grafana/Makefile
Andreas Gerstmayr 1a807bbfa9 update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698
Resolves: rhbz#2055349
Resolves: rhbz#2046614
Resolves: rhbz#2053463
Resolves: rhbz#2055453
Resolves: rhbz#2055454
Resolves: rhbz#2066488
Resolves: rhbz#2068163
2022-04-22 14:29:58 +02:00

97 lines
3.5 KiB
Makefile

VERSION := $(shell rpm --specfile *.spec --qf '%{VERSION}\n' | head -1)
RELEASE := $(shell rpm --specfile *.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1)
CHANGELOGTIME := $(shell rpm --specfile *.spec --qf '%{CHANGELOGTIME}\n' | head -1)
SOURCE_DATE_EPOCH := $(shell echo $$(( $(CHANGELOGTIME) - $(CHANGELOGTIME) % 86400 )))
NAME := grafana
RPM_NAME := $(NAME)
SOURCE_DIR := $(NAME)-$(VERSION)
SOURCE_TAR := $(NAME)-$(VERSION).tar.gz
VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz
WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz
# patches which must be applied before creating the vendor tarball, for example:
# - changes in dependency versions
# - changes in Go module imports (which affect the vendored Go modules)
PATCHES_PRE_VENDOR := \
005-remove-unused-dependencies.patch \
008-remove-unused-frontend-crypto.patch \
012-support-go1.18.patch \
013-CVE-2021-23648.patch \
014-CVE-2022-21698.patch
# patches which must be applied before creating the webpack, for example:
# - changes in Node.js sources or vendored dependencies
PATCHES_PRE_WEBPACK := \
008-remove-unused-frontend-crypto.patch
all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR)
$(SOURCE_TAR):
spectool -g $(RPM_NAME).spec
$(VENDOR_TAR): $(SOURCE_TAR)
# Start with a clean state
rm -rf $(SOURCE_DIR)
tar pxf $(SOURCE_TAR)
# Patches to apply before vendoring
for patch in $(PATCHES_PRE_VENDOR); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
# Go
cd $(SOURCE_DIR) && go mod vendor -v
# Remove unused crypto
rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/cast5/cast5.go
rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/ed25519.go
rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go
rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go
rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' $(SOURCE_DIR)/go.mod | \
sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest
# Node.js
cd $(SOURCE_DIR) && yarn install --frozen-lockfile
# Remove files with licensing issues
find $(SOURCE_DIR) -type d -name 'node-notifier' -prune -exec rm -r {} \;
find $(SOURCE_DIR) -type d -name 'property-information' -prune -exec rm -r {} \;
find $(SOURCE_DIR) -type f -name '*.exe' -delete
rm -r $(SOURCE_DIR)/node_modules/visjs-network/examples
./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest
# Create tarball
XZ_OPT=-9 tar \
--sort=name \
--mtime="@$(SOURCE_DATE_EPOCH)" --clamp-mtime \
--owner=0 --group=0 --numeric-owner \
-cJf $@ \
$(SOURCE_DIR)/vendor \
$$(find $(SOURCE_DIR) -type d -name "node_modules" -prune | LC_ALL=C sort)
$(WEBPACK_TAR): $(VENDOR_TAR)
# Start with a clean state
rm -rf $(SOURCE_DIR)
tar pxf $(SOURCE_TAR)
tar pxf $(VENDOR_TAR)
# Patches to apply before creating the webpack
for patch in $(PATCHES_PRE_WEBPACK); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
# Build frontend
cd $(SOURCE_DIR) && \
../build_frontend.sh
# Create tarball
tar \
--sort=name \
--mtime="@$(SOURCE_DATE_EPOCH)" --clamp-mtime \
--owner=0 --group=0 --numeric-owner \
-czf $@ \
$(SOURCE_DIR)/public/build \
$(SOURCE_DIR)/public/views \
$(SOURCE_DIR)/plugins-bundled
clean:
rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/