path: root/main/nodejs/APKBUILD

# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   14.18.1-r0:
#     - CVE-2021-22959
#     - CVE-2021-22960
#   14.17.6-r0:
#     - CVE-2021-37701
#     - CVE-2021-37712
#     - CVE-2021-37713
#     - CVE-2021-39134
#     - CVE-2021-39135
#   14.17.5-r0:
#     - CVE-2021-3672
#     - CVE-2021-22931
#     - CVE-2021-22939
#   14.17.4-r0:
#     - CVE-2021-22930
#   14.17.3-r0:
#     - CVE-2021-22918
#   14.16.1-r1:
#     - CVE-2021-27290
#   14.16.1-r0:
#     - CVE-2020-7774
#   14.16.0-r0:
#     - CVE-2021-22883
#     - CVE-2021-22884
#   14.15.5-r0:
#     - CVE-2021-21148
#   14.15.4-r0:
#     - CVE-2020-8265
#     - CVE-2020-8287
#   14.15.1-r0:
#     - CVE-2020-8277
#   12.18.4-r0:
#     - CVE-2020-8201
#     - CVE-2020-8252
#   12.18.0-r0:
#     - CVE-2020-8172
#     - CVE-2020-11080
#     - CVE-2020-8174
#   12.15.0-r0:
#     - CVE-2019-15606
#     - CVE-2019-15605
#     - CVE-2019-15604
#   10.16.3-r0:
#     - CVE-2019-9511
#     - CVE-2019-9512
#     - CVE-2019-9513
#     - CVE-2019-9514
#     - CVE-2019-9515
#     - CVE-2019-9516
#     - CVE-2019-9517
#     - CVE-2019-9518
#   10.15.3-r0:
#     - CVE-2019-5737
#   10.14.0-r0:
#     - CVE-2018-12121
#     - CVE-2018-12122
#     - CVE-2018-12123
#     - CVE-2018-0735
#     - CVE-2018-0734
#   8.11.4-r0:
#     - CVE-2018-12115
#   8.11.3-r0:
#     - CVE-2018-7167
#     - CVE-2018-7161
#     - CVE-2018-1000168
#   8.11.0-r0:
#     - CVE-2018-7158
#     - CVE-2018-7159
#     - CVE-2018-7160
#   8.9.3-r0:
#     - CVE-2017-15896
#     - CVE-2017-15897
#   6.11.5-r0:
#     - CVE-2017-14919
#   6.11.1-r0:
#     - CVE-2017-1000381
#
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=14.18.1
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all !mips64 !mips64el"
license="MIT"
depends="ca-certificates nghttp2-libs>=1.41"
makedepends="
	brotli-dev
	c-ares-dev
	icu-dev
	linux-headers
	nghttp2-dev
	openssl-dev
	python3
	zlib-dev
	"
subpackages="$pkgname-dev $pkgname-doc npm::noarch"
provides="nodejs-lts=$pkgver"  # for backward compatibility
replaces="nodejs-current nodejs-lts"  # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
	disable-running-gyp-on-shared-deps.patch
	link-with-libatomic-on-mips32.patch
	fix-build-with-system-c-ares.patch
	"
builddir="$srcdir/node-v$pkgver"

prepare() {
	default_prepare

	# Remove bundled dependencies that we're not using.
	rm -rf deps/brotli deps/cares deps/openssl deps/zlib
}

build() {
	# Add defines recommended in libuv readme.
	local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"

	# Compiling with O2 instead of Os increases binary size by ~10%
	# (53.1 MiB -> 58.6 MiB), but also increases performance by ~20%
	# according to v8/web-tooling-benchmark. Node.js is quite huge anyway;
	# there are better options for size constrained environments.
	export CFLAGS="${CFLAGS/-Os/-O2} $common_flags"
	export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags"
	export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags"

	case "$CARCH" in
	mips*) _carchflags="--with-mips-arch-variant=r1 --with-mips-float-abi=soft";;
	esac

	# NOTE: We use bundled libuv because they don't care much about backward
	# compatibility and it has happened several times in past that we
	# couldn't upgrade nodejs package in stable branches to fix CVEs due to
	# libuv incompatibility.
	#
	# TODO: After icu package is modified to split data into multiple
	# variants, change --with-intl to "system-icu".
	python3 configure.py --prefix=/usr \
		$_carchflags \
		--shared-brotli \
		--shared-zlib \
		--shared-openssl \
		--shared-cares \
		--shared-nghttp2 \
		--openssl-use-def-ca-store \
		--with-icu-default-data-dir=$(icu-config --icudatadir) \
		--with-intl=small-icu

	make BUILDTYPE=Release
}

# TODO Run provided test suite.
check() {
	cd "$builddir"/out/Release

	./node -e 'console.log("Hello, world!")'
	./node -e "require('assert').equal(process.versions.node, '$pkgver')"
}

package() {
	make DESTDIR="$pkgdir" install

	cp -pr "$pkgdir"/usr/lib/node_modules/npm/man "$pkgdir"/usr/share
	local d; for d in docs man; do
		rm -r "$pkgdir"/usr/lib/node_modules/npm/$d
	done

	# XXX: Workaround for https://github.com/npm/cli/issues/780.
	(cd "$pkgdir"/usr/share/man/man5 && find * \
		-type f ! \( -name 'package-json.*' -or -name 'npmrc.*' -or -name 'npm-*' \) \
		-exec mv {} npm-{} \;)
	(cd "$pkgdir"/usr/share/man/man7 && find * \
		-type f ! \( -name 'semver.*' -or -name 'npm-*' \) \
		-exec mv {} npm-{} \;)
}

dev() {
	provides="nodejs-lts-dev=$pkgver"  # for backward compatibility
	default_dev
}

npm() {
	pkgdesc="A package manager for JavaScript"
	depends="$pkgname"
	# for backward compatibility
	provides="nodejs-npm=$pkgver-r$pkgrel nodejs-current-npm=$pkgver-r$pkgrel"
	replaces="nodejs-npm nodejs-current-npm $pkgname"

	mkdir -p "$subpkgdir"/usr/bin
	mv "$pkgdir"/usr/bin/np[mx] "$subpkgdir"/usr/bin/

	mkdir -p "$subpkgdir"/usr/lib/node_modules
	mv "$pkgdir"/usr/lib/node_modules/npm "$subpkgdir"/usr/lib/node_modules/
}

sha512sums="
f9455ff65a57772e242343e2c1113e769c2ab8123e8a4fd6bd65525f4401d5f35e0bc73981db4f76af4f8da4e14a389fd41d2eca97cde6f0dfed5ed7a6ec532c  node-v14.18.1.tar.gz
dbe8167b61518f8f59176759d69834d57bf3e6a5a5fd3dfc2359cafe0325da08b27f8220d278ed77f50c9f63a03313eabbbb0eaca3e592e5bb4e0d5be0ced373  disable-running-gyp-on-shared-deps.patch
44e81fbf254bd79e38b813f7f5a1336df854588939cba50aaec600660495f9b7745a7049a99eb59d15a51100b3a44f66892a902d7fc32e1399b51883ad4c02cf  link-with-libatomic-on-mips32.patch
30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f  fix-build-with-system-c-ares.patch
"