diff --git a/.gitignore b/.gitignore index 03daa61..691f5e8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,5 @@ /grafana-*.tar.gz -/grafana-*.tar.gz.manifest +/grafana-*.tar.xz +/grafana-*.tar.xz.manifest /grafana-*/ *.rpm diff --git a/002-manpages.patch b/002-manpages.patch index ba614a4..949b8c1 100644 --- a/002-manpages.patch +++ b/002-manpages.patch @@ -4,7 +4,7 @@ index 0000000000..7ac2af882c --- /dev/null +++ b/docs/man/man1/grafana-cli.1 @@ -0,0 +1,60 @@ -+.TH GRAFANA "1" "November 2020" "Grafana cli version 7.3.1" "User Commands" ++.TH GRAFANA "1" "November 2020" "Grafana cli version 7.3.3" "User Commands" +.SH NAME +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -70,7 +70,7 @@ index 0000000000..c616268b31 --- /dev/null +++ b/docs/man/man1/grafana-server.1 @@ -0,0 +1,84 @@ -+.TH VERSION "1" "November 2020" "Version 7.3.1" "User Commands" ++.TH VERSION "1" "November 2020" "Version 7.3.3" "User Commands" +.SH NAME +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION diff --git a/Makefile b/Makefile index daf6b09..0f923ff 100644 --- a/Makefile +++ b/Makefile @@ -1,36 +1,38 @@ -all: grafana-vendor-go-$(VER).tar.gz \ - grafana-webpack-$(VER).tar.gz +all: grafana-$(VER).tar.gz \ + grafana-vendor-$(VER).tar.xz \ + grafana-webpack-$(VER).tar.gz grafana-$(VER).tar.gz grafana-$(VER)/: wget https://github.com/grafana/grafana/archive/v$(VER)/grafana-$(VER).tar.gz rm -rf grafana-$(VER) tar xfz grafana-$(VER).tar.gz - cd grafana-$(VER) && \ - for patch in ../*.patch; do patch -p1 < $$patch; done + cd grafana-$(VER) && shopt -s nullglob && \ + for patch in ../*.patch; do patch -p1 < $$patch; done -grafana-vendor-go-$(VER).tar.gz: grafana-$(VER)/ +grafana-vendor-$(VER).tar.xz: grafana-$(VER)/ + # Go cd grafana-$(VER) && go mod vendor -v - tar cfz $@ grafana-$(VER)/vendor awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-$(VER)/go.mod | \ - sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest + sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest -grafana-vendor-nodejs-$(VER).tar.gz: grafana-$(VER)/ + # Node.js cd grafana-$(VER) && yarn install --pure-lockfile - # Remove files with licensing issues find grafana-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \; find grafana-$(VER) -name '*.exe' -delete + ./list_bundled_nodejs_packages.py grafana-$(VER)/ >> $@.manifest - tar cfz $@ $$(find grafana-$(VER) -type d -name "node_modules" -prune) - ./list_bundled_nodejs_packages.py grafana-$(VER)/ > $@.manifest + # Create tarball + XZ_OPT=-9 tar cfJ $@ \ + grafana-$(VER)/vendor \ + $$(find grafana-$(VER) -type d -name "node_modules" -prune) grafana-webpack-$(VER).tar.gz: grafana-$(VER)/ cd grafana-$(VER) && \ - yarn install --pure-lockfile && \ - ../build_frontend.sh + yarn install --pure-lockfile && \ + ../build_frontend.sh tar cfz $@ grafana-$(VER)/public/build grafana-$(VER)/public/views grafana-$(VER)/plugins-bundled - ./list_bundled_nodejs_packages.py grafana-$(VER)/ > $@.manifest clean: - rm -rf *.tar.gz *.manifest *.rpm grafana-*/ + rm -rf *.tar.gz *.tar.xz *.manifest *.rpm grafana-*/ diff --git a/README.md b/README.md index 2de4948..9da524a 100644 --- a/README.md +++ b/README.md @@ -4,9 +4,9 @@ The grafana package ## Upgrade instructions (replace X.Y.Z with the new Grafana version) -* update `Version` and `%changelog` in the specfile -* create bundles and manifests: `VER=X.Y.Z make clean all` -* update specfile with contents of the `*.manifest` files +* update `Version`, `Release` and `%changelog` in the specfile +* create bundles and manifest: `VER=X.Y.Z make clean all` +* update specfile with contents of the `.manifest` file * check if the default configuration has changed: `diff grafana-X.Y.Z/conf/defaults.ini distro-defaults.ini` and update `distro-defaults.ini` if necessary * run local build: `rpkg local` * run rpm linter: `rpkg lint -r grafana.rpmlintrc` @@ -19,6 +19,6 @@ The grafana package * declare and apply (`%prep`) the patch in the specfile * if the patch affects Go or Node.js dependencies, or the webpack * create new tarballs and rename them to `grafana-...-X.Y.Z-R.tar.gz` - * update the specfile + * update the specfile with new tarball path and contents of the `.manifest` file Note: the Makefile automatically applies all patches before creating the tarballs diff --git a/distro-defaults.ini b/distro-defaults.ini index db0de31..62b1f3a 100644 --- a/distro-defaults.ini +++ b/distro-defaults.ini @@ -670,7 +670,7 @@ disable_total_stats = false basic_auth_username = basic_auth_password = -# Metrics environment info adds dimensions to the `grafana_environment_info` metric, which +# Metrics environment info adds dimensions to the `grafana_environment_info` metric, which # can expose more information about the Grafana instance. [metrics.environment_info] #exampleLabel1 = exampleValue1 @@ -705,6 +705,8 @@ sampler_type = const # and indicates the initial sampling rate before the actual one # is received from the mothership sampler_param = 1 +# sampling_server_url is the URL of a sampling manager providing a sampling strategy. +sampling_server_url = # Whether or not to use Zipkin span propagation (x-b3- HTTP headers). zipkin_propagation = false # Setting this to true disables shared RPC spans. @@ -768,6 +770,7 @@ enable_alpha = false app_tls_skip_verify_insecure = false # Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. allow_loading_unsigned_plugins = +marketplace_url = https://grafana.com/grafana/plugins/ #################################### Grafana Image Renderer Plugin ########################## [plugin.grafana-image-renderer] diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..eb7c84f --- /dev/null +++ b/gating.yaml @@ -0,0 +1,6 @@ +--- !Policy +product_versions: + - rhel-8 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional} diff --git a/grafana.rpmlintrc b/grafana.rpmlintrc index ff8b52d..9398089 100644 --- a/grafana.rpmlintrc +++ b/grafana.rpmlintrc @@ -13,4 +13,4 @@ addFilter("W: dangerous-command-in-%post chown") addFilter("W: strange-permission build_frontend.sh 755") addFilter("W: strange-permission list_bundled_nodejs_packages.py 755") -addFilter("W: %ifarch-applied-patch Patch.: 00.-skip-goldenfiles-tests.patch") +addFilter("W: %ifarch-applied-patch Patch.: 00.-skip-x86-goldenfiles-tests.patch") diff --git a/grafana.spec b/grafana.spec index e7863f3..0b24048 100644 --- a/grafana.spec +++ b/grafana.spec @@ -1,3 +1,15 @@ +%if 0%{?rhel} +# emulate macros defined by the go-rpm-macros package +# https://pagure.io/go-rpm-macros/blob/master/f/rpm/macros.d/macros.go-compilers-golang +%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback ${BUILDTAGS:-}" -ldflags "${LDFLAGS:-}%{?currentgoldflags} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags %{?__golang_extldflags}'" -a -v -x %{?**}; +%define gotestextldflags %__global_ldflags %{?__golang_extldflags} +%define gotest() GO111MODULE=off go test -buildmode pie -compiler gc -ldflags "${LDFLAGS:-}%{?currentgoldflags} -extldflags '%{gotestextldflags}'" %{?**}; +%endif + +# https://bugzilla.redhat.com/show_bug.cgi?id=1752991 +# unfortunately the go_arches macro doesn't reflect that change yet +ExcludeArch: i686 + %global grafana_arches %{lua: go_arches = {} for arch in rpm.expand("%{go_arches}"):gmatch("%S+") do go_arches[arch] = 1 @@ -13,7 +25,7 @@ end} %define compile_frontend 0 Name: grafana -Version: 7.3.1 +Version: 7.3.4 Release: 1%{?dist} Summary: Metrics dashboard and graph editor License: ASL 2.0 @@ -22,13 +34,10 @@ URL: https://grafana.org # Source0 contains the tagged upstream sources Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}-%{version}.tar.gz -# Source1 contains the bundled Go dependencies -Source1: grafana-vendor-go-%{version}.tar.gz +# Source1 contains the bundled Go and Node.js dependencies +Source1: grafana-vendor-%{version}.tar.xz -%if %{compile_frontend} -# Source2 contains the bundled Node.js dependencies -Source2: grafana-vendor-nodejs-%{version}.tar.gz -%else +%if %{compile_frontend} == 0 # Source2 contains the precompiled frontend Source2: grafana-webpack-%{version}.tar.gz %endif @@ -36,11 +45,11 @@ Source2: grafana-webpack-%{version}.tar.gz # Source3 contains Grafana configuration defaults for distributions Source3: distro-defaults.ini -# Source4 contains the script to build the frontend -Source4: build_frontend.sh +# Source4 contains the Makefile to create the required bundles +Source4: Makefile -# Source5 contains the Makefile to create the required bundles -Source5: Makefile +# Source5 contains the script to build the frontend +Source5: build_frontend.sh # Source6 contains the script to generate the list of bundled nodejs packages Source6: list_bundled_nodejs_packages.py @@ -62,6 +71,14 @@ Patch4: 004-skip-x86-goldenfiles-tests.patch # Intersection of go_arches and nodejs_arches ExclusiveArch: %{grafana_arches} +BuildRequires: git, systemd, golang, go-srpm-macros +%if 0%{?fedora} +BuildRequires: go-rpm-macros +%endif +%if %{compile_frontend} +BuildRequires: nodejs >= 1:12, nodejs < 1:13, yarnpkg +%endif + # omit golang debugsource, see BZ995136 and related %global dwz_low_mem_die_limit 0 %global _debugsource_template %{nil} @@ -74,40 +91,35 @@ ExclusiveArch: %{grafana_arches} %{?systemd_requires} Requires(pre): shadow-utils -BuildRequires: git, systemd, golang, go-srpm-macros, go-rpm-macros -%if %{compile_frontend} -BuildRequires: nodejs >= 1:12, nodejs < 1:13, yarnpkg -%endif - -Obsoletes: grafana-cloudwatch < 7.1.1-1 -Obsoletes: grafana-elasticsearch < 7.1.1-1 -Obsoletes: grafana-azure-monitor < 7.1.1-1 -Obsoletes: grafana-graphite < 7.1.1-1 -Obsoletes: grafana-influxdb < 7.1.1-1 -Obsoletes: grafana-loki < 7.1.1-1 -Obsoletes: grafana-mssql < 7.1.1-1 -Obsoletes: grafana-mysql < 7.1.1-1 -Obsoletes: grafana-opentsdb < 7.1.1-1 -Obsoletes: grafana-postgres < 7.1.1-1 -Obsoletes: grafana-prometheus < 7.1.1-1 -Obsoletes: grafana-stackdriver < 7.1.1-1 -Provides: grafana-cloudwatch = 7.1.1-1 -Provides: grafana-elasticsearch = 7.1.1-1 -Provides: grafana-azure-monitor = 7.1.1-1 -Provides: grafana-graphite = 7.1.1-1 -Provides: grafana-influxdb = 7.1.1-1 -Provides: grafana-loki = 7.1.1-1 -Provides: grafana-mssql = 7.1.1-1 -Provides: grafana-mysql = 7.1.1-1 -Provides: grafana-opentsdb = 7.1.1-1 -Provides: grafana-postgres = 7.1.1-1 -Provides: grafana-prometheus = 7.1.1-1 -Provides: grafana-stackdriver = 7.1.1-1 - %if 0%{?fedora} || 0%{?rhel} > 7 Recommends: grafana-pcp %endif +Obsoletes: grafana-cloudwatch < 7.3.4-1 +Obsoletes: grafana-elasticsearch < 7.3.4-1 +Obsoletes: grafana-azure-monitor < 7.3.4-1 +Obsoletes: grafana-graphite < 7.3.4-1 +Obsoletes: grafana-influxdb < 7.3.4-1 +Obsoletes: grafana-loki < 7.3.4-1 +Obsoletes: grafana-mssql < 7.3.4-1 +Obsoletes: grafana-mysql < 7.3.4-1 +Obsoletes: grafana-opentsdb < 7.3.4-1 +Obsoletes: grafana-postgres < 7.3.4-1 +Obsoletes: grafana-prometheus < 7.3.4-1 +Obsoletes: grafana-stackdriver < 7.3.4-1 +Provides: grafana-cloudwatch = 7.3.4-1 +Provides: grafana-elasticsearch = 7.3.4-1 +Provides: grafana-azure-monitor = 7.3.4-1 +Provides: grafana-graphite = 7.3.4-1 +Provides: grafana-influxdb = 7.3.4-1 +Provides: grafana-loki = 7.3.4-1 +Provides: grafana-mssql = 7.3.4-1 +Provides: grafana-mysql = 7.3.4-1 +Provides: grafana-opentsdb = 7.3.4-1 +Provides: grafana-postgres = 7.3.4-1 +Provides: grafana-prometheus = 7.3.4-1 +Provides: grafana-stackdriver = 7.3.4-1 + # vendored golang and node.js build dependencies # this is for security purposes, if nodejs-foo ever needs an update, # affected packages can be easily identified. @@ -136,14 +148,14 @@ Provides: bundled(golang(github.com/golang/protobuf)) = 1.4.2 Provides: bundled(golang(github.com/google/go-cmp)) = 0.5.0 Provides: bundled(golang(github.com/gosimple/slug)) = 1.4.2 Provides: bundled(golang(github.com/grafana/grafana-plugin-model)) = 0.0.0-20190930120109.1fc953a61fb4 -Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.78.0 +Provides: bundled(golang(github.com/grafana/grafana-plugin-sdk-go)) = 0.79.0 Provides: bundled(golang(github.com/grafana/loki)) = 1.6.0 Provides: bundled(golang(github.com/grpc-ecosystem/go-grpc-middleware)) = 1.2.1 Provides: bundled(golang(github.com/hashicorp/go-hclog)) = 0.12.2 Provides: bundled(golang(github.com/hashicorp/go-plugin)) = 1.2.2 Provides: bundled(golang(github.com/hashicorp/go-version)) = 1.2.0 Provides: bundled(golang(github.com/inconshreveable/log15)) = 0.0.0-20180818164646.67afb5ed74ec -Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.0.1 +Provides: bundled(golang(github.com/influxdata/influxdb-client-go/v2)) = 2.2.0 Provides: bundled(golang(github.com/jmespath/go-jmespath)) = 0.3.0 Provides: bundled(golang(github.com/jung-kurt/gofpdf)) = 1.10.1 Provides: bundled(golang(github.com/lib/pq)) = 1.3.0 @@ -184,7 +196,6 @@ Provides: bundled(golang(gopkg.in/square/go-jose.v2)) = 2.4.1 Provides: bundled(golang(gopkg.in/yaml.v2)) = 2.3.0 Provides: bundled(golang(xorm.io/core)) = 0.7.3 Provides: bundled(golang(xorm.io/xorm)) = 0.8.1 - Provides: bundled(npm(@babel/core)) = 7.6.2 Provides: bundled(npm(@babel/plugin-proposal-nullish-coalescing-operator)) = 7.8.3 Provides: bundled(npm(@babel/plugin-proposal-optional-chaining)) = 7.8.3 @@ -425,8 +436,8 @@ Graphite, InfluxDB & OpenTSDB. # remove bundled plugins source, otherwise they'll get merged # with the compiled bundled plugins when extracting the webpack rm -r plugins-bundled -%endif %setup -q -T -D -b 2 +%endif %patch1 -p1 %patch2 -p1 @@ -444,7 +455,7 @@ ln -s %{_builddir}/%{name}-%{version} \ %build # Build the frontend %if %{compile_frontend} -%{SOURCE4} +%{SOURCE5} %endif # Build the backend @@ -457,8 +468,8 @@ for cmd in grafana-cli grafana-server; do %gobuild -o %{_builddir}/bin/${cmd} ./pkg/cmd/${cmd} done -%install +%install # dirs, shared files, public html, webpack install -d %{buildroot}%{_sbindir} install -d %{buildroot}%{_datadir}/%{name} @@ -547,12 +558,12 @@ chmod 640 %{_sysconfdir}/%{name}/ldap.toml %check -# Frontend tests +# Test frontend %if %{compile_frontend} yarn test %endif -# Backend tests +# Test backend cd %{_builddir}/src/github.com/grafana/grafana export GOPATH=%{_builddir} @@ -609,23 +620,19 @@ export TZ=GMT %changelog -* Tue Nov 10 2020 Andreas Gerstmayr 7.3.1-1 -- update to 7.3.1 tagged upstream community sources, see CHANGELOG +* Wed Nov 25 2020 Andreas Gerstmayr 7.3.4-1 +- update to 7.3.4 tagged upstream community sources, see CHANGELOG +- bundle golang dependencies - optionally bundle node.js dependencies and build and test frontend as part of the specfile -- change default provisioning path to /etc/grafana/provisioning (changed in version 7.1.1-1) +- merge all datasources into main grafana package +- change default provisioning path to /etc/grafana/provisioning - resolve https://bugzilla.redhat.com/show_bug.cgi?id=1843170 -* Sat Aug 01 2020 Fedora Release Engineering - 7.1.1-2 -- Second attempt - Rebuilt for - https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild +* Thu Aug 20 2020 Andreas Gerstmayr 6.7.4-3 +- apply patch for CVE-2020-13430 also to sources, not only to compiled webpack -* Thu Jul 30 2020 Andreas Gerstmayr 7.1.1-1 -- update to 7.1.1 tagged upstream community sources, see CHANGELOG -- merge all datasources into main grafana package -- bundle golang dependencies - -* Tue Jul 28 2020 Fedora Release Engineering - 6.7.4-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild +* Wed Aug 19 2020 Andreas Gerstmayr 6.7.4-2 +- security fix for CVE-2020-13430 * Fri Jun 05 2020 Andreas Gerstmayr 6.7.4-1 - update to 6.7.4 tagged upstream community sources, see CHANGELOG diff --git a/list_bundled_nodejs_packages.py b/list_bundled_nodejs_packages.py index f5490c4..a7c5e22 100755 --- a/list_bundled_nodejs_packages.py +++ b/list_bundled_nodejs_packages.py @@ -33,12 +33,12 @@ def list_provides(declared_pkgs, installed_pkgs): if __name__ == "__main__": if len(sys.argv) != 2: - print(f"usage: {sys.argv[0]} grafana-X.Y.Z/", file=sys.stdout) + print(f"usage: {sys.argv[0]} package-X.Y.Z/", file=sys.stdout) sys.exit(1) - grafana_dir = sys.argv[1] - declared_pkgs = read_declared_pkgs(f"{grafana_dir}/package.json") - installed_pkgs = read_installed_pkgs(f"{grafana_dir}/yarn.lock") + package_dir = sys.argv[1] + declared_pkgs = read_declared_pkgs(f"{package_dir}/package.json") + installed_pkgs = read_installed_pkgs(f"{package_dir}/yarn.lock") provides = list_provides(declared_pkgs, installed_pkgs) for provide in sorted(provides): print(provide) diff --git a/sources b/sources index a6e73c7..7573f64 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (grafana-7.3.1.tar.gz) = 95e12158c58f99e5479aa042eccaed402957f3d05b8ecaf36aed8737ad3a33970a7204aeb1e6da1e58beb3144f29acf98ffa73b96fd6469ce73e66be0ac85f36 -SHA512 (grafana-vendor-go-7.3.1.tar.gz) = 76ae7c96f62a04ca3fa03dfd5637e257678ae740a494f81293c928e7b5735ef5cea51a1e5b7fb756f8ed0ad079dfa8f26249885253b6357519a2aa58737853c4 -SHA512 (grafana-webpack-7.3.1.tar.gz) = 6b1712177a53c1d7c6ee22c28ab3bd553c1b1b5b70539de4c9248ab97659a9ba862ab703280b607ac5664f6632ace8abc62c589983a3e635b73be0ed05d55b64 +6b9f76a23ca47e1f902f398bee5630c8 grafana-7.3.4.tar.gz +4e70175518dabed438421b3e73394841 grafana-vendor-7.3.4.tar.xz +fbbb00a1e7df6cf3296ffa85b886b2e4 grafana-webpack-7.3.4.tar.gz