diff --git a/001-remove-unused-frontend-crypto.patch b/001-remove-unused-frontend-crypto.patch new file mode 100644 index 0000000..b998774 --- /dev/null +++ b/001-remove-unused-frontend-crypto.patch @@ -0,0 +1,28 @@ +diff --git a/package.json b/package.json +index 2a3544b..07a785e 100644 +--- a/package.json ++++ b/package.json +@@ -70,6 +70,8 @@ + "redux-thunk": "^2.3.0" + }, + "resolutions": { ++ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", ++ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", + "monaco-editor": "0.20.0", + "rxjs": "6.6.3" + }, +diff --git a/webpack.config.js b/webpack.config.js +index f762003..53fcb06 100644 +--- a/webpack.config.js ++++ b/webpack.config.js +@@ -82,6 +82,10 @@ module.exports.getWebpackConfig = (config, options) => { + ...config.module, + rules: removeDataTestAttributeInProduction(options.production, excludeExtractionLoaderForMonaco(config.module.rules)), + }, ++ node: { ++ ...config.node, ++ crypto: false ++ }, + plugins: [ + ...updateForkTsCheckerPluginSettings(config.plugins), + new MonacoWebpackPlugin({ diff --git a/Makefile b/Makefile index 6fffbaa..60ab517 100644 --- a/Makefile +++ b/Makefile @@ -2,14 +2,19 @@ all: grafana-pcp-$(VER).tar.gz \ grafana-pcp-vendor-$(VER).tar.xz \ grafana-pcp-webpack-$(VER).tar.gz -grafana-pcp-$(VER).tar.gz grafana-pcp-$(VER)/: +grafana-pcp-$(VER).tar.gz: wget https://github.com/performancecopilot/grafana-pcp/archive/v$(VER)/grafana-pcp-$(VER).tar.gz + +ALL_PATCHES := $(wildcard *.patch) +PATCHES_TO_APPLY := $(ALL_PATCHES) + +grafana-pcp-vendor-$(VER).tar.xz: grafana-pcp-$(VER).tar.gz rm -rf grafana-pcp-$(VER) tar xfz grafana-pcp-$(VER).tar.gz - cd grafana-pcp-$(VER) && shopt -s nullglob && \ - for patch in ../*.patch; do patch -p1 < $$patch; done -grafana-pcp-vendor-$(VER).tar.xz: grafana-pcp-$(VER)/ + # patches can affect Go or Node.js dependencies, or the webpack + for patch in $(PATCHES_TO_APPLY); do patch -d grafana-pcp-$(VER) -p1 --fuzz=0 < $$patch; done + # Go cd grafana-pcp-$(VER) && go mod vendor -v awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-pcp-$(VER)/go.mod | \ @@ -19,7 +24,7 @@ grafana-pcp-vendor-$(VER).tar.xz: grafana-pcp-$(VER)/ cd grafana-pcp-$(VER) && yarn install --pure-lockfile # Remove files with licensing issues find grafana-pcp-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \; - find grafana-pcp-$(VER) -name '*.exe' -delete + find grafana-pcp-$(VER) -type f -name '*.exe' -delete # Remove not required packages rm -r grafana-pcp-$(VER)/node_modules/puppeteer ./list_bundled_nodejs_packages.py grafana-pcp-$(VER)/ >> $@.manifest @@ -30,14 +35,12 @@ grafana-pcp-vendor-$(VER).tar.xz: grafana-pcp-$(VER)/ # Create tarball XZ_OPT=-9 tar cfJ $@ \ grafana-pcp-$(VER)/vendor \ - $$(find grafana-pcp-$(VER) -type d -name "node_modules" -prune) \ + grafana-pcp-$(VER)/node_modules \ grafana-pcp-$(VER)/vendor_jsonnet -grafana-pcp-webpack-$(VER).tar.gz: grafana-pcp-$(VER)/ +grafana-pcp-webpack-$(VER).tar.gz: grafana-pcp-$(VER).tar.gz cd grafana-pcp-$(VER) && \ - yarn install --pure-lockfile && \ - make dist-dashboards dist-frontend && \ - chmod -R g-w,o-w dist + ../build_frontend.sh tar cfz $@ grafana-pcp-$(VER)/dist diff --git a/build_frontend.sh b/build_frontend.sh new file mode 100755 index 0000000..48cc8d7 --- /dev/null +++ b/build_frontend.sh @@ -0,0 +1,10 @@ +#!/bin/bash -eu + +# Build the frontend +yarn run build + +# Build the dashboards +make dist-dashboards + +# Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics)) +chmod -R g-w,o-w dist diff --git a/grafana-pcp.rpmlintrc b/grafana-pcp.rpmlintrc index d158ea8..b29f293 100644 --- a/grafana-pcp.rpmlintrc +++ b/grafana-pcp.rpmlintrc @@ -3,4 +3,5 @@ addFilter("W: spelling-error %description -l en_US pmseries -> .*") addFilter("W: spelling-error %description -l en_US bpftrace -> .*") addFilter("W: spelling-error %description -l en_US pmdabpftrace -> .*") +addFilter("W: strange-permission build_frontend.sh 755") addFilter("W: strange-permission list_bundled_nodejs_packages.py 755") diff --git a/grafana-pcp.spec b/grafana-pcp.spec index 5c8d561..d223c66 100644 --- a/grafana-pcp.spec +++ b/grafana-pcp.spec @@ -1,3 +1,13 @@ +# gobuild and gotest macros are not available on CentOS Stream +# remove once BZ 1965292 is resolved +# definitions lifted from Fedora 34 podman.spec +%if ! 0%{?gobuild:1} +%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; +%endif +%if ! 0%{?gotest:1} +%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-} -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" %{?**}; +%endif + %global grafanapcp_arches %{lua: go_arches = {} for arch in rpm.expand("%{go_arches}"):gmatch("%S+") do go_arches[arch] = 1 @@ -8,22 +18,13 @@ end end} -# gobuild and gotest macros are defined in go-rpm-macros, which is not available on RHEL -# definitions lifted from Fedora 34 podman.spec -%if ! 0%{?gobuild:1} -%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; -%endif -%if ! 0%{?gotest:1} -%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-} -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" %{?**}; -%endif - # Specify if the frontend and dashboards will be compiled as part of the build or are attached # as a webpack tarball (in case of an unsuitable nodejs or jsonnet version on the build system) %define compile_frontend 0 Name: grafana-pcp -Version: 3.0.2 -Release: 4%{?dist} +Version: 3.1.0 +Release: 1%{?dist} Summary: Performance Co-Pilot Grafana Plugin License: ASL 2.0 URL: https://github.com/performancecopilot/grafana-pcp @@ -35,7 +36,10 @@ Source1: grafana-pcp-vendor-%{version}.tar.xz Source2: grafana-pcp-webpack-%{version}.tar.gz %endif Source3: Makefile -Source4: list_bundled_nodejs_packages.py +Source4: build_frontend.sh +Source5: list_bundled_nodejs_packages.py + +Patch1: 001-remove-unused-frontend-crypto.patch # Intersection of go_arches and nodejs_arches ExclusiveArch: %{grafanapcp_arches} @@ -44,8 +48,9 @@ BuildRequires: systemd-rpm-macros, golang, go-srpm-macros %if 0%{?fedora} >= 31 BuildRequires: go-rpm-macros %endif + %if %{compile_frontend} -BuildRequires: make, nodejs >= 1:12, nodejs < 1:13, yarnpkg, golang-github-google-jsonnet +BuildRequires: make, nodejs >= 1:14, yarnpkg, golang-github-google-jsonnet %endif # omit golang debugsource, see BZ 995136 and related @@ -54,7 +59,7 @@ BuildRequires: make, nodejs >= 1:12, nodejs < 1:13, yarnpkg, golang-github-goog %global install_dir %{_sharedstatedir}/grafana/plugins/performancecopilot-pcp-app -Requires: grafana >= 7.3.6 +Requires: grafana >= 7.5.9 Suggests: pcp >= 5.2.2 Suggests: redis >= 5.0.0 Suggests: bpftrace >= 0.9.2 @@ -70,56 +75,55 @@ Obsoletes: pcp-webapp-vector <= 4.3.4 # this is for security purposes, if nodejs-foo ever needs an update, # affected packages can be easily identified. # Note: generated by the Makefile (see README.md) -Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.79.0 -Provides: bundled(golang(github.com/smartystreets/goconvey)) = 1.6.4 -Provides: bundled(npm(@babel/plugin-transform-modules-commonjs)) = 7.12.1 -Provides: bundled(npm(@grafana/data)) = 7.3.6 -Provides: bundled(npm(@grafana/runtime)) = 7.3.6 -Provides: bundled(npm(@grafana/toolkit)) = 7.3.6 -Provides: bundled(npm(@grafana/ui)) = 7.3.6 -Provides: bundled(npm(@types/blueimp-md5)) = 2.7.0 +Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.105.0 +Provides: bundled(golang(github.com/stretchr/testify)) = 1.7.0 +Provides: bundled(npm(@babel/plugin-transform-modules-commonjs)) = 7.14.5 +Provides: bundled(npm(@grafana/data)) = 7.5.9 +Provides: bundled(npm(@grafana/runtime)) = 7.5.9 +Provides: bundled(npm(@grafana/toolkit)) = 7.5.9 +Provides: bundled(npm(@grafana/ui)) = 7.5.9 +Provides: bundled(npm(@testing-library/jest-dom)) = 5.4.0 +Provides: bundled(npm(@testing-library/react)) = 10.4.9 +Provides: bundled(npm(@types/blueimp-md5)) = 2.18.0 Provides: bundled(npm(@types/d3-selection)) = 1.4.3 -Provides: bundled(npm(@types/enzyme)) = 3.10.5 +Provides: bundled(npm(@types/enzyme)) = 3.10.8 Provides: bundled(npm(@types/enzyme-adapter-react-16)) = 1.0.6 Provides: bundled(npm(@types/expect-puppeteer)) = 3.3.1 -Provides: bundled(npm(@types/jest)) = 24.0.13 +Provides: bundled(npm(@types/jest)) = 26.0.15 Provides: bundled(npm(@types/jest-environment-puppeteer)) = 4.4.1 -Provides: bundled(npm(@types/lodash)) = 4.14.165 +Provides: bundled(npm(@types/lodash)) = 4.14.170 Provides: bundled(npm(@types/memoize-one)) = 5.1.2 Provides: bundled(npm(@types/react-autosuggest)) = 9.3.14 -Provides: bundled(npm(@types/react-redux)) = 7.1.12 +Provides: bundled(npm(@types/react-redux)) = 7.1.16 Provides: bundled(npm(@types/redux)) = 3.6.0 Provides: bundled(npm(@types/redux-persist)) = 4.3.1 Provides: bundled(npm(@types/redux-persist-transform-filter)) = 0.0.4 Provides: bundled(npm(babel-plugin-remove-object-properties)) = 1.0.2 Provides: bundled(npm(blueimp-md5)) = 2.18.0 -Provides: bundled(npm(core-js)) = 1.2.7 +Provides: bundled(npm(core-js)) = 2.6.12 Provides: bundled(npm(d3-flame-graph)) = 3.1.1 -Provides: bundled(npm(d3-selection)) = 1.4.1 +Provides: bundled(npm(d3-selection)) = 1.4.2 Provides: bundled(npm(emotion)) = 10.0.27 Provides: bundled(npm(enzyme)) = 3.11.0 -Provides: bundled(npm(enzyme-adapter-react-16)) = 1.15.5 -Provides: bundled(npm(eslint-plugin-prettier)) = 3.1.4 -Provides: bundled(npm(jest)) = 25.5.4 +Provides: bundled(npm(enzyme-adapter-react-16)) = 1.15.6 +Provides: bundled(npm(eslint-plugin-prettier)) = 3.3.1 Provides: bundled(npm(jest-date-mock)) = 1.0.8 -Provides: bundled(npm(jest-puppeteer)) = 4.4.0 -Provides: bundled(npm(lodash)) = 4.17.19 +Provides: bundled(npm(jest-puppeteer)) = 5.0.4 +Provides: bundled(npm(lodash)) = 4.17.21 Provides: bundled(npm(loglevel)) = 1.7.1 Provides: bundled(npm(loglevel-plugin-prefix)) = 0.8.4 Provides: bundled(npm(memoize-one)) = 4.1.0 Provides: bundled(npm(monaco-editor)) = 0.20.0 Provides: bundled(npm(monaco-editor-webpack-plugin)) = 1.9.0 -Provides: bundled(npm(prettier)) = 1.19.1 -Provides: bundled(npm(prettier-plugin-organize-imports)) = 1.1.1 -Provides: bundled(npm(puppeteer)) = 5.5.0 -Provides: bundled(npm(react-autosuggest)) = 10.0.4 +Provides: bundled(npm(prettier-plugin-organize-imports)) = 2.1.0 +Provides: bundled(npm(puppeteer)) = 10.0.0 +Provides: bundled(npm(react-autosuggest)) = 10.1.0 Provides: bundled(npm(react-monaco-editor)) = 0.36.0 -Provides: bundled(npm(react-redux)) = 7.2.2 -Provides: bundled(npm(react-use)) = 15.3.4 +Provides: bundled(npm(react-redux)) = 7.2.4 +Provides: bundled(npm(react-use)) = 15.3.8 Provides: bundled(npm(redux)) = 3.7.2 Provides: bundled(npm(redux-persist)) = 4.10.2 Provides: bundled(npm(redux-thunk)) = 2.3.0 -Provides: bundled(npm(ts-jest)) = 26.3.0 Provides: bundled(npm(utility-types)) = 3.10.0 @@ -135,6 +139,8 @@ bpftrace scripts from pmdabpftrace(1), as well as several dashboards. %setup -q -T -D -b 2 %endif +%patch1 -p1 + # Set up Go build subdir and links mkdir -p %{_builddir}/src/github.com/performancecopilot ln -s %{_builddir}/%{name}-%{version} \ @@ -144,9 +150,7 @@ ln -s %{_builddir}/%{name}-%{version} \ %build # Build frontend datasources %if %{compile_frontend} -make dist-dashboards dist-frontend -# webpack/copy-webpack-plugin sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics) -chmod -R g-w,o-w dist +%{SOURCE4} %endif # Build backend datasource @@ -190,6 +194,10 @@ export GOPATH=%{_builddir} %changelog +* Fri Jun 25 2021 Andreas Gerstmayr 3.1.0-1 +- update to 3.1.0 tagged upstream community sources, see CHANGELOG +- remove unused cryptographic implementations + * Tue Jun 22 2021 Mohan Boddu - 3.0.2-4 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065 diff --git a/list_bundled_nodejs_packages.py b/list_bundled_nodejs_packages.py index a7c5e22..3158c2c 100755 --- a/list_bundled_nodejs_packages.py +++ b/list_bundled_nodejs_packages.py @@ -1,4 +1,7 @@ #!/usr/bin/env python3 +# +# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json +# import sys import json import re diff --git a/sources b/sources index 3e96b5d..7ce5c23 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (grafana-pcp-3.0.2.tar.gz) = 35cbd451090b85bd945165cdbbc888a67acf0e9d49b4a473121ae82f44428b7ebac84ed9ea95ccd13c18cf2fafd68165485da93c4f9209e109d45bd9bb71809f -SHA512 (grafana-pcp-webpack-3.0.2.tar.gz) = 7fe8182c4a3b95f0f57d0771aa0d32e460617cdc91f0c3c4edf19dddeaeba9d43267b6438ce12c9adb75241f7a980ba9f0eaec91cd17dadc568cbb62a7452079 -SHA512 (grafana-pcp-vendor-3.0.2.tar.xz) = 0ca647fe313417e70af6044a2bdb8cab1b140db5a6fc315d0b07be11f33de617a192162850b1de6cbb6d1f799384ddd65e8c78251a97458a70e622a6b136400f +SHA512 (grafana-pcp-3.1.0.tar.gz) = 8fa697f7490917d740f002f15c7346974ef0cfaeac3c6d5d2e53291f48ff4a72e50cca20a946b2b80f78557fd25d94c50dd1c0fd62c7a793ff7a79afd9d24b6a +SHA512 (grafana-pcp-webpack-3.1.0.tar.gz) = f8a7ffec375bad6d871f821549f81b948a89f6377e0181b9dce5f456137557be5ee8551914cea8d58811bfd957e91bee58441364b30cd6a474f55e6e890f3352 +SHA512 (grafana-pcp-vendor-3.1.0.tar.xz) = a7625d7788324b1c522532b10e161cd2efabd42d292edc2bbf651d1953997f1cc79ae22ffed23612ea19cc50ebef1c5772f9d348d1dbe6824a8fcd89dfe98309