aboutsummaryrefslogtreecommitdiffstats
path: root/main/nodejs/APKBUILD
blob: 9e1fe79b69b619804471e082f96251ff7c1cae4b (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   14.17.6-r0:
#     - CVE-2021-37701
#     - CVE-2021-37712
#     - CVE-2021-37713
#     - CVE-2021-39134
#     - CVE-2021-39135
#   14.17.5-r0:
#     - CVE-2021-3672
#     - CVE-2021-22931
#     - CVE-2021-22939
#   14.17.4-r0:
#     - CVE-2021-22930
#   14.17.3-r0:
#     - CVE-2021-22918
#   14.16.1-r1:
#     - CVE-2021-27290
#   14.16.1-r0:
#     - CVE-2020-7774
#   14.16.0-r0:
#     - CVE-2021-22883
#     - CVE-2021-22884
#   14.15.5-r0:
#     - CVE-2021-21148
#   14.15.4-r0:
#     - CVE-2020-8265
#     - CVE-2020-8287
#   14.15.1-r0:
#     - CVE-2020-8277
#   12.18.4-r0:
#     - CVE-2020-8201
#     - CVE-2020-8252
#   12.18.0-r0:
#     - CVE-2020-8172
#     - CVE-2020-11080
#     - CVE-2020-8174
#   12.15.0-r0:
#     - CVE-2019-15606
#     - CVE-2019-15605
#     - CVE-2019-15604
#   10.16.3-r0:
#     - CVE-2019-9511
#     - CVE-2019-9512
#     - CVE-2019-9513
#     - CVE-2019-9514
#     - CVE-2019-9515
#     - CVE-2019-9516
#     - CVE-2019-9517
#     - CVE-2019-9518
#   10.15.3-r0:
#     - CVE-2019-5737
#   10.14.0-r0:
#     - CVE-2018-12121
#     - CVE-2018-12122
#     - CVE-2018-12123
#     - CVE-2018-0735
#     - CVE-2018-0734
#   8.11.4-r0:
#     - CVE-2018-12115
#   8.11.3-r0:
#     - CVE-2018-7167
#     - CVE-2018-7161
#     - CVE-2018-1000168
#   8.11.0-r0:
#     - CVE-2018-7158
#     - CVE-2018-7159
#     - CVE-2018-7160
#   8.9.3-r0:
#     - CVE-2017-15896
#     - CVE-2017-15897
#   6.11.5-r0:
#     - CVE-2017-14919
#   6.11.1-r0:
#     - CVE-2017-1000381
#
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=14.17.6
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all !mips64 !mips64el"
license="MIT"
depends="ca-certificates nghttp2-libs>=1.41"
makedepends="
	brotli-dev
	c-ares-dev
	icu-dev
	linux-headers
	nghttp2-dev
	openssl-dev
	python3
	zlib-dev
	"
subpackages="$pkgname-dev $pkgname-doc npm::noarch"
provides="nodejs-lts=$pkgver"  # for backward compatibility
replaces="nodejs-current nodejs-lts"  # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
	disable-running-gyp-on-shared-deps.patch
	link-with-libatomic-on-mips32.patch
	fix-build-with-system-c-ares.patch
	"
builddir="$srcdir/node-v$pkgver"

prepare() {
	default_prepare

	# Remove bundled dependencies that we're not using.
	rm -rf deps/brotli deps/cares deps/openssl deps/zlib
}

build() {
	# Add defines recommended in libuv readme.
	local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"

	# Compiling with O2 instead of Os increases binary size by ~10%
	# (53.1 MiB -> 58.6 MiB), but also increases performance by ~20%
	# according to v8/web-tooling-benchmark. Node.js is quite huge anyway;
	# there are better options for size constrained environments.
	export CFLAGS="${CFLAGS/-Os/-O2} $common_flags"
	export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags"
	export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags"

	case "$CARCH" in
	mips*) _carchflags="--with-mips-arch-variant=r1 --with-mips-float-abi=soft";;
	esac

	# NOTE: We use bundled libuv because they don't care much about backward
	# compatibility and it has happened several times in past that we
	# couldn't upgrade nodejs package in stable branches to fix CVEs due to
	# libuv incompatibility.
	#
	# TODO: After icu package is modified to split data into multiple
	# variants, change --with-intl to "system-icu".
	python3 configure.py --prefix=/usr \
		$_carchflags \
		--shared-brotli \
		--shared-zlib \
		--shared-openssl \
		--shared-cares \
		--shared-nghttp2 \
		--openssl-use-def-ca-store \
		--with-icu-default-data-dir=$(icu-config --icudatadir) \
		--with-intl=small-icu

	make BUILDTYPE=Release
}

# TODO Run provided test suite.
check() {
	cd "$builddir"/out/Release

	./node -e 'console.log("Hello, world!")'
	./node -e "require('assert').equal(process.versions.node, '$pkgver')"
}

package() {
	make DESTDIR="$pkgdir" install

	cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share
	local d; for d in docs man; do
		rm -r "$pkgdir"/usr/lib/node_modules/npm/$d
	done

	# XXX: Workaround for https://github.com/npm/cli/issues/780.
	(cd "$pkgdir"/usr/share/man/man5 && find * \
		-type f ! \( -name 'package-json.*' -or -name 'npmrc.*' -or -name 'npm-*' \) \
		-exec mv {} npm-{} \;)
	(cd "$pkgdir"/usr/share/man/man7 && find * \
		-type f ! \( -name 'semver.*' -or -name 'npm-*' \) \
		-exec mv {} npm-{} \;)
}

dev() {
	provides="nodejs-lts-dev=$pkgver"  # for backward compatibility
	default_dev
}

npm() {
	pkgdesc="A package manager for JavaScript"
	depends="$pkgname"
	# for backward compatibility
	provides="nodejs-npm=$pkgver-r$pkgrel nodejs-current-npm=$pkgver-r$pkgrel"
	replaces="nodejs-npm nodejs-current-npm $pkgname"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/np[mx] "$subpkgdir"/usr/bin/

	mkdir -p "$subpkgdir"/usr/lib/node_modules
	mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
}

sha512sums="
e180fae757c25e776259865df496be43dbe0ebd5a87d76ce158b5ea07bb6278f4c8f30ef87c2681a55cbf02287a32c7b7deb47096b52e2799109b4e3db6c5f53  node-v14.17.6.tar.gz
dbe8167b61518f8f59176759d69834d57bf3e6a5a5fd3dfc2359cafe0325da08b27f8220d278ed77f50c9f63a03313eabbbb0eaca3e592e5bb4e0d5be0ced373  disable-running-gyp-on-shared-deps.patch
44e81fbf254bd79e38b813f7f5a1336df854588939cba50aaec600660495f9b7745a7049a99eb59d15a51100b3a44f66892a902d7fc32e1399b51883ad4c02cf  link-with-libatomic-on-mips32.patch
30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f  fix-build-with-system-c-ares.patch
"