diff options
26 files changed, 4277 insertions, 0 deletions
@@ -0,0 +1,3 @@ +/grafana-9.2.10.tar.gz +/grafana-vendor-9.2.10-2.tar.xz +/grafana-webpack-9.2.10-2.tar.gz diff --git a/0001-update-grafana-cli-script-with-distro-specific-paths.patch b/0001-update-grafana-cli-script-with-distro-specific-paths.patch new file mode 100644 index 0000000..ae15f74 --- /dev/null +++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch @@ -0,0 +1,64 @@ +From 226822e64ed4badb22e18740e6db411617b42bb7 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr <agerstmayr@redhat.com> +Date: Wed, 22 Jun 2022 16:57:52 +0200 +Subject: [PATCH] update grafana-cli script with distro-specific paths and + switch to grafana user + + +diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli +index dafa075a2c..eda358c425 100755 +--- a/packaging/wrappers/grafana-cli ++++ b/packaging/wrappers/grafana-cli +@@ -5,18 +5,19 @@ + # the system-wide Grafana configuration that was bundled with the package as we + # use the binary. + +-DEFAULT=/etc/default/grafana ++DEFAULT=/etc/sysconfig/grafana-server + + GRAFANA_HOME=/usr/share/grafana + CONF_DIR=/etc/grafana + DATA_DIR=/var/lib/grafana + PLUGINS_DIR=/var/lib/grafana/plugins + LOG_DIR=/var/log/grafana ++LIBEXEC_DIR=/usr/libexec/grafana + + CONF_FILE=$CONF_DIR/grafana.ini + PROVISIONING_CFG_DIR=$CONF_DIR/provisioning + +-EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli ++EXECUTABLE=$LIBEXEC_DIR/grafana-cli + + if [ ! -x $EXECUTABLE ]; then + echo "Program not installed or not executable" +@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then + . "$DEFAULT" + fi + +-OPTS="--homepath=${GRAFANA_HOME} \ +- --config=${CONF_FILE} \ +- --pluginsDir=${PLUGINS_DIR} \ +- --configOverrides='cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \ +- cfg:default.paths.data=${DATA_DIR} \ +- cfg:default.paths.logs=${LOG_DIR} \ +- cfg:default.paths.plugins=${PLUGINS_DIR}'" +- +-eval $EXECUTABLE "$OPTS" '$@' ++OPTS=("--homepath=${GRAFANA_HOME}" ++ "--config=${CONF_FILE}" ++ "--pluginsDir=${PLUGINS_DIR}" ++ "--configOverrides=cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \ ++ cfg:default.paths.data=${DATA_DIR} \ ++ cfg:default.paths.logs=${LOG_DIR} \ ++ cfg:default.paths.plugins=${PLUGINS_DIR}") ++ ++if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then ++ cd "${GRAFANA_HOME}" ++ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@" ++elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then ++ cd "${GRAFANA_HOME}" ++ exec "$EXECUTABLE" "${OPTS[@]}" "$@" ++else ++ echo "$0: please run this script as user \"${GRAFANA_USER}\" or root." ++ exit 5 ++fi diff --git a/0002-add-manpages.patch b/0002-add-manpages.patch new file mode 100644 index 0000000..4ded6f1 --- /dev/null +++ b/0002-add-manpages.patch @@ -0,0 +1,161 @@ +From c065b6608a65967bde152557566e0410238714a1 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr <agerstmayr@redhat.com> +Date: Wed, 22 Jun 2022 17:01:09 +0200 +Subject: [PATCH] add manpages + + +diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1 +new file mode 100644 +index 0000000000..39c0d5cee0 +--- /dev/null ++++ b/docs/man/man1/grafana-cli.1 +@@ -0,0 +1,63 @@ ++.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands" ++.SH NAME ++grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor ++.SH DESCRIPTION ++.SS "NAME:" ++.IP ++grafana-cli ++.SS "USAGE:" ++.IP ++\fBgrafana\-cli\fP [\fIglobal options\fP] \fIcommand\fP [\fIcommand options\fP] [\fIarguments\fP...] ++.SS "COMMANDS:" ++.TP ++plugins ++Manage plugins for grafana ++.TP ++admin ++Grafana admin commands ++.TP ++cue ++Cue validation commands ++.TP ++help, h ++Shows a list of commands or help for one command ++.SS "GLOBAL OPTIONS:" ++.TP ++\fB\-\-pluginsDir\fR value ++path to the grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR] ++.TP ++\fB\-\-repo\fR value ++url to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO] ++.TP ++\fB\-\-pluginUrl\fR value ++Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL] ++.TP ++\fB\-\-insecure\fR ++Skip TLS verification (insecure) (default: false) ++.TP ++\fB\-\-debug\fR ++Enable debug logging (default: false) ++.TP ++\fB\-\-configOverrides\fR value ++Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null ++.TP ++\fB\-\-homepath\fR value ++Path to Grafana install/home path, defaults to working directory ++.TP ++\fB\-\-config\fR value ++Path to config file ++.TP ++\fB\-\-help\fR, \fB\-h\fR ++show help ++.TP ++\fB\-\-version\fR, \fB\-v\fR ++print the version ++.SH "SEE ALSO" ++Additional documentation for ++.B grafana-cli ++is available on-line at ++.BR http://docs.grafana.org/administration/cli/ . ++The full documentation for ++.B Grafana ++is available on-line at ++.BR http://docs.grafana.org/ . +diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1 +new file mode 100644 +index 0000000000..683a2369cc +--- /dev/null ++++ b/docs/man/man1/grafana-server.1 +@@ -0,0 +1,80 @@ ++.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands" ++.SH NAME ++grafana-server \- back-end server for the Grafana metrics dashboard and graph editor ++.SH DESCRIPTION ++.B grafana-server ++is the back-end server for the Grafana metrics dashboard and graph editor. ++The ++.B grafana-server ++program should not normally be run from the command line, ++except when testing or for development purposes. ++Rather it should be managed by ++.BR systemd . ++After installing Grafana, the systemd service should be enabled and started as follows: ++.P ++.in 1i ++.B systemctl daemon-reload ++.br ++.B systemctl enable grafana-server.service ++.br ++.B systemctl start grafana-server.service ++.in ++.P ++.SH OPTIONS ++The ++.B grafana-server ++configuration is specified in ++.BR /etc/grafana/grafana.ini ++and is well documented with comments. ++The command-line options listed below override options of ++the same (or similar) name in the configuration file. ++.P ++.HP ++\fB\-config\fR string ++.IP ++path to config file ++.HP ++\fB\-homepath\fR string ++.IP ++path to grafana install/home path, defaults to working directory ++.HP ++\fB\-packaging\fR string ++.IP ++describes the way Grafana was installed (default "unknown") ++.HP ++\fB\-pidfile\fR string ++.IP ++path to pid file ++.HP ++\fB\-profile\fR ++.IP ++Turn on pprof profiling ++.HP ++\fB\-profile\-addr\fR string ++.IP ++Define custom address for profiling (default "localhost") ++.HP ++\fB\-profile\-port\fR uint ++.IP ++Define custom port for profiling (default 6060) ++.HP ++\fB\-tracing\fR ++.IP ++Turn on tracing ++.HP ++\fB\-tracing\-file\fR string ++.IP ++Define tracing output file (default "trace.out") ++.TP ++\fB\-v\fR ++.IP ++prints current version and exits ++.TP ++\fB\-vv\fR ++.IP ++prints current version, all dependencies and exits ++.SH "SEE ALSO" ++The full documentation for ++.B Grafana ++is available on-line at ++.BR http://docs.grafana.org/ . diff --git a/0003-update-default-configuration.patch b/0003-update-default-configuration.patch new file mode 100644 index 0000000..e20a6fb --- /dev/null +++ b/0003-update-default-configuration.patch @@ -0,0 +1,68 @@ +From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr <agerstmayr@redhat.com> +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] update default configuration + + +diff --git a/conf/defaults.ini b/conf/defaults.ini +index 2d6e1235b6..f0eff6d2ac 100644 +--- a/conf/defaults.ini ++++ b/conf/defaults.ini +@@ -196,7 +196,7 @@ row_limit = 1000000 + # No ip addresses are being tracked, only simple counters to track + # running instances, dashboard and error counts. It is very helpful to us. + # Change this option to false to disable reporting. +-reporting_enabled = true ++reporting_enabled = false + + # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs + reporting_distributor = grafana-labs +@@ -206,7 +206,7 @@ reporting_distributor = grafana-labs + # in some UI views to notify that a grafana update exists. + # This option does not cause any auto updates, nor send any information + # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. +-check_for_updates = true ++check_for_updates = false + + # Set to false to disable all checks to https://grafana.com + # for new versions of plugins. The check is used +diff --git a/conf/sample.ini b/conf/sample.ini +index 227c90e895..dc9fd6a3a5 100644 +--- a/conf/sample.ini ++++ b/conf/sample.ini +@@ -202,7 +202,7 @@ + # No ip addresses are being tracked, only simple counters to track + # running instances, dashboard and error counts. It is very helpful to us. + # Change this option to false to disable reporting. +-;reporting_enabled = true ++;reporting_enabled = false + + # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs + ;reporting_distributor = grafana-labs +@@ -212,7 +212,7 @@ + # in some UI views to notify that a grafana update exists. + # This option does not cause any auto updates, nor send any information + # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. +-;check_for_updates = true ++;check_for_updates = false + + # Set to false to disable all checks to https://grafana.com + # for new versions of plugins. The check is used +@@ -356,7 +356,7 @@ + + # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds. + # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. +-;min_refresh_interval = 5s ++min_refresh_interval = 1s + + # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" + ;default_home_dashboard_path = +@@ -1094,7 +1094,7 @@ + ;enable_alpha = false + ;app_tls_skip_verify_insecure = false + # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. +-;allow_loading_unsigned_plugins = ++allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel + # Enable or disable installing / uninstalling / updating plugins directly from within Grafana. + ;plugin_admin_enabled = false + ;plugin_admin_external_manage_enabled = false diff --git a/0004-remove-unused-backend-dependencies.patch b/0004-remove-unused-backend-dependencies.patch new file mode 100644 index 0000000..86908a3 --- /dev/null +++ b/0004-remove-unused-backend-dependencies.patch @@ -0,0 +1,129 @@ +From 944d07247d07b433777ee6ab46bc55cc1d9debe8 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr <agerstmayr@redhat.com> +Date: Wed, 22 Jun 2022 17:18:56 +0200 +Subject: [PATCH] remove unused backend dependencies + +saml and gofpdf are not used in the OSS edition of Grafana +after editing `pkg/extensions/main.go`, run `go mod tidy` + +diff --git a/go.mod b/go.mod +index 03c00985c4..faedd337d3 100644 +--- a/go.mod ++++ b/go.mod +@@ -30,7 +30,6 @@ require ( + github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b + github.com/centrifugal/centrifuge v0.25.0 + github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d +- github.com/crewjam/saml v0.4.9 + github.com/davecgh/go-spew v1.1.1 + github.com/denisenkom/go-mssqldb v0.12.0 + github.com/dop251/goja v0.0.0-20210804101310-32956a348b49 +@@ -67,7 +66,6 @@ require ( + github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097 + github.com/jmespath/go-jmespath v0.4.0 + github.com/json-iterator/go v1.1.12 +- github.com/jung-kurt/gofpdf v1.16.2 + github.com/lib/pq v1.10.4 + github.com/linkedin/goavro/v2 v2.10.0 + github.com/m3db/prometheus_remote_client_golang v0.4.4 +@@ -192,7 +190,6 @@ require ( + github.com/josharian/intern v1.0.0 // indirect + github.com/jpillora/backoff v1.0.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect +- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect + github.com/mattetti/filebuffer v1.0.1 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/miekg/dns v1.1.43 // indirect +@@ -208,7 +205,7 @@ + github.com/opentracing-contrib/go-stdlib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/prometheus/common/sigv4 v0.1.0 // indirect +- github.com/prometheus/exporter-toolkit v0.7.1 // indirect ++ github.com/prometheus/exporter-toolkit v0.7.3 // indirect + github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 // indirect + github.com/prometheus/procfs v0.8.0 // indirect + github.com/protocolbuffers/txtpbfmt v0.0.0-20220428173112-74888fd59c2b // indirect +diff --git a/go.sum b/go.sum +index e3b45a9f35..b98dc78c57 100644 +--- a/go.sum ++++ b/go.sum +@@ -665,7 +665,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t + github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= + github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= + github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +-github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= + github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ= + github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA= + github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= +@@ -1376,8 +1375,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.139.0 h1:2RQKM2QpSaWTtaGN6sK+R7LO7zy + github.com/grafana/grafana-plugin-sdk-go v0.139.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c= + github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293 h1:dJIdfHqu+XjKz+w9zXLqXKPdp6Jjx/UPSOwdeSfWdeQ= + github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293/go.mod h1:HVHqK+BVPa/tmL8EMhLCCrPt2a1GdJpEyxr5hgur2UI= +-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7 h1:cujJQ3XV6IK7Y96VpYurd2EpI5rfMRFcuyGqUlk+030= +-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4= + github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104 h1:dYpwFYIChrMfpq3wDa/ZBxAbUGSW5NYmYBeSezhaoao= + github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104/go.mod h1:fCV1rqv6XRQg2GfIQ7pU9zdxd5fLRcEBCnrDVwlK+ZY= + github.com/grafana/xorm v0.8.3-0.20220614223926-2fcda7565af6 h1:I9dh1MXGX0wGyxdV/Sl7+ugnki4Dfsy8lv2s5Yf887o= +@@ -1664,8 +1661,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V + github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= + github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= + github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc= +-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0= + github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0= + github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= + github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4= +@@ -1787,8 +1782,6 @@ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= + github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= + github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= + github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk= +-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU= +-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To= + github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM= + github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs= + github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +@@ -2066,7 +2059,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR + github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= + github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= + github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= +-github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= + github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= + github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= + github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +@@ -2156,8 +2148,9 @@ github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdD + github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI= + github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg= + github.com/prometheus/exporter-toolkit v0.6.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= +-github.com/prometheus/exporter-toolkit v0.7.1 h1:c6RXaK8xBVercEeUQ4tRNL8UGWzDHfvj9dseo1FcK1Y= + github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= ++github.com/prometheus/exporter-toolkit v0.7.3 h1:IYBn0CTGi/nYxstdTUKysuSofUNJ3DQW3FmZ/Ub6rgU= ++github.com/prometheus/exporter-toolkit v0.7.3/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g= + github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 h1:dTUS1vaLWq+Y6XKOTnrFpoVsQKLCbCp1OLj24TDi7oM= + github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289/go.mod h1:FGbBv5OPKjch+jNUJmEQpMZytIdyW0NdBtWFcfSKusc= + github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= +@@ -2696,7 +2688,6 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y + golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= + golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= + golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +-golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= + golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= + golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= + golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go +index 72371bdab4..a7bb7abe0f 100644 +--- a/pkg/extensions/main.go ++++ b/pkg/extensions/main.go +@@ -11,13 +11,11 @@ import ( + _ "github.com/blugelabs/bluge" + _ "github.com/blugelabs/bluge_segment_api" + _ "github.com/cortexproject/cortex/pkg/util" +- _ "github.com/crewjam/saml" + _ "github.com/gobwas/glob" + _ "github.com/googleapis/gax-go/v2" + _ "github.com/grafana/dskit/backoff" + _ "github.com/grafana/dskit/flagext" + _ "github.com/grpc-ecosystem/go-grpc-middleware" +- _ "github.com/jung-kurt/gofpdf" + _ "github.com/linkedin/goavro/v2" + _ "github.com/m3db/prometheus_remote_client_golang/promremote" + _ "github.com/pkg/errors" diff --git a/0005-remove-unused-frontend-crypto.patch b/0005-remove-unused-frontend-crypto.patch new file mode 100644 index 0000000..dee203d --- /dev/null +++ b/0005-remove-unused-frontend-crypto.patch @@ -0,0 +1,397 @@ +From 3709d320189b10a12a3780d15e46afd777f06554 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr <agerstmayr@redhat.com> +Date: Wed, 22 Jun 2022 17:36:47 +0200 +Subject: [PATCH] remove unused frontend crypto + +update `package.json` and then run `yarn install` to update the +`yarn.lock` lockfile + +diff --git a/package.json b/package.json +index e26f95d855..91d71f1414 100644 +--- a/package.json ++++ b/package.json +@@ -405,8 +405,10 @@ + "whatwg-fetch": "3.6.2" + }, + "resolutions": { ++ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", ++ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", ++ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", + "underscore": "1.13.4", +- "@mdx-js/loader/loader-utils": "^2.0.0", + "@types/slate": "0.47.9", + "@rushstack/node-core-library": "3.52.0", + "@rushstack/rig-package": "0.3.13", +diff --git a/yarn.lock b/yarn.lock +index f374e10e33..12c06ad883 100644 +--- a/yarn.lock ++++ b/yarn.lock +@@ -4571,10 +4571,10 @@ __metadata: + languageName: node + linkType: hard + +-"@braintree/sanitize-url@npm:6.0.0": +- version: 6.0.0 +- resolution: "@braintree/sanitize-url@npm:6.0.0" +- checksum: 409ce7709dc1a0c67bc887d20af1becd4145d5c62cc5124b1c4c1f3ea2a8d69b0ee9f582d446469c6f5294b56442b99048cbbba6861dd5c834d4e019b95e1f40 ++"@braintree/sanitize-url@npm:^6.0.0": ++ version: 6.0.2 ++ resolution: "@braintree/sanitize-url@npm:6.0.2" ++ checksum: 6a9dfd4081cc96516eeb281d1a83d3b5f1ad3d2837adf968fcc2ba18889ee833554f9c641b4083c36d3360a932e4504ddf25b0b51e9933c3742622df82cf7c9a + languageName: node + linkType: hard + +@@ -5375,7 +5375,7 @@ __metadata: + version: 0.0.0-use.local + resolution: "@grafana/data@workspace:packages/grafana-data" + dependencies: +- "@braintree/sanitize-url": 6.0.0 ++ "@braintree/sanitize-url": ^6.0.0 + "@grafana/schema": 9.2.8 + "@grafana/tsconfig": ^1.2.0-rc1 + "@rollup/plugin-commonjs": 22.0.1 +@@ -14511,22 +14511,6 @@ __metadata: + languageName: node + linkType: hard + +-"asn1@npm:~0.2.3": +- version: 0.2.4 +- resolution: "asn1@npm:0.2.4" +- dependencies: +- safer-buffer: ~2.1.0 +- checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c +- languageName: node +- linkType: hard +- +-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0": +- version: 1.0.0 +- resolution: "assert-plus@npm:1.0.0" +- checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64 +- languageName: node +- linkType: hard +- + "assert@npm:2.0.0": + version: 2.0.0 + resolution: "assert@npm:2.0.0" +@@ -15231,15 +15215,6 @@ __metadata: + languageName: node + linkType: hard + +-"bcrypt-pbkdf@npm:^1.0.0": +- version: 1.0.2 +- resolution: "bcrypt-pbkdf@npm:1.0.2" +- dependencies: +- tweetnacl: ^0.14.3 +- checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291 +- languageName: node +- linkType: hard +- + "before-after-hook@npm:^2.2.0": + version: 2.2.2 + resolution: "before-after-hook@npm:2.2.2" +@@ -17053,13 +17028,6 @@ __metadata: + languageName: node + linkType: hard + +-"core-util-is@npm:1.0.2": +- version: 1.0.2 +- resolution: "core-util-is@npm:1.0.2" +- checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab +- languageName: node +- linkType: hard +- + "core-util-is@npm:~1.0.0": + version: 1.0.3 + resolution: "core-util-is@npm:1.0.3" +@@ -18097,15 +18065,6 @@ __metadata: + languageName: node + linkType: hard + +-"dashdash@npm:^1.12.0": +- version: 1.14.1 +- resolution: "dashdash@npm:1.14.1" +- dependencies: +- assert-plus: ^1.0.0 +- checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598 +- languageName: node +- linkType: hard +- + "data-urls@npm:^2.0.0": + version: 2.0.0 + resolution: "data-urls@npm:2.0.0" +@@ -18842,16 +18801,6 @@ __metadata: + languageName: node + linkType: hard + +-"ecc-jsbn@npm:~0.1.1": +- version: 0.1.2 +- resolution: "ecc-jsbn@npm:0.1.2" +- dependencies: +- jsbn: ~0.1.0 +- safer-buffer: ^2.1.0 +- checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a +- languageName: node +- linkType: hard +- + "ee-first@npm:1.1.1": + version: 1.1.1 + resolution: "ee-first@npm:1.1.1" +@@ -20489,20 +20438,6 @@ __metadata: + languageName: node + linkType: hard + +-"extsprintf@npm:1.3.0": +- version: 1.3.0 +- resolution: "extsprintf@npm:1.3.0" +- checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2 +- languageName: node +- linkType: hard +- +-"extsprintf@npm:^1.2.0": +- version: 1.4.0 +- resolution: "extsprintf@npm:1.4.0" +- checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e +- languageName: node +- linkType: hard +- + "fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": + version: 3.1.3 + resolution: "fast-deep-equal@npm:3.1.3" +@@ -21462,15 +21397,6 @@ __metadata: + languageName: node + linkType: hard + +-"getpass@npm:^0.1.1": +- version: 0.1.7 +- resolution: "getpass@npm:0.1.7" +- dependencies: +- assert-plus: ^1.0.0 +- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046 +- languageName: node +- linkType: hard +- + "git-raw-commits@npm:^2.0.8": + version: 2.0.11 + resolution: "git-raw-commits@npm:2.0.11" +@@ -22832,25 +22758,10 @@ __metadata: + languageName: node + linkType: hard + +-"http-signature@npm:~1.2.0": +- version: 1.2.0 +- resolution: "http-signature@npm:1.2.0" +- dependencies: +- assert-plus: ^1.0.0 +- jsprim: ^1.2.2 +- sshpk: ^1.7.0 +- checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c +- languageName: node +- linkType: hard +- +-"http-signature@npm:~1.3.6": +- version: 1.3.6 +- resolution: "http-signature@npm:1.3.6" +- dependencies: +- assert-plus: ^1.0.0 +- jsprim: ^2.0.2 +- sshpk: ^1.14.1 +- checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c ++"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1 + languageName: node + linkType: hard + +@@ -25418,13 +25329,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsbn@npm:~0.1.0": +- version: 0.1.1 +- resolution: "jsbn@npm:0.1.1" +- checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2 +- languageName: node +- linkType: hard +- + "jsdoc-type-pratt-parser@npm:~2.2.5": + version: 2.2.5 + resolution: "jsdoc-type-pratt-parser@npm:2.2.5" +@@ -25572,13 +25476,6 @@ __metadata: + languageName: node + linkType: hard + +-"json-schema@npm:0.2.3, json-schema@npm:0.4.0": +- version: 0.4.0 +- resolution: "json-schema@npm:0.4.0" +- checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72 +- languageName: node +- linkType: hard +- + "json-source-map@npm:0.6.1": + version: 0.6.1 + resolution: "json-source-map@npm:0.6.1" +@@ -25709,30 +25606,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsprim@npm:^1.2.2": +- version: 1.4.1 +- resolution: "jsprim@npm:1.4.1" +- dependencies: +- assert-plus: 1.0.0 +- extsprintf: 1.3.0 +- json-schema: 0.2.3 +- verror: 1.10.0 +- checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373 +- languageName: node +- linkType: hard +- +-"jsprim@npm:^2.0.2": +- version: 2.0.2 +- resolution: "jsprim@npm:2.0.2" +- dependencies: +- assert-plus: 1.0.0 +- extsprintf: 1.3.0 +- json-schema: 0.4.0 +- verror: 1.10.0 +- checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838 +- languageName: node +- linkType: hard +- + "jsurl@npm:^0.1.5": + version: 0.1.5 + resolution: "jsurl@npm:0.1.5" +@@ -26192,6 +26065,17 @@ __metadata: + languageName: node + linkType: hard + ++"loader-utils@npm:2.0.0": ++ version: 2.0.0 ++ resolution: "loader-utils@npm:2.0.0" ++ dependencies: ++ big.js: ^5.2.2 ++ emojis-list: ^3.0.0 ++ json5: ^2.1.2 ++ checksum: 6856423131b50b6f5f259da36f498cfd7fc3c3f8bb17777cf87fdd9159e797d4ba4288d9a96415fd8da62c2906960e88f74711dee72d03a9003bddcd0d364a51 ++ languageName: node ++ linkType: hard ++ + "loader-utils@npm:^2.0.0": + version: 2.0.3 + resolution: "loader-utils@npm:2.0.3" +@@ -27755,13 +27639,6 @@ __metadata: + languageName: node + linkType: hard + +-"node-forge@npm:^1": +- version: 1.3.1 +- resolution: "node-forge@npm:1.3.1" +- checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9 +- languageName: node +- linkType: hard +- + "node-gettext@npm:^3.0.0": + version: 3.0.0 + resolution: "node-gettext@npm:3.0.0" +@@ -33404,7 +33281,7 @@ __metadata: + languageName: node + linkType: hard + +-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0": ++"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0": + version: 2.1.2 + resolution: "safer-buffer@npm:2.1.2" + checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0 +@@ -33623,12 +33500,10 @@ __metadata: + languageName: node + linkType: hard + +-"selfsigned@npm:^2.0.1": +- version: 2.0.1 +- resolution: "selfsigned@npm:2.0.1" +- dependencies: +- node-forge: ^1 +- checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93 ++"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d + languageName: node + linkType: hard + +@@ -34591,27 +34466,6 @@ __metadata: + languageName: node + linkType: hard + +-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0": +- version: 1.16.1 +- resolution: "sshpk@npm:1.16.1" +- dependencies: +- asn1: ~0.2.3 +- assert-plus: ^1.0.0 +- bcrypt-pbkdf: ^1.0.0 +- dashdash: ^1.12.0 +- ecc-jsbn: ~0.1.1 +- getpass: ^0.1.1 +- jsbn: ~0.1.0 +- safer-buffer: ^2.0.2 +- tweetnacl: ~0.14.0 +- bin: +- sshpk-conv: bin/sshpk-conv +- sshpk-sign: bin/sshpk-sign +- sshpk-verify: bin/sshpk-verify +- checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857 +- languageName: node +- linkType: hard +- + "ssri@npm:^8.0.0, ssri@npm:^8.0.1": + version: 8.0.1 + resolution: "ssri@npm:8.0.1" +@@ -36287,13 +36141,6 @@ __metadata: + languageName: node + linkType: hard + +-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0": +- version: 0.14.5 +- resolution: "tweetnacl@npm:0.14.5" +- checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487 +- languageName: node +- linkType: hard +- + "type-check@npm:^0.4.0, type-check@npm:~0.4.0": + version: 0.4.0 + resolution: "type-check@npm:0.4.0" +@@ -37042,17 +36889,6 @@ __metadata: + languageName: node + linkType: soft + +-"verror@npm:1.10.0": +- version: 1.10.0 +- resolution: "verror@npm:1.10.0" +- dependencies: +- assert-plus: ^1.0.0 +- core-util-is: 1.0.2 +- extsprintf: ^1.2.0 +- checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea +- languageName: node +- linkType: hard +- + "vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0": + version: 3.2.0 + resolution: "vfile-location@npm:3.2.0" + +diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json +index e26f95d855..91d71f1414 100644 +--- a/packages/grafana-data/package.json ++++ b/packages/grafana-data/package.json +@@ -33,7 +33,7 @@ + "typecheck": "tsc --emitDeclarationOnly false --noEmit" + }, + "dependencies": { +- "@braintree/sanitize-url": "6.0.0", ++ "@braintree/sanitize-url": "^6.0.0", + "@grafana/schema": "9.2.8", + "@types/d3-interpolate": "^1.4.0", + "d3-interpolate": "1.4.0", + diff --git a/0006-skip-marketplace-plugin-install-test.patch b/0006-skip-marketplace-plugin-install-test.patch new file mode 100644 index 0000000..d56fe4e --- /dev/null +++ b/0006-skip-marketplace-plugin-install-test.patch @@ -0,0 +1,21 @@ +From a23cb1162fd705147489915667b83a236ad248be Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr <agerstmayr@redhat.com> +Date: Thu, 23 Jun 2022 17:00:46 +0200 +Subject: [PATCH] skip marketplace plugin install test + +This test (tries to) install a plugin from the Grafana marketplace. +Network connectivity is disabled in the build environment for security +reasons, therefore we need to disable this test. + +diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go +index 0d62275c4b..c237aa9389 100644 +--- a/pkg/tests/api/plugins/api_plugins_test.go ++++ b/pkg/tests/api/plugins/api_plugins_test.go +@@ -56,6 +56,7 @@ func TestPlugins(t *testing.T) { + }) + + t.Run("Request is not forbidden if from an admin", func(t *testing.T) { ++ t.Skip("this test requires connectivity to the Grafana plugin marketplace (fetching metadata)") + statusCode, body := makePostRequest(t, grafanaAPIURL(usernameAdmin, grafanaListedAddr, "plugins/test/install")) + + assert.Equal(t, 404, statusCode) diff --git a/0007-fix-alert-test.patch b/0007-fix-alert-test.patch new file mode 100644 index 0000000..71039d1 --- /dev/null +++ b/0007-fix-alert-test.patch @@ -0,0 +1,19 @@ +From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001 +From: Stan Cox <scox@redhat.com> +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] fix alert test + + +diff --git a/pkg/tests/api/alerting/api_alertmanager_test.go b/pkg/tests/api/alerting/api_alertmanager_test.go +index 2d6e1235b6..f0eff6d2ac 100644 +--- a/pkg/tests/api/alerting/api_alertmanager_test.go 2023-01-24 14:44:19.000000000 -0500 ++++ b/pkg/tests/api/alerting/api_alertmanager_test.go 2023-04-13 16:20:51.718515009 -0400 +@@ -210,7 +210,7 @@ + { + "comment": "string", + "createdBy": "string", +- "endsAt": "2023-03-31T14:17:04.419Z", ++ "endsAt": "2032-03-31T14:17:04.419Z", + "matchers": [ + { + "isRegex": true, diff --git a/0008-graphite-functions-xss.patch b/0008-graphite-functions-xss.patch new file mode 100644 index 0000000..a686e9a --- /dev/null +++ b/0008-graphite-functions-xss.patch @@ -0,0 +1,30 @@ +From: ismail simsek <ismailsimsek09@gmail.com> +Date: Thu Mar 16 23:16:03 2023 +0100 +Subject: [PATCH] graphite functions xss + +commit e59427c074 + [v9.2.x] Fix xss in Graphite functions tooltip (#810) + + Fix xss in Graphite functions tooltip (#804) + + (cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055) + + Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com> + +diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx +index facd0b2511..d4d41da720 100644 +--- a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx ++++ b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx +@@ -11,11 +11,9 @@ export interface FunctionEditorControlsProps { + } + + const FunctionDescription = React.lazy(async () => { +- // @ts-ignore +- const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html'); + return { + default(props: { description?: string }) { +- return <div dangerouslySetInnerHTML={{ __html: rst2html(props.description ?? '') }} />; ++ return <div>{props.description}</div>; + }, + }; + }); diff --git a/0009-redact-weak-ciphers.patch b/0009-redact-weak-ciphers.patch new file mode 100644 index 0000000..746d0c2 --- /dev/null +++ b/0009-redact-weak-ciphers.patch @@ -0,0 +1,30 @@ +From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001 +From: Stan Cox <scox@redhat.com> +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] redact weak ciphers + + +diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go +index 2d6e1235b6..f0eff6d2ac 100644 +--- a/pkg/api/http_server.go 2023-01-24 14:44:19.000000000 -0500 ++++ b/pkg/api/http_server.go 2023-04-21 13:14:02.684857018 -0400 +@@ -489,13 +489,13 @@ + tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, +- tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, ++// tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, +- tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, +- tls.TLS_RSA_WITH_AES_128_GCM_SHA256, +- tls.TLS_RSA_WITH_AES_256_GCM_SHA384, +- tls.TLS_RSA_WITH_AES_128_CBC_SHA, +- tls.TLS_RSA_WITH_AES_256_CBC_SHA, ++// tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, ++// tls.TLS_RSA_WITH_AES_128_GCM_SHA256, ++// tls.TLS_RSA_WITH_AES_256_GCM_SHA384, ++// tls.TLS_RSA_WITH_AES_128_CBC_SHA, ++// tls.TLS_RSA_WITH_AES_256_CBC_SHA, + }, + } + diff --git a/0010-skip-tests.patch b/0010-skip-tests.patch new file mode 100644 index 0000000..832ac3b --- /dev/null +++ b/0010-skip-tests.patch @@ -0,0 +1,71 @@ +From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001 +From: Stan Cox <scox@redhat.com> +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] skip tests + +These tests are problematic on s390 but lint complains about patches +in an %ifarch block so apply to all architectures. + +diff --git a/pkg/services/ngalert/notifier/alertmanager_test.go b/pkg/services/ngalert/notifier/alertmanager_test.go +--- a/pkg/services/ngalert/notifier/alertmanager_test.go 2023-06-04 22:38:26.566930436 -0400 ++++ b/pkg/services/ngalert/notifier/alertmanager_test.go 2023-06-06 13:25:43.785556819 -0400 +@@ -54,6 +54,7 @@ + } + + func TestPutAlert(t *testing.T) { ++ t.Skip("Skip testing TestPutAlert") + am := setupAMTest(t) + + startTime := time.Now() +@@ -350,6 +351,7 @@ + // implement a custom maintenance function for silences, because we snapshot + // our data differently, so we test that functionality. + func TestSilenceCleanup(t *testing.T) { ++ t.Skip("Skip testing TestSilenceCleanup") + require := require.New(t) + + oldRetention := retentionNotificationsAndSilences +diff --git a/pkg/services/ngalert/state/manager_test.go b/pkg/services/ngalert/state/manager_test.go +--- a/pkg/services/ngalert/state/manager_test.go 2023-06-04 22:38:26.570930475 -0400 ++++ b/pkg/services/ngalert/state/manager_test.go 2023-06-06 13:26:47.588172342 -0400 +@@ -78,6 +78,7 @@ + } + + func TestProcessEvalResults(t *testing.T) { ++ t.Skip("Skip testing TestProcessEvalResults") + evaluationTime, err := time.Parse("2006-01-02", "2021-03-25") + if err != nil { + t.Fatalf("error parsing date format: %s", err.Error()) +diff --git a/pkg/services/ngalert/schedule/schedule_test.go b/pkg/services/ngalert/schedule/schedule_test.go +--- a/pkg/services/ngalert/schedule/schedule_test.go 2023-06-04 22:38:26.569930465 -0400 ++++ b/pkg/services/ngalert/schedule/schedule_test.go 2023-06-06 13:27:14.475431726 -0400 +@@ -130,6 +130,7 @@ + } + + func TestAlertingTicker(t *testing.T) { ++ t.Skip("Skip testing TestAlertingTicker") + ctx := context.Background() + _, dbstore := tests.SetupTestEnv(t, 1) + +diff --git a/pkg/infra/filestorage/fs_integration_test.go b/pkg/infra/filestorage/fs_integration_test.go +--- a/pkg/infra/filestorage/fs_integration_test.go 2023-06-04 22:38:26.539930172 -0400 ++++ b/pkg/infra/filestorage/fs_integration_test.go 2023-06-06 13:27:48.535760305 -0400 +@@ -169,6 +169,7 @@ + } + + func TestIntegrationFsStorage(t *testing.T) { ++ t.Skip("Skip testing TestIntegrationFsStorage") + if testing.Short() { + t.Skip("skipping integration test") + } +diff --git a/pkg/tests/api/alerting/api_prometheus_test.go b/pkg/tests/api/alerting/api_prometheus_test.go +--- a/pkg/tests/api/alerting/api_prometheus_test.go 2023-06-04 22:38:26.588930651 -0400 ++++ b/pkg/tests/api/alerting/api_prometheus_test.go 2023-06-06 13:28:13.260998838 -0400 +@@ -25,6 +25,7 @@ + ) + + func TestPrometheusRules(t *testing.T) { ++ t.Skip("Skip testing TestPrometheusRules") + dir, path := testinfra.CreateGrafDir(t, testinfra.GrafanaOpts{ + DisableLegacyAlerting: true, + EnableUnifiedAlerting: true, diff --git a/0011-remove-email-lookup.patch b/0011-remove-email-lookup.patch new file mode 100644 index 0000000..27a68b1 --- /dev/null +++ b/0011-remove-email-lookup.patch @@ -0,0 +1,61 @@ +commit bae86dbeb0 +Author: Ieva <ieva.vasiljeva@grafana.com> +Date: Tue Jun 6 17:45:31 2023 +0100 + + Auth: Remove Email Lookup from oauth integrations 9.2 (#898) + + backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x + +diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go +index 22014aee43..af00c56a68 100644 +--- a/pkg/api/login_oauth.go ++++ b/pkg/api/login_oauth.go +@@ -302,16 +302,17 @@ + connect social.SocialConnector, + ) (*user.User, error) { + oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile") ++ lookupParams := models.UserLookupParams{} ++ if hs.Cfg.OAuthAllowInsecureEmailLookup { ++ lookupParams.Email = &extUser.Email ++ } ++ + // add/update user in Grafana + cmd := &models.UpsertUserCommand{ +- ReqContext: ctx, +- ExternalUser: extUser, +- SignupAllowed: connect.IsSignupAllowed(), +- UserLookupParams: models.UserLookupParams{ +- Email: &extUser.Email, +- UserID: nil, +- Login: nil, +- }, ++ ReqContext: ctx, ++ ExternalUser: extUser, ++ SignupAllowed: connect.IsSignupAllowed(), ++ UserLookupParams: lookupParams, + } + + if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil { +diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go +index 20e8f78a2f..03aa5c17d8 100644 +--- a/pkg/setting/setting.go ++++ b/pkg/setting/setting.go +@@ -318,7 +318,8 @@ + AuthProxySyncTTL int + + // OAuth +- OAuthCookieMaxAge int ++ OAuthCookieMaxAge int ++ OAuthAllowInsecureEmailLookup bool + + // JWT Auth + JWTAuthEnabled bool +@@ -1256,6 +1256,8 @@ + return err + } + ++ cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false) ++ + const defaultMaxLifetime = "30d" + maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime) + cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal) diff --git a/0012-coredump-selinux-error.patch b/0012-coredump-selinux-error.patch new file mode 100644 index 0000000..5bdcc5b --- /dev/null +++ b/0012-coredump-selinux-error.patch @@ -0,0 +1,13 @@ +diff --git a/pkg/framework/coremodel/helpers.go b/pkg/framework/coremodel/helpers.go +index 20d111edba..6655f81cee 100644 +--- a/pkg/framework/coremodel/helpers.go ++++ b/pkg/framework/coremodel/helpers.go +@@ -26,7 +26,7 @@ func init() { + var err error + defaultFramework, err = doLoadFrameworkCUE(cuectx.ProvideCUEContext()) + if err != nil { +- panic(err) ++// panic(err) + } + } + diff --git a/1001-vendor-patch-removed-backend-crypto.patch b/1001-vendor-patch-removed-backend-crypto.patch new file mode 100644 index 0000000..c8786da --- /dev/null +++ b/1001-vendor-patch-removed-backend-crypto.patch @@ -0,0 +1,1156 @@ +patch removed backend crypto + +the `Makefile` removed a few files containing (unused) crypto +algorithms from the vendor tarball, which are not used in Grafana. +This patch removes all references to the deleted files. + +diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +new file mode 100644 +index 0000000000..871e612a61 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go +@@ -0,0 +1,25 @@ ++package elgamal ++ ++import ( ++ "io" ++ "math/big" ++) ++ ++// PublicKey represents an ElGamal public key. ++type PublicKey struct { ++ G, P, Y *big.Int ++} ++ ++// PrivateKey represents an ElGamal private key. ++type PrivateKey struct { ++ PublicKey ++ X *big.Int ++} ++ ++func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) { ++ panic("ElGamal encryption not available") ++} ++ ++func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) { ++ panic("ElGamal encryption not available") ++} +diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go +index 0a19794a8e..25a5ee9158 100644 +--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go ++++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go +@@ -22,7 +22,6 @@ import ( + "math/big" + "math/bits" + +- "golang.org/x/crypto/cast5" + "golang.org/x/crypto/openpgp/errors" + ) + +@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int { + case Cipher3DES: + return 24 + case CipherCAST5: +- return cast5.KeySize ++ panic("cast5 cipher not available") + case CipherAES128: + return 16 + case CipherAES192: +@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) { + case Cipher3DES: + block, _ = des.NewTripleDESCipher(key) + case CipherCAST5: +- block, _ = cast5.NewCipher(key) ++ panic("cast5 cipher not available") + case CipherAES128, CipherAES192, CipherAES256: + block, _ = aes.NewCipher(key) + } +diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +index 6126030eb9..3a54c5f2b1 100644 +--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go ++++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +@@ -5,13 +5,12 @@ + package packet + + import ( +- "crypto/cipher" + "crypto/sha1" + "crypto/subtle" +- "golang.org/x/crypto/openpgp/errors" + "hash" + "io" +- "strconv" ++ ++ "golang.org/x/crypto/openpgp/errors" + ) + + // SymmetricallyEncrypted represents a symmetrically encrypted byte string. The +@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error { + // packet can be read. An incorrect key can, with high probability, be detected + // immediately and this will result in a KeyIncorrect error being returned. + func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) { +- keySize := c.KeySize() +- if keySize == 0 { +- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c))) +- } +- if len(key) != keySize { +- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length") +- } +- +- if se.prefix == nil { +- se.prefix = make([]byte, c.blockSize()+2) +- _, err := readFull(se.contents, se.prefix) +- if err != nil { +- return nil, err +- } +- } else if len(se.prefix) != c.blockSize()+2 { +- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths") +- } +- +- ocfbResync := OCFBResync +- if se.MDC { +- // MDC packets use a different form of OCFB mode. +- ocfbResync = OCFBNoResync +- } +- +- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync) +- if s == nil { +- return nil, errors.ErrKeyIncorrect +- } +- +- plaintext := cipher.StreamReader{S: s, R: se.contents} +- +- if se.MDC { +- // MDC packets have an embedded hash that we need to check. +- h := sha1.New() +- h.Write(se.prefix) +- return &seMDCReader{in: plaintext, h: h}, nil +- } +- +- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser. +- return seReader{plaintext}, nil ++ panic("OCFB cipher not available") + } + + // seReader wraps an io.Reader with a no-op Close method. +@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error { + // written. + // If config is nil, sensible defaults will be used. + func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) { +- if c.KeySize() != len(key) { +- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length") +- } +- writeCloser := noOpCloser{w} +- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC) +- if err != nil { +- return +- } +- +- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion}) +- if err != nil { +- return +- } +- +- block := c.new(key) +- blockSize := block.BlockSize() +- iv := make([]byte, blockSize) +- _, err = config.Random().Read(iv) +- if err != nil { +- return +- } +- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync) +- _, err = ciphertext.Write(prefix) +- if err != nil { +- return +- } +- plaintext := cipher.StreamWriter{S: s, W: ciphertext} +- +- h := sha1.New() +- h.Write(iv) +- h.Write(iv[blockSize-2:]) +- contents = &seMDCWriter{w: plaintext, h: h} +- return ++ panic("OCFB cipher not available") + } +diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go +index 484ca51b71..5f502b8df1 100644 +--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go ++++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go +@@ -11,8 +11,6 @@ import ( + "crypto/x509/pkix" + "encoding/asn1" + "errors" +- +- "golang.org/x/crypto/pkcs12/internal/rc2" + ) + + var ( +@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt + + type shaWith40BitRC2CBC struct{} + +-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) { +- return rc2.New(key, len(key)*8) +-} +- + func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte { + return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5) + } +@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher + case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC): + cipherType = shaWithTripleDESCBC{} + case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC): +- cipherType = shaWith40BitRC2CBC{} ++ panic("RC2 encryption not available") + default: + return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported") + } +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +index ae3ebc03b9..11dbc3c56e 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +@@ -16,14 +16,11 @@ + package web + + import ( +- "encoding/hex" + "fmt" + "net/http" +- "strings" + "sync" + + "github.com/go-kit/log" +- "golang.org/x/crypto/bcrypt" + ) + + // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP +@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{ + "Content-Security-Policy": nil, + } + +-func validateUsers(configPath string) error { +- c, err := getConfig(configPath) +- if err != nil { +- return err +- } +- +- for _, p := range c.Users { +- _, err = bcrypt.Cost([]byte(p)) +- if err != nil { +- return err +- } +- } +- +- return nil +-} +- + // validateHeaderConfig checks that the provided header configuration is correct. + // It does not check the validity of all the values, only the ones which are + // well-defined enumerations. +@@ -67,60 +49,3 @@ type webHandler struct { + // only once in parallel as this is CPU intensive. + bcryptMtx sync.Mutex + } +- +-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { +- c, err := getConfig(u.tlsConfigPath) +- if err != nil { +- u.logger.Log("msg", "Unable to parse configuration", "err", err) +- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) +- return +- } +- +- // Configure http headers. +- for k, v := range c.HTTPConfig.Header { +- w.Header().Set(k, v) +- } +- +- if len(c.Users) == 0 { +- u.handler.ServeHTTP(w, r) +- return +- } +- +- user, pass, auth := r.BasicAuth() +- if auth { +- hashedPassword, validUser := c.Users[user] +- +- if !validUser { +- // The user is not found. Use a fixed password hash to +- // prevent user enumeration by timing requests. +- // This is a bcrypt-hashed version of "fakepassword". +- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" +- } +- +- cacheKey := strings.Join( +- []string{ +- hex.EncodeToString([]byte(user)), +- hex.EncodeToString([]byte(hashedPassword)), +- hex.EncodeToString([]byte(pass)), +- }, ":") +- authOk, ok := u.cache.get(cacheKey) +- +- if !ok { +- // This user, hashedPassword, password is not cached. +- u.bcryptMtx.Lock() +- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) +- u.bcryptMtx.Unlock() +- +- authOk = validUser && err == nil +- u.cache.set(cacheKey, authOk) +- } +- +- if authOk && validUser { +- u.handler.ServeHTTP(w, r) +- return +- } +- } +- +- w.Header().Set("WWW-Authenticate", "Basic") +- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) +-} +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go +--- grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go 2023-03-13 20:00:00.000000000 -0400 ++++ /tmp/rpkg/grafana-1-v6p2z4of/grafana-9.2.2/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go 2023-03-16 13:43:13.300238021 -0400 +@@ -18,12 +18,8 @@ + "crypto/x509" + "fmt" + "io/ioutil" +- "net" +- "net/http" + "path/filepath" + +- "github.com/go-kit/log" +- "github.com/go-kit/log/level" + "github.com/pkg/errors" + config_util "github.com/prometheus/common/config" + "gopkg.in/yaml.v2" +@@ -177,98 +173,6 @@ + return cfg, nil + } + +-// ListenAndServe starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error { +- listener, err := net.Listen("tcp", server.Addr) +- if err != nil { +- return err +- } +- defer listener.Close() +- return Serve(listener, server, tlsConfigPath, logger) +-} +- +-// Server starts the server on the given listener. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error { +- if tlsConfigPath == "" { +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false) +- return server.Serve(l) +- } +- +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- +- // Setup basic authentication. +- var handler http.Handler = http.DefaultServeMux +- if server.Handler != nil { +- handler = server.Handler +- } +- +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- +- server.Handler = &webHandler{ +- tlsConfigPath: tlsConfigPath, +- logger: logger, +- handler: handler, +- cache: newCache(), +- } +- +- config, err := ConfigToTLSConfig(&c.TLSConfig) +- switch err { +- case nil: +- if !c.HTTPConfig.HTTP2 { +- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) +- } +- // Valid TLS config. +- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2) +- case errNoTLSConfig: +- // No TLS config, back to plain HTTP. +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false) +- return server.Serve(l) +- default: +- // Invalid TLS config. +- return err +- } +- +- server.TLSConfig = config +- +- // Set the GetConfigForClient method of the HTTPS server so that the config +- // and certs are reloaded on new connections. +- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { +- config, err := getTLSConfig(tlsConfigPath) +- if err != nil { +- return nil, err +- } +- config.NextProtos = server.TLSConfig.NextProtos +- return config, nil +- } +- return server.ServeTLS(l, "", "") +-} +- +-// Validate configuration file by reading the configuration and the certificates. +-func Validate(tlsConfigPath string) error { +- if tlsConfigPath == "" { +- return nil +- } +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- _, err = ConfigToTLSConfig(&c.TLSConfig) +- if err == errNoTLSConfig { +- return nil +- } +- return err +-} +- + type cipher uint16 + + func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error { +@@ -351,11 +255,3 @@ + } + return fmt.Sprintf("%v", tv), nil + } +- +-// Listen starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-// +-// Deprecated: Use ListenAndServe instead. +-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { +- return ListenAndServe(server, tlsConfigPath, logger) +-} +diff a/vendor/github.com/go-git/go-git/v5/options.go b/vendor/github.com/go-git/go-git/v5/options.go +--- a/vendor/github.com/go-git/go-git/v5/options.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/options.go 2022-12-20 10:24:35.162653691 -0500 +@@ -7,7 +7,7 @@ + "strings" + "time" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-git/v5/config" + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/object" +@@ -434,7 +434,7 @@ + // SignKey denotes a key to sign the commit with. A nil value here means the + // commit will not be signed. The private key must be present and already + // decrypted. +- SignKey *openpgp.Entity ++ // SignKey *openpgp.Entity + } + + // Validate validates the fields and sets the default values. +@@ -517,7 +517,7 @@ + Message string + // SignKey denotes a key to sign the tag with. A nil value here means the tag + // will not be signed. The private key must be present and already decrypted. +- SignKey *openpgp.Entity ++ // SignKey *openpgp.Entity + } + + // Validate validates the fields and sets the default values. +diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/commit.go 2022-12-20 10:33:26.630073026 -0500 +@@ -9,7 +9,7 @@ + "io" + "strings" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/storer" +@@ -354,7 +354,8 @@ + + // Verify performs PGP verification of the commit with a provided armored + // keyring and returns openpgp.Entity associated with verifying key on success. +-func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) { ++func (c *Commit) Verify(armoredKeyRing string) (*int, error) { ++ /* + keyRingReader := strings.NewReader(armoredKeyRing) + keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) + if err != nil { +@@ -375,6 +376,8 @@ + } + + return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil) ++ */ ++ return nil, nil + } + + func indent(t string) string { +diff a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/object/tag.go 2022-12-20 10:37:05.542949113 -0500 +@@ -6,9 +6,9 @@ + "fmt" + "io" + stdioutil "io/ioutil" +- "strings" ++ // "strings" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + + "github.com/go-git/go-git/v5/plumbing" + "github.com/go-git/go-git/v5/plumbing/storer" +@@ -284,7 +284,8 @@ + + // Verify performs PGP verification of the tag with a provided armored + // keyring and returns openpgp.Entity associated with verifying key on success. +-func (t *Tag) Verify(armoredKeyRing string) (*openpgp.Entity, error) { ++func (t *Tag) Verify(armoredKeyRing string) (*int, error) { ++ /* + keyRingReader := strings.NewReader(armoredKeyRing) + keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) + if err != nil { +@@ -305,6 +306,8 @@ + } + + return openpgp.CheckArmoredDetachedSignature(keyring, er, signature, nil) ++ */ ++ return nil, nil + } + + // TagIter provides an iterator for a set of tags. +diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/auth_method.go 2022-12-20 13:42:13.659296361 -0500 +@@ -1,6 +1,7 @@ + package ssh + + import ( ++ /* + "errors" + "fmt" + "io/ioutil" +@@ -14,6 +15,7 @@ + sshagent "github.com/xanzy/ssh-agent" + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/knownhosts" ++ */ + ) + + const DefaultUsername = "git" +@@ -22,10 +24,12 @@ + // must implement. The clientConfig method returns the ssh client + // configuration needed to establish an ssh connection. + type AuthMethod interface { ++ /* + transport.AuthMethod + // ClientConfig should return a valid ssh.ClientConfig to be used to create + // a connection to the SSH server. + ClientConfig() (*ssh.ClientConfig, error) ++ */ + } + + // The names of the AuthMethod implementations. To be returned by the +@@ -42,78 +46,101 @@ + // KeyboardInteractive implements AuthMethod by using a + // prompt/response sequence controlled by the server. + type KeyboardInteractive struct { ++ /* + User string + Challenge ssh.KeyboardInteractiveChallenge + HostKeyCallbackHelper ++ */ + } + + func (a *KeyboardInteractive) Name() string { +- return KeyboardInteractiveName ++ // return KeyboardInteractiveName ++ return "" + } + + func (a *KeyboardInteractive) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *KeyboardInteractive) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *KeyboardInteractive) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ + a.Challenge, + }, + }) ++ */ ++ return nil, nil + } + + // Password implements AuthMethod by using the given password. + type Password struct { ++ /* + User string + Password string + HostKeyCallbackHelper ++ */ + } + + func (a *Password) Name() string { +- return PasswordName ++ // return PasswordName ++ return "" + } + + func (a *Password) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *Password) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *Password) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.Password(a.Password)}, + }) ++ */ ++ return nil, nil + } + + // PasswordCallback implements AuthMethod by using a callback + // to fetch the password. + type PasswordCallback struct { ++ /* + User string + Callback func() (pass string, err error) + HostKeyCallbackHelper ++ */ + } + + func (a *PasswordCallback) Name() string { +- return PasswordCallbackName ++ // return PasswordCallbackName ++ return "" + } + + func (a *PasswordCallback) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *PasswordCallback) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *PasswordCallback) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.PasswordCallback(a.Callback)}, + }) ++ */ ++ return nil, nil + } + + // PublicKeys implements AuthMethod by using the given key pairs. + type PublicKeys struct { ++ /* + User string + Signer ssh.Signer + HostKeyCallbackHelper ++ */ + } + + // NewPublicKeys returns a PublicKeys from a PEM encoded private key. An +@@ -121,6 +148,7 @@ + // encrypted PEM block otherwise password should be empty. It supports RSA + // (PKCS#1), PKCS#8, DSA (OpenSSL), and ECDSA private keys. + func NewPublicKeys(user string, pemBytes []byte, password string) (*PublicKeys, error) { ++ /* + signer, err := ssh.ParsePrivateKey(pemBytes) + if _, ok := err.(*ssh.PassphraseMissingError); ok { + signer, err = ssh.ParsePrivateKeyWithPassphrase(pemBytes, []byte(password)) +@@ -129,36 +157,47 @@ + return nil, err + } + return &PublicKeys{User: user, Signer: signer}, nil ++ */ ++ return nil, nil + } + + // NewPublicKeysFromFile returns a PublicKeys from a file containing a PEM + // encoded private key. An encryption password should be given if the pemBytes + // contains a password encrypted PEM block otherwise password should be empty. + func NewPublicKeysFromFile(user, pemFile, password string) (*PublicKeys, error) { ++ /* + bytes, err := ioutil.ReadFile(pemFile) + if err != nil { + return nil, err + } + + return NewPublicKeys(user, bytes, password) ++ */ ++ return nil, nil + } + + func (a *PublicKeys) Name() string { +- return PublicKeysName ++ // return PublicKeysName ++ return "" + } + + func (a *PublicKeys) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *PublicKeys) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *PublicKeys) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.PublicKeys(a.Signer)}, + }) ++ */ ++ return nil, nil + } + + func username() (string, error) { ++ /* + var username string + if user, err := user.Current(); err == nil { + username = user.Username +@@ -171,20 +210,25 @@ + } + + return username, nil ++ */ ++ return "", nil + } + + // PublicKeysCallback implements AuthMethod by asking a + // ssh.agent.Agent to act as a signer. + type PublicKeysCallback struct { ++ /* + User string + Callback func() (signers []ssh.Signer, err error) + HostKeyCallbackHelper ++ */ + } + + // NewSSHAgentAuth returns a PublicKeysCallback based on a SSH agent, it opens + // a pipe with the SSH agent and uses the pipe as the implementer of the public + // key callback function. + func NewSSHAgentAuth(u string) (*PublicKeysCallback, error) { ++ /* + var err error + if u == "" { + u, err = username() +@@ -202,21 +246,28 @@ + User: u, + Callback: a.Signers, + }, nil ++ */ ++ return nil, nil + } + + func (a *PublicKeysCallback) Name() string { +- return PublicKeysCallbackName ++ // return PublicKeysCallbackName ++ return "" + } + + func (a *PublicKeysCallback) String() string { +- return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ // return fmt.Sprintf("user: %s, name: %s", a.User, a.Name()) ++ return "" + } + +-func (a *PublicKeysCallback) ClientConfig() (*ssh.ClientConfig, error) { ++func (a *PublicKeysCallback) ClientConfig() (*int, error) { ++ /* + return a.SetHostKeyCallback(&ssh.ClientConfig{ + User: a.User, + Auth: []ssh.AuthMethod{ssh.PublicKeysCallback(a.Callback)}, + }) ++ */ ++ return nil, nil + } + + // NewKnownHostsCallback returns ssh.HostKeyCallback based on a file based on a +@@ -229,7 +280,8 @@ + // If SSH_KNOWN_HOSTS is not set the following file locations will be used: + // ~/.ssh/known_hosts + // /etc/ssh/ssh_known_hosts +-func NewKnownHostsCallback(files ...string) (ssh.HostKeyCallback, error) { ++func NewKnownHostsCallback(files ...string) (*int, error) { ++ /* + var err error + + if len(files) == 0 { +@@ -243,9 +295,12 @@ + } + + return knownhosts.New(files...) ++ */ ++ return nil, nil + } + +-func getDefaultKnownHostsFiles() ([]string, error) { ++func getDefaultKnownHostsFiles() (*int, error) { ++ /* + files := filepath.SplitList(os.Getenv("SSH_KNOWN_HOSTS")) + if len(files) != 0 { + return files, nil +@@ -260,9 +315,12 @@ + filepath.Join(homeDirPath, "/.ssh/known_hosts"), + "/etc/ssh/ssh_known_hosts", + }, nil ++ */ ++ return nil, nil + } + +-func filterKnownHostsFiles(files ...string) ([]string, error) { ++func filterKnownHostsFiles(files ...string) (*int, error) { ++ /* + var out []string + for _, file := range files { + _, err := os.Stat(file) +@@ -281,6 +339,8 @@ + } + + return out, nil ++ */ ++ return nil, nil + } + + // HostKeyCallbackHelper is a helper that provides common functionality to +@@ -289,13 +349,14 @@ + // HostKeyCallback is the function type used for verifying server keys. + // If nil default callback will be create using NewKnownHostsCallback + // without argument. +- HostKeyCallback ssh.HostKeyCallback ++ // HostKeyCallback ssh.HostKeyCallback + } + + // SetHostKeyCallback sets the field HostKeyCallback in the given cfg. If + // HostKeyCallback is empty a default callback is created using + // NewKnownHostsCallback. +-func (m *HostKeyCallbackHelper) SetHostKeyCallback(cfg *ssh.ClientConfig) (*ssh.ClientConfig, error) { ++func (m *HostKeyCallbackHelper) SetHostKeyCallback(*int) (*int, error) { ++ /* + var err error + if m.HostKeyCallback == nil { + if m.HostKeyCallback, err = NewKnownHostsCallback(); err != nil { +@@ -305,4 +366,6 @@ + + cfg.HostKeyCallback = m.HostKeyCallback + return cfg, nil ++ */ ++ return nil, nil + } +diff a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go +--- a/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/plumbing/transport/ssh/common.go 2022-12-20 14:01:25.825788050 -0500 +@@ -2,18 +2,22 @@ + package ssh + + import ( +- "context" ++ // "context" + "fmt" ++ /* + "reflect" + "strconv" + "strings" ++ */ + + "github.com/go-git/go-git/v5/plumbing/transport" + "github.com/go-git/go-git/v5/plumbing/transport/internal/common" + + "github.com/kevinburke/ssh_config" ++ /* + "golang.org/x/crypto/ssh" + "golang.org/x/net/proxy" ++ */ + ) + + // DefaultClient is the default SSH client. +@@ -28,23 +32,26 @@ + } + + // NewClient creates a new SSH client with an optional *ssh.ClientConfig. +-func NewClient(config *ssh.ClientConfig) transport.Transport { +- return common.NewClient(&runner{config: config}) ++func NewClient(*int) transport.Transport { ++ // return common.NewClient(&runner{config: config}) ++ return nil + } + + // DefaultAuthBuilder is the function used to create a default AuthMethod, when + // the user doesn't provide any. + var DefaultAuthBuilder = func(user string) (AuthMethod, error) { +- return NewSSHAgentAuth(user) ++ // return NewSSHAgentAuth(user) ++ return nil, nil + } + + const DefaultPort = 22 + + type runner struct { +- config *ssh.ClientConfig ++ // config *ssh.ClientConfig + } + + func (r *runner) Command(cmd string, ep *transport.Endpoint, auth transport.AuthMethod) (common.Command, error) { ++ /* + c := &command{command: cmd, endpoint: ep, config: r.config} + if auth != nil { + c.setAuth(auth) +@@ -54,9 +61,12 @@ + return nil, err + } + return c, nil ++ */ ++ return nil, nil + } + + type command struct { ++ /* + *ssh.Session + connected bool + command string +@@ -64,24 +74,29 @@ + client *ssh.Client + auth AuthMethod + config *ssh.ClientConfig ++ */ + } + + func (c *command) setAuth(auth transport.AuthMethod) error { ++ /* + a, ok := auth.(AuthMethod) + if !ok { + return transport.ErrInvalidAuthMethod + } + + c.auth = a ++ */ + return nil + } + + func (c *command) Start() error { +- return c.Session.Start(endpointToCommand(c.command, c.endpoint)) ++ // return c.Session.Start(endpointToCommand(c.command, c.endpoint)) ++ return nil + } + + // Close closes the SSH session and connection. + func (c *command) Close() error { ++ /* + if !c.connected { + return nil + } +@@ -99,6 +114,8 @@ + } + + return err ++ */ ++ return nil + } + + // connect connects to the SSH server, unless a AuthMethod was set with +@@ -106,6 +123,7 @@ + // it connects to a SSH agent, using the address stored in the SSH_AUTH_SOCK + // environment var. + func (c *command) connect() error { ++ /* + if c.connected { + return transport.ErrAlreadyConnected + } +@@ -136,10 +154,12 @@ + } + + c.connected = true ++ */ + return nil + } + +-func dial(network, addr string, config *ssh.ClientConfig) (*ssh.Client, error) { ++func dial(network, addr string, config *int) (*int, error) { ++ /* + var ( + ctx = context.Background() + cancel context.CancelFunc +@@ -160,9 +180,12 @@ + return nil, err + } + return ssh.NewClient(c, chans, reqs), nil ++ */ ++ return nil, nil + } + + func (c *command) getHostWithPort() string { ++ /* + if addr, found := c.doGetHostWithPortFromSSHConfig(); found { + return addr + } +@@ -174,9 +197,12 @@ + } + + return fmt.Sprintf("%s:%d", host, port) ++ */ ++ return "" + } + + func (c *command) doGetHostWithPortFromSSHConfig() (addr string, found bool) { ++ /* + if DefaultSSHConfig == nil { + return + } +@@ -202,12 +228,13 @@ + } + + addr = fmt.Sprintf("%s:%d", host, port) ++ */ + return + } + + func (c *command) setAuthFromEndpoint() error { + var err error +- c.auth, err = DefaultAuthBuilder(c.endpoint.User) ++ // c.auth, err = DefaultAuthBuilder(c.endpoint.User) + return err + } + +@@ -215,7 +242,8 @@ + return fmt.Sprintf("%s '%s'", cmd, ep.Path) + } + +-func overrideConfig(overrides *ssh.ClientConfig, c *ssh.ClientConfig) { ++func overrideConfig(overrides *int, c *int) { ++ /* + if overrides == nil { + return + } +@@ -232,4 +260,5 @@ + } + + *c = vc.Interface().(ssh.ClientConfig) ++ */ + } +diff a/vendor/github.com/go-git/go-git/v5/repository.go b/vendor/github.com/go-git/go-git/v5/repository.go +--- a/vendor/github.com/go-git/go-git/v5/repository.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/repository.go 2022-12-20 13:46:57.584666477 -0500 +@@ -13,7 +13,7 @@ + "strings" + "time" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-billy/v5" + "github.com/go-git/go-billy/v5/osfs" + "github.com/go-git/go-billy/v5/util" +@@ -706,6 +706,7 @@ + Target: hash, + } + ++ /* + if opts.SignKey != nil { + sig, err := r.buildTagSignature(tag, opts.SignKey) + if err != nil { +@@ -714,6 +715,7 @@ + + tag.PGPSignature = sig + } ++ */ + + obj := r.Storer.NewEncodedObject() + if err := tag.Encode(obj); err != nil { +@@ -723,7 +725,8 @@ + return r.Storer.SetEncodedObject(obj) + } + +-func (r *Repository) buildTagSignature(tag *object.Tag, signKey *openpgp.Entity) (string, error) { ++func (r *Repository) buildTagSignature(tag *object.Tag, signKey *int) (string, error) { ++ /* + encoded := &plumbing.MemoryObject{} + if err := tag.Encode(encoded); err != nil { + return "", err +@@ -740,6 +743,8 @@ + } + + return b.String(), nil ++ */ ++ return "", nil + } + + // Tag returns a tag from the repository. +diff a/vendor/github.com/go-git/go-git/v5/worktree_commit.go b/vendor/github.com/go-git/go-git/v5/worktree_commit.go +--- a/vendor/github.com/go-git/go-git/v5/worktree_commit.go 2022-10-30 20:00:00.000000000 -0400 ++++ b/vendor/github.com/go-git/go-git/v5/worktree_commit.go 2022-12-20 13:47:27.671919357 -0500 +@@ -1,7 +1,7 @@ + package git + + import ( +- "bytes" ++ // "bytes" + "path" + "sort" + "strings" +@@ -12,7 +12,7 @@ + "github.com/go-git/go-git/v5/plumbing/object" + "github.com/go-git/go-git/v5/storage" + +- "github.com/ProtonMail/go-crypto/openpgp" ++ // "github.com/ProtonMail/go-crypto/openpgp" + "github.com/go-git/go-billy/v5" + ) + +@@ -101,6 +101,7 @@ + ParentHashes: opts.Parents, + } + ++ /* + if opts.SignKey != nil { + sig, err := w.buildCommitSignature(commit, opts.SignKey) + if err != nil { +@@ -108,6 +109,7 @@ + } + commit.PGPSignature = sig + } ++ */ + + obj := w.r.Storer.NewEncodedObject() + if err := commit.Encode(obj); err != nil { +@@ -116,7 +118,8 @@ + return w.r.Storer.SetEncodedObject(obj) + } + +-func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *openpgp.Entity) (string, error) { ++func (w *Worktree) buildCommitSignature(commit *object.Commit, signKey *int) (string, error) { ++ /* + encoded := &plumbing.MemoryObject{} + if err := commit.Encode(encoded); err != nil { + return "", err +@@ -130,6 +133,8 @@ + return "", err + } + return b.String(), nil ++ */ ++ return "", nil + } + + // buildTreeHelper converts a given index.Index file into multiple git objects diff --git a/1002-vendor-use-pbkdf2-from-OpenSSL.patch b/1002-vendor-use-pbkdf2-from-OpenSSL.patch new file mode 100644 index 0000000..48a4536 --- /dev/null +++ b/1002-vendor-use-pbkdf2-from-OpenSSL.patch @@ -0,0 +1,146 @@ +use pbkdf2 from OpenSSL if FIPS mode is enabled + +This patch modifies the x/crypto/pbkdf2 function to use OpenSSL +if FIPS mode is enabled. +DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h + +diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go +new file mode 100644 +index 0000000000..5a06918832 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/boring.go +@@ -0,0 +1,74 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Copyright 2021 Red Hat. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// +build linux ++// +build !android ++// +build !no_openssl ++// +build !cmd_go_bootstrap ++// +build !msan ++ ++package boring ++ ++// #include "openssl_pbkdf2.h" ++// #cgo LDFLAGS: -ldl ++import "C" ++import ( ++ "bytes" ++ "crypto/sha1" ++ "crypto/sha256" ++ "hash" ++ "unsafe" ++) ++ ++var ( ++ emptySha1 = sha1.Sum([]byte{}) ++ emptySha256 = sha256.Sum256([]byte{}) ++) ++ ++func hashToMD(h hash.Hash) *C.GO_EVP_MD { ++ emptyHash := h.Sum([]byte{}) ++ ++ switch { ++ case bytes.Equal(emptyHash, emptySha1[:]): ++ return C._goboringcrypto_EVP_sha1() ++ case bytes.Equal(emptyHash, emptySha256[:]): ++ return C._goboringcrypto_EVP_sha256() ++ } ++ return nil ++} ++ ++// charptr returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func charptr(b []byte) *C.char { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.char)(unsafe.Pointer(&b[0])) ++} ++ ++// ucharptr returns the address of the underlying array in b, ++// being careful not to panic when b has zero length. ++func ucharptr(b []byte) *C.uchar { ++ if len(b) == 0 { ++ return nil ++ } ++ return (*C.uchar)(unsafe.Pointer(&b[0])) ++} ++ ++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ // println("[debug] using pbkdf2 from OpenSSL") ++ ch := h() ++ md := hashToMD(ch) ++ if md == nil { ++ return nil ++ } ++ ++ out := make([]byte, keyLen) ++ ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out)) ++ if ok != 1 { ++ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed") ++ } ++ return out ++} +diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go +new file mode 100644 +index 0000000000..e244fb5663 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go +@@ -0,0 +1,16 @@ ++// Copyright 2017 The Go Authors. All rights reserved. ++// Copyright 2021 Red Hat. ++// Use of this source code is governed by a BSD-style ++// license that can be found in the LICENSE file. ++ ++// +build !linux !cgo android cmd_go_bootstrap msan no_openssl ++ ++package boring ++ ++import ( ++ "hash" ++) ++ ++func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ panic("boringcrypto: not available") ++} +diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h +new file mode 100644 +index 0000000000..6dfdf10424 +--- /dev/null ++++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h +@@ -0,0 +1,5 @@ ++#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h" ++ ++DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, ++ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out), ++ (pass, passlen, salt, saltlen, iter, digest, keylen, out)) +diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +index 593f653008..799a611f94 100644 +--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go ++++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +@@ -19,8 +19,11 @@ pbkdf2.Key. + package pbkdf2 // import "golang.org/x/crypto/pbkdf2" + + import ( ++ "crypto/boring" + "crypto/hmac" + "hash" ++ ++ xboring "golang.org/x/crypto/internal/boring" + ) + + // Key derives a key from the password, salt and iteration count, returning a +@@ -40,6 +43,10 @@ import ( + // Using a higher iteration count will increase the cost of an exhaustive + // search but will also make derivation proportionally slower. + func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte { ++ if boring.Enabled() { ++ return xboring.Pbkdf2Key(password, salt, iter, keyLen, h) ++ } ++ + prf := hmac.New(h, password) + hashLen := prf.Size() + numBlocks := (keyLen + hashLen - 1) / hashLen diff --git a/1003-vendor-skip-goldenfiles-tests.patch b/1003-vendor-skip-goldenfiles-tests.patch new file mode 100644 index 0000000..8f18c0e --- /dev/null +++ b/1003-vendor-skip-goldenfiles-tests.patch @@ -0,0 +1,18 @@ +skip goldenfiles tests + +The golden files include memory dumps from a x86_64 machine. +Integers are stored as little endian on x86, but as big endian on s390x, +therefore loading this memory dump fails on s390x. + +diff --git a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go +index 320f40f3bd..20f5fa4f46 100644 +--- a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go ++++ b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go +@@ -203,6 +203,7 @@ func CheckGoldenJSONFrame(t *testing.T, dir string, name string, f *data.Frame, + // CheckGoldenJSONResponse will verify that the stored JSON file matches the given backend.DataResponse. + func CheckGoldenJSONResponse(t *testing.T, dir string, name string, dr *backend.DataResponse, updateFile bool) { + t.Helper() ++ t.Skip("skipping test: x86_64 memory dump is not compatible with other architectures") + fpath := path.Join(dir, name+".jsonc") + + expected, err := readGoldenJSONFile(fpath) diff --git a/build_frontend.sh b/build_frontend.sh new file mode 100755 index 0000000..1117e80 --- /dev/null +++ b/build_frontend.sh @@ -0,0 +1,20 @@ +#!/bin/bash -eu + +# Webpack needs more than the default 4GB RAM +export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144" + +# Build the frontend +yarn run build + +# Build the bundled plugins +mkdir plugins-bundled/external +yarn run plugins:build-bundled +for plugin in plugins-bundled/internal/input-datasource; do + mv $plugin $plugin.tmp + mv $plugin.tmp/dist $plugin + rm -rf $plugin.tmp +done +rm plugins-bundled/README.md plugins-bundled/.gitignore plugins-bundled/external.json + +# Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics)) +chmod -R g-w,o-w public/build plugins-bundled diff --git a/create_bundles.sh b/create_bundles.sh new file mode 100755 index 0000000..647ad5c --- /dev/null +++ b/create_bundles.sh @@ -0,0 +1,85 @@ +#!/bin/bash -eux +VERSION=$(rpm --specfile ./*.spec --qf '%{VERSION}\n' | head -1) +RELEASE=$(rpm --specfile ./*.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) +CHANGELOGTIME=$(rpm --specfile ./*.spec --qf '%{CHANGELOGTIME}\n' | head -1) +SOURCE_DATE_EPOCH=$((CHANGELOGTIME - CHANGELOGTIME % 86400)) + +SOURCE_DIR=grafana-$VERSION +SOURCE_TAR=grafana-$VERSION.tar.gz +VENDOR_TAR=grafana-vendor-$VERSION-$RELEASE.tar.xz +WEBPACK_TAR=grafana-webpack-$VERSION-$RELEASE.tar.gz + + +## Download and extract source tarball +spectool -g grafana.spec +rm -rf "${SOURCE_DIR}" +tar xf "${SOURCE_TAR}" + + +## Create vendor bundle +pushd "${SOURCE_DIR}" + +# Vendor Go dependencies +patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch +go mod vendor + +# Generate Go files +make gen-go + +# Remove unused crypto +rm -r vendor/golang.org/x/crypto/bcrypt +rm -r vendor/golang.org/x/crypto/blowfish +rm -r vendor/golang.org/x/crypto/cast5 +rm -r vendor/golang.org/x/crypto/openpgp/elgamal +rm vendor/golang.org/x/crypto/openpgp/packet/ocfb.go +rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2 + +# List bundled dependencies +awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \ + sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest" + +# Vendor Node.js dependencies +patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch +export HUSKY=0 +yarn install --frozen-lockfile + +# Remove files with licensing issues +find .yarn -name 'node-notifier' -prune -exec rm -r {} \; +find .yarn -name 'nodemon' -prune -exec rm -r {} \; + +# List bundled dependencies +../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest" + +popd + +# Create tarball +# shellcheck disable=SC2046 +XZ_OPT=-9 tar \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ + --owner=0 --group=0 --numeric-owner \ + -cJf "${VENDOR_TAR}" \ + "${SOURCE_DIR}/vendor" \ + $(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \ + "${SOURCE_DIR}/.pnp.cjs" \ + "${SOURCE_DIR}/.yarn/cache" \ + "${SOURCE_DIR}/.yarn/unplugged" + + +## Create webpack +pushd "${SOURCE_DIR}" +../build_frontend.sh +popd + +# Create tarball +tar \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ + --owner=0 --group=0 --numeric-owner \ + -czf "${WEBPACK_TAR}" \ + "${SOURCE_DIR}/plugins-bundled" \ + "${SOURCE_DIR}/public/build" \ + "${SOURCE_DIR}/public/img" \ + "${SOURCE_DIR}/public/lib" \ + "${SOURCE_DIR}/public/locales" \ + "${SOURCE_DIR}/public/views" diff --git a/create_bundles_in_container.sh b/create_bundles_in_container.sh new file mode 100755 index 0000000..4640068 --- /dev/null +++ b/create_bundles_in_container.sh @@ -0,0 +1,24 @@ +#!/bin/bash -eu +# +# create vendor and webpack bundles inside a container (for reproducibility) +# using a Go cache: +# ./create_bundles_in_container.sh --security-opt label=disable -v $(pwd)/.gocache:/root/go +# + +cat <<EOF | podman build -t grafana-build -f - . +FROM fedora:36 + +RUN dnf upgrade -y && \ + dnf install -y rpmdevtools python3-packaging python3-pyyaml make golang nodejs yarnpkg + +# https://groups.google.com/g/golang-nuts/c/MVtHZUtZru4 +ENV GOPROXY=https://proxy.golang.org,direct + +WORKDIR /tmp/grafana-build +COPY grafana.spec create_bundles.sh build_frontend.sh list_bundled_nodejs_packages.py *.patch . +RUN mkdir bundles +CMD ./create_bundles.sh && mv *.tar.* bundles +EOF + +podman run --name grafana-build --replace "$@" grafana-build +podman cp grafana-build:bundles/. . diff --git a/grafana.fc b/grafana.fc new file mode 100644 index 0000000..5a090ea --- /dev/null +++ b/grafana.fc @@ -0,0 +1,24 @@ +/etc/systemd/system/grafana-server.service -- gen_context(system_u:object_r:grafana_unit_file_t,s0) +/usr/lib/systemd/system/grafana-server.service -- gen_context(system_u:object_r:grafana_unit_file_t,s0) + +/etc/grafana(/.*)? gen_context(system_u:object_r:grafana_conf_t,s0) + +/usr/sbin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0) +/usr/sbin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0) + +/var/lib/grafana(/.*)? gen_context(system_u:object_r:grafana_var_lib_t,s0) +#/var/lib/grafana/grafana.db -- gen_context(system_u:object_r:grafana_db_t,s0) + +/var/log/grafana(/.*)? gen_context(system_u:object_r:grafana_log_t,s0) + +/var/run/grafana(/.*)? -- gen_context(system_u:object_r:grafana_var_run_t,s0) + +#/var/lib/grafana/plugins(/.*)? gen_context(system_u:object_r:grafana_plugin_t,s0) + +/usr/share/grafana/bin/grafana -- gen_context(system_u:object_r:grafana_exec_t,s0) +/usr/share/grafana/bin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0) +/usr/share/grafana/bin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0) + +#define context for pcp plugin +#/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0) +/usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
\ No newline at end of file diff --git a/grafana.if b/grafana.if new file mode 100644 index 0000000..9776897 --- /dev/null +++ b/grafana.if @@ -0,0 +1,141 @@ +## <summary>policy for grafana</summary> + +######################################## +## <summary> +## Execute grafana_exec_t in the grafana domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`grafana_domtrans',` + gen_require(` + type grafana_t, grafana_exec_t; + ') + + corecmd_search_bin($1) + domtrans_pattern($1, grafana_exec_t, grafana_t) +') + +######################################## +## <summary> +## Allow domain to name_connect to grafana port. Default :3000 +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access +## </summary> +## </param> +# +interface(`connect_grafana_port',` + gen_require(` + class tcp_socket name_connect; + type grafana_port_t; + ') + + allow $1 grafana_port_t:tcp_socket name_connect; +') + +####################################### +## <summary> +## Read grafana database. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`grafana_read_db',` + gen_require(` + type grafana_db_t; + ') + + files_search_var_lib($1) + search_dirs_pattern($1, grafana_var_lib_t, grafana_var_lib_t) + read_files_pattern($1, grafana_db_t, grafana_db_t) +') + +###################################### +## <summary> +## Execute grafana in the caller domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +# +interface(`grafana_exec',` + gen_require(` + type grafana_exec_t; + ') + + corecmd_search_bin($1) + can_exec($1, grafana_exec_t) +') +######################################## +## <summary> +## Execute grafana server in the grafana domain. +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed to transition. +## </summary> +## </param> +# +interface(`grafana_systemctl',` + gen_require(` + type grafana_t; + type grafana_unit_file_t; + ') + + systemd_exec_systemctl($1) + systemd_read_fifo_file_passwd_run($1) + allow $1 grafana_unit_file_t:file read_file_perms; + allow $1 grafana_unit_file_t:service manage_service_perms; + + ps_process_pattern($1, grafana_t) +') + + +######################################## +## <summary> +## All of the rules required to administrate +## an grafana environment +## </summary> +## <param name="domain"> +## <summary> +## Domain allowed access. +## </summary> +## </param> +## <param name="role"> +## <summary> +## Role allowed access. +## </summary> +## </param> +## <rolecap/> +# +interface(`grafana_admin',` + gen_require(` + type grafana_t; + type grafana_unit_file_t; + ') + + allow $1 grafana_t:process { signal_perms }; + ps_process_pattern($1, grafana_t) + + tunable_policy(`deny_ptrace',`',` + allow $1 grafana_t:process ptrace; + ') + + grafana_systemctl($1) + admin_pattern($1, grafana_unit_file_t) + allow $1 grafana_unit_file_t:service all_service_perms; + optional_policy(` + systemd_passwd_agent_exec($1) + systemd_read_fifo_file_passwd_run($1) + ') +') diff --git a/grafana.spec b/grafana.spec new file mode 100644 index 0000000..7ff55af --- /dev/null +++ b/grafana.spec @@ -0,0 +1,1322 @@ +# Specify if the frontend will be compiled as part of the build or +# is attached as a webpack tarball (in case of an unsuitable nodejs version on the build system) +%define compile_frontend 0 + +%if 0%{?rhel} && ! 0%{?eln} +%define enable_fips_mode 1 +%else +%define enable_fips_mode 0 +%endif + +%global grafana_arches %{lua: go_arches = {} + for arch in rpm.expand("%{go_arches}"):gmatch("%S+") do + go_arches[arch] = 1 + end + for arch in rpm.expand("%{nodejs_arches}"):gmatch("%S+") do + if go_arches[arch] then + print(arch .. " ") + end +end} + +%global gomodulesmode GO111MODULE=auto +%global gotestflags %{gotestflags} -tags=integration + +%global selinux_variants mls targeted + +Name: grafana +Version: 9.2.10 +Release: 15%{?dist} +Summary: Metrics dashboard and graph editor +License: AGPL-3.0-only +URL: https://grafana.org + +# Source0 contains the tagged upstream sources +Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}-%{version}.tar.gz + +# Source1 contains the bundled Go and Node.js dependencies +# Note: In case there were no changes to this tarball, the NVR of this tarball +# lags behind the NVR of this package. +Source1: grafana-vendor-%{version}-2.tar.xz + +%if %{compile_frontend} == 0 +# Source2 contains the precompiled frontend +# Note: In case there were no changes to this tarball, the NVR of this tarball +# lags behind the NVR of this package. +Source2: grafana-webpack-%{version}-2.tar.gz +%endif + +# Source3 contains the systemd-sysusers configuration +Source3: grafana.sysusers + +# Source4 contains the script to create the vendor and webpack bundles +Source4: create_bundles.sh + +# Source5 contains the script to build the frontend +Source5: build_frontend.sh + +# Source6 contains the script to generate the list of bundled nodejs packages +Source6: list_bundled_nodejs_packages.py + +# Source7 contains the script to create the vendor and webpack bundles in a container +Source7: create_bundles_in_container.sh + +# Source8 - Source10 contain the grafana-selinux policy +Source8: grafana.te +Source9: grafana.fc +Source10: grafana.if + +# Patches affecting the source tarball +Patch1: 0001-update-grafana-cli-script-with-distro-specific-paths.patch +Patch2: 0002-add-manpages.patch +Patch3: 0003-update-default-configuration.patch +Patch4: 0004-remove-unused-backend-dependencies.patch +Patch5: 0005-remove-unused-frontend-crypto.patch +Patch6: 0006-skip-marketplace-plugin-install-test.patch +Patch7: 0007-fix-alert-test.patch +Patch8: 0008-graphite-functions-xss.patch +Patch9: 0009-redact-weak-ciphers.patch +Patch10: 0010-skip-tests.patch +Patch11: 0011-remove-email-lookup.patch +Patch12: 0012-coredump-selinux-error.patch + +# Patches affecting the vendor tarball +Patch1001: 1001-vendor-patch-removed-backend-crypto.patch +Patch1002: 1002-vendor-use-pbkdf2-from-OpenSSL.patch +Patch1003: 1003-vendor-skip-goldenfiles-tests.patch + +# Intersection of go_arches and nodejs_arches +ExclusiveArch: %{grafana_arches} + +BuildRequires: systemd +BuildRequires: systemd-rpm-macros +BuildRequires: golang +BuildRequires: go-srpm-macros +%if 0%{?rhel} >= 9 +BuildRequires: go-rpm-macros +%endif + +%if %{compile_frontend} +BuildRequires: nodejs >= 1:16 +BuildRequires: yarnpkg +%endif + +%if %{enable_fips_mode} +BuildRequires: openssl-devel +%endif + +%global GRAFANA_USER %{name} +%global GRAFANA_GROUP %{name} + +# grafana-server service daemon uses systemd +%{?systemd_requires} +Requires(pre): shadow-utils + +# Grafana queries the mime database (through mime.TypeByExtension, in a unit test and at runtime) +BuildRequires: shared-mime-info +Requires: shared-mime-info + +%if 0%{?fedora} >= 35 || 0%{?rhel} >= 8 +# This ensures that the grafana-selinux package and all its dependencies are +# not pulled into containers and other systems that do not use SELinux +Requires: (grafana-selinux = %{version}-%{release} if selinux-policy-targeted) +%else +Requires: grafana-selinux = %{version}-%{release} +%endif + +%if 0%{?fedora} || 0%{?rhel} > 7 +Recommends: grafana-pcp +%endif + +Obsoletes: grafana-cloudwatch < 7.3.6-1 +Obsoletes: grafana-elasticsearch < 7.3.6-1 +Obsoletes: grafana-azure-monitor < 7.3.6-1 +Obsoletes: grafana-graphite < 7.3.6-1 +Obsoletes: grafana-influxdb < 7.3.6-1 +Obsoletes: grafana-loki < 7.3.6-1 +Obsoletes: grafana-mssql < 7.3.6-1 +Obsoletes: grafana-mysql < 7.3.6-1 +Obsoletes: grafana-opentsdb < 7.3.6-1 +Obsoletes: grafana-postgres < 7.3.6-1 +Obsoletes: grafana-prometheus < 7.3.6-1 +Obsoletes: grafana-stackdriver < 7.3.6-1 +Provides: grafana-cloudwatch = 7.3.6-1 +Provides: grafana-elasticsearch = 7.3.6-1 +Provides: grafana-azure-monitor = 7.3.6-1 +Provides: grafana-graphite = 7.3.6-1 +Provides: grafana-influxdb = 7.3.6-1 +Provides: grafana-loki = 7.3.6-1 +Provides: grafana-mssql = 7.3.6-1 +Provides: grafana-mysql = 7.3.6-1 +Provides: grafana-opentsdb = 7.3.6-1 +Provides: grafana-postgres = 7.3.6-1 +Provides: grafana-prometheus = 7.3.6-1 +Provides: grafana-stackdriver = 7.3.6-1 + +# vendored golang and node.js build dependencies +# this is for security purposes, if nodejs-foo ever needs an update, +# affected packages can be easily identified. +# Note: generated by the Makefile (see README.md) +Provides: bundled(golang(cloud.google.com/go/storage)) = 1.21.0 +Provides: bundled(golang(cuelang.org/go)) = 0.4.3 +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go)) = 59.3.0+incompatible +Provides: bundled(golang(github.com/Azure/go-autorest/autorest)) = 0.11.22 +Provides: bundled(golang(github.com/BurntSushi/toml)) = 1.1.0 +Provides: bundled(golang(github.com/Masterminds/semver)) = 1.5.0 +Provides: bundled(golang(github.com/VividCortex/mysqlerr)) = 0.0.0-20170204212430.6c6b55f8796f +Provides: bundled(golang(github.com/aws/aws-sdk-go)) = 1.44.109 +Provides: bundled(golang(github.com/beevik/etree)) = 1.1.0 +Provides: bundled(golang(github.com/benbjohnson/clock)) = 1.3.0 +Provides: bundled(golang(github.com/bradfitz/gomemcache)) = 0.0.0-20190913173617.a41fca850d0b +Provides: bundled(golang(github.com/centrifugal/centrifuge)) = 0.25.0 +Provides: bundled(golang(github.com/cortexproject/cortex)) = 1.10.1-0.20211014125347.85c378182d0d +Provides: bundled(golang(github.com/davecgh/go-spew)) = 1.1.1 +Provides: bundled(golang(github.com/denisenkom/go-mssqldb)) = 0.12.0 +Provides: bundled(golang(github.com/dop251/goja)) = 0.0.0-20210804101310.32956a348b49 +Provides: bundled(golang(github.com/fatih/color)) = 1.13.0 +Provides: bundled(golang(github.com/gchaincl/sqlhooks)) = 1.3.0 +Provides: bundled(golang(github.com/getsentry/sentry-go)) = 0.13.0 +Provides: bundled(golang(github.com/go-git/go-git/v5)) = 5.4.2 +Provides: bundled(golang(github.com/go-kit/kit)) = 0.11.0 +Provides: bundled(golang(github.com/go-openapi/strfmt)) = 0.21.3 +Provides: bundled(golang(github.com/go-redis/redis/v8)) = 8.11.4 +Provides: bundled(golang(github.com/go-sourcemap/sourcemap)) = 2.1.3+incompatible +Provides: bundled(golang(github.com/go-sql-driver/mysql)) = 1.6.0 +Provides: bundled(golang(github.com/go-stack/stack)) = 1.8.1 +Provides: bundled(golang(github.com/gobwas/glob)) = 0.2.3 +Provides: bundled(golang(github.com/gogo/protobuf)) = 1.3.2 +Provides: bundled(golang(github.com/golang/mock)) = 1.6.0 +Provides: bundled(golang(github.com/golang/snappy)) = 0.0.4 +Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.8 +Provides: bundled(golang(github.com/google/uuid)) = 1.3.0 +Provides: bundled(golang(github.com/google/wire)) = 0.5.0 +Provides: bundled(golang(github.com/gorilla/websocket)) = 1.5.0 +Provides: bundled(golang(github.com/gosimple/slug)) = 1.12.0 +Provides: bundled(golang(github.com/grafana/cuetsy)) = 0.0.4-0.20220714174355.ebd987fdab27 +Provides: bundled(golang(github.com/grafana/grafana-aws-sdk)) = 0.10.8 +Provides: bundled(golang(github.com/grafana/grafana-azure-sdk-go)) = 1.3.0 +Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.139.0 +Provides: bundled(golang(github.com/grafana/thema)) = 0.0.0-20220817114012.ebeee841c104 +Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.3.0 +Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 1.0.0 +Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.4.3 +Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.3.0 +Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.6.0 +Provides: bundled(golang(github.com/influxdata/line-protocol)) = 0.0.0-20210311194329.9aa0e372d097 +Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.4.0 +Provides: bundled(golang(github.com/json-iterator/go)) = 1.1.12 +Provides: bundled(golang(github.com/lib/pq)) = 1.10.4 +Provides: bundled(golang(github.com/linkedin/goavro/v2)) = 2.10.0 +Provides: bundled(golang(github.com/m3db/prometheus_remote_client_golang)) = 0.4.4 +Provides: bundled(golang(github.com/magefile/mage)) = 1.13.0 +Provides: bundled(golang(github.com/mattn/go-isatty)) = 0.0.14 +Provides: bundled(golang(github.com/mattn/go-sqlite3)) = 1.14.16 +Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = 1.0.2 +Provides: bundled(golang(github.com/mwitkow/go-conntrack)) = 0.0.0-20190716064945.2f068394615f +Provides: bundled(golang(github.com/ohler55/ojg)) = 1.12.9 +Provides: bundled(golang(github.com/opentracing/opentracing-go)) = 1.2.0 +Provides: bundled(golang(github.com/patrickmn/go-cache)) = 2.1.0+incompatible +Provides: bundled(golang(github.com/pkg/errors)) = 0.9.1 +Provides: bundled(golang(github.com/prometheus/alertmanager)) = 0.24.1-0.20221003101219.ae510d09c048 +Provides: bundled(golang(github.com/prometheus/client_golang)) = 1.13.1 +Provides: bundled(golang(github.com/prometheus/client_model)) = 0.2.0 +Provides: bundled(golang(github.com/prometheus/common)) = 0.37.0 +Provides: bundled(golang(github.com/prometheus/prometheus)) = 1.8.2-0.20211011171444.354d8d2ecfac +Provides: bundled(golang(github.com/robfig/cron/v3)) = 3.0.1 +Provides: bundled(golang(github.com/russellhaering/goxmldsig)) = 1.1.1 +Provides: bundled(golang(github.com/stretchr/testify)) = 1.8.0 +Provides: bundled(golang(github.com/teris-io/shortid)) = 0.0.0-20171029131806.771a37caa5cf +Provides: bundled(golang(github.com/ua-parser/uap-go)) = 0.0.0-20211112212520.00c877edfe0f +Provides: bundled(golang(github.com/uber/jaeger-client-go)) = 2.29.1+incompatible +Provides: bundled(golang(github.com/urfave/cli/v2)) = 2.3.0 +Provides: bundled(golang(github.com/vectordotdev/go-datemath)) = 0.1.1-0.20220323213446.f3954d0b18ae +Provides: bundled(golang(github.com/xorcare/pointer)) = 1.1.0 +Provides: bundled(golang(github.com/yalue/merged_fs)) = 1.2.2 +Provides: bundled(golang(github.com/yudai/gojsondiff)) = 1.0.0 +Provides: bundled(golang(go.opentelemetry.io/collector)) = 0.31.0 +Provides: bundled(golang(go.opentelemetry.io/collector/model)) = 0.31.0 +Provides: bundled(golang(go.opentelemetry.io/otel)) = 1.6.3 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/jaeger)) = 1.0.0 +Provides: bundled(golang(go.opentelemetry.io/otel/sdk)) = 1.6.3 +Provides: bundled(golang(go.opentelemetry.io/otel/trace)) = 1.6.3 +Provides: bundled(golang(golang.org/x/crypto)) = 0.0.0-20220622213112.05595931fe9d +Provides: bundled(golang(golang.org/x/exp)) = 0.0.0-20220613132600.b0d781184e0d +Provides: bundled(golang(golang.org/x/oauth2)) = 0.0.0-20220608161450.d0670ef3b1eb +Provides: bundled(golang(golang.org/x/sync)) = 0.0.0-20220722155255.886fb9371eb4 +Provides: bundled(golang(golang.org/x/time)) = 0.0.0-20220609170525.579cf78fd858 +Provides: bundled(golang(golang.org/x/tools)) = 0.1.12 +Provides: bundled(golang(gonum.org/v1/gonum)) = 0.11.0 +Provides: bundled(golang(google.golang.org/api)) = 0.74.0 +Provides: bundled(golang(google.golang.org/grpc)) = 1.45.0 +Provides: bundled(golang(google.golang.org/protobuf)) = 1.28.1 +Provides: bundled(golang(gopkg.in/ini.v1)) = 1.66.2 +Provides: bundled(golang(gopkg.in/ldap.v3)) = 3.1.0 +Provides: bundled(golang(gopkg.in/mail.v2)) = 2.3.1 +Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.5.1 +Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.4.0 +Provides: bundled(golang(gopkg.in/yaml.v3)) = 3.0.1 +Provides: bundled(golang(xorm.io/builder)) = 0.3.6 +Provides: bundled(golang(xorm.io/core)) = 0.7.3 +Provides: bundled(golang(xorm.io/xorm)) = 0.8.2 +Provides: bundled(golang(github.com/andybalholm/brotli)) = 1.0.3 +Provides: bundled(golang(github.com/deepmap/oapi-codegen)) = 1.10.1 +Provides: bundled(golang(github.com/go-kit/log)) = 0.2.1 +Provides: bundled(golang(github.com/go-openapi/loads)) = 0.21.2 +Provides: bundled(golang(github.com/golang/protobuf)) = 1.5.2 +Provides: bundled(golang(github.com/googleapis/gax-go/v2)) = 2.2.0 +Provides: bundled(golang(github.com/grafana/grafana-google-sdk-go)) = 0.0.0-20211104130251.b190293eaf58 +Provides: bundled(golang(github.com/hashicorp/go-multierror)) = 1.1.1 +Provides: bundled(golang(github.com/segmentio/encoding)) = 0.3.5 +Provides: bundled(golang(go.uber.org/atomic)) = 1.9.0 +Provides: bundled(golang(golang.org/x/text)) = 0.4.0 +Provides: bundled(golang(google.golang.org/genproto)) = 0.0.0-20220421151946.72621c1f0bd3 +Provides: bundled(golang(cloud.google.com/go/kms)) = 1.4.0 +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/azidentity)) = 0.13.2 +Provides: bundled(golang(github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys)) = 0.4.0 +Provides: bundled(golang(github.com/Azure/go-autorest/autorest/adal)) = 0.9.17 +Provides: bundled(golang(github.com/armon/go-radix)) = 1.0.0 +Provides: bundled(golang(github.com/blugelabs/bluge)) = 0.1.9 +Provides: bundled(golang(github.com/blugelabs/bluge_segment_api)) = 0.2.0 +Provides: bundled(golang(github.com/dlmiddlecote/sqlstats)) = 1.0.2 +Provides: bundled(golang(github.com/drone/drone-cli)) = 1.5.0 +Provides: bundled(golang(github.com/getkin/kin-openapi)) = 0.94.0 +Provides: bundled(golang(github.com/golang-migrate/migrate/v4)) = 4.7.0 +Provides: bundled(golang(github.com/google/go-github/v45)) = 45.2.0 +Provides: bundled(golang(github.com/grafana/dskit)) = 0.0.0-20211011144203.3a88ec0b675f +Provides: bundled(golang(github.com/jmoiron/sqlx)) = 1.3.5 +Provides: bundled(golang(github.com/urfave/cli)) = 1.22.5 +Provides: bundled(golang(go.etcd.io/etcd/api/v3)) = 3.5.4 +Provides: bundled(golang(go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc)) = 0.31.0 +Provides: bundled(golang(go.opentelemetry.io/contrib/propagators/jaeger)) = 1.6.0 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace)) = 1.6.3 +Provides: bundled(golang(go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc)) = 1.6.3 +Provides: bundled(golang(gocloud.dev)) = 0.25.0 +Provides: bundled(golang(github.com/wk8/go-ordered-map)) = 1.0.0 +Provides: bundled(npm(@babel/core)) = 7.12.9 +Provides: bundled(npm(@babel/plugin-proposal-class-properties)) = 7.16.7 +Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.16.7 +Provides: bundled(npm(@babel/plugin-proposal-object-rest-spread)) = 7.12.1 +Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.16.7 +Provides: bundled(npm(@babel/plugin-syntax-dynamic-import)) = 7.8.3 +Provides: bundled(npm(@babel/plugin-transform-react-constant-elements)) = 7.18.9 +Provides: bundled(npm(@babel/plugin-transform-runtime)) = 7.18.10 +Provides: bundled(npm(@babel/plugin-transform-typescript)) = 7.16.7 +Provides: bundled(npm(@babel/preset-env)) = 7.16.11 +Provides: bundled(npm(@babel/preset-react)) = 7.16.7 +Provides: bundled(npm(@babel/preset-typescript)) = 7.16.7 +Provides: bundled(npm(@babel/runtime)) = 7.15.4 +Provides: bundled(npm(@betterer/betterer)) = 5.4.0 +Provides: bundled(npm(@betterer/cli)) = 5.4.0 +Provides: bundled(npm(@betterer/eslint)) = 5.4.0 +Provides: bundled(npm(@betterer/regexp)) = 5.4.0 +Provides: bundled(npm(@braintree/sanitize-url)) = 6.0.2 +Provides: bundled(npm(@cypress/webpack-preprocessor)) = 5.12.0 +Provides: bundled(npm(@daybrush/utils)) = 1.6.0 +Provides: bundled(npm(@emotion/css)) = 10.0.27 +Provides: bundled(npm(@emotion/eslint-plugin)) = 11.7.0 +Provides: bundled(npm(@emotion/react)) = 11.9.0 +Provides: bundled(npm(@grafana/agent-core)) = 0.4.0 +Provides: bundled(npm(@grafana/agent-web)) = 0.4.0 +Provides: bundled(npm(@grafana/aws-sdk)) = 0.0.37 +Provides: bundled(npm(@grafana/data)) = 0.0.0-use.local +Provides: bundled(npm(@grafana/e2e)) = 0.0.0-use.local +Provides: bundled(npm(@grafana/e2e-selectors)) = 0.0.0-use.local +Provides: bundled(npm(@grafana/eslint-config)) = 5.0.0 +Provides: bundled(npm(@grafana/experimental)) = 1.0.1 +Provides: bundled(npm(@grafana/google-sdk)) = 0.0.3 +Provides: bundled(npm(@grafana/lezer-logql)) = 0.1.0 +Provides: bundled(npm(@grafana/runtime)) = 0.0.0-use.local +Provides: bundled(npm(@grafana/schema)) = 0.0.0-use.local +Provides: bundled(npm(@grafana/toolkit)) = 0.0.0-use.local +Provides: bundled(npm(@grafana/tsconfig)) = 1.2.0rc1 +Provides: bundled(npm(@grafana/ui)) = 0.0.0-use.local +Provides: bundled(npm(@jaegertracing/jaeger-ui-components)) = 0.0.0-use.local +Provides: bundled(npm(@jest/core)) = 27.5.1 +Provides: bundled(npm(@kusto/monaco-kusto)) = 5.2.0 +Provides: bundled(npm(@lezer/common)) = 1.0.0 +Provides: bundled(npm(@lezer/highlight)) = 1.0.0 +Provides: bundled(npm(@lezer/lr)) = 1.2.3 +Provides: bundled(npm(@lingui/cli)) = 3.14.0 +Provides: bundled(npm(@lingui/core)) = 3.14.0 +Provides: bundled(npm(@lingui/macro)) = 3.12.1 +Provides: bundled(npm(@lingui/react)) = 3.14.0 +Provides: bundled(npm(@mdx-js/react)) = 1.6.22 +Provides: bundled(npm(@mochajs/json-file-reporter)) = 1.3.0 +Provides: bundled(npm(@monaco-editor/react)) = 4.4.5 +Provides: bundled(npm(@opentelemetry/api)) = 1.1.0 +Provides: bundled(npm(@opentelemetry/exporter-collector)) = 0.25.0 +Provides: bundled(npm(@opentelemetry/semantic-conventions)) = 0.25.0 +Provides: bundled(npm(@pmmmwh/react-refresh-webpack-plugin)) = 0.5.7 +Provides: bundled(npm(@popperjs/core)) = 2.11.2 +Provides: bundled(npm(@prometheus-io/lezer-promql)) = 0.37.0 +Provides: bundled(npm(@react-aria/button)) = 3.6.1 +Provides: bundled(npm(@react-aria/dialog)) = 3.3.1 +Provides: bundled(npm(@react-aria/focus)) = 3.8.0 +Provides: bundled(npm(@react-aria/interactions)) = 3.11.0 +Provides: bundled(npm(@react-aria/menu)) = 3.6.1 +Provides: bundled(npm(@react-aria/overlays)) = 3.10.1 +Provides: bundled(npm(@react-aria/utils)) = 3.13.1 +Provides: bundled(npm(@react-stately/collections)) = 3.4.1 +Provides: bundled(npm(@react-stately/menu)) = 3.4.1 +Provides: bundled(npm(@react-stately/tree)) = 3.3.1 +Provides: bundled(npm(@react-types/button)) = 3.6.1 +Provides: bundled(npm(@react-types/menu)) = 3.7.1 +Provides: bundled(npm(@react-types/overlays)) = 3.6.1 +Provides: bundled(npm(@react-types/shared)) = 3.13.1 +Provides: bundled(npm(@reduxjs/toolkit)) = 1.8.5 +Provides: bundled(npm(@rollup/plugin-commonjs)) = 22.0.1 +Provides: bundled(npm(@rollup/plugin-json)) = 4.1.0 +Provides: bundled(npm(@rollup/plugin-node-resolve)) = 13.3.0 +Provides: bundled(npm(@rtsao/plugin-proposal-class-properties)) = 7.0.1-patch.1 +Provides: bundled(npm(@sentry/browser)) = 6.19.7 +Provides: bundled(npm(@sentry/types)) = 6.19.7 +Provides: bundled(npm(@sentry/utils)) = 6.19.7 +Provides: bundled(npm(@storybook/addon-a11y)) = 6.4.21 +Provides: bundled(npm(@storybook/addon-actions)) = 6.4.21 +Provides: bundled(npm(@storybook/addon-docs)) = 6.4.21 +Provides: bundled(npm(@storybook/addon-essentials)) = 6.4.21 +Provides: bundled(npm(@storybook/addon-knobs)) = 6.4.0 +Provides: bundled(npm(@storybook/addon-storysource)) = 6.4.21 +Provides: bundled(npm(@storybook/addons)) = 6.4.21 +Provides: bundled(npm(@storybook/api)) = 6.4.21 +Provides: bundled(npm(@storybook/builder-webpack5)) = 6.4.21 +Provides: bundled(npm(@storybook/client-api)) = 6.4.21 +Provides: bundled(npm(@storybook/components)) = 6.4.21 +Provides: bundled(npm(@storybook/core-events)) = 6.4.21 +Provides: bundled(npm(@storybook/manager-webpack5)) = 6.4.21 +Provides: bundled(npm(@storybook/react)) = 6.4.21 +Provides: bundled(npm(@storybook/theming)) = 6.4.21 +Provides: bundled(npm(@swc/core)) = 1.3.1 +Provides: bundled(npm(@swc/helpers)) = 0.4.3 +Provides: bundled(npm(@testing-library/dom)) = 8.13.0 +Provides: bundled(npm(@testing-library/jest-dom)) = 5.16.4 +Provides: bundled(npm(@testing-library/react)) = 12.1.4 +Provides: bundled(npm(@testing-library/react-hooks)) = 8.0.1 +Provides: bundled(npm(@testing-library/user-event)) = 14.4.3 +Provides: bundled(npm(@types/angular)) = 1.8.3 +Provides: bundled(npm(@types/angular-route)) = 1.7.2 +Provides: bundled(npm(@types/chrome-remote-interface)) = 0.31.4 +Provides: bundled(npm(@types/classnames)) = 2.3.0 +Provides: bundled(npm(@types/command-exists)) = 1.2.0 +Provides: bundled(npm(@types/common-tags)) = 1.8.1 +Provides: bundled(npm(@types/d3)) = 7.4.0 +Provides: bundled(npm(@types/d3-force)) = 2.1.4 +Provides: bundled(npm(@types/d3-interpolate)) = 1.4.2 +Provides: bundled(npm(@types/d3-scale-chromatic)) = 1.3.1 +Provides: bundled(npm(@types/debounce-promise)) = 3.1.4 +Provides: bundled(npm(@types/deep-freeze)) = 0.1.2 +Provides: bundled(npm(@types/dompurify)) = 2.4.0 +Provides: bundled(npm(@types/enzyme)) = 3.10.10 +Provides: bundled(npm(@types/enzyme-adapter-react-16)) = 1.0.6 +Provides: bundled(npm(@types/eslint)) = 7.28.2 +Provides: bundled(npm(@types/file-saver)) = 2.0.5 +Provides: bundled(npm(@types/fs-extra)) = 9.0.13 +Provides: bundled(npm(@types/google.analytics)) = 0.0.42 +Provides: bundled(npm(@types/gtag.js)) = 0.0.11 +Provides: bundled(npm(@types/history)) = 4.7.9 +Provides: bundled(npm(@types/hoist-non-react-statics)) = 3.3.1 +Provides: bundled(npm(@types/inquirer)) = 8.2.1 +Provides: bundled(npm(@types/is-hotkey)) = 0.1.7 +Provides: bundled(npm(@types/jest)) = 26.0.15 +Provides: bundled(npm(@types/jquery)) = 3.5.14 +Provides: bundled(npm(@types/js-yaml)) = 4.0.5 +Provides: bundled(npm(@types/jsurl)) = 1.2.30 +Provides: bundled(npm(@types/lingui__macro)) = 3.0.0 +Provides: bundled(npm(@types/lodash)) = 4.14.149 +Provides: bundled(npm(@types/logfmt)) = 1.2.2 +Provides: bundled(npm(@types/marked)) = 4.0.3 +Provides: bundled(npm(@types/mock-raf)) = 1.0.3 +Provides: bundled(npm(@types/mousetrap)) = 1.6.9 +Provides: bundled(npm(@types/node)) = 14.17.32 +Provides: bundled(npm(@types/ol-ext)) = 2.3.0 +Provides: bundled(npm(@types/papaparse)) = 5.3.2 +Provides: bundled(npm(@types/pluralize)) = 0.0.29 +Provides: bundled(npm(@types/prettier)) = 2.4.2 +Provides: bundled(npm(@types/prismjs)) = 1.26.0 +Provides: bundled(npm(@types/prop-types)) = 15.7.4 +Provides: bundled(npm(@types/rc-time-picker)) = 3.4.1 +Provides: bundled(npm(@types/rc-tree)) = 3.0.0 +Provides: bundled(npm(@types/react)) = 17.0.30 +Provides: bundled(npm(@types/react-beautiful-dnd)) = 13.1.2 +Provides: bundled(npm(@types/react-calendar)) = 3.5.1 +Provides: bundled(npm(@types/react-color)) = 3.0.6 +Provides: bundled(npm(@types/react-dev-utils)) = 9.0.10 +Provides: bundled(npm(@types/react-dom)) = 17.0.10 +Provides: bundled(npm(@types/react-grid-layout)) = 1.3.2 +Provides: bundled(npm(@types/react-highlight-words)) = 0.16.4 +Provides: bundled(npm(@types/react-icons)) = 2.2.7 +Provides: bundled(npm(@types/react-redux)) = 7.1.20 +Provides: bundled(npm(@types/react-resizable)) = 3.0.2 +Provides: bundled(npm(@types/react-router-dom)) = 5.3.3 +Provides: bundled(npm(@types/react-table)) = 7.7.12 +Provides: bundled(npm(@types/react-test-renderer)) = 17.0.1 +Provides: bundled(npm(@types/react-transition-group)) = 4.4.4 +Provides: bundled(npm(@types/react-virtualized-auto-sizer)) = 1.0.1 +Provides: bundled(npm(@types/react-window)) = 1.8.5 +Provides: bundled(npm(@types/react-window-infinite-loader)) = 1.0.6 +Provides: bundled(npm(@types/redux-mock-store)) = 1.0.3 +Provides: bundled(npm(@types/reselect)) = 2.2.0 +Provides: bundled(npm(@types/rimraf)) = 3.0.2 +Provides: bundled(npm(@types/semver)) = 7.3.9 +Provides: bundled(npm(@types/sinon)) = 10.0.13 +Provides: bundled(npm(@types/slate)) = 0.47.9 +Provides: bundled(npm(@types/slate-plain-serializer)) = 0.7.2 +Provides: bundled(npm(@types/slate-react)) = 0.22.9 +Provides: bundled(npm(@types/systemjs)) = 0.20.8 +Provides: bundled(npm(@types/testing-library__jest-dom)) = 5.14.1 +Provides: bundled(npm(@types/testing-library__react-hooks)) = 3.4.1 +Provides: bundled(npm(@types/tinycolor2)) = 1.4.3 +Provides: bundled(npm(@types/tmp)) = 0.2.3 +Provides: bundled(npm(@types/uuid)) = 8.3.4 +Provides: bundled(npm(@types/webpack-env)) = 1.16.3 +Provides: bundled(npm(@typescript-eslint/eslint-plugin)) = 5.16.0 +Provides: bundled(npm(@typescript-eslint/parser)) = 5.16.0 +Provides: bundled(npm(@visx/event)) = 2.6.0 +Provides: bundled(npm(@visx/gradient)) = 2.10.0 +Provides: bundled(npm(@visx/group)) = 2.10.0 +Provides: bundled(npm(@visx/scale)) = 2.2.2 +Provides: bundled(npm(@visx/shape)) = 2.12.2 +Provides: bundled(npm(@visx/tooltip)) = 2.10.0 +Provides: bundled(npm(@welldone-software/why-did-you-render)) = 7.0.1 +Provides: bundled(npm(@wojtekmaj/enzyme-adapter-react-17)) = 0.6.7 +Provides: bundled(npm(angular)) = 1.8.3 +Provides: bundled(npm(angular-bindonce)) = 0.3.1 +Provides: bundled(npm(angular-route)) = 1.8.3 +Provides: bundled(npm(angular-sanitize)) = 1.8.3 +Provides: bundled(npm(ansicolor)) = 1.1.100 +Provides: bundled(npm(app)) = 0.0.0-use.local +Provides: bundled(npm(autoprefixer)) = 9.8.8 +Provides: bundled(npm(axios)) = 0.25.0 +Provides: bundled(npm(babel-jest)) = 27.5.1 +Provides: bundled(npm(babel-loader)) = 8.2.5 +Provides: bundled(npm(babel-plugin-angularjs-annotate)) = 0.10.0 +Provides: bundled(npm(babel-plugin-macros)) = 2.8.0 +Provides: bundled(npm(baron)) = 3.0.3 +Provides: bundled(npm(blink-diff)) = 1.0.13 +Provides: bundled(npm(brace)) = 0.11.1 +Provides: bundled(npm(calculate-size)) = 1.1.1 +Provides: bundled(npm(centrifuge)) = 3.0.1 +Provides: bundled(npm(chalk)) = 2.4.2 +Provides: bundled(npm(chance)) = 1.1.8 +Provides: bundled(npm(chrome-remote-interface)) = 0.31.3 +Provides: bundled(npm(classnames)) = 2.3.1 +Provides: bundled(npm(combokeys)) = 3.0.1 +Provides: bundled(npm(comlink)) = 4.3.1 +Provides: bundled(npm(command-exists)) = 1.2.9 +Provides: bundled(npm(commander)) = 2.11.0 +Provides: bundled(npm(common-tags)) = 1.8.0 +Provides: bundled(npm(copy-to-clipboard)) = 3.3.1 +Provides: bundled(npm(copy-webpack-plugin)) = 9.0.1 +Provides: bundled(npm(core-js)) = 2.6.12 +Provides: bundled(npm(css-loader)) = 5.2.7 +Provides: bundled(npm(css-minimizer-webpack-plugin)) = 3.4.1 +Provides: bundled(npm(csstype)) = 2.6.18 +Provides: bundled(npm(cypress)) = 9.5.1 +Provides: bundled(npm(cypress-file-upload)) = 5.0.8 +Provides: bundled(npm(d3)) = 5.15.0 +Provides: bundled(npm(d3-force)) = 1.2.1 +Provides: bundled(npm(d3-interpolate)) = 1.4.0 +Provides: bundled(npm(d3-scale-chromatic)) = 1.5.0 +Provides: bundled(npm(dangerously-set-html-content)) = 1.0.9 +Provides: bundled(npm(date-fns)) = 2.25.0 +Provides: bundled(npm(debounce-promise)) = 3.1.2 +Provides: bundled(npm(deep-freeze)) = 0.0.1 +Provides: bundled(npm(devtools-protocol)) = 0.0.927104 +Provides: bundled(npm(dompurify)) = 2.3.8 +Provides: bundled(npm(emotion)) = 10.0.27 +Provides: bundled(npm(enzyme)) = 3.11.0 +Provides: bundled(npm(enzyme-to-json)) = 3.6.2 +Provides: bundled(npm(esbuild)) = 0.15.7 +Provides: bundled(npm(eslint)) = 8.11.0 +Provides: bundled(npm(eslint-config-prettier)) = 8.5.0 +Provides: bundled(npm(eslint-plugin-import)) = 2.26.0 +Provides: bundled(npm(eslint-plugin-jest)) = 26.6.0 +Provides: bundled(npm(eslint-plugin-jsdoc)) = 38.0.6 +Provides: bundled(npm(eslint-plugin-jsx-a11y)) = 6.6.1 +Provides: bundled(npm(eslint-plugin-lodash)) = 7.4.0 +Provides: bundled(npm(eslint-plugin-react)) = 7.29.4 +Provides: bundled(npm(eslint-plugin-react-hooks)) = 4.3.0 +Provides: bundled(npm(eslint-webpack-plugin)) = 3.2.0 +Provides: bundled(npm(eventemitter3)) = 4.0.7 +Provides: bundled(npm(execa)) = 1.0.0 +Provides: bundled(npm(expose-loader)) = 4.0.0 +Provides: bundled(npm(fast-deep-equal)) = 3.1.3 +Provides: bundled(npm(fast-json-patch)) = 3.1.1 +Provides: bundled(npm(fast_array_intersect)) = 1.1.0 +Provides: bundled(npm(file-saver)) = 2.0.5 +Provides: bundled(npm(fork-ts-checker-webpack-plugin)) = 4.1.6 +Provides: bundled(npm(framework-utils)) = 1.1.0 +Provides: bundled(npm(fs-extra)) = 0.30.0 +Provides: bundled(npm(fuzzy)) = 0.1.3 +Provides: bundled(npm(glob)) = 7.1.4 +Provides: bundled(npm(globby)) = 9.2.0 +Provides: bundled(npm(history)) = 4.10.1 +Provides: bundled(npm(hoist-non-react-statics)) = 3.3.2 +Provides: bundled(npm(html-loader)) = 3.1.0 +Provides: bundled(npm(html-webpack-plugin)) = 5.5.0 +Provides: bundled(npm(http-server)) = 14.1.1 +Provides: bundled(npm(husky)) = 8.0.1 +Provides: bundled(npm(immer)) = 9.0.7 +Provides: bundled(npm(immutable)) = 3.8.2 +Provides: bundled(npm(inquirer)) = 7.3.3 +Provides: bundled(npm(is-hotkey)) = 0.1.4 +Provides: bundled(npm(jest)) = 27.5.1 +Provides: bundled(npm(jest-canvas-mock)) = 2.3.1 +Provides: bundled(npm(jest-date-mock)) = 1.0.8 +Provides: bundled(npm(jest-environment-jsdom)) = 27.5.1 +Provides: bundled(npm(jest-fail-on-console)) = 2.4.2 +Provides: bundled(npm(jest-junit)) = 13.1.0 +Provides: bundled(npm(jest-matcher-utils)) = 27.5.1 +Provides: bundled(npm(jquery)) = 3.5.1 +Provides: bundled(npm(js-yaml)) = 3.14.1 +Provides: bundled(npm(json-markup)) = 1.1.3 +Provides: bundled(npm(json-source-map)) = 0.6.1 +Provides: bundled(npm(jsurl)) = 0.1.5 +Provides: bundled(npm(kbar)) = 0.1.0b36 +Provides: bundled(npm(lerna)) = 5.2.0 +Provides: bundled(npm(less)) = 4.1.2 +Provides: bundled(npm(less-loader)) = 10.2.0 +Provides: bundled(npm(lint-staged)) = 13.0.3 +Provides: bundled(npm(lodash)) = 4.17.21 +Provides: bundled(npm(logfmt)) = 1.3.2 +Provides: bundled(npm(lru-cache)) = 6.0.0 +Provides: bundled(npm(lru-memoize)) = 1.1.0 +Provides: bundled(npm(marked)) = 4.1.0 +Provides: bundled(npm(md5-file)) = 5.0.0 +Provides: bundled(npm(memoize-one)) = 4.0.3 +Provides: bundled(npm(mini-css-extract-plugin)) = 2.6.0 +Provides: bundled(npm(mocha)) = 10.0.0 +Provides: bundled(npm(mock-raf)) = 1.0.1 +Provides: bundled(npm(moment)) = 2.29.4 +Provides: bundled(npm(moment-timezone)) = 0.5.35 +Provides: bundled(npm(monaco-editor)) = 0.34.0 +Provides: bundled(npm(monaco-promql)) = 1.7.4 +Provides: bundled(npm(mousetrap)) = 1.6.5 +Provides: bundled(npm(mousetrap-global-bind)) = 1.1.0 +Provides: bundled(npm(moveable)) = 0.35.4 +Provides: bundled(npm(msw)) = 0.48.1 +Provides: bundled(npm(mutationobserver-shim)) = 0.3.7 +Provides: bundled(npm(ngtemplate-loader)) = 2.1.0 +Provides: bundled(npm(node-notifier)) = 10.0.1 +Provides: bundled(npm(ol)) = 6.15.1 +Provides: bundled(npm(ol-ext)) = 3.2.28 +Provides: bundled(npm(ora)) = 5.4.1 +Provides: bundled(npm(papaparse)) = 5.3.1 +Provides: bundled(npm(pixelmatch)) = 5.2.1 +Provides: bundled(npm(pluralize)) = 8.0.0 +Provides: bundled(npm(pngjs)) = 2.3.1 +Provides: bundled(npm(postcss)) = 7.0.39 +Provides: bundled(npm(postcss-flexbugs-fixes)) = 4.2.1 +Provides: bundled(npm(postcss-loader)) = 4.3.0 +Provides: bundled(npm(postcss-preset-env)) = 7.4.3 +Provides: bundled(npm(postcss-reporter)) = 7.0.5 +Provides: bundled(npm(postcss-scss)) = 4.0.2 +Provides: bundled(npm(prettier)) = 2.3.0 +Provides: bundled(npm(prismjs)) = 1.27.0 +Provides: bundled(npm(process)) = 0.11.10 +Provides: bundled(npm(prop-types)) = 15.7.2 +Provides: bundled(npm(raw-loader)) = 4.0.2 +Provides: bundled(npm(rc-cascader)) = 3.6.1 +Provides: bundled(npm(rc-drawer)) = 4.4.3 +Provides: bundled(npm(rc-slider)) = 9.7.5 +Provides: bundled(npm(rc-time-picker)) = 3.7.3 +Provides: bundled(npm(rc-tree)) = 5.6.5 +Provides: bundled(npm(re-resizable)) = 6.9.9 +Provides: bundled(npm(react)) = 17.0.1 +Provides: bundled(npm(react-awesome-query-builder)) = 5.1.2 +Provides: bundled(npm(react-beautiful-dnd)) = 13.1.0 +Provides: bundled(npm(react-calendar)) = 3.7.0 +Provides: bundled(npm(react-colorful)) = 5.5.1 +Provides: bundled(npm(react-custom-scrollbars-2)) = 4.5.0 +Provides: bundled(npm(react-dev-utils)) = 12.0.0 +Provides: bundled(npm(react-diff-viewer)) = 3.1.1 +Provides: bundled(npm(react-dom)) = 17.0.1 +Provides: bundled(npm(react-draggable)) = 4.4.4 +Provides: bundled(npm(react-dropzone)) = 14.2.2 +Provides: bundled(npm(react-grid-layout)) = 1.3.4 +Provides: bundled(npm(react-highlight-words)) = 0.18.0 +Provides: bundled(npm(react-hook-form)) = 7.5.3 +Provides: bundled(npm(react-icons)) = 2.2.7 +Provides: bundled(npm(react-inlinesvg)) = 3.0.0 +Provides: bundled(npm(react-moveable)) = 0.38.4 +Provides: bundled(npm(react-popper)) = 2.2.5 +Provides: bundled(npm(react-popper-tooltip)) = 3.1.1 +Provides: bundled(npm(react-redux)) = 7.2.6 +Provides: bundled(npm(react-refresh)) = 0.11.0 +Provides: bundled(npm(react-resizable)) = 3.0.4 +Provides: bundled(npm(react-reverse-portal)) = 2.1.1 +Provides: bundled(npm(react-router-dom)) = 5.3.0 +Provides: bundled(npm(react-select)) = 3.2.0 +Provides: bundled(npm(react-select-event)) = 5.3.0 +Provides: bundled(npm(react-simple-compat)) = 1.2.2 +Provides: bundled(npm(react-split-pane)) = 0.1.92 +Provides: bundled(npm(react-table)) = 7.8.0 +Provides: bundled(npm(react-test-renderer)) = 17.0.2 +Provides: bundled(npm(react-transition-group)) = 4.4.2 +Provides: bundled(npm(react-use)) = 17.4.0 +Provides: bundled(npm(react-virtualized-auto-sizer)) = 1.0.6 +Provides: bundled(npm(react-window)) = 1.8.7 +Provides: bundled(npm(react-window-infinite-loader)) = 1.0.8 +Provides: bundled(npm(redux)) = 4.1.1 +Provides: bundled(npm(redux-mock-store)) = 1.5.4 +Provides: bundled(npm(redux-thunk)) = 2.4.1 +Provides: bundled(npm(regenerator-runtime)) = 0.11.1 +Provides: bundled(npm(replace-in-file-webpack-plugin)) = 1.0.6 +Provides: bundled(npm(reselect)) = 4.1.0 +Provides: bundled(npm(resolve-as-bin)) = 2.1.0 +Provides: bundled(npm(rimraf)) = 2.7.1 +Provides: bundled(npm(rollup)) = 2.77.2 +Provides: bundled(npm(rollup-plugin-dts)) = 4.2.2 +Provides: bundled(npm(rollup-plugin-esbuild)) = 4.9.1 +Provides: bundled(npm(rollup-plugin-node-externals)) = 4.1.0 +Provides: bundled(npm(rollup-plugin-sourcemaps)) = 0.6.3 +Provides: bundled(npm(rollup-plugin-svg-import)) = 1.6.0 +Provides: bundled(npm(rollup-plugin-terser)) = 7.0.2 +Provides: bundled(npm(rst2html)) = 1.0.4 +Provides: bundled(npm(rudder-sdk-js)) = 2.13.0 +Provides: bundled(npm(rxjs)) = 6.6.7 +Provides: bundled(npm(sass)) = 1.50.1 +Provides: bundled(npm(sass-loader)) = 12.6.0 +Provides: bundled(npm(selecto)) = 1.19.1 +Provides: bundled(npm(semver)) = 5.7.1 +Provides: bundled(npm(simple-git)) = 3.7.1 +Provides: bundled(npm(sinon)) = 14.0.0 +Provides: bundled(npm(slate)) = 0.47.9 +Provides: bundled(npm(slate-plain-serializer)) = 0.7.11 +Provides: bundled(npm(slate-react)) = 0.22.10 +Provides: bundled(npm(sql-formatter-plus)) = 1.3.6 +Provides: bundled(npm(storybook-dark-mode)) = 1.1.0 +Provides: bundled(npm(style-loader)) = 1.3.0 +Provides: bundled(npm(stylelint)) = 14.9.1 +Provides: bundled(npm(stylelint-config-prettier)) = 9.0.3 +Provides: bundled(npm(stylelint-config-sass-guidelines)) = 9.0.1 +Provides: bundled(npm(symbol-observable)) = 4.0.0 +Provides: bundled(npm(systemjs)) = 0.20.19 +Provides: bundled(npm(terser-webpack-plugin)) = 4.2.3 +Provides: bundled(npm(test)) = 0.0.0-use.local +Provides: bundled(npm(testing-library-selector)) = 0.2.1 +Provides: bundled(npm(tether-drop)) = 1.5.0 +Provides: bundled(npm(tinycolor2)) = 1.4.2 +Provides: bundled(npm(tracelib)) = 1.0.1 +Provides: bundled(npm(ts-jest)) = 27.1.3 +Provides: bundled(npm(ts-loader)) = 8.4.0 +Provides: bundled(npm(ts-node)) = 9.1.1 +Provides: bundled(npm(tslib)) = 1.14.1 +Provides: bundled(npm(tween-functions)) = 1.2.0 +Provides: bundled(npm(typescript)) = 4.6.4 +Provides: bundled(npm(uplot)) = 1.6.22 +Provides: bundled(npm(uuid)) = 3.4.0 +Provides: bundled(npm(vendor)) = 0.0.0-use.local +Provides: bundled(npm(visjs-network)) = 4.25.0 +Provides: bundled(npm(wait-on)) = 6.0.1 +Provides: bundled(npm(webpack)) = 5.72.0 +Provides: bundled(npm(webpack-bundle-analyzer)) = 4.5.0 +Provides: bundled(npm(webpack-cli)) = 4.10.0 +Provides: bundled(npm(webpack-dev-server)) = 4.9.3 +Provides: bundled(npm(webpack-filter-warnings-plugin)) = 1.2.1 +Provides: bundled(npm(webpack-manifest-plugin)) = 5.0.0 +Provides: bundled(npm(webpack-merge)) = 5.8.0 +Provides: bundled(npm(whatwg-fetch)) = 3.6.2 +Provides: bundled(npm(xss)) = 1.0.13 +Provides: bundled(npm(yaml)) = 1.10.2 + + +%description +Grafana is an open source, feature rich metrics dashboard and graph editor for +Graphite, InfluxDB & OpenTSDB. + +# SELinux package +%package selinux +Summary: SELinux policy module supporting grafana +BuildRequires: checkpolicy, selinux-policy-devel, selinux-policy-targeted +%if "%{_selinux_policy_version}" != "" +Requires: selinux-policy >= %{_selinux_policy_version} +%endif +Requires: %{name} = %{version}-%{release} +Requires: selinux-policy-targeted +Requires(post): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, grafana +Requires(postun): /usr/sbin/semodule, /usr/sbin/semanage, /sbin/restorecon, /sbin/fixfiles, /sbin/service, grafana + +%description selinux +SELinux policy module supporting grafana + +%prep +%setup -q -T -D -b 0 +%setup -q -T -D -b 1 +%if %{compile_frontend} == 0 +# remove bundled plugins source, otherwise they'll get merged +# with the compiled bundled plugins when extracting the webpack +rm -r plugins-bundled +%setup -q -T -D -b 2 +%endif + +# SELinux policy +mkdir SELinux +cp -p %{SOURCE8} %{SOURCE9} %{SOURCE10} SELinux + +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 +%patch -P 8 -p1 +%patch -P 9 -p1 +%patch -P 10 -p1 +%patch -P 11 -p1 +%patch -P 12 -p1 + +%patch -P 1001 -p1 +%if %{enable_fips_mode} +%patch -P 1002 -p1 +%endif +%ifarch s390x i686 armv7hl +%patch -P 1003 -p1 +%endif + + +%build +# Build the frontend +%if %{compile_frontend} +%{SOURCE5} +%endif + +# Build the backend + +# required since RHEL 8.8 to fix the following error: +# "imports crypto/boring: build constraints exclude all Go files in /usr/lib/golang/src/crypto/boring" +# can be removed in a future Go release +export GOEXPERIMENT=boringcrypto +# see grafana-X.Y.Z/pkg/build/cmd.go +export LDFLAGS="-X main.version=%{version} -X main.buildstamp=${SOURCE_DATE_EPOCH}" +for cmd in grafana-cli grafana-server; do + %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd} +done + +# SELinux policy +cd SELinux +for selinuxvariant in %{selinux_variants} +do + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile + mv grafana.pp grafana.pp.${selinuxvariant} + make NAME=${selinuxvariant} -f /usr/share/selinux/devel/Makefile clean +done +cd - + + +%install +# dirs, shared files, public html, webpack +install -d %{buildroot}%{_sbindir} +install -d %{buildroot}%{_datadir}/%{name} +install -d %{buildroot}%{_libexecdir}/%{name} +cp -a conf public plugins-bundled %{buildroot}%{_datadir}/%{name} +rm -f %{buildroot}%{_datadir}/%{name}/public/img/icons/.gitignore +rm -f %{buildroot}%{_datadir}/%{name}/public/lib/.gitignore + +# wrappers +install -p -m 755 packaging/wrappers/grafana-cli %{buildroot}%{_sbindir}/%{name}-cli + +# binaries +install -p -m 755 %{_builddir}/bin/%{name}-server %{buildroot}%{_sbindir} +install -p -m 755 %{_builddir}/bin/%{name}-cli %{buildroot}%{_libexecdir}/%{name} + +# man pages +install -d %{buildroot}%{_mandir}/man1 +install -p -m 644 docs/man/man1/* %{buildroot}%{_mandir}/man1 + +# config dirs +install -d %{buildroot}%{_sysconfdir}/%{name} +install -d %{buildroot}%{_sysconfdir}/%{name}/provisioning +install -d %{buildroot}%{_sysconfdir}/%{name}/provisioning/access-control +install -d %{buildroot}%{_sysconfdir}/%{name}/provisioning/dashboards +install -d %{buildroot}%{_sysconfdir}/%{name}/provisioning/datasources +install -d %{buildroot}%{_sysconfdir}/%{name}/provisioning/notifiers +install -d %{buildroot}%{_sysconfdir}/%{name}/provisioning/plugins +install -d %{buildroot}%{_sysconfdir}/sysconfig + +# config defaults +install -p -m 640 conf/sample.ini %{buildroot}%{_sysconfdir}/%{name}/grafana.ini +install -p -m 640 conf/ldap.toml %{buildroot}%{_sysconfdir}/%{name}/ldap.toml +install -p -m 644 conf/defaults.ini %{buildroot}%{_datadir}/%{name}/conf/defaults.ini +install -p -m 644 conf/sample.ini %{buildroot}%{_datadir}/%{name}/conf/sample.ini +install -p -m 644 packaging/rpm/sysconfig/grafana-server \ + %{buildroot}%{_sysconfdir}/sysconfig/grafana-server + +# config database directory and plugins +install -d -m 750 %{buildroot}%{_sharedstatedir}/%{name} +install -d -m 755 %{buildroot}%{_sharedstatedir}/%{name}/plugins + +# log directory +install -d %{buildroot}%{_localstatedir}/log/%{name} + +# systemd service files +install -d %{buildroot}%{_unitdir} # only needed for manual rpmbuilds +install -p -m 644 packaging/rpm/systemd/grafana-server.service \ + %{buildroot}%{_unitdir} + +# daemon run pid file config for using tmpfs +install -d %{buildroot}%{_tmpfilesdir} +echo "d %{_rundir}/%{name} 0755 %{GRAFANA_USER} %{GRAFANA_GROUP} -" \ + > %{buildroot}%{_tmpfilesdir}/%{name}.conf + +# systemd-sysusers configuration +install -p -m 644 -D %{SOURCE3} %{buildroot}%{_sysusersdir}/%{name}.conf + +# SELinux policy +cd SELinux +for selinuxvariant in %{selinux_variants} +do + install -d %{buildroot}%{_datadir}/selinux/${selinuxvariant} + install -p -m 644 grafana.pp.${selinuxvariant} \ + %{buildroot}%{_datadir}/selinux/${selinuxvariant}/grafana.pp +done +cd - + +%pre +%sysusers_create_compat %{SOURCE3} + +%preun +%systemd_preun grafana-server.service + +%post +%systemd_post grafana-server.service +# create grafana.db with secure permissions on new installations +# otherwise grafana-server is creating grafana.db on first start +# with world-readable permissions, which may leak encrypted datasource +# passwords to all users (if the secret_key in grafana.ini was not changed) + +# https://bugzilla.redhat.com/show_bug.cgi?id=1805472 +if [ "$1" = 1 ] && [ ! -f %{_sharedstatedir}/%{name}/grafana.db ]; then + touch %{_sharedstatedir}/%{name}/grafana.db +fi + +# apply secure permissions to grafana.db if it exists +# (may not exist on upgrades, because users can choose between sqlite/mysql/postgres) +if [ -f %{_sharedstatedir}/%{name}/grafana.db ]; then + chown %{GRAFANA_USER}:%{GRAFANA_GROUP} %{_sharedstatedir}/%{name}/grafana.db + chmod 640 %{_sharedstatedir}/%{name}/grafana.db +fi + +# required for upgrades +chmod 640 %{_sysconfdir}/%{name}/grafana.ini +chmod 640 %{_sysconfdir}/%{name}/ldap.toml + +%postun +%systemd_postun_with_restart grafana-server.service + + +%check +# Test frontend +%if %{compile_frontend} +yarn run jest +%endif + +# Test backend + +# in setting_test.go there is a unit test which checks if 10 days are 240 hours +# which is usually true except if the daylight saving time change falls into the last 10 days, then it's either 239 or 241 hours... +# let's set the time zone to a time zone without daylight saving time +export TZ=GMT + +# required since RHEL 8.8 to fix the following error: +# "imports crypto/boring: build constraints exclude all Go files in /usr/lib/golang/src/crypto/boring" +# can be removed in a future Go release +#export GOEXPERIMENT=boringcrypto +#% gotest ./pkg/... + +#%if %{enable_fips_mode} +#OPENSSL_FORCE_FIPS_MODE=1 GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption +#%endif + +%files +# binaries and wrappers +%{_sbindir}/%{name}-server +%{_sbindir}/%{name}-cli +%{_libexecdir}/%{name} + +# config files +%config(noreplace) %{_sysconfdir}/sysconfig/grafana-server +%dir %{_sysconfdir}/%{name} +%attr(0755, root, %{GRAFANA_GROUP}) %dir %{_sysconfdir}/%{name}/provisioning +%attr(0755, root, %{GRAFANA_GROUP}) %dir %{_sysconfdir}/%{name}/provisioning/access-control +%attr(0755, root, %{GRAFANA_GROUP}) %dir %{_sysconfdir}/%{name}/provisioning/dashboards +%attr(0750, root, %{GRAFANA_GROUP}) %dir %{_sysconfdir}/%{name}/provisioning/datasources +%attr(0755, root, %{GRAFANA_GROUP}) %dir %{_sysconfdir}/%{name}/provisioning/notifiers +%attr(0755, root, %{GRAFANA_GROUP}) %dir %{_sysconfdir}/%{name}/provisioning/plugins +%attr(0640, root, %{GRAFANA_GROUP}) %config(noreplace) %{_sysconfdir}/%{name}/grafana.ini +%attr(0640, root, %{GRAFANA_GROUP}) %config(noreplace) %{_sysconfdir}/%{name}/ldap.toml + +# config database directory and plugins +%attr(0750, %{GRAFANA_USER}, %{GRAFANA_GROUP}) %dir %{_sharedstatedir}/%{name} +%attr(-, %{GRAFANA_USER}, %{GRAFANA_GROUP}) %dir %{_sharedstatedir}/%{name}/plugins + +# shared directory and all files therein +%{_datadir}/%{name} + +# systemd service file +%{_unitdir}/grafana-server.service + +# Grafana configuration to dynamically create /run/grafana/grafana.pid on tmpfs +%{_tmpfilesdir}/%{name}.conf + +# systemd-sysusers configuration file +%{_sysusersdir}/%{name}.conf + +# log directory - grafana.log is created by grafana-server, and it does it's own log rotation +%attr(0755, %{GRAFANA_USER}, %{GRAFANA_GROUP}) %dir %{_localstatedir}/log/%{name} + +# man pages for grafana binaries +%{_mandir}/man1/%{name}-server.1* +%{_mandir}/man1/%{name}-cli.1* + +# other docs and license +%license LICENSE LICENSING.md NOTICE.md +%doc CHANGELOG.md CODE_OF_CONDUCT.md CONTRIBUTING.md GOVERNANCE.md HALL_OF_FAME.md ISSUE_TRIAGE.md MAINTAINERS.md +%doc PLUGIN_DEV.md README.md ROADMAP.md SECURITY.md SUPPORT.md UPGRADING_DEPENDENCIES.md WORKFLOW.md + +# SELinux policy +%post selinux +for selinuxvariant in %{selinux_variants} +do + /usr/sbin/semodule -s ${selinuxvariant} -i \ + %{_datadir}/selinux/${selinuxvariant}/grafana.pp &> /dev/null || : +done +/sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || : +/sbin/restorecon -RvF /etc/grafana &> /dev/null || : +/sbin/restorecon -RvF /var/log/grafana &> /dev/null || : +/sbin/restorecon -RvF /var/lib/grafana &> /dev/null || : +/sbin/restorecon -RvF /usr/libexec/grafana-pcp &> /dev/null || : +/usr/sbin/semanage port -a -t grafana_port_t -p tcp 3000 &> /dev/null || : + +%postun selinux +if [ $1 -eq 0 ] ; then +/usr/sbin/semanage port -d -p tcp 3000 &> /dev/null || : + for selinuxvariant in %{selinux_variants} + do + /usr/sbin/semodule -s ${selinuxvariant} -r grafana &> /dev/null || : + done + /sbin/restorecon -RvF /usr/sbin/grafana-* &> /dev/null || : + /sbin/restorecon -RvF /etc/grafana &> /dev/null || : + /sbin/restorecon -RvF /var/log/grafana &> /dev/null || : + /sbin/restorecon -RvF /var/lib/grafana &> /dev/null || : + /sbin/restorecon -RvF /usr/libexec/grafana-pcp &> /dev/null || : +fi + +%files selinux +%defattr(-,root,root,0755) +%doc SELinux/* +%{_datadir}/selinux/*/grafana.pp + +%changelog +* Wed Jan 31 2024 Sam Feifer <sfeifer@redhat.com> 9.2.10-15 +- Resolves RHEL-23468 +- Allows for gid to be 0 +- Allows for postgreSQL datasource in selinux policy + +* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14 +- Fixes postgresql AVC denial +- Related RHEL-7505 + +* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13 +- Resolves RHEL-19296 +- Fixes coredump issue introduced by selinux +- Patches out call to panic when trying to walk "/" directory + +* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12 +- Resolves RHEL-7505 +- Fixes additional selinux denials found when testing on certain architectures + +* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11 +- Resolves RHEL-7505 +- Fixes selinux denials found when testing on certain architectures + +* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10 +- Resolves RHEL-7505 +- Adds a selinux policy for grafana +- Resolves RHEL-12666 +- fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work + +* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5 +- resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth + +* Thu Jun 8 2023 Stan Cox <scox@redhat.com> 9.2.10-3 +- bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only. + +* Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-2 +- Update to 9.2.10 + +* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1 +- Update to 9.2.10 + +* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2 +- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in +- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws + +* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1 +- update to 9.0.9 tagged upstream community sources, see CHANGELOG +- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530) + +* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2 +- bump NVR + +* Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1 +- update to 9.0.8 tagged upstream community sources, see CHANGELOG +- do not list /usr/share/grafana/conf twice +- drop makefile in favor of create_bundles.sh script +- sync provides/obsoletes with CentOS versions +- drop husky patch + +* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3 +- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions +- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header +- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working +- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read +- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob +- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob +- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode +- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip +- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal + +* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2 +- resolve CVE-2022-31107 grafana: OAuth account takeover + +* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1 +- update to 7.5.15 tagged upstream community sources, see CHANGELOG +- resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources +- resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling +- resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation +- resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure +- resolve CVE-2021-23648 sanitize-url: XSS +- resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter +- declare Node.js dependencies of subpackages +- make vendor and webpack tarballs reproducible + +* Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3 +- use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens +- update FIPS tests in check phase + +* Thu Dec 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-2 +- resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache +- resolve CVE-2021-43813 grafana: directory traversal vulnerability for *.md files + +* Mon Oct 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-1 +- update to 7.5.11 tagged upstream community sources, see CHANGELOG +- resolve CVE-2021-39226 + +* Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1 +- update to 7.5.10 tagged upstream community sources, see CHANGELOG + +* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.9-3 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Jul 08 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-2 +- remove unused dependency property-information +- always include FIPS patch in SRPM + +* Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-1 +- update to 7.5.9 tagged upstream community sources, see CHANGELOG + +* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.8-2 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Mon Jun 21 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.8-1 +- update to 7.5.8 tagged upstream community sources, see CHANGELOG +- remove unused dependencies selfsigned, http-signature and gofpdf + +* Fri Jun 11 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-2 +- remove unused cryptographic implementations +- use cryptographic functions from OpenSSL if FIPS mode is enabled + +* Tue May 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.7-1 +- update to 7.5.7 tagged upstream community sources, see CHANGELOG + +* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 7.3.6-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.3.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 22 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-2 +- change working dir to $GRAFANA_HOME in grafana-cli wrapper (fixes Red Hat BZ #1916083) +- add pcp-redis-datasource to allow_loading_unsigned_plugins config option + +* Mon Dec 21 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.6-1 +- update to 7.3.6 tagged upstream community sources, see CHANGELOG +- remove dependency on SAML (not supported in the open source version of Grafana) + +* Wed Nov 25 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.4-1 +- update to 7.3.4 tagged upstream community sources, see CHANGELOG + +* Tue Nov 10 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.3.1-1 +- update to 7.3.1 tagged upstream community sources, see CHANGELOG +- optionally bundle node.js dependencies and build and test frontend as part of the specfile +- change default provisioning path to /etc/grafana/provisioning (changed in version 7.1.1-1) +- resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170 + +* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.1.1-2 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Thu Jul 30 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 7.1.1-1 +- update to 7.1.1 tagged upstream community sources, see CHANGELOG +- merge all datasources into main grafana package +- bundle golang dependencies + +* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.7.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jun 05 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.4-1 +- update to 6.7.4 tagged upstream community sources, see CHANGELOG +- security fix for CVE-2020-13379 + +* Tue Apr 28 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 6.7.3-1 +- update to 6.7.3 tagged upstream community sources, see CHANGELOG +- add scripts to list Go dependencies and bundled npmjs dependencies +- set Grafana version in Grafana UI and grafana-cli --version +- declare README.md as documentation of datasource plugins +- create grafana.db on first installation (fixes RH BZ #1805472) +- change permissions of /var/lib/grafana to 750 (CVE-2020-12458) +- change permissions of /var/lib/grafana/grafana.db to 640 and + user/group grafana:grafana (CVE-2020-12458) +- change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459) + +* Wed Feb 26 2020 Mark Goodwin <mgoodwin@redhat.com> 6.6.2-1 +- added patch0 to set the version string correctly +- removed patch 004-xerrors.patch, it's now upstream +- added several patches for golang vendored vrs build dep differences +- added patch to move grafana-cli binary to libexec dir +- update to 6.6.2 tagged upstream community sources, see CHANGELOG + +* Wed Nov 20 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.6-1 +- add weak depenency on grafana-pcp +- add patch to mute shellcheck SC1090 for grafana-cli +- update to 6.3.6 upstream community sources, see CHANGELOG + +* Thu Sep 05 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.5-1 +- drop uaparser patch now it's upstream +- add xerrors patch, see https://github.com/golang/go/issues/32246 +- use vendor sources on rawhide until modules are fully supported +- update to latest upstream community sources, see CHANGELOG + +* Fri Aug 30 2019 Mark Goodwin <mgoodwin@redhat.com> 6.3.4-1 +- include fix for CVE-2019-15043 +- add patch for uaparser on 32bit systems +- update to latest upstream community sources, see CHANGELOG + +* Wed Jul 31 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.5-1 +- update to latest upstream community sources, see CHANGELOG + +* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Jun 07 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.2-1 +- split out some datasource plugins to sub-packages +- update to latest upstream community sources, see CHANGELOG + +* Wed Jun 05 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.1-1 +- update to latest upstream community sources, see CHANGELOG + +* Fri May 24 2019 Mark Goodwin <mgoodwin@redhat.com> 6.2.0-1 +- update to latest upstream community sources +- drop a couple of patches + +* Wed May 08 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.6-2 +- add conditional unbundle_vendor_sources macro + +* Tue Apr 30 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.6-1 +- update to latest upstream stable release 6.1.6, see CHANGELOG +- includes jQuery 3.4.0 security update + +* Wed Apr 24 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.4-1 +- update to latest upstream stable release 6.1.4, see CHANGELOG +- use gobuild and gochecks macros, eliminate arch symlinks +- re-enable grafana-debugsource package +- fix GRAFANA_GROUP typo +- fix more modes for brp-mangle-shebangs +- vendor source unbundling now done in prep after patches +- remove all rhel and fedora conditional guff + +* Tue Apr 16 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.3-1 +- update to latest upstream stable release 6.1.3, see CHANGELOG +- unbundle all vendor sources, replace with BuildRequires, see + the long list of blocker BZs linked to BZ#1670656 +- BuildRequires go-plugin >= v1.0.0 for grpc_broker (thanks eclipseo) +- tweak make_webpack to no longer use grunt, switch to prod build +- add ExclusiveArch lua script (thanks quantum.analyst) +- move db directory and plugins to /var/lib/grafana +- split out into 6 patches, ready for upstream PRs +- add check to run go tests for gating checks + +* Thu Apr 04 2019 Mark Goodwin <mgoodwin@redhat.com> 6.1.0-1 +- update to latest upstream stable release 6.1.0, see CHANGELOG + +* Thu Mar 21 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.2-1 +- bump to latest upstream stable release 6.0.2-1 +- unbundle almost all remaining vendor code, see linked blockers in BZ#1670656 + +* Fri Mar 15 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.1-3 +- bump to latest upstream stable release 6.0.1-1 + +* Thu Mar 14 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.1-2 +- unbundle and add BuildRequires for golang-github-rainycape-unidecode-devel + +* Thu Mar 07 2019 Mark Goodwin <mgoodwin@redhat.com> 6.0.1-1 +- update to v6.0.1 upstream sources, tweak distro config, re-do patch +- simplify make_webpack.sh script (Elliott Sales de Andrade) +- vendor/github.com/go-ldap is now gone, so don't unbundle it + +* Thu Mar 07 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-11 +- tweak after latest feedback, bump to 5.4.3-11 (BZ 1670656) +- build debuginfo package again +- unbundle BuildRequires for golang-github-hashicorp-version-devel +- remove some unneeded development files +- remove macros from changelog and other rpmlint tweaks + +* Fri Feb 22 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-10 +- tweak spec for available and unavailable (bundled) golang packages + +* Wed Feb 20 2019 Xavier Bachelot <xavier@bachelot.org> 5.4.3-9 +- Remove extraneous slash (cosmetic) +- Create directories just before moving stuff in them +- Truncate long lines +- Group all golang stuff +- Simplify BuildRequires/bundled Provides +- Sort BuildRequires/bundled Provides +- Fix bundled go packages Provides + +* Fri Feb 15 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-8 +- add BuildRequires (and unbundle) vendor sources available in Fedora +- declare Provides for remaining (bundled) vendor go sources +- do not attempt to unbundle anything on RHEL < 7 or Fedora < 28 + +* Thu Feb 07 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-7 +- further refinement for spec doc section from Xavier Bachelot +- disable debug_package to avoid empty debugsourcefiles.list + +* Wed Feb 06 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-6 +- further refinement following review by Xavier Bachelot + +* Tue Feb 05 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-5 +- further refinement following review by Xavier Bachelot + +* Fri Feb 01 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-4 +- further spec updates after packaging review +- reworked post-install scriplets + +* Thu Jan 31 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-3 +- tweak FHS patch, update spec after packaging review + +* Wed Jan 30 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.3-2 +- add patch to be standard FHS compliant, remove phantomjs +- update to v5.4.3 upstream community sources + +* Wed Jan 09 2019 Mark Goodwin <mgoodwin@redhat.com> 5.4.2-1 +- update to v5.4.2 upstream community sources + +* Thu Oct 18 2018 Mark Goodwin <mgoodwin@redhat.com> 5.3.1-1 +- update to v5.3.1 upstream community sources + +* Tue Oct 02 2018 Mark Goodwin <mgoodwin@redhat.com> 5.2.5-1 +- native RPM spec build with current tagged v5.2.5 sources diff --git a/grafana.sysusers b/grafana.sysusers new file mode 100644 index 0000000..7c4a4d5 --- /dev/null +++ b/grafana.sysusers @@ -0,0 +1,2 @@ +#Type Name ID GECOS Home directory +u grafana - "Grafana user account" /usr/share/grafana diff --git a/grafana.te b/grafana.te new file mode 100644 index 0000000..b7acfed --- /dev/null +++ b/grafana.te @@ -0,0 +1,199 @@ +policy_module(grafana, 1.0.4) + +######################################## +# +# Declarations +# +#permissive grafana_t; + +## <desc> +## <p> +## Allow grafana to be used with a reverse proxy +## </p> +## </desc> +gen_tunable(grafana_can_reverse_proxy, false) + +## <desc> +## <p> +## Allow grafana to connect to elasticsearch's default tcp port of 9200 +## </p> +## </desc> +gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false) + +## <desc> +## <p> +## Allow grafana to connect to mysql's default tcp port of 3306 +## </p> +## </desc> +gen_tunable(grafana_can_tcp_connect_mysql_port, false) + +## <desc> +## <p> +## Allow grafana to connect to postgresql's default tcp port of 5432 +## </p> +## </desc> +gen_tunable(grafana_can_tcp_connect_postgresql_port, false) + +## <desc> +## <p> +## Allow grafana to connect to prometheus' default tcp port of 9090 +## </p> +## </desc> +gen_tunable(grafana_can_tcp_connect_prometheus_port, false) + + +type grafana_t; +type grafana_exec_t; +init_daemon_domain(grafana_t, grafana_exec_t) +init_nnp_daemon_domain(grafana_t) + +type grafana_unit_file_t; +systemd_unit_file(grafana_unit_file_t) + +type grafana_conf_t; +files_config_file(grafana_conf_t) + +type grafana_db_t; +files_config_file(grafana_db_t) + +type grafana_tmp_t; +files_tmp_file(grafana_tmp_t) + +type grafana_tmpfs_t; +files_tmpfs_file(grafana_tmpfs_t) + +type grafana_log_t; +logging_log_file(grafana_log_t) + +type grafana_var_run_t; +files_pid_file(grafana_var_run_t) + +type grafana_var_lib_t; +files_type(grafana_var_lib_t) + +type grafana_port_t; +corenet_port(grafana_port_t) + +type grafana_pcp_exec_t; +corecmd_executable_file(grafana_pcp_exec_t) +can_exec(grafana_t, grafana_pcp_exec_t) + +# Ports 32768-60999 (pcp port is 44322) +corenet_tcp_connect_all_ephemeral_ports(grafana_t) +grafana_exec(grafana_t) + +######################################## +# +# grafana local policy +# +allow grafana_t self:tcp_socket create_stream_socket_perms; +allow grafana_t self:udp_socket create_stream_socket_perms; +allow grafana_t self:unix_dgram_socket create_socket_perms; + +allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect }; + +allow grafana_t self:unix_stream_socket connectto; + +allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read }; + +optional_policy(` + require { + type smtp_port_t; + class tcp_socket { name_connect }; + } + allow grafana_t smtp_port_t:tcp_socket name_connect; +') + +optional_policy(` + require { + type usr_t; + class file { execute execute_no_trans }; + } + allow grafana_t usr_t:file { execute execute_no_trans }; +') + +optional_policy(` + require { + type postgresql_t; + type postgresql_var_run_t; + class unix_stream_socket { connectto }; + class sock_file { write }; + } + allow grafana_t postgresql_t:unix_stream_socket connectto; + allow grafana_t postgresql_var_run_t:sock_file write; +') + +manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t) +manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t) + +manage_dirs_pattern(grafana_t, grafana_db_t, grafana_db_t) +manage_files_pattern(grafana_t, grafana_db_t, grafana_db_t) + +manage_dirs_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t) +manage_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t) +manage_sock_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t) +files_tmp_filetrans(grafana_t, grafana_tmp_t, { dir file sock_file }) + +manage_dirs_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t) +manage_files_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t) +fs_tmpfs_filetrans(grafana_t, grafana_tmpfs_t, {dir file}) + +manage_dirs_pattern(grafana_t, grafana_log_t, grafana_log_t) +manage_files_pattern(grafana_t, grafana_log_t, grafana_log_t) +logging_log_filetrans(grafana_t, grafana_log_t, { dir file }) + +manage_dirs_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t) +manage_files_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t) +files_pid_filetrans(grafana_t, grafana_var_run_t, { dir file }) + +manage_dirs_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t) +manage_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t) +manage_lnk_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t) +files_var_lib_filetrans(grafana_t, grafana_var_lib_t, { dir file }) + + +corenet_tcp_connect_http_port(grafana_t) +corenet_tcp_bind_generic_node(grafana_t) + +kernel_dgram_send(grafana_t) +kernel_read_net_sysctls(grafana_t) +kernel_read_system_state(grafana_t) + +auth_read_passwd(grafana_t) + +dev_read_sysfs(grafana_t) + +sysnet_read_config(grafana_t) + +logging_send_syslog_msg(grafana_t) + +miscfiles_read_generic_certs(grafana_t) + +tunable_policy(`grafana_can_reverse_proxy',` + gen_require(` + type httpd_t; + ') + + connect_grafana_port(httpd_t) # Reverse proxy support + corenet_tcp_connect_http_port(grafana_t) +') + +tunable_policy(`grafana_can_tcp_connect_elasticsearch_port',` # Elasticsearch default tcp port 9200 + corenet_tcp_connect_wap_wsp_port(grafana_t) +') + +tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3306 + corenet_tcp_connect_mysqld_port(grafana_t) +') + +tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432 + corenet_tcp_connect_postgresql_port(grafana_t) +') + +tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090 + corenet_tcp_connect_websm_port(grafana_t) +') + +optional_policy(` + systemd_private_tmp(grafana_tmp_t) +') diff --git a/list_bundled_nodejs_packages.py b/list_bundled_nodejs_packages.py new file mode 100755 index 0000000..2a30201 --- /dev/null +++ b/list_bundled_nodejs_packages.py @@ -0,0 +1,70 @@ +#!/usr/bin/env python3 +# +# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json +# +import os +import sys +import json +import yaml +from packaging import version + + +def scan_package_json(package_dir): + for root, dirs, files in os.walk(package_dir, topdown=True): + dirs[:] = [d for d in dirs if d not in ["node_modules", "vendor"]] + if "package.json" in files: + yield os.path.join(root, "package.json") + + +def read_declared_pkgs(package_json_path): + with open(package_json_path) as f: + package_json = json.load(f) + return list(package_json.get("dependencies", {}).keys()) + list( + package_json.get("devDependencies", {}).keys() + ) + + +def read_installed_pkgs(yarn_lock_path): + with open(yarn_lock_path) as f: + lockfile = yaml.safe_load(f) + for pkg_decl, meta in lockfile.items(): + for pkg in pkg_decl.split(", "): + if ":" not in pkg: + continue + pkg_name = pkg[: pkg.index("@", 1)] + pkg_version = meta["version"] + yield (pkg_name, pkg_version) + + +def list_provides(declared_pkgs, installed_pkgs): + for declared_pkg in declared_pkgs: + # there can be multiple versions installed of one package (transitive dependencies) + # but rpm doesn't support Provides: with a single package and multiple versions + # so let's declare the oldest version here + versions = [ + version.parse(pkg_version) + for pkg_name, pkg_version in installed_pkgs + if pkg_name == declared_pkg + ] + + if not versions: + print(f"warning: {declared_pkg} missing in yarn.lock", file=sys.stderr) + continue + + oldest_version = sorted(versions)[0] + yield f"Provides: bundled(npm({declared_pkg})) = {oldest_version}" + + +if __name__ == "__main__": + if len(sys.argv) != 2: + print(f"usage: {sys.argv[0]} package-X.Y.Z/", file=sys.stdout) + sys.exit(1) + + package_dir = sys.argv[1] + declared_pkgs = set() + for package_json_path in scan_package_json(package_dir): + declared_pkgs.update(read_declared_pkgs(package_json_path)) + installed_pkgs = list(read_installed_pkgs(f"{package_dir}/yarn.lock")) + provides = list_provides(declared_pkgs, installed_pkgs) + for provide in sorted(provides): + print(provide) @@ -0,0 +1,3 @@ +1317b091eccaf37938eb7775976a50b3 grafana-9.2.10.tar.gz +00b858a367cbc9ca9d077ba6e5ee697e grafana-vendor-9.2.10-2.tar.xz +83934d4aea7dfd70dde3d8d3eb62557f grafana-webpack-9.2.10-2.tar.gz |