From 7f0368f33d0a6d57f436263549ae1fbe11c77832 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Thu, 30 Sep 2021 14:16:39 +0200 Subject: [PATCH] update to upstream version 7.5.10 --- .gitignore | 2 +- 002-manpages.patch | 4 +- ...9-patch-unused-backend-crypto.vendor.patch | 0 010-fips.patch => 010-fips.cond.patch | 0 Makefile | 71 ++++++++++--------- README.md | 16 +++-- grafana.spec | 20 +++--- sources | 6 +- 8 files changed, 63 insertions(+), 56 deletions(-) rename 009-patch-unused-backend-crypto.patch => 009-patch-unused-backend-crypto.vendor.patch (100%) rename 010-fips.patch => 010-fips.cond.patch (100%) diff --git a/.gitignore b/.gitignore index 691f5e8..9a01bf3 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,5 @@ /grafana-*.tar.gz /grafana-*.tar.xz /grafana-*.tar.xz.manifest -/grafana-*/ +/grafana*/ *.rpm diff --git a/002-manpages.patch b/002-manpages.patch index ccc1385..e87d709 100644 --- a/002-manpages.patch +++ b/002-manpages.patch @@ -4,7 +4,7 @@ index 0000000000..7ac2af882c --- /dev/null +++ b/docs/man/man1/grafana-cli.1 @@ -0,0 +1,60 @@ -+.TH GRAFANA "1" "June 2021" "Grafana cli version 7.5.9" "User Commands" ++.TH GRAFANA "1" "September 2021" "Grafana cli version 7.5.10" "User Commands" +.SH NAME +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -70,7 +70,7 @@ index 0000000000..c616268b31 --- /dev/null +++ b/docs/man/man1/grafana-server.1 @@ -0,0 +1,72 @@ -+.TH VERSION "1" "June 2021" "Version 7.5.9" "User Commands" ++.TH VERSION "1" "September 2021" "Version 7.5.10" "User Commands" +.SH NAME +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION diff --git a/009-patch-unused-backend-crypto.patch b/009-patch-unused-backend-crypto.vendor.patch similarity index 100% rename from 009-patch-unused-backend-crypto.patch rename to 009-patch-unused-backend-crypto.vendor.patch diff --git a/010-fips.patch b/010-fips.cond.patch similarity index 100% rename from 010-fips.patch rename to 010-fips.cond.patch diff --git a/Makefile b/Makefile index acd932c..eff9c98 100644 --- a/Makefile +++ b/Makefile @@ -1,19 +1,17 @@ -ifndef VER - $(error VER is undefined) -endif -ifndef REL - $(error REL is undefined) -endif +VERSION := $(shell rpm --specfile *.spec --qf '%{VERSION}\n' | head -1) +RELEASE := $(shell rpm --specfile *.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) NAME := grafana RPM_NAME := $(NAME) -SOURCE_DIR := $(NAME)-$(VER) -SOURCE_TAR := $(NAME)-$(VER).tar.gz -VENDOR_TAR := $(RPM_NAME)-vendor-$(VER)-$(REL).tar.xz -WEBPACK_TAR := $(RPM_NAME)-webpack-$(VER)-$(REL).tar.gz +SOURCE_DIR := $(NAME)-$(VERSION) +SOURCE_TAR := $(NAME)-$(VERSION).tar.gz +VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz +WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz -ALL_PATCHES := $(wildcard *.patch) -PATCHES_TO_APPLY := $(filter-out 009-patch-unused-backend-crypto.patch 010-fips.patch,$(ALL_PATCHES)) +ALL_PATCHES := $(sort $(wildcard *.patch)) +VENDOR_PATCHES := $(sort $(wildcard *.vendor.patch)) +COND_PATCHES := $(sort $(wildcard *.cond.patch)) +REGULAR_PATCHES := $(filter-out $(VENDOR_PATCHES) $(COND_PATCHES),$(ALL_PATCHES)) all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR) @@ -21,43 +19,46 @@ $(SOURCE_TAR): spectool -g $(RPM_NAME).spec $(VENDOR_TAR): $(SOURCE_TAR) - rm -rf grafana-$(VER) - tar xfz grafana-$(VER).tar.gz + rm -rf $(SOURCE_DIR) + tar xf $(SOURCE_TAR) - # patches can affect Go or Node.js dependencies, or the webpack - for patch in $(PATCHES_TO_APPLY); do patch -d grafana-$(VER) -p1 --fuzz=0 < $$patch; done + # Patches to apply before vendoring + for patch in $(REGULAR_PATCHES); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done # Go - cd grafana-$(VER) && go mod vendor -v + cd $(SOURCE_DIR) && go mod vendor -v # Remove unused crypto - rm grafana-$(VER)/vendor/golang.org/x/crypto/cast5/cast5.go - rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/ed25519.go - rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go - rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go - rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go - rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go - awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-$(VER)/go.mod | \ + rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/cast5/cast5.go + rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/ed25519.go + rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go + rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go + rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go + rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go + awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' $(SOURCE_DIR)/go.mod | \ sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest # Node.js - cd grafana-$(VER) && yarn install --pure-lockfile + cd $(SOURCE_DIR) && yarn install --pure-lockfile # Remove files with licensing issues - find grafana-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \; - find grafana-$(VER) -type d -name 'property-information' -prune -exec rm -r {} \; - find grafana-$(VER) -type f -name '*.exe' -delete - rm -r grafana-$(VER)/node_modules/visjs-network/examples - ./list_bundled_nodejs_packages.py grafana-$(VER)/ >> $@.manifest + find $(SOURCE_DIR) -type d -name 'node-notifier' -prune -exec rm -r {} \; + find $(SOURCE_DIR) -type d -name 'property-information' -prune -exec rm -r {} \; + find $(SOURCE_DIR) -type f -name '*.exe' -delete + rm -r $(SOURCE_DIR)/node_modules/visjs-network/examples + ./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest + + # Patches to apply after vendoring + for patch in $(VENDOR_PATCHES); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done # Create tarball - XZ_OPT=-9 tar cfJ $@ \ - grafana-$(VER)/vendor \ - $$(find grafana-$(VER) -type d -name "node_modules" -prune) + time XZ_OPT=-9 tar cJf $@ \ + $(SOURCE_DIR)/vendor \ + $$(find $(SOURCE_DIR) -type d -name "node_modules" -prune) $(WEBPACK_TAR): $(VENDOR_TAR) - cd grafana-$(VER) && \ + cd $(SOURCE_DIR) && \ ../build_frontend.sh - tar cfz $@ grafana-$(VER)/public/build grafana-$(VER)/public/views grafana-$(VER)/plugins-bundled + tar cfz $@ $(SOURCE_DIR)/public/build $(SOURCE_DIR)/public/views $(SOURCE_DIR)/plugins-bundled clean: rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/ diff --git a/README.md b/README.md index 0dc6a50..7d9b4ee 100644 --- a/README.md +++ b/README.md @@ -2,10 +2,8 @@ The grafana package ## Upgrade instructions -(replace X.Y.Z and R with the new Grafana version) - -* update `Version`, `Release` and `%changelog` in the specfile -* create bundles and manifest: `VER=X.Y.Z REL=R make clean all` +* update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile +* create bundles and manifest: `make clean all` * update specfile with contents of the `.manifest` file * check if the default configuration has changed: `diff grafana-X.Y.Z/conf/defaults.ini distro-defaults.ini` and update `distro-defaults.ini` if necessary * update the manpages patch in `002-manpages.patch` and other patches if required @@ -14,15 +12,21 @@ The grafana package * run local builds with different OS versions: `./run_container_build.sh fedora-version` * run a scratch build: `fedpkg scratch-build --srpm` * upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz` +* commit new `sources` file ## Backporting * create the patch * declare and apply (`%prep`) the patch in the specfile * if the patch affects Go or Node.js dependencies, or the webpack - * create new tarballs and rename them to `grafana-...-X.Y.Z-R.tar.gz` + * create new tarballs * update the specfile with new tarball path and contents of the `.manifest` file -Note: the Makefile automatically applies all patches before creating the tarballs +Note: the Makefile automatically applies patches before creating the tarballs + +## Patches +* `*.patch`: regular patches applied to the source, applied in the Makefile before vendoring and in the specfile (e.g. updating dependencies) +* `*.vendor.patch`: patches applied to the vendor tarball (e.g. patching vendored sources before generating a webpack) +* `*.cond.patch`: conditionally applied patches in the specfile ## Verification * compare the list of files with the upstream RPM at https://grafana.com/grafana/download diff --git a/grafana.spec b/grafana.spec index 80d58c5..9328f56 100644 --- a/grafana.spec +++ b/grafana.spec @@ -19,8 +19,8 @@ end} %endif Name: grafana -Version: 7.5.9 -Release: 4%{?dist} +Version: 7.5.10 +Release: 1%{?dist} Summary: Metrics dashboard and graph editor License: ASL 2.0 URL: https://grafana.org @@ -30,14 +30,14 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name} # Source1 contains the bundled Go and Node.js dependencies # Note: In case there were no changes to this tarball, the NVR of this tarball -# lags behind the NVR of the Grafana package. -Source1: grafana-vendor-%{version}-2.tar.xz +# lags behind the NVR of this package. +Source1: grafana-vendor-%{version}-1.tar.xz %if %{compile_frontend} == 0 # Source2 contains the precompiled frontend # Note: In case there were no changes to this tarball, the NVR of this tarball -# lags behind the NVR of the Grafana package. -Source2: grafana-webpack-%{version}-2.tar.gz +# lags behind the NVR of this package. +Source2: grafana-webpack-%{version}-1.tar.gz %endif # Source3 contains Grafana configuration defaults for distributions @@ -75,11 +75,11 @@ Patch8: 008-remove-unused-frontend-crypto.patch # The Makefile removes a few files with crypto implementations # from the vendor tarball, which are not used in Grafana. # This patch removes all references to the deleted files. -Patch9: 009-patch-unused-backend-crypto.patch +Patch9: 009-patch-unused-backend-crypto.vendor.patch # This patch modifies the x/crypto/pbkdf2 function to use OpenSSL # if FIPS mode is enabled. -Patch10: 010-fips.patch +Patch10: 010-fips.cond.patch # Intersection of go_arches and nodejs_arches ExclusiveArch: %{grafana_arches} @@ -478,7 +478,6 @@ rm -r plugins-bundled %patch5 -p1 %patch6 -p1 %patch8 -p1 -%patch9 -p1 %if %{enable_fips_mode} %patch10 -p1 %endif @@ -706,6 +705,9 @@ GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption %changelog +* Thu Sep 30 2021 Andreas Gerstmayr 7.5.10-1 +- update to 7.5.10 tagged upstream community sources, see CHANGELOG + * Mon Aug 16 2021 Andreas Gerstmayr 7.5.9-4 - rebuild to resolve CVE-2021-34558 diff --git a/sources b/sources index 7fc6d99..bbd71f0 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (grafana-7.5.9.tar.gz) = f90f551e016673449e2c8c1df310ee2caa69220883be4ed1e8d5e7a42dcb9665d33cacc211ec6adf3c97f8a545ce49324827ab8d65e79f1147be73b1ea71ef1b -SHA512 (grafana-webpack-7.5.9-2.tar.gz) = 79b73fe7b4362eaa9a5c451b3a01904fe29b998220c4d11cf563af797289c3ac721073d7245a87f27c7c375f00dbd09b82a293a808b6ca5774ceb0ce4fbe2b86 -SHA512 (grafana-vendor-7.5.9-2.tar.xz) = a505e9c428979f03892f8055fc982b5af80cd04cf57d380995526a261aa23a639e0d9a65dd52c89248a98260ae6fca5b4a0d8ac4fbc08bf88dffbb8c90f4116e +SHA512 (grafana-7.5.10.tar.gz) = 6216f8deb0cd13ecda9fa95b1dc2b1fcd70de8b401e55579d79e923be412d3a64abaecbacc5a66c9667053dc31c7325f238a4b0a7058c8781a48bd276f491514 +SHA512 (grafana-webpack-7.5.10-1.tar.gz) = 9080f00ff06299a4a056902da3833b53a72b1b662769b575b0d620b882a1ffba183d26ba067442b57673b6f3737b72e1c71ac8535b2e0242590aae004c65e41f +SHA512 (grafana-vendor-7.5.10-1.tar.xz) = f7d10af0cd72430268b18d439081aa132cf3d1095b8be8558a678fb5c6736991700d6f0ed7d5db177e97cd8870b763bef1356f5017899899597119743b849265