Metrics dashboard and graph editor
Go to file
Andreas Gerstmayr 1a807bbfa9 update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698
Resolves: rhbz#2055349
Resolves: rhbz#2046614
Resolves: rhbz#2053463
Resolves: rhbz#2055453
Resolves: rhbz#2055454
Resolves: rhbz#2066488
Resolves: rhbz#2068163
2022-04-22 14:29:58 +02:00
.github/workflows update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
.gitignore update to upstream version 7.5.10 2021-09-30 18:17:18 +02:00
001-wrappers-grafana-cli.patch update to upstream version 7.5.8 2021-06-21 14:41:37 +00:00
002-manpages.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
003-fix-dashboard-abspath-test.patch Rebase to Grafana 7.5.7 2021-05-27 16:06:42 +02:00
004-skip-x86-goldenfiles-tests.patch Rebase to Grafana 7.5.7 2021-05-27 16:06:42 +02:00
005-remove-unused-dependencies.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
006-fix-gtime-test-32bit.patch Rebase to Grafana 7.5.7 2021-05-27 16:06:42 +02:00
008-remove-unused-frontend-crypto.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
009-patch-unused-backend-crypto.patch update patch handling and instructions 2021-10-11 18:42:52 +02:00
010-fips.patch update patch handling and instructions 2021-10-11 18:42:52 +02:00
011-use-hmac-sha-256-for-password-reset-tokens.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
012-support-go1.18.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
013-CVE-2021-23648.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
014-CVE-2022-21698.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
015-CVE-2022-21698.vendor.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
build_frontend.sh Rebase to Grafana 7.5.7 2021-05-27 16:06:42 +02:00
create_bundles_in_container.sh update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
distro-defaults.ini update to upstream version 7.5.8 2021-06-21 14:41:37 +00:00
gating.yaml Introducing gating.yaml 2021-06-16 05:51:01 +02:00
grafana.rpmlintrc Rebase to grafana 7.3.4 2020-11-25 18:52:48 +01:00
grafana.spec update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
list_bundled_nodejs_packages.py update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
Makefile update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
README.md update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00
sources update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-22 14:29:58 +02:00

grafana

The grafana package

Upgrade instructions

  • update Version, Release, %changelog and tarball NVRs in the specfile
  • create bundles and manifest: make clean all
  • update specfile with contents of the .manifest file
  • check if the default configuration has changed: diff grafana-X.Y.Z/conf/defaults.ini distro-defaults.ini and update distro-defaults.ini if necessary
  • update the manpages patch in 002-manpages.patch and other patches if required
  • run local build: rpkg local
  • run rpm linter: rpkg lint -r grafana.rpmlintrc
  • run a scratch build: fedpkg scratch-build --srpm
  • upload new source tarballs: fedpkg new-sources *.tar.gz *.tar.xz
  • commit new sources file

Patches

  • create the patch
  • declare and apply (%prep) the patch in the specfile
  • if the patch affects Go or Node.js dependencies, or the webpack
    • add the patch to PATCHES_PRE_VENDOR or PATCHES_PRE_WEBPACK in the Makefile
    • create new tarballs
    • update the specfile with new tarball name and contents of the .manifest file

General guidelines

  • aim to apply all patches in the specfile
  • avoid rebuilding the tarballs

Patches fall in several categories:

  • modify dependency versions
  • modify both sources and vendored dependencies (e.g. CVEs)
  • modify the Node.js source (i.e. affect the webpack)
  • some patches are conditional (e.g. FIPS)

Patches cannot be applied twice. It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build.

Reproducible Bundles

Run ./create_bundles_in_container.sh to generate a reproducible vendor and webpack bundle. Alternatively, install the same software as in the container, create a bind mount from /tmp/grafana-build to the directory of this repository, and run make. The bind mount is required because Webpack stores absolute paths in the JS source maps, and also resolves symlinks (i.e. symlinking /tmp/grafana-build doesn't work).

Verification