38 changed files with 3946 additions and 2375 deletions
--- a/.fmf/version
+++ b/.fmf/version
@ -0,0 +1 @@
+1
--- a/.github/workflows/bundle.yml
+++ b/.github/workflows/bundle.yml
@ -0,0 +1,23 @@
+name: Create bundles
+on:
+  workflow_dispatch:
+
+jobs:
+  bundle:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v3
+
+      - name: Create bundles
+        run: |
+          ./create_bundles_in_container.sh
+          sha512sum *.tar.gz *.tar.xz | tee SHA512SUMS
+
+      - name: Upload bundles
+        uses: actions/upload-artifact@v3
+        with:
+          name: bundles
+          path: |
+            *.tar.*
+            SHA512SUMS
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
-SOURCES/grafana-9.2.10.tar.gz
-SOURCES/grafana-vendor-9.2.10-2.tar.xz
-SOURCES/grafana-webpack-9.2.10-2.tar.gz
+/grafana-*.tar.gz
+/grafana-*.tar.xz
+/grafana-*.tar.xz.manifest
+/grafana*/
+*.rpm
--- a/.grafana.metadata
+++ b/.grafana.metadata
@ -1,3 +0,0 @@
-4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
-1ab1cbb1efa563dff66783e9c59c8bd43503aef2 SOURCES/grafana-vendor-9.2.10-2.tar.xz
-ac93650649c6f3c1f6bc2884c524939afaa8321b SOURCES/grafana-webpack-9.2.10-2.tar.gz
--- a/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
+++ b/SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
@ -1,4 +1,4 @@
-From 226822e64ed4badb22e18740e6db411617b42bb7 Mon Sep 17 00:00:00 2001
+From 1e47ea7adc316e2df3d0081c2c0ebe75ddd6bda0 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 16:57:52 +0200
 Subject: [PATCH] update grafana-cli script with distro-specific paths and
@ -6,18 +6,19 @@ Subject: [PATCH] update grafana-cli script with distro-specific paths and


 diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli
-index dafa075a2c..eda358c425 100755
+index 7c6c46aef9..945714642b 100755
 --- a/packaging/wrappers/grafana-cli
 +++ b/packaging/wrappers/grafana-cli
-@@ -5,18 +5,19 @@
+@@ -5,7 +5,7 @@
 # the system-wide Grafana configuration that was bundled with the package as we
 # use the binary.
 
 -DEFAULT=/etc/default/grafana
 +DEFAULT=/etc/sysconfig/grafana-server
 
- GRAFANA_HOME=/usr/share/grafana
- CONF_DIR=/etc/grafana
+ GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}"
+ 
+@@ -13,11 +13,12 @@ CONF_DIR=/etc/grafana
 DATA_DIR=/var/lib/grafana
 PLUGINS_DIR=/var/lib/grafana/plugins
 LOG_DIR=/var/log/grafana
@ -26,12 +27,12 @@ index dafa075a2c..eda358c425 100755
 CONF_FILE=$CONF_DIR/grafana.ini
 PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
 
-EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli
+-EXECUTABLE="$GRAFANA_HOME/bin/grafana"
 +EXECUTABLE=$LIBEXEC_DIR/grafana-cli
 
 if [ ! -x $EXECUTABLE ]; then
-  echo "Program not installed or not executable"
-@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then
+  echo "$EXECUTABLE not installed or not executable"
+@@ -29,14 +30,23 @@ if [ -f "$DEFAULT" ]; then
   . "$DEFAULT"
 fi
 
@ -42,8 +43,6 @@ index dafa075a2c..eda358c425 100755
 -                        cfg:default.paths.data=${DATA_DIR} \
 -                        cfg:default.paths.logs=${LOG_DIR} \
 -                        cfg:default.paths.plugins=${PLUGINS_DIR}'"
-
-eval $EXECUTABLE "$OPTS" '$@'
 +OPTS=("--homepath=${GRAFANA_HOME}"
 +      "--config=${CONF_FILE}"
 +      "--pluginsDir=${PLUGINS_DIR}"
@ -51,8 +50,11 @@ index dafa075a2c..eda358c425 100755
 +                         cfg:default.paths.data=${DATA_DIR} \
 +                         cfg:default.paths.logs=${LOG_DIR} \
 +                         cfg:default.paths.plugins=${PLUGINS_DIR}")
-+
-+if [ "$(id -u)" -eq 0 ]; then
+ 
+ CMD=cli
+ 
+-eval $EXECUTABLE "$CMD" "$OPTS" "$@"
+if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
 +  cd "${GRAFANA_HOME}"
 +  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
 +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
--- a/SOURCES/0002-add-manpages.patch
+++ b/SOURCES/0002-add-manpages.patch
@ -1,4 +1,4 @@
-From c065b6608a65967bde152557566e0410238714a1 Mon Sep 17 00:00:00 2001
+From 5b6c18f715808f99c32550fc3b670fc5bf600f72 Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:01:09 +0200
 Subject: [PATCH] add manpages
--- a/SOURCES/0003-update-default-configuration.patch
+++ b/SOURCES/0003-update-default-configuration.patch
@ -1,14 +1,14 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
+From 026c4f235fd3bfc741304a5e12e13bd1c7b85eac Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Wed, 22 Jun 2022 17:05:48 +0200
 Subject: [PATCH] update default configuration


 diff --git a/conf/defaults.ini b/conf/defaults.ini
-index 2d6e1235b6..f0eff6d2ac 100644
+index 9f7cf4a90b..e1e5468bfa 100644
 --- a/conf/defaults.ini
 +++ b/conf/defaults.ini
-@@ -196,7 +196,7 @@ row_limit = 1000000
+@@ -240,7 +240,7 @@ user_agent =
 # No ip addresses are being tracked, only simple counters to track
 # running instances, dashboard and error counts. It is very helpful to us.
 # Change this option to false to disable reporting.
@ -17,20 +17,22 @@ index 2d6e1235b6..f0eff6d2ac 100644
 
 # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
 reporting_distributor = grafana-labs
-@@ -206,7 +206,7 @@ reporting_distributor = grafana-labs
+@@ -249,8 +249,8 @@ reporting_distributor = grafana-labs
+ # for new versions of grafana. The check is used
 # in some UI views to notify that a grafana update exists.
 # This option does not cause any auto updates, nor send any information
- # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
+-# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version.
 -check_for_updates = true
+# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
 +check_for_updates = false
 
 # Set to false to disable all checks to https://grafana.com
 # for new versions of plugins. The check is used
 diff --git a/conf/sample.ini b/conf/sample.ini
-index 227c90e895..dc9fd6a3a5 100644
+index 916de769f9..2f270d4940 100644
 --- a/conf/sample.ini
 +++ b/conf/sample.ini
-@@ -202,7 +202,7 @@
+@@ -247,7 +247,7 @@
 # No ip addresses are being tracked, only simple counters to track
 # running instances, dashboard and error counts. It is very helpful to us.
 # Change this option to false to disable reporting.
@ -39,16 +41,18 @@ index 227c90e895..dc9fd6a3a5 100644
 
 # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
 ;reporting_distributor = grafana-labs
-@@ -212,7 +212,7 @@
+@@ -256,8 +256,8 @@
+ # for new versions of grafana. The check is used
 # in some UI views to notify that a grafana update exists.
 # This option does not cause any auto updates, nor send any information
- # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
+-# only a GET request to https://grafana.com/api/grafana/versions/stable to get the latest version.
 -;check_for_updates = true
+# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
 +;check_for_updates = false
 
 # Set to false to disable all checks to https://grafana.com
 # for new versions of plugins. The check is used
-@@ -356,7 +356,7 @@
+@@ -427,7 +427,7 @@
 
 # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
 # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
@ -57,7 +61,7 @@ index 227c90e895..dc9fd6a3a5 100644
 
 # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
 ;default_home_dashboard_path =
-@@ -1094,7 +1094,7 @@
+@@ -1411,7 +1411,7 @@
 ;enable_alpha = false
 ;app_tls_skip_verify_insecure = false
 # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
--- a/0004-remove-unused-backend-dependencies.patch
+++ b/0004-remove-unused-backend-dependencies.patch
@ -0,0 +1,62 @@
+From 076177ff583b8e6d92948e0a4ddde0e8992d09a3 Mon Sep 17 00:00:00 2001
+From: Andreas Gerstmayr <agerstmayr@redhat.com>
+Date: Wed, 22 Jun 2022 17:18:56 +0200
+Subject: [PATCH] remove unused backend dependencies
+
+saml and gofpdf are not used in the OSS edition of Grafana
+after editing `pkg/extensions/main.go`, run `go mod tidy`
+
+diff --git a/go.mod b/go.mod
+index fcbc09da5e..82fdf39842 100644
+--- a/go.mod
+++ b/go.mod
+@@ -45,7 +45,6 @@ require (
+ 	github.com/blang/semver/v4 v4.0.0 // @grafana/grafana-release-guild
+ 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // @grafana/backend-platform
+ 	github.com/centrifugal/centrifuge v0.30.2 // @grafana/grafana-app-platform-squad
+-	github.com/crewjam/saml v0.4.13 // @grafana/grafana-authnz-team
+ 	github.com/fatih/color v1.15.0 // @grafana/backend-platform
+ 	github.com/gchaincl/sqlhooks v1.3.0 // @grafana/backend-platform
+ 	github.com/go-ldap/ldap/v3 v3.4.4 // @grafana/grafana-authnz-team
+@@ -187,7 +186,6 @@ require (
+ 	github.com/josharian/intern v1.0.0 // indirect
+ 	github.com/jpillora/backoff v1.0.0 // indirect
+ 	github.com/mailru/easyjson v0.7.7 // indirect
+-	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
+ 	github.com/mattetti/filebuffer v1.0.1 // indirect
+ 	github.com/mattn/go-runewidth v0.0.13 // indirect
+ 	github.com/miekg/dns v1.1.51 // indirect
+diff --git a/go.sum b/go.sum
+index d05dfb55fd..b160387abe 100644
+--- a/go.sum
+++ b/go.sum
+@@ -1826,8 +1826,6 @@ github.com/grafana/pyroscope/api v0.3.0/go.mod h1:JggA80ToAAUACYGfwL49XoFk5aN5ec
+ github.com/grafana/regexp v0.0.0-20221122212121-6b5c0a4cb7fd/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
+ github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db h1:7aN5cccjIqCLTzedH7MZzRZt5/lsAHch6Z3L2ZGn5FA=
+ github.com/grafana/regexp v0.0.0-20221123153739-15dc172cd2db/go.mod h1:M5qHK+eWfAv8VR/265dIuEpL3fNfeC21tXXp9itM24A=
+-github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c h1:1pHLC1ZTz7N5QI3jzCs5sqmVvAKe+JwGnpp9lQ+iUjY=
+-github.com/grafana/saml v0.4.15-0.20231025143828-a6c0e9b86a4c/go.mod h1:S4+611dxnKt8z/ulbvaJzcgSHsuhjVc1QHNTcr1R7Fw=
+ github.com/grafana/sqlds/v2 v2.3.10 h1:HWKhE0vR6LoEiE+Is8CSZOgaB//D1yqb2ntkass9Fd4=
+ github.com/grafana/sqlds/v2 v2.3.10/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs=
+ github.com/grafana/tempo v1.5.1-0.20230524121406-1dc1bfe7085b h1:mDlkqgTEJuK7vjPG44f3ZMtId5AAYLWHvBVbiGqIOOQ=
+@@ -2222,8 +2220,6 @@ github.com/markbates/sigtx v1.0.0/go.mod h1:QF1Hv6Ic6Ca6W+T+DL0Y/ypborFKyvUY9Hmu
+ github.com/markbates/willie v1.0.9/go.mod h1:fsrFVWl91+gXpx/6dv715j7i11fYPfZ9ZGfH0DQzY7w=
+ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
+ github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
+-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
+-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
+ github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
+ github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
+ github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
+diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
+index 327e208221..426aad2a21 100644
+--- a/pkg/extensions/main.go
+++ b/pkg/extensions/main.go
+@@ -11,7 +11,6 @@ import (
+ 	_ "github.com/beevik/etree"
+ 	_ "github.com/blugelabs/bluge"
+ 	_ "github.com/blugelabs/bluge_segment_api"
+-	_ "github.com/crewjam/saml"
+ 	_ "github.com/go-jose/go-jose/v3"
+ 	_ "github.com/gobwas/glob"
+ 	_ "github.com/googleapis/gax-go/v2"
--- a/0005-remove-unused-frontend-crypto.patch
+++ b/0005-remove-unused-frontend-crypto.patch
@ -0,0 +1,333 @@
+From ddd615152004e0bc5985a574c05d31778351dfa3 Mon Sep 17 00:00:00 2001
+From: Andreas Gerstmayr <agerstmayr@redhat.com>
+Date: Wed, 22 Jun 2022 17:36:47 +0200
+Subject: [PATCH] remove unused frontend crypto
+
+update `package.json` and then run `yarn install` to update the
+`yarn.lock` lockfile
+
+diff --git a/package.json b/package.json
+index 38deb6d7de..aad5e88bf0 100644
+--- a/package.json
+++ b/package.json
+@@ -425,6 +425,9 @@
+   "resolutions": {
+     "underscore": "1.13.6",
+     "@types/slate": "0.47.11",
+    "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
+    "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
+    "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
+     "ngtemplate-loader/loader-utils": "^2.0.0",
+     "semver@~7.0.0": "7.5.4",
+     "semver@7.3.4": "7.5.4",
+diff --git a/yarn.lock b/yarn.lock
+index bf22ba52a1..1552ddc052 100644
+--- a/yarn.lock
+++ b/yarn.lock
+@@ -10935,22 +10935,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"asn1@npm:~0.2.3":
+-  version: 0.2.6
+-  resolution: "asn1@npm:0.2.6"
+-  dependencies:
+-    safer-buffer: "npm:~2.1.0"
+-  checksum: cf629291fee6c1a6f530549939433ebf32200d7849f38b810ff26ee74235e845c0c12b2ed0f1607ac17383d19b219b69cefa009b920dab57924c5c544e495078
+-  languageName: node
+-  linkType: hard
+-
+-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0":
+-  version: 1.0.0
+-  resolution: "assert-plus@npm:1.0.0"
+-  checksum: f4f991ae2df849cc678b1afba52d512a7cbf0d09613ba111e72255409ff9158550c775162a47b12d015d1b82b3c273e8e25df0e4783d3ddb008a293486d00a07
+-  languageName: node
+-  linkType: hard
+-
+ "assert@npm:2.0.0, assert@npm:^2.0.0":
+   version: 2.0.0
+   resolution: "assert@npm:2.0.0"
+@@ -11427,15 +11411,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"bcrypt-pbkdf@npm:^1.0.0":
+-  version: 1.0.2
+-  resolution: "bcrypt-pbkdf@npm:1.0.2"
+-  dependencies:
+-    tweetnacl: "npm:^0.14.3"
+-  checksum: 13a4cde058250dbf1fa77a4f1b9a07d32ae2e3b9e28e88a0c7a1827835bc3482f3e478c4a0cfd4da6ff0c46dae07da1061123a995372b32cc563d9975f975404
+-  languageName: node
+-  linkType: hard
+-
+ "before-after-hook@npm:^2.2.0":
+   version: 2.2.2
+   resolution: "before-after-hook@npm:2.2.2"
+@@ -12929,13 +12904,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"core-util-is@npm:1.0.2":
+-  version: 1.0.2
+-  resolution: "core-util-is@npm:1.0.2"
+-  checksum: d0f7587346b44a1fe6c269267e037dd34b4787191e473c3e685f507229d88561c40eb18872fabfff02977301815d474300b7bfbd15396c13c5377393f7e87ec3
+-  languageName: node
+-  linkType: hard
+-
+ "core-util-is@npm:~1.0.0":
+   version: 1.0.3
+   resolution: "core-util-is@npm:1.0.3"
+@@ -13857,15 +13825,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"dashdash@npm:^1.12.0":
+-  version: 1.14.1
+-  resolution: "dashdash@npm:1.14.1"
+-  dependencies:
+-    assert-plus: "npm:^1.0.0"
+-  checksum: 137b287fa021201ce100cef772c8eeeaaafdd2aa7282864022acf3b873021e54cb809e9c060fa164840bf54ff72d00d6e2d8da1ee5a86d7200eeefa1123a8f7f
+-  languageName: node
+-  linkType: hard
+-
+ "data-urls@npm:^3.0.2":
+   version: 3.0.2
+   resolution: "data-urls@npm:3.0.2"
+@@ -14573,16 +14532,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"ecc-jsbn@npm:~0.1.1":
+-  version: 0.1.2
+-  resolution: "ecc-jsbn@npm:0.1.2"
+-  dependencies:
+-    jsbn: "npm:~0.1.0"
+-    safer-buffer: "npm:^2.1.0"
+-  checksum: d43591f2396196266e186e6d6928038cc11c76c3699a912cb9c13757060f7bbc7f17f47c4cb16168cdeacffc7965aef021142577e646fb3cb88810c15173eb57
+-  languageName: node
+-  linkType: hard
+-
+ "ee-first@npm:1.1.1":
+   version: 1.1.1
+   resolution: "ee-first@npm:1.1.1"
+@@ -15991,20 +15940,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"extsprintf@npm:1.3.0":
+-  version: 1.3.0
+-  resolution: "extsprintf@npm:1.3.0"
+-  checksum: 26967d6c7ecbfb5bc5b7a6c43503dc5fafd9454802037e9fa1665e41f615da4ff5918bd6cb871a3beabed01a31eca1ccd0bdfb41231f50ad50d405a430f78377
+-  languageName: node
+-  linkType: hard
+-
+-"extsprintf@npm:^1.2.0":
+-  version: 1.4.1
+-  resolution: "extsprintf@npm:1.4.1"
+-  checksum: bfd6d55f3c0c04d826fe0213264b383c03f32825af6b1ff777f3f2dc49467e599361993568d75b7b19a8ea1bb08c8e7cd8c3d87d179ced91bb0dcf81ca6938e0
+-  languageName: node
+-  linkType: hard
+-
+ "fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
+   version: 3.1.3
+   resolution: "fast-deep-equal@npm:3.1.3"
+@@ -16916,15 +16851,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"getpass@npm:^0.1.1":
+-  version: 0.1.7
+-  resolution: "getpass@npm:0.1.7"
+-  dependencies:
+-    assert-plus: "npm:^1.0.0"
+-  checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046
+-  languageName: node
+-  linkType: hard
+-
+ "giget@npm:^1.0.0":
+   version: 1.1.2
+   resolution: "giget@npm:1.1.2"
+@@ -18263,25 +18189,10 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"http-signature@npm:~1.2.0":
+-  version: 1.2.0
+-  resolution: "http-signature@npm:1.2.0"
+-  dependencies:
+-    assert-plus: "npm:^1.0.0"
+-    jsprim: "npm:^1.2.2"
+-    sshpk: "npm:^1.7.0"
+-  checksum: 2ff7112e6b0d8f08b382dfe705078c655501f2ddd76cf589d108445a9dd388a0a9be928c37108261519a7f53e6bbd1651048d74057b804807cce1ec49e87a95b
+-  languageName: node
+-  linkType: hard
+-
+-"http-signature@npm:~1.3.6":
+-  version: 1.3.6
+-  resolution: "http-signature@npm:1.3.6"
+-  dependencies:
+-    assert-plus: "npm:^1.0.0"
+-    jsprim: "npm:^2.0.2"
+-    sshpk: "npm:^1.14.1"
+-  checksum: 5f08e0c82174999da97114facb0d0d47e268d60b6fc10f92cb87b99d5ccccd36f79b9508c29dda0b4f4e3a1b2f7bcaf847e68ecd5da2f1fc465fcd1d054b7884
+"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
+  version: 1.1.3
+  resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
+  checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1
+   languageName: node
+   linkType: hard
+ 
+@@ -20609,13 +20520,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"jsbn@npm:~0.1.0":
+-  version: 0.1.1
+-  resolution: "jsbn@npm:0.1.1"
+-  checksum: 5450133242845100e694f0ef9175f44c012691a9b770b2571e677314e6f70600abb10777cdfc9a0c6a9f2ac6d134577403633de73e2fcd0f97875a67744e2d14
+-  languageName: node
+-  linkType: hard
+-
+ "jscodeshift@npm:^0.14.0":
+   version: 0.14.0
+   resolution: "jscodeshift@npm:0.14.0"
+@@ -20767,13 +20671,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"json-schema@npm:0.4.0":
+-  version: 0.4.0
+-  resolution: "json-schema@npm:0.4.0"
+-  checksum: 8b3b64eff4a807dc2a3045b104ed1b9335cd8d57aa74c58718f07f0f48b8baa3293b00af4dcfbdc9144c3aafea1e97982cc27cc8e150fc5d93c540649507a458
+-  languageName: node
+-  linkType: hard
+-
+ "json-source-map@npm:0.6.1":
+   version: 0.6.1
+   resolution: "json-source-map@npm:0.6.1"
+@@ -20886,30 +20783,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"jsprim@npm:^1.2.2":
+-  version: 1.4.2
+-  resolution: "jsprim@npm:1.4.2"
+-  dependencies:
+-    assert-plus: "npm:1.0.0"
+-    extsprintf: "npm:1.3.0"
+-    json-schema: "npm:0.4.0"
+-    verror: "npm:1.10.0"
+-  checksum: df2bf234eab1b5078d01bcbff3553d50a243f7b5c10a169745efeda6344d62798bd1d85bcca6a8446f3b5d0495e989db45f9de8dae219f0f9796e70e0c776089
+-  languageName: node
+-  linkType: hard
+-
+-"jsprim@npm:^2.0.2":
+-  version: 2.0.2
+-  resolution: "jsprim@npm:2.0.2"
+-  dependencies:
+-    assert-plus: "npm:1.0.0"
+-    extsprintf: "npm:1.3.0"
+-    json-schema: "npm:0.4.0"
+-    verror: "npm:1.10.0"
+-  checksum: fcfca5b55f83e1b8be5f932c71754bd37afd2611f81685abd05689e8ce718a91155ff7bd5b94c65ce483a787b5c43c6d0c18c1d2259fca5bb61a3f8ea2e29c0a
+-  languageName: node
+-  linkType: hard
+-
+ "jsurl@npm:^0.1.5":
+   version: 0.1.5
+   resolution: "jsurl@npm:0.1.5"
+@@ -22734,7 +22607,7 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"node-forge@npm:^1, node-forge@npm:^1.3.1":
+"node-forge@npm:^1.3.1":
+   version: 1.3.1
+   resolution: "node-forge@npm:1.3.1"
+   checksum: 05bab6868633bf9ad4c3b1dd50ec501c22ffd69f556cdf169a00998ca1d03e8107a6032ba013852f202035372021b845603aeccd7dfcb58cdb7430013b3daa8d
+@@ -27151,7 +27024,7 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0":
+"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0":
+   version: 2.1.2
+   resolution: "safer-buffer@npm:2.1.2"
+   checksum: 7eaf7a0cf37cc27b42fb3ef6a9b1df6e93a1c6d98c6c6702b02fe262d5fcbd89db63320793b99b21cb5348097d0a53de81bd5f4e8b86e20cc9412e3f1cfb4e83
+@@ -27282,12 +27155,10 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"selfsigned@npm:^2.1.1":
+-  version: 2.1.1
+-  resolution: "selfsigned@npm:2.1.1"
+-  dependencies:
+-    node-forge: "npm:^1"
+-  checksum: 6005206e0d005448274aceceaded5195b944f67a42b72d212a6169d2e5f4bdc87c15a3fe45732c544db8c7175702091aaf95403ad6632585294a6ec8cca63638
+"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
+  version: 1.1.3
+  resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
+  checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d
+   languageName: node
+   linkType: hard
+ 
+@@ -28053,27 +27924,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0":
+-  version: 1.17.0
+-  resolution: "sshpk@npm:1.17.0"
+-  dependencies:
+-    asn1: "npm:~0.2.3"
+-    assert-plus: "npm:^1.0.0"
+-    bcrypt-pbkdf: "npm:^1.0.0"
+-    dashdash: "npm:^1.12.0"
+-    ecc-jsbn: "npm:~0.1.1"
+-    getpass: "npm:^0.1.1"
+-    jsbn: "npm:~0.1.0"
+-    safer-buffer: "npm:^2.0.2"
+-    tweetnacl: "npm:~0.14.0"
+-  bin:
+-    sshpk-conv: bin/sshpk-conv
+-    sshpk-sign: bin/sshpk-sign
+-    sshpk-verify: bin/sshpk-verify
+-  checksum: 668c2a279a6ce66fd739ce5684e37927dd75427cc020c828a208f85890a4c400705d4ba09f32fa44efca894339dc6931941664f6f6ba36dfa543de6d006cbe9c
+-  languageName: node
+-  linkType: hard
+-
+ "ssri@npm:^10.0.0, ssri@npm:^10.0.1":
+   version: 10.0.5
+   resolution: "ssri@npm:10.0.5"
+@@ -29479,13 +29329,6 @@ __metadata:
+   languageName: node
+   linkType: hard
+ 
+-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0":
+-  version: 0.14.5
+-  resolution: "tweetnacl@npm:0.14.5"
+-  checksum: 04ee27901cde46c1c0a64b9584e04c96c5fe45b38c0d74930710751ea991408b405747d01dfae72f80fc158137018aea94f9c38c651cb9c318f0861a310c3679
+-  languageName: node
+-  linkType: hard
+-
+ "type-check@npm:^0.4.0, type-check@npm:~0.4.0":
+   version: 0.4.0
+   resolution: "type-check@npm:0.4.0"
+@@ -30199,17 +30042,6 @@ __metadata:
+   languageName: node
+   linkType: soft
+ 
+-"verror@npm:1.10.0":
+-  version: 1.10.0
+-  resolution: "verror@npm:1.10.0"
+-  dependencies:
+-    assert-plus: "npm:^1.0.0"
+-    core-util-is: "npm:1.0.2"
+-    extsprintf: "npm:^1.2.0"
+-  checksum: da548149dd9c130a8a2587c9ee71ea30128d1526925707e2d01ed9c5c45c9e9f86733c66a328247cdd5f7c1516fb25b0f959ba754bfbe15072aa99ff96468a29
+-  languageName: node
+-  linkType: hard
+-
+ "vinyl-fs@npm:^3.0.2":
+   version: 3.0.3
+   resolution: "vinyl-fs@npm:3.0.3"
--- a/SOURCES/0006-skip-marketplace-plugin-install-test.patch
+++ b/SOURCES/0006-skip-marketplace-plugin-install-test.patch
@ -1,4 +1,4 @@
-From a23cb1162fd705147489915667b83a236ad248be Mon Sep 17 00:00:00 2001
+From ed8a438d72a667844ae07804491b568ad2f5dcdd Mon Sep 17 00:00:00 2001
 From: Andreas Gerstmayr <agerstmayr@redhat.com>
 Date: Thu, 23 Jun 2022 17:00:46 +0200
 Subject: [PATCH] skip marketplace plugin install test
@ -8,10 +8,10 @@ Network connectivity is disabled in the build environment for security
 reasons, therefore we need to disable this test.

 diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go
-index 0d62275c4b..c237aa9389 100644
+index 4fc2295ed8..a326c40b04 100644
 --- a/pkg/tests/api/plugins/api_plugins_test.go
 +++ b/pkg/tests/api/plugins/api_plugins_test.go
-@@ -56,6 +56,7 @@ func TestPlugins(t *testing.T) {
+@@ -71,6 +71,7 @@ func TestIntegrationPlugins(t *testing.T) {
 		})
 
 		t.Run("Request is not forbidden if from an admin", func(t *testing.T) {
--- a/0007-redact-weak-ciphers.patch
+++ b/0007-redact-weak-ciphers.patch
@ -0,0 +1,30 @@
+From 7ac26d6beb2175f0d6001ca0df322ce610401cce Mon Sep 17 00:00:00 2001
+From: Stan Cox <scox@redhat.com>
+Date: Wed, 22 Jun 2022 17:05:48 +0200
+Subject: [PATCH] redact weak ciphers
+
+
+diff --git a/pkg/api/http_server.go b/pkg/api/http_server.go
+index da04044683..8a29270d4d 100644
+--- a/pkg/api/http_server.go
+++ b/pkg/api/http_server.go
+@@ -820,13 +820,13 @@ func (hs *HTTPServer) getDefaultCiphers(tlsVersion uint16, protocol string) []ui
+ 			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+ 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+-			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			//			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+-			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+-			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+-			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+-			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+-			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+			//			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			//			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+			//			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+			//			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			//			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+ 		}
+ 	}
+ 	if protocol == "h2" {
--- a/0008-replace-faulty-slices-sort.patch
+++ b/0008-replace-faulty-slices-sort.patch
@ -0,0 +1,40 @@
+From 3f45f26993ed94837001bb9760d7859e7a057649 Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Fri, 1 Mar 2024 15:00:55 -0500
+Subject: [PATCH] replace faulty slices sort
+
+
+diff --git a/pkg/services/sqlstore/migrator/dialect.go b/pkg/services/sqlstore/migrator/dialect.go
+index 183b619de8..da21edeafa 100644
+--- a/pkg/services/sqlstore/migrator/dialect.go
+++ b/pkg/services/sqlstore/migrator/dialect.go
+@@ -368,7 +368,8 @@ func (b *BaseDialect) InsertQuery(tableName string, row map[string]any) (string,
+ 	for col := range row {
+ 		keys = append(keys, col)
+ 	}
+-	slices.Sort[string](keys)
+	slices.Sort(keys)
+	//slices.Sort[string](keys)
+ 
+ 	// build query and values
+ 	for _, col := range keys {
+@@ -398,7 +399,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma
+ 	for col := range row {
+ 		keys = append(keys, col)
+ 	}
+-	slices.Sort[string](keys)
+	slices.Sort(keys)
+	//slices.Sort[string](keys)
+ 
+ 	// build update query and values
+ 	for _, col := range keys {
+@@ -411,7 +413,8 @@ func (b *BaseDialect) UpdateQuery(tableName string, row map[string]any, where ma
+ 	for col := range where {
+ 		keys = append(keys, col)
+ 	}
+-	slices.Sort[string](keys)
+	slices.Sort(keys)
+	//slices.Sort[string](keys)
+ 
+ 	// build where clause and values
+ 	for _, col := range keys {
--- a/0009-update-wrappers-and-systemd-with-distro-paths.patch
+++ b/0009-update-wrappers-and-systemd-with-distro-paths.patch
@ -0,0 +1,76 @@
+From 5fe02f961e67af04907dc57beda42456128ab1c8 Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Fri, 1 Mar 2024 15:05:24 -0500
+Subject: [PATCH] update wrappers and systemd with distro paths
+
+
+diff --git a/packaging/rpm/systemd/grafana-server.service b/packaging/rpm/systemd/grafana-server.service
+index e3adc3f469..b2e4aced06 100644
+--- a/packaging/rpm/systemd/grafana-server.service
+++ b/packaging/rpm/systemd/grafana-server.service
+@@ -14,7 +14,7 @@ Restart=on-failure
+ WorkingDirectory=/usr/share/grafana
+ RuntimeDirectory=grafana
+ RuntimeDirectoryMode=0750
+-ExecStart=/usr/share/grafana/bin/grafana server                                     \
+ExecStart=/usr/sbin/grafana server                                     \
+                             --config=${CONF_FILE}                                   \
+                             --pidfile=${PID_FILE_DIR}/grafana-server.pid            \
+                             --packaging=rpm                                         \
+diff --git a/packaging/wrappers/grafana b/packaging/wrappers/grafana
+index 86e0fc9faa..5c88bae4c3 100755
+--- a/packaging/wrappers/grafana
+++ b/packaging/wrappers/grafana
+@@ -5,7 +5,7 @@
+ # the system-wide Grafana configuration that was bundled with the package as we
+ # use the binary.
+ 
+-DEFAULT=/etc/default/grafana
+DEFAULT=/etc/sysconfig/grafana-server
+ 
+ GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}"
+ 
+@@ -13,11 +13,12 @@ CONF_DIR=/etc/grafana
+ DATA_DIR=/var/lib/grafana
+ PLUGINS_DIR=/var/lib/grafana/plugins
+ LOG_DIR=/var/log/grafana
++LIBEXEC_DIR=/usr/libexec/grafana
+ 
+ CONF_FILE=$CONF_DIR/grafana.ini
+ PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
+ 
+-EXECUTABLE="$GRAFANA_HOME/bin/grafana"
++EXECUTABLE=$LIBEXEC_DIR/grafana
+ 
+ if [ ! -x $EXECUTABLE ]; then
+  echo "$EXECUTABLE not installed or not executable"
+@@ -46,4 +47,13 @@ if [ "$CMD" = cli ]; then
+        --pluginsDir=${PLUGINS_DIR}"
+ fi
+ 
+-eval $EXECUTABLE "$CMD" "$OPTS" "$@"
+if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
+  cd "${GRAFANA_HOME}"
+  exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "$CMD" "${OPTS[@]}" "$@"
+elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
+  cd "${GRAFANA_HOME}"
+  exec "$EXECUTABLE" "$CMD" "${OPTS[@]}" "$@"
+else
+  echo "$0: please run this script as user \"${GRAFANA_USER}\" or root."
+  exit 5
+fi
+\ No newline at end of file
+diff --git a/packaging/wrappers/grafana-server b/packaging/wrappers/grafana-server
+index 466b0d7c69..6be356f562 100755
+--- a/packaging/wrappers/grafana-server
+++ b/packaging/wrappers/grafana-server
+@@ -7,7 +7,8 @@
+ 
+ GRAFANA_HOME="${GRAFANA_HOME:-/usr/share/grafana}"
+ 
+-EXECUTABLE="$GRAFANA_HOME/bin/grafana"
+LIBEXEC_DIR=/usr/libexec/grafana
+EXECUTABLE=$LIBEXEC_DIR/grafana
+ 
+ if [ ! -x $EXECUTABLE ]; then
+  echo "$EXECUTABLE not installed or not executable"
--- a/0010-remove-bcrypt-references.patch
+++ b/0010-remove-bcrypt-references.patch
@ -0,0 +1,108 @@
+From eb711315d4c8a81ff52984293758a47372c21b8d Mon Sep 17 00:00:00 2001
+From: Sam Feifer <sfeifer@redhat.com>
+Date: Fri, 1 Mar 2024 15:07:22 -0500
+Subject: [PATCH] remove bcrypt references
+
+
+diff --git a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go
+index 8c5a90248d..43f6d11e08 100644
+--- a/pkg/services/extsvcauth/oauthserver/oasimpl/service.go
+++ b/pkg/services/extsvcauth/oauthserver/oasimpl/service.go
+@@ -19,7 +19,6 @@ import (
+ 	"github.com/ory/fosite/compose"
+ 	"github.com/ory/fosite/storage"
+ 	"github.com/ory/fosite/token/jwt"
+-	"golang.org/x/crypto/bcrypt"
+ 
+ 	"github.com/grafana/grafana/pkg/api/routing"
+ 	"github.com/grafana/grafana/pkg/bus"
+@@ -235,88 +234,7 @@ func (s *OAuth2ServiceImpl) RemoveExternalService(ctx context.Context, name stri
+ // it ensures that the associated service account has the correct permissions.
+ // Database consistency is not guaranteed, consider changing this in the future.
+ func (s *OAuth2ServiceImpl) SaveExternalService(ctx context.Context, registration *extsvcauth.ExternalServiceRegistration) (*extsvcauth.ExternalService, error) {
+-	if registration == nil {
+-		s.logger.Warn("RegisterExternalService called without registration")
+-		return nil, nil
+-	}
+-	slug := registration.Name
+-	s.logger.Info("Registering external service", "external service", slug)
+-
+-	// Check if the client already exists in store
+-	client, errFetchExtSvc := s.sqlstore.GetExternalServiceByName(ctx, slug)
+-	if errFetchExtSvc != nil && !errors.Is(errFetchExtSvc, oauthserver.ErrClientNotFound) {
+-		s.logger.Error("Error fetching service", "external service", slug, "error", errFetchExtSvc)
+-		return nil, errFetchExtSvc
+-	}
+-	// Otherwise, create a new client
+-	if client == nil {
+-		s.logger.Debug("External service does not yet exist", "external service", slug)
+-		client = &oauthserver.OAuthExternalService{
+-			Name:             slug,
+-			ServiceAccountID: oauthserver.NoServiceAccountID,
+-			Audiences:        s.cfg.AppURL,
+-		}
+-	}
+-
+-	// Parse registration form to compute required permissions for the client
+-	client.SelfPermissions, client.ImpersonatePermissions = s.handleRegistrationPermissions(registration)
+-
+-	if registration.OAuthProviderCfg == nil {
+-		return nil, errors.New("missing oauth provider configuration")
+-	}
+-
+-	if registration.OAuthProviderCfg.RedirectURI != nil {
+-		client.RedirectURI = *registration.OAuthProviderCfg.RedirectURI
+-	}
+-
+-	var errGenCred error
+-	client.ClientID, client.Secret, errGenCred = s.genCredentials()
+-	if errGenCred != nil {
+-		s.logger.Error("Error generating credentials", "client", client.LogID(), "error", errGenCred)
+-		return nil, errGenCred
+-	}
+-
+-	grantTypes := s.computeGrantTypes(registration.Self.Enabled, registration.Impersonation.Enabled)
+-	client.GrantTypes = strings.Join(grantTypes, ",")
+-
+-	// Handle key options
+-	s.logger.Debug("Handle key options")
+-	keys, err := s.handleKeyOptions(ctx, registration.OAuthProviderCfg.Key)
+-	if err != nil {
+-		s.logger.Error("Error handling key options", "client", client.LogID(), "error", err)
+-		return nil, err
+-	}
+-	if keys != nil {
+-		client.PublicPem = []byte(keys.PublicPem)
+-	}
+-	dto := client.ToExternalService(keys)
+-
+-	hashedSecret, err := bcrypt.GenerateFromPassword([]byte(client.Secret), bcrypt.DefaultCost)
+-	if err != nil {
+-		s.logger.Error("Error hashing secret", "client", client.LogID(), "error", err)
+-		return nil, err
+-	}
+-	client.Secret = string(hashedSecret)
+-
+-	s.logger.Debug("Save service account")
+-	saID, errSaveServiceAccount := s.saService.ManageExtSvcAccount(ctx, &serviceaccounts.ManageExtSvcAccountCmd{
+-		ExtSvcSlug:  slugify.Slugify(client.Name),
+-		Enabled:     registration.Self.Enabled,
+-		OrgID:       oauthserver.TmpOrgID,
+-		Permissions: client.SelfPermissions,
+-	})
+-	if errSaveServiceAccount != nil {
+-		return nil, errSaveServiceAccount
+-	}
+-	client.ServiceAccountID = saID
+-
+-	err = s.sqlstore.SaveExternalService(ctx, client)
+-	if err != nil {
+-		s.logger.Error("Error saving external service", "client", client.LogID(), "error", err)
+-		return nil, err
+-	}
+-	s.logger.Debug("Registered", "client", client.LogID())
+-	return dto, nil
+	panic("bcrypt cipher not available")
+ }
+ 
+ // randString generates a a cryptographically secure random string of n bytes
--- a/1001-vendor-patch-removed-backend-crypto.patch
+++ b/1001-vendor-patch-removed-backend-crypto.patch
--- a/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
+++ b/SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
@ -23,7 +23,7 @@ index 0000000000..5a06918832
 +
 +package boring
 +
-+// #include "openssl_pbkdf2.h"
+// #include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl/v2/goopenssl.h"
 +// #cgo LDFLAGS: -ldl
 +import "C"
 +import (
@ -39,14 +39,14 @@ index 0000000000..5a06918832
 +	emptySha256 = sha256.Sum256([]byte{})
 +)
 +
-+func hashToMD(h hash.Hash) *C.GO_EVP_MD {
+func hashToMD(h hash.Hash) C.GO_EVP_MD_PTR {
 +	emptyHash := h.Sum([]byte{})
 +
 +	switch {
 +	case bytes.Equal(emptyHash, emptySha1[:]):
-+		return C._goboringcrypto_EVP_sha1()
+		return C.go_openssl_EVP_sha1()
 +	case bytes.Equal(emptyHash, emptySha256[:]):
-+		return C._goboringcrypto_EVP_sha256()
+		return C.go_openssl_EVP_sha256()
 +	}
 +	return nil
 +}
@ -78,7 +78,7 @@ index 0000000000..5a06918832
 +	}
 +
 +	out := make([]byte, keyLen)
-+	ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
+	ok := C.go_openssl_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
 +	if ok != 1 {
 +		panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
 +	}
@ -106,17 +106,6 @@ index 0000000000..e244fb5663
 +func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
 +	panic("boringcrypto: not available")
 +}
-diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
-new file mode 100644
-index 0000000000..6dfdf10424
--- /dev/null
-+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
-@@ -0,0 +1,5 @@
-+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
-+
-+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
-+    (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
-+    (pass, passlen, salt, saltlen, iter, digest, keylen, out))
 diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
 index 593f653008..799a611f94 100644
 --- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
--- a/SOURCES/1003-vendor-skip-goldenfiles-tests.patch
+++ b/SOURCES/1003-vendor-skip-goldenfiles-tests.patch
--- a/README.md
+++ b/README.md
@ -0,0 +1,51 @@
+# grafana
+The grafana package
+
+## Setup instructions
+* clone the upstream sources: `git clone https://github.com/grafana/grafana && cd grafana`
+* checkout the version of the specfile: `git checkout <currentversion>`
+* apply existing patches: `git am ../0*.patch`
+
+## Upgrade instructions
+* follow the Setup instructions above
+* rebase to the new version: `git fetch && git rebase --onto <newversion> <oldversion>`
+  * rebasing `remove-unused-backend-dependencies.patch`: only apply the patch to `pkg/extensions/main.go` and run `go mod tidy`, then `go.mod` and `go.sum` will get updated automatically
+  * rebasing `remove-unused-frontend-crypto.patch`: only apply the patch to `package.json` and run `yarn install`, then `yarn.lock` will get updated automatically
+* create new patches from the modified git commits: `git format-patch -N --no-stat --no-signature <newversion> && mv *.patch ..`
+* update `Version`, `Release`, `%changelog` and tarball NVRs in the specfile
+* create bundles and manifest: `./create_bundles_in_container.sh`
+* inspect the vendor tarball for any new non-FIPS crypto (`vendor/golang.org/x/crypto`), delete these files/directories in the Makefile and update the `patch-removed-backend-crypto.patch` if required
+* update specfile with contents of the `.manifest` file
+* update the manpages patch in `0002-add-manpages.patch` and other patches if required
+* run local build: `rpkg local`
+* run rpmlint: `rpmlint -r grafana.rpmlintrc /tmp/rpkg/grafana-*/grafana-*.src.rpm /tmp/rpkg/grafana-*/x86_64/grafana-*.x86_64.rpm`
+* run a scratch build: `fedpkg scratch-build --srpm`
+* upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz`
+* commit new `sources` file
+
+## Patches
+* create the patch
+* declare and apply (`%prep`) the patch in the specfile
+* if the patch affects Go or Node.js dependencies, or the webpack
+  * update the `create_bundles.sh` script and apply the patch
+  * create new tarballs
+  * update the specfile with new tarball name and contents of the `.manifest` file
+
+### General guidelines
+* aim to apply all patches in the specfile
+* avoid rebuilding the tarballs
+
+Patches fall in several categories:
+  * modify dependency versions
+  * modify both sources and vendored dependencies (e.g. CVEs)
+  * modify the Node.js source (i.e. affect the webpack)
+  * some patches are conditional (e.g. FIPS)
+
+Patches cannot be applied twice.
+It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build.
+
+## Reproducible Bundles
+Run `./create_bundles_in_container.sh` to generate a reproducible vendor and webpack bundle.
+
+## Verification
+* compare the list of files with the upstream RPM at https://grafana.com/grafana/download
--- a/SOURCES/0004-remove-unused-backend-dependencies.patch
+++ b/SOURCES/0004-remove-unused-backend-dependencies.patch
@ -1,129 +0,0 @@
-From 944d07247d07b433777ee6ab46bc55cc1d9debe8 Mon Sep 17 00:00:00 2001
-From: Andreas Gerstmayr <agerstmayr@redhat.com>
-Date: Wed, 22 Jun 2022 17:18:56 +0200
-Subject: [PATCH] remove unused backend dependencies
-
-saml and gofpdf are not used in the OSS edition of Grafana
-after editing `pkg/extensions/main.go`, run `go mod tidy`
-
-diff --git a/go.mod b/go.mod
-index 03c00985c4..faedd337d3 100644
--- a/go.mod
-+++ b/go.mod
-@@ -30,7 +30,6 @@ require (
- 	github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
- 	github.com/centrifugal/centrifuge v0.25.0
- 	github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d
-	github.com/crewjam/saml v0.4.9
- 	github.com/davecgh/go-spew v1.1.1
- 	github.com/denisenkom/go-mssqldb v0.12.0
- 	github.com/dop251/goja v0.0.0-20210804101310-32956a348b49
-@@ -67,7 +66,6 @@ require (
- 	github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
- 	github.com/jmespath/go-jmespath v0.4.0
- 	github.com/json-iterator/go v1.1.12
-	github.com/jung-kurt/gofpdf v1.16.2
- 	github.com/lib/pq v1.10.4
- 	github.com/linkedin/goavro/v2 v2.10.0
- 	github.com/m3db/prometheus_remote_client_golang v0.4.4
-@@ -192,7 +190,6 @@ require (
- 	github.com/josharian/intern v1.0.0 // indirect
- 	github.com/jpillora/backoff v1.0.0 // indirect
- 	github.com/mailru/easyjson v0.7.7 // indirect
-	github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
- 	github.com/mattetti/filebuffer v1.0.1 // indirect
- 	github.com/mattn/go-runewidth v0.0.9 // indirect
- 	github.com/miekg/dns v1.1.43 // indirect
-@@ -208,7 +205,7 @@
- 	github.com/opentracing-contrib/go-stdlib v1.0.0 // indirect
- 	github.com/pmezard/go-difflib v1.0.0 // indirect
- 	github.com/prometheus/common/sigv4 v0.1.0 // indirect
-	github.com/prometheus/exporter-toolkit v0.7.1 // indirect
-+	github.com/prometheus/exporter-toolkit v0.7.3 // indirect
- 	github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 // indirect
- 	github.com/prometheus/procfs v0.8.0 // indirect
- 	github.com/protocolbuffers/txtpbfmt v0.0.0-20220428173112-74888fd59c2b // indirect
-diff --git a/go.sum b/go.sum
-index e3b45a9f35..b98dc78c57 100644
--- a/go.sum
-+++ b/go.sum
-@@ -665,7 +665,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
- github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
- github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
- github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
- github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
- github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
- github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
-@@ -1376,8 +1375,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.139.0 h1:2RQKM2QpSaWTtaGN6sK+R7LO7zy
- github.com/grafana/grafana-plugin-sdk-go v0.139.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
- github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293 h1:dJIdfHqu+XjKz+w9zXLqXKPdp6Jjx/UPSOwdeSfWdeQ=
- github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293/go.mod h1:HVHqK+BVPa/tmL8EMhLCCrPt2a1GdJpEyxr5hgur2UI=
-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7 h1:cujJQ3XV6IK7Y96VpYurd2EpI5rfMRFcuyGqUlk+030=
-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
- github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104 h1:dYpwFYIChrMfpq3wDa/ZBxAbUGSW5NYmYBeSezhaoao=
- github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104/go.mod h1:fCV1rqv6XRQg2GfIQ7pU9zdxd5fLRcEBCnrDVwlK+ZY=
- github.com/grafana/xorm v0.8.3-0.20220614223926-2fcda7565af6 h1:I9dh1MXGX0wGyxdV/Sl7+ugnki4Dfsy8lv2s5Yf887o=
-@@ -1664,8 +1661,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
- github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
- github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
- github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
- github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
- github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
- github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-@@ -1787,8 +1782,6 @@ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
- github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
- github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
- github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk=
-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
- github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
- github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
- github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
-@@ -2066,7 +2059,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
- github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
- github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
- github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
-github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
- github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
- github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
- github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-@@ -2156,8 +2148,9 @@ github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdD
- github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
- github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg=
- github.com/prometheus/exporter-toolkit v0.6.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
-github.com/prometheus/exporter-toolkit v0.7.1 h1:c6RXaK8xBVercEeUQ4tRNL8UGWzDHfvj9dseo1FcK1Y=
- github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
-+github.com/prometheus/exporter-toolkit v0.7.3 h1:IYBn0CTGi/nYxstdTUKysuSofUNJ3DQW3FmZ/Ub6rgU=
-+github.com/prometheus/exporter-toolkit v0.7.3/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
- github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 h1:dTUS1vaLWq+Y6XKOTnrFpoVsQKLCbCp1OLj24TDi7oM=
- github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289/go.mod h1:FGbBv5OPKjch+jNUJmEQpMZytIdyW0NdBtWFcfSKusc=
- github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-@@ -2696,7 +2688,6 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
- golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
- golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
- golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
- golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
-index 72371bdab4..a7bb7abe0f 100644
--- a/pkg/extensions/main.go
-+++ b/pkg/extensions/main.go
-@@ -11,13 +11,11 @@ import (
- 	_ "github.com/blugelabs/bluge"
- 	_ "github.com/blugelabs/bluge_segment_api"
- 	_ "github.com/cortexproject/cortex/pkg/util"
-	_ "github.com/crewjam/saml"
- 	_ "github.com/gobwas/glob"
- 	_ "github.com/googleapis/gax-go/v2"
- 	_ "github.com/grafana/dskit/backoff"
- 	_ "github.com/grafana/dskit/flagext"
- 	_ "github.com/grpc-ecosystem/go-grpc-middleware"
-	_ "github.com/jung-kurt/gofpdf"
- 	_ "github.com/linkedin/goavro/v2"
- 	_ "github.com/m3db/prometheus_remote_client_golang/promremote"
- 	_ "github.com/pkg/errors"
--- a/SOURCES/0005-remove-unused-frontend-crypto.patch
+++ b/SOURCES/0005-remove-unused-frontend-crypto.patch
@ -1,397 +0,0 @@
-From 3709d320189b10a12a3780d15e46afd777f06554 Mon Sep 17 00:00:00 2001
-From: Andreas Gerstmayr <agerstmayr@redhat.com>
-Date: Wed, 22 Jun 2022 17:36:47 +0200
-Subject: [PATCH] remove unused frontend crypto
-
-update `package.json` and then run `yarn install` to update the
-`yarn.lock` lockfile
-
-diff --git a/package.json b/package.json
-index e26f95d855..91d71f1414 100644
--- a/package.json
-+++ b/package.json
-@@ -405,8 +405,10 @@
-     "whatwg-fetch": "3.6.2"
-   },
-   "resolutions": {
-+    "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
-+    "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
-+    "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
-     "underscore": "1.13.4",
-    "@mdx-js/loader/loader-utils": "^2.0.0",
-     "@types/slate": "0.47.9",
-     "@rushstack/node-core-library": "3.52.0",
-     "@rushstack/rig-package": "0.3.13",
-diff --git a/yarn.lock b/yarn.lock
-index f374e10e33..12c06ad883 100644
--- a/yarn.lock
-+++ b/yarn.lock
-@@ -4571,10 +4571,10 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"@braintree/sanitize-url@npm:6.0.0":
-  version: 6.0.0
-  resolution: "@braintree/sanitize-url@npm:6.0.0"
-  checksum: 409ce7709dc1a0c67bc887d20af1becd4145d5c62cc5124b1c4c1f3ea2a8d69b0ee9f582d446469c6f5294b56442b99048cbbba6861dd5c834d4e019b95e1f40
-+"@braintree/sanitize-url@npm:^6.0.0":
-+  version: 6.0.2
-+  resolution: "@braintree/sanitize-url@npm:6.0.2"
-+  checksum: 6a9dfd4081cc96516eeb281d1a83d3b5f1ad3d2837adf968fcc2ba18889ee833554f9c641b4083c36d3360a932e4504ddf25b0b51e9933c3742622df82cf7c9a
-   languageName: node
-   linkType: hard
- 
-@@ -5375,7 +5375,7 @@ __metadata:
-   version: 0.0.0-use.local
-   resolution: "@grafana/data@workspace:packages/grafana-data"
-   dependencies:
-    "@braintree/sanitize-url": 6.0.0
-+    "@braintree/sanitize-url": ^6.0.0
-     "@grafana/schema": 9.2.8
-     "@grafana/tsconfig": ^1.2.0-rc1
-     "@rollup/plugin-commonjs": 22.0.1
-@@ -14511,22 +14511,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"asn1@npm:~0.2.3":
-  version: 0.2.4
-  resolution: "asn1@npm:0.2.4"
-  dependencies:
-    safer-buffer: ~2.1.0
-  checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c
-  languageName: node
-  linkType: hard
-
-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0":
-  version: 1.0.0
-  resolution: "assert-plus@npm:1.0.0"
-  checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64
-  languageName: node
-  linkType: hard
-
- "assert@npm:2.0.0":
-   version: 2.0.0
-   resolution: "assert@npm:2.0.0"
-@@ -15231,15 +15215,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"bcrypt-pbkdf@npm:^1.0.0":
-  version: 1.0.2
-  resolution: "bcrypt-pbkdf@npm:1.0.2"
-  dependencies:
-    tweetnacl: ^0.14.3
-  checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291
-  languageName: node
-  linkType: hard
-
- "before-after-hook@npm:^2.2.0":
-   version: 2.2.2
-   resolution: "before-after-hook@npm:2.2.2"
-@@ -17053,13 +17028,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"core-util-is@npm:1.0.2":
-  version: 1.0.2
-  resolution: "core-util-is@npm:1.0.2"
-  checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab
-  languageName: node
-  linkType: hard
-
- "core-util-is@npm:~1.0.0":
-   version: 1.0.3
-   resolution: "core-util-is@npm:1.0.3"
-@@ -18097,15 +18065,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"dashdash@npm:^1.12.0":
-  version: 1.14.1
-  resolution: "dashdash@npm:1.14.1"
-  dependencies:
-    assert-plus: ^1.0.0
-  checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598
-  languageName: node
-  linkType: hard
-
- "data-urls@npm:^2.0.0":
-   version: 2.0.0
-   resolution: "data-urls@npm:2.0.0"
-@@ -18842,16 +18801,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"ecc-jsbn@npm:~0.1.1":
-  version: 0.1.2
-  resolution: "ecc-jsbn@npm:0.1.2"
-  dependencies:
-    jsbn: ~0.1.0
-    safer-buffer: ^2.1.0
-  checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a
-  languageName: node
-  linkType: hard
-
- "ee-first@npm:1.1.1":
-   version: 1.1.1
-   resolution: "ee-first@npm:1.1.1"
-@@ -20489,20 +20438,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"extsprintf@npm:1.3.0":
-  version: 1.3.0
-  resolution: "extsprintf@npm:1.3.0"
-  checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2
-  languageName: node
-  linkType: hard
-
-"extsprintf@npm:^1.2.0":
-  version: 1.4.0
-  resolution: "extsprintf@npm:1.4.0"
-  checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e
-  languageName: node
-  linkType: hard
-
- "fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
-   version: 3.1.3
-   resolution: "fast-deep-equal@npm:3.1.3"
-@@ -21462,15 +21397,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"getpass@npm:^0.1.1":
-  version: 0.1.7
-  resolution: "getpass@npm:0.1.7"
-  dependencies:
-    assert-plus: ^1.0.0
-  checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046
-  languageName: node
-  linkType: hard
-
- "git-raw-commits@npm:^2.0.8":
-   version: 2.0.11
-   resolution: "git-raw-commits@npm:2.0.11"
-@@ -22832,25 +22758,10 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"http-signature@npm:~1.2.0":
-  version: 1.2.0
-  resolution: "http-signature@npm:1.2.0"
-  dependencies:
-    assert-plus: ^1.0.0
-    jsprim: ^1.2.2
-    sshpk: ^1.7.0
-  checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c
-  languageName: node
-  linkType: hard
-
-"http-signature@npm:~1.3.6":
-  version: 1.3.6
-  resolution: "http-signature@npm:1.3.6"
-  dependencies:
-    assert-plus: ^1.0.0
-    jsprim: ^2.0.2
-    sshpk: ^1.14.1
-  checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c
-+"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
-+  version: 1.1.3
-+  resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
-+  checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1
-   languageName: node
-   linkType: hard
- 
-@@ -25418,13 +25329,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"jsbn@npm:~0.1.0":
-  version: 0.1.1
-  resolution: "jsbn@npm:0.1.1"
-  checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2
-  languageName: node
-  linkType: hard
-
- "jsdoc-type-pratt-parser@npm:~2.2.5":
-   version: 2.2.5
-   resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
-@@ -25572,13 +25476,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"json-schema@npm:0.2.3, json-schema@npm:0.4.0":
-  version: 0.4.0
-  resolution: "json-schema@npm:0.4.0"
-  checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72
-  languageName: node
-  linkType: hard
-
- "json-source-map@npm:0.6.1":
-   version: 0.6.1
-   resolution: "json-source-map@npm:0.6.1"
-@@ -25709,30 +25606,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"jsprim@npm:^1.2.2":
-  version: 1.4.1
-  resolution: "jsprim@npm:1.4.1"
-  dependencies:
-    assert-plus: 1.0.0
-    extsprintf: 1.3.0
-    json-schema: 0.2.3
-    verror: 1.10.0
-  checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373
-  languageName: node
-  linkType: hard
-
-"jsprim@npm:^2.0.2":
-  version: 2.0.2
-  resolution: "jsprim@npm:2.0.2"
-  dependencies:
-    assert-plus: 1.0.0
-    extsprintf: 1.3.0
-    json-schema: 0.4.0
-    verror: 1.10.0
-  checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838
-  languageName: node
-  linkType: hard
-
- "jsurl@npm:^0.1.5":
-   version: 0.1.5
-   resolution: "jsurl@npm:0.1.5"
-@@ -26192,6 +26065,17 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-+"loader-utils@npm:2.0.0":
-+  version: 2.0.0
-+  resolution: "loader-utils@npm:2.0.0"
-+  dependencies:
-+    big.js: ^5.2.2
-+    emojis-list: ^3.0.0
-+    json5: ^2.1.2
-+  checksum: 6856423131b50b6f5f259da36f498cfd7fc3c3f8bb17777cf87fdd9159e797d4ba4288d9a96415fd8da62c2906960e88f74711dee72d03a9003bddcd0d364a51
-+  languageName: node
-+  linkType: hard
-+
- "loader-utils@npm:^2.0.0":
-   version: 2.0.3
-   resolution: "loader-utils@npm:2.0.3"
-@@ -27755,13 +27639,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"node-forge@npm:^1":
-  version: 1.3.1
-  resolution: "node-forge@npm:1.3.1"
-  checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9
-  languageName: node
-  linkType: hard
-
- "node-gettext@npm:^3.0.0":
-   version: 3.0.0
-   resolution: "node-gettext@npm:3.0.0"
-@@ -33404,7 +33281,7 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0":
-+"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0":
-   version: 2.1.2
-   resolution: "safer-buffer@npm:2.1.2"
-   checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
-@@ -33623,12 +33500,10 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"selfsigned@npm:^2.0.1":
-  version: 2.0.1
-  resolution: "selfsigned@npm:2.0.1"
-  dependencies:
-    node-forge: ^1
-  checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93
-+"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
-+  version: 1.1.3
-+  resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
-+  checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d
-   languageName: node
-   linkType: hard
- 
-@@ -34591,27 +34466,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0":
-  version: 1.16.1
-  resolution: "sshpk@npm:1.16.1"
-  dependencies:
-    asn1: ~0.2.3
-    assert-plus: ^1.0.0
-    bcrypt-pbkdf: ^1.0.0
-    dashdash: ^1.12.0
-    ecc-jsbn: ~0.1.1
-    getpass: ^0.1.1
-    jsbn: ~0.1.0
-    safer-buffer: ^2.0.2
-    tweetnacl: ~0.14.0
-  bin:
-    sshpk-conv: bin/sshpk-conv
-    sshpk-sign: bin/sshpk-sign
-    sshpk-verify: bin/sshpk-verify
-  checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857
-  languageName: node
-  linkType: hard
-
- "ssri@npm:^8.0.0, ssri@npm:^8.0.1":
-   version: 8.0.1
-   resolution: "ssri@npm:8.0.1"
-@@ -36287,13 +36141,6 @@ __metadata:
-   languageName: node
-   linkType: hard
- 
-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0":
-  version: 0.14.5
-  resolution: "tweetnacl@npm:0.14.5"
-  checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487
-  languageName: node
-  linkType: hard
-
- "type-check@npm:^0.4.0, type-check@npm:~0.4.0":
-   version: 0.4.0
-   resolution: "type-check@npm:0.4.0"
-@@ -37042,17 +36889,6 @@ __metadata:
-   languageName: node
-   linkType: soft
- 
-"verror@npm:1.10.0":
-  version: 1.10.0
-  resolution: "verror@npm:1.10.0"
-  dependencies:
-    assert-plus: ^1.0.0
-    core-util-is: 1.0.2
-    extsprintf: ^1.2.0
-  checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea
-  languageName: node
-  linkType: hard
-
- "vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0":
-   version: 3.2.0
-   resolution: "vfile-location@npm:3.2.0"
-
-diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
-index e26f95d855..91d71f1414 100644
--- a/packages/grafana-data/package.json
-+++ b/packages/grafana-data/package.json
-@@ -33,7 +33,7 @@
-     "typecheck": "tsc --emitDeclarationOnly false --noEmit"
-   },
-   "dependencies": {
-    "@braintree/sanitize-url": "6.0.0",
-+    "@braintree/sanitize-url": "^6.0.0",
-     "@grafana/schema": "9.2.8",
-     "@types/d3-interpolate": "^1.4.0",
-     "d3-interpolate": "1.4.0",
-
--- a/SOURCES/0007-fix-alert-test.patch
+++ b/SOURCES/0007-fix-alert-test.patch
@ -1,19 +0,0 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
-From: Stan Cox <scox@redhat.com>
-Date: Wed, 22 Jun 2022 17:05:48 +0200
-Subject: [PATCH] fix alert test
-
-
-diff --git a/pkg/tests/api/alerting/api_alertmanager_test.go b/pkg/tests/api/alerting/api_alertmanager_test.go
-index 2d6e1235b6..f0eff6d2ac 100644
--- a/pkg/tests/api/alerting/api_alertmanager_test.go	2023-01-24 14:44:19.000000000 -0500
-+++ b/pkg/tests/api/alerting/api_alertmanager_test.go	2023-04-13 16:20:51.718515009 -0400
-@@ -210,7 +210,7 @@
- 		{
- 			"comment": "string",
- 			"createdBy": "string",
-			"endsAt": "2023-03-31T14:17:04.419Z",
-+			"endsAt": "2032-03-31T14:17:04.419Z",
- 			"matchers": [
- 			  {
- 				"isRegex": true,
--- a/SOURCES/0008-graphite-functions-xss.patch
+++ b/SOURCES/0008-graphite-functions-xss.patch
@ -1,31 +0,0 @@
-From 05df8dcac715113517b81b1995ab1f0b69017f4a Mon Sep 17 00:00:00 2001
-From: ismail simsek <ismailsimsek09@gmail.com>
-Date: Thu, 16 Mar 2023 23:16:03 +0100
-Subject: [PATCH] graphite functions xss
-
-commit e59427c074
-    [v9.2.x] Fix xss in Graphite functions tooltip (#810)
-
-    Fix xss in Graphite functions tooltip (#804)
-
-    (cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055)
-
-    Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
-
-diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
-index facd0b2511..d4d41da720 100644
--- a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
-+++ b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
-@@ -11,11 +11,9 @@ export interface FunctionEditorControlsProps {
- }
- 
- const FunctionDescription = React.lazy(async () => {
-  // @ts-ignore
-  const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
-   return {
-     default(props: { description?: string }) {
-      return <div dangerouslySetInnerHTML={{ __html: rst2html(props.description ?? '') }} />;
-+      return <div>{props.description}</div>;
-     },
-   };
- });
--- a/SOURCES/0010-skip-tests.patch
+++ b/SOURCES/0010-skip-tests.patch
@ -1,71 +0,0 @@
-From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
-From: Stan Cox <scox@redhat.com>
-Date: Wed, 22 Jun 2022 17:05:48 +0200
-Subject: [PATCH] skip tests
-
-These tests are problematic on s390 but lint complains about patches
-in an %ifarch block so apply to all architectures.
-
-diff --git a/pkg/services/ngalert/notifier/alertmanager_test.go b/pkg/services/ngalert/notifier/alertmanager_test.go
--- a/pkg/services/ngalert/notifier/alertmanager_test.go	2023-06-04 22:38:26.566930436 -0400
-+++ b/pkg/services/ngalert/notifier/alertmanager_test.go	2023-06-06 13:25:43.785556819 -0400
-@@ -54,6 +54,7 @@
- }
- 
- func TestPutAlert(t *testing.T) {
-+	t.Skip("Skip testing TestPutAlert")
- 	am := setupAMTest(t)
- 
- 	startTime := time.Now()
-@@ -350,6 +351,7 @@
- // implement a custom maintenance function for silences, because we snapshot
- // our data differently, so we test that functionality.
- func TestSilenceCleanup(t *testing.T) {
-+	t.Skip("Skip testing TestSilenceCleanup")
- 	require := require.New(t)
- 
- 	oldRetention := retentionNotificationsAndSilences
-diff --git a/pkg/services/ngalert/state/manager_test.go b/pkg/services/ngalert/state/manager_test.go
--- a/pkg/services/ngalert/state/manager_test.go	2023-06-04 22:38:26.570930475 -0400
-+++ b/pkg/services/ngalert/state/manager_test.go	2023-06-06 13:26:47.588172342 -0400
-@@ -78,6 +78,7 @@
- }
- 
- func TestProcessEvalResults(t *testing.T) {
-+	t.Skip("Skip testing TestProcessEvalResults")
- 	evaluationTime, err := time.Parse("2006-01-02", "2021-03-25")
- 	if err != nil {
- 		t.Fatalf("error parsing date format: %s", err.Error())
-diff --git a/pkg/services/ngalert/schedule/schedule_test.go b/pkg/services/ngalert/schedule/schedule_test.go
--- a/pkg/services/ngalert/schedule/schedule_test.go	2023-06-04 22:38:26.569930465 -0400
-+++ b/pkg/services/ngalert/schedule/schedule_test.go	2023-06-06 13:27:14.475431726 -0400
-@@ -130,6 +130,7 @@
- }
- 
- func TestAlertingTicker(t *testing.T) {
-+	t.Skip("Skip testing TestAlertingTicker")
- 	ctx := context.Background()
- 	_, dbstore := tests.SetupTestEnv(t, 1)
- 
-diff --git a/pkg/infra/filestorage/fs_integration_test.go b/pkg/infra/filestorage/fs_integration_test.go
--- a/pkg/infra/filestorage/fs_integration_test.go	2023-06-04 22:38:26.539930172 -0400
-+++ b/pkg/infra/filestorage/fs_integration_test.go	2023-06-06 13:27:48.535760305 -0400
-@@ -169,6 +169,7 @@
- }
- 
- func TestIntegrationFsStorage(t *testing.T) {
-+	t.Skip("Skip testing TestIntegrationFsStorage")
- 	if testing.Short() {
- 		t.Skip("skipping integration test")
- 	}
-diff --git a/pkg/tests/api/alerting/api_prometheus_test.go b/pkg/tests/api/alerting/api_prometheus_test.go
--- a/pkg/tests/api/alerting/api_prometheus_test.go	2023-06-04 22:38:26.588930651 -0400
-+++ b/pkg/tests/api/alerting/api_prometheus_test.go	2023-06-06 13:28:13.260998838 -0400
-@@ -25,6 +25,7 @@
- )
- 
- func TestPrometheusRules(t *testing.T) {
-+	t.Skip("Skip testing TestPrometheusRules")
- 	dir, path := testinfra.CreateGrafDir(t, testinfra.GrafanaOpts{
- 		DisableLegacyAlerting: true,
- 		EnableUnifiedAlerting: true,
--- a/SOURCES/0011-remove-email-lookup.patch
+++ b/SOURCES/0011-remove-email-lookup.patch
@ -1,61 +0,0 @@
-commit bae86dbeb0
-Author: Ieva <ieva.vasiljeva@grafana.com>
-Date:   Tue Jun 6 17:45:31 2023 +0100
-
-    Auth: Remove Email Lookup from oauth integrations 9.2 (#898)
-    
-    backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x
-
-diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
-index 22014aee43..af00c56a68 100644
--- a/pkg/api/login_oauth.go
-+++ b/pkg/api/login_oauth.go
-@@ -302,16 +302,17 @@
- 	connect social.SocialConnector,
- ) (*user.User, error) {
- 	oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
-+	lookupParams := models.UserLookupParams{}
-+	if hs.Cfg.OAuthAllowInsecureEmailLookup {
-+		lookupParams.Email = &extUser.Email
-+	}
-+
- 	// add/update user in Grafana
- 	cmd := &models.UpsertUserCommand{
-		ReqContext:    ctx,
-		ExternalUser:  extUser,
-		SignupAllowed: connect.IsSignupAllowed(),
-		UserLookupParams: models.UserLookupParams{
-			Email:  &extUser.Email,
-			UserID: nil,
-			Login:  nil,
-		},
-+		ReqContext:       ctx,
-+		ExternalUser:     extUser,
-+		SignupAllowed:    connect.IsSignupAllowed(),
-+		UserLookupParams: lookupParams,
- 	}
- 
- 	if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
-diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
-index 20e8f78a2f..03aa5c17d8 100644
--- a/pkg/setting/setting.go
-+++ b/pkg/setting/setting.go
-@@ -318,7 +318,8 @@
- 	AuthProxySyncTTL          int
- 
- 	// OAuth
-	OAuthCookieMaxAge int
-+	OAuthCookieMaxAge             int
-+	OAuthAllowInsecureEmailLookup bool
- 
- 	// JWT Auth
- 	JWTAuthEnabled                 bool
-@@ -1256,6 +1256,8 @@
- 		return err
- 	}
- 
-+	cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false)
-+
- 	const defaultMaxLifetime = "30d"
- 	maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime)
- 	cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)
--- a/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
+++ b/SOURCES/1001-vendor-patch-removed-backend-crypto.patch
--- a/SOURCES/build_frontend.sh
+++ b/SOURCES/build_frontend.sh
--- a/SOURCES/create_bundles.sh
+++ b/SOURCES/create_bundles.sh
@ -30,9 +30,28 @@ make gen-go
 rm -r vendor/golang.org/x/crypto/bcrypt
 rm -r vendor/golang.org/x/crypto/blowfish
 rm -r vendor/golang.org/x/crypto/cast5
-rm -r vendor/golang.org/x/crypto/openpgp/elgamal
-rm    vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
-rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2
+rm -r vendor/golang.org/x/crypto/acme
+rm -r vendor/golang.org/x/crypto/argon2
+rm -r vendor/golang.org/x/crypto/blake2b
+rm -r vendor/golang.org/x/crypto/chacha20
+rm -r vendor/golang.org/x/crypto/chacha20poly1305
+rm -r vendor/golang.org/x/crypto/cryptobyte
+rm -r vendor/golang.org/x/crypto/curve25519
+rm -r vendor/golang.org/x/crypto/ed25519
+rm -r vendor/golang.org/x/crypto/hkdf
+rm -r vendor/golang.org/x/crypto/internal
+rm -r vendor/golang.org/x/crypto/md4
+rm -r vendor/golang.org/x/crypto/nacl
+rm -r vendor/golang.org/x/crypto/openpgp
+rm -r vendor/golang.org/x/crypto/pkcs12
+rm -r vendor/golang.org/x/crypto/poly1305
+rm -r vendor/golang.org/x/crypto/salsa20
+rm -r vendor/golang.org/x/crypto/scrypt
+rm -r vendor/golang.org/x/crypto/sha3
+
+# Remove unused code under apsl licenses
+rm -r vendor/modernc.org/libc
+rm -r vendor/modernc.org/sqlite

 # List bundled dependencies
 awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \
--- a/SOURCES/create_bundles_in_container.sh
+++ b/SOURCES/create_bundles_in_container.sh
@ -6,7 +6,7 @@
 #

 cat <<EOF | podman build -t grafana-build -f - .
-FROM fedora:35
+FROM fedora:39

 RUN dnf upgrade -y && \
    dnf install -y rpmdevtools python3-packaging python3-pyyaml make golang nodejs yarnpkg
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,9 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-aarch64.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-ppc64le.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-s390x.functional}
+  - !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1-tmt-x86_64.functional}
--- a/grafana.fc
+++ b/grafana.fc
@ -0,0 +1,25 @@
+/etc/systemd/system/grafana-server.service		--	gen_context(system_u:object_r:grafana_unit_file_t,s0)
+/usr/lib/systemd/system/grafana-server.service		--	gen_context(system_u:object_r:grafana_unit_file_t,s0)
+
+/etc/grafana(/.*)?						gen_context(system_u:object_r:grafana_conf_t,s0)
+
+/usr/sbin/grafana-cli					--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/sbin/grafana-server				--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/sbin/grafana				        --	gen_context(system_u:object_r:grafana_exec_t,s0)
+
+/var/lib/grafana(/.*)?						gen_context(system_u:object_r:grafana_var_lib_t,s0)
+#/var/lib/grafana/grafana.db				--	gen_context(system_u:object_r:grafana_db_t,s0)
+
+/var/log/grafana(/.*)?						gen_context(system_u:object_r:grafana_log_t,s0)
+
+/var/run/grafana(/.*)?			--	gen_context(system_u:object_r:grafana_var_run_t,s0)
+
+#/var/lib/grafana/plugins(/.*)?					gen_context(system_u:object_r:grafana_plugin_t,s0)
+
+/usr/share/grafana/bin/grafana				--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/share/grafana/bin/grafana-cli			--	gen_context(system_u:object_r:grafana_exec_t,s0)
+/usr/share/grafana/bin/grafana-server			--	gen_context(system_u:object_r:grafana_exec_t,s0)
+
+#define context for pcp plugin
+#/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*)           -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
+/usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*)           -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
--- a/grafana.if
+++ b/grafana.if
@ -0,0 +1,141 @@
+## <summary>policy for grafana</summary>
+
+########################################
+## <summary>
+##	Execute grafana_exec_t in the grafana domain.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`grafana_domtrans',`
+	gen_require(`
+		type grafana_t, grafana_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, grafana_exec_t, grafana_t)
+')
+
+########################################
+## <summary>
+##      Allow domain to name_connect to grafana port. Default :3000
+## </summary>
+## <param name="domain">
+## <summary>
+##      Domain allowed access
+## </summary>
+## </param>
+#
+interface(`connect_grafana_port',`
+        gen_require(`
+		class tcp_socket name_connect;
+                type grafana_port_t;
+        ')
+
+	allow $1 grafana_port_t:tcp_socket name_connect;
+')
+
+#######################################
+## <summary>
+##	Read grafana database.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`grafana_read_db',`
+	gen_require(`
+		type grafana_db_t;
+	')
+
+	files_search_var_lib($1)
+	search_dirs_pattern($1, grafana_var_lib_t, grafana_var_lib_t)	
+	read_files_pattern($1, grafana_db_t, grafana_db_t)
+')
+
+######################################
+## <summary>
+##	Execute grafana in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`grafana_exec',`
+	gen_require(`
+		type grafana_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, grafana_exec_t)
+')
+########################################
+## <summary>
+##	Execute grafana server in the grafana domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`grafana_systemctl',`
+	gen_require(`
+		type grafana_t;
+		type grafana_unit_file_t;
+	')
+
+	systemd_exec_systemctl($1)
+        systemd_read_fifo_file_passwd_run($1)
+	allow $1 grafana_unit_file_t:file read_file_perms;
+	allow $1 grafana_unit_file_t:service manage_service_perms;
+
+	ps_process_pattern($1, grafana_t)
+')
+
+
+########################################
+## <summary>
+##	All of the rules required to administrate
+##	an grafana environment
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access.
+##	</summary>
+## </param>
+## <rolecap/>
+#
+interface(`grafana_admin',`
+	gen_require(`
+	type grafana_t;
+	type grafana_unit_file_t;
+	')
+
+	allow $1 grafana_t:process { signal_perms };
+	ps_process_pattern($1, grafana_t)
+
+	tunable_policy(`deny_ptrace',`',`
+        	allow $1 grafana_t:process ptrace;
+    	')
+
+	grafana_systemctl($1)
+	admin_pattern($1, grafana_unit_file_t)
+	allow $1 grafana_unit_file_t:service all_service_perms;
+	optional_policy(`
+		systemd_passwd_agent_exec($1)
+		systemd_read_fifo_file_passwd_run($1)
+	')
+')
--- a/grafana.rpmlintrc
+++ b/grafana.rpmlintrc
@ -0,0 +1,17 @@
+addFilter("E: non-readable /etc/grafana/grafana.ini 640")
+addFilter("E: non-readable /etc/grafana/ldap.toml 640")
+addFilter("E: non-standard-dir-perm /var/lib/grafana 750")
+addFilter("E: non-standard-dir-perm /etc/grafana/provisioning/datasources 750")
+addFilter("W: non-standard-uid.* grafana")
+addFilter("W: non-standard-gid.* grafana")
+
+addFilter("W: invalid-url Source1: grafana-vendor-")
+addFilter("W: invalid-url Source2: grafana-webpack-")
+addFilter("E: zero-length /usr/share/grafana/public")
+addFilter("W: hidden-file-or-dir /usr/share/grafana/public")
+addFilter("W: files-duplicate /usr/share/grafana/public/img")
+addFilter("W: files-duplicate /usr/share/grafana/public/lib/.*.LICENSE.txt")
+
+addFilter("W: dangerous-command-in-%post chown")
+addFilter("W: log-files-without-logrotate")
+addFilter("W: %ifarch-applied-patch Patch.*: .*vendor-skip-goldenfiles-tests.patch")
--- a/SPECS/grafana.spec
+++ b/SPECS/grafana.spec
--- a/SOURCES/grafana.sysusers
+++ b/SOURCES/grafana.sysusers
--- a/grafana.te
+++ b/grafana.te
@ -0,0 +1,207 @@
+policy_module(grafana, 1.0.4)
+
+########################################
+#
+# Declarations
+#
+#permissive grafana_t;
+
+## <desc>
+## <p>
+## Allow grafana to be used with a reverse proxy
+## </p>
+## </desc>
+gen_tunable(grafana_can_reverse_proxy, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to elasticsearch's default tcp port of 9200
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to mysql's default tcp port of 3306
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_mysql_port, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to postgresql's default tcp port of 5432
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
+
+## <desc>
+## <p>
+## Allow grafana to connect to prometheus' default tcp port of 9090
+## </p>
+## </desc>
+gen_tunable(grafana_can_tcp_connect_prometheus_port, false)
+
+
+type grafana_t;
+type grafana_exec_t;
+init_daemon_domain(grafana_t, grafana_exec_t)
+init_nnp_daemon_domain(grafana_t)
+
+type grafana_unit_file_t;
+systemd_unit_file(grafana_unit_file_t)
+
+type grafana_conf_t;
+files_config_file(grafana_conf_t)
+
+type grafana_db_t;
+files_config_file(grafana_db_t)
+
+type grafana_tmp_t;
+files_tmp_file(grafana_tmp_t)
+
+type grafana_tmpfs_t;
+files_tmpfs_file(grafana_tmpfs_t)
+
+type grafana_log_t;
+logging_log_file(grafana_log_t)
+
+type grafana_var_run_t;
+files_pid_file(grafana_var_run_t)
+
+type grafana_var_lib_t;
+files_type(grafana_var_lib_t)
+
+type grafana_port_t;
+corenet_port(grafana_port_t)
+
+type grafana_pcp_exec_t;
+corecmd_executable_file(grafana_pcp_exec_t)
+can_exec(grafana_t, grafana_pcp_exec_t)
+
+# Ports 32768-60999 (pcp port is 44322)
+corenet_tcp_connect_all_ephemeral_ports(grafana_t)
+grafana_exec(grafana_t)
+
+########################################
+#
+# grafana local policy
+#
+allow grafana_t self:tcp_socket create_stream_socket_perms;
+allow grafana_t self:udp_socket create_stream_socket_perms;
+allow grafana_t self:unix_dgram_socket create_socket_perms;
+
+allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
+
+allow grafana_t self:unix_stream_socket connectto;
+
+allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
+
+optional_policy(`
+	require {
+		type smtp_port_t;
+		class tcp_socket { name_connect };
+	}
+	allow grafana_t smtp_port_t:tcp_socket name_connect;
+')
+
+optional_policy(`
+	require {
+		type usr_t;
+		class file { execute execute_no_trans };
+	}
+	allow grafana_t usr_t:file { execute execute_no_trans };
+')
+
+optional_policy(`
+	require {
+		type postgresql_t;
+		type postgresql_var_run_t;
+		class unix_stream_socket { connectto };
+		class sock_file { write };
+	}
+	allow grafana_t postgresql_t:unix_stream_socket connectto;
+	allow grafana_t postgresql_var_run_t:sock_file write;
+')
+
+optional_policy(`
+	require {
+		type proc_net_t;
+		class lnk_file { read };
+	}
+	allow grafana_t proc_net_t:lnk_file read;
+')
+
+manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
+manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
+
+manage_dirs_pattern(grafana_t, grafana_db_t, grafana_db_t)
+manage_files_pattern(grafana_t, grafana_db_t, grafana_db_t)
+
+manage_dirs_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
+manage_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
+manage_sock_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
+files_tmp_filetrans(grafana_t, grafana_tmp_t, { dir file sock_file })
+
+manage_dirs_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
+manage_files_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
+fs_tmpfs_filetrans(grafana_t, grafana_tmpfs_t, {dir file})
+
+manage_dirs_pattern(grafana_t, grafana_log_t, grafana_log_t)
+manage_files_pattern(grafana_t, grafana_log_t, grafana_log_t)
+logging_log_filetrans(grafana_t, grafana_log_t, { dir file })
+
+manage_dirs_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
+manage_files_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
+files_pid_filetrans(grafana_t, grafana_var_run_t, { dir file })
+
+manage_dirs_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
+manage_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
+manage_lnk_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
+files_var_lib_filetrans(grafana_t, grafana_var_lib_t, { dir file })
+
+
+corenet_tcp_connect_http_port(grafana_t)
+corenet_tcp_bind_generic_node(grafana_t)
+
+kernel_dgram_send(grafana_t)
+kernel_read_net_sysctls(grafana_t)
+kernel_read_system_state(grafana_t)
+
+auth_read_passwd(grafana_t)
+
+dev_read_sysfs(grafana_t)
+
+sysnet_read_config(grafana_t)
+
+logging_send_syslog_msg(grafana_t)
+
+miscfiles_read_generic_certs(grafana_t)
+
+tunable_policy(`grafana_can_reverse_proxy',`
+	gen_require(`
+		type httpd_t;
+	')
+
+	connect_grafana_port(httpd_t) # Reverse proxy support
+	corenet_tcp_connect_http_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_elasticsearch_port',` # Elasticsearch default tcp port 9200
+	corenet_tcp_connect_wap_wsp_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3306
+	corenet_tcp_connect_mysqld_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
+	corenet_tcp_connect_postgresql_port(grafana_t)
+')
+
+tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
+	corenet_tcp_connect_websm_port(grafana_t)
+')
+
+optional_policy(`
+    systemd_private_tmp(grafana_tmp_t)
+')
--- a/SOURCES/list_bundled_nodejs_packages.py
+++ b/SOURCES/list_bundled_nodejs_packages.py
@ -25,6 +25,7 @@ def read_declared_pkgs(package_json_path):


 def read_installed_pkgs(yarn_lock_path):
+    bad_version_strings = ['0.0.0-use.local', '7.0.1-patch.1']
    with open(yarn_lock_path) as f:
        lockfile = yaml.safe_load(f)
        for pkg_decl, meta in lockfile.items():
@ -33,7 +34,8 @@ def read_installed_pkgs(yarn_lock_path):
                    continue
                pkg_name = pkg[: pkg.index("@", 1)]
                pkg_version = meta["version"]
-                yield (pkg_name, pkg_version)
+                if pkg_version not in bad_version_strings:
+                    yield (pkg_name, pkg_version)


 def list_provides(declared_pkgs, installed_pkgs):
--- a/plans/gating.fmf
+++ b/plans/gating.fmf
@ -0,0 +1,7 @@
+summary: CI Gating Plan
+discover:
+    how: fmf
+    filter: tag:gating
+    url: https://src.fedoraproject.org/tests/grafana
+execute:
+    how: tmt
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+SHA512 (grafana-vendor-10.2.6-2.tar.xz) = 683989009af377daca58f9cb4c6c0898b9e750b4e3bf1a0308fb633e6401fb224e6f471aceae01aa814e9bd8940c943565f6f634356b0f0f6b6e80eae65b3c53
+SHA512 (grafana-webpack-10.2.6-2.tar.gz) = 928adef2bd13a1499d2b8834d6f9797d71bf7f595ba85514ad422e5fa9e3f846ddda6bd5462b216f4fcda622cda0e25e7eb272ebd3e11e3882de361c636f7266
+SHA512 (grafana-10.2.6.tar.gz) = 7244f4cb6572fe0403e6224f7247fbb273bbd1f359ee706a82001f0d409fb375d113f1cb24a657e845b93eb55ee98e1d7ae713e767c219f4d3b00eaf5c73d28e