commit
49bef19e03
@ -0,0 +1,3 @@
|
||||
SOURCES/grafana-9.2.10.tar.gz
|
||||
SOURCES/grafana-vendor-9.2.10-2.tar.xz
|
||||
SOURCES/grafana-webpack-9.2.10-2.tar.gz
|
@ -0,0 +1,3 @@
|
||||
4c9db312dca444023c37c7af9acd2876a7e164b8 SOURCES/grafana-9.2.10.tar.gz
|
||||
1ab1cbb1efa563dff66783e9c59c8bd43503aef2 SOURCES/grafana-vendor-9.2.10-2.tar.xz
|
||||
ac93650649c6f3c1f6bc2884c524939afaa8321b SOURCES/grafana-webpack-9.2.10-2.tar.gz
|
@ -0,0 +1,64 @@
|
||||
From 226822e64ed4badb22e18740e6db411617b42bb7 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 16:57:52 +0200
|
||||
Subject: [PATCH] update grafana-cli script with distro-specific paths and
|
||||
switch to grafana user
|
||||
|
||||
|
||||
diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli
|
||||
index dafa075a2c..eda358c425 100755
|
||||
--- a/packaging/wrappers/grafana-cli
|
||||
+++ b/packaging/wrappers/grafana-cli
|
||||
@@ -5,18 +5,19 @@
|
||||
# the system-wide Grafana configuration that was bundled with the package as we
|
||||
# use the binary.
|
||||
|
||||
-DEFAULT=/etc/default/grafana
|
||||
+DEFAULT=/etc/sysconfig/grafana-server
|
||||
|
||||
GRAFANA_HOME=/usr/share/grafana
|
||||
CONF_DIR=/etc/grafana
|
||||
DATA_DIR=/var/lib/grafana
|
||||
PLUGINS_DIR=/var/lib/grafana/plugins
|
||||
LOG_DIR=/var/log/grafana
|
||||
+LIBEXEC_DIR=/usr/libexec/grafana
|
||||
|
||||
CONF_FILE=$CONF_DIR/grafana.ini
|
||||
PROVISIONING_CFG_DIR=$CONF_DIR/provisioning
|
||||
|
||||
-EXECUTABLE=$GRAFANA_HOME/bin/grafana-cli
|
||||
+EXECUTABLE=$LIBEXEC_DIR/grafana-cli
|
||||
|
||||
if [ ! -x $EXECUTABLE ]; then
|
||||
echo "Program not installed or not executable"
|
||||
@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then
|
||||
. "$DEFAULT"
|
||||
fi
|
||||
|
||||
-OPTS="--homepath=${GRAFANA_HOME} \
|
||||
- --config=${CONF_FILE} \
|
||||
- --pluginsDir=${PLUGINS_DIR} \
|
||||
- --configOverrides='cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \
|
||||
- cfg:default.paths.data=${DATA_DIR} \
|
||||
- cfg:default.paths.logs=${LOG_DIR} \
|
||||
- cfg:default.paths.plugins=${PLUGINS_DIR}'"
|
||||
-
|
||||
-eval $EXECUTABLE "$OPTS" '$@'
|
||||
+OPTS=("--homepath=${GRAFANA_HOME}"
|
||||
+ "--config=${CONF_FILE}"
|
||||
+ "--pluginsDir=${PLUGINS_DIR}"
|
||||
+ "--configOverrides=cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \
|
||||
+ cfg:default.paths.data=${DATA_DIR} \
|
||||
+ cfg:default.paths.logs=${LOG_DIR} \
|
||||
+ cfg:default.paths.plugins=${PLUGINS_DIR}")
|
||||
+
|
||||
+if [ "$(id -u)" -eq 0 -o "$(id -g)" -eq 0 ]; then
|
||||
+ cd "${GRAFANA_HOME}"
|
||||
+ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@"
|
||||
+elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then
|
||||
+ cd "${GRAFANA_HOME}"
|
||||
+ exec "$EXECUTABLE" "${OPTS[@]}" "$@"
|
||||
+else
|
||||
+ echo "$0: please run this script as user \"${GRAFANA_USER}\" or root."
|
||||
+ exit 5
|
||||
+fi
|
@ -0,0 +1,161 @@
|
||||
From c065b6608a65967bde152557566e0410238714a1 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 17:01:09 +0200
|
||||
Subject: [PATCH] add manpages
|
||||
|
||||
|
||||
diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1
|
||||
new file mode 100644
|
||||
index 0000000000..39c0d5cee0
|
||||
--- /dev/null
|
||||
+++ b/docs/man/man1/grafana-cli.1
|
||||
@@ -0,0 +1,63 @@
|
||||
+.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands"
|
||||
+.SH NAME
|
||||
+grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor
|
||||
+.SH DESCRIPTION
|
||||
+.SS "NAME:"
|
||||
+.IP
|
||||
+grafana-cli
|
||||
+.SS "USAGE:"
|
||||
+.IP
|
||||
+\fBgrafana\-cli\fP [\fIglobal options\fP] \fIcommand\fP [\fIcommand options\fP] [\fIarguments\fP...]
|
||||
+.SS "COMMANDS:"
|
||||
+.TP
|
||||
+plugins
|
||||
+Manage plugins for grafana
|
||||
+.TP
|
||||
+admin
|
||||
+Grafana admin commands
|
||||
+.TP
|
||||
+cue
|
||||
+Cue validation commands
|
||||
+.TP
|
||||
+help, h
|
||||
+Shows a list of commands or help for one command
|
||||
+.SS "GLOBAL OPTIONS:"
|
||||
+.TP
|
||||
+\fB\-\-pluginsDir\fR value
|
||||
+path to the grafana plugin directory (default: "/var/lib/grafana/plugins") [$GF_PLUGIN_DIR]
|
||||
+.TP
|
||||
+\fB\-\-repo\fR value
|
||||
+url to the plugin repository (default: "https://grafana.com/api/plugins") [$GF_PLUGIN_REPO]
|
||||
+.TP
|
||||
+\fB\-\-pluginUrl\fR value
|
||||
+Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL]
|
||||
+.TP
|
||||
+\fB\-\-insecure\fR
|
||||
+Skip TLS verification (insecure) (default: false)
|
||||
+.TP
|
||||
+\fB\-\-debug\fR
|
||||
+Enable debug logging (default: false)
|
||||
+.TP
|
||||
+\fB\-\-configOverrides\fR value
|
||||
+Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null
|
||||
+.TP
|
||||
+\fB\-\-homepath\fR value
|
||||
+Path to Grafana install/home path, defaults to working directory
|
||||
+.TP
|
||||
+\fB\-\-config\fR value
|
||||
+Path to config file
|
||||
+.TP
|
||||
+\fB\-\-help\fR, \fB\-h\fR
|
||||
+show help
|
||||
+.TP
|
||||
+\fB\-\-version\fR, \fB\-v\fR
|
||||
+print the version
|
||||
+.SH "SEE ALSO"
|
||||
+Additional documentation for
|
||||
+.B grafana-cli
|
||||
+is available on-line at
|
||||
+.BR http://docs.grafana.org/administration/cli/ .
|
||||
+The full documentation for
|
||||
+.B Grafana
|
||||
+is available on-line at
|
||||
+.BR http://docs.grafana.org/ .
|
||||
diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1
|
||||
new file mode 100644
|
||||
index 0000000000..683a2369cc
|
||||
--- /dev/null
|
||||
+++ b/docs/man/man1/grafana-server.1
|
||||
@@ -0,0 +1,80 @@
|
||||
+.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands"
|
||||
+.SH NAME
|
||||
+grafana-server \- back-end server for the Grafana metrics dashboard and graph editor
|
||||
+.SH DESCRIPTION
|
||||
+.B grafana-server
|
||||
+is the back-end server for the Grafana metrics dashboard and graph editor.
|
||||
+The
|
||||
+.B grafana-server
|
||||
+program should not normally be run from the command line,
|
||||
+except when testing or for development purposes.
|
||||
+Rather it should be managed by
|
||||
+.BR systemd .
|
||||
+After installing Grafana, the systemd service should be enabled and started as follows:
|
||||
+.P
|
||||
+.in 1i
|
||||
+.B systemctl daemon-reload
|
||||
+.br
|
||||
+.B systemctl enable grafana-server.service
|
||||
+.br
|
||||
+.B systemctl start grafana-server.service
|
||||
+.in
|
||||
+.P
|
||||
+.SH OPTIONS
|
||||
+The
|
||||
+.B grafana-server
|
||||
+configuration is specified in
|
||||
+.BR /etc/grafana/grafana.ini
|
||||
+and is well documented with comments.
|
||||
+The command-line options listed below override options of
|
||||
+the same (or similar) name in the configuration file.
|
||||
+.P
|
||||
+.HP
|
||||
+\fB\-config\fR string
|
||||
+.IP
|
||||
+path to config file
|
||||
+.HP
|
||||
+\fB\-homepath\fR string
|
||||
+.IP
|
||||
+path to grafana install/home path, defaults to working directory
|
||||
+.HP
|
||||
+\fB\-packaging\fR string
|
||||
+.IP
|
||||
+describes the way Grafana was installed (default "unknown")
|
||||
+.HP
|
||||
+\fB\-pidfile\fR string
|
||||
+.IP
|
||||
+path to pid file
|
||||
+.HP
|
||||
+\fB\-profile\fR
|
||||
+.IP
|
||||
+Turn on pprof profiling
|
||||
+.HP
|
||||
+\fB\-profile\-addr\fR string
|
||||
+.IP
|
||||
+Define custom address for profiling (default "localhost")
|
||||
+.HP
|
||||
+\fB\-profile\-port\fR uint
|
||||
+.IP
|
||||
+Define custom port for profiling (default 6060)
|
||||
+.HP
|
||||
+\fB\-tracing\fR
|
||||
+.IP
|
||||
+Turn on tracing
|
||||
+.HP
|
||||
+\fB\-tracing\-file\fR string
|
||||
+.IP
|
||||
+Define tracing output file (default "trace.out")
|
||||
+.TP
|
||||
+\fB\-v\fR
|
||||
+.IP
|
||||
+prints current version and exits
|
||||
+.TP
|
||||
+\fB\-vv\fR
|
||||
+.IP
|
||||
+prints current version, all dependencies and exits
|
||||
+.SH "SEE ALSO"
|
||||
+The full documentation for
|
||||
+.B Grafana
|
||||
+is available on-line at
|
||||
+.BR http://docs.grafana.org/ .
|
@ -0,0 +1,68 @@
|
||||
From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 17:05:48 +0200
|
||||
Subject: [PATCH] update default configuration
|
||||
|
||||
|
||||
diff --git a/conf/defaults.ini b/conf/defaults.ini
|
||||
index 2d6e1235b6..f0eff6d2ac 100644
|
||||
--- a/conf/defaults.ini
|
||||
+++ b/conf/defaults.ini
|
||||
@@ -196,7 +196,7 @@ row_limit = 1000000
|
||||
# No ip addresses are being tracked, only simple counters to track
|
||||
# running instances, dashboard and error counts. It is very helpful to us.
|
||||
# Change this option to false to disable reporting.
|
||||
-reporting_enabled = true
|
||||
+reporting_enabled = false
|
||||
|
||||
# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
|
||||
reporting_distributor = grafana-labs
|
||||
@@ -206,7 +206,7 @@ reporting_distributor = grafana-labs
|
||||
# in some UI views to notify that a grafana update exists.
|
||||
# This option does not cause any auto updates, nor send any information
|
||||
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
|
||||
-check_for_updates = true
|
||||
+check_for_updates = false
|
||||
|
||||
# Set to false to disable all checks to https://grafana.com
|
||||
# for new versions of plugins. The check is used
|
||||
diff --git a/conf/sample.ini b/conf/sample.ini
|
||||
index 227c90e895..dc9fd6a3a5 100644
|
||||
--- a/conf/sample.ini
|
||||
+++ b/conf/sample.ini
|
||||
@@ -202,7 +202,7 @@
|
||||
# No ip addresses are being tracked, only simple counters to track
|
||||
# running instances, dashboard and error counts. It is very helpful to us.
|
||||
# Change this option to false to disable reporting.
|
||||
-;reporting_enabled = true
|
||||
+;reporting_enabled = false
|
||||
|
||||
# The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs
|
||||
;reporting_distributor = grafana-labs
|
||||
@@ -212,7 +212,7 @@
|
||||
# in some UI views to notify that a grafana update exists.
|
||||
# This option does not cause any auto updates, nor send any information
|
||||
# only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version.
|
||||
-;check_for_updates = true
|
||||
+;check_for_updates = false
|
||||
|
||||
# Set to false to disable all checks to https://grafana.com
|
||||
# for new versions of plugins. The check is used
|
||||
@@ -356,7 +356,7 @@
|
||||
|
||||
# Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds.
|
||||
# The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m.
|
||||
-;min_refresh_interval = 5s
|
||||
+min_refresh_interval = 1s
|
||||
|
||||
# Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json"
|
||||
;default_home_dashboard_path =
|
||||
@@ -1094,7 +1094,7 @@
|
||||
;enable_alpha = false
|
||||
;app_tls_skip_verify_insecure = false
|
||||
# Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded.
|
||||
-;allow_loading_unsigned_plugins =
|
||||
+allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel
|
||||
# Enable or disable installing / uninstalling / updating plugins directly from within Grafana.
|
||||
;plugin_admin_enabled = false
|
||||
;plugin_admin_external_manage_enabled = false
|
@ -0,0 +1,129 @@
|
||||
From 944d07247d07b433777ee6ab46bc55cc1d9debe8 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 17:18:56 +0200
|
||||
Subject: [PATCH] remove unused backend dependencies
|
||||
|
||||
saml and gofpdf are not used in the OSS edition of Grafana
|
||||
after editing `pkg/extensions/main.go`, run `go mod tidy`
|
||||
|
||||
diff --git a/go.mod b/go.mod
|
||||
index 03c00985c4..faedd337d3 100644
|
||||
--- a/go.mod
|
||||
+++ b/go.mod
|
||||
@@ -30,7 +30,6 @@ require (
|
||||
github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b
|
||||
github.com/centrifugal/centrifuge v0.25.0
|
||||
github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d
|
||||
- github.com/crewjam/saml v0.4.9
|
||||
github.com/davecgh/go-spew v1.1.1
|
||||
github.com/denisenkom/go-mssqldb v0.12.0
|
||||
github.com/dop251/goja v0.0.0-20210804101310-32956a348b49
|
||||
@@ -67,7 +66,6 @@ require (
|
||||
github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097
|
||||
github.com/jmespath/go-jmespath v0.4.0
|
||||
github.com/json-iterator/go v1.1.12
|
||||
- github.com/jung-kurt/gofpdf v1.16.2
|
||||
github.com/lib/pq v1.10.4
|
||||
github.com/linkedin/goavro/v2 v2.10.0
|
||||
github.com/m3db/prometheus_remote_client_golang v0.4.4
|
||||
@@ -192,7 +190,6 @@ require (
|
||||
github.com/josharian/intern v1.0.0 // indirect
|
||||
github.com/jpillora/backoff v1.0.0 // indirect
|
||||
github.com/mailru/easyjson v0.7.7 // indirect
|
||||
- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect
|
||||
github.com/mattetti/filebuffer v1.0.1 // indirect
|
||||
github.com/mattn/go-runewidth v0.0.9 // indirect
|
||||
github.com/miekg/dns v1.1.43 // indirect
|
||||
@@ -208,7 +205,7 @@
|
||||
github.com/opentracing-contrib/go-stdlib v1.0.0 // indirect
|
||||
github.com/pmezard/go-difflib v1.0.0 // indirect
|
||||
github.com/prometheus/common/sigv4 v0.1.0 // indirect
|
||||
- github.com/prometheus/exporter-toolkit v0.7.1 // indirect
|
||||
+ github.com/prometheus/exporter-toolkit v0.7.3 // indirect
|
||||
github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 // indirect
|
||||
github.com/prometheus/procfs v0.8.0 // indirect
|
||||
github.com/protocolbuffers/txtpbfmt v0.0.0-20220428173112-74888fd59c2b // indirect
|
||||
diff --git a/go.sum b/go.sum
|
||||
index e3b45a9f35..b98dc78c57 100644
|
||||
--- a/go.sum
|
||||
+++ b/go.sum
|
||||
@@ -665,7 +665,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
|
||||
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
|
||||
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
|
||||
-github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
|
||||
github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ=
|
||||
github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA=
|
||||
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||
@@ -1376,8 +1375,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.139.0 h1:2RQKM2QpSaWTtaGN6sK+R7LO7zy
|
||||
github.com/grafana/grafana-plugin-sdk-go v0.139.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c=
|
||||
github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293 h1:dJIdfHqu+XjKz+w9zXLqXKPdp6Jjx/UPSOwdeSfWdeQ=
|
||||
github.com/grafana/prometheus-alertmanager v0.24.1-0.20221012142027-823cd9150293/go.mod h1:HVHqK+BVPa/tmL8EMhLCCrPt2a1GdJpEyxr5hgur2UI=
|
||||
-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7 h1:cujJQ3XV6IK7Y96VpYurd2EpI5rfMRFcuyGqUlk+030=
|
||||
-github.com/grafana/saml v0.4.9-0.20230102094056-b61b9eb7c8b7/go.mod h1:9Zh6dWPtB3MSzTRt8fIFH60Z351QQ+s7hCU3J/tTlA4=
|
||||
github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104 h1:dYpwFYIChrMfpq3wDa/ZBxAbUGSW5NYmYBeSezhaoao=
|
||||
github.com/grafana/thema v0.0.0-20220817114012-ebeee841c104/go.mod h1:fCV1rqv6XRQg2GfIQ7pU9zdxd5fLRcEBCnrDVwlK+ZY=
|
||||
github.com/grafana/xorm v0.8.3-0.20220614223926-2fcda7565af6 h1:I9dh1MXGX0wGyxdV/Sl7+ugnki4Dfsy8lv2s5Yf887o=
|
||||
@@ -1664,8 +1661,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V
|
||||
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
|
||||
github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
|
||||
github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
|
||||
-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc=
|
||||
-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0=
|
||||
github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0=
|
||||
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
|
||||
github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
|
||||
@@ -1787,8 +1782,6 @@ github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE=
|
||||
github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU=
|
||||
github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
|
||||
github.com/matryer/moq v0.2.7/go.mod h1:kITsx543GOENm48TUAQyJ9+SAvFSr7iGQXPoth/VUBk=
|
||||
-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
|
||||
-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
|
||||
github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM=
|
||||
github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs=
|
||||
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
|
||||
@@ -2066,7 +2059,6 @@ github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR
|
||||
github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
|
||||
github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
|
||||
github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
|
||||
-github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
|
||||
github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
|
||||
github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
|
||||
github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
|
||||
@@ -2156,8 +2148,9 @@ github.com/prometheus/common/sigv4 v0.1.0 h1:qoVebwtwwEhS85Czm2dSROY5fTo2PAPEVdD
|
||||
github.com/prometheus/common/sigv4 v0.1.0/go.mod h1:2Jkxxk9yYvCkE5G1sQT7GuEXm57JrvHu9k5YwTjsNtI=
|
||||
github.com/prometheus/exporter-toolkit v0.5.1/go.mod h1:OCkM4805mmisBhLmVFw858QYi3v0wKdY6/UxrT0pZVg=
|
||||
github.com/prometheus/exporter-toolkit v0.6.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
|
||||
-github.com/prometheus/exporter-toolkit v0.7.1 h1:c6RXaK8xBVercEeUQ4tRNL8UGWzDHfvj9dseo1FcK1Y=
|
||||
github.com/prometheus/exporter-toolkit v0.7.1/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
|
||||
+github.com/prometheus/exporter-toolkit v0.7.3 h1:IYBn0CTGi/nYxstdTUKysuSofUNJ3DQW3FmZ/Ub6rgU=
|
||||
+github.com/prometheus/exporter-toolkit v0.7.3/go.mod h1:ZUBIj498ePooX9t/2xtDjeQYwvRpiPP2lh5u4iblj2g=
|
||||
github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289 h1:dTUS1vaLWq+Y6XKOTnrFpoVsQKLCbCp1OLj24TDi7oM=
|
||||
github.com/prometheus/node_exporter v1.0.0-rc.0.0.20200428091818-01054558c289/go.mod h1:FGbBv5OPKjch+jNUJmEQpMZytIdyW0NdBtWFcfSKusc=
|
||||
github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
|
||||
@@ -2696,7 +2688,6 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y
|
||||
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20211115234514-b4de73f9ece8/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
|
||||
golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
-golang.org/x/crypto v0.0.0-20220128200615-198e4374d7ed/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go
|
||||
index 72371bdab4..a7bb7abe0f 100644
|
||||
--- a/pkg/extensions/main.go
|
||||
+++ b/pkg/extensions/main.go
|
||||
@@ -11,13 +11,11 @@ import (
|
||||
_ "github.com/blugelabs/bluge"
|
||||
_ "github.com/blugelabs/bluge_segment_api"
|
||||
_ "github.com/cortexproject/cortex/pkg/util"
|
||||
- _ "github.com/crewjam/saml"
|
||||
_ "github.com/gobwas/glob"
|
||||
_ "github.com/googleapis/gax-go/v2"
|
||||
_ "github.com/grafana/dskit/backoff"
|
||||
_ "github.com/grafana/dskit/flagext"
|
||||
_ "github.com/grpc-ecosystem/go-grpc-middleware"
|
||||
- _ "github.com/jung-kurt/gofpdf"
|
||||
_ "github.com/linkedin/goavro/v2"
|
||||
_ "github.com/m3db/prometheus_remote_client_golang/promremote"
|
||||
_ "github.com/pkg/errors"
|
@ -0,0 +1,397 @@
|
||||
From 3709d320189b10a12a3780d15e46afd777f06554 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 17:36:47 +0200
|
||||
Subject: [PATCH] remove unused frontend crypto
|
||||
|
||||
update `package.json` and then run `yarn install` to update the
|
||||
`yarn.lock` lockfile
|
||||
|
||||
diff --git a/package.json b/package.json
|
||||
index e26f95d855..91d71f1414 100644
|
||||
--- a/package.json
|
||||
+++ b/package.json
|
||||
@@ -405,8 +405,10 @@
|
||||
"whatwg-fetch": "3.6.2"
|
||||
},
|
||||
"resolutions": {
|
||||
+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
|
||||
+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
|
||||
+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz",
|
||||
"underscore": "1.13.4",
|
||||
- "@mdx-js/loader/loader-utils": "^2.0.0",
|
||||
"@types/slate": "0.47.9",
|
||||
"@rushstack/node-core-library": "3.52.0",
|
||||
"@rushstack/rig-package": "0.3.13",
|
||||
diff --git a/yarn.lock b/yarn.lock
|
||||
index f374e10e33..12c06ad883 100644
|
||||
--- a/yarn.lock
|
||||
+++ b/yarn.lock
|
||||
@@ -4571,10 +4571,10 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"@braintree/sanitize-url@npm:6.0.0":
|
||||
- version: 6.0.0
|
||||
- resolution: "@braintree/sanitize-url@npm:6.0.0"
|
||||
- checksum: 409ce7709dc1a0c67bc887d20af1becd4145d5c62cc5124b1c4c1f3ea2a8d69b0ee9f582d446469c6f5294b56442b99048cbbba6861dd5c834d4e019b95e1f40
|
||||
+"@braintree/sanitize-url@npm:^6.0.0":
|
||||
+ version: 6.0.2
|
||||
+ resolution: "@braintree/sanitize-url@npm:6.0.2"
|
||||
+ checksum: 6a9dfd4081cc96516eeb281d1a83d3b5f1ad3d2837adf968fcc2ba18889ee833554f9c641b4083c36d3360a932e4504ddf25b0b51e9933c3742622df82cf7c9a
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@@ -5375,7 +5375,7 @@ __metadata:
|
||||
version: 0.0.0-use.local
|
||||
resolution: "@grafana/data@workspace:packages/grafana-data"
|
||||
dependencies:
|
||||
- "@braintree/sanitize-url": 6.0.0
|
||||
+ "@braintree/sanitize-url": ^6.0.0
|
||||
"@grafana/schema": 9.2.8
|
||||
"@grafana/tsconfig": ^1.2.0-rc1
|
||||
"@rollup/plugin-commonjs": 22.0.1
|
||||
@@ -14511,22 +14511,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"asn1@npm:~0.2.3":
|
||||
- version: 0.2.4
|
||||
- resolution: "asn1@npm:0.2.4"
|
||||
- dependencies:
|
||||
- safer-buffer: ~2.1.0
|
||||
- checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0":
|
||||
- version: 1.0.0
|
||||
- resolution: "assert-plus@npm:1.0.0"
|
||||
- checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"assert@npm:2.0.0":
|
||||
version: 2.0.0
|
||||
resolution: "assert@npm:2.0.0"
|
||||
@@ -15231,15 +15215,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"bcrypt-pbkdf@npm:^1.0.0":
|
||||
- version: 1.0.2
|
||||
- resolution: "bcrypt-pbkdf@npm:1.0.2"
|
||||
- dependencies:
|
||||
- tweetnacl: ^0.14.3
|
||||
- checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"before-after-hook@npm:^2.2.0":
|
||||
version: 2.2.2
|
||||
resolution: "before-after-hook@npm:2.2.2"
|
||||
@@ -17053,13 +17028,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"core-util-is@npm:1.0.2":
|
||||
- version: 1.0.2
|
||||
- resolution: "core-util-is@npm:1.0.2"
|
||||
- checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"core-util-is@npm:~1.0.0":
|
||||
version: 1.0.3
|
||||
resolution: "core-util-is@npm:1.0.3"
|
||||
@@ -18097,15 +18065,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"dashdash@npm:^1.12.0":
|
||||
- version: 1.14.1
|
||||
- resolution: "dashdash@npm:1.14.1"
|
||||
- dependencies:
|
||||
- assert-plus: ^1.0.0
|
||||
- checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"data-urls@npm:^2.0.0":
|
||||
version: 2.0.0
|
||||
resolution: "data-urls@npm:2.0.0"
|
||||
@@ -18842,16 +18801,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"ecc-jsbn@npm:~0.1.1":
|
||||
- version: 0.1.2
|
||||
- resolution: "ecc-jsbn@npm:0.1.2"
|
||||
- dependencies:
|
||||
- jsbn: ~0.1.0
|
||||
- safer-buffer: ^2.1.0
|
||||
- checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"ee-first@npm:1.1.1":
|
||||
version: 1.1.1
|
||||
resolution: "ee-first@npm:1.1.1"
|
||||
@@ -20489,20 +20438,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"extsprintf@npm:1.3.0":
|
||||
- version: 1.3.0
|
||||
- resolution: "extsprintf@npm:1.3.0"
|
||||
- checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
-"extsprintf@npm:^1.2.0":
|
||||
- version: 1.4.0
|
||||
- resolution: "extsprintf@npm:1.4.0"
|
||||
- checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3":
|
||||
version: 3.1.3
|
||||
resolution: "fast-deep-equal@npm:3.1.3"
|
||||
@@ -21462,15 +21397,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"getpass@npm:^0.1.1":
|
||||
- version: 0.1.7
|
||||
- resolution: "getpass@npm:0.1.7"
|
||||
- dependencies:
|
||||
- assert-plus: ^1.0.0
|
||||
- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"git-raw-commits@npm:^2.0.8":
|
||||
version: 2.0.11
|
||||
resolution: "git-raw-commits@npm:2.0.11"
|
||||
@@ -22832,25 +22758,10 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"http-signature@npm:~1.2.0":
|
||||
- version: 1.2.0
|
||||
- resolution: "http-signature@npm:1.2.0"
|
||||
- dependencies:
|
||||
- assert-plus: ^1.0.0
|
||||
- jsprim: ^1.2.2
|
||||
- sshpk: ^1.7.0
|
||||
- checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
-"http-signature@npm:~1.3.6":
|
||||
- version: 1.3.6
|
||||
- resolution: "http-signature@npm:1.3.6"
|
||||
- dependencies:
|
||||
- assert-plus: ^1.0.0
|
||||
- jsprim: ^2.0.2
|
||||
- sshpk: ^1.14.1
|
||||
- checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c
|
||||
+"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
|
||||
+ version: 1.1.3
|
||||
+ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
|
||||
+ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@@ -25418,13 +25329,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"jsbn@npm:~0.1.0":
|
||||
- version: 0.1.1
|
||||
- resolution: "jsbn@npm:0.1.1"
|
||||
- checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"jsdoc-type-pratt-parser@npm:~2.2.5":
|
||||
version: 2.2.5
|
||||
resolution: "jsdoc-type-pratt-parser@npm:2.2.5"
|
||||
@@ -25572,13 +25476,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"json-schema@npm:0.2.3, json-schema@npm:0.4.0":
|
||||
- version: 0.4.0
|
||||
- resolution: "json-schema@npm:0.4.0"
|
||||
- checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"json-source-map@npm:0.6.1":
|
||||
version: 0.6.1
|
||||
resolution: "json-source-map@npm:0.6.1"
|
||||
@@ -25709,30 +25606,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"jsprim@npm:^1.2.2":
|
||||
- version: 1.4.1
|
||||
- resolution: "jsprim@npm:1.4.1"
|
||||
- dependencies:
|
||||
- assert-plus: 1.0.0
|
||||
- extsprintf: 1.3.0
|
||||
- json-schema: 0.2.3
|
||||
- verror: 1.10.0
|
||||
- checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
-"jsprim@npm:^2.0.2":
|
||||
- version: 2.0.2
|
||||
- resolution: "jsprim@npm:2.0.2"
|
||||
- dependencies:
|
||||
- assert-plus: 1.0.0
|
||||
- extsprintf: 1.3.0
|
||||
- json-schema: 0.4.0
|
||||
- verror: 1.10.0
|
||||
- checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"jsurl@npm:^0.1.5":
|
||||
version: 0.1.5
|
||||
resolution: "jsurl@npm:0.1.5"
|
||||
@@ -26192,6 +26065,17 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
+"loader-utils@npm:2.0.0":
|
||||
+ version: 2.0.0
|
||||
+ resolution: "loader-utils@npm:2.0.0"
|
||||
+ dependencies:
|
||||
+ big.js: ^5.2.2
|
||||
+ emojis-list: ^3.0.0
|
||||
+ json5: ^2.1.2
|
||||
+ checksum: 6856423131b50b6f5f259da36f498cfd7fc3c3f8bb17777cf87fdd9159e797d4ba4288d9a96415fd8da62c2906960e88f74711dee72d03a9003bddcd0d364a51
|
||||
+ languageName: node
|
||||
+ linkType: hard
|
||||
+
|
||||
"loader-utils@npm:^2.0.0":
|
||||
version: 2.0.3
|
||||
resolution: "loader-utils@npm:2.0.3"
|
||||
@@ -27755,13 +27639,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"node-forge@npm:^1":
|
||||
- version: 1.3.1
|
||||
- resolution: "node-forge@npm:1.3.1"
|
||||
- checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"node-gettext@npm:^3.0.0":
|
||||
version: 3.0.0
|
||||
resolution: "node-gettext@npm:3.0.0"
|
||||
@@ -33404,7 +33281,7 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0":
|
||||
+"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0":
|
||||
version: 2.1.2
|
||||
resolution: "safer-buffer@npm:2.1.2"
|
||||
checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0
|
||||
@@ -33623,12 +33500,10 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"selfsigned@npm:^2.0.1":
|
||||
- version: 2.0.1
|
||||
- resolution: "selfsigned@npm:2.0.1"
|
||||
- dependencies:
|
||||
- node-forge: ^1
|
||||
- checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93
|
||||
+"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz":
|
||||
+ version: 1.1.3
|
||||
+ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz"
|
||||
+ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
@@ -34591,27 +34466,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0":
|
||||
- version: 1.16.1
|
||||
- resolution: "sshpk@npm:1.16.1"
|
||||
- dependencies:
|
||||
- asn1: ~0.2.3
|
||||
- assert-plus: ^1.0.0
|
||||
- bcrypt-pbkdf: ^1.0.0
|
||||
- dashdash: ^1.12.0
|
||||
- ecc-jsbn: ~0.1.1
|
||||
- getpass: ^0.1.1
|
||||
- jsbn: ~0.1.0
|
||||
- safer-buffer: ^2.0.2
|
||||
- tweetnacl: ~0.14.0
|
||||
- bin:
|
||||
- sshpk-conv: bin/sshpk-conv
|
||||
- sshpk-sign: bin/sshpk-sign
|
||||
- sshpk-verify: bin/sshpk-verify
|
||||
- checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"ssri@npm:^8.0.0, ssri@npm:^8.0.1":
|
||||
version: 8.0.1
|
||||
resolution: "ssri@npm:8.0.1"
|
||||
@@ -36287,13 +36141,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0":
|
||||
- version: 0.14.5
|
||||
- resolution: "tweetnacl@npm:0.14.5"
|
||||
- checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"type-check@npm:^0.4.0, type-check@npm:~0.4.0":
|
||||
version: 0.4.0
|
||||
resolution: "type-check@npm:0.4.0"
|
||||
@@ -37042,17 +36889,6 @@ __metadata:
|
||||
languageName: node
|
||||
linkType: soft
|
||||
|
||||
-"verror@npm:1.10.0":
|
||||
- version: 1.10.0
|
||||
- resolution: "verror@npm:1.10.0"
|
||||
- dependencies:
|
||||
- assert-plus: ^1.0.0
|
||||
- core-util-is: 1.0.2
|
||||
- extsprintf: ^1.2.0
|
||||
- checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea
|
||||
- languageName: node
|
||||
- linkType: hard
|
||||
-
|
||||
"vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0":
|
||||
version: 3.2.0
|
||||
resolution: "vfile-location@npm:3.2.0"
|
||||
|
||||
diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
|
||||
index e26f95d855..91d71f1414 100644
|
||||
--- a/packages/grafana-data/package.json
|
||||
+++ b/packages/grafana-data/package.json
|
||||
@@ -33,7 +33,7 @@
|
||||
"typecheck": "tsc --emitDeclarationOnly false --noEmit"
|
||||
},
|
||||
"dependencies": {
|
||||
- "@braintree/sanitize-url": "6.0.0",
|
||||
+ "@braintree/sanitize-url": "^6.0.0",
|
||||
"@grafana/schema": "9.2.8",
|
||||
"@types/d3-interpolate": "^1.4.0",
|
||||
"d3-interpolate": "1.4.0",
|
||||
|
@ -0,0 +1,21 @@
|
||||
From a23cb1162fd705147489915667b83a236ad248be Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Gerstmayr <agerstmayr@redhat.com>
|
||||
Date: Thu, 23 Jun 2022 17:00:46 +0200
|
||||
Subject: [PATCH] skip marketplace plugin install test
|
||||
|
||||
This test (tries to) install a plugin from the Grafana marketplace.
|
||||
Network connectivity is disabled in the build environment for security
|
||||
reasons, therefore we need to disable this test.
|
||||
|
||||
diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go
|
||||
index 0d62275c4b..c237aa9389 100644
|
||||
--- a/pkg/tests/api/plugins/api_plugins_test.go
|
||||
+++ b/pkg/tests/api/plugins/api_plugins_test.go
|
||||
@@ -56,6 +56,7 @@ func TestPlugins(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("Request is not forbidden if from an admin", func(t *testing.T) {
|
||||
+ t.Skip("this test requires connectivity to the Grafana plugin marketplace (fetching metadata)")
|
||||
statusCode, body := makePostRequest(t, grafanaAPIURL(usernameAdmin, grafanaListedAddr, "plugins/test/install"))
|
||||
|
||||
assert.Equal(t, 404, statusCode)
|
@ -0,0 +1,19 @@
|
||||
From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
|
||||
From: Stan Cox <scox@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 17:05:48 +0200
|
||||
Subject: [PATCH] fix alert test
|
||||
|
||||
|
||||
diff --git a/pkg/tests/api/alerting/api_alertmanager_test.go b/pkg/tests/api/alerting/api_alertmanager_test.go
|
||||
index 2d6e1235b6..f0eff6d2ac 100644
|
||||
--- a/pkg/tests/api/alerting/api_alertmanager_test.go 2023-01-24 14:44:19.000000000 -0500
|
||||
+++ b/pkg/tests/api/alerting/api_alertmanager_test.go 2023-04-13 16:20:51.718515009 -0400
|
||||
@@ -210,7 +210,7 @@
|
||||
{
|
||||
"comment": "string",
|
||||
"createdBy": "string",
|
||||
- "endsAt": "2023-03-31T14:17:04.419Z",
|
||||
+ "endsAt": "2032-03-31T14:17:04.419Z",
|
||||
"matchers": [
|
||||
{
|
||||
"isRegex": true,
|
@ -0,0 +1,31 @@
|
||||
From 05df8dcac715113517b81b1995ab1f0b69017f4a Mon Sep 17 00:00:00 2001
|
||||
From: ismail simsek <ismailsimsek09@gmail.com>
|
||||
Date: Thu, 16 Mar 2023 23:16:03 +0100
|
||||
Subject: [PATCH] graphite functions xss
|
||||
|
||||
commit e59427c074
|
||||
[v9.2.x] Fix xss in Graphite functions tooltip (#810)
|
||||
|
||||
Fix xss in Graphite functions tooltip (#804)
|
||||
|
||||
(cherry picked from commit 87aad3f11836f810ee1fdfee27827e746ef36055)
|
||||
|
||||
Co-authored-by: Ludovic Viaud <ludovic.viaud@gmail.com>
|
||||
|
||||
diff --git a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
|
||||
index facd0b2511..d4d41da720 100644
|
||||
--- a/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
|
||||
+++ b/public/app/plugins/datasource/graphite/components/FunctionEditorControls.tsx
|
||||
@@ -11,11 +11,9 @@ export interface FunctionEditorControlsProps {
|
||||
}
|
||||
|
||||
const FunctionDescription = React.lazy(async () => {
|
||||
- // @ts-ignore
|
||||
- const { default: rst2html } = await import(/* webpackChunkName: "rst2html" */ 'rst2html');
|
||||
return {
|
||||
default(props: { description?: string }) {
|
||||
- return <div dangerouslySetInnerHTML={{ __html: rst2html(props.description ?? '') }} />;
|
||||
+ return <div>{props.description}</div>;
|
||||
},
|
||||
};
|
||||
});
|
@ -0,0 +1,71 @@
|
||||
From 3236aa416f6d1b109bff1fdd4127292988fb199c Mon Sep 17 00:00:00 2001
|
||||
From: Stan Cox <scox@redhat.com>
|
||||
Date: Wed, 22 Jun 2022 17:05:48 +0200
|
||||
Subject: [PATCH] skip tests
|
||||
|
||||
These tests are problematic on s390 but lint complains about patches
|
||||
in an %ifarch block so apply to all architectures.
|
||||
|
||||
diff --git a/pkg/services/ngalert/notifier/alertmanager_test.go b/pkg/services/ngalert/notifier/alertmanager_test.go
|
||||
--- a/pkg/services/ngalert/notifier/alertmanager_test.go 2023-06-04 22:38:26.566930436 -0400
|
||||
+++ b/pkg/services/ngalert/notifier/alertmanager_test.go 2023-06-06 13:25:43.785556819 -0400
|
||||
@@ -54,6 +54,7 @@
|
||||
}
|
||||
|
||||
func TestPutAlert(t *testing.T) {
|
||||
+ t.Skip("Skip testing TestPutAlert")
|
||||
am := setupAMTest(t)
|
||||
|
||||
startTime := time.Now()
|
||||
@@ -350,6 +351,7 @@
|
||||
// implement a custom maintenance function for silences, because we snapshot
|
||||
// our data differently, so we test that functionality.
|
||||
func TestSilenceCleanup(t *testing.T) {
|
||||
+ t.Skip("Skip testing TestSilenceCleanup")
|
||||
require := require.New(t)
|
||||
|
||||
oldRetention := retentionNotificationsAndSilences
|
||||
diff --git a/pkg/services/ngalert/state/manager_test.go b/pkg/services/ngalert/state/manager_test.go
|
||||
--- a/pkg/services/ngalert/state/manager_test.go 2023-06-04 22:38:26.570930475 -0400
|
||||
+++ b/pkg/services/ngalert/state/manager_test.go 2023-06-06 13:26:47.588172342 -0400
|
||||
@@ -78,6 +78,7 @@
|
||||
}
|
||||
|
||||
func TestProcessEvalResults(t *testing.T) {
|
||||
+ t.Skip("Skip testing TestProcessEvalResults")
|
||||
evaluationTime, err := time.Parse("2006-01-02", "2021-03-25")
|
||||
if err != nil {
|
||||
t.Fatalf("error parsing date format: %s", err.Error())
|
||||
diff --git a/pkg/services/ngalert/schedule/schedule_test.go b/pkg/services/ngalert/schedule/schedule_test.go
|
||||
--- a/pkg/services/ngalert/schedule/schedule_test.go 2023-06-04 22:38:26.569930465 -0400
|
||||
+++ b/pkg/services/ngalert/schedule/schedule_test.go 2023-06-06 13:27:14.475431726 -0400
|
||||
@@ -130,6 +130,7 @@
|
||||
}
|
||||
|
||||
func TestAlertingTicker(t *testing.T) {
|
||||
+ t.Skip("Skip testing TestAlertingTicker")
|
||||
ctx := context.Background()
|
||||
_, dbstore := tests.SetupTestEnv(t, 1)
|
||||
|
||||
diff --git a/pkg/infra/filestorage/fs_integration_test.go b/pkg/infra/filestorage/fs_integration_test.go
|
||||
--- a/pkg/infra/filestorage/fs_integration_test.go 2023-06-04 22:38:26.539930172 -0400
|
||||
+++ b/pkg/infra/filestorage/fs_integration_test.go 2023-06-06 13:27:48.535760305 -0400
|
||||
@@ -169,6 +169,7 @@
|
||||
}
|
||||
|
||||
func TestIntegrationFsStorage(t *testing.T) {
|
||||
+ t.Skip("Skip testing TestIntegrationFsStorage")
|
||||
if testing.Short() {
|
||||
t.Skip("skipping integration test")
|
||||
}
|
||||
diff --git a/pkg/tests/api/alerting/api_prometheus_test.go b/pkg/tests/api/alerting/api_prometheus_test.go
|
||||
--- a/pkg/tests/api/alerting/api_prometheus_test.go 2023-06-04 22:38:26.588930651 -0400
|
||||
+++ b/pkg/tests/api/alerting/api_prometheus_test.go 2023-06-06 13:28:13.260998838 -0400
|
||||
@@ -25,6 +25,7 @@
|
||||
)
|
||||
|
||||
func TestPrometheusRules(t *testing.T) {
|
||||
+ t.Skip("Skip testing TestPrometheusRules")
|
||||
dir, path := testinfra.CreateGrafDir(t, testinfra.GrafanaOpts{
|
||||
DisableLegacyAlerting: true,
|
||||
EnableUnifiedAlerting: true,
|
@ -0,0 +1,61 @@
|
||||
commit bae86dbeb0
|
||||
Author: Ieva <ieva.vasiljeva@grafana.com>
|
||||
Date: Tue Jun 6 17:45:31 2023 +0100
|
||||
|
||||
Auth: Remove Email Lookup from oauth integrations 9.2 (#898)
|
||||
|
||||
backport https://github.com/grafana/grafana-private-mirror/pull/894 to 9.3.x
|
||||
|
||||
diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go
|
||||
index 22014aee43..af00c56a68 100644
|
||||
--- a/pkg/api/login_oauth.go
|
||||
+++ b/pkg/api/login_oauth.go
|
||||
@@ -302,16 +302,17 @@
|
||||
connect social.SocialConnector,
|
||||
) (*user.User, error) {
|
||||
oauthLogger.Debug("Syncing Grafana user with corresponding OAuth profile")
|
||||
+ lookupParams := models.UserLookupParams{}
|
||||
+ if hs.Cfg.OAuthAllowInsecureEmailLookup {
|
||||
+ lookupParams.Email = &extUser.Email
|
||||
+ }
|
||||
+
|
||||
// add/update user in Grafana
|
||||
cmd := &models.UpsertUserCommand{
|
||||
- ReqContext: ctx,
|
||||
- ExternalUser: extUser,
|
||||
- SignupAllowed: connect.IsSignupAllowed(),
|
||||
- UserLookupParams: models.UserLookupParams{
|
||||
- Email: &extUser.Email,
|
||||
- UserID: nil,
|
||||
- Login: nil,
|
||||
- },
|
||||
+ ReqContext: ctx,
|
||||
+ ExternalUser: extUser,
|
||||
+ SignupAllowed: connect.IsSignupAllowed(),
|
||||
+ UserLookupParams: lookupParams,
|
||||
}
|
||||
|
||||
if err := hs.Login.UpsertUser(ctx.Req.Context(), cmd); err != nil {
|
||||
diff --git a/pkg/setting/setting.go b/pkg/setting/setting.go
|
||||
index 20e8f78a2f..03aa5c17d8 100644
|
||||
--- a/pkg/setting/setting.go
|
||||
+++ b/pkg/setting/setting.go
|
||||
@@ -318,7 +318,8 @@
|
||||
AuthProxySyncTTL int
|
||||
|
||||
// OAuth
|
||||
- OAuthCookieMaxAge int
|
||||
+ OAuthCookieMaxAge int
|
||||
+ OAuthAllowInsecureEmailLookup bool
|
||||
|
||||
// JWT Auth
|
||||
JWTAuthEnabled bool
|
||||
@@ -1256,6 +1256,8 @@
|
||||
return err
|
||||
}
|
||||
|
||||
+ cfg.OAuthAllowInsecureEmailLookup = auth.Key("oauth_allow_insecure_email_lookup").MustBool(false)
|
||||
+
|
||||
const defaultMaxLifetime = "30d"
|
||||
maxLifetimeDurationVal := valueAsString(auth, "login_maximum_lifetime_duration", defaultMaxLifetime)
|
||||
cfg.LoginMaxLifetime, err = gtime.ParseDuration(maxLifetimeDurationVal)
|
@ -0,0 +1,13 @@
|
||||
diff --git a/pkg/framework/coremodel/helpers.go b/pkg/framework/coremodel/helpers.go
|
||||
index 20d111edba..6655f81cee 100644
|
||||
--- a/pkg/framework/coremodel/helpers.go
|
||||
+++ b/pkg/framework/coremodel/helpers.go
|
||||
@@ -26,7 +26,7 @@ func init() {
|
||||
var err error
|
||||
defaultFramework, err = doLoadFrameworkCUE(cuectx.ProvideCUEContext())
|
||||
if err != nil {
|
||||
- panic(err)
|
||||
+// panic(err)
|
||||
}
|
||||
}
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,146 @@
|
||||
use pbkdf2 from OpenSSL if FIPS mode is enabled
|
||||
|
||||
This patch modifies the x/crypto/pbkdf2 function to use OpenSSL
|
||||
if FIPS mode is enabled.
|
||||
DEFINEFUNC is from /usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h
|
||||
|
||||
diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go
|
||||
new file mode 100644
|
||||
index 0000000000..5a06918832
|
||||
--- /dev/null
|
||||
+++ b/vendor/golang.org/x/crypto/internal/boring/boring.go
|
||||
@@ -0,0 +1,74 @@
|
||||
+// Copyright 2017 The Go Authors. All rights reserved.
|
||||
+// Copyright 2021 Red Hat.
|
||||
+// Use of this source code is governed by a BSD-style
|
||||
+// license that can be found in the LICENSE file.
|
||||
+
|
||||
+// +build linux
|
||||
+// +build !android
|
||||
+// +build !no_openssl
|
||||
+// +build !cmd_go_bootstrap
|
||||
+// +build !msan
|
||||
+
|
||||
+package boring
|
||||
+
|
||||
+// #include "openssl_pbkdf2.h"
|
||||
+// #cgo LDFLAGS: -ldl
|
||||
+import "C"
|
||||
+import (
|
||||
+ "bytes"
|
||||
+ "crypto/sha1"
|
||||
+ "crypto/sha256"
|
||||
+ "hash"
|
||||
+ "unsafe"
|
||||
+)
|
||||
+
|
||||
+var (
|
||||
+ emptySha1 = sha1.Sum([]byte{})
|
||||
+ emptySha256 = sha256.Sum256([]byte{})
|
||||
+)
|
||||
+
|
||||
+func hashToMD(h hash.Hash) *C.GO_EVP_MD {
|
||||
+ emptyHash := h.Sum([]byte{})
|
||||
+
|
||||
+ switch {
|
||||
+ case bytes.Equal(emptyHash, emptySha1[:]):
|
||||
+ return C._goboringcrypto_EVP_sha1()
|
||||
+ case bytes.Equal(emptyHash, emptySha256[:]):
|
||||
+ return C._goboringcrypto_EVP_sha256()
|
||||
+ }
|
||||
+ return nil
|
||||
+}
|
||||
+
|
||||
+// charptr returns the address of the underlying array in b,
|
||||
+// being careful not to panic when b has zero length.
|
||||
+func charptr(b []byte) *C.char {
|
||||
+ if len(b) == 0 {
|
||||
+ return nil
|
||||
+ }
|
||||
+ return (*C.char)(unsafe.Pointer(&b[0]))
|
||||
+}
|
||||
+
|
||||
+// ucharptr returns the address of the underlying array in b,
|
||||
+// being careful not to panic when b has zero length.
|
||||
+func ucharptr(b []byte) *C.uchar {
|
||||
+ if len(b) == 0 {
|
||||
+ return nil
|
||||
+ }
|
||||
+ return (*C.uchar)(unsafe.Pointer(&b[0]))
|
||||
+}
|
||||
+
|
||||
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
|
||||
+ // println("[debug] using pbkdf2 from OpenSSL")
|
||||
+ ch := h()
|
||||
+ md := hashToMD(ch)
|
||||
+ if md == nil {
|
||||
+ return nil
|
||||
+ }
|
||||
+
|
||||
+ out := make([]byte, keyLen)
|
||||
+ ok := C._goboringcrypto_PKCS5_PBKDF2_HMAC(charptr(password), C.int(len(password)), ucharptr(salt), C.int(len(salt)), C.int(iter), md, C.int(keyLen), ucharptr(out))
|
||||
+ if ok != 1 {
|
||||
+ panic("boringcrypto: PKCS5_PBKDF2_HMAC failed")
|
||||
+ }
|
||||
+ return out
|
||||
+}
|
||||
diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go
|
||||
new file mode 100644
|
||||
index 0000000000..e244fb5663
|
||||
--- /dev/null
|
||||
+++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go
|
||||
@@ -0,0 +1,16 @@
|
||||
+// Copyright 2017 The Go Authors. All rights reserved.
|
||||
+// Copyright 2021 Red Hat.
|
||||
+// Use of this source code is governed by a BSD-style
|
||||
+// license that can be found in the LICENSE file.
|
||||
+
|
||||
+// +build !linux !cgo android cmd_go_bootstrap msan no_openssl
|
||||
+
|
||||
+package boring
|
||||
+
|
||||
+import (
|
||||
+ "hash"
|
||||
+)
|
||||
+
|
||||
+func Pbkdf2Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
|
||||
+ panic("boringcrypto: not available")
|
||||
+}
|
||||
diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
|
||||
new file mode 100644
|
||||
index 0000000000..6dfdf10424
|
||||
--- /dev/null
|
||||
+++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h
|
||||
@@ -0,0 +1,5 @@
|
||||
+#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h"
|
||||
+
|
||||
+DEFINEFUNC(int, PKCS5_PBKDF2_HMAC,
|
||||
+ (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out),
|
||||
+ (pass, passlen, salt, saltlen, iter, digest, keylen, out))
|
||||
diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
|
||||
index 593f653008..799a611f94 100644
|
||||
--- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
|
||||
+++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go
|
||||
@@ -19,8 +19,11 @@ pbkdf2.Key.
|
||||
package pbkdf2 // import "golang.org/x/crypto/pbkdf2"
|
||||
|
||||
import (
|
||||
+ "crypto/boring"
|
||||
"crypto/hmac"
|
||||
"hash"
|
||||
+
|
||||
+ xboring "golang.org/x/crypto/internal/boring"
|
||||
)
|
||||
|
||||
// Key derives a key from the password, salt and iteration count, returning a
|
||||
@@ -40,6 +43,10 @@ import (
|
||||
// Using a higher iteration count will increase the cost of an exhaustive
|
||||
// search but will also make derivation proportionally slower.
|
||||
func Key(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
|
||||
+ if boring.Enabled() {
|
||||
+ return xboring.Pbkdf2Key(password, salt, iter, keyLen, h)
|
||||
+ }
|
||||
+
|
||||
prf := hmac.New(h, password)
|
||||
hashLen := prf.Size()
|
||||
numBlocks := (keyLen + hashLen - 1) / hashLen
|
@ -0,0 +1,18 @@
|
||||
skip goldenfiles tests
|
||||
|
||||
The golden files include memory dumps from a x86_64 machine.
|
||||
Integers are stored as little endian on x86, but as big endian on s390x,
|
||||
therefore loading this memory dump fails on s390x.
|
||||
|
||||
diff --git a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
|
||||
index 320f40f3bd..20f5fa4f46 100644
|
||||
--- a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
|
||||
+++ b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go
|
||||
@@ -203,6 +203,7 @@ func CheckGoldenJSONFrame(t *testing.T, dir string, name string, f *data.Frame,
|
||||
// CheckGoldenJSONResponse will verify that the stored JSON file matches the given backend.DataResponse.
|
||||
func CheckGoldenJSONResponse(t *testing.T, dir string, name string, dr *backend.DataResponse, updateFile bool) {
|
||||
t.Helper()
|
||||
+ t.Skip("skipping test: x86_64 memory dump is not compatible with other architectures")
|
||||
fpath := path.Join(dir, name+".jsonc")
|
||||
|
||||
expected, err := readGoldenJSONFile(fpath)
|
@ -0,0 +1,20 @@
|
||||
#!/bin/bash -eu
|
||||
|
||||
# Webpack needs more than the default 4GB RAM
|
||||
export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144"
|
||||
|
||||
# Build the frontend
|
||||
yarn run build
|
||||
|
||||
# Build the bundled plugins
|
||||
mkdir plugins-bundled/external
|
||||
yarn run plugins:build-bundled
|
||||
for plugin in plugins-bundled/internal/input-datasource; do
|
||||
mv $plugin $plugin.tmp
|
||||
mv $plugin.tmp/dist $plugin
|
||||
rm -rf $plugin.tmp
|
||||
done
|
||||
rm plugins-bundled/README.md plugins-bundled/.gitignore plugins-bundled/external.json
|
||||
|
||||
# Fix permissions (webpack sometimes outputs files with mode = 666 due to reasons unknown (race condition/umask issue afaics))
|
||||
chmod -R g-w,o-w public/build plugins-bundled
|
@ -0,0 +1,85 @@
|
||||
#!/bin/bash -eux
|
||||
VERSION=$(rpm --specfile ./*.spec --qf '%{VERSION}\n' | head -1)
|
||||
RELEASE=$(rpm --specfile ./*.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1)
|
||||
CHANGELOGTIME=$(rpm --specfile ./*.spec --qf '%{CHANGELOGTIME}\n' | head -1)
|
||||
SOURCE_DATE_EPOCH=$((CHANGELOGTIME - CHANGELOGTIME % 86400))
|
||||
|
||||
SOURCE_DIR=grafana-$VERSION
|
||||
SOURCE_TAR=grafana-$VERSION.tar.gz
|
||||
VENDOR_TAR=grafana-vendor-$VERSION-$RELEASE.tar.xz
|
||||
WEBPACK_TAR=grafana-webpack-$VERSION-$RELEASE.tar.gz
|
||||
|
||||
|
||||
## Download and extract source tarball
|
||||
spectool -g grafana.spec
|
||||
rm -rf "${SOURCE_DIR}"
|
||||
tar xf "${SOURCE_TAR}"
|
||||
|
||||
|
||||
## Create vendor bundle
|
||||
pushd "${SOURCE_DIR}"
|
||||
|
||||
# Vendor Go dependencies
|
||||
patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch
|
||||
go mod vendor
|
||||
|
||||
# Generate Go files
|
||||
make gen-go
|
||||
|
||||
# Remove unused crypto
|
||||
rm -r vendor/golang.org/x/crypto/bcrypt
|
||||
rm -r vendor/golang.org/x/crypto/blowfish
|
||||
rm -r vendor/golang.org/x/crypto/cast5
|
||||
rm -r vendor/golang.org/x/crypto/openpgp/elgamal
|
||||
rm vendor/golang.org/x/crypto/openpgp/packet/ocfb.go
|
||||
rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2
|
||||
|
||||
# List bundled dependencies
|
||||
awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \
|
||||
sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest"
|
||||
|
||||
# Vendor Node.js dependencies
|
||||
patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch
|
||||
export HUSKY=0
|
||||
yarn install --frozen-lockfile
|
||||
|
||||
# Remove files with licensing issues
|
||||
find .yarn -name 'node-notifier' -prune -exec rm -r {} \;
|
||||
find .yarn -name 'nodemon' -prune -exec rm -r {} \;
|
||||
|
||||
# List bundled dependencies
|
||||
../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest"
|
||||
|
||||
popd
|
||||
|
||||
# Create tarball
|
||||
# shellcheck disable=SC2046
|
||||
XZ_OPT=-9 tar \
|
||||
--sort=name \
|
||||
--mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \
|
||||
--owner=0 --group=0 --numeric-owner \
|
||||
-cJf "${VENDOR_TAR}" \
|
||||
"${SOURCE_DIR}/vendor" \
|
||||
$(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \
|
||||
"${SOURCE_DIR}/.pnp.cjs" \
|
||||
"${SOURCE_DIR}/.yarn/cache" \
|
||||
"${SOURCE_DIR}/.yarn/unplugged"
|
||||
|
||||
|
||||
## Create webpack
|
||||
pushd "${SOURCE_DIR}"
|
||||
../build_frontend.sh
|
||||
popd
|
||||
|
||||
# Create tarball
|
||||
tar \
|
||||
--sort=name \
|
||||
--mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \
|
||||
--owner=0 --group=0 --numeric-owner \
|
||||
-czf "${WEBPACK_TAR}" \
|
||||
"${SOURCE_DIR}/plugins-bundled" \
|
||||
"${SOURCE_DIR}/public/build" \
|
||||
"${SOURCE_DIR}/public/img" \
|
||||
"${SOURCE_DIR}/public/lib" \
|
||||
"${SOURCE_DIR}/public/locales" \
|
||||
"${SOURCE_DIR}/public/views"
|
@ -0,0 +1,24 @@
|
||||
#!/bin/bash -eu
|
||||
#
|
||||
# create vendor and webpack bundles inside a container (for reproducibility)
|
||||
# using a Go cache:
|
||||
# ./create_bundles_in_container.sh --security-opt label=disable -v $(pwd)/.gocache:/root/go
|
||||
#
|
||||
|
||||
cat <<EOF | podman build -t grafana-build -f - .
|
||||
FROM fedora:35
|
||||
|
||||
RUN dnf upgrade -y && \
|
||||
dnf install -y rpmdevtools python3-packaging python3-pyyaml make golang nodejs yarnpkg
|
||||
|
||||
# https://groups.google.com/g/golang-nuts/c/MVtHZUtZru4
|
||||
ENV GOPROXY=https://proxy.golang.org,direct
|
||||
|
||||
WORKDIR /tmp/grafana-build
|
||||
COPY grafana.spec create_bundles.sh build_frontend.sh list_bundled_nodejs_packages.py *.patch .
|
||||
RUN mkdir bundles
|
||||
CMD ./create_bundles.sh && mv *.tar.* bundles
|
||||
EOF
|
||||
|
||||
podman run --name grafana-build --replace "$@" grafana-build
|
||||
podman cp grafana-build:bundles/. .
|
@ -0,0 +1,24 @@
|
||||
/etc/systemd/system/grafana-server.service -- gen_context(system_u:object_r:grafana_unit_file_t,s0)
|
||||
/usr/lib/systemd/system/grafana-server.service -- gen_context(system_u:object_r:grafana_unit_file_t,s0)
|
||||
|
||||
/etc/grafana(/.*)? gen_context(system_u:object_r:grafana_conf_t,s0)
|
||||
|
||||
/usr/sbin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0)
|
||||
/usr/sbin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0)
|
||||
|
||||
/var/lib/grafana(/.*)? gen_context(system_u:object_r:grafana_var_lib_t,s0)
|
||||
#/var/lib/grafana/grafana.db -- gen_context(system_u:object_r:grafana_db_t,s0)
|
||||
|
||||
/var/log/grafana(/.*)? gen_context(system_u:object_r:grafana_log_t,s0)
|
||||
|
||||
/var/run/grafana(/.*)? -- gen_context(system_u:object_r:grafana_var_run_t,s0)
|
||||
|
||||
#/var/lib/grafana/plugins(/.*)? gen_context(system_u:object_r:grafana_plugin_t,s0)
|
||||
|
||||
/usr/share/grafana/bin/grafana -- gen_context(system_u:object_r:grafana_exec_t,s0)
|
||||
/usr/share/grafana/bin/grafana-cli -- gen_context(system_u:object_r:grafana_exec_t,s0)
|
||||
/usr/share/grafana/bin/grafana-server -- gen_context(system_u:object_r:grafana_exec_t,s0)
|
||||
|
||||
#define context for pcp plugin
|
||||
#/usr/share/performancecopilot-pcp-app/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
|
||||
/usr/libexec/grafana-pcp/datasources/redis/pcp_redis_datasource_(.*) -- gen_context(system_u:object_r:grafana_pcp_exec_t,s0)
|
@ -0,0 +1,141 @@
|
||||
## <summary>policy for grafana</summary>
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute grafana_exec_t in the grafana domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`grafana_domtrans',`
|
||||
gen_require(`
|
||||
type grafana_t, grafana_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
domtrans_pattern($1, grafana_exec_t, grafana_t)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Allow domain to name_connect to grafana port. Default :3000
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`connect_grafana_port',`
|
||||
gen_require(`
|
||||
class tcp_socket name_connect;
|
||||
type grafana_port_t;
|
||||
')
|
||||
|
||||
allow $1 grafana_port_t:tcp_socket name_connect;
|
||||
')
|
||||
|
||||
#######################################
|
||||
## <summary>
|
||||
## Read grafana database.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`grafana_read_db',`
|
||||
gen_require(`
|
||||
type grafana_db_t;
|
||||
')
|
||||
|
||||
files_search_var_lib($1)
|
||||
search_dirs_pattern($1, grafana_var_lib_t, grafana_var_lib_t)
|
||||
read_files_pattern($1, grafana_db_t, grafana_db_t)
|
||||
')
|
||||
|
||||
######################################
|
||||
## <summary>
|
||||
## Execute grafana in the caller domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`grafana_exec',`
|
||||
gen_require(`
|
||||
type grafana_exec_t;
|
||||
')
|
||||
|
||||
corecmd_search_bin($1)
|
||||
can_exec($1, grafana_exec_t)
|
||||
')
|
||||
########################################
|
||||
## <summary>
|
||||
## Execute grafana server in the grafana domain.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed to transition.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`grafana_systemctl',`
|
||||
gen_require(`
|
||||
type grafana_t;
|
||||
type grafana_unit_file_t;
|
||||
')
|
||||
|
||||
systemd_exec_systemctl($1)
|
||||
systemd_read_fifo_file_passwd_run($1)
|
||||
allow $1 grafana_unit_file_t:file read_file_perms;
|
||||
allow $1 grafana_unit_file_t:service manage_service_perms;
|
||||
|
||||
ps_process_pattern($1, grafana_t)
|
||||
')
|
||||
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## All of the rules required to administrate
|
||||
## an grafana environment
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <param name="role">
|
||||
## <summary>
|
||||
## Role allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <rolecap/>
|
||||
#
|
||||
interface(`grafana_admin',`
|
||||
gen_require(`
|
||||
type grafana_t;
|
||||
type grafana_unit_file_t;
|
||||
')
|
||||
|
||||
allow $1 grafana_t:process { signal_perms };
|
||||
ps_process_pattern($1, grafana_t)
|
||||
|
||||
tunable_policy(`deny_ptrace',`',`
|
||||
allow $1 grafana_t:process ptrace;
|
||||
')
|
||||
|
||||
grafana_systemctl($1)
|
||||
admin_pattern($1, grafana_unit_file_t)
|
||||
allow $1 grafana_unit_file_t:service all_service_perms;
|
||||
optional_policy(`
|
||||
systemd_passwd_agent_exec($1)
|
||||
systemd_read_fifo_file_passwd_run($1)
|
||||
')
|
||||
')
|
@ -0,0 +1,2 @@
|
||||
#Type Name ID GECOS Home directory
|
||||
u grafana - "Grafana user account" /usr/share/grafana
|
@ -0,0 +1,199 @@
|
||||
policy_module(grafana, 1.0.4)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
#permissive grafana_t;
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow grafana to be used with a reverse proxy
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(grafana_can_reverse_proxy, false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow grafana to connect to elasticsearch's default tcp port of 9200
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(grafana_can_tcp_connect_elasticsearch_port, false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow grafana to connect to mysql's default tcp port of 3306
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(grafana_can_tcp_connect_mysql_port, false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow grafana to connect to postgresql's default tcp port of 5432
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(grafana_can_tcp_connect_postgresql_port, false)
|
||||
|
||||
## <desc>
|
||||
## <p>
|
||||
## Allow grafana to connect to prometheus' default tcp port of 9090
|
||||
## </p>
|
||||
## </desc>
|
||||
gen_tunable(grafana_can_tcp_connect_prometheus_port, false)
|
||||
|
||||
|
||||
type grafana_t;
|
||||
type grafana_exec_t;
|
||||
init_daemon_domain(grafana_t, grafana_exec_t)
|
||||
init_nnp_daemon_domain(grafana_t)
|
||||
|
||||
type grafana_unit_file_t;
|
||||
systemd_unit_file(grafana_unit_file_t)
|
||||
|
||||
type grafana_conf_t;
|
||||
files_config_file(grafana_conf_t)
|
||||
|
||||
type grafana_db_t;
|
||||
files_config_file(grafana_db_t)
|
||||
|
||||
type grafana_tmp_t;
|
||||
files_tmp_file(grafana_tmp_t)
|
||||
|
||||
type grafana_tmpfs_t;
|
||||
files_tmpfs_file(grafana_tmpfs_t)
|
||||
|
||||
type grafana_log_t;
|
||||
logging_log_file(grafana_log_t)
|
||||
|
||||
type grafana_var_run_t;
|
||||
files_pid_file(grafana_var_run_t)
|
||||
|
||||
type grafana_var_lib_t;
|
||||
files_type(grafana_var_lib_t)
|
||||
|
||||
type grafana_port_t;
|
||||
corenet_port(grafana_port_t)
|
||||
|
||||
type grafana_pcp_exec_t;
|
||||
corecmd_executable_file(grafana_pcp_exec_t)
|
||||
can_exec(grafana_t, grafana_pcp_exec_t)
|
||||
|
||||
# Ports 32768-60999 (pcp port is 44322)
|
||||
corenet_tcp_connect_all_ephemeral_ports(grafana_t)
|
||||
grafana_exec(grafana_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
# grafana local policy
|
||||
#
|
||||
allow grafana_t self:tcp_socket create_stream_socket_perms;
|
||||
allow grafana_t self:udp_socket create_stream_socket_perms;
|
||||
allow grafana_t self:unix_dgram_socket create_socket_perms;
|
||||
|
||||
allow grafana_t grafana_port_t:tcp_socket { name_bind name_connect };
|
||||
|
||||
allow grafana_t self:unix_stream_socket connectto;
|
||||
|
||||
allow grafana_t self:netlink_route_socket { create bind getattr nlmsg_read };
|
||||
|
||||
optional_policy(`
|
||||
require {
|
||||
type smtp_port_t;
|
||||
class tcp_socket { name_connect };
|
||||
}
|
||||
allow grafana_t smtp_port_t:tcp_socket name_connect;
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
require {
|
||||
type usr_t;
|
||||
class file { execute execute_no_trans };
|
||||
}
|
||||
allow grafana_t usr_t:file { execute execute_no_trans };
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
require {
|
||||
type postgresql_t;
|
||||
type postgresql_var_run_t;
|
||||
class unix_stream_socket { connectto };
|
||||
class sock_file { write };
|
||||
}
|
||||
allow grafana_t postgresql_t:unix_stream_socket connectto;
|
||||
allow grafana_t postgresql_var_run_t:sock_file write;
|
||||
')
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
|
||||
manage_files_pattern(grafana_t, grafana_conf_t, grafana_conf_t)
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_db_t, grafana_db_t)
|
||||
manage_files_pattern(grafana_t, grafana_db_t, grafana_db_t)
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
|
||||
manage_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
|
||||
manage_sock_files_pattern(grafana_t, grafana_tmp_t, grafana_tmp_t)
|
||||
files_tmp_filetrans(grafana_t, grafana_tmp_t, { dir file sock_file })
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
|
||||
manage_files_pattern(grafana_t, grafana_tmpfs_t, grafana_tmpfs_t)
|
||||
fs_tmpfs_filetrans(grafana_t, grafana_tmpfs_t, {dir file})
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_log_t, grafana_log_t)
|
||||
manage_files_pattern(grafana_t, grafana_log_t, grafana_log_t)
|
||||
logging_log_filetrans(grafana_t, grafana_log_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
|
||||
manage_files_pattern(grafana_t, grafana_var_run_t, grafana_var_run_t)
|
||||
files_pid_filetrans(grafana_t, grafana_var_run_t, { dir file })
|
||||
|
||||
manage_dirs_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
|
||||
manage_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
|
||||
manage_lnk_files_pattern(grafana_t, grafana_var_lib_t, grafana_var_lib_t)
|
||||
files_var_lib_filetrans(grafana_t, grafana_var_lib_t, { dir file })
|
||||
|
||||
|
||||
corenet_tcp_connect_http_port(grafana_t)
|
||||
corenet_tcp_bind_generic_node(grafana_t)
|
||||
|
||||
kernel_dgram_send(grafana_t)
|
||||
kernel_read_net_sysctls(grafana_t)
|
||||
kernel_read_system_state(grafana_t)
|
||||
|
||||
auth_read_passwd(grafana_t)
|
||||
|
||||
dev_read_sysfs(grafana_t)
|
||||
|
||||
sysnet_read_config(grafana_t)
|
||||
|
||||
logging_send_syslog_msg(grafana_t)
|
||||
|
||||
miscfiles_read_generic_certs(grafana_t)
|
||||
|
||||
tunable_policy(`grafana_can_reverse_proxy',`
|
||||
gen_require(`
|
||||
type httpd_t;
|
||||
')
|
||||
|
||||
connect_grafana_port(httpd_t) # Reverse proxy support
|
||||
corenet_tcp_connect_http_port(grafana_t)
|
||||
')
|
||||
|
||||
tunable_policy(`grafana_can_tcp_connect_elasticsearch_port',` # Elasticsearch default tcp port 9200
|
||||
corenet_tcp_connect_wap_wsp_port(grafana_t)
|
||||
')
|
||||
|
||||
tunable_policy(`grafana_can_tcp_connect_mysql_port',` # Mysql default tcp port 3306
|
||||
corenet_tcp_connect_mysqld_port(grafana_t)
|
||||
')
|
||||
|
||||
tunable_policy(`grafana_can_tcp_connect_postgresql_port',` # Postgresql default tcp port 5432
|
||||
corenet_tcp_connect_postgresql_port(grafana_t)
|
||||
')
|
||||
|
||||
tunable_policy(`grafana_can_tcp_connect_prometheus_port',` # Prometheus default tcp port 9090
|
||||
corenet_tcp_connect_websm_port(grafana_t)
|
||||
')
|
||||
|
||||
optional_policy(`
|
||||
systemd_private_tmp(grafana_tmp_t)
|
||||
')
|
@ -0,0 +1,70 @@
|
||||
#!/usr/bin/env python3
|
||||
#
|
||||
# generates Provides: bundled(npm(...)) = ... lines for each declared dependency and devDependency of package.json
|
||||
#
|
||||
import os
|
||||
import sys
|
||||
import json
|
||||
import yaml
|
||||
from packaging import version
|
||||
|
||||
|
||||
def scan_package_json(package_dir):
|
||||
for root, dirs, files in os.walk(package_dir, topdown=True):
|
||||
dirs[:] = [d for d in dirs if d not in ["node_modules", "vendor"]]
|
||||
if "package.json" in files:
|
||||
yield os.path.join(root, "package.json")
|
||||
|
||||
|
||||
def read_declared_pkgs(package_json_path):
|
||||
with open(package_json_path) as f:
|
||||
package_json = json.load(f)
|
||||
return list(package_json.get("dependencies", {}).keys()) + list(
|
||||
package_json.get("devDependencies", {}).keys()
|
||||
)
|
||||
|
||||
|
||||
def read_installed_pkgs(yarn_lock_path):
|
||||
with open(yarn_lock_path) as f:
|
||||
lockfile = yaml.safe_load(f)
|
||||
for pkg_decl, meta in lockfile.items():
|
||||
for pkg in pkg_decl.split(", "):
|
||||
if ":" not in pkg:
|
||||
continue
|
||||
pkg_name = pkg[: pkg.index("@", 1)]
|
||||
pkg_version = meta["version"]
|
||||
yield (pkg_name, pkg_version)
|
||||
|
||||
|
||||
def list_provides(declared_pkgs, installed_pkgs):
|
||||
for declared_pkg in declared_pkgs:
|
||||
# there can be multiple versions installed of one package (transitive dependencies)
|
||||
# but rpm doesn't support Provides: with a single package and multiple versions
|
||||
# so let's declare the oldest version here
|
||||
versions = [
|
||||
version.parse(pkg_version)
|
||||
for pkg_name, pkg_version in installed_pkgs
|
||||
if pkg_name == declared_pkg
|
||||
]
|
||||
|
||||
if not versions:
|
||||
print(f"warning: {declared_pkg} missing in yarn.lock", file=sys.stderr)
|
||||
continue
|
||||
|
||||
oldest_version = sorted(versions)[0]
|
||||
yield f"Provides: bundled(npm({declared_pkg})) = {oldest_version}"
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
if len(sys.argv) != 2:
|
||||
print(f"usage: {sys.argv[0]} package-X.Y.Z/", file=sys.stdout)
|
||||
sys.exit(1)
|
||||
|
||||
package_dir = sys.argv[1]
|
||||
declared_pkgs = set()
|
||||
for package_json_path in scan_package_json(package_dir):
|
||||
declared_pkgs.update(read_declared_pkgs(package_json_path))
|
||||
installed_pkgs = list(read_installed_pkgs(f"{package_dir}/yarn.lock"))
|
||||
provides = list_provides(declared_pkgs, installed_pkgs)
|
||||
for provide in sorted(provides):
|
||||
print(provide)
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue