.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1,3 +1,5 @@
-SOURCES/grafana-pcp-5.1.1.tar.gz
-SOURCES/grafana-pcp-vendor-5.1.1-8.tar.xz
-SOURCES/grafana-pcp-webpack-5.1.1-8.tar.gz
+/grafana-pcp-*.tar.gz
+/grafana-pcp-*.tar.xz
+/grafana-pcp-*.tar.xz.manifest
+/grafana-pcp*/
+*.rpm

.grafana-pcp.metadata

@@ -1,3 +0,0 @@
-3b2c6875861e93eade0ab4321a49dfd6c692ca7a SOURCES/grafana-pcp-5.1.1.tar.gz
-0da8deb75d3eefa38949925375c8097671174586 SOURCES/grafana-pcp-vendor-5.1.1-8.tar.xz
-f09017e8136fae1182ec8df6c76d2bac92733869 SOURCES/grafana-pcp-webpack-5.1.1-8.tar.gz

README.md

@@ -0,0 +1,45 @@
+# grafana-pcp
+The grafana-pcp package
+
+## Setup instructions
+* clone the upstream sources: `git clone https://github.com/performancecopilot/grafana-pcp && cd grafana-pcp`
+* checkout the version of the specfile: `git checkout <currentversion>`
+* apply existing patches: `git am ../0*.patch`
+
+## Upgrade instructions
+* follow the Setup instructions above
+* rebase to the new version: `git fetch && git rebase --onto <newversion> <oldversion>`
+  * rebasing `remove-unused-frontend-crypto.patch`: only apply the patch to `package.json` and run `yarn install`, then `yarn.lock` will get updated automatically
+* create new patches from the modified git commits: `git format-patch -N --no-stat --no-signature <newversion> && mv *.patch ..`
+* update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile
+* create bundles and manifest: `./create_bundles_in_container.sh`
+* update specfile with contents of the `.manifest` file
+* run local build: `rpkg local`
+* run rpmlint: `rpmlint -r grafana-pcp.rpmlintrc /tmp/rpkg/grafana-pcp-*/grafana-pcp-*.src.rpm /tmp/rpkg/grafana-pcp-*/x86_64/grafana-pcp-*.x86_64.rpm`
+* run a scratch build: `fedpkg scratch-build --srpm`
+* upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz`
+* commit new `sources` file
+
+## Patches
+* create the patch
+* declare and apply (`%prep`) the patch in the specfile
+* if the patch affects Go or Node.js dependencies, or the webpack
+  * update the `create_bundles.sh` script and apply the patch
+  * create new tarballs
+  * update the specfile with new tarball name and contents of the `.manifest` file
+
+### General guidelines
+* aim to apply all patches in the specfile
+* avoid rebuilding the tarballs
+
+Patches fall in several categories:
+  * modify dependency versions
+  * modify both sources and vendored dependencies (e.g. CVEs)
+  * modify the Node.js source (i.e. affect the webpack)
+  * some patches are conditional (e.g. FIPS)
+
+Patches cannot be applied twice.
+It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build.
+
+## Reproducible Bundles
+Run `./create_bundles_in_container.sh` to generate a reproducible vendor and webpack bundle.

gating.yaml

@@ -0,0 +1,9 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-aarch64.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-ppc64le.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-s390x.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-x86_64.functional}

grafana-pcp.rpmlintrc

@@ -0,0 +1,6 @@
+addFilter("W: invalid-url Source1: grafana-pcp-vendor-")
+addFilter("W: invalid-url Source2: grafana-pcp-webpack-")
+addFilter("W: files-duplicate /usr/share/performancecopilot-pcp-app/module.js.LICENSE.txt")
+addFilter("W: files-duplicate /usr/share/performancecopilot-pcp-app/.*/pcp-logo.svg")
+
+addFilter("W: obsolete-not-provided pcp-web")

grafana-pcp.spec

@@ -16,7 +16,7 @@ end}
 
 Name:           grafana-pcp
 Version:        5.1.1
-Release:        9%{?dist}
+Release:        10%{?dist}
 Summary:        Performance Co-Pilot Grafana Plugin
 License:        ASL 2.0
 URL:            https://github.com/performancecopilot/grafana-pcp
@@ -40,15 +40,12 @@ Patch1:         0001-remove-unused-frontend-crypto.patch
 Patch2:         0002-add-uwsgi-dashboard.patch
 
 # Intersection of go_arches and nodejs_arches
-ExclusiveArch: %{grafanapcp_arches}
-
+ExclusiveArch:  %{grafanapcp_arches}
 
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  golang
 BuildRequires:  go-srpm-macros
-%if 0%{?rhel} >= 9
 BuildRequires:  go-rpm-macros
-%endif
 
 %if %{compile_frontend}
 BuildRequires:  make, nodejs >= 1:14, yarnpkg, golang-github-google-jsonnet
@@ -194,22 +191,36 @@ yarn test
 
 
 %changelog
-* Thu Oct 10 2024 Sam Feifer <sfeifer@redhat.com> - 5.1.1-9
-- Resolves RHEL-61780: CVE-2024-9355
+* Fri Oct 18 2024 Sam Feifer <sfeifer@redhat.com> - 5.1.1-10
+- Resolves: RHEL-57931
 
 * Mon Jul 8 2024 Sam Feifer <sfeifer@redhat.com> - 5.1.1-8
 - Add a premade uwsgi dashboard for the vector datasource
 
-* Tue Apr 16 2024 Sam Feifer <sfeifer@redhat.com> 5.1.1-2
+* Tue May 7 2024 Sam Feifer <sfeifer@redhat.com> 5.1.1-3
+- bump release number
+
+* Mon May 6 2024 Sam Feifer <sfeifer@redhat.com> 5.1.1-2
 - fix CVE-2024-1394
 
-* Thu Apr 20 2023 Stan Cox <scox@redhat.com> 5.1.1-1
+* Thu Oct 27 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 5.1.1-1
 - update to 5.1.1 tagged upstream community sources, see CHANGELOG
+- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
 
-* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 3.2.0-3
-- resolve CVE-2022-27664 grafana-pcp: golang: net/http: handle server errors after sending GOAWAY
+* Mon Sep 19 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 5.0.0-4
+- update to 5.0.0 tagged upstream community sources, see CHANGELOG
+- install plugin in /usr/share and create symlink from /var using
+  systemd-tmpfiles to work on rpm-ostree based distributions
+- revert the breaking change (change of internal plugin IDs) of upstream v5.0.0,
+  i.e. there are no breaking changes when performing this upgrade
+- enable Go modules in build process
+- make vendor and webpack tarballs reproducible
+- drop makefile in favor of create_bundles.sh script
 
-* Wed Aug 10 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 3.2.0-2
+* Wed Aug 24 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 3.2.0-3
+- bump NVR
+
+* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 3.2.0-2
 - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
 - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
 - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
@@ -220,10 +231,24 @@ yarn test
 * Fri Nov 12 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 3.2.0-1
 - update to 3.2.0 tagged upstream community sources, see CHANGELOG
 
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 3.1.0-2
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
 * Fri Jun 25 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 3.1.0-1
 - update to 3.1.0 tagged upstream community sources, see CHANGELOG
 - remove unused cryptographic implementations
 
+* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-4
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
 * Fri Jan 22 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 3.0.2-1
 - update to 3.0.2 tagged upstream community sources, see CHANGELOG
 
@@ -234,31 +259,44 @@ yarn test
 - update to 3.0.0 tagged upstream community sources, see CHANGELOG
 - bundle golang dependencies and (optionally) node.js dependencies
 
-* Fri Aug 07 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 2.0.2-3
-- bpftrace: show process name and PID in flame graphs
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
 
-* Fri Jul 24 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 2.0.2-2
-- vector: do not show all cgroups in the container overview dashboard in case no containers are present on the system
+* Tue Feb 25 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 2.0.2-1
+- vector, redis: remove autocompletion cache (PCP metrics can be added and removed dynamically)
 
-* Mon May 11 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 2.0.2-1
-- update to upstream version 2.0.2, see CHANGELOG
+* Thu Feb 20 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 2.0.1-1
+- support for Grafana 6.6+, drop support for Grafana < 6.6
+- vector, bpftrace: fix version checks on dashboard load (prevent multiple pmcd.version checks on dashboard load)
+- vector, bpftrace: change datasource check box to red if URL is inaccessible
+- redis: add tests
+- flame graphs: support multidimensional eBPF maps (required to display e.g. the process name)
+- dashboards: remove BCC metrics from Vector host overview (because the BCC PMDA is not installed by default)
+- misc: update dependencies
+- build: fix production build (implement workaround for https://github.com/systemjs/systemjs/issues/2117, https://github.com/grafana/grafana/issues/21785)
 
-* Tue Jan 28 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.5-3
-- redis: pass correct timespec to pmproxy (fixes empty graphs for large time ranges)
+* Wed Jan 29 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.7-1
+- redis: fix timespec (fixes empty graphs for large time ranges)
 
-* Tue Jan 07 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.5-2
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Jan 07 2020 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.6-1
 - redis: support wildcards in metric names
-- redis: fix legend and label support
+- redis: fix label support
+- redis: fix legends
+- redis: set default sample interval to 60s (fixes empty graph borders)
+- build: upgrade copy-webpack-plugin to mitigate XSS vulnerability in the serialize-javascript transitive dependency
+- build: remove deprecated uglify-webpack-plugin
 
-* Mon Dec 16 2019 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.5-1
-- upgrade to upstream 1.0.5
+* Thu Dec 12 2019 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.4-2
+- remove node_modules/node-notifier directory from webpack (due to licensing issues)
+
+* Wed Dec 11 2019 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.4-1
 - flame graphs: clean flame graph stacks every 5s (reduces CPU load)
 - general: implement PCP version checks
-- redis: set default sample interval to 60s (fixes empty graph borders)
-
-* Mon Dec 16 2019 Andreas Gerstmayr <agerstmayr@redhat.com> 1.0.3-2
-- remove node_modules/node-notifier directory from webpack (due to licensing issues)
-- upgrade copy-webpack-plugin, terser-webpack-plugin and remove uglifyjs-webpack-plugin to mitigate XSS vulnerability in serialize-javascript dependency
+- build: remove weak dependency (doesn't work with Node.js 12)
+- build: upgrade terser-webpack-plugin to mitigate XSS vulnerability in the serialize-javascript transitive dependency
 
 * Tue Nov 26 2019 Nathan Scott <nathans@redhat.com> 1.0.3-1
 - fix flame graph dependency (flamegraph.destroy error in javascript console)

plans/gating.fmf

@@ -0,0 +1,7 @@
+summary: CI Gating Plan
+discover:
+    how: fmf
+    filter: tag:gating
+    url: https://src.fedoraproject.org/rpms/grafana-pcp
+execute:
+    how: tmt

sources

@@ -0,0 +1,3 @@
+SHA512 (grafana-pcp-5.1.1.tar.gz) = 697dfbe1e5cd5d66080197dab2798af0965747a4460d15e62c3497f64674bcc77fc776ac5c95cb7043dcf534e8e0eae47afd7500a5851a0d35ad1062e8d4ac2e
+SHA512 (grafana-pcp-webpack-5.1.1-8.tar.gz) = 77e9e6f306425983808f414662cbb2db9077e7c9fcca36a33033e56b527b339d40415df54fb63465ddd701861f89da19b7f1524eb5aa05c1425f3870e017d467
+SHA512 (grafana-pcp-vendor-5.1.1-8.tar.xz) = 239eab5405d42769c8f77f408de06588c299ee0df7ea22c5509a32274380670dad560279cff27ebf2b1814bf293dda27c772989b3f6a0777c591397a07583f04