Metrics dashboard and graph editor
Go to file
2022-06-19 11:47:40 +02:00
.fmf Initial set of gating tests for grafana on Fedora 2021-02-03 19:58:40 +01:00
.github/workflows use clamp-mtime when generating the vendor and webpack tarballs 2022-04-11 18:00:46 +02:00
plans Initial set of gating tests for grafana on Fedora 2021-02-03 19:58:40 +01:00
tests Implementation of verify-systemd-units test case 2022-03-07 09:14:29 +01:00
.gitignore update to upstream version 7.5.10 2021-09-30 17:08:41 +02:00
001-wrappers-grafana-cli.patch update to upstream version 7.5.8 2021-06-18 16:23:45 +02:00
002-manpages.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
003-fix-dashboard-abspath-test.patch update to upstream version 7.5.7 2021-05-25 17:56:00 +02:00
004-skip-x86-goldenfiles-tests.patch update goldenfiles patch, call t.Skip in verifyGoldenResponse instead of executeMockedQuery 2021-05-25 18:04:24 +02:00
005-remove-unused-dependencies.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
006-fix-gtime-test-32bit.patch update to upstream version 7.5.7 2021-05-25 17:56:00 +02:00
008-remove-unused-frontend-crypto.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
009-patch-unused-backend-crypto.patch update patch handling and instructions 2021-10-08 16:53:45 +02:00
010-fips.patch update patch handling and instructions 2021-10-08 16:53:45 +02:00
011-use-hmac-sha-256-for-password-reset-tokens.patch update to upstream Grafana 7.5.13, support go1.18 2022-01-28 19:33:35 +01:00
012-support-go1.18.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
013-CVE-2021-23648.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
014-CVE-2022-21698.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
015-CVE-2022-21698.vendor.patch update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
build_frontend.sh update to upstream version 7.5.7 2021-05-25 17:56:00 +02:00
create_bundles_in_container.sh update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
distro-defaults.ini update to upstream version 7.5.8 2021-06-18 16:23:45 +02:00
gating.yaml Initial set of gating tests for grafana on Fedora 2021-02-03 19:58:40 +01:00
grafana.rpmlintrc update rpmlintrc 2021-10-11 18:37:28 +02:00
grafana.spec Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629 2022-06-19 11:47:40 +02:00
list_bundled_nodejs_packages.py update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
Makefile use clamp-mtime when generating the vendor and webpack tarballs 2022-04-11 18:00:46 +02:00
README.md update to upstream Grafana 7.5.15, resolve CVE-2021-23648 and CVE-2022-21698 2022-04-08 18:57:17 +02:00
sources use clamp-mtime when generating the vendor and webpack tarballs 2022-04-11 18:00:46 +02:00

grafana

The grafana package

Upgrade instructions

  • update Version, Release, %changelog and tarball NVRs in the specfile
  • create bundles and manifest: make clean all
  • update specfile with contents of the .manifest file
  • check if the default configuration has changed: diff grafana-X.Y.Z/conf/defaults.ini distro-defaults.ini and update distro-defaults.ini if necessary
  • update the manpages patch in 002-manpages.patch and other patches if required
  • run local build: rpkg local
  • run rpm linter: rpkg lint -r grafana.rpmlintrc
  • run a scratch build: fedpkg scratch-build --srpm
  • upload new source tarballs: fedpkg new-sources *.tar.gz *.tar.xz
  • commit new sources file

Patches

  • create the patch
  • declare and apply (%prep) the patch in the specfile
  • if the patch affects Go or Node.js dependencies, or the webpack
    • add the patch to PATCHES_PRE_VENDOR or PATCHES_PRE_WEBPACK in the Makefile
    • create new tarballs
    • update the specfile with new tarball name and contents of the .manifest file

General guidelines

  • aim to apply all patches in the specfile
  • avoid rebuilding the tarballs

Patches fall in several categories:

  • modify dependency versions
  • modify both sources and vendored dependencies (e.g. CVEs)
  • modify the Node.js source (i.e. affect the webpack)
  • some patches are conditional (e.g. FIPS)

Patches cannot be applied twice. It is not possible to unconditionally apply all patches in the Makefile, and great care must be taken to include the required patches at the correct stage of the build.

Reproducible Bundles

Run ./create_bundles_in_container.sh to generate a reproducible vendor and webpack bundle. Alternatively, install the same software as in the container, create a bind mount from /tmp/grafana-build to the directory of this repository, and run make. The bind mount is required because Webpack stores absolute paths in the JS source maps, and also resolves symlinks (i.e. symlinking /tmp/grafana-build doesn't work).

Verification