From c9222dc99309ca921f190b11fd13aaceeec7f01f Mon Sep 17 00:00:00 2001 From: Nigel Banks Date: Fri, 29 Mar 2024 11:08:30 +0100 Subject: [PATCH] First commit. --- .github/workflows/ci.yml | 47 ++ .gitignore | 1 + LICENSE | 21 + README.md | 53 ++ docker-bake.hcl | 146 +++++ nodejs/.dockerignore | 4 + nodejs/Dockerfile | 46 ++ nodejs/README.md | 20 + nodejs/build/APKBUILD | 235 ++++++++ nodejs/build/disable-one-failing-test.patch | 13 + .../disable-running-gyp-on-shared-deps.patch | 22 + .../build/fix-build-with-system-c-ares.patch | 535 ++++++++++++++++++ nodejs/build/nodejs.post-upgrade | 26 + 13 files changed, 1169 insertions(+) create mode 100644 .github/workflows/ci.yml create mode 100644 .gitignore create mode 100644 LICENSE create mode 100644 README.md create mode 100644 docker-bake.hcl create mode 100644 nodejs/.dockerignore create mode 100644 nodejs/Dockerfile create mode 100644 nodejs/README.md create mode 100644 nodejs/build/APKBUILD create mode 100644 nodejs/build/disable-one-failing-test.patch create mode 100644 nodejs/build/disable-running-gyp-on-shared-deps.patch create mode 100644 nodejs/build/fix-build-with-system-c-ares.patch create mode 100644 nodejs/build/nodejs.post-upgrade diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..d1cfe8d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,47 @@ +name: ci + +on: + push: + branches: + - 'main' + tags: + - '*' + +concurrency: + group: ${{ github.ref }} + cancel-in-progress: true + +jobs: + bake: + runs-on: ubuntu-latest + timeout-minutes: 360 + steps: + - + name: Checkout + uses: actions/checkout@v3 + - + name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - + name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v2 + with: + driver-opts: | + image=moby/buildkit:v0.11.1 + network=host + - + name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Set TAG Environment Variable + run: | + echo "TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV + - + name: Build and push + run: | + docker buildx bake --builder ${{ steps.buildx.outputs.name }} ci --push + docker buildx imagetools create -t islandora/nodejs:${TAG} islandora/nodejs:${TAG}-amd64 islandora/nodejs:${TAG}-arm64 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a2661ad --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +certs/ \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..ef558db --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Islandora + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..f4e8861 --- /dev/null +++ b/README.md @@ -0,0 +1,53 @@ +# ISLE: NodeJS + +[![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](./LICENSE) +[![CI](https://github.com/Islandora-Devops/isle-nodejs/actions/workflows/ci.yml/badge.svg)](https://github.com/Islandora-Devops/isle-nodejs/actions/workflows/ci.yml) + +- [Introduction](#introduction) +- [Requirements](#requirements) +- [Host-platform Builds](#host-platform-builds) +- [Multi-platform builds](#multi-platform-builds) + +## Introduction + +This repository provides the `islandora/nodejs` image which only exists to +provide a custom Alpine APK package(s). As `code-server` is often one or two +versions behind what gets shipped with Alpine. + +Since this does not change often and takes a very long time to cross compile for +both platforms it's been moved to it's own repository. + +## Requirements + +To build the Docker images using the provided Gradle build scripts requires: + +- [Docker 20+](https://docs.docker.com/get-docker/) + +## Host-platform Builds + +You can build your host platform locally using the default builder like so. + +```bash +docker context use default +docker buildx bake +``` + +## Multi-platform builds + +To test multi-arch builds and remote build caching requires setting up a local +registry. + +Please use [isle-builder] to create a builder to simplify this process. Using +the defaults provided, .e.g: + +``` +make start +``` + +After which you should be able to build with the following command: + +```bash +REPOSITORY=islandora.io docker buildx bake --builder isle-builder ci --push +``` + +[isle-builder]: https://github.com/Islandora-Devops/isle-builder \ No newline at end of file diff --git a/docker-bake.hcl b/docker-bake.hcl new file mode 100644 index 0000000..b35a00a --- /dev/null +++ b/docker-bake.hcl @@ -0,0 +1,146 @@ +############################################################################### +# Variables +############################################################################### +variable "REPOSITORY" { + default = "islandora" +} + +variable "CACHE_FROM_REPOSITORY" { + default = "islandora" +} + +variable "CACHE_TO_REPOSITORY" { + default = "islandora" +} + +variable "TAG" { + # "local" is to distinguish that from builds produced locally. + default = "local" +} + +variable "SOURCE_DATE_EPOCH" { + default = "0" +} + +############################################################################### +# Functions +############################################################################### +function hostArch { + params = [] + result = equal("linux/amd64", BAKE_LOCAL_PLATFORM) ? "amd64" : "arm64" # Only two platforms supported. +} + +function "tags" { + params = [image, arch] + result = ["${REPOSITORY}/${image}:${TAG}-${arch}"] +} + +function "cacheFrom" { + params = [image, arch] + result = ["type=registry,ref=${CACHE_FROM_REPOSITORY}/cache:${image}-main-${arch}", "type=registry,ref=${CACHE_FROM_REPOSITORY}/cache:${image}-${TAG}-${arch}"] +} + +function "cacheTo" { + params = [image, arch] + result = ["type=registry,oci-mediatypes=true,mode=max,compression=estargz,compression-level=5,ref=${CACHE_TO_REPOSITORY}/cache:${image}-${TAG}-${arch}"] +} + +############################################################################### +# Groups +############################################################################### +group "default" { + targets = [ + "nodejs" + ] +} + +group "amd64" { + targets = [ + "nodejs-amd64", + ] +} + +group "arm64" { + targets = [ + "nodejs-arm64", + ] +} + +# CI should build both and push to the remote cache. +group "ci" { + targets = [ + "nodejs-amd64-ci", + "nodejs-arm64-ci", + ] +} + +############################################################################### +# Common target properties. +############################################################################### +target "common" { + args = { + # Required for reproduciable builds. + # Requires Buildkit 0.11+ + # See: https://reproducible-builds.org/docs/source-date-epoch/ + SOURCE_DATE_EPOCH = "${SOURCE_DATE_EPOCH}", + } +} + +target "amd64-common" { + platforms = ["linux/amd64"] +} + +target "arm64-common" { + platforms = ["linux/arm64"] +} + +target "nodejs-common" { + inherits = ["common"] + context = "nodejs" + contexts = { + # The digest (sha256 hash) is not platform specific but the digest for the manifest of all platforms. + # It will be the digest printed when you do: docker pull alpine:3.17.1 + # Not the one displayed on DockerHub. + # N.B. This should match the value used in: + # - + # - + alpine = "docker-image://alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b" + } +} + +############################################################################### +# Default Image targets for local builds. +############################################################################### +target "nodejs" { + inherits = ["nodejs-common"] + cache-from = cacheFrom("nodejs", hostArch()) + tags = tags("nodejs", "") +} + +############################################################################### +# linux/amd64 targets. +############################################################################### +target "nodejs-amd64" { + inherits = ["nodejs-common", "amd64-common"] + cache-from = cacheFrom("nodejs", "amd64") + tags = tags("nodejs", "amd64") +} + +target "nodejs-amd64-ci" { + inherits = ["nodejs-amd64"] + cache-to = cacheTo("nodejs", "amd64") +} + +############################################################################### +# linux/arm64 targets. +############################################################################### +target "nodejs-arm64" { + inherits = ["nodejs-common", "arm64-common"] + cache-from = cacheFrom("nodejs", "arm64") + tags = tags("nodejs", "arm64") +} + +target "nodejs-arm64-ci" { + inherits = ["nodejs-arm64"] + cache-to = cacheTo("nodejs", "arm64") +} \ No newline at end of file diff --git a/nodejs/.dockerignore b/nodejs/.dockerignore new file mode 100644 index 0000000..1b2f9f5 --- /dev/null +++ b/nodejs/.dockerignore @@ -0,0 +1,4 @@ +build.gradle.kts +README.md +tests +tests/**/* diff --git a/nodejs/Dockerfile b/nodejs/Dockerfile new file mode 100644 index 0000000..5be89a6 --- /dev/null +++ b/nodejs/Dockerfile @@ -0,0 +1,46 @@ +# syntax=docker/dockerfile:1.5.1 +FROM alpine + +ARG TARGETARCH + +RUN --mount=type=cache,id=abuild-apk-${TARGETARCH},sharing=locked,target=/var/cache/apk \ + apk add \ + alpine-sdk \ + bash \ + sudo \ + && \ + adduser -G abuild -g "Alpine Package Builder" -s /bin/ash -D builder && \ + echo "builder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers + +ENV PACKAGER="Nigel Banks " + +USER builder + +SHELL ["/bin/bash", "-c"] + +ARG TARGETARCH + +# Platform specific does require arch specific identifier. +RUN --mount=type=bind,readwrite=true,source=build,target=/build \ + --mount=type=cache,id=nodejs-apk-${TARGETARCH},sharing=locked,target=/var/cache/apk \ + export PACKAGES=(\ + brotli-dev \ + c-ares-dev \ + icu-dev \ + linux-headers \ + nghttp2-dev \ + openssl-dev \ + py3-jinja2 \ + python3 \ + samurai \ + zlib-dev \ + ) && \ + sudo apk add "${PACKAGES[@]}" && \ + sudo mkdir -p /packages && \ + sudo chown -R builder /build && \ + cd /build && \ + abuild-keygen -ain && \ + abuild-apk update && \ + abuild && \ + sudo apk del "${PACKAGES[@]}" && \ + sudo mv $(find /home/builder/packages/* -type f) /packages diff --git a/nodejs/README.md b/nodejs/README.md new file mode 100644 index 0000000..de152c8 --- /dev/null +++ b/nodejs/README.md @@ -0,0 +1,20 @@ +# NodeJS + +Docker image for `nodejs` package. + +It is not meant to be deployed as a service, but rather as base to import our +custom nodejs build into containers like `islandora/code-server`. + +Consumers are expected to follow this pattern: + +```dockerfile +FROM islandora/nodejs:latest as nodejs + +FROM some_image:latest + +RUN --mount=type=bind,from=nodejs,source=/home/builder/packages/x86_64,target=/packages \ + --mount=type=bind,from=nodejs,source=/etc/apk/keys,target=/etc/apk/keys \ + apk add /packages/nodejs-*.apk && \ + ... other build steps ... && \ + cleanup.sh +``` diff --git a/nodejs/build/APKBUILD b/nodejs/build/APKBUILD new file mode 100644 index 0000000..384987e --- /dev/null +++ b/nodejs/build/APKBUILD @@ -0,0 +1,235 @@ +# Adapted from: https://git.alpinelinux.org/aports/tree/community/imagemagick/APKBUILD +# Contributor: Nigel Banks +# Contributor: Jose-Luis Rivas +# Contributor: Jakub Jirutka +# Contributor: Dave Esaias +# Contributor: Tadahisa Kamijo +# Contributor: Eivind Uggedal +# Maintainer: Jakub Jirutka +# +# secfixes: +# 18.18.2-r0: +# - CVE-2023-45143 +# - CVE-2023-38552 +# - CVE-2023-39333 +# 18.17.1-r0: +# - CVE-2023-32002 +# - CVE-2023-32006 +# - CVE-2023-32559 +# 18.14.1-r0: +# - CVE-2023-23918 +# - CVE-2023-23919 +# - CVE-2023-23920 +# - CVE-2023-23936 +# - CVE-2023-24807 +# 18.12.1-r0: +# - CVE-2022-3602 +# - CVE-2022-3786 +# - CVE-2022-43548 +# 16.17.1-r0: +# - CVE-2022-32213 +# - CVE-2022-32214 +# - CVE-2022-32215 +# - CVE-2022-35255 +# - CVE-2022-35256 +# 16.13.2-r0: +# - CVE-2021-44531 +# - CVE-2021-44532 +# - CVE-2021-44533 +# - CVE-2022-21824 +# 14.18.1-r0: +# - CVE-2021-22959 +# - CVE-2021-22960 +# 14.17.6-r0: +# - CVE-2021-37701 +# - CVE-2021-37712 +# - CVE-2021-37713 +# - CVE-2021-39134 +# - CVE-2021-39135 +# 14.17.5-r0: +# - CVE-2021-3672 +# - CVE-2021-22931 +# - CVE-2021-22939 +# 14.17.4-r0: +# - CVE-2021-22930 +# 14.16.1-r0: +# - CVE-2020-7774 +# 14.16.0-r0: +# - CVE-2021-22883 +# - CVE-2021-22884 +# 14.15.5-r0: +# - CVE-2021-21148 +# 14.15.4-r0: +# - CVE-2020-8265 +# - CVE-2020-8287 +# 14.15.1-r0: +# - CVE-2020-8277 +# 12.18.4-r0: +# - CVE-2020-8201 +# - CVE-2020-8252 +# 12.18.0-r0: +# - CVE-2020-8172 +# - CVE-2020-11080 +# - CVE-2020-8174 +# 12.15.0-r0: +# - CVE-2019-15606 +# - CVE-2019-15605 +# - CVE-2019-15604 +# 10.16.3-r0: +# - CVE-2019-9511 +# - CVE-2019-9512 +# - CVE-2019-9513 +# - CVE-2019-9514 +# - CVE-2019-9515 +# - CVE-2019-9516 +# - CVE-2019-9517 +# - CVE-2019-9518 +# 10.15.3-r0: +# - CVE-2019-5737 +# 10.14.0-r0: +# - CVE-2018-12121 +# - CVE-2018-12122 +# - CVE-2018-12123 +# - CVE-2018-0735 +# - CVE-2018-0734 +# 8.11.4-r0: +# - CVE-2018-12115 +# 8.11.3-r0: +# - CVE-2018-7167 +# - CVE-2018-7161 +# - CVE-2018-1000168 +# 8.11.0-r0: +# - CVE-2018-7158 +# - CVE-2018-7159 +# - CVE-2018-7160 +# 8.9.3-r0: +# - CVE-2017-15896 +# - CVE-2017-15897 +# 6.11.5-r0: +# - CVE-2017-14919 +# 6.11.1-r0: +# - CVE-2017-1000381 +# 0: +# - CVE-2021-43803 +# - CVE-2022-32212 +# - CVE-2023-44487 +pkgname=nodejs +# Note: Update only to even-numbered versions (e.g. 6.y.z, 8.y.z)! +# Odd-numbered versions are supported only for 9 months by upstream. +pkgver=18.19.1 +pkgrel=0 +pkgdesc="JavaScript runtime built on V8 engine - LTS version" +url="https://nodejs.org/" +arch="all" +license="MIT" +depends="ca-certificates" +makedepends=" + brotli-dev + c-ares-dev + icu-dev + linux-headers + nghttp2-dev + openssl-dev + py3-jinja2 + python3 + samurai + zlib-dev + " +install="$pkgname.post-upgrade" +subpackages="$pkgname-dev $pkgname-doc" +provider_priority=100 # highest priority (other provider is nodejs-current) +provides="nodejs-lts=$pkgver-r$pkgrel" # for backward compatibility +replaces="nodejs-current nodejs-lts" # nodejs-lts for backward compatibility +source="https://nodejs.org/dist/v$pkgver/node-v$pkgver.tar.gz + disable-running-gyp-on-shared-deps.patch + fix-build-with-system-c-ares.patch + " +builddir="$srcdir/node-v$pkgver" + +case "$CARCH" in + # riscv binutils linker is broken. + riscv64) options="$options textrels";; +esac + +prepare() { + default_prepare + + # openssl.cnf is required for build. + mv deps/openssl/nodejs-openssl.cnf . + + # Remove bundled dependencies that we're not using. + rm -rf deps/brotli \ + deps/cares \ + deps/corepack \ + deps/openssl/* \ + deps/v8/third_party/jinja2 \ + deps/zlib \ + tools/inspector_protocol/jinja2 + + mv nodejs-openssl.cnf deps/openssl/ + + # the build system tries to import from the riscv folder for some reason + # the push_registers_asm.cc has definitions fo 64 bit riscv only + cp -r deps/v8/src/heap/base/asm/riscv64 deps/v8/src/heap/base/asm/riscv +} + +build() { + # Add defines recommended in libuv readme. + local common_flags="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + + # Compiling with O2 instead of Os increases binary size by ~10% + # (53.1 MiB -> 58.6 MiB), but also increases performance by ~20% + # according to v8/web-tooling-benchmark. Node.js is quite huge anyway; + # there are better options for size constrained environments. + export CFLAGS="${CFLAGS/-Os/-O2} $common_flags" + export CXXFLAGS="${CXXFLAGS/-Os/-O2} $common_flags" + export CPPFLAGS="${CPPFLAGS/-Os/-O2} $common_flags" + + # NOTE: We use bundled libuv because they don't care much about backward + # compatibility and it has happened several times in past that we + # couldn't upgrade nodejs package in stable branches to fix CVEs due to + # libuv incompatibility. + # + # NOTE: We don't package the bundled npm - it's a separate project with + # its own release cycle and version numbering, so it's better to keep + # it in a standalone aport. + # + # TODO: Fix and enable corepack. + python3 configure.py --prefix=/usr \ + --shared-brotli \ + --shared-zlib \ + --shared-openssl \ + --shared-cares \ + --shared-nghttp2 \ + --ninja \ + --openssl-use-def-ca-store \ + --with-icu-default-data-dir=$(icu-config --icudatadir) \ + --with-intl=system-icu \ + --without-corepack \ + --without-npm + + make -j $(nproc) BUILDTYPE=Release +} + +# TODO Run provided test suite. +check() { + cd "$builddir"/out/Release + + ./node -e 'console.log("Hello, world!")' + ./node -e "require('assert').equal(process.versions.node, '$pkgver')" +} + +package() { + make -j $(nproc) DESTDIR="$pkgdir" install +} + +dev() { + provides="nodejs-lts-dev=$pkgver" # for backward compatibility + default_dev +} + +sha512sums=" +039359089d0383808ac3929b97995d23bfa02b4cd150492888942fd51d6d7d60df174dbf14d7764dae379d4251ca02b6c1702bce8b79d4f99fff23c7874469f7 node-v18.19.1.tar.gz +8c264eefc0bfa9dd57656f9f515e940d5c21b8d836dc549031ee559ba909643f4f2495b8b392ee9976c5eed7c3b4a09db876bbe0f7fcd5b2bf63fafca37bffc2 disable-running-gyp-on-shared-deps.patch +30ca1ce7f9512c943950b8eec98bca99d24c740ebaa14619292fe5ed931dcf603ca90afb1d704ca7f545e421752ba4dde81c0c5bbb5242eb1726739ca627e15f fix-build-with-system-c-ares.patch +" \ No newline at end of file diff --git a/nodejs/build/disable-one-failing-test.patch b/nodejs/build/disable-one-failing-test.patch new file mode 100644 index 0000000..196e790 --- /dev/null +++ b/nodejs/build/disable-one-failing-test.patch @@ -0,0 +1,13 @@ +diff --git a/prog/Makefile.am b/prog/Makefile.am +index 486bea8..305d171 100644 +--- a/prog/Makefile.am ++++ b/prog/Makefile.am +@@ -36,7 +36,7 @@ AUTO_REG_PROGS = adaptmap_reg adaptnorm_reg affine_reg alphaops_reg \ + overlap_reg pageseg_reg paint_reg paintmask_reg \ + pdfio1_reg pdfio2_reg pdfseg_reg \ + pixa1_reg pixa2_reg pixadisp_reg pixcomp_reg \ +- pixmem_reg pixserial_reg pngio_reg pnmio_reg \ ++ pixmem_reg pixserial_reg pnmio_reg \ + projection_reg projective_reg \ + psio_reg psioseg_reg pta_reg \ + ptra1_reg ptra2_reg \ diff --git a/nodejs/build/disable-running-gyp-on-shared-deps.patch b/nodejs/build/disable-running-gyp-on-shared-deps.patch new file mode 100644 index 0000000..ce3cbe2 --- /dev/null +++ b/nodejs/build/disable-running-gyp-on-shared-deps.patch @@ -0,0 +1,22 @@ +From: Jakub Jirutka +Date: Sat, 26 Nov 2016 01:32:00 +0200 +Subject: Disable running gyp on shared deps + +Author: Stephen Gallagher + +Modified 2016-11-26 by Jakub Jirutka to update for +Node.js 7.2.0 + +diff --git a/Makefile b/Makefile +index 94013466..de3f5e9a 100644 +--- a/Makefile ++++ b/Makefile +@@ -169,7 +169,7 @@ with-code-cache test-code-cache: + $(warning '$@' target is a noop) + + out/Makefile: config.gypi common.gypi node.gyp \ +- deps/uv/uv.gyp deps/llhttp/llhttp.gyp deps/zlib/zlib.gyp \ ++ deps/uv/uv.gyp deps/llhttp/llhttp.gyp \ + deps/simdutf/simdutf.gyp deps/ada/ada.gyp \ + tools/v8_gypfiles/toolchain.gypi tools/v8_gypfiles/features.gypi \ + tools/v8_gypfiles/inspector.gypi tools/v8_gypfiles/v8.gyp diff --git a/nodejs/build/fix-build-with-system-c-ares.patch b/nodejs/build/fix-build-with-system-c-ares.patch new file mode 100644 index 0000000..8121891 --- /dev/null +++ b/nodejs/build/fix-build-with-system-c-ares.patch @@ -0,0 +1,535 @@ +From aff98a5667c22794e2eaf658f6dfbee54cdd4a3b Mon Sep 17 00:00:00 2001 +From: Felix Yan +Date: Thu, 12 Aug 2021 02:44:43 +0800 +Subject: [PATCH 1/2] deps: fix building with system c-ares on Linux +Patch-Source: https://github.com/nodejs/node/pull/39739 + +The change in #39724 breaks building with system c-ares +(`--shared-cares`): +``` +In file included from ../src/cares_wrap.cc:25: +../src/cares_wrap.h:25:11: fatal error: ares_nameser.h: No such file or +directory + 25 | # include + | ^~~~~~~~~~~~~~~~ +``` + +Since `ares_nameser.h` isn't available with a default system c-ares +installation, let's copy it as our private header here. + +Tested to build fine on Arch Linux with shared c-ares. +--- + src/ares_nameser.h | 482 +++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 482 insertions(+) + create mode 100644 src/ares_nameser.h + +diff --git a/src/ares_nameser.h b/src/ares_nameser.h +new file mode 100644 +index 000000000000..5270e5a3a6a0 +--- /dev/null ++++ b/src/ares_nameser.h +@@ -0,0 +1,482 @@ ++ ++#ifndef ARES_NAMESER_H ++#define ARES_NAMESER_H ++ ++#ifdef HAVE_ARPA_NAMESER_H ++# include ++#endif ++#ifdef HAVE_ARPA_NAMESER_COMPAT_H ++# include ++#endif ++ ++/* ============================================================================ ++ * arpa/nameser.h may or may not provide ALL of the below defines, so check ++ * each one individually and set if not ++ * ============================================================================ ++ */ ++ ++#ifndef NS_PACKETSZ ++# define NS_PACKETSZ 512 /* maximum packet size */ ++#endif ++ ++#ifndef NS_MAXDNAME ++# define NS_MAXDNAME 256 /* maximum domain name */ ++#endif ++ ++#ifndef NS_MAXCDNAME ++# define NS_MAXCDNAME 255 /* maximum compressed domain name */ ++#endif ++ ++#ifndef NS_MAXLABEL ++# define NS_MAXLABEL 63 ++#endif ++ ++#ifndef NS_HFIXEDSZ ++# define NS_HFIXEDSZ 12 /* #/bytes of fixed data in header */ ++#endif ++ ++#ifndef NS_QFIXEDSZ ++# define NS_QFIXEDSZ 4 /* #/bytes of fixed data in query */ ++#endif ++ ++#ifndef NS_RRFIXEDSZ ++# define NS_RRFIXEDSZ 10 /* #/bytes of fixed data in r record */ ++#endif ++ ++#ifndef NS_INT16SZ ++# define NS_INT16SZ 2 ++#endif ++ ++#ifndef NS_INADDRSZ ++# define NS_INADDRSZ 4 ++#endif ++ ++#ifndef NS_IN6ADDRSZ ++# define NS_IN6ADDRSZ 16 ++#endif ++ ++#ifndef NS_CMPRSFLGS ++# define NS_CMPRSFLGS 0xc0 /* Flag bits indicating name compression. */ ++#endif ++ ++#ifndef NS_DEFAULTPORT ++# define NS_DEFAULTPORT 53 /* For both TCP and UDP. */ ++#endif ++ ++/* ============================================================================ ++ * arpa/nameser.h should provide these enumerations always, so if not found, ++ * provide them ++ * ============================================================================ ++ */ ++#ifndef HAVE_ARPA_NAMESER_H ++ ++typedef enum __ns_class { ++ ns_c_invalid = 0, /* Cookie. */ ++ ns_c_in = 1, /* Internet. */ ++ ns_c_2 = 2, /* unallocated/unsupported. */ ++ ns_c_chaos = 3, /* MIT Chaos-net. */ ++ ns_c_hs = 4, /* MIT Hesiod. */ ++ /* Query class values which do not appear in resource records */ ++ ns_c_none = 254, /* for prereq. sections in update requests */ ++ ns_c_any = 255, /* Wildcard match. */ ++ ns_c_max = 65536 ++} ns_class; ++ ++typedef enum __ns_type { ++ ns_t_invalid = 0, /* Cookie. */ ++ ns_t_a = 1, /* Host address. */ ++ ns_t_ns = 2, /* Authoritative server. */ ++ ns_t_md = 3, /* Mail destination. */ ++ ns_t_mf = 4, /* Mail forwarder. */ ++ ns_t_cname = 5, /* Canonical name. */ ++ ns_t_soa = 6, /* Start of authority zone. */ ++ ns_t_mb = 7, /* Mailbox domain name. */ ++ ns_t_mg = 8, /* Mail group member. */ ++ ns_t_mr = 9, /* Mail rename name. */ ++ ns_t_null = 10, /* Null resource record. */ ++ ns_t_wks = 11, /* Well known service. */ ++ ns_t_ptr = 12, /* Domain name pointer. */ ++ ns_t_hinfo = 13, /* Host information. */ ++ ns_t_minfo = 14, /* Mailbox information. */ ++ ns_t_mx = 15, /* Mail routing information. */ ++ ns_t_txt = 16, /* Text strings. */ ++ ns_t_rp = 17, /* Responsible person. */ ++ ns_t_afsdb = 18, /* AFS cell database. */ ++ ns_t_x25 = 19, /* X_25 calling address. */ ++ ns_t_isdn = 20, /* ISDN calling address. */ ++ ns_t_rt = 21, /* Router. */ ++ ns_t_nsap = 22, /* NSAP address. */ ++ ns_t_nsap_ptr = 23, /* Reverse NSAP lookup (deprecated). */ ++ ns_t_sig = 24, /* Security signature. */ ++ ns_t_key = 25, /* Security key. */ ++ ns_t_px = 26, /* X.400 mail mapping. */ ++ ns_t_gpos = 27, /* Geographical position (withdrawn). */ ++ ns_t_aaaa = 28, /* Ip6 Address. */ ++ ns_t_loc = 29, /* Location Information. */ ++ ns_t_nxt = 30, /* Next domain (security). */ ++ ns_t_eid = 31, /* Endpoint identifier. */ ++ ns_t_nimloc = 32, /* Nimrod Locator. */ ++ ns_t_srv = 33, /* Server Selection. */ ++ ns_t_atma = 34, /* ATM Address */ ++ ns_t_naptr = 35, /* Naming Authority PoinTeR */ ++ ns_t_kx = 36, /* Key Exchange */ ++ ns_t_cert = 37, /* Certification record */ ++ ns_t_a6 = 38, /* IPv6 address (deprecates AAAA) */ ++ ns_t_dname = 39, /* Non-terminal DNAME (for IPv6) */ ++ ns_t_sink = 40, /* Kitchen sink (experimentatl) */ ++ ns_t_opt = 41, /* EDNS0 option (meta-RR) */ ++ ns_t_apl = 42, /* Address prefix list (RFC3123) */ ++ ns_t_ds = 43, /* Delegation Signer (RFC4034) */ ++ ns_t_sshfp = 44, /* SSH Key Fingerprint (RFC4255) */ ++ ns_t_rrsig = 46, /* Resource Record Signature (RFC4034) */ ++ ns_t_nsec = 47, /* Next Secure (RFC4034) */ ++ ns_t_dnskey = 48, /* DNS Public Key (RFC4034) */ ++ ns_t_tkey = 249, /* Transaction key */ ++ ns_t_tsig = 250, /* Transaction signature. */ ++ ns_t_ixfr = 251, /* Incremental zone transfer. */ ++ ns_t_axfr = 252, /* Transfer zone of authority. */ ++ ns_t_mailb = 253, /* Transfer mailbox records. */ ++ ns_t_maila = 254, /* Transfer mail agent records. */ ++ ns_t_any = 255, /* Wildcard match. */ ++ ns_t_zxfr = 256, /* BIND-specific, nonstandard. */ ++ ns_t_caa = 257, /* Certification Authority Authorization. */ ++ ns_t_max = 65536 ++} ns_type; ++ ++typedef enum __ns_opcode { ++ ns_o_query = 0, /* Standard query. */ ++ ns_o_iquery = 1, /* Inverse query (deprecated/unsupported). */ ++ ns_o_status = 2, /* Name server status query (unsupported). */ ++ /* Opcode 3 is undefined/reserved. */ ++ ns_o_notify = 4, /* Zone change notification. */ ++ ns_o_update = 5, /* Zone update message. */ ++ ns_o_max = 6 ++} ns_opcode; ++ ++typedef enum __ns_rcode { ++ ns_r_noerror = 0, /* No error occurred. */ ++ ns_r_formerr = 1, /* Format error. */ ++ ns_r_servfail = 2, /* Server failure. */ ++ ns_r_nxdomain = 3, /* Name error. */ ++ ns_r_notimpl = 4, /* Unimplemented. */ ++ ns_r_refused = 5, /* Operation refused. */ ++ /* these are for BIND_UPDATE */ ++ ns_r_yxdomain = 6, /* Name exists */ ++ ns_r_yxrrset = 7, /* RRset exists */ ++ ns_r_nxrrset = 8, /* RRset does not exist */ ++ ns_r_notauth = 9, /* Not authoritative for zone */ ++ ns_r_notzone = 10, /* Zone of record different from zone section */ ++ ns_r_max = 11, ++ /* The following are TSIG extended errors */ ++ ns_r_badsig = 16, ++ ns_r_badkey = 17, ++ ns_r_badtime = 18 ++} ns_rcode; ++ ++#endif /* HAVE_ARPA_NAMESER_H */ ++ ++ ++/* ============================================================================ ++ * arpa/nameser_compat.h typically sets these. However on some systems ++ * arpa/nameser.h does, but may not set all of them. Lets conditionally ++ * define each ++ * ============================================================================ ++ */ ++ ++#ifndef PACKETSZ ++# define PACKETSZ NS_PACKETSZ ++#endif ++ ++#ifndef MAXDNAME ++# define MAXDNAME NS_MAXDNAME ++#endif ++ ++#ifndef MAXCDNAME ++# define MAXCDNAME NS_MAXCDNAME ++#endif ++ ++#ifndef MAXLABEL ++# define MAXLABEL NS_MAXLABEL ++#endif ++ ++#ifndef HFIXEDSZ ++# define HFIXEDSZ NS_HFIXEDSZ ++#endif ++ ++#ifndef QFIXEDSZ ++# define QFIXEDSZ NS_QFIXEDSZ ++#endif ++ ++#ifndef RRFIXEDSZ ++# define RRFIXEDSZ NS_RRFIXEDSZ ++#endif ++ ++#ifndef INDIR_MASK ++# define INDIR_MASK NS_CMPRSFLGS ++#endif ++ ++#ifndef NAMESERVER_PORT ++# define NAMESERVER_PORT NS_DEFAULTPORT ++#endif ++ ++ ++/* opcodes */ ++#ifndef O_QUERY ++# define O_QUERY 0 /* ns_o_query */ ++#endif ++#ifndef O_IQUERY ++# define O_IQUERY 1 /* ns_o_iquery */ ++#endif ++#ifndef O_STATUS ++# define O_STATUS 2 /* ns_o_status */ ++#endif ++#ifndef O_NOTIFY ++# define O_NOTIFY 4 /* ns_o_notify */ ++#endif ++#ifndef O_UPDATE ++# define O_UPDATE 5 /* ns_o_update */ ++#endif ++ ++ ++/* response codes */ ++#ifndef SERVFAIL ++# define SERVFAIL ns_r_servfail ++#endif ++#ifndef NOTIMP ++# define NOTIMP ns_r_notimpl ++#endif ++#ifndef REFUSED ++# define REFUSED ns_r_refused ++#endif ++#if defined(_WIN32) && !defined(HAVE_ARPA_NAMESER_COMPAT_H) && defined(NOERROR) ++# undef NOERROR /* it seems this is already defined in winerror.h */ ++#endif ++#ifndef NOERROR ++# define NOERROR ns_r_noerror ++#endif ++#ifndef FORMERR ++# define FORMERR ns_r_formerr ++#endif ++#ifndef NXDOMAIN ++# define NXDOMAIN ns_r_nxdomain ++#endif ++/* Non-standard response codes, use numeric values */ ++#ifndef YXDOMAIN ++# define YXDOMAIN 6 /* ns_r_yxdomain */ ++#endif ++#ifndef YXRRSET ++# define YXRRSET 7 /* ns_r_yxrrset */ ++#endif ++#ifndef NXRRSET ++# define NXRRSET 8 /* ns_r_nxrrset */ ++#endif ++#ifndef NOTAUTH ++# define NOTAUTH 9 /* ns_r_notauth */ ++#endif ++#ifndef NOTZONE ++# define NOTZONE 10 /* ns_r_notzone */ ++#endif ++#ifndef TSIG_BADSIG ++# define TSIG_BADSIG 16 /* ns_r_badsig */ ++#endif ++#ifndef TSIG_BADKEY ++# define TSIG_BADKEY 17 /* ns_r_badkey */ ++#endif ++#ifndef TSIG_BADTIME ++# define TSIG_BADTIME 18 /* ns_r_badtime */ ++#endif ++ ++ ++/* classes */ ++#ifndef C_IN ++# define C_IN 1 /* ns_c_in */ ++#endif ++#ifndef C_CHAOS ++# define C_CHAOS 3 /* ns_c_chaos */ ++#endif ++#ifndef C_HS ++# define C_HS 4 /* ns_c_hs */ ++#endif ++#ifndef C_NONE ++# define C_NONE 254 /* ns_c_none */ ++#endif ++#ifndef C_ANY ++# define C_ANY 255 /* ns_c_any */ ++#endif ++ ++ ++/* types */ ++#ifndef T_A ++# define T_A 1 /* ns_t_a */ ++#endif ++#ifndef T_NS ++# define T_NS 2 /* ns_t_ns */ ++#endif ++#ifndef T_MD ++# define T_MD 3 /* ns_t_md */ ++#endif ++#ifndef T_MF ++# define T_MF 4 /* ns_t_mf */ ++#endif ++#ifndef T_CNAME ++# define T_CNAME 5 /* ns_t_cname */ ++#endif ++#ifndef T_SOA ++# define T_SOA 6 /* ns_t_soa */ ++#endif ++#ifndef T_MB ++# define T_MB 7 /* ns_t_mb */ ++#endif ++#ifndef T_MG ++# define T_MG 8 /* ns_t_mg */ ++#endif ++#ifndef T_MR ++# define T_MR 9 /* ns_t_mr */ ++#endif ++#ifndef T_NULL ++# define T_NULL 10 /* ns_t_null */ ++#endif ++#ifndef T_WKS ++# define T_WKS 11 /* ns_t_wks */ ++#endif ++#ifndef T_PTR ++# define T_PTR 12 /* ns_t_ptr */ ++#endif ++#ifndef T_HINFO ++# define T_HINFO 13 /* ns_t_hinfo */ ++#endif ++#ifndef T_MINFO ++# define T_MINFO 14 /* ns_t_minfo */ ++#endif ++#ifndef T_MX ++# define T_MX 15 /* ns_t_mx */ ++#endif ++#ifndef T_TXT ++# define T_TXT 16 /* ns_t_txt */ ++#endif ++#ifndef T_RP ++# define T_RP 17 /* ns_t_rp */ ++#endif ++#ifndef T_AFSDB ++# define T_AFSDB 18 /* ns_t_afsdb */ ++#endif ++#ifndef T_X25 ++# define T_X25 19 /* ns_t_x25 */ ++#endif ++#ifndef T_ISDN ++# define T_ISDN 20 /* ns_t_isdn */ ++#endif ++#ifndef T_RT ++# define T_RT 21 /* ns_t_rt */ ++#endif ++#ifndef T_NSAP ++# define T_NSAP 22 /* ns_t_nsap */ ++#endif ++#ifndef T_NSAP_PTR ++# define T_NSAP_PTR 23 /* ns_t_nsap_ptr */ ++#endif ++#ifndef T_SIG ++# define T_SIG 24 /* ns_t_sig */ ++#endif ++#ifndef T_KEY ++# define T_KEY 25 /* ns_t_key */ ++#endif ++#ifndef T_PX ++# define T_PX 26 /* ns_t_px */ ++#endif ++#ifndef T_GPOS ++# define T_GPOS 27 /* ns_t_gpos */ ++#endif ++#ifndef T_AAAA ++# define T_AAAA 28 /* ns_t_aaaa */ ++#endif ++#ifndef T_LOC ++# define T_LOC 29 /* ns_t_loc */ ++#endif ++#ifndef T_NXT ++# define T_NXT 30 /* ns_t_nxt */ ++#endif ++#ifndef T_EID ++# define T_EID 31 /* ns_t_eid */ ++#endif ++#ifndef T_NIMLOC ++# define T_NIMLOC 32 /* ns_t_nimloc */ ++#endif ++#ifndef T_SRV ++# define T_SRV 33 /* ns_t_srv */ ++#endif ++#ifndef T_ATMA ++# define T_ATMA 34 /* ns_t_atma */ ++#endif ++#ifndef T_NAPTR ++# define T_NAPTR 35 /* ns_t_naptr */ ++#endif ++#ifndef T_KX ++# define T_KX 36 /* ns_t_kx */ ++#endif ++#ifndef T_CERT ++# define T_CERT 37 /* ns_t_cert */ ++#endif ++#ifndef T_A6 ++# define T_A6 38 /* ns_t_a6 */ ++#endif ++#ifndef T_DNAME ++# define T_DNAME 39 /* ns_t_dname */ ++#endif ++#ifndef T_SINK ++# define T_SINK 40 /* ns_t_sink */ ++#endif ++#ifndef T_OPT ++# define T_OPT 41 /* ns_t_opt */ ++#endif ++#ifndef T_APL ++# define T_APL 42 /* ns_t_apl */ ++#endif ++#ifndef T_DS ++# define T_DS 43 /* ns_t_ds */ ++#endif ++#ifndef T_SSHFP ++# define T_SSHFP 44 /* ns_t_sshfp */ ++#endif ++#ifndef T_RRSIG ++# define T_RRSIG 46 /* ns_t_rrsig */ ++#endif ++#ifndef T_NSEC ++# define T_NSEC 47 /* ns_t_nsec */ ++#endif ++#ifndef T_DNSKEY ++# define T_DNSKEY 48 /* ns_t_dnskey */ ++#endif ++#ifndef T_TKEY ++# define T_TKEY 249 /* ns_t_tkey */ ++#endif ++#ifndef T_TSIG ++# define T_TSIG 250 /* ns_t_tsig */ ++#endif ++#ifndef T_IXFR ++# define T_IXFR 251 /* ns_t_ixfr */ ++#endif ++#ifndef T_AXFR ++# define T_AXFR 252 /* ns_t_axfr */ ++#endif ++#ifndef T_MAILB ++# define T_MAILB 253 /* ns_t_mailb */ ++#endif ++#ifndef T_MAILA ++# define T_MAILA 254 /* ns_t_maila */ ++#endif ++#ifndef T_ANY ++# define T_ANY 255 /* ns_t_any */ ++#endif ++#ifndef T_ZXFR ++# define T_ZXFR 256 /* ns_t_zxfr */ ++#endif ++#ifndef T_CAA ++# define T_CAA 257 /* ns_t_caa */ ++#endif ++#ifndef T_MAX ++# define T_MAX 65536 /* ns_t_max */ ++#endif ++ ++ ++#endif /* ARES_NAMESER_H */ + +From db4643979ee676b3a3d6cdf2fb597d399cf8013f Mon Sep 17 00:00:00 2001 +From: Felix Yan +Date: Fri, 13 Aug 2021 00:01:59 +0800 +Subject: [PATCH 2/2] build: ignore cpplint for third-party ares_nameser.h + +--- + Makefile | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/Makefile b/Makefile +index ec4c774748cd..c418995c53c1 100644 +--- a/Makefile ++++ b/Makefile +@@ -1289,6 +1289,7 @@ jslint-ci: lint-js-ci + LINT_CPP_ADDON_DOC_FILES_GLOB = test/addons/??_*/*.cc test/addons/??_*/*.h + LINT_CPP_ADDON_DOC_FILES = $(wildcard $(LINT_CPP_ADDON_DOC_FILES_GLOB)) + LINT_CPP_EXCLUDE ?= ++LINT_CPP_EXCLUDE += src/ares_nameser.h + LINT_CPP_EXCLUDE += src/node_root_certs.h + LINT_CPP_EXCLUDE += $(LINT_CPP_ADDON_DOC_FILES) + LINT_CPP_EXCLUDE += $(wildcard test/js-native-api/??_*/*.cc test/js-native-api/??_*/*.h test/node-api/??_*/*.cc test/node-api/??_*/*.h) diff --git a/nodejs/build/nodejs.post-upgrade b/nodejs/build/nodejs.post-upgrade new file mode 100644 index 0000000..764aa17 --- /dev/null +++ b/nodejs/build/nodejs.post-upgrade @@ -0,0 +1,26 @@ +#!/bin/sh + +# This file is not provided since splitting npm into a separate aport, +# so we use it to quickly detect presence of the old npm package. +if [ -f /usr/lib/node_modules/npm/configure ]; then + pkg_ver=$(apk info -W /usr/bin/npm 2>/dev/null \ + | sed -En 's/.*owned by npm-([^-]+).*/\1/p' \ + | grep .) || exit 0 + + npm_ver=$(/usr/bin/npm --version 2>/dev/null) || exit 0 + + [ "$pkg_ver" = "$npm_ver" ] && exit 0 + + cat >&2 <<-EOF + * + * You have an old version of the 'npm' package installed + * (pkg version: $pkg_ver, real version: $npm_ver). The newer package + * has a *lower* version number that now corresponds to the actual + * version of the 'npm' program. You have to reinstall the npm package + * (apk del npm; apk add npm) or upgrade all packages to the available + * versions (apk upgrade -a). + * + EOF +fi + +exit 0