From e6dd8456b856b8452c302fda0352378edcd91ccb Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 15 Apr 2024 11:05:37 -0700
Subject: [PATCH 1/8] feat: package nodejs

---
 packages/nodejs/Containerfile | 40 +++++++++++++++++++++++++++++++++++
 src/packages.mk               | 18 ++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 packages/nodejs/Containerfile

diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
new file mode 100644
index 0000000..9bd65ad
--- /dev/null
+++ b/packages/nodejs/Containerfile
@@ -0,0 +1,40 @@
+FROM scratch as base
+ENV VERSION=20.11.1
+ENV SRC_HASH=4af1ba6ea848cc05908b8a62b02fb27684dd52b2a7988ee82b0cfa72deb90b94
+ENV SRC_FILE=node-v${VERSION}.tar.gz
+ENV SRC_SITE=https://nodejs.org/dist/v${VERSION}/${SRC_FILE}
+ENV CFLAGS="-march=x86-64 -mtune=generic -O2"
+
+FROM base as fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch as build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/make . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/openssl . /
+COPY --from=stagex/python . /
+COPY --from=stagex/bzip2 . /
+COPY --from=stagex/ninja . /
+COPY --from=stagex/zlib . /
+COPY --from=stagex/linux-headers . /
+RUN tar -xf ${SRC_FILE}
+WORKDIR node-v${VERSION}
+RUN --network=none <<-EOF
+	set -eux
+	python configure.py  \
+        --without-snapshot
+	make BUILDTYPE=Release
+EOF
+
+FROM build as install
+RUN --network=none <<-EOF
+	set -eux
+	make DESTDIR=/rootfs install
+	find /rootfs -exec touch -hcd "@0" "{}" +
+EOF
+
+FROM stagex/filesystem as package
+COPY --from=install /rootfs/. /
diff --git a/src/packages.mk b/src/packages.mk
index da41350..197757e 100644
--- a/src/packages.mk
+++ b/src/packages.mk
@@ -2239,6 +2239,24 @@ out/ninja/index.json: \
 	out/python/index.json
 	$(call build,ninja)
 
+.PHONY: nodejs
+nodejs: out/nodejs/index.json
+out/nodejs/index.json: \
+	packages/nodejs/Containerfile \
+	out/binutils/index.json \
+	out/busybox/index.json \
+	out/bzip2/index.json \
+	out/filesystem/index.json \
+	out/gcc/index.json \
+	out/linux-headers/index.json \
+	out/make/index.json \
+	out/musl/index.json \
+	out/ninja/index.json \
+	out/openssl/index.json \
+	out/python/index.json \
+	out/zlib/index.json
+	$(call build,nodejs)
+
 .PHONY: npth
 npth: out/npth/index.json
 out/npth/index.json: \

From fa54294a9f4b194efb9cf7c8836dae473f1c377a Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Tue, 16 Apr 2024 13:59:15 -0700
Subject: [PATCH 2/8] fix: lockdown more nodejs flags

---
 packages/nodejs/Containerfile | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index 9bd65ad..ece35de 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -3,7 +3,6 @@ ENV VERSION=20.11.1
 ENV SRC_HASH=4af1ba6ea848cc05908b8a62b02fb27684dd52b2a7988ee82b0cfa72deb90b94
 ENV SRC_FILE=node-v${VERSION}.tar.gz
 ENV SRC_SITE=https://nodejs.org/dist/v${VERSION}/${SRC_FILE}
-ENV CFLAGS="-march=x86-64 -mtune=generic -O2"
 
 FROM base as fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
@@ -18,14 +17,29 @@ COPY --from=stagex/openssl . /
 COPY --from=stagex/python . /
 COPY --from=stagex/bzip2 . /
 COPY --from=stagex/ninja . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/icu . /
 COPY --from=stagex/zlib . /
 COPY --from=stagex/linux-headers . /
 RUN tar -xf ${SRC_FILE}
 WORKDIR node-v${VERSION}
+ENV CFLAGS="-march=x86-64 -mtune=generic -Os"
+ENV CXXFLAGS="-march=x86-64 -mtune=generic -Os"
+ENV CPPFLAGS="-march=x86-64 -mtune=generic -Os"
 RUN --network=none <<-EOF
 	set -eux
 	python configure.py  \
-        --without-snapshot
+        --prefix=/usr \
+        --ninja \
+        --enable-lto \
+        --without-npm \
+        --without-snapshot \
+        --without-corepack \
+        --shared-openssl \
+        --shared-zlib \
+        --with-icu-default-data-dir=$(icu-config --icudatadir) \
+		--with-intl=system-icu \
+        --openssl-use-def-ca-store
 	make BUILDTYPE=Release
 EOF
 
@@ -33,7 +47,6 @@ FROM build as install
 RUN --network=none <<-EOF
 	set -eux
 	make DESTDIR=/rootfs install
-	find /rootfs -exec touch -hcd "@0" "{}" +
 EOF
 
 FROM stagex/filesystem as package

From a940f9e3b8932f1a34a6d1abec49a56755abe883 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Wed, 17 Jul 2024 12:41:06 -0700
Subject: [PATCH 3/8] maint: bump nodejs to 22.4.0

---
 packages/nodejs/Containerfile | 23 +++++------------------
 1 file changed, 5 insertions(+), 18 deletions(-)

diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index ece35de..5e38481 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -1,8 +1,9 @@
 FROM scratch as base
-ENV VERSION=20.11.1
-ENV SRC_HASH=4af1ba6ea848cc05908b8a62b02fb27684dd52b2a7988ee82b0cfa72deb90b94
+ENV VERSION=22.4.0
+ENV SRC_HASH=b62cd83c9a57a11349883f89b1727a16e66c02eb6255a4bf32714ff5d93165f5
 ENV SRC_FILE=node-v${VERSION}.tar.gz
 ENV SRC_SITE=https://nodejs.org/dist/v${VERSION}/${SRC_FILE}
+ENV CFLAGS="-march=x86-64 -mtune=generic -O2"
 
 FROM base as fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
@@ -17,29 +18,14 @@ COPY --from=stagex/openssl . /
 COPY --from=stagex/python . /
 COPY --from=stagex/bzip2 . /
 COPY --from=stagex/ninja . /
-COPY --from=stagex/pkgconf . /
-COPY --from=stagex/icu . /
 COPY --from=stagex/zlib . /
 COPY --from=stagex/linux-headers . /
 RUN tar -xf ${SRC_FILE}
 WORKDIR node-v${VERSION}
-ENV CFLAGS="-march=x86-64 -mtune=generic -Os"
-ENV CXXFLAGS="-march=x86-64 -mtune=generic -Os"
-ENV CPPFLAGS="-march=x86-64 -mtune=generic -Os"
 RUN --network=none <<-EOF
 	set -eux
 	python configure.py  \
-        --prefix=/usr \
-        --ninja \
-        --enable-lto \
-        --without-npm \
-        --without-snapshot \
-        --without-corepack \
-        --shared-openssl \
-        --shared-zlib \
-        --with-icu-default-data-dir=$(icu-config --icudatadir) \
-		--with-intl=system-icu \
-        --openssl-use-def-ca-store
+        --without-snapshot
 	make BUILDTYPE=Release
 EOF
 
@@ -47,6 +33,7 @@ FROM build as install
 RUN --network=none <<-EOF
 	set -eux
 	make DESTDIR=/rootfs install
+	find /rootfs -exec touch -hcd "@0" "{}" +
 EOF
 
 FROM stagex/filesystem as package

From d12f1b8a0219cc7acf53e0aaa2577759a04c4a0b Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 26 Aug 2024 02:41:37 -0700
Subject: [PATCH 4/8] maint: bump nodejs to 22.7.0

---
 packages/nodejs/Containerfile | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index 5e38481..78b83af 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -1,9 +1,8 @@
 FROM scratch as base
-ENV VERSION=22.4.0
-ENV SRC_HASH=b62cd83c9a57a11349883f89b1727a16e66c02eb6255a4bf32714ff5d93165f5
+ENV VERSION=22.7.0
+ENV SRC_HASH=7a7c99282d59866d971b2da12c99596cb15782b9c3efe2e2146390c14f4d490e
 ENV SRC_FILE=node-v${VERSION}.tar.gz
 ENV SRC_SITE=https://nodejs.org/dist/v${VERSION}/${SRC_FILE}
-ENV CFLAGS="-march=x86-64 -mtune=generic -O2"
 
 FROM base as fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
@@ -22,10 +21,21 @@ COPY --from=stagex/zlib . /
 COPY --from=stagex/linux-headers . /
 RUN tar -xf ${SRC_FILE}
 WORKDIR node-v${VERSION}
+ENV SOURCE_DATE_EPOCH=1
+ENV LDFLAGS=" \
+    -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro \
+    -Wl,-z,now -Wl,-z,pack-relative-relocs"
+ENV CFLAGS=" \
+    -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
+    -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
+    -fstack-clash-protection -fcf-protection \
+    -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
+ENV CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+ENV LTOFLAGS="-flto=auto"
+
 RUN --network=none <<-EOF
 	set -eux
-	python configure.py  \
-        --without-snapshot
+	python configure.py
 	make BUILDTYPE=Release
 EOF
 

From bd7ce59caac41e39276e0c243c29d72a8f4cbab4 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Thu, 29 Aug 2024 12:30:13 -0700
Subject: [PATCH 5/8] feat: use ninja and shared libs for nodejs

---
 packages/brotli/Containerfile     |  9 +++--
 packages/c-ares/Containerfile     | 35 ++++++++++++++++++
 packages/libev/Containerfile      | 44 +++++++++++++++++++++++
 packages/libnghttp2/Containerfile | 59 +++++++++++++++++++++++++++++++
 packages/nodejs/Containerfile     | 20 ++++++++++-
 src/packages.mk                   | 51 ++++++++++++++++++++++++++
 6 files changed, 215 insertions(+), 3 deletions(-)
 create mode 100644 packages/c-ares/Containerfile
 create mode 100644 packages/libev/Containerfile
 create mode 100644 packages/libnghttp2/Containerfile

diff --git a/packages/brotli/Containerfile b/packages/brotli/Containerfile
index be02f79..ecd81e2 100644
--- a/packages/brotli/Containerfile
+++ b/packages/brotli/Containerfile
@@ -35,8 +35,13 @@ RUN --network=none <<-EOF
 EOF
 
 FROM build AS install
-RUN DESTDIR=/rootfs cmake --install build
-RUN find /rootfs -exec touch -hcd "@0" "{}" +
+RUN <<-EOF
+    set -eux
+    DESTDIR=/rootfs cmake --install build
+    for file in common dec enc; do
+		install -D -m 755 build/libbrotli$file.a /rootfs/usr/lib/
+	done
+EOF
 
 FROM stagex/filesystem AS package
 COPY --from=install /rootfs/. /
diff --git a/packages/c-ares/Containerfile b/packages/c-ares/Containerfile
new file mode 100644
index 0000000..ab27305
--- /dev/null
+++ b/packages/c-ares/Containerfile
@@ -0,0 +1,35 @@
+FROM scratch AS base
+ENV VERSION=1.33.1
+ENV SRC_HASH=06869824094745872fa26efd4c48e622b9bd82a89ef0ce693dc682a23604f415
+ENV SRC_FILE=c-ares-${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/c-ares/c-ares/releases/download/v${VERSION}/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR c-ares-${VERSION}
+RUN --network=none <<EOF
+	set -eux
+	./configure \
+        --build=x86_64-linux-musl \
+        --host=x86_64-linux-musl \
+        --prefix=/usr \
+        --mandir=/usr/share/man \
+        --infodir=/usr/share/info \
+        --enable-shared
+	make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR=/rootfs install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /
diff --git a/packages/libev/Containerfile b/packages/libev/Containerfile
new file mode 100644
index 0000000..96a2bd1
--- /dev/null
+++ b/packages/libev/Containerfile
@@ -0,0 +1,44 @@
+FROM scratch AS base
+ENV VERSION=4.33
+ENV SRC_HASH=507eb7b8d1015fbec5b935f34ebed15bf346bed04a11ab82b8eee848c4205aea
+ENV SRC_FILE=libev-${VERSION}.tar.gz
+ENV SRC_SITE=http://dist.schmorp.de/libev/Attic/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/perl . /
+COPY --from=stagex/autoconf . /
+COPY --from=stagex/automake . /
+COPY --from=stagex/libtool . /
+COPY --from=stagex/m4 . /
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR libev-${VERSION}
+ENV SOURCE_DATE_EPOCH=1
+RUN --network=none <<EOF
+	set -eux
+    libtoolize --force
+    aclocal -I m4
+    autoheader
+    autoconf
+    automake --add-missing
+	./configure \
+        --build=x86_64-linux-musl \
+        --host=x86_64-linux-musl \
+        --prefix=/usr \
+        --sysconfdir=/etc
+	make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR=/rootfs install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /
diff --git a/packages/libnghttp2/Containerfile b/packages/libnghttp2/Containerfile
new file mode 100644
index 0000000..41f0998
--- /dev/null
+++ b/packages/libnghttp2/Containerfile
@@ -0,0 +1,59 @@
+FROM scratch AS base
+ENV VERSION=1.62.1
+ENV SRC_HASH=d0b0b9d00500ee4aa3bfcac00145d3b1ef372fd301c35bff96cf019c739db1b4
+ENV SRC_FILE=nghttp2-${VERSION}.tar.gz
+ENV SRC_SITE=https://github.com/nghttp2/nghttp2/releases/download/v${VERSION}/${SRC_FILE}
+
+FROM base AS fetch
+ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
+
+FROM fetch AS build
+COPY --from=stagex/busybox . /
+COPY --from=stagex/binutils . /
+COPY --from=stagex/musl . /
+COPY --from=stagex/make . /
+COPY --from=stagex/gcc . /
+COPY --from=stagex/zlib . /
+COPY --from=stagex/pkgconf . /
+COPY --from=stagex/openssl . /
+COPY --from=stagex/libev . /
+COPY --from=stagex/c-ares . /
+
+RUN --network=none tar -xf ${SRC_FILE}
+WORKDIR nghttp2-${VERSION}
+RUN --network=none <<EOF
+	set -eux
+	./configure \
+		--build=x86_64-linux-musl \
+		--host=x86_64-linux-musl \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+        --disable-python-bindings \
+        --enable-lib-only \
+		--with-libcares \
+		--with-libev \
+		--with-openssl \
+		--disable-examples \
+		--disable-http3 \
+		--disable-werror \
+		--without-jansson \
+		--without-jemalloc \
+		--without-libbpf \
+		--without-libnghttp3 \
+		--without-libngtcp2 \
+		--without-libxml2 \
+		--without-mruby \
+		--without-neverbleed \
+		--without-systemd \
+        --without-cunit
+	make -j "$(nproc)"
+EOF
+
+FROM build AS install
+RUN --network=none make DESTDIR=/rootfs install
+
+FROM stagex/filesystem AS package
+COPY --from=install /rootfs/. /
diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index 78b83af..a089d06 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -18,7 +18,12 @@ COPY --from=stagex/python . /
 COPY --from=stagex/bzip2 . /
 COPY --from=stagex/ninja . /
 COPY --from=stagex/zlib . /
+COPY --from=stagex/icu . /
 COPY --from=stagex/linux-headers . /
+COPY --from=stagex/libnghttp2 . /
+COPY --from=stagex/brotli . /
+COPY --from=stagex/c-ares . /
+COPY --from=stagex/pkgconf . /
 RUN tar -xf ${SRC_FILE}
 WORKDIR node-v${VERSION}
 ENV SOURCE_DATE_EPOCH=1
@@ -26,16 +31,29 @@ ENV LDFLAGS=" \
     -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro \
     -Wl,-z,now -Wl,-z,pack-relative-relocs"
 ENV CFLAGS=" \
+    -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 \
     -march=x86-64 -mtune=generic -O2 -pipe -fno-plt -fexceptions \
     -Wp,-D_FORTIFY_SOURCE=3 -Wformat -Werror=format-security \
     -fstack-clash-protection -fcf-protection \
     -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer"
 ENV CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS"
+ENV CPPFLAGS="$CXXFLAGS"
 ENV LTOFLAGS="-flto=auto"
 
 RUN --network=none <<-EOF
 	set -eux
-	python configure.py
+	python configure.py \
+        --prefix=/usr \
+        --ninja \
+        --shared-zlib \
+        --shared-nghttp2 \
+        --shared-openssl \
+        --shared-cares \
+        --shared-brotli \
+        --without-npm \
+        --without-corepack \
+        --with-icu-default-data-dir=$(icu-config --icudatadir) \
+        --openssl-use-def-ca-store
 	make BUILDTYPE=Release
 EOF
 
diff --git a/src/packages.mk b/src/packages.mk
index 197757e..391ef40 100644
--- a/src/packages.mk
+++ b/src/packages.mk
@@ -325,6 +325,18 @@ out/bzip2/index.json: \
 	out/musl/index.json
 	$(call build,bzip2)
 
+.PHONY: c-ares
+c-ares: out/c-ares/index.json
+out/c-ares/index.json: \
+	packages/c-ares/Containerfile \
+	out/binutils/index.json \
+	out/busybox/index.json \
+	out/filesystem/index.json \
+	out/gcc/index.json \
+	out/make/index.json \
+	out/musl/index.json
+	$(call build,c-ares)
+
 .PHONY: ca-certificates
 ca-certificates: out/ca-certificates/index.json
 out/ca-certificates/index.json: \
@@ -1491,6 +1503,23 @@ out/libedit/index.json: \
 	out/perl/index.json
 	$(call build,libedit)
 
+.PHONY: libev
+libev: out/libev/index.json
+out/libev/index.json: \
+	packages/libev/Containerfile \
+	out/autoconf/index.json \
+	out/automake/index.json \
+	out/binutils/index.json \
+	out/busybox/index.json \
+	out/filesystem/index.json \
+	out/gcc/index.json \
+	out/libtool/index.json \
+	out/m4/index.json \
+	out/make/index.json \
+	out/musl/index.json \
+	out/perl/index.json
+	$(call build,libev)
+
 .PHONY: libevent
 libevent: out/libevent/index.json
 out/libevent/index.json: \
@@ -1621,6 +1650,23 @@ out/libnftnl/index.json: \
 	out/pkgconf/index.json
 	$(call build,libnftnl)
 
+.PHONY: libnghttp2
+libnghttp2: out/libnghttp2/index.json
+out/libnghttp2/index.json: \
+	packages/libnghttp2/Containerfile \
+	out/binutils/index.json \
+	out/busybox/index.json \
+	out/c-ares/index.json \
+	out/filesystem/index.json \
+	out/gcc/index.json \
+	out/libev/index.json \
+	out/make/index.json \
+	out/musl/index.json \
+	out/openssl/index.json \
+	out/pkgconf/index.json \
+	out/zlib/index.json
+	$(call build,libnghttp2)
+
 .PHONY: libqrencode
 libqrencode: out/libqrencode/index.json
 out/libqrencode/index.json: \
@@ -2244,15 +2290,20 @@ nodejs: out/nodejs/index.json
 out/nodejs/index.json: \
 	packages/nodejs/Containerfile \
 	out/binutils/index.json \
+	out/brotli/index.json \
 	out/busybox/index.json \
 	out/bzip2/index.json \
+	out/c-ares/index.json \
 	out/filesystem/index.json \
 	out/gcc/index.json \
+	out/icu/index.json \
+	out/libnghttp2/index.json \
 	out/linux-headers/index.json \
 	out/make/index.json \
 	out/musl/index.json \
 	out/ninja/index.json \
 	out/openssl/index.json \
+	out/pkgconf/index.json \
 	out/python/index.json \
 	out/zlib/index.json
 	$(call build,nodejs)

From c7f2a0977a069a570d85ff86aa6c24d39121d004 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 26 Aug 2024 04:10:17 -0700
Subject: [PATCH 6/8] fix: brotli prefix

---
 packages/brotli/Containerfile | 7 ++++---
 packages/nodejs/Containerfile | 1 +
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/packages/brotli/Containerfile b/packages/brotli/Containerfile
index ecd81e2..fd651e5 100644
--- a/packages/brotli/Containerfile
+++ b/packages/brotli/Containerfile
@@ -23,13 +23,13 @@ RUN --network=none <<-EOF
 	set -eux
     cmake -B build -G Ninja \
 		-DCMAKE_BUILD_TYPE=None \
-		-DCMAKE_INSTALL_PREFIX=/usr/lib \
+		-DCMAKE_INSTALL_PREFIX=/usr \
 		-DBUILD_SHARED_LIBS=OFF
 	cmake --build build
 
 	cmake -B build -G Ninja \
 		-DCMAKE_BUILD_TYPE=None \
-		-DCMAKE_INSTALL_PREFIX=/usr/lib \
+		-DCMAKE_INSTALL_PREFIX=/usr \
 		-DBUILD_SHARED_LIBS=ON
 	cmake --build build
 EOF
@@ -39,8 +39,9 @@ RUN <<-EOF
     set -eux
     DESTDIR=/rootfs cmake --install build
     for file in common dec enc; do
-		install -D -m 755 build/libbrotli$file.a /rootfs/usr/lib/
+		install -D -m 755 build/libbrotli$file.a /rootfs/usr/lib64
 	done
+    mv /rootfs/usr/lib64 /rootfs/usr/lib
 EOF
 
 FROM stagex/filesystem AS package
diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index a089d06..d9526ca 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -52,6 +52,7 @@ RUN --network=none <<-EOF
         --shared-brotli \
         --without-npm \
         --without-corepack \
+        --with-intl=system-icu \
         --with-icu-default-data-dir=$(icu-config --icudatadir) \
         --openssl-use-def-ca-store
 	make BUILDTYPE=Release

From c429ae642b2cf3d3cd9650698fe4ff73650fa4d8 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Mon, 26 Aug 2024 11:42:36 -0700
Subject: [PATCH 7/8] fix: linting

---
 packages/c-ares/Containerfile     |  2 +-
 packages/libev/Containerfile      |  2 +-
 packages/libnghttp2/Containerfile |  2 +-
 packages/nodejs/Containerfile     | 12 ++++++------
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/packages/c-ares/Containerfile b/packages/c-ares/Containerfile
index ab27305..cf551f3 100644
--- a/packages/c-ares/Containerfile
+++ b/packages/c-ares/Containerfile
@@ -15,7 +15,7 @@ COPY --from=stagex/make . /
 COPY --from=stagex/gcc . /
 
 RUN --network=none tar -xf ${SRC_FILE}
-WORKDIR c-ares-${VERSION}
+WORKDIR /c-ares-${VERSION}
 RUN --network=none <<EOF
 	set -eux
 	./configure \
diff --git a/packages/libev/Containerfile b/packages/libev/Containerfile
index 96a2bd1..73f80ff 100644
--- a/packages/libev/Containerfile
+++ b/packages/libev/Containerfile
@@ -20,7 +20,7 @@ COPY --from=stagex/libtool . /
 COPY --from=stagex/m4 . /
 
 RUN --network=none tar -xf ${SRC_FILE}
-WORKDIR libev-${VERSION}
+WORKDIR /libev-${VERSION}
 ENV SOURCE_DATE_EPOCH=1
 RUN --network=none <<EOF
 	set -eux
diff --git a/packages/libnghttp2/Containerfile b/packages/libnghttp2/Containerfile
index 41f0998..94dfa7b 100644
--- a/packages/libnghttp2/Containerfile
+++ b/packages/libnghttp2/Containerfile
@@ -20,7 +20,7 @@ COPY --from=stagex/libev . /
 COPY --from=stagex/c-ares . /
 
 RUN --network=none tar -xf ${SRC_FILE}
-WORKDIR nghttp2-${VERSION}
+WORKDIR /nghttp2-${VERSION}
 RUN --network=none <<EOF
 	set -eux
 	./configure \
diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index d9526ca..ee8e554 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -1,13 +1,13 @@
-FROM scratch as base
+FROM scratch AS base
 ENV VERSION=22.7.0
 ENV SRC_HASH=7a7c99282d59866d971b2da12c99596cb15782b9c3efe2e2146390c14f4d490e
 ENV SRC_FILE=node-v${VERSION}.tar.gz
 ENV SRC_SITE=https://nodejs.org/dist/v${VERSION}/${SRC_FILE}
 
-FROM base as fetch
+FROM base AS fetch
 ADD --checksum=sha256:${SRC_HASH} ${SRC_SITE} .
 
-FROM fetch as build
+FROM fetch AS build
 COPY --from=stagex/busybox . /
 COPY --from=stagex/gcc . /
 COPY --from=stagex/binutils . /
@@ -25,7 +25,7 @@ COPY --from=stagex/brotli . /
 COPY --from=stagex/c-ares . /
 COPY --from=stagex/pkgconf . /
 RUN tar -xf ${SRC_FILE}
-WORKDIR node-v${VERSION}
+WORKDIR /node-v${VERSION}
 ENV SOURCE_DATE_EPOCH=1
 ENV LDFLAGS=" \
     -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z,relro \
@@ -58,12 +58,12 @@ RUN --network=none <<-EOF
 	make BUILDTYPE=Release
 EOF
 
-FROM build as install
+FROM build AS install
 RUN --network=none <<-EOF
 	set -eux
 	make DESTDIR=/rootfs install
 	find /rootfs -exec touch -hcd "@0" "{}" +
 EOF
 
-FROM stagex/filesystem as package
+FROM stagex/filesystem AS package
 COPY --from=install /rootfs/. /

From 368516a8ce8f35170532c3481f8a51b9014f8e17 Mon Sep 17 00:00:00 2001
From: "Lance R. Vick" <lance@lrvick.net>
Date: Thu, 29 Aug 2024 12:05:06 -0700
Subject: [PATCH 8/8] fix: cleanup/linting

---
 packages/nodejs/Containerfile | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/packages/nodejs/Containerfile b/packages/nodejs/Containerfile
index ee8e554..9b93433 100644
--- a/packages/nodejs/Containerfile
+++ b/packages/nodejs/Containerfile
@@ -55,15 +55,11 @@ RUN --network=none <<-EOF
         --with-intl=system-icu \
         --with-icu-default-data-dir=$(icu-config --icudatadir) \
         --openssl-use-def-ca-store
-	make BUILDTYPE=Release
+	make BUILDTYPE=Release -j $(nproc)
 EOF
 
 FROM build AS install
-RUN --network=none <<-EOF
-	set -eux
-	make DESTDIR=/rootfs install
-	find /rootfs -exec touch -hcd "@0" "{}" +
-EOF
+RUN --network=none make DESTDIR=/rootfs install
 
 FROM stagex/filesystem AS package
 COPY --from=install /rootfs/. /