rpms
/
js-d3-flame-graph
7
0
Fork 0
Code Issues Pull Requests Releases Activity

change webpack hash function to sha256 

* remove unused cryptographic implementations
* update tooling

Resolves: rhbz#1975437
This commit is contained in:
Andreas Gerstmayr 2021-06-29 19:17:44 +02:00
parent c0caf4895d
commit 32e908abcb
11 changed files with 253 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.gitignore vendored
View File

@ -1,2 +1,5 @@
/d3-flame-graph-*.tar.gz
/d3-flame-graph-deps-*.tar.xz
/js-d3-flame-graph-vendor-*.tar.xz
/js-d3-flame-graph-vendor-*.tar.xz.manifest
/d3-flame-graph*/
*.rpm

80
001-remove-unused-frontend-crypto-and-update-hash-fn.patch Normal file
View File

@ -0,0 +1,80 @@
diff --git a/package.json b/package.json
index 2284a2f..26bb09b 100644
--- a/package.json
+++ b/package.json
@@ -58,5 +58,8 @@
"d3-selection": "^1.4.1",
"d3-transition": "^1.3.2",
"d3-dispatch": "^1.0.6"
+ },
+ "resolutions": {
+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz"
}
}
diff --git a/webpack.config.js b/webpack.config.js
index 7153477..e663cf1 100644
--- a/webpack.config.js
+++ b/webpack.config.js
@@ -19,7 +19,11 @@ module.exports = [{
filename: '[name].js',
library: 'flamegraph',
libraryExport: 'default',
- libraryTarget: 'umd'
+ libraryTarget: 'umd',
+ hashFunction: 'sha256',
+ },
+ node: {
+ crypto: false
},
plugins: [
new CopyWebpackPlugin([{
@@ -54,7 +58,11 @@ module.exports = [{
path: path.resolve(__dirname, 'dist'),
filename: '[name].js',
library: ['flamegraph', 'colorMapper'],
- libraryTarget: 'umd'
+ libraryTarget: 'umd',
+ hashFunction: 'sha256',
+ },
+ node: {
+ crypto: false
},
module: {
rules: [{
@@ -80,7 +88,11 @@ module.exports = [{
path: path.resolve(__dirname, 'dist'),
filename: '[name].js',
library: ['flamegraph', 'tooltip'],
- libraryTarget: 'umd'
+ libraryTarget: 'umd',
+ hashFunction: 'sha256',
+ },
+ node: {
+ crypto: false
},
module: {
rules: [{
@@ -101,7 +113,11 @@ module.exports = [{
entry: './template.js',
output: {
path: path.resolve(__dirname, 'dist', 'templates'),
- filename: 'bundle.js'
+ filename: 'bundle.js',
+ hashFunction: 'sha256',
+ },
+ node: {
+ crypto: false
},
plugins: [
new CleanWebpackPlugin({
@@ -131,5 +147,10 @@ module.exports = [{
use: ['style-loader', 'css-loader']
}
]
+ },
+ optimization: {
+ minimizer: [
+ new TerserPlugin()
+ ]
}
}]

13
002-webpack-update-hash-fn.vendor.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/node_modules/webpack/lib/optimize/ConcatenatedModule.js b/node_modules/webpack/lib/optimize/ConcatenatedModule.js
index 03711c4..df4d216 100644
--- a/node_modules/webpack/lib/optimize/ConcatenatedModule.js
+++ b/node_modules/webpack/lib/optimize/ConcatenatedModule.js
@@ -560,7 +560,7 @@ class ConcatenatedModule extends Module {
orderedConcatenationListIdentifiers += " ";
}
}
- const hash = createHash("md4");
+ const hash = createHash("sha256");
hash.update(orderedConcatenationListIdentifiers);
return this.rootModule.identifier() + " " + hash.digest("hex");
}

42
Makefile Normal file
View File

@ -0,0 +1,42 @@
ifndef VER
$(error VER is undefined)
endif
ifndef REL
$(error REL is undefined)
endif
NAME := d3-flame-graph
RPM_NAME := js-$(NAME)
SOURCE_DIR := $(NAME)-$(VER)
SOURCE_TAR := $(NAME)-$(VER).tar.gz
VENDOR_TAR := $(RPM_NAME)-vendor-$(VER)-$(REL).tar.xz
ALL_PATCHES := $(sort $(wildcard *.patch))
VENDOR_PATCHES := $(sort $(wildcard *.vendor.patch))
SOURCE_PATCHES := $(filter-out $(VENDOR_PATCHES),$(ALL_PATCHES))
all: $(SOURCE_TAR) $(VENDOR_TAR)
$(SOURCE_TAR):
spectool -g $(RPM_NAME).spec
$(VENDOR_TAR): $(SOURCE_TAR)
rm -rf $(SOURCE_DIR)
tar xf $(SOURCE_TAR)
# Patches to apply before vendoring
for patch in $(SOURCE_PATCHES); do echo $$patch; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
# Node.js
cd $(SOURCE_DIR) && yarn import && yarn install --pure-lockfile
./list_bundled_nodejs_packages.py $(SOURCE_DIR)/ >> $@.manifest
# Patches to apply after vendoring
for patch in $(VENDOR_PATCHES); do echo $$patch; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done
# Create tarball
XZ_OPT=-9 tar cJf $@ \
$(SOURCE_DIR)/node_modules
clean:
rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/

31
README.md
View File

@ -2,19 +2,22 @@
The js-d3-flame-graph package
## Build instructions
```
VER=3.0.2
spectool -g js-d3-flame-graph.spec
./create_dependency_bundle.sh d3-flame-graph-$VER.tar.gz d3-flame-graph-deps-$VER.tar.xz
./check_npm_dependencies.py js-d3-flame-graph.spec d3-flame-graph-$VER.tar.gz d3-flame-graph-deps-$VER.tar.xz
fedpkg new-sources d3-flame-graph-$VER.tar.gz d3-flame-graph-deps-$VER.tar.xz
## Upgrade instructions
(replace X.Y.Z and R with the new version/release)
fedpkg local
fedpkg lint
fedpkg mockbuild
fedpkg scratch-build --srpm
* update `Version`, `Release` and `%changelog` in the specfile
* create bundles and manifest: `VER=X.Y.Z REL=R make clean all`
* update specfile with contents of the `.manifest` file
* run local build: `rpkg local`
* run rpm linter: `rpkg lint -r js-d3-flame-graph.rpmlintrc`
* run a scratch build: `fedpkg scratch-build --srpm`
* upload new source tarballs: `fedpkg new-sources *.tar.gz *.tar.xz`
fedpkg build
fedpkg update
```
## Backporting
* create the patch
* declare and apply (`%prep`) the patch in the specfile
* if the patch affects Node.js dependencies
* create new tarballs
* update the specfile with new tarball path and contents of the `.manifest` file
Note: the Makefile automatically applies patches before creating the tarballs

42
check_npm_dependencies.py
View File

@ -1,42 +0,0 @@
#!/usr/bin/env python3
import sys
import tarfile
import json
import os.path
def read_spec_provides(spec_path):
with open(spec_path) as f:
for line in f:
if line.startswith('Provides:'):
yield line.strip()
def read_node_deps(source_archive_path):
root_dir = os.path.basename(source_archive_path)[:-len('.tar.gz')]
with tarfile.open(source_archive_path) as tar:
f = tar.extractfile(f'{root_dir}/package.json')
package_json = json.load(f)
return list(package_json['devDependencies'].keys()) + list(package_json['dependencies'].keys())
def read_node_deps_versions(dep_bundle_path, dependencies):
with tarfile.open(dep_bundle_path) as tar:
for dependency in dependencies:
f = tar.extractfile(f'node_modules/{dependency}/package.json')
package_json = json.load(f)
yield f'Provides: bundled(nodejs-{package_json["name"]}) = {package_json["version"]}'
if __name__ == '__main__':
if len(sys.argv) != 4:
print('usage: {} specfile source-archive dependency-bundle'.format(sys.argv[0]))
sys.exit(1)
provides = list(read_spec_provides(sys.argv[1]))
dependencies = sorted(read_node_deps(sys.argv[2]))
actual_provides = list(read_node_deps_versions(sys.argv[3], dependencies))
if provides == actual_provides:
print("Dependencies are up-to-date with the specfile.")
sys.exit(0)
else:
print("Dependencies don't match, please update the specfile:")
print ('\n'.join(actual_provides))
sys.exit(1)

34
create_dependency_bundle.sh
View File

@ -1,34 +0,0 @@
#!/bin/bash -eu
SRC=$(readlink -f "${1:?Usage: $0 source destination}")
DEST=$(readlink -f "${2:?Usage: $0 source destination}")
if [ -f "$DEST" ]; then
echo "File $DEST exists already."
exit 0
fi
if [ "$#" -gt 2 ]; then
PATCHES=$(readlink -f "${@:3}")
else
PATCHES=""
fi
pushd "$(mktemp -d)"
echo Extracting sources...
tar xfz "$SRC"
cd d3-flame-graph-*
echo Applying patches...
for patch in $PATCHES
do
patch -p1 < $patch
done
echo Installing dependencies...
npm install
echo Compressing...
XZ_OPT=-9 tar cJf "$DEST" node_modules
popd

2
js-d3-flame-graph.rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter("W: strange-permission list_bundled_nodejs_packages.py 755")
addFilter("W: patch-not-applied .+.vendor.patch")

80
js-d3-flame-graph.spec
View File

@ -3,7 +3,7 @@
Name: js-d3-flame-graph
Version: 3.0.2
Release: 5%{?dist}
Release: 6%{?dist}
Summary: A D3.js plugin that produces flame graphs
BuildArch: noarch
@ -12,40 +12,44 @@ License: ASL 2.0
URL: %{github}
Source0: %{github}/archive/%{version}/%{pkgname}-%{version}.tar.gz
Source1: d3-flame-graph-deps-%{version}.tar.xz
Source2: create_dependency_bundle.sh
Source1: js-d3-flame-graph-vendor-%{version}-6.tar.xz
Source2: Makefile
Source3: list_bundled_nodejs_packages.py
Patch1: 001-remove-unused-frontend-crypto-and-update-hash-fn.patch
Patch2: 002-webpack-update-hash-fn.vendor.patch
BuildRequires: web-assets-devel
BuildRequires: nodejs
Requires: web-assets-filesystem
# Bundled npm packages
Provides: bundled(nodejs-clean-webpack-plugin) = 3.0.0
Provides: bundled(nodejs-copy-webpack-plugin) = 5.1.1
Provides: bundled(nodejs-css-loader) = 3.4.2
Provides: bundled(nodejs-d3-array) = 2.4.0
Provides: bundled(nodejs-d3-dispatch) = 1.0.6
Provides: bundled(nodejs-d3-ease) = 1.0.6
Provides: bundled(nodejs-d3-format) = 1.4.3
Provides: bundled(nodejs-d3-hierarchy) = 1.1.9
Provides: bundled(nodejs-d3-scale) = 3.2.1
Provides: bundled(nodejs-d3-selection) = 1.4.1
Provides: bundled(nodejs-d3-transition) = 1.3.2
Provides: bundled(nodejs-eslint) = 6.8.0
Provides: bundled(nodejs-eslint-config-standard) = 14.1.0
Provides: bundled(nodejs-eslint-loader) = 3.0.3
Provides: bundled(nodejs-eslint-plugin-import) = 2.20.1
Provides: bundled(nodejs-eslint-plugin-node) = 11.0.0
Provides: bundled(nodejs-eslint-plugin-promise) = 4.2.1
Provides: bundled(nodejs-eslint-plugin-standard) = 4.0.1
Provides: bundled(nodejs-html-webpack-plugin) = 3.2.0
Provides: bundled(nodejs-script-ext-html-webpack-plugin) = 2.1.4
Provides: bundled(nodejs-style-loader) = 1.1.3
Provides: bundled(nodejs-tape) = 4.13.2
Provides: bundled(nodejs-terser-webpack-plugin) = 2.3.5
Provides: bundled(nodejs-webpack) = 4.42.0
Provides: bundled(nodejs-webpack-cli) = 3.3.11
Provides: bundled(nodejs-webpack-dev-server) = 3.10.3
Provides: bundled(npm(clean-webpack-plugin)) = 3.0.0
Provides: bundled(npm(copy-webpack-plugin)) = 5.1.1
Provides: bundled(npm(css-loader)) = 3.4.2
Provides: bundled(npm(d3-array)) = 2.4.0
Provides: bundled(npm(d3-dispatch)) = 1.0.6
Provides: bundled(npm(d3-ease)) = 1.0.6
Provides: bundled(npm(d3-format)) = 1.4.3
Provides: bundled(npm(d3-hierarchy)) = 1.1.9
Provides: bundled(npm(d3-scale)) = 3.2.1
Provides: bundled(npm(d3-selection)) = 1.4.1
Provides: bundled(npm(d3-transition)) = 1.3.2
Provides: bundled(npm(eslint)) = 6.8.0
Provides: bundled(npm(eslint-config-standard)) = 14.1.0
Provides: bundled(npm(eslint-loader)) = 3.0.3
Provides: bundled(npm(eslint-plugin-import)) = 2.20.1
Provides: bundled(npm(eslint-plugin-node)) = 11.0.0
Provides: bundled(npm(eslint-plugin-promise)) = 4.2.1
Provides: bundled(npm(eslint-plugin-standard)) = 4.0.1
Provides: bundled(npm(html-webpack-plugin)) = 3.2.0
Provides: bundled(npm(script-ext-html-webpack-plugin)) = 2.1.4
Provides: bundled(npm(style-loader)) = 1.1.3
Provides: bundled(npm(tape)) = 4.13.2
Provides: bundled(npm(terser-webpack-plugin)) = 1.4.3
Provides: bundled(npm(webpack)) = 4.42.0
Provides: bundled(npm(webpack-cli)) = 3.3.11
Provides: bundled(npm(webpack-dev-server)) = 3.10.3
%description
A D3.js plugin that produces flame graphs from hierarchical data.
@ -59,12 +63,15 @@ Documentation and example files for js-d3-flame-graph.
%prep
%setup -q -n %{pkgname}-%{version}
%setup -q -a 1 -n %{pkgname}-%{version}
%setup -q -T -D -b 0 -n %{pkgname}-%{version}
%setup -q -T -D -b 1 -n %{pkgname}-%{version}
%patch1 -p1
%build
rm -rf dist
./node_modules/webpack/bin/webpack.js --mode production
./node_modules/.bin/webpack --mode production
%install
install -d -m 755 %{buildroot}/%{_datadir}/%{pkgname}
@ -74,6 +81,7 @@ rmdir dist/templates
install -d -m 755 %{buildroot}/%{_jsdir}/%{pkgname}
cp -a dist/* %{buildroot}/%{_jsdir}/%{pkgname}
%files
%{_jsdir}/%{pkgname}
%{_datadir}/%{pkgname}
@ -81,10 +89,16 @@ cp -a dist/* %{buildroot}/%{_jsdir}/%{pkgname}
%license LICENSE
%doc README.md
%files doc
%doc README.md examples
%changelog
* Wed Jun 30 2021 Andreas Gerstmayr <agerstmayr@redhat.com> - 3.0.2-6
- change webpack hash function to sha256
- remove unused cryptographic implementations
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 3.0.2-5
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065

47
list_bundled_nodejs_packages.py Executable file
View File

@ -0,0 +1,47 @@
#!/usr/bin/env python3
#
# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json
#
import sys
import json
import re
from packaging import version
def read_declared_pkgs(package_json_path):
with open(package_json_path) as f:
package_json = json.load(f)
return list(package_json['dependencies'].keys()) + list(package_json['devDependencies'].keys())
def read_installed_pkgs(yarn_lock_path):
with open(yarn_lock_path) as f:
lockfile = f.read()
return re.findall(r'^"?' # can start with a "
r'(.+?)@.+(?:,.*)?:\n' # characters up to @
r' version "(.+)"', # and the version
lockfile, re.MULTILINE)
def list_provides(declared_pkgs, installed_pkgs):
for declared_pkg in declared_pkgs:
# there can be multiple versions installed of one package (transitive dependencies)
# but rpm doesn't support Provides: with a single package and multiple versions
# so let's declare the oldest version here
versions = [version.parse(pkg_version)
for pkg_name, pkg_version in installed_pkgs if pkg_name == declared_pkg]
oldest_version = sorted(versions)[0]
yield f"Provides: bundled(npm({declared_pkg})) = {oldest_version}"
if __name__ == "__main__":
if len(sys.argv) != 2:
print(f"usage: {sys.argv[0]} package-X.Y.Z/", file=sys.stdout)
sys.exit(1)
package_dir = sys.argv[1]
declared_pkgs = read_declared_pkgs(f"{package_dir}/package.json")
installed_pkgs = read_installed_pkgs(f"{package_dir}/yarn.lock")
provides = list_provides(declared_pkgs, installed_pkgs)
for provide in sorted(provides):
print(provide)

2
sources
View File

@ -1,2 +1,2 @@
SHA512 (d3-flame-graph-3.0.2.tar.gz) = 992c21ed8e88428cfa2475c6b4cffbc14fbdb163137cdab79a7f93ec9df8acacb890037a763d2e0d81e6e3755c8eb2d502cfaeb9027a077e80c5691c40516e47
SHA512 (d3-flame-graph-deps-3.0.2.tar.xz) = b062cf151816a5d1ef4d60667097ed6e395dc14d5dcd877423e62ebed7e0d8c8513ac63f1d82c55ba03fa965a069afcaacba438e2ad1c6967f78f26428432900
SHA512 (js-d3-flame-graph-vendor-3.0.2-6.tar.xz) = 8afa777c80d0b8e8fcc8b10e440fbefae9b35f3ee184efa1e8782c88042bca8d1d5b719f97a580b9360b7506786a78e9f9ae0710810c8fa9b1ee5d851362b0d4