and s390x if compiled with -O2. Things
 # run fine on -O1 and -O3, so we'll just go with -O3 (like upstream)
@@ -520,8 +566,9 @@ extra_cflags=(
     -D_LARGEFILE_SOURCE
     -D_FILE_OFFSET_BITS=64
     -DZLIB_CONST
-    -fno-delete-null-pointer-checks
     -O3
+    -fno-ipa-icf
+    %{!?with_openssl_engine:-DOPENSSL_NO_ENGINE}
 )
 export CFLAGS="%{optflags} ${extra_cflags[*]}" CXXFLAGS="%{optflags} ${extra_cflags[*]}"
 export LDFLAGS="%{build_ldflags}"
@@ -542,6 +589,9 @@ export PATH="${cwd}/.bin:$PATH"
            %{ssl_configure} \
            %{dtrace_configure} \
            %{!?with_bundled_zlib:--shared-zlib} \
+           %{!?with_bundled_cjs_module_lexer:--shared-builtin-cjs_module_lexer/lexer-path %{nodejs_private_sitelib}/cjs-module-lexer/lexer.js} \
+           %{!?with_bundled_cjs_module_lexer:--shared-builtin-cjs_module_lexer/dist/lexer-path %{nodejs_private_sitelib}/cjs-module-lexer/dist/lexer.js} \
+           %{!?with_bundled_undici:--shared-builtin-undici/undici-path %{nodejs_private_sitelib}/undici/loader.js} \
            --shared-brotli \
            --shared-libuv \
            --with-intl=small-icu \
@@ -557,7 +607,12 @@ export PATH="${cwd}/.bin:$PATH"
 # The ninja build does not put the shared library in the expected location, so
 # we will move it.
 mv out/Release/lib/libnode.so.%{nodejs_soversion} out/Release/
+
+%if 0%{?nodejs_major} >= 20
+./tools/install.py install --dest-dir %{buildroot} --prefix %{_prefix}
+%else
 ./tools/install.py install %{buildroot} %{_prefix}
+%endif
 
 
 # own the sitelib directory
@@ -582,12 +637,22 @@ mv %{buildroot}%{_bindir}/node %{buildroot}%{_bindir}/node-%{nodejs_pkg_major}
 # Move the npm binary to npm-NODEJS_MAJOR
 rm -f %{buildroot}%{_bindir}/npm
 
+# Set the hashbang to use the matching Node.js interpreter
+sed --in-place --regexp-extended \
+    's;^#!/usr/bin/env node($|\ |\t)+;#!/usr/bin/node-%{nodejs_pkg_major};g' \
+    %{buildroot}%{nodejs_private_sitelib}/npm/bin/npm-cli.js
+
 ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/bin/npm-cli.js \
         %{buildroot}%{_bindir}/npm-%{nodejs_pkg_major}
 
-# Move the npx binary to npm-NODEJS_MAJOR
+# Move the npx binary to npx-NODEJS_MAJOR
 rm -f %{buildroot}%{_bindir}/npx
 
+# Set the hashbang to use the matching Node.js interpreter
+sed --in-place --regexp-extended \
+    's;^#!/usr/bin/env node($|\ |\t)+;#!/usr/bin/node-%{nodejs_pkg_major};g' \
+    %{buildroot}%{nodejs_private_sitelib}/npm/bin/npx-cli.js
+
 ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/bin/npx-cli.js \
         %{buildroot}%{_bindir}/npx-%{nodejs_pkg_major}
 
@@ -658,7 +723,7 @@ for i in 1 5 7; do
   mkdir -p %{buildroot}%{_mandir}/man${i}
   for manpage in %{buildroot}%{nodejs_private_sitelib}/npm/man/man$i/*; do
     basename=$(basename ${manpage})
-    ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/man/man${i}/${manpage} \
+    ln -srf %{buildroot}%{nodejs_private_sitelib}/npm/man/man${i}/${basename} \
             %{buildroot}%{_mandir}/man${i}/${basename}
   done
 done
@@ -696,16 +761,19 @@ find %{buildroot}%{nodejs_private_sitelib}/npm \
 chmod 0755 %{buildroot}%{nodejs_private_sitelib}/npm/node_modules/@npmcli/run-script/lib/node-gyp-bin/node-gyp
 chmod 0755 %{buildroot}%{nodejs_private_sitelib}/npm/node_modules/node-gyp/bin/node-gyp.js
 
+# Set the hashbang to use the matching Node.js interpreter
+sed --in-place --regexp-extended \
+    's;^#!/usr/bin/env node($|\ |\t)+;#!/usr/bin/node-%{nodejs_pkg_major};g' \
+    %{buildroot}%{nodejs_private_sitelib}/npm/node_modules/node-gyp/bin/node-gyp.js
+
+# Drop the NPM builtin configuration in place
+sed -e 's#@SYSCONFDIR@#%{_sysconfdir}#g' \
+    %{SOURCE201} > %{buildroot}%{nodejs_private_sitelib}/npm/npmrc
+
 # Drop the NPM default configuration in place
 %if 0%{?nodejs_default}
 mkdir -p %{buildroot}%{_sysconfdir}
 cp %{SOURCE1} %{buildroot}%{_sysconfdir}/npmrc
-
-# NPM upstream expects it to be in /usr/etc/npmrc, so we'll put a symlink here
-# This is done in the interests of keeping /usr read-only.
-mkdir -p %{buildroot}%{_prefix}/etc
-ln -rsf %{buildroot}%{_sysconfdir}/npmrc \
-        %{buildroot}%{_prefix}/etc/npmrc
 %endif
 
 # Install the full-icu data files
@@ -800,7 +868,7 @@ end
 %endif
 
 %{_bindir}/node-%{nodejs_pkg_major}
-%{nodejs_private_sitelib}
+%dir %{nodejs_private_sitelib}
 
 %doc %{_mandir}/nodejs-%{nodejs_pkg_major}/man1/node.1*
 
@@ -845,7 +913,6 @@ end
 %if 0%{?nodejs_default}
 %{_bindir}/npm
 %{_bindir}/npx
-%{_prefix}/etc/npmrc
 %config(noreplace) %{_sysconfdir}/npmrc
 %ghost %{_sysconfdir}/npmignore
 

sources

@@ -1,7 +1,3 @@
-SHA512 (node-v19.8.1-stripped.tar.gz) = a28bc87d1fa92f08b3d26fbc09d20e2d7446ee1cfcb5b334f12ac7910bebeb6df1bb72f7bdabd0e2358e8ab826bb39468562b6f34e63e7383283b5b374229175
-SHA512 (icu4c-72_1-data-bin-b.zip) = ed0ce3ebd02f81cca7b3808abc72dc99962eb36bd123ebdf45c578b307b674566491191b6f7d261c679b2b5662b7084c61452b98968b35df3f749d413d5d7663
-SHA512 (icu4c-72_1-data-bin-l.zip) = cc9a8cf2a89dacde4fab4a68ca7a7ba1fd106b71ebc23318fb9293ab96001be825bf89b1daf3da02958ba201ca4f714a67a26db3a51dc03653b9970ebdd5ff56
-SHA512 (cjs-module-lexer-1.2.2-stripped.tar.gz) = 2adef1323ee3031756840ee1146323983571ababc51befb40e96a23b2880fdc7763e178bd3cd0488c575f728facbe36f83d39cd114c4f4f14914cdc7c90df42b
-SHA512 (wasi-sdk-11.0-linux.tar.gz) = e3ed4597f7f2290967eef6238e9046f60abbcb8633a4a2a51525d00e7393df8df637a98a5b668217d332dd44fcbf2442ec7efd5e65724e888d90611164451e20
-SHA512 (undici-5.21.0-stripped.tar.gz) = a98db01c51018fa731cef87d2b1558f2e7bb1f93b7d498898d4e9b65a3379dceb1f8397430c676d523a8c1d0b95c482bb5201a50f7f6b2696e3c32ecc0ae2c55
-SHA512 (wasi-sdk-14.0-linux.tar.gz) = 288a367e051f5b3f5853de97fabaedd3acf2255819d50c24f48f573897518500ea808342fd9aea832b2a5717089807bf1cbcf6d46b156b4eb60cc6b3c02ee997
+SHA512 (node-v20.18.0-stripped.tar.gz) = 48de075a76e632aa6bef900b48376245a20815b71c1198ee92e16c177a599c57d38d754a61dc459ed85f894d2f7430985afa957b2db5e4c441216d7a07d7e6f9
+SHA512 (icu4c-75_1-data-bin-b.zip) = ffec0355c5e0bd210aa7da6e91845979a5f5d893c7703dba4afccfbc80613b728689fbe91d0327542faaae718940f7eb0f842b3cc7c57dddeb22b15c5f79ba2a
+SHA512 (icu4c-75_1-data-bin-l.zip) = b4dbc0986c241e43d66a90c6cf723dd8fd66281416d7d28010c952a895e8f166d980f918754b191a1e2ab468484b7d2ba2d4f6308880ef7f8bc2eecbc94844b9

test-plan.fmf

@@ -0,0 +1,15 @@
+---
+summary: Package test suite
+discover:
+  how: fmf
+  url: https://gitlab.com/redhat/centos-stream/tests/nodejs
+environment:
+  NODEJS_MAIN_PACKAGE: nodejs20
+  NODEJS_BIN: /usr/bin/node-20
+prepare:
+  - name: install tested package
+    how: install
+    package: '${NODEJS_MAIN_PACKAGE}'
+execute:
+  how: tmt
+...