~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch

[alpine-aports] [PATCH] community/nodejs-current: upgrade to v7.5.0

Jose-Luis Rivas <ghostbar@riseup.net>
Details
Message ID
<20170209020036.GA1@riseup.net>
Sender timestamp
1486605636
DKIM signature
missing
Download raw message
Patch: +6 -75
No need for the use-system-ca-certs.patch since it's already merged into
upstream. Removing the bundled certs from source makes it unbuildable
and there's no need to remove it from source.
---
 community/nodejs-current/APKBUILD                  | 18 +++----
 community/nodejs-current/use-system-ca-certs.patch | 63 ----------------------
 2 files changed, 6 insertions(+), 75 deletions(-)
 delete mode 100644 community/nodejs-current/use-system-ca-certs.patch

diff --git a/community/nodejs-current/APKBUILD b/community/nodejs-current/APKBUILD
index 1f46f7dd1f..c93f534849 100644
--- a/community/nodejs-current/APKBUILD
+++ b/community/nodejs-current/APKBUILD
@@ -2,8 +2,8 @@
# Maintainer: Jose-Luis Rivas <ghostbar@riseup.net>
pkgname=nodejs-current
# The current stable version, i.e. non-LTS.
pkgver=7.2.1
pkgrel=2
pkgver=7.5.0
pkgrel=0
pkgdesc="JavaScript runtime built on V8 engine - current stable version"
url="http://nodejs.org/"
arch="all"
@@ -17,16 +17,12 @@ subpackages="$pkgname-dev $pkgname-doc"
provides="nodejs"
replaces="nodejs nodejs-lts"  # nodejs-lts for backward compatibility
source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz
	use-system-ca-certs.patch
	dont-run-gyp-files-for-bundled-deps.patch"
builddir="$srcdir/node-v$pkgver"

prepare() {
	default_prepare || return 1

	# Remove bundled CA certificates.
	rm -f src/node_root_certs.h

	# Remove bundled dependencies that we're not using.
	rm -rf deps/http_parser deps/openssl deps/uv deps/zlib
}
@@ -39,6 +35,7 @@ build() {
		--shared-libuv \
		--shared-openssl \
		--shared-http-parser \
    --openssl-use-def-ca-store \
		|| return 1

	# we need run mksnapshot at build time so paxmark it early
@@ -60,12 +57,9 @@ package() {
	done
}

md5sums="20167fa2b3ef3e17430af4fae9a26427  node-v7.2.1.tar.gz
a785f2e6018cdace456b0ab518474453  use-system-ca-certs.patch
md5sums="8b648e7f83ec6f1aa52b3e3b87999761  node-v7.5.0.tar.gz
5b1b27a33063602990f5495d3b01b587  dont-run-gyp-files-for-bundled-deps.patch"
sha256sums="fd08b8ba43b0596a7160b09a37113ac03b4b0976ec7e48980b7b8c078aa51b02  node-v7.2.1.tar.gz
e0384006b04fef35c2c5e65d0cde6aae7efbc314d38c3c9ade0ae599f2b77bc2  use-system-ca-certs.patch
sha256sums="0da8e0288b5c0f136e650b7119219968720caf88b5a67ef0591555113f0844c2  node-v7.5.0.tar.gz
6886ee83f76eb68dc948da844e548f060caf360ca039bb2c1ee7ea0cd2d8dbf3  dont-run-gyp-files-for-bundled-deps.patch"
sha512sums="501f23cbe42bcb5eef785113d05b35e4507fb7e5b9ae474eeef2d9dd12270f08653493b5bc28306f2b3e0db54a3703ba6c3606de66ac8eeb0212670fe192b978  node-v7.2.1.tar.gz
877669ed466606bc6afd67083d82b365a969b6626f4248a7f41249958a96e7bb6a6c656715c7b80e763bb53c6cf5789e604e15e05ff74f58e5441acc560350af  use-system-ca-certs.patch
sha512sums="e5f1b37c5d313ca6cc91cb46f49443855d44718599543894f34aad6b921b9fbbc91b8bde720a2e6526d0cdb68ce77f74e1d770dec2b582ad964cd9d1d3c5bfbd  node-v7.5.0.tar.gz
ba95f21b1e80717ef63941854e7ed412f64a91da068c0dbf0d6d9697333ee266c9f4cd7bf1a01111eeb28aa66adefd8a58cfb3e82debb84b43e35e9dc914dd36  dont-run-gyp-files-for-bundled-deps.patch"
diff --git a/community/nodejs-current/use-system-ca-certs.patch b/community/nodejs-current/use-system-ca-certs.patch
deleted file mode 100644
index 6e46c74b40..0000000000
--- a/community/nodejs-current/use-system-ca-certs.patch
@@ -1,63 +0,0 @@
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Sat, 26 Nov 2016 21:18:00 +0200
Subject: Use system-provided CA certificates instead of bundled ones

--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -116,8 +116,8 @@
 
 static Mutex* mutexes;
 
-const char* const root_certs[] = {
-#include "node_root_certs.h"  // NOLINT(build/include_order)
+const char* root_certs[] = {
+  NULL
 };
 
 X509_STORE* root_cert_store;
@@ -688,25 +688,33 @@
 
 
 static X509_STORE* NewRootCertStore() {
+  X509_STORE* store = X509_STORE_new();
+
   if (!root_certs_vector) {
     root_certs_vector = new std::vector<X509*>;
 
-    for (size_t i = 0; i < arraysize(root_certs); i++) {
-      BIO* bp = NodeBIO::NewFixed(root_certs[i], strlen(root_certs[i]));
-      X509 *x509 = PEM_read_bio_X509(bp, nullptr, CryptoPemCallback, nullptr);
-      BIO_free(bp);
--
-      if (x509 == nullptr) {
-        // Parse errors from the built-in roots are fatal.
-        ABORT();
-        return nullptr;
-      }
+    BIO* bio = BIO_new(BIO_s_file());
+    if (bio == nullptr) {
+      abort();
+      return nullptr;
+    }
+
+    if (BIO_read_filename(bio, "/etc/ssl/certs/ca-certificates.crt") == 1) {
+      STACK_OF(X509_INFO)* certs = PEM_X509_INFO_read_bio(bio, nullptr, nullptr, nullptr);
 
-      root_certs_vector->push_back(x509);
+      for (int i = 0; i < sk_X509_INFO_num(certs); i++) {
+        X509* cert = sk_X509_INFO_value(certs, i)->x509;
+
+        if (cert) {
+          X509_up_ref(cert);
+          root_certs_vector->push_back(cert);
+        }
+      }
+      sk_X509_INFO_pop_free(certs, X509_INFO_free);
     }
+    BIO_free_all(bio);
   }
 
-  X509_STORE* store = X509_STORE_new();
   for (auto& cert : *root_certs_vector) {
     X509_up_ref(cert);
     X509_STORE_add_cert(store, cert);
-- 
2.11.1


-- 
⨳ PGP 0x13EC43EEB9AC8C43 ⨳ https://ghostbar.co


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)