update to upstream version 7.5.10

This commit is contained in:
Andreas Gerstmayr 2021-09-30 14:16:39 +02:00
parent b1a75dfdd6
commit 7f0368f33d
8 changed files with 63 additions and 56 deletions

2
.gitignore vendored
View File

@ -1,5 +1,5 @@
/grafana-*.tar.gz /grafana-*.tar.gz
/grafana-*.tar.xz /grafana-*.tar.xz
/grafana-*.tar.xz.manifest /grafana-*.tar.xz.manifest
/grafana-*/ /grafana*/
*.rpm *.rpm

View File

@ -4,7 +4,7 @@ index 0000000000..7ac2af882c
--- /dev/null --- /dev/null
+++ b/docs/man/man1/grafana-cli.1 +++ b/docs/man/man1/grafana-cli.1
@@ -0,0 +1,60 @@ @@ -0,0 +1,60 @@
+.TH GRAFANA "1" "June 2021" "Grafana cli version 7.5.9" "User Commands" +.TH GRAFANA "1" "September 2021" "Grafana cli version 7.5.10" "User Commands"
+.SH NAME +.SH NAME
+grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
+.SH DESCRIPTION +.SH DESCRIPTION
@ -70,7 +70,7 @@ index 0000000000..c616268b31
--- /dev/null --- /dev/null
+++ b/docs/man/man1/grafana-server.1 +++ b/docs/man/man1/grafana-server.1
@@ -0,0 +1,72 @@ @@ -0,0 +1,72 @@
+.TH VERSION "1" "June 2021" "Version 7.5.9" "User Commands" +.TH VERSION "1" "September 2021" "Version 7.5.10" "User Commands"
+.SH NAME +.SH NAME
+grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
+.SH DESCRIPTION +.SH DESCRIPTION

View File

@ -1,19 +1,17 @@
ifndef VER VERSION := $(shell rpm --specfile *.spec --qf '%{VERSION}\n' | head -1)
$(error VER is undefined) RELEASE := $(shell rpm --specfile *.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1)
endif
ifndef REL
$(error REL is undefined)
endif
NAME := grafana NAME := grafana
RPM_NAME := $(NAME) RPM_NAME := $(NAME)
SOURCE_DIR := $(NAME)-$(VER) SOURCE_DIR := $(NAME)-$(VERSION)
SOURCE_TAR := $(NAME)-$(VER).tar.gz SOURCE_TAR := $(NAME)-$(VERSION).tar.gz
VENDOR_TAR := $(RPM_NAME)-vendor-$(VER)-$(REL).tar.xz VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz
WEBPACK_TAR := $(RPM_NAME)-webpack-$(VER)-$(REL).tar.gz WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz
ALL_PATCHES := $(wildcard *.patch) ALL_PATCHES := $(sort $(wildcard *.patch))
PATCHES_TO_APPLY := $(filter-out 009-patch-unused-backend-crypto.patch 010-fips.patch,$(ALL_PATCHES)) VENDOR_PATCHES := $(sort $(wildcard *.vendor.patch))
COND_PATCHES := $(sort $(wildcard *.cond.patch))
REGULAR_PATCHES := $(filter-out $(VENDOR_PATCHES) $(COND_PATCHES),$(ALL_PATCHES))
all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR) all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR)
@ -21,43 +19,46 @@ $(SOURCE_TAR):
spectool -g $(RPM_NAME).spec spectool -g $(RPM_NAME).spec
$(VENDOR_TAR): $(SOURCE_TAR) $(VENDOR_TAR): $(SOURCE_TAR)
rm -rf grafana-$(VER) rm -rf $(SOURCE_DIR)
tar xfz grafana-$(VER).tar.gz tar xf $(SOURCE_TAR)
# patches can affect Go or Node.js dependencies, or the webpack # Patches to apply before vendoring
for patch in $(PATCHES_TO_APPLY); do patch -d grafana-$(VER) -p1 --fuzz=0 < $$patch; done for patch in $(REGULAR_PATCHES); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
# Go # Go
cd grafana-$(VER) && go mod vendor -v cd $(SOURCE_DIR) && go mod vendor -v
# Remove unused crypto # Remove unused crypto
rm grafana-$(VER)/vendor/golang.org/x/crypto/cast5/cast5.go rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/cast5/cast5.go
rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/ed25519.go rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/ed25519.go
rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go
rm grafana-$(VER)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go
rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
rm grafana-$(VER)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' grafana-$(VER)/go.mod | \ awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' $(SOURCE_DIR)/go.mod | \
sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest
# Node.js # Node.js
cd grafana-$(VER) && yarn install --pure-lockfile cd $(SOURCE_DIR) && yarn install --pure-lockfile
# Remove files with licensing issues # Remove files with licensing issues
find grafana-$(VER) -type d -name 'node-notifier' -prune -exec rm -r {} \; find $(SOURCE_DIR) -type d -name 'node-notifier' -prune -exec rm -r {} \;
find grafana-$(VER) -type d -name 'property-information' -prune -exec rm -r {} \; find $(SOURCE_DIR) -type d -name 'property-information' -prune -exec rm -r {} \;
find grafana-$(VER) -type f -name '*.exe' -delete find $(SOURCE_DIR) -type f -name '*.exe' -delete
rm -r grafana-$(VER)/node_modules/visjs-network/examples rm -r $(SOURCE_DIR)/node_modules/visjs-network/examples
./list_bundled_nodejs_packages.py grafana-$(VER)/ >> $@.manifest ./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest
# Patches to apply after vendoring
for patch in $(VENDOR_PATCHES); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
# Create tarball # Create tarball
XZ_OPT=-9 tar cfJ $@ \ time XZ_OPT=-9 tar cJf $@ \
grafana-$(VER)/vendor \ $(SOURCE_DIR)/vendor \
$$(find grafana-$(VER) -type d -name "node_modules" -prune) $$(find $(SOURCE_DIR) -type d -name "node_modules" -prune)
$(WEBPACK_TAR): $(VENDOR_TAR) $(WEBPACK_TAR): $(VENDOR_TAR)
cd grafana-$(VER) && \ cd $(SOURCE_DIR) && \
../build_frontend.sh ../build_frontend.sh
tar cfz $@ grafana-$(VER)/public/build grafana-$(VER)/public/views grafana-$(VER)/plugins-bundled tar cfz $@ $(SOURCE_DIR)/public/build $(SOURCE_DIR)/public/views $(SOURCE_DIR)/plugins-bundled
clean: clean:
rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/ rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/

View File

@ -2,10 +2,8 @@
The grafana package The grafana package
## Upgrade instructions ## Upgrade instructions
(replace X.Y.Z and R with the new Grafana version) * update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile
* create bundles and manifest: `make clean all`
* update `Version`, `Release` and `%changelog` in the specfile
* create bundles and manifest: `VER=X.Y.Z REL=R make clean all`
* update specfile with contents of the `.manifest` file * update specfile with contents of the `.manifest` file
* check if the default configuration has changed: `diff grafana-X.Y.Z/conf/defaults.ini distro-defaults.ini` and update `distro-defaults.ini` if necessary * check if the default configuration has changed: `diff grafana-X.Y.Z/conf/defaults.ini distro-defaults.ini` and update `distro-defaults.ini` if necessary
* update the manpages patch in `002-manpages.patch` and other patches if required * update the manpages patch in `002-manpages.patch` and other patches if required
@ -14,15 +12,21 @@ The grafana package
* run local builds with different OS versions: `./run_container_build.sh fedora-version` * run local builds with different OS versions: `./run_container_build.sh fedora-version`
* run a scratch build: `fedpkg scratch-build --srpm` * run a scratch build: `fedpkg scratch-build --srpm`
* upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz` * upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz`
* commit new `sources` file
## Backporting ## Backporting
* create the patch * create the patch
* declare and apply (`%prep`) the patch in the specfile * declare and apply (`%prep`) the patch in the specfile
* if the patch affects Go or Node.js dependencies, or the webpack * if the patch affects Go or Node.js dependencies, or the webpack
* create new tarballs and rename them to `grafana-...-X.Y.Z-R.tar.gz` * create new tarballs
* update the specfile with new tarball path and contents of the `.manifest` file * update the specfile with new tarball path and contents of the `.manifest` file
Note: the Makefile automatically applies all patches before creating the tarballs Note: the Makefile automatically applies patches before creating the tarballs
## Patches
* `*.patch`: regular patches applied to the source, applied in the Makefile before vendoring and in the specfile (e.g. updating dependencies)
* `*.vendor.patch`: patches applied to the vendor tarball (e.g. patching vendored sources before generating a webpack)
* `*.cond.patch`: conditionally applied patches in the specfile
## Verification ## Verification
* compare the list of files with the upstream RPM at https://grafana.com/grafana/download * compare the list of files with the upstream RPM at https://grafana.com/grafana/download

View File

@ -19,8 +19,8 @@ end}
%endif %endif
Name: grafana Name: grafana
Version: 7.5.9 Version: 7.5.10
Release: 4%{?dist} Release: 1%{?dist}
Summary: Metrics dashboard and graph editor Summary: Metrics dashboard and graph editor
License: ASL 2.0 License: ASL 2.0
URL: https://grafana.org URL: https://grafana.org
@ -30,14 +30,14 @@ Source0: https://github.com/grafana/grafana/archive/v%{version}/%{name}
# Source1 contains the bundled Go and Node.js dependencies # Source1 contains the bundled Go and Node.js dependencies
# Note: In case there were no changes to this tarball, the NVR of this tarball # Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of the Grafana package. # lags behind the NVR of this package.
Source1: grafana-vendor-%{version}-2.tar.xz Source1: grafana-vendor-%{version}-1.tar.xz
%if %{compile_frontend} == 0 %if %{compile_frontend} == 0
# Source2 contains the precompiled frontend # Source2 contains the precompiled frontend
# Note: In case there were no changes to this tarball, the NVR of this tarball # Note: In case there were no changes to this tarball, the NVR of this tarball
# lags behind the NVR of the Grafana package. # lags behind the NVR of this package.
Source2: grafana-webpack-%{version}-2.tar.gz Source2: grafana-webpack-%{version}-1.tar.gz
%endif %endif
# Source3 contains Grafana configuration defaults for distributions # Source3 contains Grafana configuration defaults for distributions
@ -75,11 +75,11 @@ Patch8: 008-remove-unused-frontend-crypto.patch
# The Makefile removes a few files with crypto implementations # The Makefile removes a few files with crypto implementations
# from the vendor tarball, which are not used in Grafana. # from the vendor tarball, which are not used in Grafana.
# This patch removes all references to the deleted files. # This patch removes all references to the deleted files.
Patch9: 009-patch-unused-backend-crypto.patch Patch9: 009-patch-unused-backend-crypto.vendor.patch
# This patch modifies the x/crypto/pbkdf2 function to use OpenSSL # This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
# if FIPS mode is enabled. # if FIPS mode is enabled.
Patch10: 010-fips.patch Patch10: 010-fips.cond.patch
# Intersection of go_arches and nodejs_arches # Intersection of go_arches and nodejs_arches
ExclusiveArch: %{grafana_arches} ExclusiveArch: %{grafana_arches}
@ -478,7 +478,6 @@ rm -r plugins-bundled
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch8 -p1 %patch8 -p1
%patch9 -p1
%if %{enable_fips_mode} %if %{enable_fips_mode}
%patch10 -p1 %patch10 -p1
%endif %endif
@ -706,6 +705,9 @@ GOLANG_FIPS=1 go test -v ./pkg/util -run TestEncryption
%changelog %changelog
* Thu Sep 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.10-1
- update to 7.5.10 tagged upstream community sources, see CHANGELOG
* Mon Aug 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-4 * Mon Aug 16 2021 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.9-4
- rebuild to resolve CVE-2021-34558 - rebuild to resolve CVE-2021-34558

View File

@ -1,3 +1,3 @@
SHA512 (grafana-7.5.9.tar.gz) = f90f551e016673449e2c8c1df310ee2caa69220883be4ed1e8d5e7a42dcb9665d33cacc211ec6adf3c97f8a545ce49324827ab8d65e79f1147be73b1ea71ef1b SHA512 (grafana-7.5.10.tar.gz) = 6216f8deb0cd13ecda9fa95b1dc2b1fcd70de8b401e55579d79e923be412d3a64abaecbacc5a66c9667053dc31c7325f238a4b0a7058c8781a48bd276f491514
SHA512 (grafana-webpack-7.5.9-2.tar.gz) = 79b73fe7b4362eaa9a5c451b3a01904fe29b998220c4d11cf563af797289c3ac721073d7245a87f27c7c375f00dbd09b82a293a808b6ca5774ceb0ce4fbe2b86 SHA512 (grafana-webpack-7.5.10-1.tar.gz) = 9080f00ff06299a4a056902da3833b53a72b1b662769b575b0d620b882a1ffba183d26ba067442b57673b6f3737b72e1c71ac8535b2e0242590aae004c65e41f
SHA512 (grafana-vendor-7.5.9-2.tar.xz) = a505e9c428979f03892f8055fc982b5af80cd04cf57d380995526a261aa23a639e0d9a65dd52c89248a98260ae6fca5b4a0d8ac4fbc08bf88dffbb8c90f4116e SHA512 (grafana-vendor-7.5.10-1.tar.xz) = f7d10af0cd72430268b18d439081aa132cf3d1095b8be8558a678fb5c6736991700d6f0ed7d5db177e97cd8870b763bef1356f5017899899597119743b849265