diff --git a/.gitignore b/.gitignore index a2498d1..be916ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ /grafana-pcp-*.tar.gz /grafana-pcp-*.tar.xz /grafana-pcp-*.tar.xz.manifest -/grafana-pcp-*/ +/grafana-pcp*/ *.rpm diff --git a/001-remove-unused-frontend-crypto.patch b/001-remove-unused-frontend-crypto.patch index b998774..3fecda1 100644 --- a/001-remove-unused-frontend-crypto.patch +++ b/001-remove-unused-frontend-crypto.patch @@ -1,5 +1,5 @@ diff --git a/package.json b/package.json -index 2a3544b..07a785e 100644 +index 698043c..d9f0f44 100644 --- a/package.json +++ b/package.json @@ -70,6 +70,8 @@ @@ -12,10 +12,10 @@ index 2a3544b..07a785e 100644 "rxjs": "6.6.3" }, diff --git a/webpack.config.js b/webpack.config.js -index f762003..53fcb06 100644 +index ae72fd8..529d6bf 100644 --- a/webpack.config.js +++ b/webpack.config.js -@@ -82,6 +82,10 @@ module.exports.getWebpackConfig = (config, options) => { +@@ -89,6 +89,10 @@ module.exports.getWebpackConfig = (config, options) => { ...config.module, rules: removeDataTestAttributeInProduction(options.production, excludeExtractionLoaderForMonaco(config.module.rules)), }, diff --git a/Makefile b/Makefile index 60ab517..0cf4cfb 100644 --- a/Makefile +++ b/Makefile @@ -1,48 +1,74 @@ -all: grafana-pcp-$(VER).tar.gz \ - grafana-pcp-vendor-$(VER).tar.xz \ - grafana-pcp-webpack-$(VER).tar.gz +VERSION := $(shell rpm --specfile *.spec --qf '%{VERSION}\n' | head -1) +RELEASE := $(shell rpm --specfile *.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) -grafana-pcp-$(VER).tar.gz: - wget https://github.com/performancecopilot/grafana-pcp/archive/v$(VER)/grafana-pcp-$(VER).tar.gz +NAME := grafana-pcp +RPM_NAME := $(NAME) +SOURCE_DIR := $(NAME)-$(VERSION) +SOURCE_TAR := $(NAME)-$(VERSION).tar.gz +VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz +WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz -ALL_PATCHES := $(wildcard *.patch) -PATCHES_TO_APPLY := $(ALL_PATCHES) +# patches which must be applied before creating the vendor tarball, for example: +# - changes in dependency versions +# - changes in Go module imports (which affect the vendored Go modules) +PATCHES_PRE_VENDOR := \ + 001-remove-unused-frontend-crypto.patch -grafana-pcp-vendor-$(VER).tar.xz: grafana-pcp-$(VER).tar.gz - rm -rf grafana-pcp-$(VER) - tar xfz grafana-pcp-$(VER).tar.gz +# patches which must be applied before creating the webpack, for example: +# - changes in Node.js sources or vendored dependencies +PATCHES_PRE_WEBPACK := \ + 001-remove-unused-frontend-crypto.patch - # patches can affect Go or Node.js dependencies, or the webpack - for patch in $(PATCHES_TO_APPLY); do patch -d grafana-pcp-$(VER) -p1 --fuzz=0 < $$patch; done + +all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR) + +$(SOURCE_TAR): + spectool -g $(RPM_NAME).spec + +$(VENDOR_TAR): $(SOURCE_TAR) + # start with a clean state + rm -rf $(SOURCE_DIR) + tar xf $(SOURCE_TAR) + + # Patches to apply before vendoring + for patch in $(PATCHES_PRE_VENDOR); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done # Go - cd grafana-pcp-$(VER) && go mod vendor -v - awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-pcp-$(VER)/go.mod | \ + cd $(SOURCE_DIR) && go mod vendor -v + awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' $(SOURCE_DIR)/go.mod | \ sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest # Node.js - cd grafana-pcp-$(VER) && yarn install --pure-lockfile + cd $(SOURCE_DIR) && yarn install --pure-lockfile # Remove files with licensing issues - find grafana-pcp-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \; - find grafana-pcp-$(VER) -type f -name '*.exe' -delete + find $(SOURCE_DIR) -type d -name 'node-notifier' -prune -exec rm -r {} \; + find $(SOURCE_DIR) -type f -name '*.exe' -delete # Remove not required packages - rm -r grafana-pcp-$(VER)/node_modules/puppeteer - ./list_bundled_nodejs_packages.py grafana-pcp-$(VER)/ >> $@.manifest + rm -r $(SOURCE_DIR)/node_modules/puppeteer + ./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest # Jsonnet - cd grafana-pcp-$(VER) && jb --jsonnetpkg-home=vendor_jsonnet install + cd $(SOURCE_DIR) && jb --jsonnetpkg-home=vendor_jsonnet install # Create tarball - XZ_OPT=-9 tar cfJ $@ \ - grafana-pcp-$(VER)/vendor \ - grafana-pcp-$(VER)/node_modules \ - grafana-pcp-$(VER)/vendor_jsonnet + XZ_OPT=-9 time -p tar cJf $@ \ + $(SOURCE_DIR)/vendor \ + $(SOURCE_DIR)/node_modules \ + $(SOURCE_DIR)/vendor_jsonnet -grafana-pcp-webpack-$(VER).tar.gz: grafana-pcp-$(VER).tar.gz - cd grafana-pcp-$(VER) && \ +$(WEBPACK_TAR): $(VENDOR_TAR) + # start with a clean state + rm -rf $(SOURCE_DIR) + tar xf $(SOURCE_TAR) + tar xf $(VENDOR_TAR) + + # Patches to apply before creating the webpack + for patch in $(PATCHES_PRE_WEBPACK); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done + + cd $(SOURCE_DIR) && \ ../build_frontend.sh - tar cfz $@ grafana-pcp-$(VER)/dist + tar cfz $@ $(SOURCE_DIR)/dist clean: - rm -rf *.tar.gz *.tar.xz *.manifest *.rpm grafana-pcp-*/ + rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/ diff --git a/README.md b/README.md index 3c78cea..5535a75 100644 --- a/README.md +++ b/README.md @@ -2,21 +2,32 @@ The grafana-pcp package ## Upgrade instructions -(replace X.Y.Z with the new grafana-pcp version) - -* update `Version`, `Release` and `%changelog` in the specfile -* create bundles and manifest: `VER=X.Y.Z make clean all` +* update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile +* create bundles and manifest: `make clean all` * update specfile with contents of the `.manifest` file * run local build: `rpkg local` -* run rpm linter: `rpkg lint -r grafana-pcp.rpmlintrc` +* run rpm linter: `rpkg lint -r *.rpmlintrc` * run a scratch build: `fedpkg scratch-build --srpm` * upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz` +* commit new `sources` file -## Backporting +## Patches * create the patch * declare and apply (`%prep`) the patch in the specfile * if the patch affects Go or Node.js dependencies, or the webpack - * create new tarballs and rename them to `grafana-pcp-...-X.Y.Z-R.tar.gz` - * update the specfile with new tarball path and contents of the `.manifest` file + * add the patch to `PATCHES_PRE_VENDOR` or `PATCHES_PRE_WEBPACK` in the Makefile + * create new tarballs + * update the specfile with new tarball name and contents of the `.manifest` file -Note: the Makefile automatically applies all patches before creating the tarballs +### General guidelines +* aim to apply all patches in the specfile +* avoid rebuilding the tarballs + +Patches fall in several categories: + * modify dependency versions + * modify both sources and vendored dependencies (e.g. CVEs) + * modify the Node.js source (i.e. affect the webpack) + * some patches are conditional (e.g. FIPS) + +Patches cannot be applied twice. +It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build. diff --git a/build_frontend.sh b/build_frontend.sh index 48cc8d7..8f86afa 100755 --- a/build_frontend.sh +++ b/build_frontend.sh @@ -4,7 +4,7 @@ yarn run build # Build the dashboards -make dist-dashboards +make build-dashboards # Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics)) chmod -R g-w,o-w dist diff --git a/grafana-pcp.spec b/grafana-pcp.spec index 9b2abe6..6b56fbb 100644 --- a/grafana-pcp.spec +++ b/grafana-pcp.spec @@ -1,3 +1,13 @@ +# gobuild and gotest macros are not available on CentOS Stream +# remove once BZ 1965292 is resolved +# definitions lifted from Fedora 34 podman.spec +%if ! 0%{?gobuild:1} +%define gobuild(o:) GO111MODULE=off go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" -a -v -x %{?**}; +%endif +%if ! 0%{?gotest:1} +%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-} -extldflags '-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld '" %{?**}; +%endif + %global grafanapcp_arches %{lua: go_arches = {} for arch in rpm.expand("%{go_arches}"):gmatch("%S+") do go_arches[arch] = 1 @@ -13,17 +23,21 @@ end} %define compile_frontend 0 Name: grafana-pcp -Version: 3.1.0 -Release: 2%{?dist} +Version: 3.2.0 +Release: 1%{?dist} Summary: Performance Co-Pilot Grafana Plugin License: ASL 2.0 URL: https://github.com/performancecopilot/grafana-pcp Source0: https://github.com/performancecopilot/grafana-pcp/archive/v%{version}/%{name}-%{version}.tar.gz -Source1: grafana-pcp-vendor-%{version}.tar.xz +Source1: grafana-pcp-vendor-%{version}-1.tar.xz +# Note: In case there were no changes to this tarball, the NVR of this tarball +# lags behind the NVR of this package. %if %{compile_frontend} == 0 # Source2 contains the precompiled frontend and dashboards -Source2: grafana-pcp-webpack-%{version}.tar.gz +# Note: In case there were no changes to this tarball, the NVR of this tarball +# lags behind the NVR of this package. +Source2: grafana-pcp-webpack-%{version}-1.tar.gz %endif Source3: Makefile Source4: build_frontend.sh @@ -65,13 +79,13 @@ Obsoletes: pcp-webapp-vector <= 4.3.4 # this is for security purposes, if nodejs-foo ever needs an update, # affected packages can be easily identified. # Note: generated by the Makefile (see README.md) -Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.105.0 +Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.115.0 Provides: bundled(golang(github.com/stretchr/testify)) = 1.7.0 -Provides: bundled(npm(@babel/plugin-transform-modules-commonjs)) = 7.14.5 -Provides: bundled(npm(@grafana/data)) = 7.5.9 -Provides: bundled(npm(@grafana/runtime)) = 7.5.9 -Provides: bundled(npm(@grafana/toolkit)) = 7.5.9 -Provides: bundled(npm(@grafana/ui)) = 7.5.9 +Provides: bundled(npm(@babel/plugin-transform-modules-commonjs)) = 7.16.0 +Provides: bundled(npm(@grafana/data)) = 7.5.11 +Provides: bundled(npm(@grafana/runtime)) = 7.5.11 +Provides: bundled(npm(@grafana/toolkit)) = 7.5.11 +Provides: bundled(npm(@grafana/ui)) = 7.5.11 Provides: bundled(npm(@testing-library/jest-dom)) = 5.4.0 Provides: bundled(npm(@testing-library/react)) = 10.4.9 Provides: bundled(npm(@types/blueimp-md5)) = 2.18.0 @@ -81,15 +95,15 @@ Provides: bundled(npm(@types/enzyme-adapter-react-16)) = 1.0.6 Provides: bundled(npm(@types/expect-puppeteer)) = 3.3.1 Provides: bundled(npm(@types/jest)) = 26.0.15 Provides: bundled(npm(@types/jest-environment-puppeteer)) = 4.4.1 -Provides: bundled(npm(@types/lodash)) = 4.14.170 +Provides: bundled(npm(@types/lodash)) = 4.14.176 Provides: bundled(npm(@types/memoize-one)) = 5.1.2 Provides: bundled(npm(@types/react-autosuggest)) = 9.3.14 -Provides: bundled(npm(@types/react-redux)) = 7.1.16 +Provides: bundled(npm(@types/react-redux)) = 7.1.20 Provides: bundled(npm(@types/redux)) = 3.6.0 Provides: bundled(npm(@types/redux-persist)) = 4.3.1 Provides: bundled(npm(@types/redux-persist-transform-filter)) = 0.0.4 Provides: bundled(npm(babel-plugin-remove-object-properties)) = 1.0.2 -Provides: bundled(npm(blueimp-md5)) = 2.18.0 +Provides: bundled(npm(blueimp-md5)) = 2.19.0 Provides: bundled(npm(core-js)) = 2.6.12 Provides: bundled(npm(d3-flame-graph)) = 3.1.1 Provides: bundled(npm(d3-selection)) = 1.4.2 @@ -105,15 +119,15 @@ Provides: bundled(npm(loglevel-plugin-prefix)) = 0.8.4 Provides: bundled(npm(memoize-one)) = 4.1.0 Provides: bundled(npm(monaco-editor)) = 0.20.0 Provides: bundled(npm(monaco-editor-webpack-plugin)) = 1.9.0 -Provides: bundled(npm(prettier-plugin-organize-imports)) = 2.1.0 -Provides: bundled(npm(puppeteer)) = 10.0.0 +Provides: bundled(npm(prettier-plugin-organize-imports)) = 2.3.4 +Provides: bundled(npm(puppeteer)) = 10.4.0 Provides: bundled(npm(react-autosuggest)) = 10.1.0 Provides: bundled(npm(react-monaco-editor)) = 0.36.0 -Provides: bundled(npm(react-redux)) = 7.2.4 +Provides: bundled(npm(react-redux)) = 7.2.6 Provides: bundled(npm(react-use)) = 15.3.8 Provides: bundled(npm(redux)) = 3.7.2 Provides: bundled(npm(redux-persist)) = 4.10.2 -Provides: bundled(npm(redux-thunk)) = 2.3.0 +Provides: bundled(npm(redux-thunk)) = 2.4.0 Provides: bundled(npm(utility-types)) = 3.10.0 @@ -184,6 +198,9 @@ export GOPATH=%{_builddir} %changelog +* Fri Nov 12 2021 Andreas Gerstmayr 3.2.0-1 +- update to 3.2.0 tagged upstream community sources, see CHANGELOG + * Thu Jul 22 2021 Fedora Release Engineering - 3.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild diff --git a/sources b/sources deleted file mode 100644 index 7ce5c23..0000000 --- a/sources +++ /dev/null @@ -1,3 +0,0 @@ -SHA512 (grafana-pcp-3.1.0.tar.gz) = 8fa697f7490917d740f002f15c7346974ef0cfaeac3c6d5d2e53291f48ff4a72e50cca20a946b2b80f78557fd25d94c50dd1c0fd62c7a793ff7a79afd9d24b6a -SHA512 (grafana-pcp-webpack-3.1.0.tar.gz) = f8a7ffec375bad6d871f821549f81b948a89f6377e0181b9dce5f456137557be5ee8551914cea8d58811bfd957e91bee58441364b30cd6a474f55e6e890f3352 -SHA512 (grafana-pcp-vendor-3.1.0.tar.xz) = a7625d7788324b1c522532b10e161cd2efabd42d292edc2bbf651d1953997f1cc79ae22ffed23612ea19cc50ebef1c5772f9d348d1dbe6824a8fcd89dfe98309