summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChen, Chih-Chia <pigfoot@gmail.com>2017-03-23 17:36:54 +0800
committerChen, Chih-Chia <pigfoot@gmail.com>2017-03-23 17:36:54 +0800
commit18a9a3549834e2018d9f2faa720ca9568d415cfe (patch)
tree50470971ee8e488d5f4edd1eef05501998f975fd
parent[net-libs/nodejs] Version bump to 6.9.4 (diff)
downloadpigfoot-18a9a3549834e2018d9f2faa720ca9568d415cfe.tar.gz
pigfoot-18a9a3549834e2018d9f2faa720ca9568d415cfe.tar.bz2
pigfoot-18a9a3549834e2018d9f2faa720ca9568d415cfe.zip
[net-libs/nodejs] Version bump to 7.7.3
-rw-r--r--net-libs/nodejs/Manifest1
-rw-r--r--net-libs/nodejs/files/nodejs-7.7.3-libressl.patch837
-rw-r--r--net-libs/nodejs/files/rollback.sh32
-rw-r--r--net-libs/nodejs/nodejs-6.9.4.ebuild2
-rw-r--r--net-libs/nodejs/nodejs-7.7.3.ebuild205
5 files changed, 1076 insertions, 1 deletions
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest
index 5bf175e..3c7b285 100644
--- a/net-libs/nodejs/Manifest
+++ b/net-libs/nodejs/Manifest
@@ -1,2 +1,3 @@
DIST node-v5.9.1.tar.xz 13226192 SHA256 668067077dfceb3d2039d0df693fec6aa20b920d01a42b53dc61d4aa91e0ae55 SHA512 34774d88eda775bdf153a76bd02b26c499e4a9ef47d8e94ad7b66d360d04891b45ce8f211833ca69e8c0a786ca36424b0c620a90b1fbc6d5afc77d20f4b5fadb WHIRLPOOL d666aa6fd4d577f7a6f89c3bfa75e62a0281e0dd7592373f384bfe01fa2dcbf81156bf6a21fc2097d48d5024a39057713c2593f4609c70ff8f84090471b073a9
DIST node-v6.9.4.tar.xz 15519264 SHA256 c51d7c61db40455d57428abcadc7eb0f0a08a8878cb1d8ea3c1e211c54532c35 SHA512 86d3e2889031c2b50c021bd3fd63194c2c22c44291d51dff1b5e1652b01853c09d2880c2f58fdad062e3e2a3f637a3f0d78dac66b835b676790cf272e64f8dce WHIRLPOOL d1bcf488ed1aae7959303b988c9467fc5d0930166c7bfe0e441392763e19f788496971c07560a9f62586bbb2be7ce741ece8346140d665d29593b9b8f649b002
+DIST node-v7.7.3.tar.xz 16681592 SHA256 5441daf11f743b5508ddf31a16b4f268835fbceb59ef709b44e85b03fece0edf SHA512 9698510990e444f664c844c3d2ffac2cc8094abfe123e49f656193d5ef75ee10716adfa69da8e689b8deb18a33381ca8e37042dfbd602a7923971c5c1c86b331 WHIRLPOOL c181a8416126621a5accfc962af072888be235a84314d7c0143414e92dace2ebb93b35713e45884eac1c7addaf24158e3ecd7cac850401bad75165e9b964f745
diff --git a/net-libs/nodejs/files/nodejs-7.7.3-libressl.patch b/net-libs/nodejs/files/nodejs-7.7.3-libressl.patch
new file mode 100644
index 0000000..ad99c96
--- /dev/null
+++ b/net-libs/nodejs/files/nodejs-7.7.3-libressl.patch
@@ -0,0 +1,837 @@
+diff --git a/lib/_tls_wrap.js.BAK b/lib/_tls_wrap.js
+index e01c143..0437c21 100644
+--- a/lib/_tls_wrap.js.BAK
++++ b/lib/_tls_wrap.js
+@@ -155,27 +155,33 @@ function onclienthello(hello) {
+ if (err)
+ return self.destroy(err);
+
+- self._handle.endParser();
+- });
+-}
+-
+-
+-function oncertcb(info) {
+- var self = this;
+- var servername = info.servername;
+-
+- loadSNI(self, servername, function(err, ctx) {
+- if (err)
+- return self.destroy(err);
+- requestOCSP(self, info, ctx, function(err) {
++ // Servername came from SSL session
++ // NOTE: TLS Session ticket doesn't include servername information
++ //
++ // Another note, From RFC3546:
++ //
++ // If, on the other hand, the older
++ // session is resumed, then the server MUST ignore extensions appearing
++ // in the client hello, and send a server hello containing no
++ // extensions; in this case the extension functionality negotiated
++ // during the original session initiation is applied to the resumed
++ // session.
++ //
++ // Therefore we should account session loading when dealing with servername
++ var servername = session && session.servername || hello.servername;
++ loadSNI(self, servername, function(err, ctx) {
+ if (err)
+ return self.destroy(err);
+
+- if (!self._handle)
+- return self.destroy(new Error('Socket is closed'));
+-
+ try {
+- self._handle.certCbDone();
++ requestOCSP(self, hello, ctx, function(err) {
++ if (err)
++ return self.destroy(err);
++
++ if (!self._handle)
++ return self.destroy(new Error('Socket is closed'));
++ self._handle.endParser()
++ });
+ } catch (e) {
+ self.destroy(e);
+ }
+@@ -418,18 +424,15 @@ TLSSocket.prototype._init = function(socket, wrap) {
+ ssl.onhandshakestart = () => onhandshakestart.call(this);
+ ssl.onhandshakedone = () => onhandshakedone.call(this);
+ ssl.onclienthello = (hello) => onclienthello.call(this, hello);
+- ssl.oncertcb = (info) => oncertcb.call(this, info);
+ ssl.onnewsession = (key, session) => onnewsession.call(this, key, session);
+ ssl.lastHandshakeTime = 0;
+ ssl.handshakes = 0;
+
+- if (this.server) {
+- if (this.server.listenerCount('resumeSession') > 0 ||
+- this.server.listenerCount('newSession') > 0) {
+- ssl.enableSessionCallbacks();
+- }
+- if (this.server.listenerCount('OCSPRequest') > 0)
+- ssl.enableCertCb();
++ if (this.server &&
++ (this.server.listenerCount('resumeSession') > 0 ||
++ this.server.listenerCount('newSession') > 0 ||
++ this.server.listenerCount('OCSPRequest') > 0)) {
++ ssl.enableSessionCallbacks();
+ }
+ } else {
+ ssl.onhandshakestart = function() {};
+@@ -473,7 +476,7 @@ TLSSocket.prototype._init = function(socket, wrap) {
+ options.server._contexts.length)) {
+ assert(typeof options.SNICallback === 'function');
+ this._SNICallback = options.SNICallback;
+- ssl.enableCertCb();
++ ssl.enableHelloParser();
+ }
+
+ if (process.features.tls_npn && options.NPNProtocols)
+@@ -667,13 +670,6 @@ TLSSocket.prototype.getCipher = function(err) {
+ }
+ };
+
+-TLSSocket.prototype.getEphemeralKeyInfo = function() {
+- if (this._handle)
+- return this._handle.getEphemeralKeyInfo();
+-
+- return null;
+-};
+-
+ TLSSocket.prototype.getProtocol = function() {
+ if (this._handle)
+ return this._handle.getProtocol();
+@@ -1070,17 +1066,6 @@ exports.connect = function(/* [port, host], options, cb */) {
+ socket._start();
+
+ socket.on('secure', function() {
+- // Check the size of DHE parameter above minimum requirement
+- // specified in options.
+- var ekeyinfo = socket.getEphemeralKeyInfo();
+- if (ekeyinfo.type === 'DH' && ekeyinfo.size < options.minDHSize) {
+- var err = new Error('DH parameter size ' + ekeyinfo.size +
+- ' is less than ' + options.minDHSize);
+- socket.emit('error', err);
+- socket.destroy();
+- return;
+- }
+-
+ var verifyError = socket._handle.verifyError();
+
+ // Verify that server's identity matches it's certificate's names
+diff --git a/src/env.h.BAK b/src/env.h
+index cf881a4..6a4f521 100644
+--- a/src/env.h.BAK
++++ b/src/env.h
+@@ -71,7 +71,6 @@ namespace node {
+ V(cached_data_rejected_string, "cachedDataRejected") \
+ V(callback_string, "callback") \
+ V(change_string, "change") \
+- V(oncertcb_string, "oncertcb") \
+ V(onclose_string, "_onclose") \
+ V(code_string, "code") \
+ V(configurable_string, "configurable") \
+diff --git a/src/node_crypto.cc.BAK b/src/node_crypto.cc
+index b83794a..227d4b1 100644
+--- a/src/node_crypto.cc.BAK
++++ b/src/node_crypto.cc
+@@ -167,8 +167,6 @@ template int SSLWrap<TLSWrap>::TLSExtStatusCallback(SSL* s, void* arg);
+ #endif
+
+ template void SSLWrap<TLSWrap>::DestroySSL();
+-template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg);
+-template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg);
+
+ #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+ template int SSLWrap<TLSWrap>::SelectALPNCallback(
+@@ -523,8 +521,7 @@ int SSL_CTX_use_certificate_chain(SSL_CTX* ctx,
+ for (int i = 0; i < sk_X509_num(extra_certs); i++) {
+ X509* ca = sk_X509_value(extra_certs, i);
+
+- // NOTE: Increments reference count on `ca`
+- r = SSL_CTX_add1_chain_cert(ctx, ca);
++ r = SSL_CTX_add_extra_chain_cert(ctx, ca);
+
+ if (!r) {
+ ret = 0;
+@@ -680,20 +677,26 @@ void SecureContext::SetCert(const FunctionCallbackInfo<Value>& args) {
+ }
+
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
++#if (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER)
+ // This section contains OpenSSL 1.1.0 functions reimplemented for OpenSSL
+ // 1.0.2 so that the following code can be written without lots of #if lines.
++// Meanwhile libressl only implemented X509_up_ref but not X509_STORE_up_ref.
+
++#if defined(LIBRESSL_VERSION_NUMBER)
+ static int X509_STORE_up_ref(X509_STORE* store) {
+ CRYPTO_add(&store->references, 1, CRYPTO_LOCK_X509_STORE);
+ return 1;
+ }
++#endif // LIBRESSL_VERSION_NUMBER
+
++#if !defined(LIBRESSL_VERSION_NUMBER)
+ static int X509_up_ref(X509* cert) {
+ CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+ return 1;
+ }
+-#endif // OPENSSL_VERSION_NUMBER < 0x10100000L && !OPENSSL_IS_BORINGSSL
++#endif // !defined(LIBRESSL_VERSION_NUMBER)
++
++#endif // (OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)) || defined(LIBRESSL_VERSION_NUMBER)
+
+
+ static X509_STORE* NewRootCertStore() {
+@@ -1153,7 +1156,7 @@ void SecureContext::SetTicketKeys(const FunctionCallbackInfo<Value>& args) {
+
+
+ void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_IS_BORINGSSL) && !defined(LIBRESSL_VERSION_NUMBER)
+ // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL
+ // mallocs and frees buffers directly, without the use of a freelist.
+ SecureContext* wrap;
+@@ -1300,14 +1303,12 @@ void SSLWrap<Base>::AddMethods(Environment* env, Local<FunctionTemplate> t) {
+ env->SetProtoMethod(t, "verifyError", VerifyError);
+ env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher);
+ env->SetProtoMethod(t, "endParser", EndParser);
+- env->SetProtoMethod(t, "certCbDone", CertCbDone);
+ env->SetProtoMethod(t, "renegotiate", Renegotiate);
+ env->SetProtoMethod(t, "shutdownSSL", Shutdown);
+ env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket);
+ env->SetProtoMethod(t, "newSessionDone", NewSessionDone);
+ env->SetProtoMethod(t, "setOCSPResponse", SetOCSPResponse);
+ env->SetProtoMethod(t, "requestOCSP", RequestOCSP);
+- env->SetProtoMethod(t, "getEphemeralKeyInfo", GetEphemeralKeyInfo);
+ env->SetProtoMethod(t, "getProtocol", GetProtocol);
+
+ #ifdef SSL_set_max_send_fragment
+@@ -1927,51 +1928,6 @@ void SSLWrap<Base>::RequestOCSP(
+ }
+
+
+-template <class Base>
+-void SSLWrap<Base>::GetEphemeralKeyInfo(
+- const v8::FunctionCallbackInfo<v8::Value>& args) {
+- Base* w;
+- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
+- Environment* env = Environment::GetCurrent(args);
+-
+- CHECK_NE(w->ssl_, nullptr);
+-
+- // tmp key is available on only client
+- if (w->is_server())
+- return args.GetReturnValue().SetNull();
+-
+- Local<Object> info = Object::New(env->isolate());
+-
+- EVP_PKEY* key;
+-
+- if (SSL_get_server_tmp_key(w->ssl_, &key)) {
+- switch (EVP_PKEY_id(key)) {
+- case EVP_PKEY_DH:
+- info->Set(env->type_string(),
+- FIXED_ONE_BYTE_STRING(env->isolate(), "DH"));
+- info->Set(env->size_string(),
+- Integer::New(env->isolate(), EVP_PKEY_bits(key)));
+- break;
+- case EVP_PKEY_EC:
+- {
+- EC_KEY* ec = EVP_PKEY_get1_EC_KEY(key);
+- int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+- EC_KEY_free(ec);
+- info->Set(env->type_string(),
+- FIXED_ONE_BYTE_STRING(env->isolate(), "ECDH"));
+- info->Set(env->name_string(),
+- OneByteString(args.GetIsolate(), OBJ_nid2sn(nid)));
+- info->Set(env->size_string(),
+- Integer::New(env->isolate(), EVP_PKEY_bits(key)));
+- }
+- }
+- EVP_PKEY_free(key);
+- }
+-
+- return args.GetReturnValue().Set(info);
+-}
+-
+-
+ #ifdef SSL_set_max_send_fragment
+ template <class Base>
+ void SSLWrap<Base>::SetMaxSendFragment(
+@@ -2374,126 +2330,6 @@ int SSLWrap<Base>::TLSExtStatusCallback(SSL* s, void* arg) {
+
+
+ template <class Base>
+-void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) {
+- cert_cb_ = cb;
+- cert_cb_arg_ = arg;
+-}
+-
+-
+-template <class Base>
+-int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) {
+- Base* w = static_cast<Base*>(SSL_get_app_data(s));
+-
+- if (!w->is_server())
+- return 1;
+-
+- if (!w->is_waiting_cert_cb())
+- return 1;
+-
+- if (w->cert_cb_running_)
+- return -1;
+-
+- Environment* env = w->env();
+- HandleScope handle_scope(env->isolate());
+- Context::Scope context_scope(env->context());
+- w->cert_cb_running_ = true;
+-
+- Local<Object> info = Object::New(env->isolate());
+-
+- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+- if (servername == nullptr) {
+- info->Set(env->servername_string(), String::Empty(env->isolate()));
+- } else {
+- Local<String> str = OneByteString(env->isolate(), servername,
+- strlen(servername));
+- info->Set(env->servername_string(), str);
+- }
+-
+- bool ocsp = false;
+-#ifdef NODE__HAVE_TLSEXT_STATUS_CB
+- ocsp = s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp;
+-#endif
+-
+- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp));
+-
+- Local<Value> argv[] = { info };
+- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv);
+-
+- if (!w->cert_cb_running_)
+- return 1;
+-
+- // Performing async action, wait...
+- return -1;
+-}
+-
+-
+-template <class Base>
+-void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) {
+- Base* w;
+- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder());
+- Environment* env = w->env();
+-
+- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_);
+-
+- Local<Object> object = w->object();
+- Local<Value> ctx = object->Get(env->sni_context_string());
+- Local<FunctionTemplate> cons = env->secure_context_constructor_template();
+-
+- // Not an object, probably undefined or null
+- if (!ctx->IsObject())
+- goto fire_cb;
+-
+- if (cons->HasInstance(ctx)) {
+- SecureContext* sc;
+- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>());
+- w->sni_context_.Reset();
+- w->sni_context_.Reset(env->isolate(), ctx);
+-
+- int rv;
+-
+- // NOTE: reference count is not increased by this API methods
+- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_);
+- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_);
+- STACK_OF(X509)* chain;
+-
+- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain);
+- if (rv)
+- rv = SSL_use_certificate(w->ssl_, x509);
+- if (rv)
+- rv = SSL_use_PrivateKey(w->ssl_, pkey);
+- if (rv && chain != nullptr)
+- rv = SSL_set1_chain(w->ssl_, chain);
+- if (rv)
+- rv = w->SetCACerts(sc);
+- if (!rv) {
+- unsigned long err = ERR_get_error(); // NOLINT(runtime/int)
+- if (!err)
+- return env->ThrowError("CertCbDone");
+- return ThrowCryptoError(env, err);
+- }
+- } else {
+- // Failure: incorrect SNI context object
+- Local<Value> err = Exception::TypeError(env->sni_context_err_string());
+- w->MakeCallback(env->onerror_string(), 1, &err);
+- return;
+- }
+-
+- fire_cb:
+- CertCb cb;
+- void* arg;
+-
+- cb = w->cert_cb_;
+- arg = w->cert_cb_arg_;
+-
+- w->cert_cb_running_ = false;
+- w->cert_cb_ = nullptr;
+- w->cert_cb_arg_ = nullptr;
+-
+- cb(arg);
+-}
+-
+-
+-template <class Base>
+ void SSLWrap<Base>::SSLGetter(Local<String> property,
+ const PropertyCallbackInfo<Value>& info) {
+ Base* base;
+@@ -2526,10 +2362,6 @@ void SSLWrap<Base>::SetSNIContext(SecureContext* sc) {
+
+ template <class Base>
+ int SSLWrap<Base>::SetCACerts(SecureContext* sc) {
+- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_));
+- if (err != 1)
+- return err;
+-
+ STACK_OF(X509_NAME)* list = SSL_dup_CA_list(
+ SSL_CTX_get_client_CA_list(sc->ctx_));
+
+@@ -2623,10 +2455,6 @@ int Connection::HandleSSLError(const char* func,
+ DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func);
+ return 0;
+
+- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) {
+- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func);
+- return 0;
+-
+ } else if (err == SSL_ERROR_ZERO_RETURN) {
+ HandleScope scope(ssl_env()->isolate());
+
+@@ -2841,7 +2669,7 @@ inline int VerifyCallback(int preverify_ok, X509_STORE_CTX* ctx) {
+ SSL* ssl = static_cast<SSL*>(
+ X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
+
+- if (SSL_is_server(ssl))
++ if (ssl->server)
+ return 1;
+
+ // Client needs to check if the server cert is listed in the
+@@ -2868,7 +2696,7 @@ int Connection::SelectSNIContextCallback_(SSL *s, int *ad, void* arg) {
+
+ // Call the SNI callback and use its return value as context
+ if (!conn->sniObject_.IsEmpty()) {
+- conn->sni_context_.Reset();
++ conn->sniContext_.Reset();
+
+ Local<Object> sni_obj = PersistentToLocal(env->isolate(),
+ conn->sniObject_);
+@@ -2884,7 +2712,7 @@ int Connection::SelectSNIContextCallback_(SSL *s, int *ad, void* arg) {
+ Local<FunctionTemplate> secure_context_constructor_template =
+ env->secure_context_constructor_template();
+ if (secure_context_constructor_template->HasInstance(ret)) {
+- conn->sni_context_.Reset(env->isolate(), ret);
++ conn->sniContext_.Reset(env->isolate(), ret);
+ SecureContext* sc;
+ ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK);
+ conn->SetSNIContext(sc);
+@@ -2924,8 +2752,6 @@ void Connection::New(const FunctionCallbackInfo<Value>& args) {
+
+ InitNPN(sc);
+
+- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn);
+-
+ #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ if (is_server) {
+ SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_);
+@@ -5975,11 +5801,15 @@ void SetEngine(const FunctionCallbackInfo<Value>& args) {
+ #endif // !OPENSSL_NO_ENGINE
+
+ void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
++#ifdef NODE_FIPS_MODE
+ if (FIPS_mode()) {
+ args.GetReturnValue().Set(1);
+ } else {
+ args.GetReturnValue().Set(0);
+ }
++#else
++ args.GetReturnValue().Set(0);
++#endif
+ }
+
+ void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) {
+diff --git a/src/node_crypto.h.BAK b/src/node_crypto.h
+index 24ac773..caafeff 100644
+--- a/src/node_crypto.h.BAK
++++ b/src/node_crypto.h
+@@ -171,10 +171,7 @@ class SSLWrap {
+ kind_(kind),
+ next_sess_(nullptr),
+ session_callbacks_(false),
+- new_session_wait_(false),
+- cert_cb_(nullptr),
+- cert_cb_arg_(nullptr),
+- cert_cb_running_(false) {
++ new_session_wait_(false) {
+ ssl_ = SSL_new(sc->ctx_);
+ env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize);
+ CHECK_NE(ssl_, nullptr);
+@@ -187,10 +184,6 @@ class SSLWrap {
+ next_sess_ = nullptr;
+ }
+
+-#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+- sni_context_.Reset();
+-#endif
+-
+ #ifdef NODE__HAVE_TLSEXT_STATUS_CB
+ ocsp_response_.Reset();
+ #endif // NODE__HAVE_TLSEXT_STATUS_CB
+@@ -201,11 +194,8 @@ class SSLWrap {
+ inline bool is_server() const { return kind_ == kServer; }
+ inline bool is_client() const { return kind_ == kClient; }
+ inline bool is_waiting_new_session() const { return new_session_wait_; }
+- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; }
+
+ protected:
+- typedef void (*CertCb)(void* arg);
+-
+ // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and
+ // some for buffers.
+ // NOTE: Actually it is much more than this
+@@ -233,15 +223,12 @@ class SSLWrap {
+ static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args);
+- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void NewSessionDone(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void SetOCSPResponse(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void RequestOCSP(const v8::FunctionCallbackInfo<v8::Value>& args);
+- static void GetEphemeralKeyInfo(
+- const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void GetProtocol(const v8::FunctionCallbackInfo<v8::Value>& args);
+
+ #ifdef SSL_set_max_send_fragment
+@@ -275,12 +262,10 @@ class SSLWrap {
+ unsigned int inlen,
+ void* arg);
+ static int TLSExtStatusCallback(SSL* s, void* arg);
+- static int SSLCertCallback(SSL* s, void* arg);
+ static void SSLGetter(v8::Local<v8::String> property,
+ const v8::PropertyCallbackInfo<v8::Value>& info);
+
+ void DestroySSL();
+- void WaitForCertCb(CertCb cb, void* arg);
+ void SetSNIContext(SecureContext* sc);
+ int SetCACerts(SecureContext* sc);
+
+@@ -295,21 +280,12 @@ class SSLWrap {
+ bool session_callbacks_;
+ bool new_session_wait_;
+
+- // SSL_set_cert_cb
+- CertCb cert_cb_;
+- void* cert_cb_arg_;
+- bool cert_cb_running_;
+-
+ ClientHelloParser hello_parser_;
+
+ #ifdef NODE__HAVE_TLSEXT_STATUS_CB
+ v8::Persistent<v8::Object> ocsp_response_;
+ #endif // NODE__HAVE_TLSEXT_STATUS_CB
+
+-#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+- v8::Persistent<v8::Value> sni_context_;
+-#endif
+-
+ friend class SecureContext;
+ };
+
+@@ -321,6 +297,7 @@ class Connection : public AsyncWrap, public SSLWrap<Connection> {
+ ~Connection() override {
+ #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ sniObject_.Reset();
++ sniContext_.Reset();
+ servername_.Reset();
+ #endif
+ }
+@@ -335,6 +312,7 @@ class Connection : public AsyncWrap, public SSLWrap<Connection> {
+
+ #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ v8::Persistent<v8::Object> sniObject_;
++ v8::Persistent<v8::Value> sniContext_;
+ v8::Persistent<v8::String> servername_;
+ #endif
+
+diff --git a/src/tls_wrap.cc.BAK b/src/tls_wrap.cc
+index d1b1aec..11fc404 100644
+--- a/src/tls_wrap.cc.BAK
++++ b/src/tls_wrap.cc
+@@ -142,8 +142,6 @@ void TLSWrap::InitSSL() {
+
+ InitNPN(sc_);
+
+- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this);
+-
+ if (is_server()) {
+ SSL_set_accept_state(ssl_);
+ } else if (is_client()) {
+@@ -357,7 +355,6 @@ Local<Value> TLSWrap::GetSSLError(int status, int* err, const char** msg) {
+ case SSL_ERROR_NONE:
+ case SSL_ERROR_WANT_READ:
+ case SSL_ERROR_WANT_WRITE:
+- case SSL_ERROR_WANT_X509_LOOKUP:
+ break;
+ case SSL_ERROR_ZERO_RETURN:
+ return scope.Escape(env()->zero_return_string());
+@@ -774,6 +771,11 @@ void TLSWrap::EnableSessionCallbacks(
+ "EnableSessionCallbacks after destroySSL");
+ }
+ wrap->enable_session_callbacks();
++ EnableHelloParser(args);
++}
++
++void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) {
++ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder());
+ NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength);
+ wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello,
+ OnClientHelloParseEnd,
+@@ -799,13 +801,6 @@ void TLSWrap::DestroySSL(const FunctionCallbackInfo<Value>& args) {
+ }
+
+
+-void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) {
+- TLSWrap* wrap;
+- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
+- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap);
+-}
+-
+-
+ void TLSWrap::OnClientHelloParseEnd(void* arg) {
+ TLSWrap* c = static_cast<TLSWrap*>(arg);
+ c->Cycle();
+@@ -909,8 +904,8 @@ void TLSWrap::Initialize(Local<Object> target,
+ env->SetProtoMethod(t, "start", Start);
+ env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode);
+ env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
++ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser);
+ env->SetProtoMethod(t, "destroySSL", DestroySSL);
+- env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
+
+ StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
+ SSLWrap<TLSWrap>::AddMethods(env, t);
+diff --git a/src/tls_wrap.h.BAK b/src/tls_wrap.h
+index f390c9f..6995eb6 100644
+--- a/src/tls_wrap.h.BAK
++++ b/src/tls_wrap.h
+@@ -134,7 +134,7 @@ class TLSWrap : public AsyncWrap,
+ static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void EnableSessionCallbacks(
+ const v8::FunctionCallbackInfo<v8::Value>& args);
+- static void EnableCertCb(
++ static void EnableHelloParser(
+ const v8::FunctionCallbackInfo<v8::Value>& args);
+ static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
+
+@@ -162,6 +162,10 @@ class TLSWrap : public AsyncWrap,
+ // If true - delivered EOF to the js-land, either after `close_notify`, or
+ // after the `UV_EOF` on socket.
+ bool eof_;
++
++#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
++ v8::Persistent<v8::Value> sni_context_;
++#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+ };
+
+ } // namespace node
+diff --git a/test/parallel/test-tls-client-getephemeralkeyinfo.js.BAK b/test/parallel/test-tls-client-getephemeralkeyinfo.js
+index 7d68046..e69de29 100644
+--- a/test/parallel/test-tls-client-getephemeralkeyinfo.js.BAK
++++ b/test/parallel/test-tls-client-getephemeralkeyinfo.js
+@@ -1,98 +0,0 @@
+-'use strict';
+-const common = require('../common');
+-const assert = require('assert');
+-
+-if (!common.hasCrypto) {
+- common.skip('missing crypto');
+- process.exit();
+-}
+-const tls = require('tls');
+-
+-const fs = require('fs');
+-const key = fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem');
+-const cert = fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem');
+-
+-let ntests = 0;
+-let nsuccess = 0;
+-
+-function loadDHParam(n) {
+- let path = common.fixturesDir;
+- if (n !== 'error') path += '/keys';
+- return fs.readFileSync(path + '/dh' + n + '.pem');
+-}
+-
+-const cipherlist = {
+- 'NOT_PFS': 'AES128-SHA256',
+- 'DH': 'DHE-RSA-AES128-GCM-SHA256',
+- 'ECDH': 'ECDHE-RSA-AES128-GCM-SHA256'
+-};
+-
+-function test(size, type, name, next) {
+- const cipher = type ? cipherlist[type] : cipherlist['NOT_PFS'];
+-
+- if (name) tls.DEFAULT_ECDH_CURVE = name;
+-
+- const options = {
+- key: key,
+- cert: cert,
+- ciphers: cipher
+- };
+-
+- if (type === 'DH') options.dhparam = loadDHParam(size);
+-
+- const server = tls.createServer(options, function(conn) {
+- assert.strictEqual(conn.getEphemeralKeyInfo(), null);
+- conn.end();
+- });
+-
+- server.on('close', common.mustCall(function(err) {
+- assert.ifError(err);
+- if (next) next();
+- }));
+-
+- server.listen(0, '127.0.0.1', common.mustCall(function() {
+- const client = tls.connect({
+- port: this.address().port,
+- rejectUnauthorized: false
+- }, function() {
+- const ekeyinfo = client.getEphemeralKeyInfo();
+- assert.strictEqual(ekeyinfo.type, type);
+- assert.strictEqual(ekeyinfo.size, size);
+- assert.strictEqual(ekeyinfo.name, name);
+- nsuccess++;
+- server.close();
+- });
+- }));
+-}
+-
+-function testNOT_PFS() {
+- test(undefined, undefined, undefined, testDHE1024);
+- ntests++;
+-}
+-
+-function testDHE1024() {
+- test(1024, 'DH', undefined, testDHE2048);
+- ntests++;
+-}
+-
+-function testDHE2048() {
+- test(2048, 'DH', undefined, testECDHE256);
+- ntests++;
+-}
+-
+-function testECDHE256() {
+- test(256, 'ECDH', tls.DEFAULT_ECDH_CURVE, testECDHE512);
+- ntests++;
+-}
+-
+-function testECDHE512() {
+- test(521, 'ECDH', 'secp521r1', null);
+- ntests++;
+-}
+-
+-testNOT_PFS();
+-
+-process.on('exit', function() {
+- assert.strictEqual(ntests, nsuccess);
+- assert.strictEqual(ntests, 5);
+-});
+diff --git a/test/parallel/test-tls-cnnic-whitelist.js.BAK b/test/parallel/test-tls-cnnic-whitelist.js
+index c2b9c08..a433323 100644
+--- a/test/parallel/test-tls-cnnic-whitelist.js.BAK
++++ b/test/parallel/test-tls-cnnic-whitelist.js
+@@ -52,7 +52,9 @@ const testCases = [
+ port: undefined,
+ rejectUnauthorized: true
+ },
+- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
++ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
++ errorCode: 'CERT_UNTRUSTED'
++ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY'
+ }
+ ];
+
+diff --git a/test/parallel/test-tls-sni-server-client.js.BAK b/test/parallel/test-tls-sni-server-client.js
+index e743078..47006d4 100644
+--- a/test/parallel/test-tls-sni-server-client.js.BAK
++++ b/test/parallel/test-tls-sni-server-client.js
+@@ -36,39 +36,37 @@ const SNIContexts = {
+ 'asterisk.test.com': {
+ key: loadPEM('agent3-key'),
+ cert: loadPEM('agent3-cert')
+- },
+- 'chain.example.com': {
+- key: loadPEM('agent6-key'),
+- // NOTE: Contains ca3 chain cert
+- cert: loadPEM('agent6-cert')
+ }
+ };
+
+ const clientsOptions = [{
+ port: undefined,
++ key: loadPEM('agent1-key'),
++ cert: loadPEM('agent1-cert'),
+ ca: [loadPEM('ca1-cert')],
+ servername: 'a.example.com',
+ rejectUnauthorized: false
+ }, {
+ port: undefined,
++ key: loadPEM('agent2-key'),
++ cert: loadPEM('agent2-cert'),
+ ca: [loadPEM('ca2-cert')],
+ servername: 'b.test.com',
+ rejectUnauthorized: false
+ }, {
+ port: undefined,
++ key: loadPEM('agent2-key'),
++ cert: loadPEM('agent2-cert'),
+ ca: [loadPEM('ca2-cert')],
+ servername: 'a.b.test.com',
+ rejectUnauthorized: false
+ }, {
+ port: undefined,
++ key: loadPEM('agent3-key'),
++ cert: loadPEM('agent3-cert'),
+ ca: [loadPEM('ca1-cert')],
+ servername: 'c.wrong.com',
+ rejectUnauthorized: false
+-}, {
+- port: undefined,
+- ca: [loadPEM('ca1-cert')],
+- servername: 'chain.example.com',
+- rejectUnauthorized: false
+ }];
+
+ const serverResults = [];
+@@ -80,7 +78,6 @@ const server = tls.createServer(serverOptions, function(c) {
+
+ server.addContext('a.example.com', SNIContexts['a.example.com']);
+ server.addContext('*.test.com', SNIContexts['asterisk.test.com']);
+-server.addContext('chain.example.com', SNIContexts['chain.example.com']);
+
+ server.listen(0, startTest);
+
+@@ -109,8 +106,7 @@ function startTest() {
+
+ process.on('exit', function() {
+ assert.deepStrictEqual(serverResults, [
+- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com',
+- 'chain.example.com'
++ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com'
+ ]);
+- assert.deepStrictEqual(clientResults, [true, true, false, false, true]);
++ assert.deepStrictEqual(clientResults, [true, true, false, false]);
+ });
diff --git a/net-libs/nodejs/files/rollback.sh b/net-libs/nodejs/files/rollback.sh
new file mode 100644
index 0000000..0393198
--- /dev/null
+++ b/net-libs/nodejs/files/rollback.sh
@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+
+R=1
+Array=(
+lib/_tls_wrap.js
+src/env.h
+src/node_crypto.cc
+src/node_crypto.h
+src/tls_wrap.cc
+src/tls_wrap.h
+test/parallel/test-tls-client-getephemeralkeyinfo.js
+test/parallel/test-tls-cnnic-whitelist.js
+test/parallel/test-tls-sni-server-client.js
+)
+
+_SCRIPT=$(readlink -f $0)
+_SCRIPT_PATH=$(dirname $_SCRIPT)
+_NODEJS_DIR=$(basename $PWD)
+_NODEJS_VER=${_NODEJS_DIR##*v}
+
+if [[ -z ${R} ]]; then
+ for i in ${Array[@]}; do
+ echo cp -av ${i} ${i}.BAK
+ cp -av ${i} ${i}.BAK
+ done
+else
+ for i in ${Array[@]}; do
+ echo cp -av ${i}.BAK ${i}
+ cp -av ${i}.BAK ${i}
+ done
+ patch -p1 -g0 -E --no-backup-if-mismatch -f < "${_SCRIPT_PATH}/nodejs-${_NODEJS_VER}-libressl.patch"
+fi
diff --git a/net-libs/nodejs/nodejs-6.9.4.ebuild b/net-libs/nodejs/nodejs-6.9.4.ebuild
index 1d76e03..627fde6 100644
--- a/net-libs/nodejs/nodejs-6.9.4.ebuild
+++ b/net-libs/nodejs/nodejs-6.9.4.ebuild
@@ -49,7 +49,7 @@ src_prepare() {
export BUILDTYPE=Release
if use libressl; then
- epatch "${FILESDIR}"/${PN}-6.9.4-libressl.patch
+ epatch "${FILESDIR}"/${PN}-{PV}-libressl.patch
fi
# fix compilation on Darwin
diff --git a/net-libs/nodejs/nodejs-7.7.3.ebuild b/net-libs/nodejs/nodejs-7.7.3.ebuild
new file mode 100644
index 0000000..50b5dd4
--- /dev/null
+++ b/net-libs/nodejs/nodejs-7.7.3.ebuild
@@ -0,0 +1,205 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+RESTRICT="test"
+
+PYTHON_COMPAT=( python2_7 )
+PYTHON_REQ_USE="threads"
+
+inherit bash-completion-r1 eutils flag-o-matic pax-utils python-single-r1 toolchain-funcs
+
+DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
+HOMEPAGE="https://nodejs.org/"
+SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz"
+
+LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos"
+IUSE="cpu_flags_x86_sse2 debug doc icu libressl +npm +snapshot +ssl systemtap test"
+
+RDEPEND="icu? ( >=dev-libs/icu-56:= )
+ npm? ( ${PYTHON_DEPS} )
+ >=net-libs/http-parser-2.6.2:=
+ >=dev-libs/libuv-1.11.0:=
+ !libressl? ( >=dev-libs/openssl-1.0.2g:0=[-bindist] )
+ libressl? ( dev-libs/libressl )
+ sys-libs/zlib"
+DEPEND="${RDEPEND}
+ ${PYTHON_DEPS}
+ systemtap? ( dev-util/systemtap )
+ test? ( net-misc/curl )"
+
+S="${WORKDIR}/node-v${PV}"
+REQUIRED_USE="${PYTHON_REQUIRED_USE}"
+
+PATCHES=(
+ "${FILESDIR}"/gentoo-global-npm-config.patch
+)
+
+pkg_pretend() {
+ (use x86 && ! use cpu_flags_x86_sse2) && \
+ die "Your CPU doesn't support the required SSE2 instruction."
+
+ ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \
+ die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer."
+}
+
+src_prepare() {
+ tc-export CC CXX PKG_CONFIG
+ export V=1
+ export BUILDTYPE=Release
+
+ if use libressl; then
+ epatch "${FILESDIR}"/${PN}-${PV}-libressl.patch
+ fi
+
+ # fix compilation on Darwin
+ # https://code.google.com/p/gyp/issues/detail?id=260
+ sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die
+
+ # make sure we use python2.* while using gyp
+ sed -i -e "s/python/${EPYTHON}/" deps/npm/node_modules/node-gyp/gyp/gyp || die
+ sed -i -e "s/|| 'python'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die
+
+ # less verbose install output (stating the same as portage, basically)
+ sed -i -e "/print/d" tools/install.py || die
+
+ # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504
+ local LIBDIR=$(get_libdir)
+ sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die
+ sed -i -e "s/'lib'/'${LIBDIR}'/" lib/module.js || die
+ sed -i -e "s|\"lib\"|\"${LIBDIR}\"|" deps/npm/lib/npm.js || die
+
+ # Avoid writing a depfile, not useful
+ sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die
+
+ # Avoid a test that I've only been able to reproduce from emerge. It doesnt
+ # seem sandbox related either (invoking it from a sandbox works fine).
+ # The issue is that no stdin handle is openened when asked for one.
+ # It doesn't really belong upstream , so it'll just be removed until someone
+ # with more gentoo-knowledge than me (jbergstroem) figures it out.
+ rm test/parallel/test-stdout-close-unref.js || die
+
+ # debug builds. change install path, remove optimisations and override buildtype
+ if use debug; then
+ sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die
+ BUILDTYPE=Debug
+ fi
+
+ default
+}
+
+src_configure() {
+ local myarch=""
+ local myconf=( --shared-openssl --shared-libuv --shared-http-parser --shared-zlib )
+ use npm || myconf+=( --without-npm )
+ use icu && myconf+=( --with-intl=system-icu )
+ use snapshot && myconf+=( --with-snapshot )
+ use ssl || myconf+=( --without-ssl )
+ use debug && myconf+=( --debug )
+
+ case ${ABI} in
+ amd64) myarch="x64";;
+ arm) myarch="arm";;
+ arm64) myarch="arm64";;
+ ppc64) myarch="ppc64";;
+ x32) myarch="x32";;
+ x86) myarch="ia32";;
+ *) myarch="${ABI}";;
+ esac
+
+ GYP_DEFINES="linux_use_gold_flags=0
+ linux_use_bundled_binutils=0
+ linux_use_bundled_gold=0" \
+ "${PYTHON}" configure \
+ --prefix="${EPREFIX}"/usr \
+ --dest-cpu=${myarch} \
+ $(use_with systemtap dtrace) \
+ "${myconf[@]}" || die
+}
+
+src_compile() {
+ emake -C out mksnapshot
+ pax-mark m "out/${BUILDTYPE}/mksnapshot"
+ emake -C out
+}
+
+src_install() {
+ local LIBDIR="${ED}/usr/$(get_libdir)"
+ emake install DESTDIR="${D}"
+ pax-mark -m "${ED}"usr/bin/node
+
+ # set up a symlink structure that node-gyp expects..
+ dodir /usr/include/node/deps/{v8,uv}
+ dosym . /usr/include/node/src
+ for var in deps/{uv,v8}/include; do
+ dosym ../.. /usr/include/node/${var}
+ done
+
+ if use doc; then
+ # Patch docs to make them offline readable
+ for i in `grep -rl 'fonts.googleapis.com' "${S}"/out/doc/api/*`; do
+ sed -i '/fonts.googleapis.com/ d' $i;
+ done
+ # Install docs!
+ dohtml -r "${S}"/doc/*
+ fi
+
+ if use npm; then
+ dodir /etc/npm
+
+ # Install bash completion for `npm`
+ # We need to temporarily replace default config path since
+ # npm otherwise tries to write outside of the sandbox
+ local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js"
+ sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die
+ local tmp_npm_completion_file="$(emktemp)"
+ "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}"
+ newbashcomp "${tmp_npm_completion_file}" npm
+ sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die
+
+ # Move man pages
+ doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/*
+
+ # Clean up
+ rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die
+ rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die
+
+ local find_exp="-or -name"
+ local find_name=()
+ for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \
+ ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \
+ "*.md" "*.markdown" "*.bat" "*.cmd"; do
+ find_name+=( ${find_exp} "${match}" )
+ done
+
+ # Remove various development and/or inappropriate files and
+ # useless docs of dependend packages.
+ find "${LIBDIR}"/node_modules \
+ \( -type d -name examples \) -or \( -type f \( \
+ -iname "LICEN?E*" \
+ "${find_name[@]}" \
+ \) \) -exec rm -rf "{}" \;
+ fi
+}
+
+src_test() {
+ out/${BUILDTYPE}/cctest || die
+ "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die
+}
+
+pkg_postinst() {
+ einfo "The global npm config lives in /etc/npm. This deviates slightly"
+ einfo "from upstream which otherwise would have it live in /usr/etc/."
+ einfo ""
+ einfo "Protip: When using node-gyp to install native modules, you can"
+ einfo "avoid having to download extras by doing the following:"
+ einfo "$ node-gyp --nodedir /usr/include/node <command>"
+ if use libressl; then
+ ewarn
+ ewarn "You enabled libressl support. As such, you are missing the"
+ ewarn "getEphemeralKeyInfo and onCertCb JavaScript APIs."
+ ewarn "Some node packages may be broken."
+ fi
+}