rpms / yarnpkg

Clone
Source Code
GIT

Files

epel8 epel9 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f36
  2.   yarnpkg.spec
Blob Blame History Raw 
%global npm_name yarn
# name yarn would probably confict with cmdtest and hadoop-yarn
# https://bugzilla.redhat.com/show_bug.cgi?id=1507312
%global old_name nodejs-yarn

%{?nodejs_find_provides_and_requires}

%global enable_tests 1

# don't require bundled modules
%global __requires_exclude_from ^(%{nodejs_sitelib}/yarn/lib/.*|%{nodejs_sitelib}/yarn/bin/yarn(|\\.cmd|\\.ps1|pkg.*))$

%global bundledate 20230321

Name:           yarnpkg
Version:        1.22.19
Release:        5%{?dist}
Summary:        Fast, reliable, and secure dependency management.
URL:            https://github.com/yarnpkg/yarn
# we need tarball with node_modules
Source0:        %{name}-v%{version}-bundled-%{bundledate}.tar.gz
Source1:        yarnpkg-tarball.sh
License:        BSD

# These are applied by yarnpkg-tarball.sh
# async-CVE-2021-43138.prebundle.patch
# minimatch-CVE-2022-3517.prebundle.patch
# thenify-CVE-2020-7677.prebundle.patch
# decode-uri-component-CVE-2022-38900.prebundle.patch

# Backport fix for CVE-2021-35065 for bundled glob-parent
Patch1:         glob-parent-CVE-2021-35065.patch

BuildArch:      noarch
ExclusiveArch:  %{nodejs_arches} noarch

BuildRequires:  nodejs-packaging
%if 0%{?fedora} > 37
BuildRequires:  nodejs-npm
%else
BuildRequires:  npm
%endif

# Package was renamed when Fedora 33 was rawhide
# Don't remove this before Fedora 35
Obsoletes:      %{old_name} < 1.22.4-1
Provides:       %{old_name} = %{version}-%{release}

%description
Fast, reliable, and secure dependency management.


%prep
%autosetup -p1 -n %{npm_name}-%{version}


%build
# use build script
npm run build

# remove build dependencies from node_modules
npm prune --production

%install
mkdir -p %{buildroot}%{nodejs_sitelib}/%{npm_name}

cp -pr package.json lib bin node_modules \
    %{buildroot}%{nodejs_sitelib}/%{npm_name}

mkdir -p %{buildroot}%{_bindir}
ln -sfr %{buildroot}%{nodejs_sitelib}/%{npm_name}/bin/yarn.js %{buildroot}%{_bindir}/yarnpkg
ln -sfr %{buildroot}%{nodejs_sitelib}/%{npm_name}/bin/yarn.js %{buildroot}%{_bindir}/yarn
ln -sfr %{buildroot}%{nodejs_sitelib}/%{npm_name}/bin/yarn.js %{buildroot}%{_bindir}/%{old_name}

# Fix the shebang in yarn.js because brp-mangle-shebangs fails to detect this properly (rhbz#1998924)
sed -e "s|^#!/usr/bin/env node$|#!/usr/bin/node|" \
    -i %{buildroot}%{nodejs_sitelib}/%{npm_name}/bin/yarn.js

# Remove executable bits from bundled dependency tests
find %{buildroot}%{nodejs_sitelib}/%{npm_name}/node_modules \
    -ipath '*/test/*' -type f -executable \
    -exec chmod -x '{}' +

%if 0%{?enable_tests}
%check
%nodejs_symlink_deps --check
if [[ $(%{buildroot}%{_bindir}/yarnpkg --version) == %{version} ]] ; then echo PASS; else echo FAIL && exit 1; fi
if [[ $(%{buildroot}%{_bindir}/yarn --version) == %{version} ]] ; then echo PASS; else echo FAIL && exit 1; fi
if [[ $(%{buildroot}%{_bindir}/%{old_name} --version) == %{version} ]] ; then echo PASS; else echo FAIL && exit 1; fi
%endif


%files
%doc README.md
%license LICENSE
%{_bindir}/yarnpkg
%{_bindir}/yarn
%{_bindir}/%{old_name}
%{nodejs_sitelib}/%{npm_name}/

%changelog
* Tue Mar 21 2023 Sandro Mani <manisandro@gmail.com> - 1.22.19-5
- Add patch for CVE-2022-38900, proper fixes for CVE-2021-43138, CVE-2022-3517,
  CVE-2020-7677

* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.19-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild

* Wed Jan 11 2023 Sandro Mani <manisandro@gmail.com> - 1.22.19-3
- Add patches for CVE-2021-43138, CVE-2022-3517, CVE-2020-7677

* Tue Jan 03 2023 Sandro Mani <manisandro@gmail.com> - 1.22.19-2
- Backport fix for CVE-2021-35065 for bundled glob-parent

* Thu Dec 15 2022 Sandro Mani <manisandro@gmail.com> - 1.22.19-1
- Update to 1.22.19

* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.17-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild

* Tue Nov 23 2021 zsvetlik@redhat.com - 1.22.17-1
- Update to latest upstream release
- use --force in yarnpkg-tarball.sh to workaround dependency conflincts

* Mon Aug 30 2021 Neal Gompa <ngompa@fedoraproject.org> - 1.22.10-4
- Work around broken brp-mangle-shebangs behavior (see RHBZ#1998924)
- Fix broken macro variable for legacy "nodejs-yarn" binary name (RHBZ#1904279)

* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

* Fri Oct 09 2020 zsvetlik@redhat.com - 1.22.10-1
- Update to 1.22.10
- Resolves: RHBZ#1816262, RHBZ#1851876
- Long resolved CVEs, just not mentioned in changelog

* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Mon Jun 22 2020 Neal Gompa <ngompa13@gmail.com> - 1.22.4-2
- Ensure Obsoletes + Provides stanza takes effect
- Fix broken author identity in changelog entries

* Tue Apr 14 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.22.4-1
- Rename to yarnpkg, remove symlink-deps macro
- Update to 1.22.4

* Mon Jan 27 2020 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.21.1-1
- Resolves: RHBZ#1627748, #1687099, #1788329
- Update to 1.21.1
- Provides /usr/bin/yarn
- Resolves CVE-2019-10773

* Thu Dec 05 2019 Neal Gompa <ngompa@datto.com> - 1.13.0-4
- Rename nodejs-yarn binary package to yarnpkg (similar to other distros)
- Use nodejs macros consistently throughout spec
- Make the tests fail the build if the tests fail

* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Wed Feb 13 2019 Jan Staněk <jstanek@redhat.com> - 1.13.0-2
- Remove executable bits from bundled tests
- Related: rhbz#1674073

* Thu Feb 07 2019 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.13.0-1
- Update

* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

* Mon Jul 30 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.9.2-1
- Update to 1.9.2

* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.7.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Thu May 24 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.7.0-1
- Update to 1.7.0

* Wed May 09 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.6.0-1
- Rebase, rebuild with new packaging

* Wed Mar 21 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.5.1-2
- Add requires_exclude_from macro
- rename nodejs-yarnpkg to yarn

* Wed Mar 21 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.5.1-1
- Rebase

* Tue Jan 30 2018 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.4.1-1
- rebase
- package from GH, build with npm

* Tue Dec 05 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.3.2-2
- Add fedora readme so users are able to find renamed commands
- change source url
- rename license according to guidelines

* Mon Nov 27 2017 Zuzana Svetlikova <zsvetlik@redhat.com> - 1.3.2-1
- Initial build
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.