import nodejs-20.11.1-1.module+el8.9.0+21380+12032667

c8-beta-stream-20 imports/c8-beta-stream-20/nodejs-20.11.1-1.module+el8.9.0+21380+12032667
MSVSphere Packaging Team 7 months ago
commit 3c1892840e

6
.gitignore vendored

@ -0,0 +1,6 @@
SOURCES/cjs-module-lexer-1.2.2.tar.gz
SOURCES/icu4c-73_2-src.tgz
SOURCES/node-v20.11.1-stripped.tar.gz
SOURCES/undici-5.28.3.tar.gz
SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

@ -0,0 +1,6 @@
164f7f39841415284b0280a648c43bd7ea1615ac SOURCES/cjs-module-lexer-1.2.2.tar.gz
3d94969b097189bf5479c312d9593d2d252f5a73 SOURCES/icu4c-73_2-src.tgz
59aed60100c3d6373c218378ccc8e03eb26cc1e5 SOURCES/node-v20.11.1-stripped.tar.gz
b598f79f4706fe75c31ff2a214e50acc04c4725a SOURCES/undici-5.28.3.tar.gz
8979d177dd62e3b167a6fd7dc7185adb0128c439 SOURCES/wasi-sdk-wasi-sdk-11.tar.gz
fbe01909bf0e8260fcc3696ec37c9f731b5e356a SOURCES/wasi-sdk-wasi-sdk-16.tar.gz

@ -0,0 +1,55 @@
From c73e0892eb1d0aa2df805618c019dc5c96b79705 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Tue, 30 May 2023 13:12:35 +0200
Subject: [PATCH] Disable running gyp on shared deps
Signed-off-by: rpm-build <rpm-build>
---
Makefile | 2 +-
node.gyp | 17 -----------------
2 files changed, 1 insertion(+), 18 deletions(-)
diff --git a/Makefile b/Makefile
index 0be0659..3c44201 100644
--- a/Makefile
+++ b/Makefile
@@ -169,7 +169,7 @@ with-code-cache test-code-cache:
$(warning '$@' target is a noop)
out/Makefile: config.gypi common.gypi node.gyp \
- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \
+ deps/llhttp/llhttp.gyp \
deps/simdutf/simdutf.gyp deps/ada/ada.gyp \
tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \
tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp
diff --git a/node.gyp b/node.gyp
index cf52281..c33b57b 100644
--- a/node.gyp
+++ b/node.gyp
@@ -430,23 +430,6 @@
],
},
],
- }, {
- 'variables': {
- 'opensslconfig_internal': '<(obj_dir)/deps/openssl/openssl.cnf',
- 'opensslconfig': './deps/openssl/nodejs-openssl.cnf',
- },
- 'actions': [
- {
- 'action_name': 'reset_openssl_cnf',
- 'inputs': [ '<(opensslconfig)', ],
- 'outputs': [ '<(opensslconfig_internal)', ],
- 'action': [
- '<(python)', 'tools/copyfile.py',
- '<(opensslconfig)',
- '<(opensslconfig_internal)',
- ],
- },
- ],
}],
],
}, # node_core_target_name
--
2.41.0

@ -0,0 +1,151 @@
// Copyright (C) 2014 IBM Corporation and Others. All Rights Reserved.
// This file is part of the Node.JS ICU enablement work
// https://github.com/joyent/node/pull/7719
// and is under the same license.
//
// This is a very, very, very basic test of es402
//
// URL: https://github.com/srl295/btest402
// Author: Steven R. Loomis <srl@icu-project.org>
//
// for a complete test, see http://test262.ecmascript.org
//
// Usage: node btest402.js
try {
console.log("You have console.log.");
} catch(e) {
// this works on d8
console = { log: print };
console.log("Now you have console.log.");
}
function runbtest() {
var summary = {};
try {
var i = Intl;
summary.haveIntl = true;
console.log("+ Congrats, you have the Intl object.");
} catch(e) {
console.log("You don't have the Intl object: " + e);
}
if(summary.haveIntl) {
var locs = [ "en", "mt", "ja","tlh"];
var d = new Date(196400000);
for ( var n=0; n<locs.length; n++ ) {
var loc = locs[n];
var lsummary = summary[loc] = {};
console.log(loc+":");
var sl=null;
try {
sl = Intl.DateTimeFormat.supportedLocalesOf([loc]);
if( sl.length > 0 ) {
lsummary.haveSlo = true;
}
} catch (e) {
console.log("SLO err: " + e);
}
var dstr = "ERR";
try {
lsummary.dstr = d.toLocaleString(loc,{month: "long",day:"numeric",weekday:"long",year:"numeric"});
console.log(" date: (supported:"+sl+") " + lsummary.dstr);
} catch (e) {
console.log(" Date Format err: " + e);
}
try {
new Intl.v8BreakIterator();
console.log(" Intl.v8BreakIterator:" +
Intl.v8BreakIterator.supportedLocalesOf(loc) + " Supported, first()==" +
new Intl.v8BreakIterator(loc).first() );
lsummary.brkOk = true;
} catch ( e) {
console.log(" Intl.v8BreakIterator error (NOT part of EcmaScript402): " + e);
}
console.log();
}
}
// print summary
console.log();
console.log("--------- Analysis ---------");
stxt = "";
if( summary.haveIntl ) {
console.log("* You have the 'Intl' object. Congratulations! You have the possibility of being EcmaScript 402 compliant.");
stxt += "Have Intl, ";
if ( !summary.en.haveSlo ) {
stxt += "Date:no EN, ";
console.log("* English isn't a supported language by the date formatter. Perhaps the data isn't installed properly?");
}
if ( !summary.tlh.haveSlo ) {
stxt += "Date:no 'tlh', ";
console.log("* Klingon isn't a supported language by the date formatter. It is without honor!");
}
// now, what is it actually saying
if( summary.en.dstr.indexOf("1970") == -1) {
stxt += "Date:bad 'en', ";
console.log("* the English date format text looks bad to me. Doesn't even have the year.");
} else {
if( summary.en.dstr.indexOf("Jan") == -1) {
stxt += "Date:bad 'en', ";
console.log("* The English date format text looks bad to me. Doesn't have the right month.");
}
}
if( summary.mt.dstr == summary.en.dstr ) {
stxt += "Date:'mt'=='en', ";
console.log("* The English and Maltese look the same to me. Probably a 'small' build.");
} else if( summary.mt.dstr.indexOf("1970") == -1) {
stxt += "Date:bad 'mt', ";
console.log("* the Maltese date format text looks bad to me. Doesn't even have the year. (This data is missing from the Chromium ICU build)");
} else {
if( summary.mt.dstr.indexOf("Jann") == -1) {
stxt += "Date:bad 'mt', ";
console.log("* The Maltese date format text looks bad to me. Doesn't have the right month. (This data is missing from the Chromium ICU build)");
}
}
if ( !summary.ja.haveSlo ) {
stxt += "Date:no 'ja', ";
console.log("* Japanese isn't a supported language by the date formatter. Could be a 'small' build.");
} else {
if( summary.ja.dstr.indexOf("1970") == -1) {
stxt += "Date:bad 'ja', ";
console.log("* the Japanese date format text looks bad to me. Doesn't even have the year.");
} else {
if( summary.ja.dstr.indexOf("日") == -1) {
stxt += "Date:bad 'ja', ";
console.log("* The Japanese date format text looks bad to me.");
}
}
}
if ( summary.en.brkOk ) {
stxt += "FYI: v8Brk:have 'en', ";
console.log("* You have Intl.v8BreakIterator support. (Note: not part of ES402.)");
}
} else {
console.log("* You don't have the 'Intl' object. You aren't EcmaScript 402 compliant.");
stxt += " NO Intl. ";
}
// 1-liner.
console.log();
console.log("----------------");
console.log( "SUMMARY:" + stxt );
}
var dorun = true;
try {
if(btest402_noautorun) {
dorun = false;
}
} catch(e) {}
if(dorun) {
console.log("Running btest..");
runbtest();
}

@ -0,0 +1,84 @@
From 98738d27288bd9ca634e29181ef665e812e7bbd3 Mon Sep 17 00:00:00 2001
From: Michael Dawson <midawson@redhat.com>
Date: Fri, 23 Feb 2024 13:43:56 +0100
Subject: [PATCH] Disable FIPS options
On RHEL, FIPS should be configured only on system level.
Additionally, the related options may cause segfault when used on RHEL.
This patch causes the option processing to end sooner
than the problematic code gets executed.
Additionally, the JS-level options to mess with FIPS settings
are similarly disabled.
Upstream report: https://github.com/nodejs/node/pull/48950
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2226726
Customer case: https://access.redhat.com/support/cases/#/case/03711488
Signed-off-by: rpm-build <rpm-build>
---
lib/crypto.js | 10 ++++++++++
lib/internal/errors.js | 6 ++++++
src/crypto/crypto_util.cc | 2 ++
3 files changed, 18 insertions(+)
diff --git a/lib/crypto.js b/lib/crypto.js
index 41adecc..b2627ac 100644
--- a/lib/crypto.js
+++ b/lib/crypto.js
@@ -36,6 +36,9 @@ const {
assertCrypto();
const {
+ // RHEL specific error
+ ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED,
+
ERR_CRYPTO_FIPS_FORCED,
ERR_WORKER_UNSUPPORTED_OPERATION,
} = require('internal/errors').codes;
@@ -251,6 +254,13 @@ function getFips() {
}
function setFips(val) {
+ // in RHEL FIPS enable/disable should only be done at system level
+ if (getFips() != val) {
+ throw new ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED();
+ } else {
+ return;
+ }
+
if (getOptionValue('--force-fips')) {
if (val) return;
throw new ERR_CRYPTO_FIPS_FORCED();
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
index a722360..04d8a53 100644
--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
@@ -1060,6 +1060,12 @@ module.exports = {
//
// Note: Node.js specific errors must begin with the prefix ERR_
+// insert RHEL specific erro
+E('ERR_CRYPTO_FIPS_SYSTEM_CONTROLLED',
+ 'Cannot set FIPS mode. FIPS should be enabled/disabled at system level. See' +
+ 'https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n',
+ Error);
+
E('ERR_ACCESS_DENIED',
'Access to this API has been restricted. Permission: %s',
Error);
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
index 5734d8f..ef9d1b1 100644
--- a/src/crypto/crypto_util.cc
+++ b/src/crypto/crypto_util.cc
@@ -121,6 +121,8 @@ bool ProcessFipsOptions() {
/* Override FIPS settings in configuration file, if needed. */
if (per_process::cli_options->enable_fips_crypto ||
per_process::cli_options->force_fips_crypto) {
+ fprintf(stderr, "ERROR: Using options related to FIPS is not recommended, configure FIPS in openssl instead. See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening for more details.\n");
+ return false;
#if OPENSSL_VERSION_MAJOR >= 3
OSSL_PROVIDER* fips_provider = OSSL_PROVIDER_load(nullptr, "fips");
if (fips_provider == nullptr)
--
2.43.2

@ -0,0 +1,203 @@
#!/bin/sh
# Uses Argbash to generate command argument parsing. To update
# arguments, make sure to call
# `argbash nodejs-tarball.sh -o nodejs-tarball.sh`
# ARG_POSITIONAL_SINGLE([version],[Node.js release version],[""])
# ARG_DEFAULTS_POS([])
# ARG_HELP([Tool to aid in Node.js packaging of new releases])
# ARGBASH_GO()
# needed because of Argbash --> m4_ignore([
### START OF CODE GENERATED BY Argbash v2.8.1 one line above ###
# Argbash is a bash code generator used to get arguments parsing right.
# Argbash is FREE SOFTWARE, see https://argbash.io for more info
die()
{
local _ret=$2
test -n "$_ret" || _ret=1
test "$_PRINT_HELP" = yes && print_help >&2
echo "$1" >&2
exit ${_ret}
}
begins_with_short_option()
{
local first_option all_short_options='h'
first_option="${1:0:1}"
test "$all_short_options" = "${all_short_options/$first_option/}" && return 1 || return 0
}
# THE DEFAULTS INITIALIZATION - POSITIONALS
_positionals=()
_arg_version=""
# THE DEFAULTS INITIALIZATION - OPTIONALS
print_help()
{
printf '%s\n' "Tool to aid in Node.js packaging of new releases"
printf 'Usage: %s [-h|--help] [<version>]\n' "$0"
printf '\t%s\n' "<version>: Node.js release version (default: '""')"
printf '\t%s\n' "-h, --help: Prints help"
}
parse_commandline()
{
_positionals_count=0
while test $# -gt 0
do
_key="$1"
case "$_key" in
-h|--help)
print_help
exit 0
;;
-h*)
print_help
exit 0
;;
*)
_last_positional="$1"
_positionals+=("$_last_positional")
_positionals_count=$((_positionals_count + 1))
;;
esac
shift
done
}
handle_passed_args_count()
{
test "${_positionals_count}" -le 1 || _PRINT_HELP=yes die "FATAL ERROR: There were spurious positional arguments --- we expect between 0 and 1, but got ${_positionals_count} (the last one was: '${_last_positional}')." 1
}
assign_positional_args()
{
local _positional_name _shift_for=$1
_positional_names="_arg_version "
shift "$_shift_for"
for _positional_name in ${_positional_names}
do
test $# -gt 0 || break
eval "$_positional_name=\${1}" || die "Error during argument parsing, possibly an Argbash bug." 1
shift
done
}
parse_commandline "$@"
handle_passed_args_count
assign_positional_args 1 "${_positionals[@]}"
# OTHER STUFF GENERATED BY Argbash
### END OF CODE GENERATED BY Argbash (sortof) ### ])
# [ <-- needed because of Argbash
set -e
echo $_arg_version
if [ x$_arg_version != x ]; then
version=$_arg_version
else
version=$(rpm -q --specfile --qf='%{version}\n' nodejs.spec | head -n1)
fi
rm -f node-v${version}.tar.gz node-v${version}-stripped.tar.gz
wget http://nodejs.org/dist/v${version}/node-v${version}.tar.gz \
http://nodejs.org/dist/v${version}/SHASUMS256.txt
sha256sum -c SHASUMS256.txt --ignore-missing
tar -zxf node-v${version}.tar.gz
rm -rf node-v${version}/deps/openssl
tar -zcf node-v${version}-stripped.tar.gz node-v${version}
# Download the matching version of ICU
rm -f icu4c*-src.tgz icu.md5
ICUMD5=$(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].md5')
wget $(cat node-v${version}/tools/icu/current_ver.dep |jq -r '.[0].url')
ICUTARBALL=$(ls -1 icu4c*-src.tgz)
echo "$ICUMD5 $ICUTARBALL" > icu.md5
md5sum -c icu.md5
rm -f icu.md5 SHASUMS256.txt
#fedpkg new-sources node-v${version}-stripped.tar.gz icu4c*-src.tgz
rm -f node-v${version}.tar.gz
set +e
# Determine the bundled versions of the various packages
echo "Bundled software versions"
echo "-------------------------"
echo
echo "libnode shared object version"
echo "========================="
grep "define NODE_MODULE_VERSION" node-v${version}/src/node_version.h
echo
echo "V8"
echo "========================="
grep "define V8_MAJOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_MINOR_VERSION" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_BUILD_NUMBER" node-v${version}/deps/v8/include/v8-version.h
grep "define V8_PATCH_LEVEL" node-v${version}/deps/v8/include/v8-version.h
echo
echo "c-ares"
echo "========================="
grep "define ARES_VERSION_MAJOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_MINOR" node-v${version}/deps/cares/include/ares_version.h
grep "define ARES_VERSION_PATCH" node-v${version}/deps/cares/include/ares_version.h
echo
echo "llhttp"
echo "========================="
grep "define LLHTTP_VERSION_MAJOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_MINOR" node-v${version}/deps/llhttp/include/llhttp.h
grep "define LLHTTP_VERSION_PATCH" node-v${version}/deps/llhttp/include/llhttp.h
echo
echo "libuv"
echo "========================="
grep "define UV_VERSION_MAJOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_MINOR" node-v${version}/deps/uv/include/uv/version.h
grep "define UV_VERSION_PATCH" node-v${version}/deps/uv/include/uv/version.h
echo
echo "nghttp2"
echo "========================="
grep "define NGHTTP2_VERSION " node-v${version}/deps/nghttp2/lib/includes/nghttp2/nghttp2ver.h
echo
echo "nghttp3"
echo "========================="
grep "define NGHTTP3_VERSION " node-v${version}/deps/ngtcp2/nghttp3/lib/includes/nghttp3/version.h
echo
echo "ngtcp2"
echo "========================="
grep "define NGTCP2_VERSION " node-v${version}/deps/ngtcp2/ngtcp2/lib/includes/ngtcp2/version.h
echo
echo "ICU"
echo "========================="
grep "url" node-v${version}/tools/icu/current_ver.dep
echo
echo "punycode"
echo "========================="
grep "'version'" node-v${version}/lib/punycode.js
echo
echo "uvwasi"
echo "========================="
grep "define UVWASI_VERSION_MAJOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_MINOR" node-v${version}/deps/uvwasi/include/uvwasi.h
grep "define UVWASI_VERSION_PATCH" node-v${version}/deps/uvwasi/include/uvwasi.h
echo
echo "npm"
echo "========================="
grep "\"version\":" node-v${version}/deps/npm/package.json
echo
echo "Make sure these versions match what is in the RPM spec file"
rm -rf node-v${version}
# ] <-- needed because of Argbash

@ -0,0 +1,2 @@
%__nodejs_native_requires %{_rpmconfigdir}/nodejs_native.req
%__nodejs_native_path ^/usr/lib.*/node_modules/.*\\.node$

@ -0,0 +1,2 @@
prefix=/usr/local
python=/usr/bin/python3

@ -0,0 +1,5 @@
# This is the distibution-level configuration file for npm.
# To configure NPM on a system level, use the globalconfig below (defaults to @SYSCONFDIR@/npmrc).
# vim:set filetype=dosini:
globalconfig=@SYSCONFDIR@/npmrc

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save