commit
16f88e0bfd
@ -0,0 +1,3 @@
|
|||||||
|
SOURCES/grafana-9.0.9.tar.gz
|
||||||
|
SOURCES/grafana-vendor-9.0.9-1.tar.xz
|
||||||
|
SOURCES/grafana-webpack-9.0.9-1.tar.gz
|
@ -0,0 +1,3 @@
|
|||||||
|
4676eecab36973d5b3cb7ba23b929364c91b7ed8 SOURCES/grafana-9.0.9.tar.gz
|
||||||
|
7f0a2e8ac4431208b57781f849d6f5b79d339468 SOURCES/grafana-vendor-9.0.9-1.tar.xz
|
||||||
|
08a5daeb99590879c606fb7e7badf7a80823990b SOURCES/grafana-webpack-9.0.9-1.tar.gz
|
@ -0,0 +1,64 @@
|
|||||||
|
From 2ad9b1bd641eab2daae9c461656a56c8c2688485 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 16:57:52 +0200
|
||||||
|
Subject: [PATCH] update grafana-cli script with distro-specific paths and
|
||||||
|
switch to grafana user
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli
|
||||||
|
index dafa075a2c..eda358c425 100755
|
||||||
|
--- a/packaging/wrappers/grafana-cli
|
||||||
|
+++ b/packaging/wrappers/grafana-cli
|
||||||
|
@@ -5,18 +5,19 @@
|
||||||
|
# the system-wide Grafana configuration that was bundled with the package as we
|
||||||
|
# use the binary.
|
||||||
|
|
||||||
|
-DEFAULT=/etc/default/grafana
|
||||||
|
+DEFAULT=/etc/sysconfig/grafana-server
|
||||||
|
|
||||||
|
GRAFANA_HOME=/usr/share/grafana
|
||||||
|
CONF_DIR=/etc/grafana
|
||||||
|
DATA_DIR=/var/lib/grafana
|
||||||
|
PLUGINS_DIR=/var/lib/grafana/plugins
|
||||||
|
LOG_DIR=/var/log/grafana
|
||||||
|
+LIBEXEC_DIR=/usr/libexec/grafana
|
||||||
|
|
||||||
|
CONF_FILE=$CONF_DIR/grafana.ini
|
||||||
|
PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
|
||||||
|
|
||||||
|
-EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli
|
||||||
|
+EXECUTABLE=$LIBEXEC_DIR/grafana-cli
|
||||||
|
|
||||||
|
if [ ! -x $EXECUTABLE ]; then
|
||||||
|
echo "Program not installed or not executable"
|
||||||
|
@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then
|
||||||
|
. "$DEFAULT"
|
||||||
|
fi
|
||||||
|
|
||||||
|
-OPTS="--homepath=${GRAFANA_HOME} \
|
||||||
|
- --config=${CONF_FILE} \
|
||||||
|
- --pluginsDir=${PLUGINS_DIR} \
|
||||||
|
- --configOverrides='cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \
|
||||||
|
- cfg:default.paths.data=${DATA_DIR} \
|
||||||
|
- cfg:default.paths.logs=${LOG_DIR} \
|
||||||
|
- cfg:default.paths.plugins=${PLUGINS_DIR}'"
|
||||||
|
-
|
||||||
|
-eval $EXECUTABLE "$OPTS" '$@'
|
||||||
|
+OPTS=("--homepath=${GRAFANA_HOME}"
|
||||||
|
+ "--config=${CONF_FILE}"
|
||||||
|
+ "--pluginsDir=${PLUGINS_DIR}"
|
||||||
|
+ "--configOverrides=cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \
|
||||||
|
+ cfg:default.paths.data=${DATA_DIR} \
|
||||||
|
+ cfg:default.paths.logs=${LOG_DIR} \
|
||||||
|
+ cfg:default.paths.plugins=${PLUGINS_DIR}")
|
||||||
|
+
|
||||||
|
+if [ "$(id -u)" -eq 0 ]; then
|
||||||
|
+ cd "${GRAFANA_HOME}"
|
||||||
|
+ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
|
||||||
|
+elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
|
||||||
|
+ cd "${GRAFANA_HOME}"
|
||||||
|
+ exec "$EXECUTABLE" "${OPTS[@]}" "$@"
|
||||||
|
+else
|
||||||
|
+ echo "$0: please run this script as user \"${GRAFANA_USER}\" or root."
|
||||||
|
+ exit 5
|
||||||
|
+fi
|
@ -0,0 +1,161 @@
|
|||||||
|
From ecac3e25a416bd66b19bc3074f9583dfd965a919 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 17:01:09 +0200
|
||||||
|
Subject: [PATCH] add manpages
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..39c0d5cee0
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/docs/man/man1/grafana-cli.1
|
||||||
|
@@ -0,0 +1,63 @@
|
||||||
|
+.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands"
|
||||||
|
+.SH NAME
|
||||||
|
+grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
|
||||||
|
+.SH DESCRIPTION
|
||||||
|
+.SS "NAME:"
|
||||||
|
+.IP
|
||||||
|
+grafana-cli
|
||||||
|
+.SS "USAGE:"
|
||||||
|
+.IP
|
||||||
|
+\fBgrafana\-cli\fP [\fIglobal options\fP] \fIcommand\fP [\fIcommand options\fP] [\fIarguments\fP...]
|
||||||
|
+.SS "COMMANDS:"
|
||||||
|
+.TP
|
||||||
|
+plugins
|
||||||
|
+Manage plugins for grafana
|
||||||
|
+.TP
|
||||||
|
+admin
|
||||||
|
+Grafana admin commands
|
||||||
|
+.TP
|
||||||
|
+cue
|
||||||
|
+Cue validation commands
|
||||||
|
+.TP
|
||||||
|
+help, h
|
||||||
|
+Shows a list of commands or help for one command
|
||||||
|
+.SS "GLOBAL OPTIONS:"
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-pluginsDir\fR value
|
||||||
|
+path to the grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR]
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-repo\fR value
|
||||||
|
+url to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO]
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-pluginUrl\fR value
|
||||||
|
+Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL]
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-insecure\fR
|
||||||
|
+Skip TLS verification (insecure) (default: false)
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-debug\fR
|
||||||
|
+Enable debug logging (default: false)
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-configOverrides\fR value
|
||||||
|
+Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-homepath\fR value
|
||||||
|
+Path to Grafana install/home path, defaults to working directory
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-config\fR value
|
||||||
|
+Path to config file
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-help\fR, \fB\-h\fR
|
||||||
|
+show help
|
||||||
|
+.TP
|
||||||
|
+\fB\-\-version\fR, \fB\-v\fR
|
||||||
|
+print the version
|
||||||
|
+.SH "SEE ALSO"
|
||||||
|
+Additional documentation for
|
||||||
|
+.B grafana-cli
|
||||||
|
+is available on-line at
|
||||||
|
+.BR http://docs.grafana.org/administration/cli/ .
|
||||||
|
+The full documentation for
|
||||||
|
+.B Grafana
|
||||||
|
+is available on-line at
|
||||||
|
+.BR http://docs.grafana.org/ .
|
||||||
|
diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..683a2369cc
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/docs/man/man1/grafana-server.1
|
||||||
|
@@ -0,0 +1,80 @@
|
||||||
|
+.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands"
|
||||||
|
+.SH NAME
|
||||||
|
+grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
|
||||||
|
+.SH DESCRIPTION
|
||||||
|
+.B grafana-server
|
||||||
|
+is the back-end server for the Grafana metrics dashboard and graph editor.
|
||||||
|
+The
|
||||||
|
+.B grafana-server
|
||||||
|
+program should not normally be run from the command line,
|
||||||
|
+except when testing or for development purposes.
|
||||||
|
+Rather it should be managed by
|
||||||
|
+.BR systemd .
|
||||||
|
+After installing Grafana, the systemd service should be enabled and started as follows:
|
||||||
|
+.P
|
||||||
|
+.in 1i
|
||||||
|
+.B systemctl daemon-reload
|
||||||
|
+.br
|
||||||
|
+.B systemctl enable grafana-server.service
|
||||||
|
+.br
|
||||||
|
+.B systemctl start grafana-server.service
|
||||||
|
+.in
|
||||||
|
+.P
|
||||||
|
+.SH OPTIONS
|
||||||
|
+The
|
||||||
|
+.B grafana-server
|
||||||
|
+configuration is specified in
|
||||||
|
+.BR /etc/grafana/grafana.ini
|
||||||
|
+and is well documented with comments.
|
||||||
|
+The command-line options listed below override options of
|
||||||
|
+the same (or similar) name in the configuration file.
|
||||||
|
+.P
|
||||||
|
+.HP
|
||||||
|
+\fB\-config\fR string
|
||||||
|
+.IP
|
||||||
|
+path to config file
|
||||||
|
+.HP
|
||||||
|
+\fB\-homepath\fR string
|
||||||
|
+.IP
|
||||||
|
+path to grafana install/home path, defaults to working directory
|
||||||
|
+.HP
|
||||||
|
+\fB\-packaging\fR string
|
||||||
|
+.IP
|
||||||
|
+describes the way Grafana was installed (default "unknown")
|
||||||
|
+.HP
|
||||||
|
+\fB\-pidfile\fR string
|
||||||
|
+.IP
|
||||||
|
+path to pid file
|
||||||
|
+.HP
|
||||||
|
+\fB\-profile\fR
|
||||||
|
+.IP
|
||||||
|
+Turn on pprof profiling
|
||||||
|
+.HP
|
||||||
|
+\fB\-profile\-addr\fR string
|
||||||
|
+.IP
|
||||||
|
+Define custom address for profiling (default "localhost")
|
||||||
|
+.HP
|
||||||
|
+\fB\-profile\-port\fR uint
|
||||||
|
+.IP
|
||||||
|
+Define custom port for profiling (default 6060)
|
||||||
|
+.HP
|
||||||
|
+\fB\-tracing\fR
|
||||||
|
+.IP
|
||||||
|
+Turn on tracing
|
||||||
|
+.HP
|
||||||
|
+\fB\-tracing\-file\fR string
|
||||||
|
+.IP
|
||||||
|
+Define tracing output file (default "trace.out")
|
||||||
|
+.TP
|
||||||
|
+\fB\-v\fR
|
||||||
|
+.IP
|
||||||
|
+prints current version and exits
|
||||||
|
+.TP
|
||||||
|
+\fB\-vv\fR
|
||||||
|
+.IP
|
||||||
|
+prints current version, all dependencies and exits
|
||||||
|
+.SH "SEE ALSO"
|
||||||
|
+The full documentation for
|
||||||
|
+.B Grafana
|
||||||
|
+is available on-line at
|
||||||
|
+.BR http://docs.grafana.org/ .
|
@ -0,0 +1,68 @@
|
|||||||
|
From a84194c2f7929bd78303daf04a56ab32cd9c4bb3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 17:05:48 +0200
|
||||||
|
Subject: [PATCH] update default configuration
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/conf/defaults.ini b/conf/defaults.ini
|
||||||
|
index dbb7143be4..4a3cf0a21d 100644
|
||||||
|
--- a/conf/defaults.ini
|
||||||
|
+++ b/conf/defaults.ini
|
||||||
|
@@ -190,7 +190,7 @@ row_limit = 1000000
|
||||||
|
# No ip addresses are being tracked, only simple counters to track
|
||||||
|
# running instances, dashboard and error counts. It is very helpful to us.
|
||||||
|
# Change this option to false to disable reporting.
|
||||||
|
-reporting_enabled = true
|
||||||
|
+reporting_enabled = false
|
||||||
|
|
||||||
|
# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
|
||||||
|
reporting_distributor = grafana-labs
|
||||||
|
@@ -200,7 +200,7 @@ reporting_distributor = grafana-labs
|
||||||
|
# in some UI views to notify that a grafana update exists.
|
||||||
|
# This option does not cause any auto updates, nor send any information
|
||||||
|
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
|
||||||
|
-check_for_updates = true
|
||||||
|
+check_for_updates = false
|
||||||
|
|
||||||
|
# Set to false to disable all checks to https://grafana.com
|
||||||
|
# for new versions of plugins. The check is used
|
||||||
|
diff --git a/conf/sample.ini b/conf/sample.ini
|
||||||
|
index d44532f346..1ede932e1e 100644
|
||||||
|
--- a/conf/sample.ini
|
||||||
|
+++ b/conf/sample.ini
|
||||||
|
@@ -196,7 +196,7 @@
|
||||||
|
# No ip addresses are being tracked, only simple counters to track
|
||||||
|
# running instances, dashboard and error counts. It is very helpful to us.
|
||||||
|
# Change this option to false to disable reporting.
|
||||||
|
-;reporting_enabled = true
|
||||||
|
+;reporting_enabled = false
|
||||||
|
|
||||||
|
# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
|
||||||
|
;reporting_distributor = grafana-labs
|
||||||
|
@@ -206,7 +206,7 @@
|
||||||
|
# in some UI views to notify that a grafana update exists.
|
||||||
|
# This option does not cause any auto updates, nor send any information
|
||||||
|
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
|
||||||
|
-;check_for_updates = true
|
||||||
|
+;check_for_updates = false
|
||||||
|
|
||||||
|
# Set to false to disable all checks to https://grafana.com
|
||||||
|
# for new versions of plugins. The check is used
|
||||||
|
@@ -338,7 +338,7 @@
|
||||||
|
|
||||||
|
# Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
|
||||||
|
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
||||||
|
-;min_refresh_interval = 5s
|
||||||
|
+min_refresh_interval = 1s
|
||||||
|
|
||||||
|
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
|
||||||
|
;default_home_dashboard_path =
|
||||||
|
@@ -1028,7 +1028,7 @@
|
||||||
|
;enable_alpha = false
|
||||||
|
;app_tls_skip_verify_insecure = false
|
||||||
|
# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
|
||||||
|
-;allow_loading_unsigned_plugins =
|
||||||
|
+allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel
|
||||||
|
# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
|
||||||
|
;plugin_admin_enabled = false
|
||||||
|
;plugin_admin_external_manage_enabled = false
|
@ -0,0 +1,143 @@
|
|||||||
|
From 7139240c52b69fde8b893bf73fb6a4910d65f30b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 17:18:56 +0200
|
||||||
|
Subject: [PATCH] remove unused backend dependencies
|
||||||
|
|
||||||
|
saml and gofpdf are not used in the OSS edition of Grafana
|
||||||
|
after editing `pkg/extensions/main.go`, run `go mod tidy`
|
||||||
|
|
||||||
|
diff --git a/go.mod b/go.mod
|
||||||
|
index 951745c95f..5b1379fa98 100644
|
||||||
|
--- a/go.mod
|
||||||
|
+++ b/go.mod
|
||||||
|
@@ -27,7 +27,6 @@ require (
|
||||||
|
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
|
||||||
|
github.com/centrifugal/centrifuge v0.19.0
|
||||||
|
github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d
|
||||||
|
- github.com/crewjam/saml v0.4.6-0.20210521115923-29c6295245bd
|
||||||
|
github.com/davecgh/go-spew v1.1.1
|
||||||
|
github.com/denisenkom/go-mssqldb v0.12.0
|
||||||
|
github.com/dop251/goja v0.0.0-20210804101310-32956a348b49
|
||||||
|
@@ -63,7 +62,6 @@ require (
|
||||||
|
github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
|
||||||
|
github.com/jmespath/go-jmespath v0.4.0
|
||||||
|
github.com/json-iterator/go v1.1.12
|
||||||
|
- github.com/jung-kurt/gofpdf v1.16.2
|
||||||
|
github.com/lib/pq v1.10.4
|
||||||
|
github.com/linkedin/goavro/v2 v2.10.0
|
||||||
|
github.com/m3db/prometheus_remote_client_golang v0.4.4
|
||||||
|
@@ -191,7 +189,6 @@ require (
|
||||||
|
github.com/josharian/intern v1.0.0 // indirect
|
||||||
|
github.com/jpillora/backoff v1.0.0 // indirect
|
||||||
|
github.com/mailru/easyjson v0.7.7 // indirect
|
||||||
|
- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
|
||||||
|
github.com/mattetti/filebuffer v1.0.1 // indirect
|
||||||
|
github.com/mattn/go-runewidth v0.0.9 // indirect
|
||||||
|
github.com/miekg/dns v1.1.43 // indirect
|
||||||
|
diff --git a/go.sum b/go.sum
|
||||||
|
index 0f2ad00d37..19e3489ca1 100644
|
||||||
|
--- a/go.sum
|
||||||
|
+++ b/go.sum
|
||||||
|
@@ -740,7 +740,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
|
||||||
|
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||||
|
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||||
|
github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||||
|
-github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
|
||||||
|
github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
|
||||||
|
github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
|
||||||
|
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||||
|
@@ -766,7 +765,6 @@ github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2
|
||||||
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
-github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
|
||||||
|
github.com/deepmap/oapi-codegen v1.6.0/go.mod h1:ryDa9AgbELGeB+YEXE1dR53yAjHwFvE9iAUlWl9Al3M=
|
||||||
|
github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU=
|
||||||
|
github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw=
|
||||||
|
@@ -923,7 +921,6 @@ github.com/fluent/fluent-bit-go v0.0.0-20190925192703-ea13c021720c/go.mod h1:WQX
|
||||||
|
github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
|
||||||
|
github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
|
||||||
|
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||||
|
-github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
|
||||||
|
github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
|
||||||
|
github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
|
||||||
|
github.com/foxcpp/go-mockdns v0.0.0-20201212160233-ede2f9158d15/go.mod h1:tPg4cp4nseejPd+UKxtCVQ2hUxNTZ7qQZJa7CLriIeo=
|
||||||
|
@@ -1459,8 +1456,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.138.0 h1:uJWNwHL4RoQF3axoi3RDSwoNu/K
|
||||||
|
github.com/grafana/grafana-plugin-sdk-go v0.138.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
|
||||||
|
github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa h1:+pXjAxavVR2FKKNsuuCXGCWEj8XGc1Af6SPiyBpzU2A=
|
||||||
|
github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa/go.mod h1:0O8o/juxNSKN/e+DzWDTRkl7Zm8CkZcz0NDqEdojlrk=
|
||||||
|
-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b h1:YiSGp34F4V0G08HHx1cJBf2GVgwYAkXQjzuVs1t8jYk=
|
||||||
|
-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b/go.mod h1:q83kyQoMD0vhy+RzFLlbw0UgHJ6TAihQpuXvdFmm4s4=
|
||||||
|
github.com/grafana/sqlds/v2 v2.3.7/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs=
|
||||||
|
github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751 h1:5PpsfN52XA0hxOjD/qQ0QNiEkp9Y9Tb+yz/Hj9fyL4M=
|
||||||
|
github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751/go.mod h1:KuqTKX9lfM87uu9vt9DS/q+REqSrAm2xYMnBBvlmevA=
|
||||||
|
@@ -1766,7 +1761,6 @@ github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52Cu
|
||||||
|
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
|
||||||
|
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
|
||||||
|
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
|
||||||
|
-github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
|
||||||
|
github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
|
||||||
|
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
|
||||||
|
github.com/joncrlsn/dque v2.2.1-0.20200515025108-956d14155fa2+incompatible/go.mod h1:hDZb8oMj3Kp8MxtbNLg9vrtAUDHjgI1yZvqivT4O8Iw=
|
||||||
|
@@ -1801,8 +1795,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
|
||||||
|
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
|
||||||
|
github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
|
||||||
|
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
|
||||||
|
-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
|
||||||
|
-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
|
||||||
|
github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
|
||||||
|
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
|
||||||
|
github.com/kardianos/service v1.0.0/go.mod h1:8CzDhVuCuugtsHyZoTvsOBuvonN/UDBvl0kH+BUxvbo=
|
||||||
|
@@ -1930,8 +1922,6 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef
|
||||||
|
github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
|
||||||
|
github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
|
||||||
|
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
|
||||||
|
-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
|
||||||
|
-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
|
||||||
|
github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
|
||||||
|
github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
|
||||||
|
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||||
|
@@ -2239,7 +2229,6 @@ github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHu
|
||||||
|
github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
|
||||||
|
github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
|
||||||
|
github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
|
||||||
|
-github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
|
||||||
|
github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
|
||||||
|
github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
|
||||||
|
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
|
||||||
|
@@ -2433,7 +2422,6 @@ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
|
||||||
|
github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
|
||||||
|
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
|
||||||
|
github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
|
||||||
|
-github.com/russellhaering/goxmldsig v1.1.0/go.mod h1:QK8GhXPB3+AfuCrfo0oRISa9NfzeCpWmxeGnqEpDF9o=
|
||||||
|
github.com/russellhaering/goxmldsig v1.1.1 h1:vI0r2osGF1A9PLvsGdPUAGwEIrKa4Pj5sesSBsebIxM=
|
||||||
|
github.com/russellhaering/goxmldsig v1.1.1/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
|
||||||
|
github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
|
||||||
|
@@ -2747,7 +2735,6 @@ github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX
|
||||||
|
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
|
||||||
|
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
|
||||||
|
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
|
||||||
|
-github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
|
||||||
|
github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
|
||||||
|
github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
|
||||||
|
gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
|
||||||
|
diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
|
||||||
|
index adcaff8ca6..c3110f590e 100644
|
||||||
|
--- a/pkg/extensions/main.go
|
||||||
|
+++ b/pkg/extensions/main.go
|
||||||
|
@@ -9,7 +9,6 @@ import (
|
||||||
|
_ "github.com/Azure/go-autorest/autorest/adal"
|
||||||
|
_ "github.com/beevik/etree"
|
||||||
|
_ "github.com/cortexproject/cortex/pkg/util"
|
||||||
|
- _ "github.com/crewjam/saml"
|
||||||
|
_ "github.com/gobwas/glob"
|
||||||
|
_ "github.com/googleapis/gax-go/v2"
|
||||||
|
_ "github.com/grafana/dskit/backoff"
|
||||||
|
@@ -17,7 +16,6 @@ import (
|
||||||
|
_ "github.com/grafana/loki/clients/pkg/promtail/client"
|
||||||
|
_ "github.com/grafana/loki/pkg/logproto"
|
||||||
|
_ "github.com/grpc-ecosystem/go-grpc-middleware"
|
||||||
|
- _ "github.com/jung-kurt/gofpdf"
|
||||||
|
_ "github.com/linkedin/goavro/v2"
|
||||||
|
_ "github.com/m3db/prometheus_remote_client_golang/promremote"
|
||||||
|
_ "github.com/pkg/errors"
|
@ -0,0 +1,877 @@
|
|||||||
|
From 0ee0768a196ba12b860b4a0920f729d5ce50ea3e Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Wed, 22 Jun 2022 17:36:47 +0200
|
||||||
|
Subject: [PATCH] remove unused frontend crypto
|
||||||
|
|
||||||
|
update `package.json` and then run `yarn install` to update the
|
||||||
|
`yarn.lock` lockfile
|
||||||
|
|
||||||
|
diff --git a/package.json b/package.json
|
||||||
|
index 5e2875090b..137a307f14 100644
|
||||||
|
--- a/package.json
|
||||||
|
+++ b/package.json
|
||||||
|
@@ -396,6 +396,9 @@
|
||||||
|
"whatwg-fetch": "3.6.2"
|
||||||
|
},
|
||||||
|
"resolutions": {
|
||||||
|
+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
|
||||||
|
+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
|
||||||
|
+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
|
||||||
|
"underscore": "1.13.3",
|
||||||
|
"@types/slate": "0.47.9",
|
||||||
|
"@microsoft/api-extractor-model": "7.17.3",
|
||||||
|
diff --git a/yarn.lock b/yarn.lock
|
||||||
|
index 8132e0f942..b41c0efb1b 100644
|
||||||
|
--- a/yarn.lock
|
||||||
|
+++ b/yarn.lock
|
||||||
|
@@ -12256,34 +12256,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"asn1.js@npm:^5.2.0":
|
||||||
|
- version: 5.4.1
|
||||||
|
- resolution: "asn1.js@npm:5.4.1"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^4.0.0
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- minimalistic-assert: ^1.0.0
|
||||||
|
- safer-buffer: ^2.1.0
|
||||||
|
- checksum: 3786a101ac6f304bd4e9a7df79549a7561950a13d4bcaec0c7790d44c80d147c1a94ba3d4e663673406064642a40b23fcd6c82a9952468e386c1a1376d747f9a
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"asn1@npm:~0.2.3":
|
||||||
|
- version: 0.2.4
|
||||||
|
- resolution: "asn1@npm:0.2.4"
|
||||||
|
- dependencies:
|
||||||
|
- safer-buffer: ~2.1.0
|
||||||
|
- checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0":
|
||||||
|
- version: 1.0.0
|
||||||
|
- resolution: "assert-plus@npm:1.0.0"
|
||||||
|
- checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"assert@npm:2.0.0":
|
||||||
|
version: 2.0.0
|
||||||
|
resolution: "assert@npm:2.0.0"
|
||||||
|
@@ -12870,15 +12842,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"bcrypt-pbkdf@npm:^1.0.0":
|
||||||
|
- version: 1.0.2
|
||||||
|
- resolution: "bcrypt-pbkdf@npm:1.0.2"
|
||||||
|
- dependencies:
|
||||||
|
- tweetnacl: ^0.14.3
|
||||||
|
- checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"before-after-hook@npm:^2.2.0":
|
||||||
|
version: 2.2.2
|
||||||
|
resolution: "before-after-hook@npm:2.2.2"
|
||||||
|
@@ -12970,20 +12933,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"bn.js@npm:^4.0.0, bn.js@npm:^4.1.0, bn.js@npm:^4.11.9":
|
||||||
|
- version: 4.12.0
|
||||||
|
- resolution: "bn.js@npm:4.12.0"
|
||||||
|
- checksum: 39afb4f15f4ea537b55eaf1446c896af28ac948fdcf47171961475724d1bb65118cca49fa6e3d67706e4790955ec0e74de584e45c8f1ef89f46c812bee5b5a12
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"bn.js@npm:^5.0.0, bn.js@npm:^5.1.1":
|
||||||
|
- version: 5.2.0
|
||||||
|
- resolution: "bn.js@npm:5.2.0"
|
||||||
|
- checksum: 6117170393200f68b35a061ecbf55d01dd989302e7b3c798a3012354fa638d124f0b2f79e63f77be5556be80322a09c40339eda6413ba7468524c0b6d4b4cb7a
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"body-parser@npm:1.19.0":
|
||||||
|
version: 1.19.0
|
||||||
|
resolution: "body-parser@npm:1.19.0"
|
||||||
|
@@ -13108,13 +13057,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"brorand@npm:^1.0.1, brorand@npm:^1.1.0":
|
||||||
|
- version: 1.1.0
|
||||||
|
- resolution: "brorand@npm:1.1.0"
|
||||||
|
- checksum: 8a05c9f3c4b46572dec6ef71012b1946db6cae8c7bb60ccd4b7dd5a84655db49fe043ecc6272e7ef1f69dc53d6730b9e2a3a03a8310509a3d797a618cbee52be
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"browser-process-hrtime@npm:^1.0.0":
|
||||||
|
version: 1.0.0
|
||||||
|
resolution: "browser-process-hrtime@npm:1.0.0"
|
||||||
|
@@ -13129,70 +13071,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"browserify-aes@npm:^1.0.0, browserify-aes@npm:^1.0.4":
|
||||||
|
- version: 1.2.0
|
||||||
|
- resolution: "browserify-aes@npm:1.2.0"
|
||||||
|
- dependencies:
|
||||||
|
- buffer-xor: ^1.0.3
|
||||||
|
- cipher-base: ^1.0.0
|
||||||
|
- create-hash: ^1.1.0
|
||||||
|
- evp_bytestokey: ^1.0.3
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- safe-buffer: ^5.0.1
|
||||||
|
- checksum: 4a17c3eb55a2aa61c934c286f34921933086bf6d67f02d4adb09fcc6f2fc93977b47d9d884c25619144fccd47b3b3a399e1ad8b3ff5a346be47270114bcf7104
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"browserify-cipher@npm:^1.0.0":
|
||||||
|
- version: 1.0.1
|
||||||
|
- resolution: "browserify-cipher@npm:1.0.1"
|
||||||
|
- dependencies:
|
||||||
|
- browserify-aes: ^1.0.4
|
||||||
|
- browserify-des: ^1.0.0
|
||||||
|
- evp_bytestokey: ^1.0.0
|
||||||
|
- checksum: 2d8500acf1ee535e6bebe808f7a20e4c3a9e2ed1a6885fff1facbfd201ac013ef030422bec65ca9ece8ffe82b03ca580421463f9c45af6c8415fd629f4118c13
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"browserify-des@npm:^1.0.0":
|
||||||
|
- version: 1.0.2
|
||||||
|
- resolution: "browserify-des@npm:1.0.2"
|
||||||
|
- dependencies:
|
||||||
|
- cipher-base: ^1.0.1
|
||||||
|
- des.js: ^1.0.0
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- safe-buffer: ^5.1.2
|
||||||
|
- checksum: b15a3e358a1d78a3b62ddc06c845d02afde6fc826dab23f1b9c016e643e7b1fda41de628d2110b712f6a44fb10cbc1800bc6872a03ddd363fb50768e010395b7
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"browserify-rsa@npm:^4.0.0, browserify-rsa@npm:^4.0.1":
|
||||||
|
- version: 4.1.0
|
||||||
|
- resolution: "browserify-rsa@npm:4.1.0"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^5.0.0
|
||||||
|
- randombytes: ^2.0.1
|
||||||
|
- checksum: 155f0c135873efc85620571a33d884aa8810e40176125ad424ec9d85016ff105a07f6231650914a760cca66f29af0494087947b7be34880dd4599a0cd3c38e54
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"browserify-sign@npm:^4.0.0":
|
||||||
|
- version: 4.2.1
|
||||||
|
- resolution: "browserify-sign@npm:4.2.1"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^5.1.1
|
||||||
|
- browserify-rsa: ^4.0.1
|
||||||
|
- create-hash: ^1.2.0
|
||||||
|
- create-hmac: ^1.1.7
|
||||||
|
- elliptic: ^6.5.3
|
||||||
|
- inherits: ^2.0.4
|
||||||
|
- parse-asn1: ^5.1.5
|
||||||
|
- readable-stream: ^3.6.0
|
||||||
|
- safe-buffer: ^5.2.0
|
||||||
|
- checksum: 0221f190e3f5b2d40183fa51621be7e838d9caa329fe1ba773406b7637855f37b30f5d83e52ff8f244ed12ffe6278dd9983638609ed88c841ce547e603855707
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"browserify-zlib@npm:^0.2.0":
|
||||||
|
version: 0.2.0
|
||||||
|
resolution: "browserify-zlib@npm:0.2.0"
|
||||||
|
@@ -13294,13 +13172,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"buffer-xor@npm:^1.0.3":
|
||||||
|
- version: 1.0.3
|
||||||
|
- resolution: "buffer-xor@npm:1.0.3"
|
||||||
|
- checksum: 10c520df29d62fa6e785e2800e586a20fc4f6dfad84bcdbd12e1e8a83856de1cb75c7ebd7abe6d036bbfab738a6cf18a3ae9c8e5a2e2eb3167ca7399ce65373a
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"buffer@npm:^4.3.0":
|
||||||
|
version: 4.9.2
|
||||||
|
resolution: "buffer@npm:4.9.2"
|
||||||
|
@@ -13896,16 +13767,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"cipher-base@npm:^1.0.0, cipher-base@npm:^1.0.1, cipher-base@npm:^1.0.3":
|
||||||
|
- version: 1.0.4
|
||||||
|
- resolution: "cipher-base@npm:1.0.4"
|
||||||
|
- dependencies:
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- safe-buffer: ^5.0.1
|
||||||
|
- checksum: 47d3568dbc17431a339bad1fe7dff83ac0891be8206911ace3d3b818fc695f376df809bea406e759cdea07fff4b454fa25f1013e648851bec790c1d75763032e
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"cjs-module-lexer@npm:^1.0.0":
|
||||||
|
version: 1.2.2
|
||||||
|
resolution: "cjs-module-lexer@npm:1.2.2"
|
||||||
|
@@ -14806,13 +14667,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"core-util-is@npm:1.0.2":
|
||||||
|
- version: 1.0.2
|
||||||
|
- resolution: "core-util-is@npm:1.0.2"
|
||||||
|
- checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"core-util-is@npm:~1.0.0":
|
||||||
|
version: 1.0.3
|
||||||
|
resolution: "core-util-is@npm:1.0.3"
|
||||||
|
@@ -14882,16 +14736,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"create-ecdh@npm:^4.0.0":
|
||||||
|
- version: 4.0.4
|
||||||
|
- resolution: "create-ecdh@npm:4.0.4"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^4.1.0
|
||||||
|
- elliptic: ^6.5.3
|
||||||
|
- checksum: 0dd7fca9711d09e152375b79acf1e3f306d1a25ba87b8ff14c2fd8e68b83aafe0a7dd6c4e540c9ffbdd227a5fa1ad9b81eca1f233c38bb47770597ba247e614b
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"create-emotion@npm:^10.0.14, create-emotion@npm:^10.0.27":
|
||||||
|
version: 10.0.27
|
||||||
|
resolution: "create-emotion@npm:10.0.27"
|
||||||
|
@@ -14904,33 +14748,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"create-hash@npm:^1.1.0, create-hash@npm:^1.1.2, create-hash@npm:^1.2.0":
|
||||||
|
- version: 1.2.0
|
||||||
|
- resolution: "create-hash@npm:1.2.0"
|
||||||
|
- dependencies:
|
||||||
|
- cipher-base: ^1.0.1
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- md5.js: ^1.3.4
|
||||||
|
- ripemd160: ^2.0.1
|
||||||
|
- sha.js: ^2.4.0
|
||||||
|
- checksum: 02a6ae3bb9cd4afee3fabd846c1d8426a0e6b495560a977ba46120c473cb283be6aa1cace76b5f927cf4e499c6146fb798253e48e83d522feba807d6b722eaa9
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"create-hmac@npm:^1.1.0, create-hmac@npm:^1.1.4, create-hmac@npm:^1.1.7":
|
||||||
|
- version: 1.1.7
|
||||||
|
- resolution: "create-hmac@npm:1.1.7"
|
||||||
|
- dependencies:
|
||||||
|
- cipher-base: ^1.0.3
|
||||||
|
- create-hash: ^1.1.0
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- ripemd160: ^2.0.0
|
||||||
|
- safe-buffer: ^5.0.1
|
||||||
|
- sha.js: ^2.4.8
|
||||||
|
- checksum: ba12bb2257b585a0396108c72830e85f882ab659c3320c83584b1037f8ab72415095167ced80dc4ce8e446a8ecc4b2acf36d87befe0707d73b26cf9dc77440ed
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"create-require@npm:^1.1.0":
|
||||||
|
version: 1.1.1
|
||||||
|
resolution: "create-require@npm:1.1.1"
|
||||||
|
@@ -14962,22 +14779,10 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"crypto-browserify@npm:^3.11.0":
|
||||||
|
- version: 3.12.0
|
||||||
|
- resolution: "crypto-browserify@npm:3.12.0"
|
||||||
|
- dependencies:
|
||||||
|
- browserify-cipher: ^1.0.0
|
||||||
|
- browserify-sign: ^4.0.0
|
||||||
|
- create-ecdh: ^4.0.0
|
||||||
|
- create-hash: ^1.1.0
|
||||||
|
- create-hmac: ^1.1.0
|
||||||
|
- diffie-hellman: ^5.0.0
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- pbkdf2: ^3.0.3
|
||||||
|
- public-encrypt: ^4.0.0
|
||||||
|
- randombytes: ^2.0.0
|
||||||
|
- randomfill: ^1.0.3
|
||||||
|
- checksum: c1609af82605474262f3eaa07daa0b2140026bd264ab316d4bf1170272570dbe02f0c49e29407fe0d3634f96c507c27a19a6765fb856fed854a625f9d15618e2
|
||||||
|
+"crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
|
||||||
|
+ version: 1.1.3
|
||||||
|
+ resolution: "crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
|
||||||
|
+ checksum: e233cb660c0eac1172e3c4da249aeaae92b222e9b870d64a427c7212833a1634e56e2f7601989b1a6a6cd0e8841ff3776cd18f8b56dfc20257b893987d624920
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
@@ -15928,15 +15733,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"dashdash@npm:^1.12.0":
|
||||||
|
- version: 1.14.1
|
||||||
|
- resolution: "dashdash@npm:1.14.1"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: ^1.0.0
|
||||||
|
- checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"data-urls@npm:^2.0.0":
|
||||||
|
version: 2.0.0
|
||||||
|
resolution: "data-urls@npm:2.0.0"
|
||||||
|
@@ -16251,16 +16047,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"des.js@npm:^1.0.0":
|
||||||
|
- version: 1.0.1
|
||||||
|
- resolution: "des.js@npm:1.0.1"
|
||||||
|
- dependencies:
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- minimalistic-assert: ^1.0.0
|
||||||
|
- checksum: 1ec2eedd7ed6bd61dd5e0519fd4c96124e93bb22de8a9d211b02d63e5dd152824853d919bb2090f965cc0e3eb9c515950a9836b332020d810f9c71feb0fd7df4
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"destroy@npm:~1.0.4":
|
||||||
|
version: 1.0.4
|
||||||
|
resolution: "destroy@npm:1.0.4"
|
||||||
|
@@ -16397,17 +16183,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"diffie-hellman@npm:^5.0.0":
|
||||||
|
- version: 5.0.3
|
||||||
|
- resolution: "diffie-hellman@npm:5.0.3"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^4.1.0
|
||||||
|
- miller-rabin: ^4.0.0
|
||||||
|
- randombytes: ^2.0.0
|
||||||
|
- checksum: 0e620f322170c41076e70181dd1c24e23b08b47dbb92a22a644f3b89b6d3834b0f8ee19e37916164e5eb1ee26d2aa836d6129f92723995267250a0b541811065
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"dir-glob@npm:^2.2.2":
|
||||||
|
version: 2.2.2
|
||||||
|
resolution: "dir-glob@npm:2.2.2"
|
||||||
|
@@ -16694,16 +16469,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"ecc-jsbn@npm:~0.1.1":
|
||||||
|
- version: 0.1.2
|
||||||
|
- resolution: "ecc-jsbn@npm:0.1.2"
|
||||||
|
- dependencies:
|
||||||
|
- jsbn: ~0.1.0
|
||||||
|
- safer-buffer: ^2.1.0
|
||||||
|
- checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"ee-first@npm:1.1.1":
|
||||||
|
version: 1.1.1
|
||||||
|
resolution: "ee-first@npm:1.1.1"
|
||||||
|
@@ -16748,21 +16513,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"elliptic@npm:^6.5.3":
|
||||||
|
- version: 6.5.4
|
||||||
|
- resolution: "elliptic@npm:6.5.4"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^4.11.9
|
||||||
|
- brorand: ^1.1.0
|
||||||
|
- hash.js: ^1.0.0
|
||||||
|
- hmac-drbg: ^1.0.1
|
||||||
|
- inherits: ^2.0.4
|
||||||
|
- minimalistic-assert: ^1.0.1
|
||||||
|
- minimalistic-crypto-utils: ^1.0.1
|
||||||
|
- checksum: d56d21fd04e97869f7ffcc92e18903b9f67f2d4637a23c860492fbbff5a3155fd9ca0184ce0c865dd6eb2487d234ce9551335c021c376cd2d3b7cb749c7d10f4
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"emitter-component@npm:^1.1.1":
|
||||||
|
version: 1.1.1
|
||||||
|
resolution: "emitter-component@npm:1.1.1"
|
||||||
|
@@ -17716,17 +17466,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"evp_bytestokey@npm:^1.0.0, evp_bytestokey@npm:^1.0.3":
|
||||||
|
- version: 1.0.3
|
||||||
|
- resolution: "evp_bytestokey@npm:1.0.3"
|
||||||
|
- dependencies:
|
||||||
|
- md5.js: ^1.3.4
|
||||||
|
- node-gyp: latest
|
||||||
|
- safe-buffer: ^5.1.1
|
||||||
|
- checksum: ad4e1577f1a6b721c7800dcc7c733fe01f6c310732bb5bf2240245c2a5b45a38518b91d8be2c610611623160b9d1c0e91f1ce96d639f8b53e8894625cf20fa45
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"exec-sh@npm:^0.3.2":
|
||||||
|
version: 0.3.6
|
||||||
|
resolution: "exec-sh@npm:0.3.6"
|
||||||
|
@@ -18006,20 +17745,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"extsprintf@npm:1.3.0":
|
||||||
|
- version: 1.3.0
|
||||||
|
- resolution: "extsprintf@npm:1.3.0"
|
||||||
|
- checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"extsprintf@npm:^1.2.0":
|
||||||
|
- version: 1.4.0
|
||||||
|
- resolution: "extsprintf@npm:1.4.0"
|
||||||
|
- checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
|
||||||
|
version: 3.1.3
|
||||||
|
resolution: "fast-deep-equal@npm:3.1.3"
|
||||||
|
@@ -19046,15 +18771,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"getpass@npm:^0.1.1":
|
||||||
|
- version: 0.1.7
|
||||||
|
- resolution: "getpass@npm:0.1.7"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: ^1.0.0
|
||||||
|
- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"git-raw-commits@npm:^2.0.8":
|
||||||
|
version: 2.0.10
|
||||||
|
resolution: "git-raw-commits@npm:2.0.10"
|
||||||
|
@@ -19887,27 +19603,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"hash-base@npm:^3.0.0":
|
||||||
|
- version: 3.1.0
|
||||||
|
- resolution: "hash-base@npm:3.1.0"
|
||||||
|
- dependencies:
|
||||||
|
- inherits: ^2.0.4
|
||||||
|
- readable-stream: ^3.6.0
|
||||||
|
- safe-buffer: ^5.2.0
|
||||||
|
- checksum: 26b7e97ac3de13cb23fc3145e7e3450b0530274a9562144fc2bf5c1e2983afd0e09ed7cc3b20974ba66039fad316db463da80eb452e7373e780cbee9a0d2f2dc
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"hash.js@npm:^1.0.0, hash.js@npm:^1.0.3":
|
||||||
|
- version: 1.1.7
|
||||||
|
- resolution: "hash.js@npm:1.1.7"
|
||||||
|
- dependencies:
|
||||||
|
- inherits: ^2.0.3
|
||||||
|
- minimalistic-assert: ^1.0.1
|
||||||
|
- checksum: e350096e659c62422b85fa508e4b3669017311aa4c49b74f19f8e1bc7f3a54a584fdfd45326d4964d6011f2b2d882e38bea775a96046f2a61b7779a979629d8f
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"hast-to-hyperscript@npm:^9.0.0":
|
||||||
|
version: 9.0.1
|
||||||
|
resolution: "hast-to-hyperscript@npm:9.0.1"
|
||||||
|
@@ -20043,17 +19738,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"hmac-drbg@npm:^1.0.1":
|
||||||
|
- version: 1.0.1
|
||||||
|
- resolution: "hmac-drbg@npm:1.0.1"
|
||||||
|
- dependencies:
|
||||||
|
- hash.js: ^1.0.3
|
||||||
|
- minimalistic-assert: ^1.0.0
|
||||||
|
- minimalistic-crypto-utils: ^1.0.1
|
||||||
|
- checksum: bd30b6a68d7f22d63f10e1888aee497d7c2c5c0bb469e66bbdac99f143904d1dfe95f8131f95b3e86c86dd239963c9d972fcbe147e7cffa00e55d18585c43fe0
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"hoist-non-react-statics@npm:3.3.2, hoist-non-react-statics@npm:^3.1.0, hoist-non-react-statics@npm:^3.3.0, hoist-non-react-statics@npm:^3.3.1, hoist-non-react-statics@npm:^3.3.2":
|
||||||
|
version: 3.3.2
|
||||||
|
resolution: "hoist-non-react-statics@npm:3.3.2"
|
||||||
|
@@ -20394,25 +20078,10 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"http-signature@npm:~1.2.0":
|
||||||
|
- version: 1.2.0
|
||||||
|
- resolution: "http-signature@npm:1.2.0"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: ^1.0.0
|
||||||
|
- jsprim: ^1.2.2
|
||||||
|
- sshpk: ^1.7.0
|
||||||
|
- checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"http-signature@npm:~1.3.6":
|
||||||
|
- version: 1.3.6
|
||||||
|
- resolution: "http-signature@npm:1.3.6"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: ^1.0.0
|
||||||
|
- jsprim: ^2.0.2
|
||||||
|
- sshpk: ^1.14.1
|
||||||
|
- checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c
|
||||||
|
+"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
|
||||||
|
+ version: 1.1.3
|
||||||
|
+ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
|
||||||
|
+ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
@@ -22562,13 +22231,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"jsbn@npm:~0.1.0":
|
||||||
|
- version: 0.1.1
|
||||||
|
- resolution: "jsbn@npm:0.1.1"
|
||||||
|
- checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"jsdoc-type-pratt-parser@npm:~2.2.5":
|
||||||
|
version: 2.2.5
|
||||||
|
resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
|
||||||
|
@@ -22683,13 +22345,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"json-schema@npm:0.2.3, json-schema@npm:0.4.0":
|
||||||
|
- version: 0.4.0
|
||||||
|
- resolution: "json-schema@npm:0.4.0"
|
||||||
|
- checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"json-source-map@npm:0.6.1":
|
||||||
|
version: 0.6.1
|
||||||
|
resolution: "json-source-map@npm:0.6.1"
|
||||||
|
@@ -22793,30 +22448,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"jsprim@npm:^1.2.2":
|
||||||
|
- version: 1.4.1
|
||||||
|
- resolution: "jsprim@npm:1.4.1"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: 1.0.0
|
||||||
|
- extsprintf: 1.3.0
|
||||||
|
- json-schema: 0.2.3
|
||||||
|
- verror: 1.10.0
|
||||||
|
- checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
-"jsprim@npm:^2.0.2":
|
||||||
|
- version: 2.0.2
|
||||||
|
- resolution: "jsprim@npm:2.0.2"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: 1.0.0
|
||||||
|
- extsprintf: 1.3.0
|
||||||
|
- json-schema: 0.4.0
|
||||||
|
- verror: 1.10.0
|
||||||
|
- checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"jsurl@npm:^0.1.5":
|
||||||
|
version: 0.1.5
|
||||||
|
resolution: "jsurl@npm:0.1.5"
|
||||||
|
@@ -23818,17 +23449,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"md5.js@npm:^1.3.4":
|
||||||
|
- version: 1.3.5
|
||||||
|
- resolution: "md5.js@npm:1.3.5"
|
||||||
|
- dependencies:
|
||||||
|
- hash-base: ^3.0.0
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- safe-buffer: ^5.1.2
|
||||||
|
- checksum: 098494d885684bcc4f92294b18ba61b7bd353c23147fbc4688c75b45cb8590f5a95fd4584d742415dcc52487f7a1ef6ea611cfa1543b0dc4492fe026357f3f0c
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"mdast-squeeze-paragraphs@npm:^4.0.0":
|
||||||
|
version: 4.0.0
|
||||||
|
resolution: "mdast-squeeze-paragraphs@npm:4.0.0"
|
||||||
|
@@ -24108,18 +23728,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"miller-rabin@npm:^4.0.0":
|
||||||
|
- version: 4.0.1
|
||||||
|
- resolution: "miller-rabin@npm:4.0.1"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^4.0.0
|
||||||
|
- brorand: ^1.0.1
|
||||||
|
- bin:
|
||||||
|
- miller-rabin: bin/miller-rabin
|
||||||
|
- checksum: 00cd1ab838ac49b03f236cc32a14d29d7d28637a53096bf5c6246a032a37749c9bd9ce7360cbf55b41b89b7d649824949ff12bc8eee29ac77c6b38eada619ece
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"mime-db@npm:1.50.0, mime-db@npm:>= 1.43.0 < 2":
|
||||||
|
version: 1.50.0
|
||||||
|
resolution: "mime-db@npm:1.50.0"
|
||||||
|
@@ -24247,20 +23855,13 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"minimalistic-assert@npm:^1.0.0, minimalistic-assert@npm:^1.0.1":
|
||||||
|
+"minimalistic-assert@npm:^1.0.0":
|
||||||
|
version: 1.0.1
|
||||||
|
resolution: "minimalistic-assert@npm:1.0.1"
|
||||||
|
checksum: cc7974a9268fbf130fb055aff76700d7e2d8be5f761fb5c60318d0ed010d839ab3661a533ad29a5d37653133385204c503bfac995aaa4236f4e847461ea32ba7
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"minimalistic-crypto-utils@npm:^1.0.1":
|
||||||
|
- version: 1.0.1
|
||||||
|
- resolution: "minimalistic-crypto-utils@npm:1.0.1"
|
||||||
|
- checksum: 6e8a0422b30039406efd4c440829ea8f988845db02a3299f372fceba56ffa94994a9c0f2fd70c17f9969eedfbd72f34b5070ead9656a34d3f71c0bd72583a0ed
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"minimatch@npm:3.0.4, minimatch@npm:^3.0.4":
|
||||||
|
version: 3.0.4
|
||||||
|
resolution: "minimatch@npm:3.0.4"
|
||||||
|
@@ -24903,13 +24504,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"node-forge@npm:^1":
|
||||||
|
- version: 1.3.1
|
||||||
|
- resolution: "node-forge@npm:1.3.1"
|
||||||
|
- checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"node-gettext@npm:^3.0.0":
|
||||||
|
version: 3.0.0
|
||||||
|
resolution: "node-gettext@npm:3.0.0"
|
||||||
|
@@ -26024,19 +25618,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"parse-asn1@npm:^5.0.0, parse-asn1@npm:^5.1.5":
|
||||||
|
- version: 5.1.6
|
||||||
|
- resolution: "parse-asn1@npm:5.1.6"
|
||||||
|
- dependencies:
|
||||||
|
- asn1.js: ^5.2.0
|
||||||
|
- browserify-aes: ^1.0.0
|
||||||
|
- evp_bytestokey: ^1.0.0
|
||||||
|
- pbkdf2: ^3.0.3
|
||||||
|
- safe-buffer: ^5.1.1
|
||||||
|
- checksum: 9243311d1f88089bc9f2158972aa38d1abd5452f7b7cabf84954ed766048fe574d434d82c6f5a39b988683e96fb84cd933071dda38927e03469dc8c8d14463c7
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"parse-entities@npm:^2.0.0":
|
||||||
|
version: 2.0.0
|
||||||
|
resolution: "parse-entities@npm:2.0.0"
|
||||||
|
@@ -26258,19 +25839,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"pbkdf2@npm:^3.0.3":
|
||||||
|
- version: 3.1.2
|
||||||
|
- resolution: "pbkdf2@npm:3.1.2"
|
||||||
|
- dependencies:
|
||||||
|
- create-hash: ^1.1.2
|
||||||
|
- create-hmac: ^1.1.4
|
||||||
|
- ripemd160: ^2.0.1
|
||||||
|
- safe-buffer: ^5.0.1
|
||||||
|
- sha.js: ^2.4.8
|
||||||
|
- checksum: 2c950a100b1da72123449208e231afc188d980177d021d7121e96a2de7f2abbc96ead2b87d03d8fe5c318face097f203270d7e27908af9f471c165a4e8e69c92
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"pend@npm:~1.2.0":
|
||||||
|
version: 1.2.0
|
||||||
|
resolution: "pend@npm:1.2.0"
|
||||||
|
@@ -27959,20 +27527,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"public-encrypt@npm:^4.0.0":
|
||||||
|
- version: 4.0.3
|
||||||
|
- resolution: "public-encrypt@npm:4.0.3"
|
||||||
|
- dependencies:
|
||||||
|
- bn.js: ^4.1.0
|
||||||
|
- browserify-rsa: ^4.0.0
|
||||||
|
- create-hash: ^1.1.0
|
||||||
|
- parse-asn1: ^5.0.0
|
||||||
|
- randombytes: ^2.0.1
|
||||||
|
- safe-buffer: ^5.1.2
|
||||||
|
- checksum: 215d446e43cef021a20b67c1df455e5eea134af0b1f9b8a35f9e850abf32991b0c307327bc5b9bc07162c288d5cdb3d4a783ea6c6640979ed7b5017e3e0c9935
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"pump@npm:^2.0.0":
|
||||||
|
version: 2.0.1
|
||||||
|
resolution: "pump@npm:2.0.1"
|
||||||
|
@@ -28181,7 +27735,7 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"randombytes@npm:^2.0.0, randombytes@npm:^2.0.1, randombytes@npm:^2.0.5, randombytes@npm:^2.1.0":
|
||||||
|
+"randombytes@npm:^2.1.0":
|
||||||
|
version: 2.1.0
|
||||||
|
resolution: "randombytes@npm:2.1.0"
|
||||||
|
dependencies:
|
||||||
|
@@ -28190,16 +27744,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"randomfill@npm:^1.0.3":
|
||||||
|
- version: 1.0.4
|
||||||
|
- resolution: "randomfill@npm:1.0.4"
|
||||||
|
- dependencies:
|
||||||
|
- randombytes: ^2.0.5
|
||||||
|
- safe-buffer: ^5.1.0
|
||||||
|
- checksum: 33734bb578a868d29ee1b8555e21a36711db084065d94e019a6d03caa67debef8d6a1bfd06a2b597e32901ddc761ab483a85393f0d9a75838f1912461d4dbfc7
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"range-parser@npm:^1.2.1, range-parser@npm:~1.2.1":
|
||||||
|
version: 1.2.1
|
||||||
|
resolution: "range-parser@npm:1.2.1"
|
||||||
|
@@ -30443,16 +29987,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"ripemd160@npm:^2.0.0, ripemd160@npm:^2.0.1":
|
||||||
|
- version: 2.0.2
|
||||||
|
- resolution: "ripemd160@npm:2.0.2"
|
||||||
|
- dependencies:
|
||||||
|
- hash-base: ^3.0.0
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- checksum: 006accc40578ee2beae382757c4ce2908a826b27e2b079efdcd2959ee544ddf210b7b5d7d5e80467807604244e7388427330f5c6d4cd61e6edaddc5773ccc393
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"rollup-plugin-copy@npm:3.4.0":
|
||||||
|
version: 3.4.0
|
||||||
|
resolution: "rollup-plugin-copy@npm:3.4.0"
|
||||||
|
@@ -30638,7 +30172,7 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.1, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.0, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0":
|
||||||
|
+"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0":
|
||||||
|
version: 5.2.1
|
||||||
|
resolution: "safe-buffer@npm:5.2.1"
|
||||||
|
checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491
|
||||||
|
@@ -30654,7 +30188,7 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0":
|
||||||
|
+"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0":
|
||||||
|
version: 2.1.2
|
||||||
|
resolution: "safer-buffer@npm:2.1.2"
|
||||||
|
checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
|
||||||
|
@@ -30891,12 +30425,10 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"selfsigned@npm:^2.0.1":
|
||||||
|
- version: 2.0.1
|
||||||
|
- resolution: "selfsigned@npm:2.0.1"
|
||||||
|
- dependencies:
|
||||||
|
- node-forge: ^1
|
||||||
|
- checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93
|
||||||
|
+"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
|
||||||
|
+ version: 1.1.3
|
||||||
|
+ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
|
||||||
|
+ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
@@ -31133,18 +30665,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"sha.js@npm:^2.4.0, sha.js@npm:^2.4.8":
|
||||||
|
- version: 2.4.11
|
||||||
|
- resolution: "sha.js@npm:2.4.11"
|
||||||
|
- dependencies:
|
||||||
|
- inherits: ^2.0.1
|
||||||
|
- safe-buffer: ^5.0.1
|
||||||
|
- bin:
|
||||||
|
- sha.js: ./bin.js
|
||||||
|
- checksum: ebd3f59d4b799000699097dadb831c8e3da3eb579144fd7eb7a19484cbcbb7aca3c68ba2bb362242eb09e33217de3b4ea56e4678184c334323eca24a58e3ad07
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"shallow-clone@npm:^3.0.0":
|
||||||
|
version: 3.0.1
|
||||||
|
resolution: "shallow-clone@npm:3.0.1"
|
||||||
|
@@ -31830,27 +31350,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0":
|
||||||
|
- version: 1.16.1
|
||||||
|
- resolution: "sshpk@npm:1.16.1"
|
||||||
|
- dependencies:
|
||||||
|
- asn1: ~0.2.3
|
||||||
|
- assert-plus: ^1.0.0
|
||||||
|
- bcrypt-pbkdf: ^1.0.0
|
||||||
|
- dashdash: ^1.12.0
|
||||||
|
- ecc-jsbn: ~0.1.1
|
||||||
|
- getpass: ^0.1.1
|
||||||
|
- jsbn: ~0.1.0
|
||||||
|
- safer-buffer: ^2.0.2
|
||||||
|
- tweetnacl: ~0.14.0
|
||||||
|
- bin:
|
||||||
|
- sshpk-conv: bin/sshpk-conv
|
||||||
|
- sshpk-sign: bin/sshpk-sign
|
||||||
|
- sshpk-verify: bin/sshpk-verify
|
||||||
|
- checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"ssri@npm:^6.0.1":
|
||||||
|
version: 6.0.2
|
||||||
|
resolution: "ssri@npm:6.0.2"
|
||||||
|
@@ -33509,13 +33008,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: hard
|
||||||
|
|
||||||
|
-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0":
|
||||||
|
- version: 0.14.5
|
||||||
|
- resolution: "tweetnacl@npm:0.14.5"
|
||||||
|
- checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"type-check@npm:^0.4.0, type-check@npm:~0.4.0":
|
||||||
|
version: 0.4.0
|
||||||
|
resolution: "type-check@npm:0.4.0"
|
||||||
|
@@ -34329,17 +33821,6 @@ __metadata:
|
||||||
|
languageName: node
|
||||||
|
linkType: soft
|
||||||
|
|
||||||
|
-"verror@npm:1.10.0":
|
||||||
|
- version: 1.10.0
|
||||||
|
- resolution: "verror@npm:1.10.0"
|
||||||
|
- dependencies:
|
||||||
|
- assert-plus: ^1.0.0
|
||||||
|
- core-util-is: 1.0.2
|
||||||
|
- extsprintf: ^1.2.0
|
||||||
|
- checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea
|
||||||
|
- languageName: node
|
||||||
|
- linkType: hard
|
||||||
|
-
|
||||||
|
"vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0":
|
||||||
|
version: 3.2.0
|
||||||
|
resolution: "vfile-location@npm:3.2.0"
|
@ -0,0 +1,358 @@
|
|||||||
|
From 5749f50533225b5d38fed1ed86b1c893cc0466b5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Thu, 25 Nov 2021 18:49:52 +0100
|
||||||
|
Subject: [PATCH] notifications: use HMAC-SHA256 to generate password reset
|
||||||
|
tokens
|
||||||
|
|
||||||
|
* changes the time limit code generation function to use HMAC-SHA256
|
||||||
|
instead of SHA-1
|
||||||
|
* multiple new testcases
|
||||||
|
|
||||||
|
diff --git a/pkg/services/notifications/codes.go b/pkg/services/notifications/codes.go
|
||||||
|
index 32cd5dd7cd..72d33e3814 100644
|
||||||
|
--- a/pkg/services/notifications/codes.go
|
||||||
|
+++ b/pkg/services/notifications/codes.go
|
||||||
|
@@ -1,48 +1,53 @@
|
||||||
|
package notifications
|
||||||
|
|
||||||
|
import (
|
||||||
|
- "crypto/sha1" // #nosec
|
||||||
|
+ "crypto/hmac"
|
||||||
|
+ "crypto/sha256"
|
||||||
|
"encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
+ "strconv"
|
||||||
|
"time"
|
||||||
|
|
||||||
|
- "github.com/unknwon/com"
|
||||||
|
-
|
||||||
|
"github.com/grafana/grafana/pkg/models"
|
||||||
|
"github.com/grafana/grafana/pkg/setting"
|
||||||
|
)
|
||||||
|
|
||||||
|
-const timeLimitCodeLength = 12 + 6 + 40
|
||||||
|
+const timeLimitStartDateLength = 12
|
||||||
|
+const timeLimitMinutesLength = 6
|
||||||
|
+const timeLimitHmacLength = 64
|
||||||
|
+const timeLimitCodeLength = timeLimitStartDateLength + timeLimitMinutesLength + timeLimitHmacLength
|
||||||
|
|
||||||
|
// create a time limit code
|
||||||
|
-// code format: 12 length date time string + 6 minutes string + 40 sha1 encoded string
|
||||||
|
-func createTimeLimitCode(data string, minutes int, startInf interface{}) (string, error) {
|
||||||
|
+// code format: 12 length date time string + 6 minutes string + 64 HMAC-SHA256 encoded string
|
||||||
|
+func createTimeLimitCode(payload string, minutes int, startStr string) (string, error) {
|
||||||
|
format := "200601021504"
|
||||||
|
|
||||||
|
var start, end time.Time
|
||||||
|
- var startStr, endStr string
|
||||||
|
+ var endStr string
|
||||||
|
|
||||||
|
- if startInf == nil {
|
||||||
|
+ if startStr == "" {
|
||||||
|
// Use now time create code
|
||||||
|
start = time.Now()
|
||||||
|
startStr = start.Format(format)
|
||||||
|
} else {
|
||||||
|
// use start string create code
|
||||||
|
- startStr = startInf.(string)
|
||||||
|
- start, _ = time.ParseInLocation(format, startStr, time.Local)
|
||||||
|
- startStr = start.Format(format)
|
||||||
|
+ var err error
|
||||||
|
+ start, err = time.ParseInLocation(format, startStr, time.Local)
|
||||||
|
+ if err != nil {
|
||||||
|
+ return "", err
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
end = start.Add(time.Minute * time.Duration(minutes))
|
||||||
|
endStr = end.Format(format)
|
||||||
|
|
||||||
|
- // create sha1 encode string
|
||||||
|
- sh := sha1.New()
|
||||||
|
- if _, err := sh.Write([]byte(data + setting.SecretKey + startStr + endStr +
|
||||||
|
- com.ToStr(minutes))); err != nil {
|
||||||
|
- return "", err
|
||||||
|
+ // create HMAC-SHA256 encoded string
|
||||||
|
+ key := []byte(setting.SecretKey)
|
||||||
|
+ h := hmac.New(sha256.New, key)
|
||||||
|
+ if _, err := h.Write([]byte(payload + startStr + endStr)); err != nil {
|
||||||
|
+ return "", fmt.Errorf("cannot create hmac: %v", err)
|
||||||
|
}
|
||||||
|
- encoded := hex.EncodeToString(sh.Sum(nil))
|
||||||
|
+ encoded := hex.EncodeToString(h.Sum(nil))
|
||||||
|
|
||||||
|
code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)
|
||||||
|
return code, nil
|
||||||
|
@@ -50,29 +55,32 @@ func createTimeLimitCode(data string, minutes int, startInf interface{}) (string
|
||||||
|
|
||||||
|
// verify time limit code
|
||||||
|
func validateUserEmailCode(cfg *setting.Cfg, user *models.User, code string) (bool, error) {
|
||||||
|
- if len(code) <= 18 {
|
||||||
|
+ if len(code) < timeLimitCodeLength {
|
||||||
|
return false, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
- minutes := cfg.EmailCodeValidMinutes
|
||||||
|
code = code[:timeLimitCodeLength]
|
||||||
|
|
||||||
|
// split code
|
||||||
|
- start := code[:12]
|
||||||
|
- lives := code[12:18]
|
||||||
|
- if d, err := com.StrTo(lives).Int(); err == nil {
|
||||||
|
- minutes = d
|
||||||
|
+ startStr := code[:timeLimitStartDateLength]
|
||||||
|
+ minutesStr := code[timeLimitStartDateLength : timeLimitStartDateLength+timeLimitMinutesLength]
|
||||||
|
+ minutes, err := strconv.Atoi(minutesStr)
|
||||||
|
+ if err != nil {
|
||||||
|
+ return false, fmt.Errorf("invalid time limit code: %v", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// right active code
|
||||||
|
- data := com.ToStr(user.Id) + user.Email + user.Login + user.Password + user.Rands
|
||||||
|
- retCode, err := createTimeLimitCode(data, minutes, start)
|
||||||
|
+ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
|
||||||
|
+ expectedCode, err := createTimeLimitCode(payload, minutes, startStr)
|
||||||
|
if err != nil {
|
||||||
|
return false, err
|
||||||
|
}
|
||||||
|
- if retCode == code && minutes > 0 {
|
||||||
|
+ if hmac.Equal([]byte(code), []byte(expectedCode)) && minutes > 0 {
|
||||||
|
// check time is expired or not
|
||||||
|
- before, _ := time.ParseInLocation("200601021504", start, time.Local)
|
||||||
|
+ before, err := time.ParseInLocation("200601021504", startStr, time.Local)
|
||||||
|
+ if err != nil {
|
||||||
|
+ return false, err
|
||||||
|
+ }
|
||||||
|
now := time.Now()
|
||||||
|
if before.Add(time.Minute*time.Duration(minutes)).Unix() > now.Unix() {
|
||||||
|
return true, nil
|
||||||
|
@@ -93,15 +101,15 @@ func getLoginForEmailCode(code string) string {
|
||||||
|
return string(b)
|
||||||
|
}
|
||||||
|
|
||||||
|
-func createUserEmailCode(cfg *setting.Cfg, u *models.User, startInf interface{}) (string, error) {
|
||||||
|
+func createUserEmailCode(cfg *setting.Cfg, user *models.User, startStr string) (string, error) {
|
||||||
|
minutes := cfg.EmailCodeValidMinutes
|
||||||
|
- data := com.ToStr(u.Id) + u.Email + u.Login + u.Password + u.Rands
|
||||||
|
- code, err := createTimeLimitCode(data, minutes, startInf)
|
||||||
|
+ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
|
||||||
|
+ code, err := createTimeLimitCode(payload, minutes, startStr)
|
||||||
|
if err != nil {
|
||||||
|
return "", err
|
||||||
|
}
|
||||||
|
|
||||||
|
// add tail hex username
|
||||||
|
- code += hex.EncodeToString([]byte(u.Login))
|
||||||
|
+ code += hex.EncodeToString([]byte(user.Login))
|
||||||
|
return code, nil
|
||||||
|
}
|
||||||
|
diff --git a/pkg/services/notifications/codes_test.go b/pkg/services/notifications/codes_test.go
|
||||||
|
index a314c8deca..be9b68ca69 100644
|
||||||
|
--- a/pkg/services/notifications/codes_test.go
|
||||||
|
+++ b/pkg/services/notifications/codes_test.go
|
||||||
|
@@ -1,7 +1,10 @@
|
||||||
|
package notifications
|
||||||
|
|
||||||
|
import (
|
||||||
|
+ "fmt"
|
||||||
|
+ "strconv"
|
||||||
|
"testing"
|
||||||
|
+ "time"
|
||||||
|
|
||||||
|
"github.com/grafana/grafana/pkg/models"
|
||||||
|
"github.com/grafana/grafana/pkg/setting"
|
||||||
|
@@ -9,18 +12,126 @@ import (
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
)
|
||||||
|
|
||||||
|
+func TestTimeLimitCodes(t *testing.T) {
|
||||||
|
+ cfg := setting.NewCfg()
|
||||||
|
+ cfg.EmailCodeValidMinutes = 120
|
||||||
|
+ user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"}
|
||||||
|
+
|
||||||
|
+ format := "200601021504"
|
||||||
|
+ mailPayload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
|
||||||
|
+ tenMinutesAgo := time.Now().Add(-time.Minute * 10)
|
||||||
|
+
|
||||||
|
+ tests := []struct {
|
||||||
|
+ desc string
|
||||||
|
+ payload string
|
||||||
|
+ start time.Time
|
||||||
|
+ minutes int
|
||||||
|
+ valid bool
|
||||||
|
+ }{
|
||||||
|
+ {
|
||||||
|
+ desc: "code generated 10 minutes ago, 5 minutes valid",
|
||||||
|
+ payload: mailPayload,
|
||||||
|
+ start: tenMinutesAgo,
|
||||||
|
+ minutes: 5,
|
||||||
|
+ valid: false,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ desc: "code generated 10 minutes ago, 9 minutes valid",
|
||||||
|
+ payload: mailPayload,
|
||||||
|
+ start: tenMinutesAgo,
|
||||||
|
+ minutes: 9,
|
||||||
|
+ valid: false,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ desc: "code generated 10 minutes ago, 10 minutes valid",
|
||||||
|
+ payload: mailPayload,
|
||||||
|
+ start: tenMinutesAgo,
|
||||||
|
+ minutes: 10,
|
||||||
|
+ // code was valid exactly 10 minutes since evaluating the tenMinutesAgo assignment
|
||||||
|
+ // by the time this test is run the code is already expired
|
||||||
|
+ valid: false,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ desc: "code generated 10 minutes ago, 11 minutes valid",
|
||||||
|
+ payload: mailPayload,
|
||||||
|
+ start: tenMinutesAgo,
|
||||||
|
+ minutes: 11,
|
||||||
|
+ valid: true,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ desc: "code generated 10 minutes ago, 20 minutes valid",
|
||||||
|
+ payload: mailPayload,
|
||||||
|
+ start: tenMinutesAgo,
|
||||||
|
+ minutes: 20,
|
||||||
|
+ valid: true,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ desc: "code generated 10 minutes ago, 20 minutes valid, tampered payload",
|
||||||
|
+ payload: mailPayload[:len(mailPayload)-1] + "x",
|
||||||
|
+ start: tenMinutesAgo,
|
||||||
|
+ minutes: 20,
|
||||||
|
+ valid: false,
|
||||||
|
+ },
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ for _, test := range tests {
|
||||||
|
+ t.Run(test.desc, func(t *testing.T) {
|
||||||
|
+ code, err := createTimeLimitCode(test.payload, test.minutes, test.start.Format(format))
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+
|
||||||
|
+ isValid, err := validateUserEmailCode(cfg, user, code)
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+ require.Equal(t, test.valid, isValid)
|
||||||
|
+ })
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ t.Run("tampered minutes", func(t *testing.T) {
|
||||||
|
+ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format))
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+
|
||||||
|
+ // code is expired
|
||||||
|
+ isValid, err := validateUserEmailCode(cfg, user, code)
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+ require.Equal(t, false, isValid)
|
||||||
|
+
|
||||||
|
+ // let's try to extend the code by tampering the minutes
|
||||||
|
+ code = code[:12] + fmt.Sprintf("%06d", 20) + code[18:]
|
||||||
|
+ isValid, err = validateUserEmailCode(cfg, user, code)
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+ require.Equal(t, false, isValid)
|
||||||
|
+ })
|
||||||
|
+
|
||||||
|
+ t.Run("tampered start string", func(t *testing.T) {
|
||||||
|
+ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format))
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+
|
||||||
|
+ // code is expired
|
||||||
|
+ isValid, err := validateUserEmailCode(cfg, user, code)
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+ require.Equal(t, false, isValid)
|
||||||
|
+
|
||||||
|
+ // let's try to extend the code by tampering the start string
|
||||||
|
+ oneMinuteAgo := time.Now().Add(-time.Minute)
|
||||||
|
+
|
||||||
|
+ code = oneMinuteAgo.Format(format) + code[12:]
|
||||||
|
+ isValid, err = validateUserEmailCode(cfg, user, code)
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
+ require.Equal(t, false, isValid)
|
||||||
|
+ })
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
func TestEmailCodes(t *testing.T) {
|
||||||
|
t.Run("When generating code", func(t *testing.T) {
|
||||||
|
cfg := setting.NewCfg()
|
||||||
|
cfg.EmailCodeValidMinutes = 120
|
||||||
|
|
||||||
|
user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"}
|
||||||
|
- code, err := createUserEmailCode(cfg, user, nil)
|
||||||
|
+ code, err := createUserEmailCode(cfg, user, "")
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
t.Run("getLoginForCode should return login", func(t *testing.T) {
|
||||||
|
login := getLoginForEmailCode(code)
|
||||||
|
- require.Equal(t, login, "asd")
|
||||||
|
+ require.Equal(t, "asd", login)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("Can verify valid code", func(t *testing.T) {
|
||||||
|
@@ -29,7 +140,7 @@ func TestEmailCodes(t *testing.T) {
|
||||||
|
require.True(t, isValid)
|
||||||
|
})
|
||||||
|
|
||||||
|
- t.Run("Cannot verify in-valid code", func(t *testing.T) {
|
||||||
|
+ t.Run("Cannot verify invalid code", func(t *testing.T) {
|
||||||
|
code = "ASD"
|
||||||
|
isValid, err := validateUserEmailCode(cfg, user, code)
|
||||||
|
require.NoError(t, err)
|
||||||
|
diff --git a/pkg/services/notifications/notifications.go b/pkg/services/notifications/notifications.go
|
||||||
|
index 84a0d42cb6..52facd0992 100644
|
||||||
|
--- a/pkg/services/notifications/notifications.go
|
||||||
|
+++ b/pkg/services/notifications/notifications.go
|
||||||
|
@@ -168,7 +168,7 @@ func (ns *NotificationService) SendEmailCommandHandler(ctx context.Context, cmd
|
||||||
|
}
|
||||||
|
|
||||||
|
func (ns *NotificationService) SendResetPasswordEmail(ctx context.Context, cmd *models.SendResetPasswordEmailCommand) error {
|
||||||
|
- code, err := createUserEmailCode(ns.Cfg, cmd.User, nil)
|
||||||
|
+ code, err := createUserEmailCode(ns.Cfg, cmd.User, "")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
diff --git a/pkg/services/notifications/notifications_test.go b/pkg/services/notifications/notifications_test.go
|
||||||
|
index 71970e20a0..6f4b318fe0 100644
|
||||||
|
--- a/pkg/services/notifications/notifications_test.go
|
||||||
|
+++ b/pkg/services/notifications/notifications_test.go
|
||||||
|
@@ -2,6 +2,7 @@ package notifications
|
||||||
|
|
||||||
|
import (
|
||||||
|
"context"
|
||||||
|
+ "regexp"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/grafana/grafana/pkg/bus"
|
||||||
|
@@ -185,7 +186,8 @@ func TestSendEmailAsync(t *testing.T) {
|
||||||
|
|
||||||
|
t.Run("When sending reset email password", func(t *testing.T) {
|
||||||
|
sut, _ := createSut(t, bus)
|
||||||
|
- err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &models.User{Email: "asd@asd.com"}})
|
||||||
|
+ user := models.User{Email: "asd@asd.com", Login: "asd@asd.com"}
|
||||||
|
+ err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &user})
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
sentMsg := <-sut.mailQueue
|
||||||
|
@@ -194,6 +196,21 @@ func TestSendEmailAsync(t *testing.T) {
|
||||||
|
assert.Equal(t, "Reset your Grafana password - asd@asd.com", sentMsg.Subject)
|
||||||
|
assert.NotContains(t, sentMsg.Body["text/html"], "Subject")
|
||||||
|
assert.NotContains(t, sentMsg.Body["text/plain"], "Subject")
|
||||||
|
+
|
||||||
|
+ // find code in mail
|
||||||
|
+ r, _ := regexp.Compile(`code=(\w+)`)
|
||||||
|
+ match := r.FindString(sentMsg.Body["text/plain"])
|
||||||
|
+ code := match[len("code="):]
|
||||||
|
+
|
||||||
|
+ // verify code
|
||||||
|
+ query := models.ValidateResetPasswordCodeQuery{Code: code}
|
||||||
|
+ getUserByLogin := func(ctx context.Context, login string) (*models.User, error) {
|
||||||
|
+ query := models.GetUserByLoginQuery{LoginOrEmail: login}
|
||||||
|
+ query.Result = &user
|
||||||
|
+ return query.Result, nil
|
||||||
|
+ }
|
||||||
|
+ err = sut.ValidateResetPasswordCode(context.Background(), &query, getUserByLogin)
|
||||||
|
+ require.NoError(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("When SMTP disabled in configuration", func(t *testing.T) {
|
@ -0,0 +1,21 @@
|
|||||||
|
From 03a5c7f452efb1dbf605bba8caf3e86e15888c25 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Thu, 23 Jun 2022 17:00:46 +0200
|
||||||
|
Subject: [PATCH] skip marketplace plugin install test
|
||||||
|
|
||||||
|
This test (tries to) install a plugin from the Grafana marketplace.
|
||||||
|
Network connectivity is disabled in the build environment for security
|
||||||
|
reasons, therefore we need to disable this test.
|
||||||
|
|
||||||
|
diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go
|
||||||
|
index e86ce50830..fd60fbe67c 100644
|
||||||
|
--- a/pkg/tests/api/plugins/api_plugins_test.go
|
||||||
|
+++ b/pkg/tests/api/plugins/api_plugins_test.go
|
||||||
|
@@ -55,6 +55,7 @@ func TestPlugins(t *testing.T) {
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("Request is not forbidden if from an admin", func(t *testing.T) {
|
||||||
|
+ t.Skip("this test requires connectivity to the Grafana plugin marketplace (fetching metadata)")
|
||||||
|
statusCode, body := makePostRequest(t, grafanaAPIURL(usernameAdmin, grafanaListedAddr, "plugins/test/install"))
|
||||||
|
|
||||||
|
assert.Equal(t, 404, statusCode)
|
@ -0,0 +1,20 @@
|
|||||||
|
From dc4e1c882d28db17064bd4fb788775a86ebfe066 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Mon, 27 Jun 2022 17:12:27 +0200
|
||||||
|
Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
|
||||||
|
on 32-bit architectures
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/pkg/tsdb/prometheus/buffered/time_series_query.go b/pkg/tsdb/prometheus/buffered/time_series_query.go
|
||||||
|
index 40db2d9100..0af2d3ecab 100644
|
||||||
|
--- a/pkg/tsdb/prometheus/buffered/time_series_query.go
|
||||||
|
+++ b/pkg/tsdb/prometheus/buffered/time_series_query.go
|
||||||
|
@@ -326,7 +326,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
|
||||||
|
return time.Duration(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
- rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
|
||||||
|
+ rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
|
||||||
|
return rateInterval
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,20 @@
|
|||||||
|
From 09be2f6709e7d05a2f75756c5f58b0602b54af72 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||||
|
Date: Tue, 5 Jul 2022 17:04:13 +0200
|
||||||
|
Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
|
||||||
|
on 32-bit architectures 2
|
||||||
|
|
||||||
|
|
||||||
|
diff --git a/pkg/tsdb/prometheus/models/query.go b/pkg/tsdb/prometheus/models/query.go
|
||||||
|
index bdd48d08ed..aa2b1f9945 100644
|
||||||
|
--- a/pkg/tsdb/prometheus/models/query.go
|
||||||
|
+++ b/pkg/tsdb/prometheus/models/query.go
|
||||||
|
@@ -181,7 +181,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
|
||||||
|
return time.Duration(0)
|
||||||
|
}
|
||||||
|
|
||||||
|
- rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
|
||||||
|
+ rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
|
||||||
|
return rateInterval
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,100 @@
|
|||||||
|
From 74f3c59f7096b5c31d5c218310b20775eb111d0f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Karl Persson <kalle.persson@grafana.com>
|
||||||
|
Date: Fri, 21 Oct 2022 14:15:21 +0200
|
||||||
|
Subject: [PATCH] [v9.0.x] Login email before username (#57406)
|
||||||
|
|
||||||
|
* Add test for username/login field conflict
|
||||||
|
|
||||||
|
* Swap order of login fields
|
||||||
|
|
||||||
|
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
|
||||||
|
|
||||||
|
diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go
|
||||||
|
index 9cd80da396..00e3ddc2df 100644
|
||||||
|
--- a/pkg/services/sqlstore/user.go
|
||||||
|
+++ b/pkg/services/sqlstore/user.go
|
||||||
|
@@ -170,20 +170,24 @@ func (ss *SQLStore) GetUserByLogin(ctx context.Context, query *models.GetUserByL
|
||||||
|
return models.ErrUserNotFound
|
||||||
|
}
|
||||||
|
|
||||||
|
- // Try and find the user by login first.
|
||||||
|
- // It's not sufficient to assume that a LoginOrEmail with an "@" is an email.
|
||||||
|
+ var has bool
|
||||||
|
+ var err error
|
||||||
|
user := &models.User{Login: query.LoginOrEmail}
|
||||||
|
- has, err := sess.Where(notServiceAccountFilter(ss)).Get(user)
|
||||||
|
-
|
||||||
|
- if err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
|
||||||
|
- if !has && strings.Contains(query.LoginOrEmail, "@") {
|
||||||
|
- // If the user wasn't found, and it contains an "@" fallback to finding the
|
||||||
|
- // user by email.
|
||||||
|
+ // Since username can be an email address, attempt login with email address
|
||||||
|
+ // first if the login field has the "@" symbol.
|
||||||
|
+ if strings.Contains(query.LoginOrEmail, "@") {
|
||||||
|
user = &models.User{Email: query.LoginOrEmail}
|
||||||
|
has, err = sess.Get(user)
|
||||||
|
+
|
||||||
|
+ if err != nil {
|
||||||
|
+ return err
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ // Lookup the login field instead of email field
|
||||||
|
+ if !has {
|
||||||
|
+ has, err = sess.Where(notServiceAccountFilter(ss)).Get(user)
|
||||||
|
}
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go
|
||||||
|
index d3803fa0c9..da23a7cca9 100644
|
||||||
|
--- a/pkg/services/sqlstore/user_test.go
|
||||||
|
+++ b/pkg/services/sqlstore/user_test.go
|
||||||
|
@@ -51,6 +51,45 @@ func TestIntegrationUserDataAccess(t *testing.T) {
|
||||||
|
require.False(t, query.Result.IsDisabled)
|
||||||
|
})
|
||||||
|
|
||||||
|
+ t.Run("Get User by login - user_2 uses user_1.email as login", func(t *testing.T) {
|
||||||
|
+ ss = InitTestDB(t)
|
||||||
|
+
|
||||||
|
+ // create user_1
|
||||||
|
+ cmd := models.CreateUserCommand{
|
||||||
|
+ Email: "user_1@mail.com",
|
||||||
|
+ Name: "user_1",
|
||||||
|
+ Login: "user_1",
|
||||||
|
+ Password: "user_1_password",
|
||||||
|
+ IsDisabled: true,
|
||||||
|
+ }
|
||||||
|
+ user_1, err := ss.CreateUser(context.Background(), cmd)
|
||||||
|
+ require.Nil(t, err)
|
||||||
|
+
|
||||||
|
+ // create user_2
|
||||||
|
+ cmd = models.CreateUserCommand{
|
||||||
|
+ Email: "user_2@mail.com",
|
||||||
|
+ Name: "user_2",
|
||||||
|
+ Login: "user_1@mail.com",
|
||||||
|
+ Password: "user_2_password",
|
||||||
|
+ IsDisabled: true,
|
||||||
|
+ }
|
||||||
|
+ user_2, err := ss.CreateUser(context.Background(), cmd)
|
||||||
|
+ require.Nil(t, err)
|
||||||
|
+
|
||||||
|
+ // query user database for user_1 email
|
||||||
|
+ query := models.GetUserByLoginQuery{LoginOrEmail: "user_1@mail.com"}
|
||||||
|
+ err = ss.GetUserByLogin(context.Background(), &query)
|
||||||
|
+ require.Nil(t, err)
|
||||||
|
+
|
||||||
|
+ // expect user_1 as result
|
||||||
|
+ require.Equal(t, user_1.Email, query.Result.Email)
|
||||||
|
+ require.Equal(t, user_1.Login, query.Result.Login)
|
||||||
|
+ require.Equal(t, user_1.Name, query.Result.Name)
|
||||||
|
+ require.NotEqual(t, user_2.Email, query.Result.Email)
|
||||||
|
+ require.NotEqual(t, user_2.Login, query.Result.Login)
|
||||||
|
+ require.NotEqual(t, user_2.Name, query.Result.Name)
|
||||||
|
+ })
|
||||||
|
+
|
||||||
|
t.Run("Testing DB - creates and loads disabled user", func(t *testing.T) {
|
||||||
|
ss = InitTestDB(t)
|
||||||
|
cmd := models.CreateUserCommand{
|
@ -0,0 +1,427 @@
|
|||||||
|
patch removed backend crypto
|
||||||
|
|
||||||
|
the `Makefile` removed a few files containing (unused) crypto
|
||||||
|
algorithms from the vendor tarball, which are not used in Grafana.
|
||||||
|
This patch removes all references to the deleted files.
|
||||||
|
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..871e612a61
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
|
||||||
|
@@ -0,0 +1,25 @@
|
||||||
|
+package elgamal
|
||||||
|
+
|
||||||
|
+import (
|
||||||
|
+ "io"
|
||||||
|
+ "math/big"
|
||||||
|
+)
|
||||||
|
+
|
||||||
|
+// PublicKey represents an ElGamal public key.
|
||||||
|
+type PublicKey struct {
|
||||||
|
+ G, P, Y *big.Int
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// PrivateKey represents an ElGamal private key.
|
||||||
|
+type PrivateKey struct {
|
||||||
|
+ PublicKey
|
||||||
|
+ X *big.Int
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
|
||||||
|
+ panic("ElGamal encryption not available")
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
|
||||||
|
+ panic("ElGamal encryption not available")
|
||||||
|
+}
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
|
||||||
|
index 0a19794a8e..25a5ee9158 100644
|
||||||
|
--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
|
||||||
|
+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
|
||||||
|
@@ -22,7 +22,6 @@ import (
|
||||||
|
"math/big"
|
||||||
|
"math/bits"
|
||||||
|
|
||||||
|
- "golang.org/x/crypto/cast5"
|
||||||
|
"golang.org/x/crypto/openpgp/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int {
|
||||||
|
case Cipher3DES:
|
||||||
|
return 24
|
||||||
|
case CipherCAST5:
|
||||||
|
- return cast5.KeySize
|
||||||
|
+ panic("cast5 cipher not available")
|
||||||
|
case CipherAES128:
|
||||||
|
return 16
|
||||||
|
case CipherAES192:
|
||||||
|
@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
|
||||||
|
case Cipher3DES:
|
||||||
|
block, _ = des.NewTripleDESCipher(key)
|
||||||
|
case CipherCAST5:
|
||||||
|
- block, _ = cast5.NewCipher(key)
|
||||||
|
+ panic("cast5 cipher not available")
|
||||||
|
case CipherAES128, CipherAES192, CipherAES256:
|
||||||
|
block, _ = aes.NewCipher(key)
|
||||||
|
}
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
|
||||||
|
index 6126030eb9..3a54c5f2b1 100644
|
||||||
|
--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
|
||||||
|
+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
|
||||||
|
@@ -5,13 +5,12 @@
|
||||||
|
package packet
|
||||||
|
|
||||||
|
import (
|
||||||
|
- "crypto/cipher"
|
||||||
|
"crypto/sha1"
|
||||||
|
"crypto/subtle"
|
||||||
|
- "golang.org/x/crypto/openpgp/errors"
|
||||||
|
"hash"
|
||||||
|
"io"
|
||||||
|
- "strconv"
|
||||||
|
+
|
||||||
|
+ "golang.org/x/crypto/openpgp/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
// SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
|
||||||
|
@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
|
||||||
|
// packet can be read. An incorrect key can, with high probability, be detected
|
||||||
|
// immediately and this will result in a KeyIncorrect error being returned.
|
||||||
|
func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
|
||||||
|
- keySize := c.KeySize()
|
||||||
|
- if keySize == 0 {
|
||||||
|
- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
|
||||||
|
- }
|
||||||
|
- if len(key) != keySize {
|
||||||
|
- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if se.prefix == nil {
|
||||||
|
- se.prefix = make([]byte, c.blockSize()+2)
|
||||||
|
- _, err := readFull(se.contents, se.prefix)
|
||||||
|
- if err != nil {
|
||||||
|
- return nil, err
|
||||||
|
- }
|
||||||
|
- } else if len(se.prefix) != c.blockSize()+2 {
|
||||||
|
- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- ocfbResync := OCFBResync
|
||||||
|
- if se.MDC {
|
||||||
|
- // MDC packets use a different form of OCFB mode.
|
||||||
|
- ocfbResync = OCFBNoResync
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
|
||||||
|
- if s == nil {
|
||||||
|
- return nil, errors.ErrKeyIncorrect
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- plaintext := cipher.StreamReader{S: s, R: se.contents}
|
||||||
|
-
|
||||||
|
- if se.MDC {
|
||||||
|
- // MDC packets have an embedded hash that we need to check.
|
||||||
|
- h := sha1.New()
|
||||||
|
- h.Write(se.prefix)
|
||||||
|
- return &seMDCReader{in: plaintext, h: h}, nil
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
|
||||||
|
- return seReader{plaintext}, nil
|
||||||
|
+ panic("OCFB cipher not available")
|
||||||
|
}
|
||||||
|
|
||||||
|
// seReader wraps an io.Reader with a no-op Close method.
|
||||||
|
@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
|
||||||
|
// written.
|
||||||
|
// If config is nil, sensible defaults will be used.
|
||||||
|
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
|
||||||
|
- if c.KeySize() != len(key) {
|
||||||
|
- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
|
||||||
|
- }
|
||||||
|
- writeCloser := noOpCloser{w}
|
||||||
|
- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
|
||||||
|
- if err != nil {
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
|
||||||
|
- if err != nil {
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- block := c.new(key)
|
||||||
|
- blockSize := block.BlockSize()
|
||||||
|
- iv := make([]byte, blockSize)
|
||||||
|
- _, err = config.Random().Read(iv)
|
||||||
|
- if err != nil {
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
|
||||||
|
- _, err = ciphertext.Write(prefix)
|
||||||
|
- if err != nil {
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
- plaintext := cipher.StreamWriter{S: s, W: ciphertext}
|
||||||
|
-
|
||||||
|
- h := sha1.New()
|
||||||
|
- h.Write(iv)
|
||||||
|
- h.Write(iv[blockSize-2:])
|
||||||
|
- contents = &seMDCWriter{w: plaintext, h: h}
|
||||||
|
- return
|
||||||
|
+ panic("OCFB cipher not available")
|
||||||
|
}
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go
|
||||||
|
index 484ca51b71..5f502b8df1 100644
|
||||||
|
--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go
|
||||||
|
+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go
|
||||||
|
@@ -11,8 +11,6 @@ import (
|
||||||
|
"crypto/x509/pkix"
|
||||||
|
"encoding/asn1"
|
||||||
|
"errors"
|
||||||
|
-
|
||||||
|
- "golang.org/x/crypto/pkcs12/internal/rc2"
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt
|
||||||
|
|
||||||
|
type shaWith40BitRC2CBC struct{}
|
||||||
|
|
||||||
|
-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {
|
||||||
|
- return rc2.New(key, len(key)*8)
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {
|
||||||
|
return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5)
|
||||||
|
}
|
||||||
|
@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
|
||||||
|
case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):
|
||||||
|
cipherType = shaWithTripleDESCBC{}
|
||||||
|
case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):
|
||||||
|
- cipherType = shaWith40BitRC2CBC{}
|
||||||
|
+ panic("RC2 encryption not available")
|
||||||
|
default:
|
||||||
|
return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")
|
||||||
|
}
|
||||||
|
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
|
||||||
|
index ae3ebc03b9..11dbc3c56e 100644
|
||||||
|
--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
|
||||||
|
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
|
||||||
|
@@ -16,13 +16,11 @@
|
||||||
|
package web
|
||||||
|
|
||||||
|
import (
|
||||||
|
- "encoding/hex"
|
||||||
|
"fmt"
|
||||||
|
"net/http"
|
||||||
|
"sync"
|
||||||
|
|
||||||
|
"github.com/go-kit/log"
|
||||||
|
- "golang.org/x/crypto/bcrypt"
|
||||||
|
)
|
||||||
|
|
||||||
|
// extraHTTPHeaders is a map of HTTP headers that can be added to HTTP
|
||||||
|
@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{
|
||||||
|
"Content-Security-Policy": nil,
|
||||||
|
}
|
||||||
|
|
||||||
|
-func validateUsers(configPath string) error {
|
||||||
|
- c, err := getConfig(configPath)
|
||||||
|
- if err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- for _, p := range c.Users {
|
||||||
|
- _, err = bcrypt.Cost([]byte(p))
|
||||||
|
- if err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- return nil
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
// validateHeaderConfig checks that the provided header configuration is correct.
|
||||||
|
// It does not check the validity of all the values, only the ones which are
|
||||||
|
// well-defined enumerations.
|
||||||
|
@@ -83,55 +65,3 @@ type webHandler struct {
|
||||||
|
// only once in parallel as this is CPU intensive.
|
||||||
|
bcryptMtx sync.Mutex
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
|
||||||
|
- c, err := getConfig(u.tlsConfigPath)
|
||||||
|
- if err != nil {
|
||||||
|
- u.logger.Log("msg", "Unable to parse configuration", "err", err)
|
||||||
|
- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // Configure http headers.
|
||||||
|
- for k, v := range c.HTTPConfig.Header {
|
||||||
|
- w.Header().Set(k, v)
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if len(c.Users) == 0 {
|
||||||
|
- u.handler.ServeHTTP(w, r)
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- user, pass, auth := r.BasicAuth()
|
||||||
|
- if auth {
|
||||||
|
- hashedPassword, validUser := c.Users[user]
|
||||||
|
-
|
||||||
|
- if !validUser {
|
||||||
|
- // The user is not found. Use a fixed password hash to
|
||||||
|
- // prevent user enumeration by timing requests.
|
||||||
|
- // This is a bcrypt-hashed version of "fakepassword".
|
||||||
|
- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...))
|
||||||
|
- authOk, ok := u.cache.get(cacheKey)
|
||||||
|
-
|
||||||
|
- if !ok {
|
||||||
|
- // This user, hashedPassword, password is not cached.
|
||||||
|
- u.bcryptMtx.Lock()
|
||||||
|
- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass))
|
||||||
|
- u.bcryptMtx.Unlock()
|
||||||
|
-
|
||||||
|
- authOk = err == nil
|
||||||
|
- u.cache.set(cacheKey, authOk)
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if authOk && validUser {
|
||||||
|
- u.handler.ServeHTTP(w, r)
|
||||||
|
- return
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- w.Header().Set("WWW-Authenticate", "Basic")
|
||||||
|
- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
|
||||||
|
-}
|
||||||
|
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
|
||||||
|
index 2668964a06..291464ba7e 100644
|
||||||
|
--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
|
||||||
|
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
|
||||||
|
@@ -18,12 +18,8 @@ import (
|
||||||
|
"crypto/x509"
|
||||||
|
"fmt"
|
||||||
|
"io/ioutil"
|
||||||
|
- "net"
|
||||||
|
- "net/http"
|
||||||
|
"path/filepath"
|
||||||
|
|
||||||
|
- "github.com/go-kit/log"
|
||||||
|
- "github.com/go-kit/log/level"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
config_util "github.com/prometheus/common/config"
|
||||||
|
"gopkg.in/yaml.v2"
|
||||||
|
@@ -177,93 +173,6 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) {
|
||||||
|
return cfg, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
-// ListenAndServe starts the server on the given address. Based on the file
|
||||||
|
-// tlsConfigPath, TLS or basic auth could be enabled.
|
||||||
|
-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error {
|
||||||
|
- listener, err := net.Listen("tcp", server.Addr)
|
||||||
|
- if err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
- defer listener.Close()
|
||||||
|
- return Serve(listener, server, tlsConfigPath, logger)
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-// Server starts the server on the given listener. Based on the file
|
||||||
|
-// tlsConfigPath, TLS or basic auth could be enabled.
|
||||||
|
-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error {
|
||||||
|
- if tlsConfigPath == "" {
|
||||||
|
- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
|
||||||
|
- return server.Serve(l)
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if err := validateUsers(tlsConfigPath); err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- // Setup basic authentication.
|
||||||
|
- var handler http.Handler = http.DefaultServeMux
|
||||||
|
- if server.Handler != nil {
|
||||||
|
- handler = server.Handler
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- c, err := getConfig(tlsConfigPath)
|
||||||
|
- if err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- server.Handler = &webHandler{
|
||||||
|
- tlsConfigPath: tlsConfigPath,
|
||||||
|
- logger: logger,
|
||||||
|
- handler: handler,
|
||||||
|
- cache: newCache(),
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- config, err := ConfigToTLSConfig(&c.TLSConfig)
|
||||||
|
- switch err {
|
||||||
|
- case nil:
|
||||||
|
- if !c.HTTPConfig.HTTP2 {
|
||||||
|
- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
|
||||||
|
- }
|
||||||
|
- // Valid TLS config.
|
||||||
|
- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2)
|
||||||
|
- case errNoTLSConfig:
|
||||||
|
- // No TLS config, back to plain HTTP.
|
||||||
|
- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
|
||||||
|
- return server.Serve(l)
|
||||||
|
- default:
|
||||||
|
- // Invalid TLS config.
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- server.TLSConfig = config
|
||||||
|
-
|
||||||
|
- // Set the GetConfigForClient method of the HTTPS server so that the config
|
||||||
|
- // and certs are reloaded on new connections.
|
||||||
|
- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
|
||||||
|
- return getTLSConfig(tlsConfigPath)
|
||||||
|
- }
|
||||||
|
- return server.ServeTLS(l, "", "")
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
-// Validate configuration file by reading the configuration and the certificates.
|
||||||
|
-func Validate(tlsConfigPath string) error {
|
||||||
|
- if tlsConfigPath == "" {
|
||||||
|
- return nil
|
||||||
|
- }
|
||||||
|
- if err := validateUsers(tlsConfigPath); err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
- c, err := getConfig(tlsConfigPath)
|
||||||
|
- if err != nil {
|
||||||
|
- return err
|
||||||
|
- }
|
||||||
|
- _, err = ConfigToTLSConfig(&c.TLSConfig)
|
||||||
|
- if err == errNoTLSConfig {
|
||||||
|
- return nil
|
||||||
|
- }
|
||||||
|
- return err
|
||||||
|
-}
|
||||||
|
-
|
||||||
|
type cipher uint16
|
||||||
|
|
||||||
|
func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
||||||
|
@@ -346,11 +255,3 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) {
|
||||||
|
}
|
||||||
|
return fmt.Sprintf("%v", tv), nil
|
||||||
|
}
|
||||||
|
-
|
||||||
|
-// Listen starts the server on the given address. Based on the file
|
||||||
|
-// tlsConfigPath, TLS or basic auth could be enabled.
|
||||||
|
-//
|
||||||
|
-// Deprecated: Use ListenAndServe instead.
|
||||||
|
-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {
|
||||||
|
- return ListenAndServe(server, tlsConfigPath, logger)
|
||||||
|
-}
|
@ -0,0 +1,145 @@
|
|||||||
|
use pbkdf2 from OpenSSL if FIPS mode is enabled
|
||||||
|
|
||||||
|
This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
|
||||||
|
if FIPS mode is enabled.
|
||||||
|
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..5a06918832
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/vendor/golang.org/x/crypto/internal/boring/boring.go
|
||||||
|
@@ -0,0 +1,74 @@
|
||||||
|
+// Copyright 2017 The Go Authors. All rights reserved.
|
||||||
|
+// Copyright 2021 Red Hat.
|
||||||
|
+// Use of this source code is governed by a BSD-style
|
||||||
|
+// license that can be found in the LICENSE file.
|
||||||
|
+
|
||||||
|
+// +build linux
|
||||||
|
+// +build !android
|
||||||
|
+// +build !no_openssl
|
||||||
|
+// +build !cmd_go_bootstrap
|
||||||
|
+// +build !msan
|
||||||
|
+
|
||||||
|
+package boring
|
||||||
|
+
|
||||||
|
+// #include "openssl_pbkdf2.h"
|
||||||
|
+// #cgo LDFLAGS: -ldl
|
||||||
|
+import "C"
|
||||||
|
+import (
|
||||||
|
+ "bytes"
|
||||||
|
+ "crypto/sha1"
|
||||||
|
+ "crypto/sha256"
|
||||||
|
+ "hash"
|
||||||
|
+ "unsafe"
|
||||||
|
+)
|
||||||
|
+
|
||||||
|
+var (
|
||||||
|
+ emptySha1 = sha1.Sum([]byte{})
|
||||||
|
+ emptySha256 = sha256.Sum256([]byte{})
|
||||||
|
+)
|
||||||
|
+
|
||||||
|
+func hashToMD(h hash.Hash) *C.GO_EVP_MD {
|
||||||
|
+ emptyHash := h.Sum([]byte{})
|
||||||
|
+
|
||||||
|
+ switch {
|
||||||
|
+ case bytes.Equal(emptyHash, emptySha1[:]):
|
||||||
|
+ return C._goboringcrypto_EVP_sha1()
|
||||||
|
+ case bytes.Equal(emptyHash, emptySha256[:]):
|
||||||
|
+ return C._goboringcrypto_EVP_sha256()
|
||||||
|
+ }
|
||||||
|
+ return nil
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// charptr returns the address of the underlying array in b,
|
||||||
|
+// being careful not to panic when b has zero length.
|
||||||
|
+func charptr(b []byte) *C.char {
|
||||||
|
+ if len(b) == 0 {
|
||||||
|
+ return nil
|
||||||
|
+ }
|
||||||
|
+ return (*C.char)(unsafe.Pointer(&b[0]))
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// ucharptr returns the address of the underlying array in b,
|
||||||
|
+// being careful not to panic when b has zero length.
|
||||||
|
+func ucharptr(b []byte) *C.uchar {
|
||||||
|
+ if len(b) == 0 {
|
||||||
|
+ return nil
|
||||||
|
+ }
|
||||||
|
+ return (*C.uchar)(unsafe.Pointer(&b[0]))
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
|
||||||
|
+ // println("[debug] using pbkdf2 from OpenSSL")
|
||||||
|
+ ch := h()
|
||||||
|
+ md := hashToMD(ch)
|
||||||
|
+ if md == nil {
|
||||||
|
+ return nil
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ out := make([]byte, keyLen)
|
||||||
|
+ ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
|
||||||
|
+ if ok != 1 {
|
||||||
|
+ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
|
||||||
|
+ }
|
||||||
|
+ return out
|
||||||
|
+}
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..e244fb5663
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go
|
||||||
|
@@ -0,0 +1,16 @@
|
||||||
|
+// Copyright 2017 The Go Authors. All rights reserved.
|
||||||
|
+// Copyright 2021 Red Hat.
|
||||||
|
+// Use of this source code is governed by a BSD-style
|
||||||
|
+// license that can be found in the LICENSE file.
|
||||||
|
+
|
||||||
|
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
||||||
|
+
|
||||||
|
+package boring
|
||||||
|
+
|
||||||
|
+import (
|
||||||
|
+ "hash"
|
||||||
|
+)
|
||||||
|
+
|
||||||
|
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
|
||||||
|
+ panic("boringcrypto: not available")
|
||||||
|
+}
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000..6dfdf10424
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
|
||||||
|
@@ -0,0 +1,5 @@
|
||||||
|
+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
|
||||||
|
+
|
||||||
|
+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
|
||||||
|
+ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
|
||||||
|
+ (pass, passlen, salt, saltlen, iter, digest, keylen, out))
|
||||||
|
diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
|
||||||
|
index 593f653008..799a611f94 100644
|
||||||
|
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
|
||||||
|
+++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
|
||||||
|
@@ -19,8 +19,11 @@ pbkdf2.Key.
|
||||||
|
package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
|
||||||
|
|
||||||
|
import (
|
||||||
|
+ "crypto/boring"
|
||||||
|
"crypto/hmac"
|
||||||
|
"hash"
|
||||||
|
+
|
||||||
|
+ xboring "golang.org/x/crypto/internal/boring"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Key derives a key from the password, salt and iteration count, returning a
|
||||||
|
@@ -40,6 +43,10 @@ import (
|
||||||
|
// Using a higher iteration count will increase the cost of an exhaustive
|
||||||
|
// search but will also make derivation proportionally slower.
|
||||||
|
func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
|
||||||
|
+ if boring.Enabled() {
|
||||||
|
+ return xboring.Pbkdf2Key(password, salt, iter, keyLen, h)
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
prf := hmac.New(h, password)
|
||||||
|
hashLen := prf.Size()
|
||||||
|
numBlocks := (keyLen + hashLen - 1) / hashLen
|
@ -0,0 +1,18 @@
|
|||||||
|
skip goldenfiles tests
|
||||||
|
|
||||||
|
The golden files include memory dumps from a x86_64 machine.
|
||||||
|
Integers are stored as little endian on x86, but as big endian on s390x,
|
||||||
|
therefore loading this memory dump fails on s390x.
|
||||||
|
|
||||||
|
diff --git a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
|
||||||
|
index 320f40f3bd..20f5fa4f46 100644
|
||||||
|
--- a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
|
||||||
|
+++ b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
|
||||||
|
@@ -203,6 +203,7 @@ func CheckGoldenJSONFrame(t *testing.T, dir string, name string, f *data.Frame,
|
||||||
|
// CheckGoldenJSONResponse will verify that the stored JSON file matches the given backend.DataResponse.
|
||||||
|
func CheckGoldenJSONResponse(t *testing.T, dir string, name string, dr *backend.DataResponse, updateFile bool) {
|
||||||
|
t.Helper()
|
||||||
|
+ t.Skip("skipping test: x86_64 memory dump is not compatible with other architectures")
|
||||||
|
fpath := path.Join(dir, name+".jsonc")
|
||||||
|
|
||||||
|
expected, err := readGoldenJSONFile(fpath)
|
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash -eu
|
||||||
|
|
||||||
|
# Webpack needs more than the default 4GB RAM
|
||||||
|
export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144"
|
||||||
|
|
||||||
|
# Build the frontend
|
||||||
|
yarn run build
|
||||||
|
|
||||||
|
# Build the bundled plugins
|
||||||
|
mkdir plugins-bundled/external
|
||||||
|
yarn run plugins:build-bundled
|
||||||
|
for plugin in plugins-bundled/internal/input-datasource; do
|
||||||
|
mv $plugin $plugin.tmp
|
||||||
|
mv $plugin.tmp/dist $plugin
|
||||||
|
rm -rf $plugin.tmp
|
||||||
|
done
|
||||||
|
rm plugins-bundled/README.md plugins-bundled/.gitignore plugins-bundled/external.json
|
||||||
|
|
||||||
|
# Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics))
|
||||||
|
chmod -R g-w,o-w public/build plugins-bundled
|
@ -0,0 +1,85 @@
|
|||||||
|
#!/bin/bash -eux
|
||||||
|
VERSION=$(rpm --specfile ./*.spec --qf '%{VERSION}\n' | head -1)
|
||||||
|
RELEASE=$(rpm --specfile ./*.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1)
|
||||||
|
CHANGELOGTIME=$(rpm --specfile ./*.spec --qf '%{CHANGELOGTIME}\n' | head -1)
|
||||||
|
SOURCE_DATE_EPOCH=$((CHANGELOGTIME - CHANGELOGTIME % 86400))
|
||||||
|
|
||||||
|
SOURCE_DIR=grafana-$VERSION
|
||||||
|
SOURCE_TAR=grafana-$VERSION.tar.gz
|
||||||
|
VENDOR_TAR=grafana-vendor-$VERSION-$RELEASE.tar.xz
|
||||||
|
WEBPACK_TAR=grafana-webpack-$VERSION-$RELEASE.tar.gz
|
||||||
|
|
||||||
|
|
||||||
|
## Download and extract source tarball
|
||||||
|
spectool -g grafana.spec
|
||||||
|
rm -rf "${SOURCE_DIR}"
|
||||||
|
tar xf "${SOURCE_TAR}"
|
||||||
|
|
||||||
|
|
||||||
|
## Create vendor bundle
|
||||||
|
pushd "${SOURCE_DIR}"
|
||||||
|
|
||||||
|
# Vendor Go dependencies
|
||||||
|
patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
|
||||||
|
go mod vendor
|
||||||
|
|
||||||
|
# Generate Go files
|
||||||
|
make gen-go
|
||||||
|
|
||||||
|
# Remove unused crypto
|
||||||
|
rm -r vendor/golang.org/x/crypto/bcrypt
|
||||||
|
rm -r vendor/golang.org/x/crypto/blowfish
|
||||||
|
rm -r vendor/golang.org/x/crypto/cast5
|
||||||
|
rm -r vendor/golang.org/x/crypto/openpgp/elgamal
|
||||||
|
rm vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
|
||||||
|
rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2
|
||||||
|
|
||||||
|
# List bundled dependencies
|
||||||
|
awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \
|
||||||
|
sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest"
|
||||||
|
|
||||||
|
# Vendor Node.js dependencies
|
||||||
|
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
|
||||||
|
export HUSKY=0
|
||||||
|
yarn install --frozen-lockfile
|
||||||
|
|
||||||
|
# Remove files with licensing issues
|
||||||
|
find .yarn -name 'node-notifier' -prune -exec rm -r {} \;
|
||||||
|
find .yarn -name 'nodemon' -prune -exec rm -r {} \;
|
||||||
|
|
||||||
|
# List bundled dependencies
|
||||||
|
../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest"
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
# Create tarball
|
||||||
|
# shellcheck disable=SC2046
|
||||||
|
XZ_OPT=-9 tar \
|
||||||
|
--sort=name \
|
||||||
|
--mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \
|
||||||
|
--owner=0 --group=0 --numeric-owner \
|
||||||
|
-cJf "${VENDOR_TAR}" \
|
||||||
|
"${SOURCE_DIR}/vendor" \
|
||||||
|
$(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \
|
||||||
|
"${SOURCE_DIR}/.pnp.cjs" \
|
||||||
|
"${SOURCE_DIR}/.yarn/cache" \
|
||||||
|
"${SOURCE_DIR}/.yarn/unplugged"
|
||||||
|
|
||||||
|
|
||||||
|
## Create webpack
|
||||||
|
pushd "${SOURCE_DIR}"
|
||||||
|
../build_frontend.sh
|
||||||
|
popd
|
||||||
|
|
||||||
|
# Create tarball
|
||||||
|
tar \
|
||||||
|
--sort=name \
|
||||||
|
--mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \
|
||||||
|
--owner=0 --group=0 --numeric-owner \
|
||||||
|
-czf "${WEBPACK_TAR}" \
|
||||||
|
"${SOURCE_DIR}/plugins-bundled" \
|
||||||
|
"${SOURCE_DIR}/public/build" \
|
||||||
|
"${SOURCE_DIR}/public/img" \
|
||||||
|
"${SOURCE_DIR}/public/lib" \
|
||||||
|
"${SOURCE_DIR}/public/locales" \
|
||||||
|
"${SOURCE_DIR}/public/views"
|
@ -0,0 +1,24 @@
|
|||||||
|
#!/bin/bash -eu
|
||||||
|
#
|
||||||
|
# create vendor and webpack bundles inside a container (for reproducibility)
|
||||||
|
# using a Go cache:
|
||||||
|
# ./create_bundles_in_container.sh --security-opt label=disable -v $(pwd)/.gocache:/root/go
|
||||||
|
#
|
||||||
|
|
||||||
|
cat <<EOF | podman build -t grafana-build -f - .
|
||||||
|
FROM fedora:35
|
||||||
|
|
||||||
|
RUN dnf upgrade -y && \
|
||||||
|
dnf install -y rpmdevtools python3-packaging python3-pyyaml make golang nodejs yarnpkg
|
||||||
|
|
||||||
|
# https://groups.google.com/g/golang-nuts/c/MVtHZUtZru4
|
||||||
|
ENV GOPROXY=https://proxy.golang.org,direct
|
||||||
|
|
||||||
|
WORKDIR /tmp/grafana-build
|
||||||
|
COPY grafana.spec create_bundles.sh build_frontend.sh list_bundled_nodejs_packages.py *.patch .
|
||||||
|
RUN mkdir bundles
|
||||||
|
CMD ./create_bundles.sh && mv *.tar.* bundles
|
||||||
|
EOF
|
||||||
|
|
||||||
|
podman run --name grafana-build --replace "$@" grafana-build
|
||||||
|
podman cp grafana-build:bundles/. .
|
@ -0,0 +1,2 @@
|
|||||||
|
#Type Name ID GECOS Home directory
|
||||||
|
u grafana - "Grafana user account" /usr/share/grafana
|
@ -0,0 +1,70 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
#
|
||||||
|
# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json
|
||||||
|
#
|
||||||
|
import os
|
||||||
|
import sys
|
||||||
|
import json
|
||||||
|
import yaml
|
||||||
|
from packaging import version
|
||||||
|
|
||||||
|
|
||||||
|
def scan_package_json(package_dir):
|
||||||
|
for root, dirs, files in os.walk(package_dir, topdown=True):
|
||||||
|
dirs[:] = [d for d in dirs if d not in ["node_modules", "vendor"]]
|
||||||
|
if "package.json" in files:
|
||||||
|
yield os.path.join(root, "package.json")
|
||||||
|
|
||||||
|
|
||||||
|
def read_declared_pkgs(package_json_path):
|
||||||
|
with open(package_json_path) as f:
|
||||||
|
package_json = json.load(f)
|
||||||
|
return list(package_json.get("dependencies", {}).keys()) + list(
|
||||||
|
package_json.get("devDependencies", {}).keys()
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
|
def read_installed_pkgs(yarn_lock_path):
|
||||||
|
with open(yarn_lock_path) as f:
|
||||||
|
lockfile = yaml.safe_load(f)
|
||||||
|
for pkg_decl, meta in lockfile.items():
|
||||||
|
for pkg in pkg_decl.split(", "):
|
||||||
|
if ":" not in pkg:
|
||||||
|
continue
|
||||||
|
pkg_name = pkg[: pkg.index("@", 1)]
|
||||||
|
pkg_version = meta["version"]
|
||||||
|
yield (pkg_name, pkg_version)
|
||||||
|
|
||||||
|
|
||||||
|
def list_provides(declared_pkgs, installed_pkgs):
|
||||||
|
for declared_pkg in declared_pkgs:
|
||||||
|
# there can be multiple versions installed of one package (transitive dependencies)
|
||||||
|
# but rpm doesn't support Provides: with a single package and multiple versions
|
||||||
|
# so let's declare the oldest version here
|
||||||
|
versions = [
|
||||||
|
version.parse(pkg_version)
|
||||||
|
for pkg_name, pkg_version in installed_pkgs
|
||||||
|
if pkg_name == declared_pkg
|
||||||
|
]
|
||||||
|
|
||||||
|
if not versions:
|
||||||
|
print(f"warning: {declared_pkg} missing in yarn.lock", file=sys.stderr)
|
||||||
|
continue
|
||||||
|
|
||||||
|
oldest_version = sorted(versions)[0]
|
||||||
|
yield f"Provides: bundled(npm({declared_pkg})) = {oldest_version}"
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
if len(sys.argv) != 2:
|
||||||
|
print(f"usage: {sys.argv[0]} package-X.Y.Z/", file=sys.stdout)
|
||||||
|
sys.exit(1)
|
||||||
|
|
||||||
|
package_dir = sys.argv[1]
|
||||||
|
declared_pkgs = set()
|
||||||
|
for package_json_path in scan_package_json(package_dir):
|
||||||
|
declared_pkgs.update(read_declared_pkgs(package_json_path))
|
||||||
|
installed_pkgs = list(read_installed_pkgs(f"{package_dir}/yarn.lock"))
|
||||||
|
provides = list_provides(declared_pkgs, installed_pkgs)
|
||||||
|
for provide in sorted(provides):
|
||||||
|
print(provide)
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue