aboutsummaryrefslogtreecommitdiffstats
path: root/main/nodejs/APKBUILD
blob: ab09d4c40e849591ae0dee5fc88ee9adb1c4be4c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# Contributor: Jose-Luis Rivas <ghostbar@riseup.net>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: Dave Esaias <dave@containership.io>
# Contributor: Tadahisa Kamijo <kamijin@live.jp>
# Contributor: Eivind Uggedal <eu@eju.no>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
#
# secfixes:
#   14.18.1-r0:
#     - CVE-2021-22959
#     - CVE-2021-22960
#   14.17.6-r0:
#     - CVE-2021-37701
#     - CVE-2021-37712
#     - CVE-2021-37713
#     - CVE-2021-39134
#     - CVE-2021-39135
#   14.17.5-r0:
#     - CVE-2021-3672
#     - CVE-2021-22931
#     - CVE-2021-22939
#   14.17.4-r0:
#     - CVE-2021-22930
#   14.16.1-r0:
#     - CVE-2020-7774
#   14.16.0-r0:
#     - CVE-2021-22883
#     - CVE-2021-22884
#   14.15.5-r0:
#     - CVE-2021-21148
#   14.15.4-r0:
#     - CVE-2020-8265
#     - CVE-2020-8287
#   14.15.1-r0:
#     - CVE-2020-8277
#   12.18.4-r0:
#     - CVE-2020-8201
#     - CVE-2020-8252
#   12.18.0-r0:
#     - CVE-2020-8172
#     - CVE-2020-11080
#     - CVE-2020-8174
#   12.15.0-r0:
#     - CVE-2019-15606
#     - CVE-2019-15605
#     - CVE-2019-15604
#   10.16.3-r0:
#     - CVE-2019-9511
#     - CVE-2019-9512
#     - CVE-2019-9513
#     - CVE-2019-9514
#     - CVE-2019-9515
#     - CVE-2019-9516
#     - CVE-2019-9517
#     - CVE-2019-9518
#   10.15.3-r0:
#     - CVE-2019-5737
#   10.14.0-r0:
#     - CVE-2018-12121
#     - CVE-2018-12122
#     - CVE-2018-12123
#     - CVE-2018-0735
#     - CVE-2018-0734
#   8.11.4-r0:
#     - CVE-2018-12115
#   8.11.3-r0:
#     - CVE-2018-7167
#     - CVE-2018-7161
#     - CVE-2018-1000168
#   8.11.0-r0:
#     - CVE-2018-7158
#     - CVE-2018-7159
#     - CVE-2018-7160
#   8.9.3-r0:
#     - CVE-2017-15896
#     - CVE-2017-15897
#   6.11.5-r0:
#     - CVE-2017-14919
#   6.11.1-r0:
#     - CVE-2017-1000381
#
pkgname=nodejs
# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)!
# Odd-numbered versions are supported only for 9 months by upstream.
pkgver=16.13.1
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - LTS version"
url="https://nodejs.org/"
arch="all !riscv64"
license="MIT"
depends="ca-certificates nghttp2-libs>=1.41"
makedepends="
	brotli-dev
	c-ares-dev
	icu-dev
	linux-headers
	nghttp2-dev
	openssl1.1-compat-dev
	python3
	py3-jinja2
	zlib-dev
	"
install="$pkgname.post-upgrade"
subpackages="$pkgname-dev $pkgname-doc"
provider_priority=100  # highest priority (other provider is nodejs-current)
provides="nodejs-lts=$pkgver"  # for backward compatibility
replaces="nodejs-current nodejs-lts"  # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
	disable-running-gyp-on-shared-deps.patch
	fix-build-with-system-c-ares.patch
	"
builddir="$srcdir/node-v$pkgver"

prepare() {
	default_prepare

	# Remove bundled dependencies that we're not using.
	rm -rf deps/brotli \
		deps/cares \
		deps/openssl \
		deps/v8/third_party/jinja2 \
		deps/zlib \
		tools/inspector_protocol/jinja2
}

build() {
	# Add defines recommended in libuv readme.
	local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64"

	# Compiling with O2 instead of Os increases binary size by ~10%
	# (53.1 MiB -> 58.6 MiB), but also increases performance by ~20%
	# according to v8/web-tooling-benchmark. Node.js is quite huge anyway;
	# there are better options for size constrained environments.
	export CFLAGS="${CFLAGS/-Os/-O2} $common_flags"
	export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags"
	export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags"

	# NOTE: We use bundled libuv because they don't care much about backward
	# compatibility and it has happened several times in past that we
	# couldn't upgrade nodejs package in stable branches to fix CVEs due to
	# libuv incompatibility.
	#
	# NOTE: We don't package the bundled npm - it's a separate project with
	# its own release cycle and version numbering, so it's better to keep
	# it in a standalone aport.
	#
	# TODO: After icu package is modified to split data into multiple
	# variants, change --with-intl to "system-icu".
	python3 configure.py --prefix=/usr \
		--shared-brotli \
		--shared-zlib \
		--shared-openssl \
		--shared-cares \
		--shared-nghttp2 \
		--openssl-use-def-ca-store \
		--with-icu-default-data-dir=$(icu-config --icudatadir) \
		--with-intl=small-icu \
		--without-npm

	make BUILDTYPE=Release
}

# TODO Run provided test suite.
check() {
	cd "$builddir"/out/Release

	./node -e 'console.log("Hello, world!")'
	./node -e "require('assert').equal(process.versions.node, '$pkgver')"
}

package() {
	make DESTDIR="$pkgdir" install
}

dev() {
	provides="nodejs-lts-dev=$pkgver"  # for backward compatibility
	default_dev
}

sha512sums="
22865b221954fc7b691596ec62c7a6b048de964586de03e5208a443afa909bcbad9fca6c7e416e41a5fd4ec09bdd28cd60c5b1c951f7ea5b265616cc59255cb0  node-v16.13.1.tar.gz
dbe8167b61518f8f59176759d69834d57bf3e6a5a5fd3dfc2359cafe0325da08b27f8220d278ed77f50c9f63a03313eabbbb0eaca3e592e5bb4e0d5be0ced373  disable-running-gyp-on-shared-deps.patch
30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f  fix-build-with-system-c-ares.patch
"