aboutsummaryrefslogtreecommitdiffstats
path: root/main/nodejs/APKBUILD
blob: 8958b77e948b30078222440c81a3206647b731cc (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   14.16.1-r0:
#     - CVE-2020-7774
#   14.16.0-r0:
#     - CVE-2021-22883
#     - CVE-2021-22884
#   14.15.5-r0:
#     - CVE-2021-21148
#   14.15.4-r0:
#     - CVE-2020-8265
#     - CVE-2020-8287
#   14.15.1-r0:
#     - CVE-2020-8277
#   12.18.4-r0:
#     - CVE-2020-8201
#     - CVE-2020-8252
#   12.18.0-r0:
#     - CVE-2020-8172
#     - CVE-2020-11080
#     - CVE-2020-8174
#   12.15.0-r0:
#     - CVE-2019-15606
#     - CVE-2019-15605
#     - CVE-2019-15604
#   10.16.3-r0:
#     - CVE-2019-9511
#     - CVE-2019-9512
#     - CVE-2019-9513
#     - CVE-2019-9514
#     - CVE-2019-9515
#     - CVE-2019-9516
#     - CVE-2019-9517
#     - CVE-2019-9518
#   10.15.3-r0:
#     - CVE-2019-5737
#   10.14.0-r0:
#     - CVE-2018-12121
#     - CVE-2018-12122
#     - CVE-2018-12123
#     - CVE-2018-0735
#     - CVE-2018-0734
#   8.11.4-r0:
#     - CVE-2018-12115
#   8.11.3-r0:
#     - CVE-2018-7167
#     - CVE-2018-7161
#     - CVE-2018-1000168
#   8.11.0-r0:
#     - CVE-2018-7158
#     - CVE-2018-7159
#     - CVE-2018-7160
#   8.9.3-r0:
#     - CVE-2017-15896
#     - CVE-2017-15897
#   6.11.5-r0:
#     - CVE-2017-14919
#   6.11.1-r0:
#     - CVE-2017-1000381
#
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=14.17.3
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all !mips64 !mips64el !riscv64"
license="MIT"
depends="ca-certificates nghttp2-libs>=1.41"
makedepends="
	brotli-dev
	c-ares-dev
	icu-dev
	linux-headers
	nghttp2-dev
	openssl-dev
	python3
	zlib-dev
	"
install="$pkgname.post-upgrade"
subpackages="$pkgname-dev $pkgname-doc"
provider_priority=100  # highest priority (other provider is nodejs-current)
provides="nodejs-lts=$pkgver"  # for backward compatibility
replaces="nodejs-current nodejs-lts"  # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
	disable-running-gyp-on-shared-deps.patch
	link-with-libatomic-on-mips32.patch
	"
builddir="$srcdir/node-v$pkgver"

prepare() {
	default_prepare

	# Remove bundled dependencies that we're not using.
	rm -rf deps/brotli deps/cares deps/openssl deps/zlib
}

build() {
	# Add defines recommended in libuv readme.
	local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"

	# Compiling with O2 instead of Os increases binary size by ~10%
	# (53.1 MiB -> 58.6 MiB), but also increases performance by ~20%
	# according to v8/web-tooling-benchmark. Node.js is quite huge anyway;
	# there are better options for size constrained environments.
	export CFLAGS="${CFLAGS/-Os/-O2} $common_flags"
	export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags"
	export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags"

	case "$CARCH" in
	mips*) _carchflags="--with-mips-arch-variant=r1 --with-mips-float-abi=soft";;
	esac

	# NOTE: We use bundled libuv because they don't care much about backward
	# compatibility and it has happened several times in past that we
	# couldn't upgrade nodejs package in stable branches to fix CVEs due to
	# libuv incompatibility.
	#
	# NOTE: We don't package the bundled npm - it's a separate project with
	# its own release cycle and version numbering, so it's better to keep
	# it in a standalone aport.
	#
	# TODO: After icu package is modified to split data into multiple
	# variants, change --with-intl to "system-icu".
	python3 configure.py --prefix=/usr \
		$_carchflags \
		--shared-brotli \
		--shared-zlib \
		--shared-openssl \
		--shared-cares \
		--shared-nghttp2 \
		--openssl-use-def-ca-store \
		--with-icu-default-data-dir=$(icu-config --icudatadir) \
		--with-intl=small-icu \
		--without-npm

	make BUILDTYPE=Release
}

# TODO Run provided test suite.
check() {
	cd "$builddir"/out/Release

	./node -e 'console.log("Hello, world!")'
	./node -e "require('assert').equal(process.versions.node, '$pkgver')"
}

package() {
	make DESTDIR="$pkgdir" install
}

dev() {
	provides="nodejs-lts-dev=$pkgver"  # for backward compatibility
	default_dev
}

sha512sums="
0ceeddd2b93ed1f7c40912b6533879f7401aaafd27f54230c65ec0454b2eb860abe855c73428a43aa440502302b31fd4a6fa700f5cb0b00702cd2ef522dbf496  node-v14.17.3.tar.gz
dbe8167b61518f8f59176759d69834d57bf3e6a5a5fd3dfc2359cafe0325da08b27f8220d278ed77f50c9f63a03313eabbbb0eaca3e592e5bb4e0d5be0ced373  disable-running-gyp-on-shared-deps.patch
44e81fbf254bd79e38b813f7f5a1336df854588939cba50aaec600660495f9b7745a7049a99eb59d15a51100b3a44f66892a902d7fc32e1399b51883ad4c02cf  link-with-libatomic-on-mips32.patch
"