rpms
/
grafana
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import grafana-9.0.9-2.el9

Browse Source
i9c-beta changed/i9c-beta/grafana-9.0.9-2.el9
MSVSphere Packaging Team 1 year ago
commit 16f88e0bfd
21 changed files with 3805 additions and 0 deletions
Show Stats Download Patch File Download Diff File

3
.gitignore vendored
Unescape View File

@ -0,0 +1,3 @@
SOURCES/grafana-9.0.9.tar.gz
SOURCES/grafana-vendor-9.0.9-1.tar.xz
SOURCES/grafana-webpack-9.0.9-1.tar.gz

3
.grafana.metadata
Unescape View File

@ -0,0 +1,3 @@
4676eecab36973d5b3cb7ba23b929364c91b7ed8 SOURCES/grafana-9.0.9.tar.gz
7f0a2e8ac4431208b57781f849d6f5b79d339468 SOURCES/grafana-vendor-9.0.9-1.tar.xz
08a5daeb99590879c606fb7e7badf7a80823990b SOURCES/grafana-webpack-9.0.9-1.tar.gz

64
SOURCES/0001-update-grafana-cli-script-with-distro-specific-paths.patch
Unescape View File

@ -0,0 +1,64 @@
From 2ad9b1bd641eab2daae9c461656a56c8c2688485 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 16:57:52 +0200
Subject: [PATCH] update grafana-cli script with distro-specific paths and
switch to grafana user
diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli
index dafa075a2c..eda358c425 100755
--- a/packaging/wrappers/grafana-cli
+++ b/packaging/wrappers/grafana-cli
@@ -5,18 +5,19 @@
# the system-wide Grafana configuration that was bundled with the package as we
# use the binary.
-DEFAULT=/etc/default/grafana
+DEFAULT=/etc/sysconfig/grafana-server
GRAFANA_HOME=/usr/share/grafana
CONF_DIR=/etc/grafana
DATA_DIR=/var/lib/grafana
PLUGINS_DIR=/var/lib/grafana/plugins
LOG_DIR=/var/log/grafana
+LIBEXEC_DIR=/usr/libexec/grafana
CONF_FILE=$CONF_DIR/grafana.ini
PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
-EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli
+EXECUTABLE=$LIBEXEC_DIR/grafana-cli
if [ ! -x $EXECUTABLE ]; then
echo "Program not installed or not executable"
@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then
. "$DEFAULT"
fi
-OPTS="--homepath=${GRAFANA_HOME} \
- --config=${CONF_FILE} \
- --pluginsDir=${PLUGINS_DIR} \
- --configOverrides='cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \
- cfg:default.paths.data=${DATA_DIR} \
- cfg:default.paths.logs=${LOG_DIR} \
- cfg:default.paths.plugins=${PLUGINS_DIR}'"
-
-eval $EXECUTABLE "$OPTS" '$@'
+OPTS=("--homepath=${GRAFANA_HOME}"
+ "--config=${CONF_FILE}"
+ "--pluginsDir=${PLUGINS_DIR}"
+ "--configOverrides=cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \
+ cfg:default.paths.data=${DATA_DIR} \
+ cfg:default.paths.logs=${LOG_DIR} \
+ cfg:default.paths.plugins=${PLUGINS_DIR}")
+
+if [ "$(id -u)" -eq 0 ]; then
+ cd "${GRAFANA_HOME}"
+ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
+elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
+ cd "${GRAFANA_HOME}"
+ exec "$EXECUTABLE" "${OPTS[@]}" "$@"
+else
+ echo "$0: please run this script as user \"${GRAFANA_USER}\" or root."
+ exit 5
+fi

161
SOURCES/0002-add-manpages.patch
Unescape View File

@ -0,0 +1,161 @@
From ecac3e25a416bd66b19bc3074f9583dfd965a919 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:01:09 +0200
Subject: [PATCH] add manpages
diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1
new file mode 100644
index 0000000000..39c0d5cee0
--- /dev/null
+++ b/docs/man/man1/grafana-cli.1
@@ -0,0 +1,63 @@
+.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands"
+.SH NAME
+grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
+.SH DESCRIPTION
+.SS "NAME:"
+.IP
+grafana-cli
+.SS "USAGE:"
+.IP
+\fBgrafana\-cli\fP [\fIglobal options\fP] \fIcommand\fP [\fIcommand options\fP] [\fIarguments\fP...]
+.SS "COMMANDS:"
+.TP
+plugins
+Manage plugins for grafana
+.TP
+admin
+Grafana admin commands
+.TP
+cue
+Cue validation commands
+.TP
+help, h
+Shows a list of commands or help for one command
+.SS "GLOBAL OPTIONS:"
+.TP
+\fB\-\-pluginsDir\fR value
+path to the grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR]
+.TP
+\fB\-\-repo\fR value
+url to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO]
+.TP
+\fB\-\-pluginUrl\fR value
+Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL]
+.TP
+\fB\-\-insecure\fR
+Skip TLS verification (insecure) (default: false)
+.TP
+\fB\-\-debug\fR
+Enable debug logging (default: false)
+.TP
+\fB\-\-configOverrides\fR value
+Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null
+.TP
+\fB\-\-homepath\fR value
+Path to Grafana install/home path, defaults to working directory
+.TP
+\fB\-\-config\fR value
+Path to config file
+.TP
+\fB\-\-help\fR, \fB\-h\fR
+show help
+.TP
+\fB\-\-version\fR, \fB\-v\fR
+print the version
+.SH "SEE ALSO"
+Additional documentation for
+.B grafana-cli
+is available on-line at
+.BR http://docs.grafana.org/administration/cli/ .
+The full documentation for
+.B Grafana
+is available on-line at
+.BR http://docs.grafana.org/ .
diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1
new file mode 100644
index 0000000000..683a2369cc
--- /dev/null
+++ b/docs/man/man1/grafana-server.1
@@ -0,0 +1,80 @@
+.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands"
+.SH NAME
+grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
+.SH DESCRIPTION
+.B grafana-server
+is the back-end server for the Grafana metrics dashboard and graph editor.
+The
+.B grafana-server
+program should not normally be run from the command line,
+except when testing or for development purposes.
+Rather it should be managed by
+.BR systemd .
+After installing Grafana, the systemd service should be enabled and started as follows:
+.P
+.in 1i
+.B systemctl daemon-reload
+.br
+.B systemctl enable grafana-server.service
+.br
+.B systemctl start grafana-server.service
+.in
+.P
+.SH OPTIONS
+The
+.B grafana-server
+configuration is specified in
+.BR /etc/grafana/grafana.ini
+and is well documented with comments.
+The command-line options listed below override options of
+the same (or similar) name in the configuration file.
+.P
+.HP
+\fB\-config\fR string
+.IP
+path to config file
+.HP
+\fB\-homepath\fR string
+.IP
+path to grafana install/home path, defaults to working directory
+.HP
+\fB\-packaging\fR string
+.IP
+describes the way Grafana was installed (default "unknown")
+.HP
+\fB\-pidfile\fR string
+.IP
+path to pid file
+.HP
+\fB\-profile\fR
+.IP
+Turn on pprof profiling
+.HP
+\fB\-profile\-addr\fR string
+.IP
+Define custom address for profiling (default "localhost")
+.HP
+\fB\-profile\-port\fR uint
+.IP
+Define custom port for profiling (default 6060)
+.HP
+\fB\-tracing\fR
+.IP
+Turn on tracing
+.HP
+\fB\-tracing\-file\fR string
+.IP
+Define tracing output file (default "trace.out")
+.TP
+\fB\-v\fR
+.IP
+prints current version and exits
+.TP
+\fB\-vv\fR
+.IP
+prints current version, all dependencies and exits
+.SH "SEE ALSO"
+The full documentation for
+.B Grafana
+is available on-line at
+.BR http://docs.grafana.org/ .

68
SOURCES/0003-update-default-configuration.patch
Unescape View File

@ -0,0 +1,68 @@
From a84194c2f7929bd78303daf04a56ab32cd9c4bb3 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:05:48 +0200
Subject: [PATCH] update default configuration
diff --git a/conf/defaults.ini b/conf/defaults.ini
index dbb7143be4..4a3cf0a21d 100644
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@@ -190,7 +190,7 @@ row_limit = 1000000
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
-reporting_enabled = true
+reporting_enabled = false
# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
reporting_distributor = grafana-labs
@@ -200,7 +200,7 @@ reporting_distributor = grafana-labs
# in some UI views to notify that a grafana update exists.
# This option does not cause any auto updates, nor send any information
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
-check_for_updates = true
+check_for_updates = false
# Set to false to disable all checks to https://grafana.com
# for new versions of plugins. The check is used
diff --git a/conf/sample.ini b/conf/sample.ini
index d44532f346..1ede932e1e 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -196,7 +196,7 @@
# No ip addresses are being tracked, only simple counters to track
# running instances, dashboard and error counts. It is very helpful to us.
# Change this option to false to disable reporting.
-;reporting_enabled = true
+;reporting_enabled = false
# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
;reporting_distributor = grafana-labs
@@ -206,7 +206,7 @@
# in some UI views to notify that a grafana update exists.
# This option does not cause any auto updates, nor send any information
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
-;check_for_updates = true
+;check_for_updates = false
# Set to false to disable all checks to https://grafana.com
# for new versions of plugins. The check is used
@@ -338,7 +338,7 @@
# Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
-;min_refresh_interval = 5s
+min_refresh_interval = 1s
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
;default_home_dashboard_path =
@@ -1028,7 +1028,7 @@
;enable_alpha = false
;app_tls_skip_verify_insecure = false
# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
-;allow_loading_unsigned_plugins =
+allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel
# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
;plugin_admin_enabled = false
;plugin_admin_external_manage_enabled = false

143
SOURCES/0004-remove-unused-backend-dependencies.patch
Unescape View File

@ -0,0 +1,143 @@
From 7139240c52b69fde8b893bf73fb6a4910d65f30b Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:18:56 +0200
Subject: [PATCH] remove unused backend dependencies
saml and gofpdf are not used in the OSS edition of Grafana
after editing `pkg/extensions/main.go`, run `go mod tidy`
diff --git a/go.mod b/go.mod
index 951745c95f..5b1379fa98 100644
--- a/go.mod
+++ b/go.mod
@@ -27,7 +27,6 @@ require (
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
github.com/centrifugal/centrifuge v0.19.0
github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d
- github.com/crewjam/saml v0.4.6-0.20210521115923-29c6295245bd
github.com/davecgh/go-spew v1.1.1
github.com/denisenkom/go-mssqldb v0.12.0
github.com/dop251/goja v0.0.0-20210804101310-32956a348b49
@@ -63,7 +62,6 @@ require (
github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
github.com/jmespath/go-jmespath v0.4.0
github.com/json-iterator/go v1.1.12
- github.com/jung-kurt/gofpdf v1.16.2
github.com/lib/pq v1.10.4
github.com/linkedin/goavro/v2 v2.10.0
github.com/m3db/prometheus_remote_client_golang v0.4.4
@@ -191,7 +189,6 @@ require (
github.com/josharian/intern v1.0.0 // indirect
github.com/jpillora/backoff v1.0.0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
github.com/mattetti/filebuffer v1.0.1 // indirect
github.com/mattn/go-runewidth v0.0.9 // indirect
github.com/miekg/dns v1.1.43 // indirect
diff --git a/go.sum b/go.sum
index 0f2ad00d37..19e3489ca1 100644
--- a/go.sum
+++ b/go.sum
@@ -740,7 +740,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
@@ -766,7 +765,6 @@ github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
github.com/deepmap/oapi-codegen v1.6.0/go.mod h1:ryDa9AgbELGeB+YEXE1dR53yAjHwFvE9iAUlWl9Al3M=
github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU=
github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw=
@@ -923,7 +921,6 @@ github.com/fluent/fluent-bit-go v0.0.0-20190925192703-ea13c021720c/go.mod h1:WQX
github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
-github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g=
github.com/foxcpp/go-mockdns v0.0.0-20201212160233-ede2f9158d15/go.mod h1:tPg4cp4nseejPd+UKxtCVQ2hUxNTZ7qQZJa7CLriIeo=
@@ -1459,8 +1456,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.138.0 h1:uJWNwHL4RoQF3axoi3RDSwoNu/K
github.com/grafana/grafana-plugin-sdk-go v0.138.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa h1:+pXjAxavVR2FKKNsuuCXGCWEj8XGc1Af6SPiyBpzU2A=
github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa/go.mod h1:0O8o/juxNSKN/e+DzWDTRkl7Zm8CkZcz0NDqEdojlrk=
-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b h1:YiSGp34F4V0G08HHx1cJBf2GVgwYAkXQjzuVs1t8jYk=
-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b/go.mod h1:q83kyQoMD0vhy+RzFLlbw0UgHJ6TAihQpuXvdFmm4s4=
github.com/grafana/sqlds/v2 v2.3.7/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs=
github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751 h1:5PpsfN52XA0hxOjD/qQ0QNiEkp9Y9Tb+yz/Hj9fyL4M=
github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751/go.mod h1:KuqTKX9lfM87uu9vt9DS/q+REqSrAm2xYMnBBvlmevA=
@@ -1766,7 +1761,6 @@ github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52Cu
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak=
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
github.com/joncrlsn/dque v2.2.1-0.20200515025108-956d14155fa2+incompatible/go.mod h1:hDZb8oMj3Kp8MxtbNLg9vrtAUDHjgI1yZvqivT4O8Iw=
@@ -1801,8 +1795,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
github.com/kardianos/service v1.0.0/go.mod h1:8CzDhVuCuugtsHyZoTvsOBuvonN/UDBvl0kH+BUxvbo=
@@ -1930,8 +1922,6 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef
github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -2239,7 +2229,6 @@ github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHu
github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
-github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
@@ -2433,7 +2422,6 @@ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/russellhaering/goxmldsig v1.1.0/go.mod h1:QK8GhXPB3+AfuCrfo0oRISa9NfzeCpWmxeGnqEpDF9o=
github.com/russellhaering/goxmldsig v1.1.1 h1:vI0r2osGF1A9PLvsGdPUAGwEIrKa4Pj5sesSBsebIxM=
github.com/russellhaering/goxmldsig v1.1.1/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo=
@@ -2747,7 +2735,6 @@ github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX
github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA=
github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg=
github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE=
diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
index adcaff8ca6..c3110f590e 100644
--- a/pkg/extensions/main.go
+++ b/pkg/extensions/main.go
@@ -9,7 +9,6 @@ import (
_ "github.com/Azure/go-autorest/autorest/adal"
_ "github.com/beevik/etree"
_ "github.com/cortexproject/cortex/pkg/util"
- _ "github.com/crewjam/saml"
_ "github.com/gobwas/glob"
_ "github.com/googleapis/gax-go/v2"
_ "github.com/grafana/dskit/backoff"
@@ -17,7 +16,6 @@ import (
_ "github.com/grafana/loki/clients/pkg/promtail/client"
_ "github.com/grafana/loki/pkg/logproto"
_ "github.com/grpc-ecosystem/go-grpc-middleware"
- _ "github.com/jung-kurt/gofpdf"
_ "github.com/linkedin/goavro/v2"
_ "github.com/m3db/prometheus_remote_client_golang/promremote"
_ "github.com/pkg/errors"

877
SOURCES/0005-remove-unused-frontend-crypto.patch
Unescape View File

@ -0,0 +1,877 @@
From 0ee0768a196ba12b860b4a0920f729d5ce50ea3e Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Wed, 22 Jun 2022 17:36:47 +0200
Subject: [PATCH] remove unused frontend crypto
update `package.json` and then run `yarn install` to update the
`yarn.lock` lockfile
diff --git a/package.json b/package.json
index 5e2875090b..137a307f14 100644
--- a/package.json
+++ b/package.json
@@ -396,6 +396,9 @@
"whatwg-fetch": "3.6.2"
},
"resolutions": {
+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
"underscore": "1.13.3",
"@types/slate": "0.47.9",
"@microsoft/api-extractor-model": "7.17.3",
diff --git a/yarn.lock b/yarn.lock
index 8132e0f942..b41c0efb1b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -12256,34 +12256,6 @@ __metadata:
languageName: node
linkType: hard
-"asn1.js@npm:^5.2.0":
- version: 5.4.1
- resolution: "asn1.js@npm:5.4.1"
- dependencies:
- bn.js: ^4.0.0
- inherits: ^2.0.1
- minimalistic-assert: ^1.0.0
- safer-buffer: ^2.1.0
- checksum: 3786a101ac6f304bd4e9a7df79549a7561950a13d4bcaec0c7790d44c80d147c1a94ba3d4e663673406064642a40b23fcd6c82a9952468e386c1a1376d747f9a
- languageName: node
- linkType: hard
-
-"asn1@npm:~0.2.3":
- version: 0.2.4
- resolution: "asn1@npm:0.2.4"
- dependencies:
- safer-buffer: ~2.1.0
- checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c
- languageName: node
- linkType: hard
-
-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0":
- version: 1.0.0
- resolution: "assert-plus@npm:1.0.0"
- checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64
- languageName: node
- linkType: hard
-
"assert@npm:2.0.0":
version: 2.0.0
resolution: "assert@npm:2.0.0"
@@ -12870,15 +12842,6 @@ __metadata:
languageName: node
linkType: hard
-"bcrypt-pbkdf@npm:^1.0.0":
- version: 1.0.2
- resolution: "bcrypt-pbkdf@npm:1.0.2"
- dependencies:
- tweetnacl: ^0.14.3
- checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291
- languageName: node
- linkType: hard
-
"before-after-hook@npm:^2.2.0":
version: 2.2.2
resolution: "before-after-hook@npm:2.2.2"
@@ -12970,20 +12933,6 @@ __metadata:
languageName: node
linkType: hard
-"bn.js@npm:^4.0.0, bn.js@npm:^4.1.0, bn.js@npm:^4.11.9":
- version: 4.12.0
- resolution: "bn.js@npm:4.12.0"
- checksum: 39afb4f15f4ea537b55eaf1446c896af28ac948fdcf47171961475724d1bb65118cca49fa6e3d67706e4790955ec0e74de584e45c8f1ef89f46c812bee5b5a12
- languageName: node
- linkType: hard
-
-"bn.js@npm:^5.0.0, bn.js@npm:^5.1.1":
- version: 5.2.0
- resolution: "bn.js@npm:5.2.0"
- checksum: 6117170393200f68b35a061ecbf55d01dd989302e7b3c798a3012354fa638d124f0b2f79e63f77be5556be80322a09c40339eda6413ba7468524c0b6d4b4cb7a
- languageName: node
- linkType: hard
-
"body-parser@npm:1.19.0":
version: 1.19.0
resolution: "body-parser@npm:1.19.0"
@@ -13108,13 +13057,6 @@ __metadata:
languageName: node
linkType: hard
-"brorand@npm:^1.0.1, brorand@npm:^1.1.0":
- version: 1.1.0
- resolution: "brorand@npm:1.1.0"
- checksum: 8a05c9f3c4b46572dec6ef71012b1946db6cae8c7bb60ccd4b7dd5a84655db49fe043ecc6272e7ef1f69dc53d6730b9e2a3a03a8310509a3d797a618cbee52be
- languageName: node
- linkType: hard
-
"browser-process-hrtime@npm:^1.0.0":
version: 1.0.0
resolution: "browser-process-hrtime@npm:1.0.0"
@@ -13129,70 +13071,6 @@ __metadata:
languageName: node
linkType: hard
-"browserify-aes@npm:^1.0.0, browserify-aes@npm:^1.0.4":
- version: 1.2.0
- resolution: "browserify-aes@npm:1.2.0"
- dependencies:
- buffer-xor: ^1.0.3
- cipher-base: ^1.0.0
- create-hash: ^1.1.0
- evp_bytestokey: ^1.0.3
- inherits: ^2.0.1
- safe-buffer: ^5.0.1
- checksum: 4a17c3eb55a2aa61c934c286f34921933086bf6d67f02d4adb09fcc6f2fc93977b47d9d884c25619144fccd47b3b3a399e1ad8b3ff5a346be47270114bcf7104
- languageName: node
- linkType: hard
-
-"browserify-cipher@npm:^1.0.0":
- version: 1.0.1
- resolution: "browserify-cipher@npm:1.0.1"
- dependencies:
- browserify-aes: ^1.0.4
- browserify-des: ^1.0.0
- evp_bytestokey: ^1.0.0
- checksum: 2d8500acf1ee535e6bebe808f7a20e4c3a9e2ed1a6885fff1facbfd201ac013ef030422bec65ca9ece8ffe82b03ca580421463f9c45af6c8415fd629f4118c13
- languageName: node
- linkType: hard
-
-"browserify-des@npm:^1.0.0":
- version: 1.0.2
- resolution: "browserify-des@npm:1.0.2"
- dependencies:
- cipher-base: ^1.0.1
- des.js: ^1.0.0
- inherits: ^2.0.1
- safe-buffer: ^5.1.2
- checksum: b15a3e358a1d78a3b62ddc06c845d02afde6fc826dab23f1b9c016e643e7b1fda41de628d2110b712f6a44fb10cbc1800bc6872a03ddd363fb50768e010395b7
- languageName: node
- linkType: hard
-
-"browserify-rsa@npm:^4.0.0, browserify-rsa@npm:^4.0.1":
- version: 4.1.0
- resolution: "browserify-rsa@npm:4.1.0"
- dependencies:
- bn.js: ^5.0.0
- randombytes: ^2.0.1
- checksum: 155f0c135873efc85620571a33d884aa8810e40176125ad424ec9d85016ff105a07f6231650914a760cca66f29af0494087947b7be34880dd4599a0cd3c38e54
- languageName: node
- linkType: hard
-
-"browserify-sign@npm:^4.0.0":
- version: 4.2.1
- resolution: "browserify-sign@npm:4.2.1"
- dependencies:
- bn.js: ^5.1.1
- browserify-rsa: ^4.0.1
- create-hash: ^1.2.0
- create-hmac: ^1.1.7
- elliptic: ^6.5.3
- inherits: ^2.0.4
- parse-asn1: ^5.1.5
- readable-stream: ^3.6.0
- safe-buffer: ^5.2.0
- checksum: 0221f190e3f5b2d40183fa51621be7e838d9caa329fe1ba773406b7637855f37b30f5d83e52ff8f244ed12ffe6278dd9983638609ed88c841ce547e603855707
- languageName: node
- linkType: hard
-
"browserify-zlib@npm:^0.2.0":
version: 0.2.0
resolution: "browserify-zlib@npm:0.2.0"
@@ -13294,13 +13172,6 @@ __metadata:
languageName: node
linkType: hard
-"buffer-xor@npm:^1.0.3":
- version: 1.0.3
- resolution: "buffer-xor@npm:1.0.3"
- checksum: 10c520df29d62fa6e785e2800e586a20fc4f6dfad84bcdbd12e1e8a83856de1cb75c7ebd7abe6d036bbfab738a6cf18a3ae9c8e5a2e2eb3167ca7399ce65373a
- languageName: node
- linkType: hard
-
"buffer@npm:^4.3.0":
version: 4.9.2
resolution: "buffer@npm:4.9.2"
@@ -13896,16 +13767,6 @@ __metadata:
languageName: node
linkType: hard
-"cipher-base@npm:^1.0.0, cipher-base@npm:^1.0.1, cipher-base@npm:^1.0.3":
- version: 1.0.4
- resolution: "cipher-base@npm:1.0.4"
- dependencies:
- inherits: ^2.0.1
- safe-buffer: ^5.0.1
- checksum: 47d3568dbc17431a339bad1fe7dff83ac0891be8206911ace3d3b818fc695f376df809bea406e759cdea07fff4b454fa25f1013e648851bec790c1d75763032e
- languageName: node
- linkType: hard
-
"cjs-module-lexer@npm:^1.0.0":
version: 1.2.2
resolution: "cjs-module-lexer@npm:1.2.2"
@@ -14806,13 +14667,6 @@ __metadata:
languageName: node
linkType: hard
-"core-util-is@npm:1.0.2":
- version: 1.0.2
- resolution: "core-util-is@npm:1.0.2"
- checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab
- languageName: node
- linkType: hard
-
"core-util-is@npm:~1.0.0":
version: 1.0.3
resolution: "core-util-is@npm:1.0.3"
@@ -14882,16 +14736,6 @@ __metadata:
languageName: node
linkType: hard
-"create-ecdh@npm:^4.0.0":
- version: 4.0.4
- resolution: "create-ecdh@npm:4.0.4"
- dependencies:
- bn.js: ^4.1.0
- elliptic: ^6.5.3
- checksum: 0dd7fca9711d09e152375b79acf1e3f306d1a25ba87b8ff14c2fd8e68b83aafe0a7dd6c4e540c9ffbdd227a5fa1ad9b81eca1f233c38bb47770597ba247e614b
- languageName: node
- linkType: hard
-
"create-emotion@npm:^10.0.14, create-emotion@npm:^10.0.27":
version: 10.0.27
resolution: "create-emotion@npm:10.0.27"
@@ -14904,33 +14748,6 @@ __metadata:
languageName: node
linkType: hard
-"create-hash@npm:^1.1.0, create-hash@npm:^1.1.2, create-hash@npm:^1.2.0":
- version: 1.2.0
- resolution: "create-hash@npm:1.2.0"
- dependencies:
- cipher-base: ^1.0.1
- inherits: ^2.0.1
- md5.js: ^1.3.4
- ripemd160: ^2.0.1
- sha.js: ^2.4.0
- checksum: 02a6ae3bb9cd4afee3fabd846c1d8426a0e6b495560a977ba46120c473cb283be6aa1cace76b5f927cf4e499c6146fb798253e48e83d522feba807d6b722eaa9
- languageName: node
- linkType: hard
-
-"create-hmac@npm:^1.1.0, create-hmac@npm:^1.1.4, create-hmac@npm:^1.1.7":
- version: 1.1.7
- resolution: "create-hmac@npm:1.1.7"
- dependencies:
- cipher-base: ^1.0.3
- create-hash: ^1.1.0
- inherits: ^2.0.1
- ripemd160: ^2.0.0
- safe-buffer: ^5.0.1
- sha.js: ^2.4.8
- checksum: ba12bb2257b585a0396108c72830e85f882ab659c3320c83584b1037f8ab72415095167ced80dc4ce8e446a8ecc4b2acf36d87befe0707d73b26cf9dc77440ed
- languageName: node
- linkType: hard
-
"create-require@npm:^1.1.0":
version: 1.1.1
resolution: "create-require@npm:1.1.1"
@@ -14962,22 +14779,10 @@ __metadata:
languageName: node
linkType: hard
-"crypto-browserify@npm:^3.11.0":
- version: 3.12.0
- resolution: "crypto-browserify@npm:3.12.0"
- dependencies:
- browserify-cipher: ^1.0.0
- browserify-sign: ^4.0.0
- create-ecdh: ^4.0.0
- create-hash: ^1.1.0
- create-hmac: ^1.1.0
- diffie-hellman: ^5.0.0
- inherits: ^2.0.1
- pbkdf2: ^3.0.3
- public-encrypt: ^4.0.0
- randombytes: ^2.0.0
- randomfill: ^1.0.3
- checksum: c1609af82605474262f3eaa07daa0b2140026bd264ab316d4bf1170272570dbe02f0c49e29407fe0d3634f96c507c27a19a6765fb856fed854a625f9d15618e2
+"crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
+ version: 1.1.3
+ resolution: "crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
+ checksum: e233cb660c0eac1172e3c4da249aeaae92b222e9b870d64a427c7212833a1634e56e2f7601989b1a6a6cd0e8841ff3776cd18f8b56dfc20257b893987d624920
languageName: node
linkType: hard
@@ -15928,15 +15733,6 @@ __metadata:
languageName: node
linkType: hard
-"dashdash@npm:^1.12.0":
- version: 1.14.1
- resolution: "dashdash@npm:1.14.1"
- dependencies:
- assert-plus: ^1.0.0
- checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598
- languageName: node
- linkType: hard
-
"data-urls@npm:^2.0.0":
version: 2.0.0
resolution: "data-urls@npm:2.0.0"
@@ -16251,16 +16047,6 @@ __metadata:
languageName: node
linkType: hard
-"des.js@npm:^1.0.0":
- version: 1.0.1
- resolution: "des.js@npm:1.0.1"
- dependencies:
- inherits: ^2.0.1
- minimalistic-assert: ^1.0.0
- checksum: 1ec2eedd7ed6bd61dd5e0519fd4c96124e93bb22de8a9d211b02d63e5dd152824853d919bb2090f965cc0e3eb9c515950a9836b332020d810f9c71feb0fd7df4
- languageName: node
- linkType: hard
-
"destroy@npm:~1.0.4":
version: 1.0.4
resolution: "destroy@npm:1.0.4"
@@ -16397,17 +16183,6 @@ __metadata:
languageName: node
linkType: hard
-"diffie-hellman@npm:^5.0.0":
- version: 5.0.3
- resolution: "diffie-hellman@npm:5.0.3"
- dependencies:
- bn.js: ^4.1.0
- miller-rabin: ^4.0.0
- randombytes: ^2.0.0
- checksum: 0e620f322170c41076e70181dd1c24e23b08b47dbb92a22a644f3b89b6d3834b0f8ee19e37916164e5eb1ee26d2aa836d6129f92723995267250a0b541811065
- languageName: node
- linkType: hard
-
"dir-glob@npm:^2.2.2":
version: 2.2.2
resolution: "dir-glob@npm:2.2.2"
@@ -16694,16 +16469,6 @@ __metadata:
languageName: node
linkType: hard
-"ecc-jsbn@npm:~0.1.1":
- version: 0.1.2
- resolution: "ecc-jsbn@npm:0.1.2"
- dependencies:
- jsbn: ~0.1.0
- safer-buffer: ^2.1.0
- checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a
- languageName: node
- linkType: hard
-
"ee-first@npm:1.1.1":
version: 1.1.1
resolution: "ee-first@npm:1.1.1"
@@ -16748,21 +16513,6 @@ __metadata:
languageName: node
linkType: hard
-"elliptic@npm:^6.5.3":
- version: 6.5.4
- resolution: "elliptic@npm:6.5.4"
- dependencies:
- bn.js: ^4.11.9
- brorand: ^1.1.0
- hash.js: ^1.0.0
- hmac-drbg: ^1.0.1
- inherits: ^2.0.4
- minimalistic-assert: ^1.0.1
- minimalistic-crypto-utils: ^1.0.1
- checksum: d56d21fd04e97869f7ffcc92e18903b9f67f2d4637a23c860492fbbff5a3155fd9ca0184ce0c865dd6eb2487d234ce9551335c021c376cd2d3b7cb749c7d10f4
- languageName: node
- linkType: hard
-
"emitter-component@npm:^1.1.1":
version: 1.1.1
resolution: "emitter-component@npm:1.1.1"
@@ -17716,17 +17466,6 @@ __metadata:
languageName: node
linkType: hard
-"evp_bytestokey@npm:^1.0.0, evp_bytestokey@npm:^1.0.3":
- version: 1.0.3
- resolution: "evp_bytestokey@npm:1.0.3"
- dependencies:
- md5.js: ^1.3.4
- node-gyp: latest
- safe-buffer: ^5.1.1
- checksum: ad4e1577f1a6b721c7800dcc7c733fe01f6c310732bb5bf2240245c2a5b45a38518b91d8be2c610611623160b9d1c0e91f1ce96d639f8b53e8894625cf20fa45
- languageName: node
- linkType: hard
-
"exec-sh@npm:^0.3.2":
version: 0.3.6
resolution: "exec-sh@npm:0.3.6"
@@ -18006,20 +17745,6 @@ __metadata:
languageName: node
linkType: hard
-"extsprintf@npm:1.3.0":
- version: 1.3.0
- resolution: "extsprintf@npm:1.3.0"
- checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2
- languageName: node
- linkType: hard
-
-"extsprintf@npm:^1.2.0":
- version: 1.4.0
- resolution: "extsprintf@npm:1.4.0"
- checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e
- languageName: node
- linkType: hard
-
"fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
version: 3.1.3
resolution: "fast-deep-equal@npm:3.1.3"
@@ -19046,15 +18771,6 @@ __metadata:
languageName: node
linkType: hard
-"getpass@npm:^0.1.1":
- version: 0.1.7
- resolution: "getpass@npm:0.1.7"
- dependencies:
- assert-plus: ^1.0.0
- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046
- languageName: node
- linkType: hard
-
"git-raw-commits@npm:^2.0.8":
version: 2.0.10
resolution: "git-raw-commits@npm:2.0.10"
@@ -19887,27 +19603,6 @@ __metadata:
languageName: node
linkType: hard
-"hash-base@npm:^3.0.0":
- version: 3.1.0
- resolution: "hash-base@npm:3.1.0"
- dependencies:
- inherits: ^2.0.4
- readable-stream: ^3.6.0
- safe-buffer: ^5.2.0
- checksum: 26b7e97ac3de13cb23fc3145e7e3450b0530274a9562144fc2bf5c1e2983afd0e09ed7cc3b20974ba66039fad316db463da80eb452e7373e780cbee9a0d2f2dc
- languageName: node
- linkType: hard
-
-"hash.js@npm:^1.0.0, hash.js@npm:^1.0.3":
- version: 1.1.7
- resolution: "hash.js@npm:1.1.7"
- dependencies:
- inherits: ^2.0.3
- minimalistic-assert: ^1.0.1
- checksum: e350096e659c62422b85fa508e4b3669017311aa4c49b74f19f8e1bc7f3a54a584fdfd45326d4964d6011f2b2d882e38bea775a96046f2a61b7779a979629d8f
- languageName: node
- linkType: hard
-
"hast-to-hyperscript@npm:^9.0.0":
version: 9.0.1
resolution: "hast-to-hyperscript@npm:9.0.1"
@@ -20043,17 +19738,6 @@ __metadata:
languageName: node
linkType: hard
-"hmac-drbg@npm:^1.0.1":
- version: 1.0.1
- resolution: "hmac-drbg@npm:1.0.1"
- dependencies:
- hash.js: ^1.0.3
- minimalistic-assert: ^1.0.0
- minimalistic-crypto-utils: ^1.0.1
- checksum: bd30b6a68d7f22d63f10e1888aee497d7c2c5c0bb469e66bbdac99f143904d1dfe95f8131f95b3e86c86dd239963c9d972fcbe147e7cffa00e55d18585c43fe0
- languageName: node
- linkType: hard
-
"hoist-non-react-statics@npm:3.3.2, hoist-non-react-statics@npm:^3.1.0, hoist-non-react-statics@npm:^3.3.0, hoist-non-react-statics@npm:^3.3.1, hoist-non-react-statics@npm:^3.3.2":
version: 3.3.2
resolution: "hoist-non-react-statics@npm:3.3.2"
@@ -20394,25 +20078,10 @@ __metadata:
languageName: node
linkType: hard
-"http-signature@npm:~1.2.0":
- version: 1.2.0
- resolution: "http-signature@npm:1.2.0"
- dependencies:
- assert-plus: ^1.0.0
- jsprim: ^1.2.2
- sshpk: ^1.7.0
- checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c
- languageName: node
- linkType: hard
-
-"http-signature@npm:~1.3.6":
- version: 1.3.6
- resolution: "http-signature@npm:1.3.6"
- dependencies:
- assert-plus: ^1.0.0
- jsprim: ^2.0.2
- sshpk: ^1.14.1
- checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c
+"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
+ version: 1.1.3
+ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
+ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1
languageName: node
linkType: hard
@@ -22562,13 +22231,6 @@ __metadata:
languageName: node
linkType: hard
-"jsbn@npm:~0.1.0":
- version: 0.1.1
- resolution: "jsbn@npm:0.1.1"
- checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2
- languageName: node
- linkType: hard
-
"jsdoc-type-pratt-parser@npm:~2.2.5":
version: 2.2.5
resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
@@ -22683,13 +22345,6 @@ __metadata:
languageName: node
linkType: hard
-"json-schema@npm:0.2.3, json-schema@npm:0.4.0":
- version: 0.4.0
- resolution: "json-schema@npm:0.4.0"
- checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72
- languageName: node
- linkType: hard
-
"json-source-map@npm:0.6.1":
version: 0.6.1
resolution: "json-source-map@npm:0.6.1"
@@ -22793,30 +22448,6 @@ __metadata:
languageName: node
linkType: hard
-"jsprim@npm:^1.2.2":
- version: 1.4.1
- resolution: "jsprim@npm:1.4.1"
- dependencies:
- assert-plus: 1.0.0
- extsprintf: 1.3.0
- json-schema: 0.2.3
- verror: 1.10.0
- checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373
- languageName: node
- linkType: hard
-
-"jsprim@npm:^2.0.2":
- version: 2.0.2
- resolution: "jsprim@npm:2.0.2"
- dependencies:
- assert-plus: 1.0.0
- extsprintf: 1.3.0
- json-schema: 0.4.0
- verror: 1.10.0
- checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838
- languageName: node
- linkType: hard
-
"jsurl@npm:^0.1.5":
version: 0.1.5
resolution: "jsurl@npm:0.1.5"
@@ -23818,17 +23449,6 @@ __metadata:
languageName: node
linkType: hard
-"md5.js@npm:^1.3.4":
- version: 1.3.5
- resolution: "md5.js@npm:1.3.5"
- dependencies:
- hash-base: ^3.0.0
- inherits: ^2.0.1
- safe-buffer: ^5.1.2
- checksum: 098494d885684bcc4f92294b18ba61b7bd353c23147fbc4688c75b45cb8590f5a95fd4584d742415dcc52487f7a1ef6ea611cfa1543b0dc4492fe026357f3f0c
- languageName: node
- linkType: hard
-
"mdast-squeeze-paragraphs@npm:^4.0.0":
version: 4.0.0
resolution: "mdast-squeeze-paragraphs@npm:4.0.0"
@@ -24108,18 +23728,6 @@ __metadata:
languageName: node
linkType: hard
-"miller-rabin@npm:^4.0.0":
- version: 4.0.1
- resolution: "miller-rabin@npm:4.0.1"
- dependencies:
- bn.js: ^4.0.0
- brorand: ^1.0.1
- bin:
- miller-rabin: bin/miller-rabin
- checksum: 00cd1ab838ac49b03f236cc32a14d29d7d28637a53096bf5c6246a032a37749c9bd9ce7360cbf55b41b89b7d649824949ff12bc8eee29ac77c6b38eada619ece
- languageName: node
- linkType: hard
-
"mime-db@npm:1.50.0, mime-db@npm:>= 1.43.0 < 2":
version: 1.50.0
resolution: "mime-db@npm:1.50.0"
@@ -24247,20 +23855,13 @@ __metadata:
languageName: node
linkType: hard
-"minimalistic-assert@npm:^1.0.0, minimalistic-assert@npm:^1.0.1":
+"minimalistic-assert@npm:^1.0.0":
version: 1.0.1
resolution: "minimalistic-assert@npm:1.0.1"
checksum: cc7974a9268fbf130fb055aff76700d7e2d8be5f761fb5c60318d0ed010d839ab3661a533ad29a5d37653133385204c503bfac995aaa4236f4e847461ea32ba7
languageName: node
linkType: hard
-"minimalistic-crypto-utils@npm:^1.0.1":
- version: 1.0.1
- resolution: "minimalistic-crypto-utils@npm:1.0.1"
- checksum: 6e8a0422b30039406efd4c440829ea8f988845db02a3299f372fceba56ffa94994a9c0f2fd70c17f9969eedfbd72f34b5070ead9656a34d3f71c0bd72583a0ed
- languageName: node
- linkType: hard
-
"minimatch@npm:3.0.4, minimatch@npm:^3.0.4":
version: 3.0.4
resolution: "minimatch@npm:3.0.4"
@@ -24903,13 +24504,6 @@ __metadata:
languageName: node
linkType: hard
-"node-forge@npm:^1":
- version: 1.3.1
- resolution: "node-forge@npm:1.3.1"
- checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9
- languageName: node
- linkType: hard
-
"node-gettext@npm:^3.0.0":
version: 3.0.0
resolution: "node-gettext@npm:3.0.0"
@@ -26024,19 +25618,6 @@ __metadata:
languageName: node
linkType: hard
-"parse-asn1@npm:^5.0.0, parse-asn1@npm:^5.1.5":
- version: 5.1.6
- resolution: "parse-asn1@npm:5.1.6"
- dependencies:
- asn1.js: ^5.2.0
- browserify-aes: ^1.0.0
- evp_bytestokey: ^1.0.0
- pbkdf2: ^3.0.3
- safe-buffer: ^5.1.1
- checksum: 9243311d1f88089bc9f2158972aa38d1abd5452f7b7cabf84954ed766048fe574d434d82c6f5a39b988683e96fb84cd933071dda38927e03469dc8c8d14463c7
- languageName: node
- linkType: hard
-
"parse-entities@npm:^2.0.0":
version: 2.0.0
resolution: "parse-entities@npm:2.0.0"
@@ -26258,19 +25839,6 @@ __metadata:
languageName: node
linkType: hard
-"pbkdf2@npm:^3.0.3":
- version: 3.1.2
- resolution: "pbkdf2@npm:3.1.2"
- dependencies:
- create-hash: ^1.1.2
- create-hmac: ^1.1.4
- ripemd160: ^2.0.1
- safe-buffer: ^5.0.1
- sha.js: ^2.4.8
- checksum: 2c950a100b1da72123449208e231afc188d980177d021d7121e96a2de7f2abbc96ead2b87d03d8fe5c318face097f203270d7e27908af9f471c165a4e8e69c92
- languageName: node
- linkType: hard
-
"pend@npm:~1.2.0":
version: 1.2.0
resolution: "pend@npm:1.2.0"
@@ -27959,20 +27527,6 @@ __metadata:
languageName: node
linkType: hard
-"public-encrypt@npm:^4.0.0":
- version: 4.0.3
- resolution: "public-encrypt@npm:4.0.3"
- dependencies:
- bn.js: ^4.1.0
- browserify-rsa: ^4.0.0
- create-hash: ^1.1.0
- parse-asn1: ^5.0.0
- randombytes: ^2.0.1
- safe-buffer: ^5.1.2
- checksum: 215d446e43cef021a20b67c1df455e5eea134af0b1f9b8a35f9e850abf32991b0c307327bc5b9bc07162c288d5cdb3d4a783ea6c6640979ed7b5017e3e0c9935
- languageName: node
- linkType: hard
-
"pump@npm:^2.0.0":
version: 2.0.1
resolution: "pump@npm:2.0.1"
@@ -28181,7 +27735,7 @@ __metadata:
languageName: node
linkType: hard
-"randombytes@npm:^2.0.0, randombytes@npm:^2.0.1, randombytes@npm:^2.0.5, randombytes@npm:^2.1.0":
+"randombytes@npm:^2.1.0":
version: 2.1.0
resolution: "randombytes@npm:2.1.0"
dependencies:
@@ -28190,16 +27744,6 @@ __metadata:
languageName: node
linkType: hard
-"randomfill@npm:^1.0.3":
- version: 1.0.4
- resolution: "randomfill@npm:1.0.4"
- dependencies:
- randombytes: ^2.0.5
- safe-buffer: ^5.1.0
- checksum: 33734bb578a868d29ee1b8555e21a36711db084065d94e019a6d03caa67debef8d6a1bfd06a2b597e32901ddc761ab483a85393f0d9a75838f1912461d4dbfc7
- languageName: node
- linkType: hard
-
"range-parser@npm:^1.2.1, range-parser@npm:~1.2.1":
version: 1.2.1
resolution: "range-parser@npm:1.2.1"
@@ -30443,16 +29987,6 @@ __metadata:
languageName: node
linkType: hard
-"ripemd160@npm:^2.0.0, ripemd160@npm:^2.0.1":
- version: 2.0.2
- resolution: "ripemd160@npm:2.0.2"
- dependencies:
- hash-base: ^3.0.0
- inherits: ^2.0.1
- checksum: 006accc40578ee2beae382757c4ce2908a826b27e2b079efdcd2959ee544ddf210b7b5d7d5e80467807604244e7388427330f5c6d4cd61e6edaddc5773ccc393
- languageName: node
- linkType: hard
-
"rollup-plugin-copy@npm:3.4.0":
version: 3.4.0
resolution: "rollup-plugin-copy@npm:3.4.0"
@@ -30638,7 +30172,7 @@ __metadata:
languageName: node
linkType: hard
-"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.1, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.0, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0":
+"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0":
version: 5.2.1
resolution: "safe-buffer@npm:5.2.1"
checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491
@@ -30654,7 +30188,7 @@ __metadata:
languageName: node
linkType: hard
-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0":
+"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0":
version: 2.1.2
resolution: "safer-buffer@npm:2.1.2"
checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
@@ -30891,12 +30425,10 @@ __metadata:
languageName: node
linkType: hard
-"selfsigned@npm:^2.0.1":
- version: 2.0.1
- resolution: "selfsigned@npm:2.0.1"
- dependencies:
- node-forge: ^1
- checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93
+"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
+ version: 1.1.3
+ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
+ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d
languageName: node
linkType: hard
@@ -31133,18 +30665,6 @@ __metadata:
languageName: node
linkType: hard
-"sha.js@npm:^2.4.0, sha.js@npm:^2.4.8":
- version: 2.4.11
- resolution: "sha.js@npm:2.4.11"
- dependencies:
- inherits: ^2.0.1
- safe-buffer: ^5.0.1
- bin:
- sha.js: ./bin.js
- checksum: ebd3f59d4b799000699097dadb831c8e3da3eb579144fd7eb7a19484cbcbb7aca3c68ba2bb362242eb09e33217de3b4ea56e4678184c334323eca24a58e3ad07
- languageName: node
- linkType: hard
-
"shallow-clone@npm:^3.0.0":
version: 3.0.1
resolution: "shallow-clone@npm:3.0.1"
@@ -31830,27 +31350,6 @@ __metadata:
languageName: node
linkType: hard
-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0":
- version: 1.16.1
- resolution: "sshpk@npm:1.16.1"
- dependencies:
- asn1: ~0.2.3
- assert-plus: ^1.0.0
- bcrypt-pbkdf: ^1.0.0
- dashdash: ^1.12.0
- ecc-jsbn: ~0.1.1
- getpass: ^0.1.1
- jsbn: ~0.1.0
- safer-buffer: ^2.0.2
- tweetnacl: ~0.14.0
- bin:
- sshpk-conv: bin/sshpk-conv
- sshpk-sign: bin/sshpk-sign
- sshpk-verify: bin/sshpk-verify
- checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857
- languageName: node
- linkType: hard
-
"ssri@npm:^6.0.1":
version: 6.0.2
resolution: "ssri@npm:6.0.2"
@@ -33509,13 +33008,6 @@ __metadata:
languageName: node
linkType: hard
-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0":
- version: 0.14.5
- resolution: "tweetnacl@npm:0.14.5"
- checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487
- languageName: node
- linkType: hard
-
"type-check@npm:^0.4.0, type-check@npm:~0.4.0":
version: 0.4.0
resolution: "type-check@npm:0.4.0"
@@ -34329,17 +33821,6 @@ __metadata:
languageName: node
linkType: soft
-"verror@npm:1.10.0":
- version: 1.10.0
- resolution: "verror@npm:1.10.0"
- dependencies:
- assert-plus: ^1.0.0
- core-util-is: 1.0.2
- extsprintf: ^1.2.0
- checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea
- languageName: node
- linkType: hard
-
"vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0":
version: 3.2.0
resolution: "vfile-location@npm:3.2.0"

358
SOURCES/0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch
Unescape View File

@ -0,0 +1,358 @@
From 5749f50533225b5d38fed1ed86b1c893cc0466b5 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Thu, 25 Nov 2021 18:49:52 +0100
Subject: [PATCH] notifications: use HMAC-SHA256 to generate password reset
tokens
* changes the time limit code generation function to use HMAC-SHA256
instead of SHA-1
* multiple new testcases
diff --git a/pkg/services/notifications/codes.go b/pkg/services/notifications/codes.go
index 32cd5dd7cd..72d33e3814 100644
--- a/pkg/services/notifications/codes.go
+++ b/pkg/services/notifications/codes.go
@@ -1,48 +1,53 @@
package notifications
import (
- "crypto/sha1" // #nosec
+ "crypto/hmac"
+ "crypto/sha256"
"encoding/hex"
"fmt"
+ "strconv"
"time"
- "github.com/unknwon/com"
-
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
)
-const timeLimitCodeLength = 12 + 6 + 40
+const timeLimitStartDateLength = 12
+const timeLimitMinutesLength = 6
+const timeLimitHmacLength = 64
+const timeLimitCodeLength = timeLimitStartDateLength + timeLimitMinutesLength + timeLimitHmacLength
// create a time limit code
-// code format: 12 length date time string + 6 minutes string + 40 sha1 encoded string
-func createTimeLimitCode(data string, minutes int, startInf interface{}) (string, error) {
+// code format: 12 length date time string + 6 minutes string + 64 HMAC-SHA256 encoded string
+func createTimeLimitCode(payload string, minutes int, startStr string) (string, error) {
format := "200601021504"
var start, end time.Time
- var startStr, endStr string
+ var endStr string
- if startInf == nil {
+ if startStr == "" {
// Use now time create code
start = time.Now()
startStr = start.Format(format)
} else {
// use start string create code
- startStr = startInf.(string)
- start, _ = time.ParseInLocation(format, startStr, time.Local)
- startStr = start.Format(format)
+ var err error
+ start, err = time.ParseInLocation(format, startStr, time.Local)
+ if err != nil {
+ return "", err
+ }
}
end = start.Add(time.Minute * time.Duration(minutes))
endStr = end.Format(format)
- // create sha1 encode string
- sh := sha1.New()
- if _, err := sh.Write([]byte(data + setting.SecretKey + startStr + endStr +
- com.ToStr(minutes))); err != nil {
- return "", err
+ // create HMAC-SHA256 encoded string
+ key := []byte(setting.SecretKey)
+ h := hmac.New(sha256.New, key)
+ if _, err := h.Write([]byte(payload + startStr + endStr)); err != nil {
+ return "", fmt.Errorf("cannot create hmac: %v", err)
}
- encoded := hex.EncodeToString(sh.Sum(nil))
+ encoded := hex.EncodeToString(h.Sum(nil))
code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded)
return code, nil
@@ -50,29 +55,32 @@ func createTimeLimitCode(data string, minutes int, startInf interface{}) (string
// verify time limit code
func validateUserEmailCode(cfg *setting.Cfg, user *models.User, code string) (bool, error) {
- if len(code) <= 18 {
+ if len(code) < timeLimitCodeLength {
return false, nil
}
- minutes := cfg.EmailCodeValidMinutes
code = code[:timeLimitCodeLength]
// split code
- start := code[:12]
- lives := code[12:18]
- if d, err := com.StrTo(lives).Int(); err == nil {
- minutes = d
+ startStr := code[:timeLimitStartDateLength]
+ minutesStr := code[timeLimitStartDateLength : timeLimitStartDateLength+timeLimitMinutesLength]
+ minutes, err := strconv.Atoi(minutesStr)
+ if err != nil {
+ return false, fmt.Errorf("invalid time limit code: %v", err)
}
// right active code
- data := com.ToStr(user.Id) + user.Email + user.Login + user.Password + user.Rands
- retCode, err := createTimeLimitCode(data, minutes, start)
+ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
+ expectedCode, err := createTimeLimitCode(payload, minutes, startStr)
if err != nil {
return false, err
}
- if retCode == code && minutes > 0 {
+ if hmac.Equal([]byte(code), []byte(expectedCode)) && minutes > 0 {
// check time is expired or not
- before, _ := time.ParseInLocation("200601021504", start, time.Local)
+ before, err := time.ParseInLocation("200601021504", startStr, time.Local)
+ if err != nil {
+ return false, err
+ }
now := time.Now()
if before.Add(time.Minute*time.Duration(minutes)).Unix() > now.Unix() {
return true, nil
@@ -93,15 +101,15 @@ func getLoginForEmailCode(code string) string {
return string(b)
}
-func createUserEmailCode(cfg *setting.Cfg, u *models.User, startInf interface{}) (string, error) {
+func createUserEmailCode(cfg *setting.Cfg, user *models.User, startStr string) (string, error) {
minutes := cfg.EmailCodeValidMinutes
- data := com.ToStr(u.Id) + u.Email + u.Login + u.Password + u.Rands
- code, err := createTimeLimitCode(data, minutes, startInf)
+ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
+ code, err := createTimeLimitCode(payload, minutes, startStr)
if err != nil {
return "", err
}
// add tail hex username
- code += hex.EncodeToString([]byte(u.Login))
+ code += hex.EncodeToString([]byte(user.Login))
return code, nil
}
diff --git a/pkg/services/notifications/codes_test.go b/pkg/services/notifications/codes_test.go
index a314c8deca..be9b68ca69 100644
--- a/pkg/services/notifications/codes_test.go
+++ b/pkg/services/notifications/codes_test.go
@@ -1,7 +1,10 @@
package notifications
import (
+ "fmt"
+ "strconv"
"testing"
+ "time"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting"
@@ -9,18 +12,126 @@ import (
"github.com/stretchr/testify/require"
)
+func TestTimeLimitCodes(t *testing.T) {
+ cfg := setting.NewCfg()
+ cfg.EmailCodeValidMinutes = 120
+ user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"}
+
+ format := "200601021504"
+ mailPayload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands
+ tenMinutesAgo := time.Now().Add(-time.Minute * 10)
+
+ tests := []struct {
+ desc string
+ payload string
+ start time.Time
+ minutes int
+ valid bool
+ }{
+ {
+ desc: "code generated 10 minutes ago, 5 minutes valid",
+ payload: mailPayload,
+ start: tenMinutesAgo,
+ minutes: 5,
+ valid: false,
+ },
+ {
+ desc: "code generated 10 minutes ago, 9 minutes valid",
+ payload: mailPayload,
+ start: tenMinutesAgo,
+ minutes: 9,
+ valid: false,
+ },
+ {
+ desc: "code generated 10 minutes ago, 10 minutes valid",
+ payload: mailPayload,
+ start: tenMinutesAgo,
+ minutes: 10,
+ // code was valid exactly 10 minutes since evaluating the tenMinutesAgo assignment
+ // by the time this test is run the code is already expired
+ valid: false,
+ },
+ {
+ desc: "code generated 10 minutes ago, 11 minutes valid",
+ payload: mailPayload,
+ start: tenMinutesAgo,
+ minutes: 11,
+ valid: true,
+ },
+ {
+ desc: "code generated 10 minutes ago, 20 minutes valid",
+ payload: mailPayload,
+ start: tenMinutesAgo,
+ minutes: 20,
+ valid: true,
+ },
+ {
+ desc: "code generated 10 minutes ago, 20 minutes valid, tampered payload",
+ payload: mailPayload[:len(mailPayload)-1] + "x",
+ start: tenMinutesAgo,
+ minutes: 20,
+ valid: false,
+ },
+ }
+
+ for _, test := range tests {
+ t.Run(test.desc, func(t *testing.T) {
+ code, err := createTimeLimitCode(test.payload, test.minutes, test.start.Format(format))
+ require.NoError(t, err)
+
+ isValid, err := validateUserEmailCode(cfg, user, code)
+ require.NoError(t, err)
+ require.Equal(t, test.valid, isValid)
+ })
+ }
+
+ t.Run("tampered minutes", func(t *testing.T) {
+ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format))
+ require.NoError(t, err)
+
+ // code is expired
+ isValid, err := validateUserEmailCode(cfg, user, code)
+ require.NoError(t, err)
+ require.Equal(t, false, isValid)
+
+ // let's try to extend the code by tampering the minutes
+ code = code[:12] + fmt.Sprintf("%06d", 20) + code[18:]
+ isValid, err = validateUserEmailCode(cfg, user, code)
+ require.NoError(t, err)
+ require.Equal(t, false, isValid)
+ })
+
+ t.Run("tampered start string", func(t *testing.T) {
+ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format))
+ require.NoError(t, err)
+
+ // code is expired
+ isValid, err := validateUserEmailCode(cfg, user, code)
+ require.NoError(t, err)
+ require.Equal(t, false, isValid)
+
+ // let's try to extend the code by tampering the start string
+ oneMinuteAgo := time.Now().Add(-time.Minute)
+
+ code = oneMinuteAgo.Format(format) + code[12:]
+ isValid, err = validateUserEmailCode(cfg, user, code)
+ require.NoError(t, err)
+ require.Equal(t, false, isValid)
+ })
+}
+
func TestEmailCodes(t *testing.T) {
t.Run("When generating code", func(t *testing.T) {
cfg := setting.NewCfg()
cfg.EmailCodeValidMinutes = 120
user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"}
- code, err := createUserEmailCode(cfg, user, nil)
+ code, err := createUserEmailCode(cfg, user, "")
require.NoError(t, err)
t.Run("getLoginForCode should return login", func(t *testing.T) {
login := getLoginForEmailCode(code)
- require.Equal(t, login, "asd")
+ require.Equal(t, "asd", login)
})
t.Run("Can verify valid code", func(t *testing.T) {
@@ -29,7 +140,7 @@ func TestEmailCodes(t *testing.T) {
require.True(t, isValid)
})
- t.Run("Cannot verify in-valid code", func(t *testing.T) {
+ t.Run("Cannot verify invalid code", func(t *testing.T) {
code = "ASD"
isValid, err := validateUserEmailCode(cfg, user, code)
require.NoError(t, err)
diff --git a/pkg/services/notifications/notifications.go b/pkg/services/notifications/notifications.go
index 84a0d42cb6..52facd0992 100644
--- a/pkg/services/notifications/notifications.go
+++ b/pkg/services/notifications/notifications.go
@@ -168,7 +168,7 @@ func (ns *NotificationService) SendEmailCommandHandler(ctx context.Context, cmd
}
func (ns *NotificationService) SendResetPasswordEmail(ctx context.Context, cmd *models.SendResetPasswordEmailCommand) error {
- code, err := createUserEmailCode(ns.Cfg, cmd.User, nil)
+ code, err := createUserEmailCode(ns.Cfg, cmd.User, "")
if err != nil {
return err
}
diff --git a/pkg/services/notifications/notifications_test.go b/pkg/services/notifications/notifications_test.go
index 71970e20a0..6f4b318fe0 100644
--- a/pkg/services/notifications/notifications_test.go
+++ b/pkg/services/notifications/notifications_test.go
@@ -2,6 +2,7 @@ package notifications
import (
"context"
+ "regexp"
"testing"
"github.com/grafana/grafana/pkg/bus"
@@ -185,7 +186,8 @@ func TestSendEmailAsync(t *testing.T) {
t.Run("When sending reset email password", func(t *testing.T) {
sut, _ := createSut(t, bus)
- err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &models.User{Email: "asd@asd.com"}})
+ user := models.User{Email: "asd@asd.com", Login: "asd@asd.com"}
+ err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &user})
require.NoError(t, err)
sentMsg := <-sut.mailQueue
@@ -194,6 +196,21 @@ func TestSendEmailAsync(t *testing.T) {
assert.Equal(t, "Reset your Grafana password - asd@asd.com", sentMsg.Subject)
assert.NotContains(t, sentMsg.Body["text/html"], "Subject")
assert.NotContains(t, sentMsg.Body["text/plain"], "Subject")
+
+ // find code in mail
+ r, _ := regexp.Compile(`code=(\w+)`)
+ match := r.FindString(sentMsg.Body["text/plain"])
+ code := match[len("code="):]
+
+ // verify code
+ query := models.ValidateResetPasswordCodeQuery{Code: code}
+ getUserByLogin := func(ctx context.Context, login string) (*models.User, error) {
+ query := models.GetUserByLoginQuery{LoginOrEmail: login}
+ query.Result = &user
+ return query.Result, nil
+ }
+ err = sut.ValidateResetPasswordCode(context.Background(), &query, getUserByLogin)
+ require.NoError(t, err)
})
t.Run("When SMTP disabled in configuration", func(t *testing.T) {

21
SOURCES/0007-skip-marketplace-plugin-install-test.patch
Unescape View File

@ -0,0 +1,21 @@
From 03a5c7f452efb1dbf605bba8caf3e86e15888c25 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Thu, 23 Jun 2022 17:00:46 +0200
Subject: [PATCH] skip marketplace plugin install test
This test (tries to) install a plugin from the Grafana marketplace.
Network connectivity is disabled in the build environment for security
reasons, therefore we need to disable this test.
diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go
index e86ce50830..fd60fbe67c 100644
--- a/pkg/tests/api/plugins/api_plugins_test.go
+++ b/pkg/tests/api/plugins/api_plugins_test.go
@@ -55,6 +55,7 @@ func TestPlugins(t *testing.T) {
})
t.Run("Request is not forbidden if from an admin", func(t *testing.T) {
+ t.Skip("this test requires connectivity to the Grafana plugin marketplace (fetching metadata)")
statusCode, body := makePostRequest(t, grafanaAPIURL(usernameAdmin, grafanaListedAddr, "plugins/test/install"))
assert.Equal(t, 404, statusCode)

20
SOURCES/0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
Unescape View File

@ -0,0 +1,20 @@
From dc4e1c882d28db17064bd4fb788775a86ebfe066 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Mon, 27 Jun 2022 17:12:27 +0200
Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
on 32-bit architectures
diff --git a/pkg/tsdb/prometheus/buffered/time_series_query.go b/pkg/tsdb/prometheus/buffered/time_series_query.go
index 40db2d9100..0af2d3ecab 100644
--- a/pkg/tsdb/prometheus/buffered/time_series_query.go
+++ b/pkg/tsdb/prometheus/buffered/time_series_query.go
@@ -326,7 +326,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
return time.Duration(0)
}
- rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
+ rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
return rateInterval
}

20
SOURCES/0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch
Unescape View File

@ -0,0 +1,20 @@
From 09be2f6709e7d05a2f75756c5f58b0602b54af72 Mon Sep 17 00:00:00 2001
From: Andreas Gerstmayr <agerstmayr@redhat.com>
Date: Tue, 5 Jul 2022 17:04:13 +0200
Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation
on 32-bit architectures 2
diff --git a/pkg/tsdb/prometheus/models/query.go b/pkg/tsdb/prometheus/models/query.go
index bdd48d08ed..aa2b1f9945 100644
--- a/pkg/tsdb/prometheus/models/query.go
+++ b/pkg/tsdb/prometheus/models/query.go
@@ -181,7 +181,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv
return time.Duration(0)
}
- rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
+ rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration))))
return rateInterval
}

100
SOURCES/0010-v9.0.x-Login-email-before-username-57406.patch
Unescape View File

@ -0,0 +1,100 @@
From 74f3c59f7096b5c31d5c218310b20775eb111d0f Mon Sep 17 00:00:00 2001
From: Karl Persson <kalle.persson@grafana.com>
Date: Fri, 21 Oct 2022 14:15:21 +0200
Subject: [PATCH] [v9.0.x] Login email before username (#57406)
* Add test for username/login field conflict
* Swap order of login fields
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go
index 9cd80da396..00e3ddc2df 100644
--- a/pkg/services/sqlstore/user.go
+++ b/pkg/services/sqlstore/user.go
@@ -170,20 +170,24 @@ func (ss *SQLStore) GetUserByLogin(ctx context.Context, query *models.GetUserByL
return models.ErrUserNotFound
}
- // Try and find the user by login first.
- // It's not sufficient to assume that a LoginOrEmail with an "@" is an email.
+ var has bool
+ var err error
user := &models.User{Login: query.LoginOrEmail}
- has, err := sess.Where(notServiceAccountFilter(ss)).Get(user)
-
- if err != nil {
- return err
- }
- if !has && strings.Contains(query.LoginOrEmail, "@") {
- // If the user wasn't found, and it contains an "@" fallback to finding the
- // user by email.
+ // Since username can be an email address, attempt login with email address
+ // first if the login field has the "@" symbol.
+ if strings.Contains(query.LoginOrEmail, "@") {
user = &models.User{Email: query.LoginOrEmail}
has, err = sess.Get(user)
+
+ if err != nil {
+ return err
+ }
+ }
+
+ // Lookup the login field instead of email field
+ if !has {
+ has, err = sess.Where(notServiceAccountFilter(ss)).Get(user)
}
if err != nil {
diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go
index d3803fa0c9..da23a7cca9 100644
--- a/pkg/services/sqlstore/user_test.go
+++ b/pkg/services/sqlstore/user_test.go
@@ -51,6 +51,45 @@ func TestIntegrationUserDataAccess(t *testing.T) {
require.False(t, query.Result.IsDisabled)
})
+ t.Run("Get User by login - user_2 uses user_1.email as login", func(t *testing.T) {
+ ss = InitTestDB(t)
+
+ // create user_1
+ cmd := models.CreateUserCommand{
+ Email: "user_1@mail.com",
+ Name: "user_1",
+ Login: "user_1",
+ Password: "user_1_password",
+ IsDisabled: true,
+ }
+ user_1, err := ss.CreateUser(context.Background(), cmd)
+ require.Nil(t, err)
+
+ // create user_2
+ cmd = models.CreateUserCommand{
+ Email: "user_2@mail.com",
+ Name: "user_2",
+ Login: "user_1@mail.com",
+ Password: "user_2_password",
+ IsDisabled: true,
+ }
+ user_2, err := ss.CreateUser(context.Background(), cmd)
+ require.Nil(t, err)
+
+ // query user database for user_1 email
+ query := models.GetUserByLoginQuery{LoginOrEmail: "user_1@mail.com"}
+ err = ss.GetUserByLogin(context.Background(), &query)
+ require.Nil(t, err)
+
+ // expect user_1 as result
+ require.Equal(t, user_1.Email, query.Result.Email)
+ require.Equal(t, user_1.Login, query.Result.Login)
+ require.Equal(t, user_1.Name, query.Result.Name)
+ require.NotEqual(t, user_2.Email, query.Result.Email)
+ require.NotEqual(t, user_2.Login, query.Result.Login)
+ require.NotEqual(t, user_2.Name, query.Result.Name)
+ })
+
t.Run("Testing DB - creates and loads disabled user", func(t *testing.T) {
ss = InitTestDB(t)
cmd := models.CreateUserCommand{

427
SOURCES/1001-vendor-patch-removed-backend-crypto.patch
Unescape View File

@ -0,0 +1,427 @@
patch removed backend crypto
the `Makefile` removed a few files containing (unused) crypto
algorithms from the vendor tarball, which are not used in Grafana.
This patch removes all references to the deleted files.
diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
new file mode 100644
index 0000000000..871e612a61
--- /dev/null
+++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go
@@ -0,0 +1,25 @@
+package elgamal
+
+import (
+ "io"
+ "math/big"
+)
+
+// PublicKey represents an ElGamal public key.
+type PublicKey struct {
+ G, P, Y *big.Int
+}
+
+// PrivateKey represents an ElGamal private key.
+type PrivateKey struct {
+ PublicKey
+ X *big.Int
+}
+
+func Encrypt(random io.Reader, pub *PublicKey, msg []byte) (c1, c2 *big.Int, err error) {
+ panic("ElGamal encryption not available")
+}
+
+func Decrypt(priv *PrivateKey, c1, c2 *big.Int) (msg []byte, err error) {
+ panic("ElGamal encryption not available")
+}
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
index 0a19794a8e..25a5ee9158 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go
@@ -22,7 +22,6 @@ import (
"math/big"
"math/bits"
- "golang.org/x/crypto/cast5"
"golang.org/x/crypto/openpgp/errors"
)
@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int {
case Cipher3DES:
return 24
case CipherCAST5:
- return cast5.KeySize
+ panic("cast5 cipher not available")
case CipherAES128:
return 16
case CipherAES192:
@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) {
case Cipher3DES:
block, _ = des.NewTripleDESCipher(key)
case CipherCAST5:
- block, _ = cast5.NewCipher(key)
+ panic("cast5 cipher not available")
case CipherAES128, CipherAES192, CipherAES256:
block, _ = aes.NewCipher(key)
}
diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
index 6126030eb9..3a54c5f2b1 100644
--- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
+++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
@@ -5,13 +5,12 @@
package packet
import (
- "crypto/cipher"
"crypto/sha1"
"crypto/subtle"
- "golang.org/x/crypto/openpgp/errors"
"hash"
"io"
- "strconv"
+
+ "golang.org/x/crypto/openpgp/errors"
)
// SymmetricallyEncrypted represents a symmetrically encrypted byte string. The
@@ -45,46 +44,7 @@ func (se *SymmetricallyEncrypted) parse(r io.Reader) error {
// packet can be read. An incorrect key can, with high probability, be detected
// immediately and this will result in a KeyIncorrect error being returned.
func (se *SymmetricallyEncrypted) Decrypt(c CipherFunction, key []byte) (io.ReadCloser, error) {
- keySize := c.KeySize()
- if keySize == 0 {
- return nil, errors.UnsupportedError("unknown cipher: " + strconv.Itoa(int(c)))
- }
- if len(key) != keySize {
- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted: incorrect key length")
- }
-
- if se.prefix == nil {
- se.prefix = make([]byte, c.blockSize()+2)
- _, err := readFull(se.contents, se.prefix)
- if err != nil {
- return nil, err
- }
- } else if len(se.prefix) != c.blockSize()+2 {
- return nil, errors.InvalidArgumentError("can't try ciphers with different block lengths")
- }
-
- ocfbResync := OCFBResync
- if se.MDC {
- // MDC packets use a different form of OCFB mode.
- ocfbResync = OCFBNoResync
- }
-
- s := NewOCFBDecrypter(c.new(key), se.prefix, ocfbResync)
- if s == nil {
- return nil, errors.ErrKeyIncorrect
- }
-
- plaintext := cipher.StreamReader{S: s, R: se.contents}
-
- if se.MDC {
- // MDC packets have an embedded hash that we need to check.
- h := sha1.New()
- h.Write(se.prefix)
- return &seMDCReader{in: plaintext, h: h}, nil
- }
-
- // Otherwise, we just need to wrap plaintext so that it's a valid ReadCloser.
- return seReader{plaintext}, nil
+ panic("OCFB cipher not available")
}
// seReader wraps an io.Reader with a no-op Close method.
@@ -254,37 +214,5 @@ func (c noOpCloser) Close() error {
// written.
// If config is nil, sensible defaults will be used.
func SerializeSymmetricallyEncrypted(w io.Writer, c CipherFunction, key []byte, config *Config) (contents io.WriteCloser, err error) {
- if c.KeySize() != len(key) {
- return nil, errors.InvalidArgumentError("SymmetricallyEncrypted.Serialize: bad key length")
- }
- writeCloser := noOpCloser{w}
- ciphertext, err := serializeStreamHeader(writeCloser, packetTypeSymmetricallyEncryptedMDC)
- if err != nil {
- return
- }
-
- _, err = ciphertext.Write([]byte{symmetricallyEncryptedVersion})
- if err != nil {
- return
- }
-
- block := c.new(key)
- blockSize := block.BlockSize()
- iv := make([]byte, blockSize)
- _, err = config.Random().Read(iv)
- if err != nil {
- return
- }
- s, prefix := NewOCFBEncrypter(block, iv, OCFBNoResync)
- _, err = ciphertext.Write(prefix)
- if err != nil {
- return
- }
- plaintext := cipher.StreamWriter{S: s, W: ciphertext}
-
- h := sha1.New()
- h.Write(iv)
- h.Write(iv[blockSize-2:])
- contents = &seMDCWriter{w: plaintext, h: h}
- return
+ panic("OCFB cipher not available")
}
diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go
index 484ca51b71..5f502b8df1 100644
--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go
+++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go
@@ -11,8 +11,6 @@ import (
"crypto/x509/pkix"
"encoding/asn1"
"errors"
-
- "golang.org/x/crypto/pkcs12/internal/rc2"
)
var (
@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt
type shaWith40BitRC2CBC struct{}
-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) {
- return rc2.New(key, len(key)*8)
-}
-
func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte {
return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5)
}
@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC):
cipherType = shaWithTripleDESCBC{}
case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC):
- cipherType = shaWith40BitRC2CBC{}
+ panic("RC2 encryption not available")
default:
return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")
}
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
index ae3ebc03b9..11dbc3c56e 100644
--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go
@@ -16,13 +16,11 @@
package web
import (
- "encoding/hex"
"fmt"
"net/http"
"sync"
"github.com/go-kit/log"
- "golang.org/x/crypto/bcrypt"
)
// extraHTTPHeaders is a map of HTTP headers that can be added to HTTP
@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{
"Content-Security-Policy": nil,
}
-func validateUsers(configPath string) error {
- c, err := getConfig(configPath)
- if err != nil {
- return err
- }
-
- for _, p := range c.Users {
- _, err = bcrypt.Cost([]byte(p))
- if err != nil {
- return err
- }
- }
-
- return nil
-}
-
// validateHeaderConfig checks that the provided header configuration is correct.
// It does not check the validity of all the values, only the ones which are
// well-defined enumerations.
@@ -83,55 +65,3 @@ type webHandler struct {
// only once in parallel as this is CPU intensive.
bcryptMtx sync.Mutex
}
-
-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
- c, err := getConfig(u.tlsConfigPath)
- if err != nil {
- u.logger.Log("msg", "Unable to parse configuration", "err", err)
- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError)
- return
- }
-
- // Configure http headers.
- for k, v := range c.HTTPConfig.Header {
- w.Header().Set(k, v)
- }
-
- if len(c.Users) == 0 {
- u.handler.ServeHTTP(w, r)
- return
- }
-
- user, pass, auth := r.BasicAuth()
- if auth {
- hashedPassword, validUser := c.Users[user]
-
- if !validUser {
- // The user is not found. Use a fixed password hash to
- // prevent user enumeration by timing requests.
- // This is a bcrypt-hashed version of "fakepassword".
- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi"
- }
-
- cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...))
- authOk, ok := u.cache.get(cacheKey)
-
- if !ok {
- // This user, hashedPassword, password is not cached.
- u.bcryptMtx.Lock()
- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass))
- u.bcryptMtx.Unlock()
-
- authOk = err == nil
- u.cache.set(cacheKey, authOk)
- }
-
- if authOk && validUser {
- u.handler.ServeHTTP(w, r)
- return
- }
- }
-
- w.Header().Set("WWW-Authenticate", "Basic")
- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized)
-}
diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
index 2668964a06..291464ba7e 100644
--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
+++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go
@@ -18,12 +18,8 @@ import (
"crypto/x509"
"fmt"
"io/ioutil"
- "net"
- "net/http"
"path/filepath"
- "github.com/go-kit/log"
- "github.com/go-kit/log/level"
"github.com/pkg/errors"
config_util "github.com/prometheus/common/config"
"gopkg.in/yaml.v2"
@@ -177,93 +173,6 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) {
return cfg, nil
}
-// ListenAndServe starts the server on the given address. Based on the file
-// tlsConfigPath, TLS or basic auth could be enabled.
-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error {
- listener, err := net.Listen("tcp", server.Addr)
- if err != nil {
- return err
- }
- defer listener.Close()
- return Serve(listener, server, tlsConfigPath, logger)
-}
-
-// Server starts the server on the given listener. Based on the file
-// tlsConfigPath, TLS or basic auth could be enabled.
-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error {
- if tlsConfigPath == "" {
- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
- return server.Serve(l)
- }
-
- if err := validateUsers(tlsConfigPath); err != nil {
- return err
- }
-
- // Setup basic authentication.
- var handler http.Handler = http.DefaultServeMux
- if server.Handler != nil {
- handler = server.Handler
- }
-
- c, err := getConfig(tlsConfigPath)
- if err != nil {
- return err
- }
-
- server.Handler = &webHandler{
- tlsConfigPath: tlsConfigPath,
- logger: logger,
- handler: handler,
- cache: newCache(),
- }
-
- config, err := ConfigToTLSConfig(&c.TLSConfig)
- switch err {
- case nil:
- if !c.HTTPConfig.HTTP2 {
- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
- }
- // Valid TLS config.
- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2)
- case errNoTLSConfig:
- // No TLS config, back to plain HTTP.
- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false)
- return server.Serve(l)
- default:
- // Invalid TLS config.
- return err
- }
-
- server.TLSConfig = config
-
- // Set the GetConfigForClient method of the HTTPS server so that the config
- // and certs are reloaded on new connections.
- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) {
- return getTLSConfig(tlsConfigPath)
- }
- return server.ServeTLS(l, "", "")
-}
-
-// Validate configuration file by reading the configuration and the certificates.
-func Validate(tlsConfigPath string) error {
- if tlsConfigPath == "" {
- return nil
- }
- if err := validateUsers(tlsConfigPath); err != nil {
- return err
- }
- c, err := getConfig(tlsConfigPath)
- if err != nil {
- return err
- }
- _, err = ConfigToTLSConfig(&c.TLSConfig)
- if err == errNoTLSConfig {
- return nil
- }
- return err
-}
-
type cipher uint16
func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error {
@@ -346,11 +255,3 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) {
}
return fmt.Sprintf("%v", tv), nil
}
-
-// Listen starts the server on the given address. Based on the file
-// tlsConfigPath, TLS or basic auth could be enabled.
-//
-// Deprecated: Use ListenAndServe instead.
-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error {
- return ListenAndServe(server, tlsConfigPath, logger)
-}

145
SOURCES/1002-vendor-use-pbkdf2-from-OpenSSL.patch
Unescape View File

@ -0,0 +1,145 @@
use pbkdf2 from OpenSSL if FIPS mode is enabled
This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
if FIPS mode is enabled.
diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
new file mode 100644
index 0000000000..5a06918832
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/boring/boring.go
@@ -0,0 +1,74 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Copyright 2021 Red Hat.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build linux
+// +build !android
+// +build !no_openssl
+// +build !cmd_go_bootstrap
+// +build !msan
+
+package boring
+
+// #include "openssl_pbkdf2.h"
+// #cgo LDFLAGS: -ldl
+import "C"
+import (
+ "bytes"
+ "crypto/sha1"
+ "crypto/sha256"
+ "hash"
+ "unsafe"
+)
+
+var (
+ emptySha1 = sha1.Sum([]byte{})
+ emptySha256 = sha256.Sum256([]byte{})
+)
+
+func hashToMD(h hash.Hash) *C.GO_EVP_MD {
+ emptyHash := h.Sum([]byte{})
+
+ switch {
+ case bytes.Equal(emptyHash, emptySha1[:]):
+ return C._goboringcrypto_EVP_sha1()
+ case bytes.Equal(emptyHash, emptySha256[:]):
+ return C._goboringcrypto_EVP_sha256()
+ }
+ return nil
+}
+
+// charptr returns the address of the underlying array in b,
+// being careful not to panic when b has zero length.
+func charptr(b []byte) *C.char {
+ if len(b) == 0 {
+ return nil
+ }
+ return (*C.char)(unsafe.Pointer(&b[0]))
+}
+
+// ucharptr returns the address of the underlying array in b,
+// being careful not to panic when b has zero length.
+func ucharptr(b []byte) *C.uchar {
+ if len(b) == 0 {
+ return nil
+ }
+ return (*C.uchar)(unsafe.Pointer(&b[0]))
+}
+
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
+ // println("[debug] using pbkdf2 from OpenSSL")
+ ch := h()
+ md := hashToMD(ch)
+ if md == nil {
+ return nil
+ }
+
+ out := make([]byte, keyLen)
+ ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
+ if ok != 1 {
+ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
+ }
+ return out
+}
diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go
new file mode 100644
index 0000000000..e244fb5663
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go
@@ -0,0 +1,16 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Copyright 2021 Red Hat.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
+
+package boring
+
+import (
+ "hash"
+)
+
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
+ panic("boringcrypto: not available")
+}
diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
new file mode 100644
index 0000000000..6dfdf10424
--- /dev/null
+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
@@ -0,0 +1,5 @@
+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
+
+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
+ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
+ (pass, passlen, salt, saltlen, iter, digest, keylen, out))
diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
index 593f653008..799a611f94 100644
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
+++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
@@ -19,8 +19,11 @@ pbkdf2.Key.
package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
import (
+ "crypto/boring"
"crypto/hmac"
"hash"
+
+ xboring "golang.org/x/crypto/internal/boring"
)
// Key derives a key from the password, salt and iteration count, returning a
@@ -40,6 +43,10 @@ import (
// Using a higher iteration count will increase the cost of an exhaustive
// search but will also make derivation proportionally slower.
func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
+ if boring.Enabled() {
+ return xboring.Pbkdf2Key(password, salt, iter, keyLen, h)
+ }
+
prf := hmac.New(h, password)
hashLen := prf.Size()
numBlocks := (keyLen + hashLen - 1) / hashLen

18
SOURCES/1003-vendor-skip-goldenfiles-tests.patch
Unescape View File

@ -0,0 +1,18 @@
skip goldenfiles tests
The golden files include memory dumps from a x86_64 machine.
Integers are stored as little endian on x86, but as big endian on s390x,
therefore loading this memory dump fails on s390x.
diff --git a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
index 320f40f3bd..20f5fa4f46 100644
--- a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
+++ b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
@@ -203,6 +203,7 @@ func CheckGoldenJSONFrame(t *testing.T, dir string, name string, f *data.Frame,
// CheckGoldenJSONResponse will verify that the stored JSON file matches the given backend.DataResponse.
func CheckGoldenJSONResponse(t *testing.T, dir string, name string, dr *backend.DataResponse, updateFile bool) {
t.Helper()
+ t.Skip("skipping test: x86_64 memory dump is not compatible with other architectures")
fpath := path.Join(dir, name+".jsonc")
expected, err := readGoldenJSONFile(fpath)

20
SOURCES/build_frontend.sh
Unescape View File

@ -0,0 +1,20 @@
#!/bin/bash -eu
# Webpack needs more than the default 4GB RAM
export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144"
# Build the frontend
yarn run build
# Build the bundled plugins
mkdir plugins-bundled/external
yarn run plugins:build-bundled
for plugin in plugins-bundled/internal/input-datasource; do
mv $plugin $plugin.tmp
mv $plugin.tmp/dist $plugin
rm -rf $plugin.tmp
done
rm plugins-bundled/README.md plugins-bundled/.gitignore plugins-bundled/external.json
# Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics))
chmod -R g-w,o-w public/build plugins-bundled

85
SOURCES/create_bundles.sh
Unescape View File

@ -0,0 +1,85 @@
#!/bin/bash -eux
VERSION=$(rpm --specfile ./*.spec --qf '%{VERSION}\n' | head -1)
RELEASE=$(rpm --specfile ./*.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1)
CHANGELOGTIME=$(rpm --specfile ./*.spec --qf '%{CHANGELOGTIME}\n' | head -1)
SOURCE_DATE_EPOCH=$((CHANGELOGTIME - CHANGELOGTIME % 86400))
SOURCE_DIR=grafana-$VERSION
SOURCE_TAR=grafana-$VERSION.tar.gz
VENDOR_TAR=grafana-vendor-$VERSION-$RELEASE.tar.xz
WEBPACK_TAR=grafana-webpack-$VERSION-$RELEASE.tar.gz
## Download and extract source tarball
spectool -g grafana.spec
rm -rf "${SOURCE_DIR}"
tar xf "${SOURCE_TAR}"
## Create vendor bundle
pushd "${SOURCE_DIR}"
# Vendor Go dependencies
patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
go mod vendor
# Generate Go files
make gen-go
# Remove unused crypto
rm -r vendor/golang.org/x/crypto/bcrypt
rm -r vendor/golang.org/x/crypto/blowfish
rm -r vendor/golang.org/x/crypto/cast5
rm -r vendor/golang.org/x/crypto/openpgp/elgamal
rm vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2
# List bundled dependencies
awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \
sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest"
# Vendor Node.js dependencies
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
export HUSKY=0
yarn install --frozen-lockfile
# Remove files with licensing issues
find .yarn -name 'node-notifier' -prune -exec rm -r {} \;
find .yarn -name 'nodemon' -prune -exec rm -r {} \;
# List bundled dependencies
../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest"
popd
# Create tarball
# shellcheck disable=SC2046
XZ_OPT=-9 tar \
--sort=name \
--mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \
--owner=0 --group=0 --numeric-owner \
-cJf "${VENDOR_TAR}" \
"${SOURCE_DIR}/vendor" \
$(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \
"${SOURCE_DIR}/.pnp.cjs" \
"${SOURCE_DIR}/.yarn/cache" \
"${SOURCE_DIR}/.yarn/unplugged"
## Create webpack
pushd "${SOURCE_DIR}"
../build_frontend.sh
popd
# Create tarball
tar \
--sort=name \
--mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \
--owner=0 --group=0 --numeric-owner \
-czf "${WEBPACK_TAR}" \
"${SOURCE_DIR}/plugins-bundled" \
"${SOURCE_DIR}/public/build" \
"${SOURCE_DIR}/public/img" \
"${SOURCE_DIR}/public/lib" \
"${SOURCE_DIR}/public/locales" \
"${SOURCE_DIR}/public/views"

24
SOURCES/create_bundles_in_container.sh
Unescape View File

@ -0,0 +1,24 @@
#!/bin/bash -eu
#
# create vendor and webpack bundles inside a container (for reproducibility)
# using a Go cache:
# ./create_bundles_in_container.sh --security-opt label=disable -v $(pwd)/.gocache:/root/go
#
cat <<EOF | podman build -t grafana-build -f - .
FROM fedora:35
RUN dnf upgrade -y && \
dnf install -y rpmdevtools python3-packaging python3-pyyaml make golang nodejs yarnpkg
# https://groups.google.com/g/golang-nuts/c/MVtHZUtZru4
ENV GOPROXY=https://proxy.golang.org,direct
WORKDIR /tmp/grafana-build
COPY grafana.spec create_bundles.sh build_frontend.sh list_bundled_nodejs_packages.py *.patch .
RUN mkdir bundles
CMD ./create_bundles.sh && mv *.tar.* bundles
EOF
podman run --name grafana-build --replace "$@" grafana-build
podman cp grafana-build:bundles/. .

2
SOURCES/grafana.sysusers
Unescape View File

@ -0,0 +1,2 @@
#Type Name ID GECOS Home directory
u grafana - "Grafana user account" /usr/share/grafana

70
SOURCES/list_bundled_nodejs_packages.py
Unescape View File

@ -0,0 +1,70 @@
#!/usr/bin/env python3
#
# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json
#
import os
import sys
import json
import yaml
from packaging import version
def scan_package_json(package_dir):
for root, dirs, files in os.walk(package_dir, topdown=True):
dirs[:] = [d for d in dirs if d not in ["node_modules", "vendor"]]
if "package.json" in files:
yield os.path.join(root, "package.json")
def read_declared_pkgs(package_json_path):
with open(package_json_path) as f:
package_json = json.load(f)
return list(package_json.get("dependencies", {}).keys()) + list(
package_json.get("devDependencies", {}).keys()
)
def read_installed_pkgs(yarn_lock_path):
with open(yarn_lock_path) as f:
lockfile = yaml.safe_load(f)
for pkg_decl, meta in lockfile.items():
for pkg in pkg_decl.split(", "):
if ":" not in pkg:
continue
pkg_name = pkg[: pkg.index("@", 1)]
pkg_version = meta["version"]
yield (pkg_name, pkg_version)
def list_provides(declared_pkgs, installed_pkgs):
for declared_pkg in declared_pkgs:
# there can be multiple versions installed of one package (transitive dependencies)
# but rpm doesn't support Provides: with a single package and multiple versions
# so let's declare the oldest version here
versions = [
version.parse(pkg_version)
for pkg_name, pkg_version in installed_pkgs
if pkg_name == declared_pkg
]
if not versions:
print(f"warning: {declared_pkg} missing in yarn.lock", file=sys.stderr)
continue
oldest_version = sorted(versions)[0]
yield f"Provides: bundled(npm({declared_pkg})) = {oldest_version}"
if __name__ == "__main__":
if len(sys.argv) != 2:
print(f"usage: {sys.argv[0]} package-X.Y.Z/", file=sys.stdout)
sys.exit(1)
package_dir = sys.argv[1]
declared_pkgs = set()
for package_json_path in scan_package_json(package_dir):
declared_pkgs.update(read_declared_pkgs(package_json_path))
installed_pkgs = list(read_installed_pkgs(f"{package_dir}/yarn.lock"))
provides = list_provides(declared_pkgs, installed_pkgs)
for provide in sorted(provides):
print(provide)

1176
SPECS/grafana.spec
View File

File diff suppressed because it is too large Load Diff
Write Preview
Loading…
Cancel
Save