diff options
| author |   Chen, Chih-Chia <pigfoot@gmail.com> | 2021-02-02 00:04:38 +0800 |
|---|---|---|
| committer | Chen, Chih-Chia <pigfoot@gmail.com> | 2021-02-02 00:04:38 +0800 |
| commit | dad14889684de831ef018af8f985ad5d7672c3d3 (patch) | |
| tree | f4d4f84aecdaed9612278d133bafa9cbc2550bc5 | |
| parent | [net-im/telegram-cli] correct lua dependence (diff) | |
| download | pigfoot-dad14889684de831ef018af8f985ad5d7672c3d3.tar.gz pigfoot-dad14889684de831ef018af8f985ad5d7672c3d3.tar.bz2 pigfoot-dad14889684de831ef018af8f985ad5d7672c3d3.zip | |
[net-libs/nodejs] remove old
Signed-off-by: Chen, Chih-Chia <pigfoot@gmail.com>
| -rw-r--r-- | net-libs/nodejs/Manifest | 2 | ||||
| -rw-r--r-- | net-libs/nodejs/files/gentoo-global-npm-config.patch | 40 | ||||
| -rw-r--r-- | net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch | 20 | ||||
| -rw-r--r-- | net-libs/nodejs/files/nodejs-8.11.1-libressl.patch | 894 | ||||
| -rw-r--r-- | net-libs/nodejs/files/nodejs-8.12.0-libressl.patch | 897 | ||||
| -rw-r--r-- | net-libs/nodejs/nodejs-8.11.1.ebuild | 208 | ||||
| -rw-r--r-- | net-libs/nodejs/nodejs-8.12.0.ebuild | 210 |
7 files changed, 0 insertions, 2271 deletions
diff --git a/net-libs/nodejs/Manifest b/net-libs/nodejs/Manifest deleted file mode 100644 index 6b03ec2..0000000 --- a/net-libs/nodejs/Manifest +++ /dev/null @@ -1,2 +0,0 @@ -DIST node-v8.11.1.tar.xz 18279516 BLAKE2B b06f31571c93455d16899e3ba57d1e5835951be7a644fafbfcac9cce1bf33ed8ca47929e0a5d0df72034a6c2b967c578e3c78a2ed27ba85e41c4af1de2307293 SHA512 0ca0dead15a1623ece7f972d420dec623141a795ddd984c32ce7e92ae32ead97bb0153ebd8c1c249b91a1bd6efcef7fb313105455f66d4d181473153c4e0736f -DIST node-v8.12.0.tar.xz 18310452 BLAKE2B 79634fc57cd76a97e72bab4be37da91d5eff4d13cdaa2b48e83f013885fa3590ba4a28378baf036ed26b7304bf234753d1d4014f72571496f5bb6cd5b221e5f0 SHA512 665d2dba287d78bcd723d7b4d00a6897fb996f4aa69a541e010a3dfeb2614257892117fcce7123966b1ecaddc9269a6667e0e262df693baea1f476c96de55c42 diff --git a/net-libs/nodejs/files/gentoo-global-npm-config.patch b/net-libs/nodejs/files/gentoo-global-npm-config.patch deleted file mode 100644 index e7346b8..0000000 --- a/net-libs/nodejs/files/gentoo-global-npm-config.patch +++ /dev/null @@ -1,40 +0,0 @@ -commit 46ac7cd4229eac5e0182ab62b7ed844c24a8c52e -Author: Johan Bergström <bugs@bergstroem.nu> -Date: Wed Feb 10 22:45:59 2016 +1100 - - npm: set global config folder to /etc/npm - - npm previously assumed that the global config path would be - based on $prefix/etc. Since gentoo installs nodejs into /usr, - this means we're also creating /usr/etc which is less desirable. - - This patch will likely never go upstream. - -diff --git a/deps/npm/lib/config/core.js b/deps/npm/lib/config/core.js -index d1306eb..bd2ef89 100644 ---- a/deps/npm/lib/config/core.js -+++ b/deps/npm/lib/config/core.js -@@ -150,16 +150,14 @@ function load_ (builtin, rc, cli, cb) { - // Eg, `npm config get globalconfig --prefix ~/local` should - // return `~/local/etc/npmrc` - // annoying humans and their expectations! -- if (conf.get('prefix')) { -- var etc = path.resolve(conf.get('prefix'), 'etc') -- mkdirp(etc, function () { -- defaults.globalconfig = path.resolve(etc, 'npmrc') -- defaults.globalignorefile = path.resolve(etc, 'npmignore') -- afterUserContinuation() -- }) -- } else { -+ -+ // gentoo deviates wrt global config; store in /etc/npm -+ var globalconfig = path.resolve('/etc', 'npm') -+ mkdirp(globalconfig, function () { -+ defaults.globalconfig = path.resolve(globalconfig, 'npmrc') -+ defaults.globalignorefile = path.resolve(globalconfig, 'npmignore') - afterUserContinuation() -- } -+ }) - } - - function afterUserContinuation () { diff --git a/net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch b/net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch deleted file mode 100644 index 9c7fe68..0000000 --- a/net-libs/nodejs/files/nodejs-10.3.0-global-npm-config.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/deps/npm/lib/config/core.js -+++ b/deps/npm/lib/config/core.js -@@ -153,11 +153,12 @@ - // Eg, `npm config get globalconfig --prefix ~/local` should - // return `~/local/etc/npmrc` - // annoying humans and their expectations! -- if (conf.get('prefix')) { -- var etc = path.resolve(conf.get('prefix'), 'etc') -- defaults.globalconfig = path.resolve(etc, 'npmrc') -- defaults.globalignorefile = path.resolve(etc, 'npmignore') -- } -+ // gentoo deviates wrt global config; store in /etc/npm -+ var globalconfig = path.resolve('/etc', 'npm') -+ mkdirp(globalconfig, function () { -+ defaults.globalconfig = path.resolve(globalconfig, 'npmrc') -+ defaults.globalignorefile = path.resolve(globalconfig, 'npmignore') -+ }) - - conf.addFile(conf.get('globalconfig'), 'global') - diff --git a/net-libs/nodejs/files/nodejs-8.11.1-libressl.patch b/net-libs/nodejs/files/nodejs-8.11.1-libressl.patch deleted file mode 100644 index 0fe414b..0000000 --- a/net-libs/nodejs/files/nodejs-8.11.1-libressl.patch +++ /dev/null @@ -1,894 +0,0 @@ -diff -Naur node-v8.11.1.orig/lib/_tls_wrap.js node-v8.11.1/lib/_tls_wrap.js ---- node-v8.11.1.orig/lib/_tls_wrap.js 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/lib/_tls_wrap.js 2018-07-18 17:38:37.198012271 +0800 -@@ -181,30 +181,33 @@ - if (err) - return self.destroy(err); - -- self._handle.endParser(); -- }); --} -- -- --function oncertcb(info) { -- var self = this; -- var servername = info.servername; -- -- loadSNI(self, servername, function(err, ctx) { -- if (err) -- return self.destroy(err); -- requestOCSP(self, info, ctx, function(err) { -+ // Servername came from SSL session -+ // NOTE: TLS Session ticket doesn't include servername information -+ // -+ // Another note, From RFC3546: -+ // -+ // If, on the other hand, the older -+ // session is resumed, then the server MUST ignore extensions appearing -+ // in the client hello, and send a server hello containing no -+ // extensions; in this case the extension functionality negotiated -+ // during the original session initiation is applied to the resumed -+ // session. -+ // -+ // Therefore we should account session loading when dealing with servername -+ var servername = session && session.servername || hello.servername; -+ loadSNI(self, servername, function(err, ctx) { - if (err) - return self.destroy(err); - -- if (!self._handle) -- return self.destroy(new Error('Socket is closed')); -+ requestOCSP(self, info, ctx, function(err) { -+ if (err) -+ return self.destroy(err); - -- try { -- self._handle.certCbDone(); -- } catch (e) { -- self.destroy(e); -- } -+ if (!self._handle) -+ return self.destroy(new Error('Socket is closed')); -+ -+ self._handle.endParser(); -+ }); - }); - }); - } -@@ -451,18 +454,15 @@ - ssl.onhandshakestart = () => onhandshakestart.call(this); - ssl.onhandshakedone = () => onhandshakedone.call(this); - ssl.onclienthello = (hello) => onclienthello.call(this, hello); -- ssl.oncertcb = (info) => oncertcb.call(this, info); - ssl.onnewsession = (key, session) => onnewsession.call(this, key, session); - ssl.lastHandshakeTime = 0; - ssl.handshakes = 0; - -- if (this.server) { -- if (this.server.listenerCount('resumeSession') > 0 || -- this.server.listenerCount('newSession') > 0) { -- ssl.enableSessionCallbacks(); -- } -- if (this.server.listenerCount('OCSPRequest') > 0) -- ssl.enableCertCb(); -+ if (this.server && -+ (this.server.listenerCount('resumeSession') > 0 || -+ this.server.listenerCount('newSession') > 0 || -+ this.server.listenerCount('OCSPRequest') > 0)) { -+ ssl.enableSessionCallbacks(); - } - } else { - ssl.onhandshakestart = function() {}; -@@ -506,7 +506,7 @@ - options.server._contexts.length)) { - assert(typeof options.SNICallback === 'function'); - this._SNICallback = options.SNICallback; -- ssl.enableCertCb(); -+ ssl.enableHelloParser(); - } - - if (process.features.tls_npn && options.NPNProtocols) -diff -Naur node-v8.11.1.orig/src/env.h node-v8.11.1/src/env.h ---- node-v8.11.1.orig/src/env.h 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/src/env.h 2018-07-18 17:38:37.198012271 +0800 -@@ -113,7 +113,6 @@ - V(channel_string, "channel") \ - V(chunks_sent_since_last_write_string, "chunksSentSinceLastWrite") \ - V(constants_string, "constants") \ -- V(oncertcb_string, "oncertcb") \ - V(onclose_string, "_onclose") \ - V(code_string, "code") \ - V(configurable_string, "configurable") \ -diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc ---- node-v8.11.1.orig/src/node.cc 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/src/node.cc 2018-07-18 17:38:37.198012271 +0800 -@@ -214,7 +214,7 @@ - false; - #endif - --# if NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - // used by crypto module - bool enable_fips_crypto = false; - bool force_fips_crypto = false; -@@ -3869,7 +3869,7 @@ - " (default)" - #endif - "\n" --#if NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - " --enable-fips enable FIPS crypto at startup\n" - " --force-fips force FIPS crypto (cannot be disabled)\n" - #endif /* NODE_FIPS_MODE */ -@@ -4167,7 +4167,7 @@ - } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) { - use_bundled_ca = true; - ssl_openssl_cert_store = false; --#if NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - } else if (strcmp(arg, "--enable-fips") == 0) { - enable_fips_crypto = true; - } else if (strcmp(arg, "--force-fips") == 0) { -@@ -4882,7 +4882,7 @@ - if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) - crypto::UseExtraCaCerts(extra_ca_certs); - } --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - // In the case of FIPS builds we should make sure - // the random source is properly initialized first. - OPENSSL_init(); -diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc ---- node-v8.11.1.orig/src/node_crypto.cc 2018-07-19 00:04:56.069430789 +0800 -+++ node-v8.11.1/src/node_crypto.cc 2018-07-19 00:20:25.147879168 +0800 -@@ -108,7 +108,7 @@ - using v8::Value; - - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, - const BIGNUM** d) { - if (n != nullptr) { -@@ -197,10 +197,12 @@ - return 1; - } - -+#if !defined(LIBRESSL_VERSION_NUMBER) - static int X509_up_ref(X509* cert) { - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); - return 1; - } -+#endif - - #define EVP_MD_CTX_new EVP_MD_CTX_create - #define EVP_MD_CTX_free EVP_MD_CTX_destroy -@@ -218,7 +220,7 @@ - HMAC_CTX_cleanup(ctx); - free(ctx); - } --#endif // OPENSSL_VERSION_NUMBER < 0x10100000L -+#endif // _OPENSSL_11_COMPAT - - static const char* const root_certs[] = { - #include "node_root_certs.h" // NOLINT(build/include_order) -@@ -236,7 +238,7 @@ - template void SSLWrap<TLSWrap>::InitNPN(SecureContext* sc); - template void SSLWrap<TLSWrap>::SetSNIContext(SecureContext* sc); - template int SSLWrap<TLSWrap>::SetCACerts(SecureContext* sc); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - template SSL_SESSION* SSLWrap<TLSWrap>::GetSessionCallback( - SSL* s, - unsigned char* key, -@@ -275,8 +277,6 @@ - #endif - - template void SSLWrap<TLSWrap>::DestroySSL(); --template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); --template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); - - #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - template int SSLWrap<TLSWrap>::SelectALPNCallback( -@@ -288,7 +288,7 @@ - void* arg); - #endif // TLSEXT_TYPE_application_layer_protocol_negotiation - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static Mutex* mutexes; - - static void crypto_threadid_cb(CRYPTO_THREADID* tid) { -@@ -574,7 +574,7 @@ - SSL_CTX_sess_set_get_cb(sc->ctx_, SSLWrap<Connection>::GetSessionCallback); - SSL_CTX_sess_set_new_cb(sc->ctx_, SSLWrap<Connection>::NewSessionCallback); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was - // exposed in the public API. To retain compatibility, install a callback - // which restores the old algorithm. -@@ -693,8 +693,7 @@ - for (int i = 0; i < sk_X509_num(extra_certs); i++) { - X509* ca = sk_X509_value(extra_certs, i); - -- // NOTE: Increments reference count on `ca` -- r = SSL_CTX_add1_chain_cert(ctx, ca); -+ r = SSL_CTX_add_extra_chain_cert(ctx, ca); - - if (!r) { - ret = 0; -@@ -1043,7 +1042,7 @@ - - node::Utf8Value curve(env->isolate(), args[0]); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); - SSL_CTX_set_ecdh_auto(sc->ctx_, 1); - #endif -@@ -1265,7 +1264,7 @@ - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - - Local<Object> buff = Buffer::New(wrap->env(), 48).ToLocalChecked(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - memcpy(Buffer::Data(buff), wrap->ticket_key_name_, 16); - memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16); - memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16); -@@ -1298,7 +1297,7 @@ - return env->ThrowTypeError("Ticket keys length must be 48 bytes"); - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - memcpy(wrap->ticket_key_name_, Buffer::Data(args[0]), 16); - memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16); - memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16); -@@ -1316,13 +1315,13 @@ - - - void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL - // mallocs and frees buffers directly, without the use of a freelist. - SecureContext* wrap; - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - -- wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value(); - #endif - } - -@@ -1419,7 +1418,7 @@ - } - - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - int SecureContext::TicketCompatibilityCallback(SSL* ssl, - unsigned char* name, - unsigned char* iv, -@@ -1503,7 +1502,6 @@ - env->SetProtoMethod(t, "verifyError", VerifyError); - env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher); - env->SetProtoMethod(t, "endParser", EndParser); -- env->SetProtoMethod(t, "certCbDone", CertCbDone); - env->SetProtoMethod(t, "renegotiate", Renegotiate); - env->SetProtoMethod(t, "shutdownSSL", Shutdown); - env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket); -@@ -1559,7 +1557,7 @@ - } - - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - template <class Base> - SSL_SESSION* SSLWrap<Base>::GetSessionCallback(SSL* s, - unsigned char* key, -@@ -2576,126 +2574,6 @@ - - - template <class Base> --void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) { -- cert_cb_ = cb; -- cert_cb_arg_ = arg; --} -- -- --template <class Base> --int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) { -- Base* w = static_cast<Base*>(SSL_get_app_data(s)); -- -- if (!w->is_server()) -- return 1; -- -- if (!w->is_waiting_cert_cb()) -- return 1; -- -- if (w->cert_cb_running_) -- return -1; -- -- Environment* env = w->env(); -- HandleScope handle_scope(env->isolate()); -- Context::Scope context_scope(env->context()); -- w->cert_cb_running_ = true; -- -- Local<Object> info = Object::New(env->isolate()); -- -- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); -- if (servername == nullptr) { -- info->Set(env->servername_string(), String::Empty(env->isolate())); -- } else { -- Local<String> str = OneByteString(env->isolate(), servername, -- strlen(servername)); -- info->Set(env->servername_string(), str); -- } -- -- bool ocsp = false; --#ifdef NODE__HAVE_TLSEXT_STATUS_CB -- ocsp = SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp; --#endif -- -- info->Set(env->ocsp_request_string(), Boolean::New(env->isolate(), ocsp)); -- -- Local<Value> argv[] = { info }; -- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv); -- -- if (!w->cert_cb_running_) -- return 1; -- -- // Performing async action, wait... -- return -1; --} -- -- --template <class Base> --void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) { -- Base* w; -- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); -- Environment* env = w->env(); -- -- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_); -- -- Local<Object> object = w->object(); -- Local<Value> ctx = object->Get(env->sni_context_string()); -- Local<FunctionTemplate> cons = env->secure_context_constructor_template(); -- -- // Not an object, probably undefined or null -- if (!ctx->IsObject()) -- goto fire_cb; -- -- if (cons->HasInstance(ctx)) { -- SecureContext* sc; -- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>()); -- w->sni_context_.Reset(); -- w->sni_context_.Reset(env->isolate(), ctx); -- -- int rv; -- -- // NOTE: reference count is not increased by this API methods -- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_); -- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_); -- STACK_OF(X509)* chain; -- -- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); -- if (rv) -- rv = SSL_use_certificate(w->ssl_, x509); -- if (rv) -- rv = SSL_use_PrivateKey(w->ssl_, pkey); -- if (rv && chain != nullptr) -- rv = SSL_set1_chain(w->ssl_, chain); -- if (rv) -- rv = w->SetCACerts(sc); -- if (!rv) { -- unsigned long err = ERR_get_error(); // NOLINT(runtime/int) -- if (!err) -- return env->ThrowError("CertCbDone"); -- return ThrowCryptoError(env, err); -- } -- } else { -- // Failure: incorrect SNI context object -- Local<Value> err = Exception::TypeError(env->sni_context_err_string()); -- w->MakeCallback(env->onerror_string(), 1, &err); -- return; -- } -- -- fire_cb: -- CertCb cb; -- void* arg; -- -- cb = w->cert_cb_; -- arg = w->cert_cb_arg_; -- -- w->cert_cb_running_ = false; -- w->cert_cb_ = nullptr; -- w->cert_cb_arg_ = nullptr; -- -- cb(arg); --} -- -- --template <class Base> - void SSLWrap<Base>::SSLGetter(Local<String> property, - const PropertyCallbackInfo<Value>& info) { - Base* base; -@@ -2728,9 +2606,6 @@ - - template <class Base> - int SSLWrap<Base>::SetCACerts(SecureContext* sc) { -- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_)); -- if (err != 1) -- return err; - - STACK_OF(X509_NAME)* list = SSL_dup_CA_list( - SSL_CTX_get_client_CA_list(sc->ctx_)); -@@ -2824,10 +2699,6 @@ - DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func); - return 0; - -- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) { -- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func); -- return 0; -- - } else if (err == SSL_ERROR_ZERO_RETURN) { - HandleScope scope(ssl_env()->isolate()); - -@@ -2982,7 +2853,7 @@ - - // Call the SNI callback and use its return value as context - if (!conn->sniObject_.IsEmpty()) { -- conn->sni_context_.Reset(); -+ conn->sniContext_.Reset(); - - Local<Object> sni_obj = PersistentToLocal(env->isolate(), - conn->sniObject_); -@@ -2998,7 +2869,7 @@ - Local<FunctionTemplate> secure_context_constructor_template = - env->secure_context_constructor_template(); - if (secure_context_constructor_template->HasInstance(ret)) { -- conn->sni_context_.Reset(env->isolate(), ret); -+ conn->sniContext_.Reset(env->isolate(), ret); - SecureContext* sc; - ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK); - conn->SetSNIContext(sc); -@@ -3038,8 +2909,6 @@ - - InitNPN(sc); - -- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn); -- - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - if (is_server) { - SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_); -@@ -3403,7 +3272,7 @@ - int key_buf_len) { - HandleScope scope(env()->isolate()); - --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - return env()->ThrowError( - "crypto.createCipher() is not supported in FIPS mode."); -@@ -3439,8 +3308,10 @@ - cipher_type); - } - -+#if !defined(LIBRESSL_VERSION_NUMBER) - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); -+#endif - - CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len)); - -@@ -3494,8 +3365,10 @@ - - ctx_ = EVP_CIPHER_CTX_new(); - -+#if !defined(LIBRESSL_VERSION_NUMBER) - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); -+#endif - - const bool encrypt = (kind_ == kCipher); - EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt); -@@ -4052,7 +3925,7 @@ - - SignBase::Error SignBase::Init(const char* sign_type) { - CHECK_EQ(mdctx_, nullptr); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1 - // exposed through the public API. - if (strcmp(sign_type, "dss1") == 0 || -@@ -4258,7 +4131,7 @@ - if (pkey == nullptr || 0 != ERR_peek_error()) - goto exit; - --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - /* Validate DSA2 parameters from FIPS 186-4 */ - if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) { - size_t L = BN_num_bits(pkey->pkey.dsa->p); -@@ -5027,7 +4900,7 @@ - - void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) { - #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ -- OPENSSL_VERSION_NUMBER < 0x10100070L -+ OPENSSL_VERSION_NUMBER < 0x10100070L && !defined(LIBRESSL_VERSION_NUMBER) - // Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for - // Node. See https://github.com/openssl/openssl/pull/4384. - #error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" -@@ -6111,13 +5984,13 @@ - SSL_library_init(); - OpenSSL_add_all_algorithms(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - crypto_lock_init(); - CRYPTO_set_locking_callback(crypto_lock_cb); - CRYPTO_THREADID_set_callback(crypto_threadid_cb); - #endif - --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - /* Override FIPS settings in cnf file, if needed. */ - unsigned long err = 0; // NOLINT(runtime/int) - if (enable_fips_crypto || force_fips_crypto) { -@@ -6187,16 +6060,20 @@ - #endif // !OPENSSL_NO_ENGINE - - void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) { -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - args.GetReturnValue().Set(1); - } else { - args.GetReturnValue().Set(0); - } -+#else -+ args.GetReturnValue().Set(0); -+#endif - } - - void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) { - Environment* env = Environment::GetCurrent(args); --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - const bool enabled = FIPS_mode(); - const bool enable = args[0]->BooleanValue(); - if (enable == enabled) -diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h ---- node-v8.11.1.orig/src/node_crypto.h 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/src/node_crypto.h 2018-07-18 19:07:31.798362764 +0800 -@@ -55,6 +55,11 @@ - # define NODE__HAVE_TLSEXT_STATUS_CB - #endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb) - -+#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) \ -+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) -+#define _OPENSSL_11_COMPAT -+#endif -+ - namespace node { - namespace crypto { - -@@ -103,14 +108,14 @@ - static const int kTicketKeyNameIndex = 3; - static const int kTicketKeyIVIndex = 4; - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - unsigned char ticket_key_name_[16]; - unsigned char ticket_key_aes_[16]; - unsigned char ticket_key_hmac_[16]; - #endif - - protected: --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static const int64_t kExternalSize = sizeof(SSL_CTX); - #else - // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size -@@ -154,7 +159,7 @@ - HMAC_CTX* hctx, - int enc); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - static int TicketCompatibilityCallback(SSL* ssl, - unsigned char* name, - unsigned char* iv, -@@ -204,10 +209,7 @@ - kind_(kind), - next_sess_(nullptr), - session_callbacks_(false), -- new_session_wait_(false), -- cert_cb_(nullptr), -- cert_cb_arg_(nullptr), -- cert_cb_running_(false) { -+ new_session_wait_(false) { - ssl_ = SSL_new(sc->ctx_); - env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize); - CHECK_NE(ssl_, nullptr); -@@ -220,10 +222,6 @@ - next_sess_ = nullptr; - } - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- sni_context_.Reset(); --#endif -- - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - ocsp_response_.Reset(); - #endif // NODE__HAVE_TLSEXT_STATUS_CB -@@ -234,12 +232,9 @@ - inline bool is_server() const { return kind_ == kServer; } - inline bool is_client() const { return kind_ == kClient; } - inline bool is_waiting_new_session() const { return new_session_wait_; } -- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; } - - protected: -- typedef void (*CertCb)(void* arg); -- --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and - // some for buffers. - // NOTE: Actually it is much more than this -@@ -254,7 +249,7 @@ - static void InitNPN(SecureContext* sc); - static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static SSL_SESSION* GetSessionCallback(SSL* s, - unsigned char* key, - int len, -@@ -279,7 +274,6 @@ - static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args); -- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args); -@@ -321,12 +315,10 @@ - unsigned int inlen, - void* arg); - static int TLSExtStatusCallback(SSL* s, void* arg); -- static int SSLCertCallback(SSL* s, void* arg); - static void SSLGetter(v8::Local<v8::String> property, - const v8::PropertyCallbackInfo<v8::Value>& info); - - void DestroySSL(); -- void WaitForCertCb(CertCb cb, void* arg); - void SetSNIContext(SecureContext* sc); - int SetCACerts(SecureContext* sc); - -@@ -341,21 +333,12 @@ - bool session_callbacks_; - bool new_session_wait_; - -- // SSL_set_cert_cb -- CertCb cert_cb_; -- void* cert_cb_arg_; -- bool cert_cb_running_; -- - ClientHelloParser hello_parser_; - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - v8::Persistent<v8::Object> ocsp_response_; - #endif // NODE__HAVE_TLSEXT_STATUS_CB - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- v8::Persistent<v8::Value> sni_context_; --#endif -- - friend class SecureContext; - }; - -@@ -367,6 +350,7 @@ - ~Connection() override { - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - sniObject_.Reset(); -+ sniContext_.Reset(); - servername_.Reset(); - #endif - } -@@ -381,6 +365,7 @@ - - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - v8::Persistent<v8::Object> sniObject_; -+ v8::Persistent<v8::Value> sniContext_; - v8::Persistent<v8::String> servername_; - #endif - -diff -Naur node-v8.11.1.orig/src/node_crypto_bio.cc node-v8.11.1/src/node_crypto_bio.cc ---- node-v8.11.1.orig/src/node_crypto_bio.cc 2018-03-30 07:17:17.000000000 +0800 -+++ node-v8.11.1/src/node_crypto_bio.cc 2018-07-20 00:38:51.080302783 +0800 -@@ -28,7 +28,12 @@ - namespace node { - namespace crypto { - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) \ -+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) -+#define _OPENSSL_11_COMPAT -+#endif -+ -+#if !defined(_OPENSSL_11_COMPAT) - #define BIO_set_data(bio, data) bio->ptr = data - #define BIO_get_data(bio) bio->ptr - #define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_ -@@ -237,7 +242,7 @@ - - - const BIO_METHOD* NodeBIO::GetMethod() { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static const BIO_METHOD method = { - BIO_TYPE_MEM, - "node.js SSL buffer", -diff -Naur node-v8.11.1.orig/src/tls_wrap.cc node-v8.11.1/src/tls_wrap.cc ---- node-v8.11.1.orig/src/tls_wrap.cc 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/src/tls_wrap.cc 2018-07-18 19:13:49.731685588 +0800 -@@ -171,8 +171,6 @@ - - InitNPN(sc_); - -- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this); -- - if (is_server()) { - SSL_set_accept_state(ssl_); - } else if (is_client()) { -@@ -389,7 +387,6 @@ - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: -- case SSL_ERROR_WANT_X509_LOOKUP: - break; - case SSL_ERROR_ZERO_RETURN: - return scope.Escape(env()->zero_return_string()); -@@ -830,6 +827,11 @@ - "EnableSessionCallbacks after destroySSL"); - } - wrap->enable_session_callbacks(); -+ EnableHelloParser(args); -+} -+ -+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) { -+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); - crypto::NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength); - wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello, - OnClientHelloParseEnd, -@@ -855,13 +857,6 @@ - } - - --void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) { -- TLSWrap* wrap; -- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); -- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap); --} -- -- - void TLSWrap::OnClientHelloParseEnd(void* arg) { - TLSWrap* c = static_cast<TLSWrap*>(arg); - c->Cycle(); -@@ -980,8 +975,8 @@ - env->SetProtoMethod(t, "start", Start); - env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode); - env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks); -+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser); - env->SetProtoMethod(t, "destroySSL", DestroySSL); -- env->SetProtoMethod(t, "enableCertCb", EnableCertCb); - env->SetProtoMethod(t, "updateWriteQueueSize", UpdateWriteQueueSize); - - StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); -diff -Naur node-v8.11.1.orig/src/tls_wrap.h node-v8.11.1/src/tls_wrap.h ---- node-v8.11.1.orig/src/tls_wrap.h 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/src/tls_wrap.h 2018-07-18 19:17:45.799658124 +0800 -@@ -159,7 +159,7 @@ - static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EnableSessionCallbacks( - const v8::FunctionCallbackInfo<v8::Value>& args); -- static void EnableCertCb( -+ static void EnableHelloParser( - const v8::FunctionCallbackInfo<v8::Value>& args); - static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); - -@@ -187,6 +187,9 @@ - // If true - delivered EOF to the js-land, either after `close_notify`, or - // after the `UV_EOF` on socket. - bool eof_; -+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -+ v8::Persistent<v8::Value> sni_context_; -+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - - private: - static void UpdateWriteQueueSize( -diff -Naur node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js ---- node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js 2018-07-18 19:17:45.799658124 +0800 -@@ -46,7 +46,9 @@ - port: undefined, - rejectUnauthorized: true - }, -- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' -+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY. -+ errorCode: 'CERT_UNTRUSTED' -+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' - } - ]; - -diff -Naur node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js node-v8.11.1/test/parallel/test-tls-sni-server-client.js ---- node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/test/parallel/test-tls-sni-server-client.js 2018-07-18 19:17:45.799658124 +0800 -@@ -49,39 +49,37 @@ - 'asterisk.test.com': { - key: loadPEM('agent3-key'), - cert: loadPEM('agent3-cert') -- }, -- 'chain.example.com': { -- key: loadPEM('agent6-key'), -- // NOTE: Contains ca3 chain cert -- cert: loadPEM('agent6-cert') - } - }; - - const clientsOptions = [{ - port: undefined, -+ key: loadPEM('agent1-key'), -+ cert: loadPEM('agent1-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'a.example.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'a.b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent3-key'), -+ cert: loadPEM('agent3-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'c.wrong.com', - rejectUnauthorized: false --}, { -- port: undefined, -- ca: [loadPEM('ca1-cert')], -- servername: 'chain.example.com', -- rejectUnauthorized: false - }]; - - const serverResults = []; -@@ -93,7 +91,6 @@ - - server.addContext('a.example.com', SNIContexts['a.example.com']); - server.addContext('*.test.com', SNIContexts['asterisk.test.com']); --server.addContext('chain.example.com', SNIContexts['chain.example.com']); - - server.listen(0, startTest); - -@@ -122,8 +119,7 @@ - - process.on('exit', function() { - assert.deepStrictEqual(serverResults, [ -- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com', -- 'chain.example.com' -+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com' - ]); -- assert.deepStrictEqual(clientResults, [true, true, false, false, true]); -+ assert.deepStrictEqual(clientResults, [true, true, false, false]); - }); diff --git a/net-libs/nodejs/files/nodejs-8.12.0-libressl.patch b/net-libs/nodejs/files/nodejs-8.12.0-libressl.patch deleted file mode 100644 index bf87416..0000000 --- a/net-libs/nodejs/files/nodejs-8.12.0-libressl.patch +++ /dev/null @@ -1,897 +0,0 @@ -diff -Naur node-v8.11.1.orig/lib/_tls_wrap.js node-v8.11.1/lib/_tls_wrap.js ---- node-v8.11.1.orig/lib/_tls_wrap.js 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/lib/_tls_wrap.js 2018-07-18 17:38:37.198012271 +0800 -@@ -181,30 +181,33 @@ - if (err) - return self.destroy(err); - -- self._handle.endParser(); -- }); --} -- -- --function oncertcb(info) { -- var self = this; -- var servername = info.servername; -- -- loadSNI(self, servername, function(err, ctx) { -- if (err) -- return self.destroy(err); -- requestOCSP(self, info, ctx, function(err) { -+ // Servername came from SSL session -+ // NOTE: TLS Session ticket doesn't include servername information -+ // -+ // Another note, From RFC3546: -+ // -+ // If, on the other hand, the older -+ // session is resumed, then the server MUST ignore extensions appearing -+ // in the client hello, and send a server hello containing no -+ // extensions; in this case the extension functionality negotiated -+ // during the original session initiation is applied to the resumed -+ // session. -+ // -+ // Therefore we should account session loading when dealing with servername -+ var servername = session && session.servername || hello.servername; -+ loadSNI(self, servername, function(err, ctx) { - if (err) - return self.destroy(err); - -- if (!self._handle) -- return self.destroy(new Error('Socket is closed')); -+ requestOCSP(self, info, ctx, function(err) { -+ if (err) -+ return self.destroy(err); - -- try { -- self._handle.certCbDone(); -- } catch (e) { -- self.destroy(e); -- } -+ if (!self._handle) -+ return self.destroy(new Error('Socket is closed')); -+ -+ self._handle.endParser(); -+ }); - }); - }); - } -@@ -455,18 +458,15 @@ - ssl.onhandshakestart = () => onhandshakestart.call(this); - ssl.onhandshakedone = () => onhandshakedone.call(this); - ssl.onclienthello = (hello) => onclienthello.call(this, hello); -- ssl.oncertcb = (info) => oncertcb.call(this, info); - ssl.onnewsession = (key, session) => onnewsession.call(this, key, session); - ssl.lastHandshakeTime = 0; - ssl.handshakes = 0; - -- if (this.server) { -- if (this.server.listenerCount('resumeSession') > 0 || -- this.server.listenerCount('newSession') > 0) { -- ssl.enableSessionCallbacks(); -- } -- if (this.server.listenerCount('OCSPRequest') > 0) -- ssl.enableCertCb(); -+ if (this.server && -+ (this.server.listenerCount('resumeSession') > 0 || -+ this.server.listenerCount('newSession') > 0 || -+ this.server.listenerCount('OCSPRequest') > 0)) { -+ ssl.enableSessionCallbacks(); - } - } else { - ssl.onhandshakestart = function() {}; -@@ -510,7 +510,7 @@ - options.server._contexts.length)) { - assert(typeof options.SNICallback === 'function'); - this._SNICallback = options.SNICallback; -- ssl.enableCertCb(); -+ ssl.enableHelloParser(); - } - - if (process.features.tls_npn && options.NPNProtocols) -diff -Naur node-v8.11.1.orig/src/env.h node-v8.11.1/src/env.h ---- node-v8.11.1.orig/src/env.h 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/src/env.h 2018-07-18 17:38:37.198012271 +0800 -@@ -115,7 +115,6 @@ - V(channel_string, "channel") \ - V(chunks_sent_since_last_write_string, "chunksSentSinceLastWrite") \ - V(constants_string, "constants") \ -- V(oncertcb_string, "oncertcb") \ - V(onclose_string, "_onclose") \ - V(code_string, "code") \ - V(configurable_string, "configurable") \ -diff -Naur node-v8.11.1.orig/src/node.cc node-v8.11.1/src/node.cc ---- node-v8.11.1.orig/src/node.cc 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/src/node.cc 2018-07-18 17:38:37.198012271 +0800 -@@ -213,7 +213,7 @@ - false; - #endif - --# if NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - // used by crypto module - bool enable_fips_crypto = false; - bool force_fips_crypto = false; -@@ -3166,7 +3166,7 @@ - " (default)" - #endif - "\n" --#if NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - " --enable-fips enable FIPS crypto at startup\n" - " --force-fips force FIPS crypto (cannot be disabled)\n" - #endif /* NODE_FIPS_MODE */ -@@ -3477,7 +3477,7 @@ - } else if (strncmp(arg, "--use-bundled-ca", 16) == 0) { - use_bundled_ca = true; - ssl_openssl_cert_store = false; --#if NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - } else if (strcmp(arg, "--enable-fips") == 0) { - enable_fips_crypto = true; - } else if (strcmp(arg, "--force-fips") == 0) { -@@ -4219,7 +4219,7 @@ - if (SafeGetenv("NODE_EXTRA_CA_CERTS", &extra_ca_certs)) - crypto::UseExtraCaCerts(extra_ca_certs); - } --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - // In the case of FIPS builds we should make sure - // the random source is properly initialized first. - OPENSSL_init(); -diff -Naur node-v8.11.1.orig/src/node_crypto.cc node-v8.11.1/src/node_crypto.cc ---- node-v8.11.1.orig/src/node_crypto.cc 2018-07-19 00:04:56.069430789 +0800 -+++ node-v8.11.1/src/node_crypto.cc 2018-07-19 00:20:25.147879168 +0800 -@@ -107,7 +107,7 @@ - using v8::Value; - - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, - const BIGNUM** d) { - if (n != nullptr) { -@@ -196,10 +196,12 @@ - return 1; - } - -+#if !defined(LIBRESSL_VERSION_NUMBER) - static int X509_up_ref(X509* cert) { - CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); - return 1; - } -+#endif - - #define EVP_MD_CTX_new EVP_MD_CTX_create - #define EVP_MD_CTX_free EVP_MD_CTX_destroy -@@ -217,7 +219,7 @@ - HMAC_CTX_cleanup(ctx); - free(ctx); - } --#endif // OPENSSL_VERSION_NUMBER < 0x10100000L -+#endif // _OPENSSL_11_COMPAT - - static const char* const root_certs[] = { - #include "node_root_certs.h" // NOLINT(build/include_order) -@@ -235,7 +237,7 @@ - template void SSLWrap<TLSWrap>::InitNPN(SecureContext* sc); - template void SSLWrap<TLSWrap>::SetSNIContext(SecureContext* sc); - template int SSLWrap<TLSWrap>::SetCACerts(SecureContext* sc); --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - template SSL_SESSION* SSLWrap<TLSWrap>::GetSessionCallback( - SSL* s, - unsigned char* key, -@@ -274,8 +276,6 @@ - #endif - - template void SSLWrap<TLSWrap>::DestroySSL(); --template int SSLWrap<TLSWrap>::SSLCertCallback(SSL* s, void* arg); --template void SSLWrap<TLSWrap>::WaitForCertCb(CertCb cb, void* arg); - - #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - template int SSLWrap<TLSWrap>::SelectALPNCallback( -@@ -287,7 +287,7 @@ - void* arg); - #endif // TLSEXT_TYPE_application_layer_protocol_negotiation - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static Mutex* mutexes; - - static void crypto_threadid_cb(CRYPTO_THREADID* tid) { -@@ -577,7 +577,7 @@ - SSL_CTX_sess_set_get_cb(sc->ctx_, SSLWrap<Connection>::GetSessionCallback); - SSL_CTX_sess_set_new_cb(sc->ctx_, SSLWrap<Connection>::NewSessionCallback); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - // OpenSSL 1.1.0 changed the ticket key size, but the OpenSSL 1.0.x size was - // exposed in the public API. To retain compatibility, install a callback - // which restores the old algorithm. -@@ -696,8 +696,7 @@ - for (int i = 0; i < sk_X509_num(extra_certs); i++) { - X509* ca = sk_X509_value(extra_certs, i); - -- // NOTE: Increments reference count on `ca` -- r = SSL_CTX_add1_chain_cert(ctx, ca); -+ r = SSL_CTX_add_extra_chain_cert(ctx, ca); - - if (!r) { - ret = 0; -@@ -1046,7 +1045,7 @@ - - node::Utf8Value curve(env->isolate(), args[0]); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - SSL_CTX_set_options(sc->ctx_, SSL_OP_SINGLE_ECDH_USE); - SSL_CTX_set_ecdh_auto(sc->ctx_, 1); - #endif -@@ -1268,7 +1267,7 @@ - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - - Local<Object> buff = Buffer::New(wrap->env(), 48).ToLocalChecked(); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - memcpy(Buffer::Data(buff), wrap->ticket_key_name_, 16); - memcpy(Buffer::Data(buff) + 16, wrap->ticket_key_hmac_, 16); - memcpy(Buffer::Data(buff) + 32, wrap->ticket_key_aes_, 16); -@@ -1301,7 +1300,7 @@ - return env->ThrowTypeError("Ticket keys length must be 48 bytes"); - } - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - memcpy(wrap->ticket_key_name_, Buffer::Data(args[0]), 16); - memcpy(wrap->ticket_key_hmac_, Buffer::Data(args[0]) + 16, 16); - memcpy(wrap->ticket_key_aes_, Buffer::Data(args[0]) + 32, 16); -@@ -1319,13 +1318,13 @@ - - - void SecureContext::SetFreeListLength(const FunctionCallbackInfo<Value>& args) { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - // |freelist_max_len| was removed in OpenSSL 1.1.0. In that version OpenSSL - // mallocs and frees buffers directly, without the use of a freelist. - SecureContext* wrap; - ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); - -- wrap->ctx_->freelist_max_len = args[0]->Int32Value(); -+ //wrap->ctx_->freelist_max_len = args[0]->Int32Value(); - #endif - } - -@@ -1422,7 +1421,7 @@ - } - - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - int SecureContext::TicketCompatibilityCallback(SSL* ssl, - unsigned char* name, - unsigned char* iv, -@@ -1507,7 +1506,6 @@ - env->SetProtoMethod(t, "verifyError", VerifyError); - env->SetProtoMethod(t, "getCurrentCipher", GetCurrentCipher); - env->SetProtoMethod(t, "endParser", EndParser); -- env->SetProtoMethod(t, "certCbDone", CertCbDone); - env->SetProtoMethod(t, "renegotiate", Renegotiate); - env->SetProtoMethod(t, "shutdownSSL", Shutdown); - env->SetProtoMethod(t, "getTLSTicket", GetTLSTicket); -@@ -1566,7 +1564,7 @@ - } - - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - template <class Base> - SSL_SESSION* SSLWrap<Base>::GetSessionCallback(SSL* s, - unsigned char* key, -@@ -2650,130 +2648,6 @@ - - - template <class Base> --void SSLWrap<Base>::WaitForCertCb(CertCb cb, void* arg) { -- cert_cb_ = cb; -- cert_cb_arg_ = arg; --} -- -- --template <class Base> --int SSLWrap<Base>::SSLCertCallback(SSL* s, void* arg) { -- Base* w = static_cast<Base*>(SSL_get_app_data(s)); -- -- if (!w->is_server()) -- return 1; -- -- if (!w->is_waiting_cert_cb()) -- return 1; -- -- if (w->cert_cb_running_) -- return -1; -- -- Environment* env = w->env(); -- Local<Context> context = env->context(); -- HandleScope handle_scope(env->isolate()); -- Context::Scope context_scope(context); -- w->cert_cb_running_ = true; -- -- Local<Object> info = Object::New(env->isolate()); -- -- const char* servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name); -- if (servername == nullptr) { -- info->Set(context, -- env->servername_string(), -- String::Empty(env->isolate())).FromJust(); -- } else { -- Local<String> str = OneByteString(env->isolate(), servername, -- strlen(servername)); -- info->Set(context, env->servername_string(), str).FromJust(); -- } -- -- bool ocsp = false; --#ifdef NODE__HAVE_TLSEXT_STATUS_CB -- ocsp = SSL_get_tlsext_status_type(s) == TLSEXT_STATUSTYPE_ocsp; --#endif -- -- info->Set(context, env->ocsp_request_string(), -- Boolean::New(env->isolate(), ocsp)).FromJust(); -- -- Local<Value> argv[] = { info }; -- w->MakeCallback(env->oncertcb_string(), arraysize(argv), argv); -- -- if (!w->cert_cb_running_) -- return 1; -- -- // Performing async action, wait... -- return -1; --} -- -- --template <class Base> --void SSLWrap<Base>::CertCbDone(const FunctionCallbackInfo<Value>& args) { -- Base* w; -- ASSIGN_OR_RETURN_UNWRAP(&w, args.Holder()); -- Environment* env = w->env(); -- -- CHECK(w->is_waiting_cert_cb() && w->cert_cb_running_); -- -- Local<Object> object = w->object(); -- Local<Value> ctx = object->Get(env->sni_context_string()); -- Local<FunctionTemplate> cons = env->secure_context_constructor_template(); -- -- // Not an object, probably undefined or null -- if (!ctx->IsObject()) -- goto fire_cb; -- -- if (cons->HasInstance(ctx)) { -- SecureContext* sc; -- ASSIGN_OR_RETURN_UNWRAP(&sc, ctx.As<Object>()); -- w->sni_context_.Reset(); -- w->sni_context_.Reset(env->isolate(), ctx); -- -- int rv; -- -- // NOTE: reference count is not increased by this API methods -- X509* x509 = SSL_CTX_get0_certificate(sc->ctx_); -- EVP_PKEY* pkey = SSL_CTX_get0_privatekey(sc->ctx_); -- STACK_OF(X509)* chain; -- -- rv = SSL_CTX_get0_chain_certs(sc->ctx_, &chain); -- if (rv) -- rv = SSL_use_certificate(w->ssl_, x509); -- if (rv) -- rv = SSL_use_PrivateKey(w->ssl_, pkey); -- if (rv && chain != nullptr) -- rv = SSL_set1_chain(w->ssl_, chain); -- if (rv) -- rv = w->SetCACerts(sc); -- if (!rv) { -- unsigned long err = ERR_get_error(); // NOLINT(runtime/int) -- if (!err) -- return env->ThrowError("CertCbDone"); -- return ThrowCryptoError(env, err); -- } -- } else { -- // Failure: incorrect SNI context object -- Local<Value> err = Exception::TypeError(env->sni_context_err_string()); -- w->MakeCallback(env->onerror_string(), 1, &err); -- return; -- } -- -- fire_cb: -- CertCb cb; -- void* arg; -- -- cb = w->cert_cb_; -- arg = w->cert_cb_arg_; -- -- w->cert_cb_running_ = false; -- w->cert_cb_ = nullptr; -- w->cert_cb_arg_ = nullptr; -- -- cb(arg); --} -- -- --template <class Base> - void SSLWrap<Base>::SSLGetter(const FunctionCallbackInfo<Value>& info) { - Base* base; - ASSIGN_OR_RETURN_UNWRAP(&base, info.This()); -@@ -2805,9 +2679,6 @@ - - template <class Base> - int SSLWrap<Base>::SetCACerts(SecureContext* sc) { -- int err = SSL_set1_verify_cert_store(ssl_, SSL_CTX_get_cert_store(sc->ctx_)); -- if (err != 1) -- return err; - - STACK_OF(X509_NAME)* list = SSL_dup_CA_list( - SSL_CTX_get_client_CA_list(sc->ctx_)); -@@ -2901,10 +2772,6 @@ - DEBUG_PRINT("[%p] SSL: %s want read\n", ssl_, func); - return 0; - -- } else if (err == SSL_ERROR_WANT_X509_LOOKUP) { -- DEBUG_PRINT("[%p] SSL: %s want x509 lookup\n", ssl_, func); -- return 0; -- - } else if (err == SSL_ERROR_ZERO_RETURN) { - HandleScope scope(ssl_env()->isolate()); - -@@ -3059,7 +2926,7 @@ - - // Call the SNI callback and use its return value as context - if (!conn->sniObject_.IsEmpty()) { -- conn->sni_context_.Reset(); -+ conn->sniContext_.Reset(); - - Local<Object> sni_obj = PersistentToLocal(env->isolate(), - conn->sniObject_); -@@ -3075,7 +2942,7 @@ - Local<FunctionTemplate> secure_context_constructor_template = - env->secure_context_constructor_template(); - if (secure_context_constructor_template->HasInstance(ret)) { -- conn->sni_context_.Reset(env->isolate(), ret); -+ conn->sniContext_.Reset(env->isolate(), ret); - SecureContext* sc; - ASSIGN_OR_RETURN_UNWRAP(&sc, ret.As<Object>(), SSL_TLSEXT_ERR_NOACK); - conn->SetSNIContext(sc); -@@ -3115,8 +2982,6 @@ - - InitNPN(sc); - -- SSL_set_cert_cb(conn->ssl_, SSLWrap<Connection>::SSLCertCallback, conn); -- - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - if (is_server) { - SSL_CTX_set_tlsext_servername_callback(sc->ctx_, SelectSNIContextCallback_); -@@ -3480,7 +3345,7 @@ - int key_buf_len) { - HandleScope scope(env()->isolate()); - --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - return env()->ThrowError( - "crypto.createCipher() is not supported in FIPS mode."); -@@ -3516,8 +3381,10 @@ - cipher_type); - } - -+#if !defined(LIBRESSL_VERSION_NUMBER) - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); -+#endif - - CHECK_EQ(1, EVP_CIPHER_CTX_set_key_length(ctx_, key_len)); - -@@ -3580,8 +3447,10 @@ - - ctx_ = EVP_CIPHER_CTX_new(); - -+#if !defined(LIBRESSL_VERSION_NUMBER) - if (mode == EVP_CIPH_WRAP_MODE) - EVP_CIPHER_CTX_set_flags(ctx_, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW); -+#endif - - const bool encrypt = (kind_ == kCipher); - EVP_CipherInit_ex(ctx_, cipher, nullptr, nullptr, nullptr, encrypt); -@@ -4150,7 +4019,7 @@ - - SignBase::Error SignBase::Init(const char* sign_type) { - CHECK_EQ(mdctx_, nullptr); --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - // Historically, "dss1" and "DSS1" were DSA aliases for SHA-1 - // exposed through the public API. - if (strcmp(sign_type, "dss1") == 0 || -@@ -4356,7 +4225,7 @@ - if (pkey == nullptr || 0 != ERR_peek_error()) - goto exit; - --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - /* Validate DSA2 parameters from FIPS 186-4 */ - if (FIPS_mode() && EVP_PKEY_DSA == pkey->type) { - size_t L = BN_num_bits(pkey->pkey.dsa->p); -@@ -5131,7 +5000,7 @@ - - void DiffieHellman::SetPrivateKey(const FunctionCallbackInfo<Value>& args) { - #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \ -- OPENSSL_VERSION_NUMBER < 0x10100070L -+ OPENSSL_VERSION_NUMBER < 0x10100070L && !defined(LIBRESSL_VERSION_NUMBER) - // Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for - // Node. See https://github.com/openssl/openssl/pull/4384. - #error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" -@@ -6220,13 +6089,13 @@ - SSL_library_init(); - OpenSSL_add_all_algorithms(); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - crypto_lock_init(); - CRYPTO_set_locking_callback(crypto_lock_cb); - CRYPTO_THREADID_set_callback(crypto_threadid_cb); - #endif - --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - /* Override FIPS settings in cnf file, if needed. */ - unsigned long err = 0; // NOLINT(runtime/int) - if (enable_fips_crypto || force_fips_crypto) { -@@ -6296,16 +6165,20 @@ - #endif // !OPENSSL_NO_ENGINE - - void GetFipsCrypto(const FunctionCallbackInfo<Value>& args) { -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - if (FIPS_mode()) { - args.GetReturnValue().Set(1); - } else { - args.GetReturnValue().Set(0); - } -+#else -+ args.GetReturnValue().Set(0); -+#endif - } - - void SetFipsCrypto(const FunctionCallbackInfo<Value>& args) { - Environment* env = Environment::GetCurrent(args); --#ifdef NODE_FIPS_MODE -+#if defined(NODE_FIPS_MODE) && !defined(LIBRESSL_VERSION_NUMBER) - const bool enabled = FIPS_mode(); - const bool enable = args[0]->BooleanValue(); - if (enable == enabled) -diff -Naur node-v8.11.1.orig/src/node_crypto.h node-v8.11.1/src/node_crypto.h ---- node-v8.11.1.orig/src/node_crypto.h 2018-07-18 17:37:43.066250635 +0800 -+++ node-v8.11.1/src/node_crypto.h 2018-07-18 19:07:31.798362764 +0800 -@@ -55,6 +55,11 @@ - # define NODE__HAVE_TLSEXT_STATUS_CB - #endif // !defined(OPENSSL_NO_TLSEXT) && defined(SSL_CTX_set_tlsext_status_cb) - -+#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) \ -+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) -+#define _OPENSSL_11_COMPAT -+#endif -+ - namespace node { - namespace crypto { - -@@ -103,14 +108,14 @@ - static const int kTicketKeyNameIndex = 3; - static const int kTicketKeyIVIndex = 4; - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - unsigned char ticket_key_name_[16]; - unsigned char ticket_key_aes_[16]; - unsigned char ticket_key_hmac_[16]; - #endif - - protected: --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static const int64_t kExternalSize = sizeof(SSL_CTX); - #else - // OpenSSL 1.1.0 has opaque structures. This is an estimate based on the size -@@ -153,7 +158,7 @@ - HMAC_CTX* hctx, - int enc); - --#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+#if defined(_OPENSSL_11_COMPAT) - static int TicketCompatibilityCallback(SSL* ssl, - unsigned char* name, - unsigned char* iv, -@@ -203,10 +208,7 @@ - kind_(kind), - next_sess_(nullptr), - session_callbacks_(false), -- new_session_wait_(false), -- cert_cb_(nullptr), -- cert_cb_arg_(nullptr), -- cert_cb_running_(false) { -+ new_session_wait_(false) { - ssl_ = SSL_new(sc->ctx_); - env_->isolate()->AdjustAmountOfExternalAllocatedMemory(kExternalSize); - CHECK_NE(ssl_, nullptr); -@@ -219,10 +221,6 @@ - next_sess_ = nullptr; - } - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- sni_context_.Reset(); --#endif -- - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - ocsp_response_.Reset(); - #endif // NODE__HAVE_TLSEXT_STATUS_CB -@@ -233,12 +231,9 @@ - inline bool is_server() const { return kind_ == kServer; } - inline bool is_client() const { return kind_ == kClient; } - inline bool is_waiting_new_session() const { return new_session_wait_; } -- inline bool is_waiting_cert_cb() const { return cert_cb_ != nullptr; } - - protected: -- typedef void (*CertCb)(void* arg); -- --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - // Size allocated by OpenSSL: one for SSL structure, one for SSL3_STATE and - // some for buffers. - // NOTE: Actually it is much more than this -@@ -253,7 +248,7 @@ - static void InitNPN(SecureContext* sc); - static void AddMethods(Environment* env, v8::Local<v8::FunctionTemplate> t); - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static SSL_SESSION* GetSessionCallback(SSL* s, - unsigned char* key, - int len, -@@ -280,7 +275,6 @@ - static void VerifyError(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetCurrentCipher(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EndParser(const v8::FunctionCallbackInfo<v8::Value>& args); -- static void CertCbDone(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Renegotiate(const v8::FunctionCallbackInfo<v8::Value>& args); - static void Shutdown(const v8::FunctionCallbackInfo<v8::Value>& args); - static void GetTLSTicket(const v8::FunctionCallbackInfo<v8::Value>& args); -@@ -322,11 +316,9 @@ - unsigned int inlen, - void* arg); - static int TLSExtStatusCallback(SSL* s, void* arg); -- static int SSLCertCallback(SSL* s, void* arg); - static void SSLGetter(const v8::FunctionCallbackInfo<v8::Value>& info); - - void DestroySSL(); -- void WaitForCertCb(CertCb cb, void* arg); - void SetSNIContext(SecureContext* sc); - int SetCACerts(SecureContext* sc); - -@@ -341,21 +333,12 @@ - bool session_callbacks_; - bool new_session_wait_; - -- // SSL_set_cert_cb -- CertCb cert_cb_; -- void* cert_cb_arg_; -- bool cert_cb_running_; -- - ClientHelloParser hello_parser_; - - #ifdef NODE__HAVE_TLSEXT_STATUS_CB - v8::Persistent<v8::Object> ocsp_response_; - #endif // NODE__HAVE_TLSEXT_STATUS_CB - --#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -- v8::Persistent<v8::Value> sni_context_; --#endif -- - friend class SecureContext; - }; - -@@ -367,6 +350,7 @@ - ~Connection() override { - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - sniObject_.Reset(); -+ sniContext_.Reset(); - servername_.Reset(); - #endif - } -@@ -381,6 +365,7 @@ - - #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - v8::Persistent<v8::Object> sniObject_; -+ v8::Persistent<v8::Value> sniContext_; - v8::Persistent<v8::String> servername_; - #endif - -diff -Naur node-v8.11.1.orig/src/node_crypto_bio.cc node-v8.11.1/src/node_crypto_bio.cc ---- node-v8.11.1.orig/src/node_crypto_bio.cc 2018-03-30 07:17:17.000000000 +0800 -+++ node-v8.11.1/src/node_crypto_bio.cc 2018-07-20 00:38:51.080302783 +0800 -@@ -28,7 +28,12 @@ - namespace node { - namespace crypto { - --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L) \ -+ || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) -+#define _OPENSSL_11_COMPAT -+#endif -+ -+#if !defined(_OPENSSL_11_COMPAT) - #define BIO_set_data(bio, data) bio->ptr = data - #define BIO_get_data(bio) bio->ptr - #define BIO_set_shutdown(bio, shutdown_) bio->shutdown = shutdown_ -@@ -235,7 +240,7 @@ - - - const BIO_METHOD* NodeBIO::GetMethod() { --#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#if !defined(_OPENSSL_11_COMPAT) - static const BIO_METHOD method = { - BIO_TYPE_MEM, - "node.js SSL buffer", -diff -Naur node-v8.11.1.orig/src/tls_wrap.cc node-v8.11.1/src/tls_wrap.cc ---- node-v8.11.1.orig/src/tls_wrap.cc 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/src/tls_wrap.cc 2018-07-18 19:13:49.731685588 +0800 -@@ -171,8 +171,6 @@ - - InitNPN(sc_); - -- SSL_set_cert_cb(ssl_, SSLWrap<TLSWrap>::SSLCertCallback, this); -- - if (is_server()) { - SSL_set_accept_state(ssl_); - } else if (is_client()) { -@@ -385,7 +383,6 @@ - case SSL_ERROR_NONE: - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: -- case SSL_ERROR_WANT_X509_LOOKUP: - break; - case SSL_ERROR_ZERO_RETURN: - return scope.Escape(env()->zero_return_string()); -@@ -826,6 +823,11 @@ - "EnableSessionCallbacks after destroySSL"); - } - wrap->enable_session_callbacks(); -+ EnableHelloParser(args); -+} -+ -+void TLSWrap::EnableHelloParser(const FunctionCallbackInfo<Value>& args) { -+ TLSWrap* wrap = Unwrap<TLSWrap>(args.Holder()); - crypto::NodeBIO::FromBIO(wrap->enc_in_)->set_initial(kMaxHelloLength); - wrap->hello_parser_.Start(SSLWrap<TLSWrap>::OnClientHello, - OnClientHelloParseEnd, -@@ -851,13 +853,6 @@ - } - - --void TLSWrap::EnableCertCb(const FunctionCallbackInfo<Value>& args) { -- TLSWrap* wrap; -- ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder()); -- wrap->WaitForCertCb(OnClientHelloParseEnd, wrap); --} -- -- - void TLSWrap::OnClientHelloParseEnd(void* arg) { - TLSWrap* c = static_cast<TLSWrap*>(arg); - c->Cycle(); -@@ -976,8 +971,8 @@ - env->SetProtoMethod(t, "start", Start); - env->SetProtoMethod(t, "setVerifyMode", SetVerifyMode); - env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks); -+ env->SetProtoMethod(t, "enableHelloParser", EnableHelloParser); - env->SetProtoMethod(t, "destroySSL", DestroySSL); -- env->SetProtoMethod(t, "enableCertCb", EnableCertCb); - env->SetProtoMethod(t, "updateWriteQueueSize", UpdateWriteQueueSize); - - StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev); -diff -Naur node-v8.11.1.orig/src/tls_wrap.h node-v8.11.1/src/tls_wrap.h ---- node-v8.11.1.orig/src/tls_wrap.h 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/src/tls_wrap.h 2018-07-18 19:17:45.799658124 +0800 -@@ -159,7 +159,7 @@ - static void SetVerifyMode(const v8::FunctionCallbackInfo<v8::Value>& args); - static void EnableSessionCallbacks( - const v8::FunctionCallbackInfo<v8::Value>& args); -- static void EnableCertCb( -+ static void EnableHelloParser( - const v8::FunctionCallbackInfo<v8::Value>& args); - static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args); - -@@ -187,6 +187,9 @@ - // If true - delivered EOF to the js-land, either after `close_notify`, or - // after the `UV_EOF` on socket. - bool eof_; -+#ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB -+ v8::Persistent<v8::Value> sni_context_; -+#endif // SSL_CTRL_SET_TLSEXT_SERVERNAME_CB - - private: - static void UpdateWriteQueueSize( -diff -Naur node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js ---- node-v8.11.1.orig/test/parallel/test-tls-cnnic-whitelist.js 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/test/parallel/test-tls-cnnic-whitelist.js 2018-07-18 19:17:45.799658124 +0800 -@@ -30,7 +30,9 @@ - port: undefined, - rejectUnauthorized: true - }, -- errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' -+ // LibreSSL returns CERT_UNTRUSTED in this case, OpenSSL UNABLE_TO_GET_ISSUER_CERT_LOCALLY. -+ errorCode: 'CERT_UNTRUSTED' -+ // errorCode: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' - } - ]; - -diff -Naur node-v8.@@ -976,8 +971,8 @@2lel/test-tls-sni-server-client.js node-v8.11.1/test/parallel/test-tls-sni-server-client.js ---- node-v8.11.1.orig/test/parallel/test-tls-sni-server-client.js 2018-03-30 07:17:18.000000000 +0800 -+++ node-v8.11.1/test/parallel/test-tls-sni-server-client.js 2018-07-18 19:17:45.799658124 +0800 -@@ -49,39 +49,37 @@ - 'asterisk.test.com': { - key: loadPEM('agent3-key'), - cert: loadPEM('agent3-cert') -- }, -- 'chain.example.com': { -- key: loadPEM('agent6-key'), -- // NOTE: Contains ca3 chain cert -- cert: loadPEM('agent6-cert') - } - }; - - const clientsOptions = [{ - port: undefined, -+ key: loadPEM('agent1-key'), -+ cert: loadPEM('agent1-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'a.example.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent2-key'), -+ cert: loadPEM('agent2-cert'), - ca: [loadPEM('ca2-cert')], - servername: 'a.b.test.com', - rejectUnauthorized: false - }, { - port: undefined, -+ key: loadPEM('agent3-key'), -+ cert: loadPEM('agent3-cert'), - ca: [loadPEM('ca1-cert')], - servername: 'c.wrong.com', - rejectUnauthorized: false --}, { -- port: undefined, -- ca: [loadPEM('ca1-cert')], -- servername: 'chain.example.com', -- rejectUnauthorized: false - }]; - - const serverResults = []; -@@ -93,7 +91,6 @@ - - server.addContext('a.example.com', SNIContexts['a.example.com']); - server.addContext('*.test.com', SNIContexts['asterisk.test.com']); --server.addContext('chain.example.com', SNIContexts['chain.example.com']); - - server.listen(0, startTest); - -@@ -122,8 +119,7 @@ - - process.on('exit', function() { - assert.deepStrictEqual(serverResults, [ -- 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com', -- 'chain.example.com' -+ 'a.example.com', 'b.test.com', 'a.b.test.com', 'c.wrong.com' - ]); -- assert.deepStrictEqual(clientResults, [true, true, false, false, true]); -+ assert.deepStrictEqual(clientResults, [true, true, false, false]); - }); diff --git a/net-libs/nodejs/nodejs-8.11.1.ebuild b/net-libs/nodejs/nodejs-8.11.1.ebuild deleted file mode 100644 index fe093d5..0000000 --- a/net-libs/nodejs/nodejs-8.11.1.ebuild +++ /dev/null @@ -1,208 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -RESTRICT="test" - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="threads" - -inherit bash-completion-r1 eutils flag-o-matic pax-utils python-single-r1 toolchain-funcs - -DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" -HOMEPAGE="https://nodejs.org/" -SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" - -LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" -SLOT="0" -KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86 ~amd64-linux ~x64-macos" -IUSE="cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - inspector? ( icu ssl ) -" - -RDEPEND=" - >=dev-libs/libuv-1.19.1:= - >=net-libs/http-parser-2.8.0:= - >=net-libs/nghttp2-1.25.0 - sys-libs/zlib - icu? ( >=dev-libs/icu-60.1:= ) - ssl? ( - !libressl? ( >=dev-libs/openssl-1.0.2n:0=[-bindist] ) - libressl? ( dev-libs/libressl:= ) - ) -" -DEPEND="${RDEPEND} - ${PYTHON_DEPS} - systemtap? ( dev-util/systemtap ) - test? ( net-misc/curl )" - -S="${WORKDIR}/node-v${PV}" - -PATCHES=( - "${FILESDIR}"/gentoo-global-npm-config.patch -) - -pkg_pretend() { - (use x86 && ! use cpu_flags_x86_sse2) && \ - die "Your CPU doesn't support the required SSE2 instruction." - - ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \ - die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer." -} - -src_prepare() { - tc-export CC CXX PKG_CONFIG - export V=1 - export BUILDTYPE=Release - - # fix compilation on Darwin - # https://code.google.com/p/gyp/issues/detail?id=260 - sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die - - # make sure we use python2.* while using gyp - sed -i -e "s/python/${EPYTHON}/" deps/npm/node_modules/node-gyp/gyp/gyp || die - sed -i -e "s/|| 'python2'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die - - # less verbose install output (stating the same as portage, basically) - sed -i -e "/print/d" tools/install.py || die - - # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 - local LIBDIR=$(get_libdir) - sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die - sed -i -e "s/'lib'/'${LIBDIR}'/" lib/module.js deps/npm/lib/npm.js || die - - # Avoid writing a depfile, not useful - sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die - - sed -i -e "/'-O3'/d" common.gypi deps/v8/gypfiles/toolchain.gypi || die - - # Avoid a test that I've only been able to reproduce from emerge. It doesnt - # seem sandbox related either (invoking it from a sandbox works fine). - # The issue is that no stdin handle is openened when asked for one. - # It doesn't really belong upstream , so it'll just be removed until someone - # with more gentoo-knowledge than me (jbergstroem) figures it out. - rm test/parallel/test-stdout-close-unref.js || die - - # debug builds. change install path, remove optimisations and override buildtype - if use debug; then - sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die - BUILDTYPE=Debug - fi - - if use libressl; then - epatch "${FILESDIR}"/nodejs-8.11.1-libressl.patch - fi - - default -} - -src_configure() { - local myconf=( --shared-http-parser --shared-libuv --shared-nghttp2 --shared-zlib ) - use debug && myconf+=( --debug ) - use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none ) - use inspector || myconf+=( --without-inspector ) - use npm || myconf+=( --without-npm ) - use snapshot && myconf+=( --with-snapshot ) - use ssl && myconf+=( --shared-openssl ) || myconf+=( --without-ssl ) - - local myarch="" - case ${ABI} in - amd64) myarch="x64";; - arm) myarch="arm";; - arm64) myarch="arm64";; - ppc64) myarch="ppc64";; - x32) myarch="x32";; - x86) myarch="ia32";; - *) myarch="${ABI}";; - esac - - GYP_DEFINES="linux_use_gold_flags=0 - linux_use_bundled_binutils=0 - linux_use_bundled_gold=0" \ - "${PYTHON}" configure \ - --prefix="${EPREFIX}"/usr \ - --dest-cpu=${myarch} \ - $(use_with systemtap dtrace) \ - "${myconf[@]}" || die -} - -src_compile() { - emake -C out mksnapshot - pax-mark m "out/${BUILDTYPE}/mksnapshot" - emake -C out -} - -src_install() { - local LIBDIR="${ED}/usr/$(get_libdir)" - emake install DESTDIR="${D}" - pax-mark -m "${ED}"usr/bin/node - - # set up a symlink structure that node-gyp expects.. - dodir /usr/include/node/deps/{v8,uv} - dosym . /usr/include/node/src - for var in deps/{uv,v8}/include; do - dosym ../.. /usr/include/node/${var} - done - - if use doc; then - # Patch docs to make them offline readable - for i in `grep -rl 'fonts.googleapis.com' "${S}"/out/doc/api/*`; do - sed -i '/fonts.googleapis.com/ d' $i; - done - # Install docs! - dohtml -r "${S}"/doc/* - fi - - if use npm; then - dodir /etc/npm - - # Install bash completion for `npm` - # We need to temporarily replace default config path since - # npm otherwise tries to write outside of the sandbox - local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js" - sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die - local tmp_npm_completion_file="$(emktemp)" - "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" - newbashcomp "${tmp_npm_completion_file}" npm - sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die - - # Move man pages - doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* - - # Clean up - rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die - rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die - - local find_exp="-or -name" - local find_name=() - for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ - ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ - "*.md" "*.markdown" "*.bat" "*.cmd"; do - find_name+=( ${find_exp} "${match}" ) - done - - # Remove various development and/or inappropriate files and - # useless docs of dependend packages. - find "${LIBDIR}"/node_modules \ - \( -type d -name examples \) -or \( -type f \( \ - -iname "LICEN?E*" \ - "${find_name[@]}" \ - \) \) -exec rm -rf "{}" \; - fi -} - -src_test() { - out/${BUILDTYPE}/cctest || die - "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die -} - -pkg_postinst() { - einfo "The global npm config lives in /etc/npm. This deviates slightly" - einfo "from upstream which otherwise would have it live in /usr/etc/." - einfo "" - einfo "Protip: When using node-gyp to install native modules, you can" - einfo "avoid having to download extras by doing the following:" - einfo "$ node-gyp --nodedir /usr/include/node <command>" -} diff --git a/net-libs/nodejs/nodejs-8.12.0.ebuild b/net-libs/nodejs/nodejs-8.12.0.ebuild deleted file mode 100644 index 37a649f..0000000 --- a/net-libs/nodejs/nodejs-8.12.0.ebuild +++ /dev/null @@ -1,210 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -RESTRICT="test" - -PYTHON_COMPAT=( python2_7 ) -PYTHON_REQ_USE="threads" - -inherit bash-completion-r1 eutils flag-o-matic pax-utils python-single-r1 toolchain-funcs - -DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine" -HOMEPAGE="https://nodejs.org/" -SRC_URI="https://nodejs.org/dist/v${PV}/node-v${PV}.tar.xz" - -LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT" -SLOT="0" -KEYWORDS="amd64 ~arm ~arm64 ppc ppc64 x86 ~amd64-linux ~x64-macos" -IUSE="cpu_flags_x86_sse2 debug doc icu inspector libressl +npm +snapshot +ssl systemtap test" -REQUIRED_USE=" - ${PYTHON_REQUIRED_USE} - inspector? ( icu ssl ) - npm? ( ssl ) -" - -RDEPEND=" - >=dev-libs/libuv-1.19.2:= - >=net-libs/http-parser-2.8.0:= - >=net-libs/nghttp2-1.32.0 - sys-libs/zlib - icu? ( >=dev-libs/icu-60.1:= ) - ssl? ( - !libressl? ( >=dev-libs/openssl-1.0.2n:0=[-bindist] ) - libressl? ( dev-libs/libressl:= ) - ) -" - -DEPEND="${RDEPEND} - ${PYTHON_DEPS} - systemtap? ( dev-util/systemtap ) - test? ( net-misc/curl )" - -S="${WORKDIR}/node-v${PV}" - -PATCHES=( - "${FILESDIR}"/nodejs-10.3.0-global-npm-config.patch -) - -pkg_pretend() { - (use x86 && ! use cpu_flags_x86_sse2) && \ - die "Your CPU doesn't support the required SSE2 instruction." - - ( [[ ${MERGE_TYPE} != "binary" ]] && ! test-flag-CXX -std=c++11 ) && \ - die "Your compiler doesn't support C++11. Use GCC 4.8, Clang 3.3 or newer." -} - -src_prepare() { - tc-export CC CXX PKG_CONFIG - export V=1 - export BUILDTYPE=Release - - # fix compilation on Darwin - # https://code.google.com/p/gyp/issues/detail?id=260 - sed -i -e "/append('-arch/d" tools/gyp/pylib/gyp/xcode_emulation.py || die - - # make sure we use python2.* while using gyp - sed -i -e "s/python/${EPYTHON}/" deps/npm/node_modules/node-gyp/gyp/gyp || die - sed -i -e "s/|| 'python2'/|| '${EPYTHON}'/" deps/npm/node_modules/node-gyp/lib/configure.js || die - - # less verbose install output (stating the same as portage, basically) - sed -i -e "/print/d" tools/install.py || die - - # proper libdir, hat tip @ryanpcmcquen https://github.com/iojs/io.js/issues/504 - local LIBDIR=$(get_libdir) - sed -i -e "s|lib/|${LIBDIR}/|g" tools/install.py || die - sed -i -e "s/'lib'/'${LIBDIR}'/" lib/module.js deps/npm/lib/npm.js || die - - # Avoid writing a depfile, not useful - sed -i -e "/DEPFLAGS =/d" tools/gyp/pylib/gyp/generator/make.py || die - - sed -i -e "/'-O3'/d" common.gypi deps/v8/gypfiles/toolchain.gypi || die - - # Avoid a test that I've only been able to reproduce from emerge. It doesnt - # seem sandbox related either (invoking it from a sandbox works fine). - # The issue is that no stdin handle is openened when asked for one. - # It doesn't really belong upstream , so it'll just be removed until someone - # with more gentoo-knowledge than me (jbergstroem) figures it out. - rm test/parallel/test-stdout-close-unref.js || die - - # debug builds. change install path, remove optimisations and override buildtype - if use debug; then - sed -i -e "s|out/Release/|out/Debug/|g" tools/install.py || die - BUILDTYPE=Debug - fi - - if use libressl; then - epatch "${FILESDIR}"/nodejs-${PV}-libressl.patch - fi - - default -} - -src_configure() { - local myconf=( --shared-http-parser --shared-libuv --shared-nghttp2 --shared-zlib ) - use debug && myconf+=( --debug ) - use icu && myconf+=( --with-intl=system-icu ) || myconf+=( --with-intl=none ) - use inspector || myconf+=( --without-inspector ) - use npm || myconf+=( --without-npm ) - use snapshot && myconf+=( --with-snapshot ) - use ssl && myconf+=( --shared-openssl ) || myconf+=( --without-ssl ) - - local myarch="" - case ${ABI} in - amd64) myarch="x64";; - arm) myarch="arm";; - arm64) myarch="arm64";; - ppc64) myarch="ppc64";; - x32) myarch="x32";; - x86) myarch="ia32";; - *) myarch="${ABI}";; - esac - - GYP_DEFINES="linux_use_gold_flags=0 - linux_use_bundled_binutils=0 - linux_use_bundled_gold=0" \ - "${PYTHON}" configure \ - --prefix="${EPREFIX}"/usr \ - --dest-cpu=${myarch} \ - $(use_with systemtap dtrace) \ - "${myconf[@]}" || die -} - -src_compile() { - emake -C out mksnapshot - pax-mark m "out/${BUILDTYPE}/mksnapshot" - emake -C out -} - -src_install() { - local LIBDIR="${ED}/usr/$(get_libdir)" - emake install DESTDIR="${D}" - pax-mark -m "${ED}"usr/bin/node - - # set up a symlink structure that node-gyp expects.. - dodir /usr/include/node/deps/{v8,uv} - dosym . /usr/include/node/src - for var in deps/{uv,v8}/include; do - dosym ../.. /usr/include/node/${var} - done - - if use doc; then - # Patch docs to make them offline readable - for i in `grep -rl 'fonts.googleapis.com' "${S}"/out/doc/api/*`; do - sed -i '/fonts.googleapis.com/ d' $i; - done - # Install docs! - dohtml -r "${S}"/doc/* - fi - - if use npm; then - dodir /etc/npm - - # Install bash completion for `npm` - # We need to temporarily replace default config path since - # npm otherwise tries to write outside of the sandbox - local npm_config="usr/$(get_libdir)/node_modules/npm/lib/config/core.js" - sed -i -e "s|'/etc'|'${ED}/etc'|g" "${ED}/${npm_config}" || die - local tmp_npm_completion_file="$(emktemp)" - "${ED}/usr/bin/npm" completion > "${tmp_npm_completion_file}" - newbashcomp "${tmp_npm_completion_file}" npm - sed -i -e "s|'${ED}/etc'|'/etc'|g" "${ED}/${npm_config}" || die - - # Move man pages - doman "${LIBDIR}"/node_modules/npm/man/man{1,5,7}/* - - # Clean up - rm "${LIBDIR}"/node_modules/npm/{.mailmap,.npmignore,Makefile} || die - rm -rf "${LIBDIR}"/node_modules/npm/{doc,html,man} || die - - local find_exp="-or -name" - local find_name=() - for match in "AUTHORS*" "CHANGELOG*" "CONTRIBUT*" "README*" \ - ".travis.yml" ".eslint*" ".wercker.yml" ".npmignore" \ - "*.md" "*.markdown" "*.bat" "*.cmd"; do - find_name+=( ${find_exp} "${match}" ) - done - - # Remove various development and/or inappropriate files and - # useless docs of dependend packages. - find "${LIBDIR}"/node_modules \ - \( -type d -name examples \) -or \( -type f \( \ - -iname "LICEN?E*" \ - "${find_name[@]}" \ - \) \) -exec rm -rf "{}" \; - fi -} - -src_test() { - out/${BUILDTYPE}/cctest || die - "${PYTHON}" tools/test.py --mode=${BUILDTYPE,,} -J message parallel sequential || die -} - -pkg_postinst() { - einfo "The global npm config lives in /etc/npm. This deviates slightly" - einfo "from upstream which otherwise would have it live in /usr/etc/." - einfo "" - einfo "Protip: When using node-gyp to install native modules, you can" - einfo "avoid having to download extras by doing the following:" - einfo "$ node-gyp --nodedir /usr/include/node <command>" -} |