diff --git a/001-wrappers-grafana-cli.patch b/0001-update-grafana-cli-script-with-distro-specific-paths.patch similarity index 45% rename from 001-wrappers-grafana-cli.patch rename to 0001-update-grafana-cli-script-with-distro-specific-paths.patch index 01fe90eb17122d10ed3af29421d4ef26fe722feb..70ce0d510e0b4aac159398dfb3c60811a1725a09 100644 --- a/001-wrappers-grafana-cli.patch +++ b/0001-update-grafana-cli-script-with-distro-specific-paths.patch @@ -1,5 +1,12 @@ +From 2ad9b1bd641eab2daae9c461656a56c8c2688485 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 16:57:52 +0200 +Subject: [PATCH] update grafana-cli script with distro-specific paths and + switch to grafana user + + diff --git a/packaging/wrappers/grafana-cli b/packaging/wrappers/grafana-cli -index 9cad151c0d..a786edc596 100755 +index dafa075a2c..eda358c425 100755 --- a/packaging/wrappers/grafana-cli +++ b/packaging/wrappers/grafana-cli @@ -5,18 +5,19 @@ @@ -24,25 +31,33 @@ index 9cad151c0d..a786edc596 100755 if [ ! -x $EXECUTABLE ]; then echo "Program not installed or not executable" -@@ -24,6 +25,7 @@ if [ ! -x $EXECUTABLE ]; then - fi - - # overwrite settings from default file -+#shellcheck disable=SC1090 - if [ -f "$DEFAULT" ]; then +@@ -28,12 +29,21 @@ if [ -f "$DEFAULT" ]; then . "$DEFAULT" fi -@@ -36,4 +38,13 @@ OPTS="--homepath=${GRAFANA_HOME} \ - cfg:default.paths.logs=${LOG_DIR} \ - cfg:default.paths.plugins=${PLUGINS_DIR}'" --eval $EXECUTABLE "$OPTS" "$@" +-OPTS="--homepath=${GRAFANA_HOME} \ +- --config=${CONF_FILE} \ +- --pluginsDir=${PLUGINS_DIR} \ +- --configOverrides='cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \ +- cfg:default.paths.data=${DATA_DIR} \ +- cfg:default.paths.logs=${LOG_DIR} \ +- cfg:default.paths.plugins=${PLUGINS_DIR}'" +- +-eval $EXECUTABLE "$OPTS" '$@' ++OPTS=("--homepath=${GRAFANA_HOME}" ++ "--config=${CONF_FILE}" ++ "--pluginsDir=${PLUGINS_DIR}" ++ "--configOverrides=cfg:default.paths.provisioning=$PROVISIONING_CFG_DIR \ ++ cfg:default.paths.data=${DATA_DIR} \ ++ cfg:default.paths.logs=${LOG_DIR} \ ++ cfg:default.paths.plugins=${PLUGINS_DIR}") ++ +if [ "$(id -u)" -eq 0 ]; then + cd "${GRAFANA_HOME}" -+ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "$OPTS" "$@" ++ exec runuser -u "${GRAFANA_USER}" -- "$EXECUTABLE" "${OPTS[@]}" "$@" +elif [ "$(id -u -n)" = "${GRAFANA_USER}" ]; then + cd "${GRAFANA_HOME}" -+ exec "$EXECUTABLE" "$OPTS" "$@" ++ exec "$EXECUTABLE" "${OPTS[@]}" "$@" +else + echo "$0: please run this script as user \"${GRAFANA_USER}\" or root." + exit 5 diff --git a/002-manpages.patch b/0002-add-manpages.patch similarity index 81% rename from 002-manpages.patch rename to 0002-add-manpages.patch index 36ca294222cdaabc219ef583236b3186b74f0241..92002762ee33406bee21500fa264a0d28126ba91 100644 --- a/002-manpages.patch +++ b/0002-add-manpages.patch @@ -1,10 +1,16 @@ +From ecac3e25a416bd66b19bc3074f9583dfd965a919 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:01:09 +0200 +Subject: [PATCH] add manpages + + diff --git a/docs/man/man1/grafana-cli.1 b/docs/man/man1/grafana-cli.1 new file mode 100644 -index 0000000000..7ac2af882c +index 0000000000..39c0d5cee0 --- /dev/null +++ b/docs/man/man1/grafana-cli.1 -@@ -0,0 +1,60 @@ -+.TH GRAFANA "1" "October 2021" "Grafana cli version 7.5.11" "User Commands" +@@ -0,0 +1,63 @@ ++.TH GRAFANA "1" "September 2022" "Grafana cli version 9.0.9" "User Commands" +.SH NAME +grafana-cli \- command line administration for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -22,6 +28,9 @@ index 0000000000..7ac2af882c +admin +Grafana admin commands +.TP ++cue ++Cue validation commands ++.TP +help, h +Shows a list of commands or help for one command +.SS "GLOBAL OPTIONS:" @@ -36,10 +45,10 @@ index 0000000000..7ac2af882c +Full url to the plugin zip file instead of downloading the plugin from grafana.com/api [$GF_PLUGIN_URL] +.TP +\fB\-\-insecure\fR -+Skip TLS verification (insecure) ++Skip TLS verification (insecure) (default: false) +.TP -+\fB\-\-debug\fR, \fB\-d\fR -+enable debug logging ++\fB\-\-debug\fR ++Enable debug logging (default: false) +.TP +\fB\-\-configOverrides\fR value +Configuration options to override defaults as a string. e.g. cfg:default.paths.log=/dev/null @@ -66,11 +75,11 @@ index 0000000000..7ac2af882c +.BR http://docs.grafana.org/ . diff --git a/docs/man/man1/grafana-server.1 b/docs/man/man1/grafana-server.1 new file mode 100644 -index 0000000000..c616268b31 +index 0000000000..683a2369cc --- /dev/null +++ b/docs/man/man1/grafana-server.1 -@@ -0,0 +1,72 @@ -+.TH VERSION "1" "October 2021" "Version 7.5.11" "User Commands" +@@ -0,0 +1,80 @@ ++.TH VERSION "1" "September 2022" "Version 9.0.9" "User Commands" +.SH NAME +grafana-server \- back-end server for the Grafana metrics dashboard and graph editor +.SH DESCRIPTION @@ -94,7 +103,7 @@ index 0000000000..c616268b31 +.P +.SH OPTIONS +The -+.B gafana-server ++.B grafana-server +configuration is specified in +.BR /etc/grafana/grafana.ini +and is well documented with comments. @@ -122,6 +131,10 @@ index 0000000000..c616268b31 +.IP +Turn on pprof profiling +.HP ++\fB\-profile\-addr\fR string ++.IP ++Define custom address for profiling (default "localhost") ++.HP +\fB\-profile\-port\fR uint +.IP +Define custom port for profiling (default 6060) @@ -137,6 +150,10 @@ index 0000000000..c616268b31 +\fB\-v\fR +.IP +prints current version and exits ++.TP ++\fB\-vv\fR ++.IP ++prints current version, all dependencies and exits +.SH "SEE ALSO" +The full documentation for +.B Grafana diff --git a/0003-update-default-configuration.patch b/0003-update-default-configuration.patch new file mode 100644 index 0000000000000000000000000000000000000000..6ef6de456812c789c8bbbdd0fdfccfa52fc29a95 --- /dev/null +++ b/0003-update-default-configuration.patch @@ -0,0 +1,68 @@ +From a84194c2f7929bd78303daf04a56ab32cd9c4bb3 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:05:48 +0200 +Subject: [PATCH] update default configuration + + +diff --git a/conf/defaults.ini b/conf/defaults.ini +index dbb7143be4..4a3cf0a21d 100644 +--- a/conf/defaults.ini ++++ b/conf/defaults.ini +@@ -190,7 +190,7 @@ row_limit = 1000000 + # No ip addresses are being tracked, only simple counters to track + # running instances, dashboard and error counts. It is very helpful to us. + # Change this option to false to disable reporting. +-reporting_enabled = true ++reporting_enabled = false + + # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs + reporting_distributor = grafana-labs +@@ -200,7 +200,7 @@ reporting_distributor = grafana-labs + # in some UI views to notify that a grafana update exists. + # This option does not cause any auto updates, nor send any information + # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. +-check_for_updates = true ++check_for_updates = false + + # Set to false to disable all checks to https://grafana.com + # for new versions of plugins. The check is used +diff --git a/conf/sample.ini b/conf/sample.ini +index d44532f346..1ede932e1e 100644 +--- a/conf/sample.ini ++++ b/conf/sample.ini +@@ -196,7 +196,7 @@ + # No ip addresses are being tracked, only simple counters to track + # running instances, dashboard and error counts. It is very helpful to us. + # Change this option to false to disable reporting. +-;reporting_enabled = true ++;reporting_enabled = false + + # The name of the distributor of the Grafana instance. Ex hosted-grafana, grafana-labs + ;reporting_distributor = grafana-labs +@@ -206,7 +206,7 @@ + # in some UI views to notify that a grafana update exists. + # This option does not cause any auto updates, nor send any information + # only a GET request to https://raw.githubusercontent.com/grafana/grafana/main/latest.json to get the latest version. +-;check_for_updates = true ++;check_for_updates = false + + # Set to false to disable all checks to https://grafana.com + # for new versions of plugins. The check is used +@@ -338,7 +338,7 @@ + + # Minimum dashboard refresh interval. When set, this will restrict users to set the refresh interval of a dashboard lower than given interval. Per default this is 5 seconds. + # The interval string is a possibly signed sequence of decimal numbers, followed by a unit suffix (ms, s, m, h, d), e.g. 30s or 1m. +-;min_refresh_interval = 5s ++min_refresh_interval = 1s + + # Path to the default home dashboard. If this value is empty, then Grafana uses StaticRootPath + "dashboards/home.json" + ;default_home_dashboard_path = +@@ -1028,7 +1028,7 @@ + ;enable_alpha = false + ;app_tls_skip_verify_insecure = false + # Enter a comma-separated list of plugin identifiers to identify plugins to load even if they are unsigned. Plugins with modified signatures are never loaded. +-;allow_loading_unsigned_plugins = ++allow_loading_unsigned_plugins = performancecopilot-pcp-app,pcp-redis-datasource,pcp-vector-datasource,pcp-bpftrace-datasource,pcp-flamegraph-panel,pcp-breadcrumbs-panel,pcp-troubleshooting-panel,performancecopilot-redis-datasource,performancecopilot-vector-datasource,performancecopilot-bpftrace-datasource,performancecopilot-flamegraph-panel,performancecopilot-breadcrumbs-panel,performancecopilot-troubleshooting-panel + # Enable or disable installing / uninstalling / updating plugins directly from within Grafana. + ;plugin_admin_enabled = false + ;plugin_admin_external_manage_enabled = false diff --git a/0004-remove-unused-backend-dependencies.patch b/0004-remove-unused-backend-dependencies.patch new file mode 100644 index 0000000000000000000000000000000000000000..977ce5b8ef57df98b18a3520290b79abfc0f447b --- /dev/null +++ b/0004-remove-unused-backend-dependencies.patch @@ -0,0 +1,143 @@ +From 7139240c52b69fde8b893bf73fb6a4910d65f30b Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:18:56 +0200 +Subject: [PATCH] remove unused backend dependencies + +saml and gofpdf are not used in the OSS edition of Grafana +after editing `pkg/extensions/main.go`, run `go mod tidy` + +diff --git a/go.mod b/go.mod +index 951745c95f..5b1379fa98 100644 +--- a/go.mod ++++ b/go.mod +@@ -27,7 +27,6 @@ require ( + github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b + github.com/centrifugal/centrifuge v0.19.0 + github.com/cortexproject/cortex v1.10.1-0.20211014125347-85c378182d0d +- github.com/crewjam/saml v0.4.6-0.20210521115923-29c6295245bd + github.com/davecgh/go-spew v1.1.1 + github.com/denisenkom/go-mssqldb v0.12.0 + github.com/dop251/goja v0.0.0-20210804101310-32956a348b49 +@@ -63,7 +62,6 @@ require ( + github.com/influxdata/line-protocol v0.0.0-20210311194329-9aa0e372d097 + github.com/jmespath/go-jmespath v0.4.0 + github.com/json-iterator/go v1.1.12 +- github.com/jung-kurt/gofpdf v1.16.2 + github.com/lib/pq v1.10.4 + github.com/linkedin/goavro/v2 v2.10.0 + github.com/m3db/prometheus_remote_client_golang v0.4.4 +@@ -191,7 +189,6 @@ require ( + github.com/josharian/intern v1.0.0 // indirect + github.com/jpillora/backoff v1.0.0 // indirect + github.com/mailru/easyjson v0.7.7 // indirect +- github.com/mattermost/xml-roundtrip-validator v0.1.0 // indirect + github.com/mattetti/filebuffer v1.0.1 // indirect + github.com/mattn/go-runewidth v0.0.9 // indirect + github.com/miekg/dns v1.1.43 // indirect +diff --git a/go.sum b/go.sum +index 0f2ad00d37..19e3489ca1 100644 +--- a/go.sum ++++ b/go.sum +@@ -740,7 +740,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t + github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= + github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= + github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= +-github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4= + github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ= + github.com/cucumber/godog v0.8.1/go.mod h1:vSh3r/lM+psC1BPXvdkSEuNjmXfpVqrMGYAElF6hxnA= + github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= +@@ -766,7 +765,6 @@ github.com/davecgh/go-spew v0.0.0-20161028175848-04cdfd42973b/go.mod h1:J7Y8YcW2 + github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= + github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= + github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +-github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4= + github.com/deepmap/oapi-codegen v1.6.0/go.mod h1:ryDa9AgbELGeB+YEXE1dR53yAjHwFvE9iAUlWl9Al3M= + github.com/deepmap/oapi-codegen v1.8.2 h1:SegyeYGcdi0jLLrpbCMoJxnUUn8GBXHsvr4rbzjuhfU= + github.com/deepmap/oapi-codegen v1.8.2/go.mod h1:YLgSKSDv/bZQB7N4ws6luhozi3cEdRktEqrX88CvjIw= +@@ -923,7 +921,6 @@ github.com/fluent/fluent-bit-go v0.0.0-20190925192703-ea13c021720c/go.mod h1:WQX + github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= + github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= + github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= +-github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= + github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= + github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= + github.com/foxcpp/go-mockdns v0.0.0-20201212160233-ede2f9158d15/go.mod h1:tPg4cp4nseejPd+UKxtCVQ2hUxNTZ7qQZJa7CLriIeo= +@@ -1459,8 +1456,6 @@ github.com/grafana/grafana-plugin-sdk-go v0.138.0 h1:uJWNwHL4RoQF3axoi3RDSwoNu/K + github.com/grafana/grafana-plugin-sdk-go v0.138.0/go.mod h1:Y+Ps2sesZ62AyCnX+hzrYnyDQYe/ZZl+A8yKLOBm12c= + github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa h1:+pXjAxavVR2FKKNsuuCXGCWEj8XGc1Af6SPiyBpzU2A= + github.com/grafana/loki v1.6.2-0.20211015002020-7832783b1caa/go.mod h1:0O8o/juxNSKN/e+DzWDTRkl7Zm8CkZcz0NDqEdojlrk= +-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b h1:YiSGp34F4V0G08HHx1cJBf2GVgwYAkXQjzuVs1t8jYk= +-github.com/grafana/saml v0.0.0-20211007135653-aed1b2edd86b/go.mod h1:q83kyQoMD0vhy+RzFLlbw0UgHJ6TAihQpuXvdFmm4s4= + github.com/grafana/sqlds/v2 v2.3.7/go.mod h1:c6ibxnxRVGxV/0YkEgvy7QpQH/lyifFyV7K/14xvdIs= + github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751 h1:5PpsfN52XA0hxOjD/qQ0QNiEkp9Y9Tb+yz/Hj9fyL4M= + github.com/grafana/thema v0.0.0-20220523183731-72aebd14e751/go.mod h1:KuqTKX9lfM87uu9vt9DS/q+REqSrAm2xYMnBBvlmevA= +@@ -1766,7 +1761,6 @@ github.com/joefitzgerald/rainbow-reporter v0.1.0/go.mod h1:481CNgqmVHQZzdIbN52Cu + github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= + github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= + github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= +-github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= + github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= + github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= + github.com/joncrlsn/dque v2.2.1-0.20200515025108-956d14155fa2+incompatible/go.mod h1:hDZb8oMj3Kp8MxtbNLg9vrtAUDHjgI1yZvqivT4O8Iw= +@@ -1801,8 +1795,6 @@ github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7V + github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= + github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= + github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +-github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc= +-github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0= + github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0= + github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8= + github.com/kardianos/service v1.0.0/go.mod h1:8CzDhVuCuugtsHyZoTvsOBuvonN/UDBvl0kH+BUxvbo= +@@ -1930,8 +1922,6 @@ github.com/marstr/guid v1.1.0/go.mod h1:74gB1z2wpxxInTG6yaqA7KrtM0NZ+RbrcqDvYHef + github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= + github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= + github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= +-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU= +-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To= + github.com/mattetti/filebuffer v1.0.1 h1:gG7pyfnSIZCxdoKq+cPa8T0hhYtD9NxCdI4D7PTjRLM= + github.com/mattetti/filebuffer v1.0.1/go.mod h1:YdMURNDOttIiruleeVr6f56OrMc+MydEnTcXwtkxNVs= + github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= +@@ -2239,7 +2229,6 @@ github.com/peterh/liner v1.0.1-0.20180619022028-8c1271fcf47f/go.mod h1:xIteQHvHu + github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= + github.com/philhofer/fwd v1.1.1/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU= + github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= +-github.com/phpdave11/gofpdi v1.0.7/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= + github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= + github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= + github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc= +@@ -2433,7 +2422,6 @@ github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ= + github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= + github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= + github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc= +-github.com/russellhaering/goxmldsig v1.1.0/go.mod h1:QK8GhXPB3+AfuCrfo0oRISa9NfzeCpWmxeGnqEpDF9o= + github.com/russellhaering/goxmldsig v1.1.1 h1:vI0r2osGF1A9PLvsGdPUAGwEIrKa4Pj5sesSBsebIxM= + github.com/russellhaering/goxmldsig v1.1.1/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw= + github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= +@@ -2747,7 +2735,6 @@ github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX + github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= + github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= + github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= +-github.com/zenazn/goji v1.0.1/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= + github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs= + github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= + gitlab.com/nyarla/go-crypt v0.0.0-20160106005555-d9a5dc2b789b/go.mod h1:T3BPAOm2cqquPa0MKWeNkmOM5RQsRhkrwMWonFMN7fE= +diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go +index adcaff8ca6..c3110f590e 100644 +--- a/pkg/extensions/main.go ++++ b/pkg/extensions/main.go +@@ -9,7 +9,6 @@ import ( + _ "github.com/Azure/go-autorest/autorest/adal" + _ "github.com/beevik/etree" + _ "github.com/cortexproject/cortex/pkg/util" +- _ "github.com/crewjam/saml" + _ "github.com/gobwas/glob" + _ "github.com/googleapis/gax-go/v2" + _ "github.com/grafana/dskit/backoff" +@@ -17,7 +16,6 @@ import ( + _ "github.com/grafana/loki/clients/pkg/promtail/client" + _ "github.com/grafana/loki/pkg/logproto" + _ "github.com/grpc-ecosystem/go-grpc-middleware" +- _ "github.com/jung-kurt/gofpdf" + _ "github.com/linkedin/goavro/v2" + _ "github.com/m3db/prometheus_remote_client_golang/promremote" + _ "github.com/pkg/errors" diff --git a/0005-remove-unused-frontend-crypto.patch b/0005-remove-unused-frontend-crypto.patch new file mode 100644 index 0000000000000000000000000000000000000000..b44ca4a594c7fde94b814e83442dcedc31fc193c --- /dev/null +++ b/0005-remove-unused-frontend-crypto.patch @@ -0,0 +1,877 @@ +From 0ee0768a196ba12b860b4a0920f729d5ce50ea3e Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Wed, 22 Jun 2022 17:36:47 +0200 +Subject: [PATCH] remove unused frontend crypto + +update `package.json` and then run `yarn install` to update the +`yarn.lock` lockfile + +diff --git a/package.json b/package.json +index 5e2875090b..137a307f14 100644 +--- a/package.json ++++ b/package.json +@@ -396,6 +396,9 @@ + "whatwg-fetch": "3.6.2" + }, + "resolutions": { ++ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", ++ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", ++ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz", + "underscore": "1.13.3", + "@types/slate": "0.47.9", + "@microsoft/api-extractor-model": "7.17.3", +diff --git a/yarn.lock b/yarn.lock +index 8132e0f942..b41c0efb1b 100644 +--- a/yarn.lock ++++ b/yarn.lock +@@ -12256,34 +12256,6 @@ __metadata: + languageName: node + linkType: hard + +-"asn1.js@npm:^5.2.0": +- version: 5.4.1 +- resolution: "asn1.js@npm:5.4.1" +- dependencies: +- bn.js: ^4.0.0 +- inherits: ^2.0.1 +- minimalistic-assert: ^1.0.0 +- safer-buffer: ^2.1.0 +- checksum: 3786a101ac6f304bd4e9a7df79549a7561950a13d4bcaec0c7790d44c80d147c1a94ba3d4e663673406064642a40b23fcd6c82a9952468e386c1a1376d747f9a +- languageName: node +- linkType: hard +- +-"asn1@npm:~0.2.3": +- version: 0.2.4 +- resolution: "asn1@npm:0.2.4" +- dependencies: +- safer-buffer: ~2.1.0 +- checksum: aa5d6f77b1e0597df53824c68cfe82d1d89ce41cb3520148611f025fbb3101b2d25dd6a40ad34e4fac10f6b19ed5e8628cd4b7d212261e80e83f02b39ee5663c +- languageName: node +- linkType: hard +- +-"assert-plus@npm:1.0.0, assert-plus@npm:^1.0.0": +- version: 1.0.0 +- resolution: "assert-plus@npm:1.0.0" +- checksum: 19b4340cb8f0e6a981c07225eacac0e9d52c2644c080198765d63398f0075f83bbc0c8e95474d54224e297555ad0d631c1dcd058adb1ddc2437b41a6b424ac64 +- languageName: node +- linkType: hard +- + "assert@npm:2.0.0": + version: 2.0.0 + resolution: "assert@npm:2.0.0" +@@ -12870,15 +12842,6 @@ __metadata: + languageName: node + linkType: hard + +-"bcrypt-pbkdf@npm:^1.0.0": +- version: 1.0.2 +- resolution: "bcrypt-pbkdf@npm:1.0.2" +- dependencies: +- tweetnacl: ^0.14.3 +- checksum: 4edfc9fe7d07019609ccf797a2af28351736e9d012c8402a07120c4453a3b789a15f2ee1530dc49eee8f7eb9379331a8dd4b3766042b9e502f74a68e7f662291 +- languageName: node +- linkType: hard +- + "before-after-hook@npm:^2.2.0": + version: 2.2.2 + resolution: "before-after-hook@npm:2.2.2" +@@ -12970,20 +12933,6 @@ __metadata: + languageName: node + linkType: hard + +-"bn.js@npm:^4.0.0, bn.js@npm:^4.1.0, bn.js@npm:^4.11.9": +- version: 4.12.0 +- resolution: "bn.js@npm:4.12.0" +- checksum: 39afb4f15f4ea537b55eaf1446c896af28ac948fdcf47171961475724d1bb65118cca49fa6e3d67706e4790955ec0e74de584e45c8f1ef89f46c812bee5b5a12 +- languageName: node +- linkType: hard +- +-"bn.js@npm:^5.0.0, bn.js@npm:^5.1.1": +- version: 5.2.0 +- resolution: "bn.js@npm:5.2.0" +- checksum: 6117170393200f68b35a061ecbf55d01dd989302e7b3c798a3012354fa638d124f0b2f79e63f77be5556be80322a09c40339eda6413ba7468524c0b6d4b4cb7a +- languageName: node +- linkType: hard +- + "body-parser@npm:1.19.0": + version: 1.19.0 + resolution: "body-parser@npm:1.19.0" +@@ -13108,13 +13057,6 @@ __metadata: + languageName: node + linkType: hard + +-"brorand@npm:^1.0.1, brorand@npm:^1.1.0": +- version: 1.1.0 +- resolution: "brorand@npm:1.1.0" +- checksum: 8a05c9f3c4b46572dec6ef71012b1946db6cae8c7bb60ccd4b7dd5a84655db49fe043ecc6272e7ef1f69dc53d6730b9e2a3a03a8310509a3d797a618cbee52be +- languageName: node +- linkType: hard +- + "browser-process-hrtime@npm:^1.0.0": + version: 1.0.0 + resolution: "browser-process-hrtime@npm:1.0.0" +@@ -13129,70 +13071,6 @@ __metadata: + languageName: node + linkType: hard + +-"browserify-aes@npm:^1.0.0, browserify-aes@npm:^1.0.4": +- version: 1.2.0 +- resolution: "browserify-aes@npm:1.2.0" +- dependencies: +- buffer-xor: ^1.0.3 +- cipher-base: ^1.0.0 +- create-hash: ^1.1.0 +- evp_bytestokey: ^1.0.3 +- inherits: ^2.0.1 +- safe-buffer: ^5.0.1 +- checksum: 4a17c3eb55a2aa61c934c286f34921933086bf6d67f02d4adb09fcc6f2fc93977b47d9d884c25619144fccd47b3b3a399e1ad8b3ff5a346be47270114bcf7104 +- languageName: node +- linkType: hard +- +-"browserify-cipher@npm:^1.0.0": +- version: 1.0.1 +- resolution: "browserify-cipher@npm:1.0.1" +- dependencies: +- browserify-aes: ^1.0.4 +- browserify-des: ^1.0.0 +- evp_bytestokey: ^1.0.0 +- checksum: 2d8500acf1ee535e6bebe808f7a20e4c3a9e2ed1a6885fff1facbfd201ac013ef030422bec65ca9ece8ffe82b03ca580421463f9c45af6c8415fd629f4118c13 +- languageName: node +- linkType: hard +- +-"browserify-des@npm:^1.0.0": +- version: 1.0.2 +- resolution: "browserify-des@npm:1.0.2" +- dependencies: +- cipher-base: ^1.0.1 +- des.js: ^1.0.0 +- inherits: ^2.0.1 +- safe-buffer: ^5.1.2 +- checksum: b15a3e358a1d78a3b62ddc06c845d02afde6fc826dab23f1b9c016e643e7b1fda41de628d2110b712f6a44fb10cbc1800bc6872a03ddd363fb50768e010395b7 +- languageName: node +- linkType: hard +- +-"browserify-rsa@npm:^4.0.0, browserify-rsa@npm:^4.0.1": +- version: 4.1.0 +- resolution: "browserify-rsa@npm:4.1.0" +- dependencies: +- bn.js: ^5.0.0 +- randombytes: ^2.0.1 +- checksum: 155f0c135873efc85620571a33d884aa8810e40176125ad424ec9d85016ff105a07f6231650914a760cca66f29af0494087947b7be34880dd4599a0cd3c38e54 +- languageName: node +- linkType: hard +- +-"browserify-sign@npm:^4.0.0": +- version: 4.2.1 +- resolution: "browserify-sign@npm:4.2.1" +- dependencies: +- bn.js: ^5.1.1 +- browserify-rsa: ^4.0.1 +- create-hash: ^1.2.0 +- create-hmac: ^1.1.7 +- elliptic: ^6.5.3 +- inherits: ^2.0.4 +- parse-asn1: ^5.1.5 +- readable-stream: ^3.6.0 +- safe-buffer: ^5.2.0 +- checksum: 0221f190e3f5b2d40183fa51621be7e838d9caa329fe1ba773406b7637855f37b30f5d83e52ff8f244ed12ffe6278dd9983638609ed88c841ce547e603855707 +- languageName: node +- linkType: hard +- + "browserify-zlib@npm:^0.2.0": + version: 0.2.0 + resolution: "browserify-zlib@npm:0.2.0" +@@ -13294,13 +13172,6 @@ __metadata: + languageName: node + linkType: hard + +-"buffer-xor@npm:^1.0.3": +- version: 1.0.3 +- resolution: "buffer-xor@npm:1.0.3" +- checksum: 10c520df29d62fa6e785e2800e586a20fc4f6dfad84bcdbd12e1e8a83856de1cb75c7ebd7abe6d036bbfab738a6cf18a3ae9c8e5a2e2eb3167ca7399ce65373a +- languageName: node +- linkType: hard +- + "buffer@npm:^4.3.0": + version: 4.9.2 + resolution: "buffer@npm:4.9.2" +@@ -13896,16 +13767,6 @@ __metadata: + languageName: node + linkType: hard + +-"cipher-base@npm:^1.0.0, cipher-base@npm:^1.0.1, cipher-base@npm:^1.0.3": +- version: 1.0.4 +- resolution: "cipher-base@npm:1.0.4" +- dependencies: +- inherits: ^2.0.1 +- safe-buffer: ^5.0.1 +- checksum: 47d3568dbc17431a339bad1fe7dff83ac0891be8206911ace3d3b818fc695f376df809bea406e759cdea07fff4b454fa25f1013e648851bec790c1d75763032e +- languageName: node +- linkType: hard +- + "cjs-module-lexer@npm:^1.0.0": + version: 1.2.2 + resolution: "cjs-module-lexer@npm:1.2.2" +@@ -14806,13 +14667,6 @@ __metadata: + languageName: node + linkType: hard + +-"core-util-is@npm:1.0.2": +- version: 1.0.2 +- resolution: "core-util-is@npm:1.0.2" +- checksum: 7a4c925b497a2c91421e25bf76d6d8190f0b2359a9200dbeed136e63b2931d6294d3b1893eda378883ed363cd950f44a12a401384c609839ea616befb7927dab +- languageName: node +- linkType: hard +- + "core-util-is@npm:~1.0.0": + version: 1.0.3 + resolution: "core-util-is@npm:1.0.3" +@@ -14882,16 +14736,6 @@ __metadata: + languageName: node + linkType: hard + +-"create-ecdh@npm:^4.0.0": +- version: 4.0.4 +- resolution: "create-ecdh@npm:4.0.4" +- dependencies: +- bn.js: ^4.1.0 +- elliptic: ^6.5.3 +- checksum: 0dd7fca9711d09e152375b79acf1e3f306d1a25ba87b8ff14c2fd8e68b83aafe0a7dd6c4e540c9ffbdd227a5fa1ad9b81eca1f233c38bb47770597ba247e614b +- languageName: node +- linkType: hard +- + "create-emotion@npm:^10.0.14, create-emotion@npm:^10.0.27": + version: 10.0.27 + resolution: "create-emotion@npm:10.0.27" +@@ -14904,33 +14748,6 @@ __metadata: + languageName: node + linkType: hard + +-"create-hash@npm:^1.1.0, create-hash@npm:^1.1.2, create-hash@npm:^1.2.0": +- version: 1.2.0 +- resolution: "create-hash@npm:1.2.0" +- dependencies: +- cipher-base: ^1.0.1 +- inherits: ^2.0.1 +- md5.js: ^1.3.4 +- ripemd160: ^2.0.1 +- sha.js: ^2.4.0 +- checksum: 02a6ae3bb9cd4afee3fabd846c1d8426a0e6b495560a977ba46120c473cb283be6aa1cace76b5f927cf4e499c6146fb798253e48e83d522feba807d6b722eaa9 +- languageName: node +- linkType: hard +- +-"create-hmac@npm:^1.1.0, create-hmac@npm:^1.1.4, create-hmac@npm:^1.1.7": +- version: 1.1.7 +- resolution: "create-hmac@npm:1.1.7" +- dependencies: +- cipher-base: ^1.0.3 +- create-hash: ^1.1.0 +- inherits: ^2.0.1 +- ripemd160: ^2.0.0 +- safe-buffer: ^5.0.1 +- sha.js: ^2.4.8 +- checksum: ba12bb2257b585a0396108c72830e85f882ab659c3320c83584b1037f8ab72415095167ced80dc4ce8e446a8ecc4b2acf36d87befe0707d73b26cf9dc77440ed +- languageName: node +- linkType: hard +- + "create-require@npm:^1.1.0": + version: 1.1.1 + resolution: "create-require@npm:1.1.1" +@@ -14962,22 +14779,10 @@ __metadata: + languageName: node + linkType: hard + +-"crypto-browserify@npm:^3.11.0": +- version: 3.12.0 +- resolution: "crypto-browserify@npm:3.12.0" +- dependencies: +- browserify-cipher: ^1.0.0 +- browserify-sign: ^4.0.0 +- create-ecdh: ^4.0.0 +- create-hash: ^1.1.0 +- create-hmac: ^1.1.0 +- diffie-hellman: ^5.0.0 +- inherits: ^2.0.1 +- pbkdf2: ^3.0.3 +- public-encrypt: ^4.0.0 +- randombytes: ^2.0.0 +- randomfill: ^1.0.3 +- checksum: c1609af82605474262f3eaa07daa0b2140026bd264ab316d4bf1170272570dbe02f0c49e29407fe0d3634f96c507c27a19a6765fb856fed854a625f9d15618e2 ++"crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "crypto-browserify@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: e233cb660c0eac1172e3c4da249aeaae92b222e9b870d64a427c7212833a1634e56e2f7601989b1a6a6cd0e8841ff3776cd18f8b56dfc20257b893987d624920 + languageName: node + linkType: hard + +@@ -15928,15 +15733,6 @@ __metadata: + languageName: node + linkType: hard + +-"dashdash@npm:^1.12.0": +- version: 1.14.1 +- resolution: "dashdash@npm:1.14.1" +- dependencies: +- assert-plus: ^1.0.0 +- checksum: 3634c249570f7f34e3d34f866c93f866c5b417f0dd616275decae08147dcdf8fccfaa5947380ccfb0473998ea3a8057c0b4cd90c875740ee685d0624b2983598 +- languageName: node +- linkType: hard +- + "data-urls@npm:^2.0.0": + version: 2.0.0 + resolution: "data-urls@npm:2.0.0" +@@ -16251,16 +16047,6 @@ __metadata: + languageName: node + linkType: hard + +-"des.js@npm:^1.0.0": +- version: 1.0.1 +- resolution: "des.js@npm:1.0.1" +- dependencies: +- inherits: ^2.0.1 +- minimalistic-assert: ^1.0.0 +- checksum: 1ec2eedd7ed6bd61dd5e0519fd4c96124e93bb22de8a9d211b02d63e5dd152824853d919bb2090f965cc0e3eb9c515950a9836b332020d810f9c71feb0fd7df4 +- languageName: node +- linkType: hard +- + "destroy@npm:~1.0.4": + version: 1.0.4 + resolution: "destroy@npm:1.0.4" +@@ -16397,17 +16183,6 @@ __metadata: + languageName: node + linkType: hard + +-"diffie-hellman@npm:^5.0.0": +- version: 5.0.3 +- resolution: "diffie-hellman@npm:5.0.3" +- dependencies: +- bn.js: ^4.1.0 +- miller-rabin: ^4.0.0 +- randombytes: ^2.0.0 +- checksum: 0e620f322170c41076e70181dd1c24e23b08b47dbb92a22a644f3b89b6d3834b0f8ee19e37916164e5eb1ee26d2aa836d6129f92723995267250a0b541811065 +- languageName: node +- linkType: hard +- + "dir-glob@npm:^2.2.2": + version: 2.2.2 + resolution: "dir-glob@npm:2.2.2" +@@ -16694,16 +16469,6 @@ __metadata: + languageName: node + linkType: hard + +-"ecc-jsbn@npm:~0.1.1": +- version: 0.1.2 +- resolution: "ecc-jsbn@npm:0.1.2" +- dependencies: +- jsbn: ~0.1.0 +- safer-buffer: ^2.1.0 +- checksum: 22fef4b6203e5f31d425f5b711eb389e4c6c2723402e389af394f8411b76a488fa414d309d866e2b577ce3e8462d344205545c88a8143cc21752a5172818888a +- languageName: node +- linkType: hard +- + "ee-first@npm:1.1.1": + version: 1.1.1 + resolution: "ee-first@npm:1.1.1" +@@ -16748,21 +16513,6 @@ __metadata: + languageName: node + linkType: hard + +-"elliptic@npm:^6.5.3": +- version: 6.5.4 +- resolution: "elliptic@npm:6.5.4" +- dependencies: +- bn.js: ^4.11.9 +- brorand: ^1.1.0 +- hash.js: ^1.0.0 +- hmac-drbg: ^1.0.1 +- inherits: ^2.0.4 +- minimalistic-assert: ^1.0.1 +- minimalistic-crypto-utils: ^1.0.1 +- checksum: d56d21fd04e97869f7ffcc92e18903b9f67f2d4637a23c860492fbbff5a3155fd9ca0184ce0c865dd6eb2487d234ce9551335c021c376cd2d3b7cb749c7d10f4 +- languageName: node +- linkType: hard +- + "emitter-component@npm:^1.1.1": + version: 1.1.1 + resolution: "emitter-component@npm:1.1.1" +@@ -17716,17 +17466,6 @@ __metadata: + languageName: node + linkType: hard + +-"evp_bytestokey@npm:^1.0.0, evp_bytestokey@npm:^1.0.3": +- version: 1.0.3 +- resolution: "evp_bytestokey@npm:1.0.3" +- dependencies: +- md5.js: ^1.3.4 +- node-gyp: latest +- safe-buffer: ^5.1.1 +- checksum: ad4e1577f1a6b721c7800dcc7c733fe01f6c310732bb5bf2240245c2a5b45a38518b91d8be2c610611623160b9d1c0e91f1ce96d639f8b53e8894625cf20fa45 +- languageName: node +- linkType: hard +- + "exec-sh@npm:^0.3.2": + version: 0.3.6 + resolution: "exec-sh@npm:0.3.6" +@@ -18006,20 +17745,6 @@ __metadata: + languageName: node + linkType: hard + +-"extsprintf@npm:1.3.0": +- version: 1.3.0 +- resolution: "extsprintf@npm:1.3.0" +- checksum: cee7a4a1e34cffeeec18559109de92c27517e5641991ec6bab849aa64e3081022903dd53084f2080d0d2530803aa5ee84f1e9de642c365452f9e67be8f958ce2 +- languageName: node +- linkType: hard +- +-"extsprintf@npm:^1.2.0": +- version: 1.4.0 +- resolution: "extsprintf@npm:1.4.0" +- checksum: 184dc8a413eb4b1ff16bdce797340e7ded4d28511d56a1c9afa5a95bcff6ace154063823eaf0206dbbb0d14059d74f382a15c34b7c0636fa74a7e681295eb67e +- languageName: node +- linkType: hard +- + "fast-deep-equal@npm:^3.0.0, fast-deep-equal@npm:^3.1.1, fast-deep-equal@npm:^3.1.3": + version: 3.1.3 + resolution: "fast-deep-equal@npm:3.1.3" +@@ -19046,15 +18771,6 @@ __metadata: + languageName: node + linkType: hard + +-"getpass@npm:^0.1.1": +- version: 0.1.7 +- resolution: "getpass@npm:0.1.7" +- dependencies: +- assert-plus: ^1.0.0 +- checksum: ab18d55661db264e3eac6012c2d3daeafaab7a501c035ae0ccb193c3c23e9849c6e29b6ac762b9c2adae460266f925d55a3a2a3a3c8b94be2f222df94d70c046 +- languageName: node +- linkType: hard +- + "git-raw-commits@npm:^2.0.8": + version: 2.0.10 + resolution: "git-raw-commits@npm:2.0.10" +@@ -19887,27 +19603,6 @@ __metadata: + languageName: node + linkType: hard + +-"hash-base@npm:^3.0.0": +- version: 3.1.0 +- resolution: "hash-base@npm:3.1.0" +- dependencies: +- inherits: ^2.0.4 +- readable-stream: ^3.6.0 +- safe-buffer: ^5.2.0 +- checksum: 26b7e97ac3de13cb23fc3145e7e3450b0530274a9562144fc2bf5c1e2983afd0e09ed7cc3b20974ba66039fad316db463da80eb452e7373e780cbee9a0d2f2dc +- languageName: node +- linkType: hard +- +-"hash.js@npm:^1.0.0, hash.js@npm:^1.0.3": +- version: 1.1.7 +- resolution: "hash.js@npm:1.1.7" +- dependencies: +- inherits: ^2.0.3 +- minimalistic-assert: ^1.0.1 +- checksum: e350096e659c62422b85fa508e4b3669017311aa4c49b74f19f8e1bc7f3a54a584fdfd45326d4964d6011f2b2d882e38bea775a96046f2a61b7779a979629d8f +- languageName: node +- linkType: hard +- + "hast-to-hyperscript@npm:^9.0.0": + version: 9.0.1 + resolution: "hast-to-hyperscript@npm:9.0.1" +@@ -20043,17 +19738,6 @@ __metadata: + languageName: node + linkType: hard + +-"hmac-drbg@npm:^1.0.1": +- version: 1.0.1 +- resolution: "hmac-drbg@npm:1.0.1" +- dependencies: +- hash.js: ^1.0.3 +- minimalistic-assert: ^1.0.0 +- minimalistic-crypto-utils: ^1.0.1 +- checksum: bd30b6a68d7f22d63f10e1888aee497d7c2c5c0bb469e66bbdac99f143904d1dfe95f8131f95b3e86c86dd239963c9d972fcbe147e7cffa00e55d18585c43fe0 +- languageName: node +- linkType: hard +- + "hoist-non-react-statics@npm:3.3.2, hoist-non-react-statics@npm:^3.1.0, hoist-non-react-statics@npm:^3.3.0, hoist-non-react-statics@npm:^3.3.1, hoist-non-react-statics@npm:^3.3.2": + version: 3.3.2 + resolution: "hoist-non-react-statics@npm:3.3.2" +@@ -20394,25 +20078,10 @@ __metadata: + languageName: node + linkType: hard + +-"http-signature@npm:~1.2.0": +- version: 1.2.0 +- resolution: "http-signature@npm:1.2.0" +- dependencies: +- assert-plus: ^1.0.0 +- jsprim: ^1.2.2 +- sshpk: ^1.7.0 +- checksum: 3324598712266a9683585bb84a75dec4fd550567d5e0dd4a0fff6ff3f74348793404d3eeac4918fa0902c810eeee1a86419e4a2e92a164132dfe6b26743fb47c +- languageName: node +- linkType: hard +- +-"http-signature@npm:~1.3.6": +- version: 1.3.6 +- resolution: "http-signature@npm:1.3.6" +- dependencies: +- assert-plus: ^1.0.0 +- jsprim: ^2.0.2 +- sshpk: ^1.14.1 +- checksum: 10be2af4764e71fee0281392937050201ee576ac755c543f570d6d87134ce5e858663fe999a7adb3e4e368e1e356d0d7fec6b9542295b875726ff615188e7a0c ++"http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "http-signature@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 78b64605540e2d25bede2d74ec9e7740ab9a466c9a562ae3a8ccc7e07e26e601a013859c94adf890679403cd337b9690f598d64bc4fbc1d2eaa2f27241ca08a1 + languageName: node + linkType: hard + +@@ -22562,13 +22231,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsbn@npm:~0.1.0": +- version: 0.1.1 +- resolution: "jsbn@npm:0.1.1" +- checksum: e5ff29c1b8d965017ef3f9c219dacd6e40ad355c664e277d31246c90545a02e6047018c16c60a00f36d561b3647215c41894f5d869ada6908a2e0ce4200c88f2 +- languageName: node +- linkType: hard +- + "jsdoc-type-pratt-parser@npm:~2.2.5": + version: 2.2.5 + resolution: "jsdoc-type-pratt-parser@npm:2.2.5" +@@ -22683,13 +22345,6 @@ __metadata: + languageName: node + linkType: hard + +-"json-schema@npm:0.2.3, json-schema@npm:0.4.0": +- version: 0.4.0 +- resolution: "json-schema@npm:0.4.0" +- checksum: 66389434c3469e698da0df2e7ac5a3281bcff75e797a5c127db7c5b56270e01ae13d9afa3c03344f76e32e81678337a8c912bdbb75101c62e487dc3778461d72 +- languageName: node +- linkType: hard +- + "json-source-map@npm:0.6.1": + version: 0.6.1 + resolution: "json-source-map@npm:0.6.1" +@@ -22793,30 +22448,6 @@ __metadata: + languageName: node + linkType: hard + +-"jsprim@npm:^1.2.2": +- version: 1.4.1 +- resolution: "jsprim@npm:1.4.1" +- dependencies: +- assert-plus: 1.0.0 +- extsprintf: 1.3.0 +- json-schema: 0.2.3 +- verror: 1.10.0 +- checksum: 6bcb20ec265ae18bb48e540a6da2c65f9c844f7522712d6dfcb01039527a49414816f4869000493363f1e1ea96cbad00e46188d5ecc78257a19f152467587373 +- languageName: node +- linkType: hard +- +-"jsprim@npm:^2.0.2": +- version: 2.0.2 +- resolution: "jsprim@npm:2.0.2" +- dependencies: +- assert-plus: 1.0.0 +- extsprintf: 1.3.0 +- json-schema: 0.4.0 +- verror: 1.10.0 +- checksum: d175f6b1991e160cb0aa39bc857da780e035611986b5492f32395411879fdaf4e513d98677f08f7352dac93a16b66b8361c674b86a3fa406e2e7af6b26321838 +- languageName: node +- linkType: hard +- + "jsurl@npm:^0.1.5": + version: 0.1.5 + resolution: "jsurl@npm:0.1.5" +@@ -23818,17 +23449,6 @@ __metadata: + languageName: node + linkType: hard + +-"md5.js@npm:^1.3.4": +- version: 1.3.5 +- resolution: "md5.js@npm:1.3.5" +- dependencies: +- hash-base: ^3.0.0 +- inherits: ^2.0.1 +- safe-buffer: ^5.1.2 +- checksum: 098494d885684bcc4f92294b18ba61b7bd353c23147fbc4688c75b45cb8590f5a95fd4584d742415dcc52487f7a1ef6ea611cfa1543b0dc4492fe026357f3f0c +- languageName: node +- linkType: hard +- + "mdast-squeeze-paragraphs@npm:^4.0.0": + version: 4.0.0 + resolution: "mdast-squeeze-paragraphs@npm:4.0.0" +@@ -24108,18 +23728,6 @@ __metadata: + languageName: node + linkType: hard + +-"miller-rabin@npm:^4.0.0": +- version: 4.0.1 +- resolution: "miller-rabin@npm:4.0.1" +- dependencies: +- bn.js: ^4.0.0 +- brorand: ^1.0.1 +- bin: +- miller-rabin: bin/miller-rabin +- checksum: 00cd1ab838ac49b03f236cc32a14d29d7d28637a53096bf5c6246a032a37749c9bd9ce7360cbf55b41b89b7d649824949ff12bc8eee29ac77c6b38eada619ece +- languageName: node +- linkType: hard +- + "mime-db@npm:1.50.0, mime-db@npm:>= 1.43.0 < 2": + version: 1.50.0 + resolution: "mime-db@npm:1.50.0" +@@ -24247,20 +23855,13 @@ __metadata: + languageName: node + linkType: hard + +-"minimalistic-assert@npm:^1.0.0, minimalistic-assert@npm:^1.0.1": ++"minimalistic-assert@npm:^1.0.0": + version: 1.0.1 + resolution: "minimalistic-assert@npm:1.0.1" + checksum: cc7974a9268fbf130fb055aff76700d7e2d8be5f761fb5c60318d0ed010d839ab3661a533ad29a5d37653133385204c503bfac995aaa4236f4e847461ea32ba7 + languageName: node + linkType: hard + +-"minimalistic-crypto-utils@npm:^1.0.1": +- version: 1.0.1 +- resolution: "minimalistic-crypto-utils@npm:1.0.1" +- checksum: 6e8a0422b30039406efd4c440829ea8f988845db02a3299f372fceba56ffa94994a9c0f2fd70c17f9969eedfbd72f34b5070ead9656a34d3f71c0bd72583a0ed +- languageName: node +- linkType: hard +- + "minimatch@npm:3.0.4, minimatch@npm:^3.0.4": + version: 3.0.4 + resolution: "minimatch@npm:3.0.4" +@@ -24903,13 +24504,6 @@ __metadata: + languageName: node + linkType: hard + +-"node-forge@npm:^1": +- version: 1.3.1 +- resolution: "node-forge@npm:1.3.1" +- checksum: 08fb072d3d670599c89a1704b3e9c649ff1b998256737f0e06fbd1a5bf41cae4457ccaee32d95052d80bbafd9ffe01284e078c8071f0267dc9744e51c5ed42a9 +- languageName: node +- linkType: hard +- + "node-gettext@npm:^3.0.0": + version: 3.0.0 + resolution: "node-gettext@npm:3.0.0" +@@ -26024,19 +25618,6 @@ __metadata: + languageName: node + linkType: hard + +-"parse-asn1@npm:^5.0.0, parse-asn1@npm:^5.1.5": +- version: 5.1.6 +- resolution: "parse-asn1@npm:5.1.6" +- dependencies: +- asn1.js: ^5.2.0 +- browserify-aes: ^1.0.0 +- evp_bytestokey: ^1.0.0 +- pbkdf2: ^3.0.3 +- safe-buffer: ^5.1.1 +- checksum: 9243311d1f88089bc9f2158972aa38d1abd5452f7b7cabf84954ed766048fe574d434d82c6f5a39b988683e96fb84cd933071dda38927e03469dc8c8d14463c7 +- languageName: node +- linkType: hard +- + "parse-entities@npm:^2.0.0": + version: 2.0.0 + resolution: "parse-entities@npm:2.0.0" +@@ -26258,19 +25839,6 @@ __metadata: + languageName: node + linkType: hard + +-"pbkdf2@npm:^3.0.3": +- version: 3.1.2 +- resolution: "pbkdf2@npm:3.1.2" +- dependencies: +- create-hash: ^1.1.2 +- create-hmac: ^1.1.4 +- ripemd160: ^2.0.1 +- safe-buffer: ^5.0.1 +- sha.js: ^2.4.8 +- checksum: 2c950a100b1da72123449208e231afc188d980177d021d7121e96a2de7f2abbc96ead2b87d03d8fe5c318face097f203270d7e27908af9f471c165a4e8e69c92 +- languageName: node +- linkType: hard +- + "pend@npm:~1.2.0": + version: 1.2.0 + resolution: "pend@npm:1.2.0" +@@ -27959,20 +27527,6 @@ __metadata: + languageName: node + linkType: hard + +-"public-encrypt@npm:^4.0.0": +- version: 4.0.3 +- resolution: "public-encrypt@npm:4.0.3" +- dependencies: +- bn.js: ^4.1.0 +- browserify-rsa: ^4.0.0 +- create-hash: ^1.1.0 +- parse-asn1: ^5.0.0 +- randombytes: ^2.0.1 +- safe-buffer: ^5.1.2 +- checksum: 215d446e43cef021a20b67c1df455e5eea134af0b1f9b8a35f9e850abf32991b0c307327bc5b9bc07162c288d5cdb3d4a783ea6c6640979ed7b5017e3e0c9935 +- languageName: node +- linkType: hard +- + "pump@npm:^2.0.0": + version: 2.0.1 + resolution: "pump@npm:2.0.1" +@@ -28181,7 +27735,7 @@ __metadata: + languageName: node + linkType: hard + +-"randombytes@npm:^2.0.0, randombytes@npm:^2.0.1, randombytes@npm:^2.0.5, randombytes@npm:^2.1.0": ++"randombytes@npm:^2.1.0": + version: 2.1.0 + resolution: "randombytes@npm:2.1.0" + dependencies: +@@ -28190,16 +27744,6 @@ __metadata: + languageName: node + linkType: hard + +-"randomfill@npm:^1.0.3": +- version: 1.0.4 +- resolution: "randomfill@npm:1.0.4" +- dependencies: +- randombytes: ^2.0.5 +- safe-buffer: ^5.1.0 +- checksum: 33734bb578a868d29ee1b8555e21a36711db084065d94e019a6d03caa67debef8d6a1bfd06a2b597e32901ddc761ab483a85393f0d9a75838f1912461d4dbfc7 +- languageName: node +- linkType: hard +- + "range-parser@npm:^1.2.1, range-parser@npm:~1.2.1": + version: 1.2.1 + resolution: "range-parser@npm:1.2.1" +@@ -30443,16 +29987,6 @@ __metadata: + languageName: node + linkType: hard + +-"ripemd160@npm:^2.0.0, ripemd160@npm:^2.0.1": +- version: 2.0.2 +- resolution: "ripemd160@npm:2.0.2" +- dependencies: +- hash-base: ^3.0.0 +- inherits: ^2.0.1 +- checksum: 006accc40578ee2beae382757c4ce2908a826b27e2b079efdcd2959ee544ddf210b7b5d7d5e80467807604244e7388427330f5c6d4cd61e6edaddc5773ccc393 +- languageName: node +- linkType: hard +- + "rollup-plugin-copy@npm:3.4.0": + version: 3.4.0 + resolution: "rollup-plugin-copy@npm:3.4.0" +@@ -30638,7 +30172,7 @@ __metadata: + languageName: node + linkType: hard + +-"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.1, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.0, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0": ++"safe-buffer@npm:5.2.1, safe-buffer@npm:>=5.1.0, safe-buffer@npm:^5.0.1, safe-buffer@npm:^5.1.0, safe-buffer@npm:^5.1.2, safe-buffer@npm:^5.2.1, safe-buffer@npm:~5.2.0": + version: 5.2.1 + resolution: "safe-buffer@npm:5.2.1" + checksum: b99c4b41fdd67a6aaf280fcd05e9ffb0813654894223afb78a31f14a19ad220bba8aba1cb14eddce1fcfb037155fe6de4e861784eb434f7d11ed58d1e70dd491 +@@ -30654,7 +30188,7 @@ __metadata: + languageName: node + linkType: hard + +-"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0, safer-buffer@npm:^2.0.2, safer-buffer@npm:^2.1.0, safer-buffer@npm:~2.1.0": ++"safer-buffer@npm:>= 2.1.2 < 3, safer-buffer@npm:>= 2.1.2 < 3.0.0": + version: 2.1.2 + resolution: "safer-buffer@npm:2.1.2" + checksum: cab8f25ae6f1434abee8d80023d7e72b598cf1327164ddab31003c51215526801e40b66c5e65d658a0af1e9d6478cadcb4c745f4bd6751f97d8644786c0978b0 +@@ -30891,12 +30425,10 @@ __metadata: + languageName: node + linkType: hard + +-"selfsigned@npm:^2.0.1": +- version: 2.0.1 +- resolution: "selfsigned@npm:2.0.1" +- dependencies: +- node-forge: ^1 +- checksum: 864e65c2f31ca877bce3ccdaa3bdef5e1e992b63b2a03641e00c24cd305bf2acce093431d1fed2e5ae9f526558db4be5e90baa2b3474c0428fcf7e25cc86ac93 ++"selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz": ++ version: 1.1.3 ++ resolution: "selfsigned@https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.3.tgz" ++ checksum: 4988a0dbdf123fb808194a6198f5951e2df711de6fd967d72a8876baccaa23d5c260efb8f1dbfbc5bf1f852e81f897ad09267908977ab94862867ef971a3d48d + languageName: node + linkType: hard + +@@ -31133,18 +30665,6 @@ __metadata: + languageName: node + linkType: hard + +-"sha.js@npm:^2.4.0, sha.js@npm:^2.4.8": +- version: 2.4.11 +- resolution: "sha.js@npm:2.4.11" +- dependencies: +- inherits: ^2.0.1 +- safe-buffer: ^5.0.1 +- bin: +- sha.js: ./bin.js +- checksum: ebd3f59d4b799000699097dadb831c8e3da3eb579144fd7eb7a19484cbcbb7aca3c68ba2bb362242eb09e33217de3b4ea56e4678184c334323eca24a58e3ad07 +- languageName: node +- linkType: hard +- + "shallow-clone@npm:^3.0.0": + version: 3.0.1 + resolution: "shallow-clone@npm:3.0.1" +@@ -31830,27 +31350,6 @@ __metadata: + languageName: node + linkType: hard + +-"sshpk@npm:^1.14.1, sshpk@npm:^1.7.0": +- version: 1.16.1 +- resolution: "sshpk@npm:1.16.1" +- dependencies: +- asn1: ~0.2.3 +- assert-plus: ^1.0.0 +- bcrypt-pbkdf: ^1.0.0 +- dashdash: ^1.12.0 +- ecc-jsbn: ~0.1.1 +- getpass: ^0.1.1 +- jsbn: ~0.1.0 +- safer-buffer: ^2.0.2 +- tweetnacl: ~0.14.0 +- bin: +- sshpk-conv: bin/sshpk-conv +- sshpk-sign: bin/sshpk-sign +- sshpk-verify: bin/sshpk-verify +- checksum: 5e76afd1cedc780256f688b7c09327a8a650902d18e284dfeac97489a735299b03c3e72c6e8d22af03dbbe4d6f123fdfd5f3c4ed6bedbec72b9529a55051b857 +- languageName: node +- linkType: hard +- + "ssri@npm:^6.0.1": + version: 6.0.2 + resolution: "ssri@npm:6.0.2" +@@ -33509,13 +33008,6 @@ __metadata: + languageName: node + linkType: hard + +-"tweetnacl@npm:^0.14.3, tweetnacl@npm:~0.14.0": +- version: 0.14.5 +- resolution: "tweetnacl@npm:0.14.5" +- checksum: 6061daba1724f59473d99a7bb82e13f211cdf6e31315510ae9656fefd4779851cb927adad90f3b488c8ed77c106adc0421ea8055f6f976ff21b27c5c4e918487 +- languageName: node +- linkType: hard +- + "type-check@npm:^0.4.0, type-check@npm:~0.4.0": + version: 0.4.0 + resolution: "type-check@npm:0.4.0" +@@ -34329,17 +33821,6 @@ __metadata: + languageName: node + linkType: soft + +-"verror@npm:1.10.0": +- version: 1.10.0 +- resolution: "verror@npm:1.10.0" +- dependencies: +- assert-plus: ^1.0.0 +- core-util-is: 1.0.2 +- extsprintf: ^1.2.0 +- checksum: c431df0bedf2088b227a4e051e0ff4ca54df2c114096b0c01e1cbaadb021c30a04d7dd5b41ab277bcd51246ca135bf931d4c4c796ecae7a4fef6d744ecef36ea +- languageName: node +- linkType: hard +- + "vfile-location@npm:^3.0.0, vfile-location@npm:^3.2.0": + version: 3.2.0 + resolution: "vfile-location@npm:3.2.0" diff --git a/0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch b/0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch new file mode 100644 index 0000000000000000000000000000000000000000..d8a6d518819d73f38ee14d98969ce6732c216eda --- /dev/null +++ b/0006-notifications-use-HMAC-SHA256-to-generate-password-r.patch @@ -0,0 +1,358 @@ +From 5749f50533225b5d38fed1ed86b1c893cc0466b5 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Thu, 25 Nov 2021 18:49:52 +0100 +Subject: [PATCH] notifications: use HMAC-SHA256 to generate password reset + tokens + +* changes the time limit code generation function to use HMAC-SHA256 + instead of SHA-1 +* multiple new testcases + +diff --git a/pkg/services/notifications/codes.go b/pkg/services/notifications/codes.go +index 32cd5dd7cd..72d33e3814 100644 +--- a/pkg/services/notifications/codes.go ++++ b/pkg/services/notifications/codes.go +@@ -1,48 +1,53 @@ + package notifications + + import ( +- "crypto/sha1" // #nosec ++ "crypto/hmac" ++ "crypto/sha256" + "encoding/hex" + "fmt" ++ "strconv" + "time" + +- "github.com/unknwon/com" +- + "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/setting" + ) + +-const timeLimitCodeLength = 12 + 6 + 40 ++const timeLimitStartDateLength = 12 ++const timeLimitMinutesLength = 6 ++const timeLimitHmacLength = 64 ++const timeLimitCodeLength = timeLimitStartDateLength + timeLimitMinutesLength + timeLimitHmacLength + + // create a time limit code +-// code format: 12 length date time string + 6 minutes string + 40 sha1 encoded string +-func createTimeLimitCode(data string, minutes int, startInf interface{}) (string, error) { ++// code format: 12 length date time string + 6 minutes string + 64 HMAC-SHA256 encoded string ++func createTimeLimitCode(payload string, minutes int, startStr string) (string, error) { + format := "200601021504" + + var start, end time.Time +- var startStr, endStr string ++ var endStr string + +- if startInf == nil { ++ if startStr == "" { + // Use now time create code + start = time.Now() + startStr = start.Format(format) + } else { + // use start string create code +- startStr = startInf.(string) +- start, _ = time.ParseInLocation(format, startStr, time.Local) +- startStr = start.Format(format) ++ var err error ++ start, err = time.ParseInLocation(format, startStr, time.Local) ++ if err != nil { ++ return "", err ++ } + } + + end = start.Add(time.Minute * time.Duration(minutes)) + endStr = end.Format(format) + +- // create sha1 encode string +- sh := sha1.New() +- if _, err := sh.Write([]byte(data + setting.SecretKey + startStr + endStr + +- com.ToStr(minutes))); err != nil { +- return "", err ++ // create HMAC-SHA256 encoded string ++ key := []byte(setting.SecretKey) ++ h := hmac.New(sha256.New, key) ++ if _, err := h.Write([]byte(payload + startStr + endStr)); err != nil { ++ return "", fmt.Errorf("cannot create hmac: %v", err) + } +- encoded := hex.EncodeToString(sh.Sum(nil)) ++ encoded := hex.EncodeToString(h.Sum(nil)) + + code := fmt.Sprintf("%s%06d%s", startStr, minutes, encoded) + return code, nil +@@ -50,29 +55,32 @@ func createTimeLimitCode(data string, minutes int, startInf interface{}) (string + + // verify time limit code + func validateUserEmailCode(cfg *setting.Cfg, user *models.User, code string) (bool, error) { +- if len(code) <= 18 { ++ if len(code) < timeLimitCodeLength { + return false, nil + } + +- minutes := cfg.EmailCodeValidMinutes + code = code[:timeLimitCodeLength] + + // split code +- start := code[:12] +- lives := code[12:18] +- if d, err := com.StrTo(lives).Int(); err == nil { +- minutes = d ++ startStr := code[:timeLimitStartDateLength] ++ minutesStr := code[timeLimitStartDateLength : timeLimitStartDateLength+timeLimitMinutesLength] ++ minutes, err := strconv.Atoi(minutesStr) ++ if err != nil { ++ return false, fmt.Errorf("invalid time limit code: %v", err) + } + + // right active code +- data := com.ToStr(user.Id) + user.Email + user.Login + user.Password + user.Rands +- retCode, err := createTimeLimitCode(data, minutes, start) ++ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands ++ expectedCode, err := createTimeLimitCode(payload, minutes, startStr) + if err != nil { + return false, err + } +- if retCode == code && minutes > 0 { ++ if hmac.Equal([]byte(code), []byte(expectedCode)) && minutes > 0 { + // check time is expired or not +- before, _ := time.ParseInLocation("200601021504", start, time.Local) ++ before, err := time.ParseInLocation("200601021504", startStr, time.Local) ++ if err != nil { ++ return false, err ++ } + now := time.Now() + if before.Add(time.Minute*time.Duration(minutes)).Unix() > now.Unix() { + return true, nil +@@ -93,15 +101,15 @@ func getLoginForEmailCode(code string) string { + return string(b) + } + +-func createUserEmailCode(cfg *setting.Cfg, u *models.User, startInf interface{}) (string, error) { ++func createUserEmailCode(cfg *setting.Cfg, user *models.User, startStr string) (string, error) { + minutes := cfg.EmailCodeValidMinutes +- data := com.ToStr(u.Id) + u.Email + u.Login + u.Password + u.Rands +- code, err := createTimeLimitCode(data, minutes, startInf) ++ payload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands ++ code, err := createTimeLimitCode(payload, minutes, startStr) + if err != nil { + return "", err + } + + // add tail hex username +- code += hex.EncodeToString([]byte(u.Login)) ++ code += hex.EncodeToString([]byte(user.Login)) + return code, nil + } +diff --git a/pkg/services/notifications/codes_test.go b/pkg/services/notifications/codes_test.go +index a314c8deca..be9b68ca69 100644 +--- a/pkg/services/notifications/codes_test.go ++++ b/pkg/services/notifications/codes_test.go +@@ -1,7 +1,10 @@ + package notifications + + import ( ++ "fmt" ++ "strconv" + "testing" ++ "time" + + "github.com/grafana/grafana/pkg/models" + "github.com/grafana/grafana/pkg/setting" +@@ -9,18 +12,126 @@ import ( + "github.com/stretchr/testify/require" + ) + ++func TestTimeLimitCodes(t *testing.T) { ++ cfg := setting.NewCfg() ++ cfg.EmailCodeValidMinutes = 120 ++ user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"} ++ ++ format := "200601021504" ++ mailPayload := strconv.FormatInt(user.Id, 10) + user.Email + user.Login + user.Password + user.Rands ++ tenMinutesAgo := time.Now().Add(-time.Minute * 10) ++ ++ tests := []struct { ++ desc string ++ payload string ++ start time.Time ++ minutes int ++ valid bool ++ }{ ++ { ++ desc: "code generated 10 minutes ago, 5 minutes valid", ++ payload: mailPayload, ++ start: tenMinutesAgo, ++ minutes: 5, ++ valid: false, ++ }, ++ { ++ desc: "code generated 10 minutes ago, 9 minutes valid", ++ payload: mailPayload, ++ start: tenMinutesAgo, ++ minutes: 9, ++ valid: false, ++ }, ++ { ++ desc: "code generated 10 minutes ago, 10 minutes valid", ++ payload: mailPayload, ++ start: tenMinutesAgo, ++ minutes: 10, ++ // code was valid exactly 10 minutes since evaluating the tenMinutesAgo assignment ++ // by the time this test is run the code is already expired ++ valid: false, ++ }, ++ { ++ desc: "code generated 10 minutes ago, 11 minutes valid", ++ payload: mailPayload, ++ start: tenMinutesAgo, ++ minutes: 11, ++ valid: true, ++ }, ++ { ++ desc: "code generated 10 minutes ago, 20 minutes valid", ++ payload: mailPayload, ++ start: tenMinutesAgo, ++ minutes: 20, ++ valid: true, ++ }, ++ { ++ desc: "code generated 10 minutes ago, 20 minutes valid, tampered payload", ++ payload: mailPayload[:len(mailPayload)-1] + "x", ++ start: tenMinutesAgo, ++ minutes: 20, ++ valid: false, ++ }, ++ } ++ ++ for _, test := range tests { ++ t.Run(test.desc, func(t *testing.T) { ++ code, err := createTimeLimitCode(test.payload, test.minutes, test.start.Format(format)) ++ require.NoError(t, err) ++ ++ isValid, err := validateUserEmailCode(cfg, user, code) ++ require.NoError(t, err) ++ require.Equal(t, test.valid, isValid) ++ }) ++ } ++ ++ t.Run("tampered minutes", func(t *testing.T) { ++ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format)) ++ require.NoError(t, err) ++ ++ // code is expired ++ isValid, err := validateUserEmailCode(cfg, user, code) ++ require.NoError(t, err) ++ require.Equal(t, false, isValid) ++ ++ // let's try to extend the code by tampering the minutes ++ code = code[:12] + fmt.Sprintf("%06d", 20) + code[18:] ++ isValid, err = validateUserEmailCode(cfg, user, code) ++ require.NoError(t, err) ++ require.Equal(t, false, isValid) ++ }) ++ ++ t.Run("tampered start string", func(t *testing.T) { ++ code, err := createTimeLimitCode(mailPayload, 5, tenMinutesAgo.Format(format)) ++ require.NoError(t, err) ++ ++ // code is expired ++ isValid, err := validateUserEmailCode(cfg, user, code) ++ require.NoError(t, err) ++ require.Equal(t, false, isValid) ++ ++ // let's try to extend the code by tampering the start string ++ oneMinuteAgo := time.Now().Add(-time.Minute) ++ ++ code = oneMinuteAgo.Format(format) + code[12:] ++ isValid, err = validateUserEmailCode(cfg, user, code) ++ require.NoError(t, err) ++ require.Equal(t, false, isValid) ++ }) ++} ++ + func TestEmailCodes(t *testing.T) { + t.Run("When generating code", func(t *testing.T) { + cfg := setting.NewCfg() + cfg.EmailCodeValidMinutes = 120 + + user := &models.User{Id: 10, Email: "t@a.com", Login: "asd", Password: "1", Rands: "2"} +- code, err := createUserEmailCode(cfg, user, nil) ++ code, err := createUserEmailCode(cfg, user, "") + require.NoError(t, err) + + t.Run("getLoginForCode should return login", func(t *testing.T) { + login := getLoginForEmailCode(code) +- require.Equal(t, login, "asd") ++ require.Equal(t, "asd", login) + }) + + t.Run("Can verify valid code", func(t *testing.T) { +@@ -29,7 +140,7 @@ func TestEmailCodes(t *testing.T) { + require.True(t, isValid) + }) + +- t.Run("Cannot verify in-valid code", func(t *testing.T) { ++ t.Run("Cannot verify invalid code", func(t *testing.T) { + code = "ASD" + isValid, err := validateUserEmailCode(cfg, user, code) + require.NoError(t, err) +diff --git a/pkg/services/notifications/notifications.go b/pkg/services/notifications/notifications.go +index 84a0d42cb6..52facd0992 100644 +--- a/pkg/services/notifications/notifications.go ++++ b/pkg/services/notifications/notifications.go +@@ -168,7 +168,7 @@ func (ns *NotificationService) SendEmailCommandHandler(ctx context.Context, cmd + } + + func (ns *NotificationService) SendResetPasswordEmail(ctx context.Context, cmd *models.SendResetPasswordEmailCommand) error { +- code, err := createUserEmailCode(ns.Cfg, cmd.User, nil) ++ code, err := createUserEmailCode(ns.Cfg, cmd.User, "") + if err != nil { + return err + } +diff --git a/pkg/services/notifications/notifications_test.go b/pkg/services/notifications/notifications_test.go +index 71970e20a0..6f4b318fe0 100644 +--- a/pkg/services/notifications/notifications_test.go ++++ b/pkg/services/notifications/notifications_test.go +@@ -2,6 +2,7 @@ package notifications + + import ( + "context" ++ "regexp" + "testing" + + "github.com/grafana/grafana/pkg/bus" +@@ -185,7 +186,8 @@ func TestSendEmailAsync(t *testing.T) { + + t.Run("When sending reset email password", func(t *testing.T) { + sut, _ := createSut(t, bus) +- err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &models.User{Email: "asd@asd.com"}}) ++ user := models.User{Email: "asd@asd.com", Login: "asd@asd.com"} ++ err := sut.SendResetPasswordEmail(context.Background(), &models.SendResetPasswordEmailCommand{User: &user}) + require.NoError(t, err) + + sentMsg := <-sut.mailQueue +@@ -194,6 +196,21 @@ func TestSendEmailAsync(t *testing.T) { + assert.Equal(t, "Reset your Grafana password - asd@asd.com", sentMsg.Subject) + assert.NotContains(t, sentMsg.Body["text/html"], "Subject") + assert.NotContains(t, sentMsg.Body["text/plain"], "Subject") ++ ++ // find code in mail ++ r, _ := regexp.Compile(`code=(\w+)`) ++ match := r.FindString(sentMsg.Body["text/plain"]) ++ code := match[len("code="):] ++ ++ // verify code ++ query := models.ValidateResetPasswordCodeQuery{Code: code} ++ getUserByLogin := func(ctx context.Context, login string) (*models.User, error) { ++ query := models.GetUserByLoginQuery{LoginOrEmail: login} ++ query.Result = &user ++ return query.Result, nil ++ } ++ err = sut.ValidateResetPasswordCode(context.Background(), &query, getUserByLogin) ++ require.NoError(t, err) + }) + + t.Run("When SMTP disabled in configuration", func(t *testing.T) { diff --git a/0007-skip-marketplace-plugin-install-test.patch b/0007-skip-marketplace-plugin-install-test.patch new file mode 100644 index 0000000000000000000000000000000000000000..5dff9fc0077f2bf56d56e0087ac08acc47c195cb --- /dev/null +++ b/0007-skip-marketplace-plugin-install-test.patch @@ -0,0 +1,21 @@ +From 03a5c7f452efb1dbf605bba8caf3e86e15888c25 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Thu, 23 Jun 2022 17:00:46 +0200 +Subject: [PATCH] skip marketplace plugin install test + +This test (tries to) install a plugin from the Grafana marketplace. +Network connectivity is disabled in the build environment for security +reasons, therefore we need to disable this test. + +diff --git a/pkg/tests/api/plugins/api_plugins_test.go b/pkg/tests/api/plugins/api_plugins_test.go +index e86ce50830..fd60fbe67c 100644 +--- a/pkg/tests/api/plugins/api_plugins_test.go ++++ b/pkg/tests/api/plugins/api_plugins_test.go +@@ -55,6 +55,7 @@ func TestPlugins(t *testing.T) { + }) + + t.Run("Request is not forbidden if from an admin", func(t *testing.T) { ++ t.Skip("this test requires connectivity to the Grafana plugin marketplace (fetching metadata)") + statusCode, body := makePostRequest(t, grafanaAPIURL(usernameAdmin, grafanaListedAddr, "plugins/test/install")) + + assert.Equal(t, 404, statusCode) diff --git a/0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch b/0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch new file mode 100644 index 0000000000000000000000000000000000000000..cb7113d8754620250850292aa2e801c733d1eaac --- /dev/null +++ b/0008-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch @@ -0,0 +1,20 @@ +From dc4e1c882d28db17064bd4fb788775a86ebfe066 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Mon, 27 Jun 2022 17:12:27 +0200 +Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation + on 32-bit architectures + + +diff --git a/pkg/tsdb/prometheus/buffered/time_series_query.go b/pkg/tsdb/prometheus/buffered/time_series_query.go +index 40db2d9100..0af2d3ecab 100644 +--- a/pkg/tsdb/prometheus/buffered/time_series_query.go ++++ b/pkg/tsdb/prometheus/buffered/time_series_query.go +@@ -326,7 +326,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv + return time.Duration(0) + } + +- rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration)))) ++ rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration)))) + return rateInterval + } + diff --git a/0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch b/0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch new file mode 100644 index 0000000000000000000000000000000000000000..9dc7e5e30ad192824d4a35e000269d39da6d9f6a --- /dev/null +++ b/0009-Prometheus-Fix-integer-overflow-in-rate-interval-cal.patch @@ -0,0 +1,20 @@ +From 09be2f6709e7d05a2f75756c5f58b0602b54af72 Mon Sep 17 00:00:00 2001 +From: Andreas Gerstmayr +Date: Tue, 5 Jul 2022 17:04:13 +0200 +Subject: [PATCH] Prometheus: Fix integer overflow in rate interval calculation + on 32-bit architectures 2 + + +diff --git a/pkg/tsdb/prometheus/models/query.go b/pkg/tsdb/prometheus/models/query.go +index bdd48d08ed..aa2b1f9945 100644 +--- a/pkg/tsdb/prometheus/models/query.go ++++ b/pkg/tsdb/prometheus/models/query.go +@@ -181,7 +181,7 @@ func calculateRateInterval(interval time.Duration, scrapeInterval string, interv + return time.Duration(0) + } + +- rateInterval := time.Duration(int(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration)))) ++ rateInterval := time.Duration(int64(math.Max(float64(interval+scrapeIntervalDuration), float64(4)*float64(scrapeIntervalDuration)))) + return rateInterval + } + diff --git a/0010-v9.0.x-Login-email-before-username-57406.patch b/0010-v9.0.x-Login-email-before-username-57406.patch new file mode 100644 index 0000000000000000000000000000000000000000..427ec5776f16dbeb9f29d025ee559858d797bc63 --- /dev/null +++ b/0010-v9.0.x-Login-email-before-username-57406.patch @@ -0,0 +1,100 @@ +From 74f3c59f7096b5c31d5c218310b20775eb111d0f Mon Sep 17 00:00:00 2001 +From: Karl Persson +Date: Fri, 21 Oct 2022 14:15:21 +0200 +Subject: [PATCH] [v9.0.x] Login email before username (#57406) + +* Add test for username/login field conflict + +* Swap order of login fields + +Co-authored-by: linoman <2051016+linoman@users.noreply.github.com> + +diff --git a/pkg/services/sqlstore/user.go b/pkg/services/sqlstore/user.go +index 9cd80da396..00e3ddc2df 100644 +--- a/pkg/services/sqlstore/user.go ++++ b/pkg/services/sqlstore/user.go +@@ -170,20 +170,24 @@ func (ss *SQLStore) GetUserByLogin(ctx context.Context, query *models.GetUserByL + return models.ErrUserNotFound + } + +- // Try and find the user by login first. +- // It's not sufficient to assume that a LoginOrEmail with an "@" is an email. ++ var has bool ++ var err error + user := &models.User{Login: query.LoginOrEmail} +- has, err := sess.Where(notServiceAccountFilter(ss)).Get(user) +- +- if err != nil { +- return err +- } + +- if !has && strings.Contains(query.LoginOrEmail, "@") { +- // If the user wasn't found, and it contains an "@" fallback to finding the +- // user by email. ++ // Since username can be an email address, attempt login with email address ++ // first if the login field has the "@" symbol. ++ if strings.Contains(query.LoginOrEmail, "@") { + user = &models.User{Email: query.LoginOrEmail} + has, err = sess.Get(user) ++ ++ if err != nil { ++ return err ++ } ++ } ++ ++ // Lookup the login field instead of email field ++ if !has { ++ has, err = sess.Where(notServiceAccountFilter(ss)).Get(user) + } + + if err != nil { +diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go +index d3803fa0c9..da23a7cca9 100644 +--- a/pkg/services/sqlstore/user_test.go ++++ b/pkg/services/sqlstore/user_test.go +@@ -51,6 +51,45 @@ func TestIntegrationUserDataAccess(t *testing.T) { + require.False(t, query.Result.IsDisabled) + }) + ++ t.Run("Get User by login - user_2 uses user_1.email as login", func(t *testing.T) { ++ ss = InitTestDB(t) ++ ++ // create user_1 ++ cmd := models.CreateUserCommand{ ++ Email: "user_1@mail.com", ++ Name: "user_1", ++ Login: "user_1", ++ Password: "user_1_password", ++ IsDisabled: true, ++ } ++ user_1, err := ss.CreateUser(context.Background(), cmd) ++ require.Nil(t, err) ++ ++ // create user_2 ++ cmd = models.CreateUserCommand{ ++ Email: "user_2@mail.com", ++ Name: "user_2", ++ Login: "user_1@mail.com", ++ Password: "user_2_password", ++ IsDisabled: true, ++ } ++ user_2, err := ss.CreateUser(context.Background(), cmd) ++ require.Nil(t, err) ++ ++ // query user database for user_1 email ++ query := models.GetUserByLoginQuery{LoginOrEmail: "user_1@mail.com"} ++ err = ss.GetUserByLogin(context.Background(), &query) ++ require.Nil(t, err) ++ ++ // expect user_1 as result ++ require.Equal(t, user_1.Email, query.Result.Email) ++ require.Equal(t, user_1.Login, query.Result.Login) ++ require.Equal(t, user_1.Name, query.Result.Name) ++ require.NotEqual(t, user_2.Email, query.Result.Email) ++ require.NotEqual(t, user_2.Login, query.Result.Login) ++ require.NotEqual(t, user_2.Name, query.Result.Name) ++ }) ++ + t.Run("Testing DB - creates and loads disabled user", func(t *testing.T) { + ss = InitTestDB(t) + cmd := models.CreateUserCommand{ diff --git a/003-fix-dashboard-abspath-test.patch b/003-fix-dashboard-abspath-test.patch deleted file mode 100644 index ad7e5bff0cd0315b301a26acd9e3ed9f06438128..0000000000000000000000000000000000000000 --- a/003-fix-dashboard-abspath-test.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/pkg/services/provisioning/dashboards/file_reader_linux_test.go b/pkg/services/provisioning/dashboards/file_reader_linux_test.go -index 3584bbc242..1a89767b69 100644 ---- a/pkg/services/provisioning/dashboards/file_reader_linux_test.go -+++ b/pkg/services/provisioning/dashboards/file_reader_linux_test.go -@@ -28,6 +28,7 @@ func TestProvisionedSymlinkedFolder(t *testing.T) { - } - - want, err := filepath.Abs(containingID) -+ want, err = filepath.EvalSymlinks(want) - - if err != nil { - t.Errorf("expected err to be nil") -diff --git a/pkg/services/provisioning/dashboards/file_reader_test.go b/pkg/services/provisioning/dashboards/file_reader_test.go -index 946d487d5f..2acef40eed 100644 ---- a/pkg/services/provisioning/dashboards/file_reader_test.go -+++ b/pkg/services/provisioning/dashboards/file_reader_test.go -@@ -318,6 +318,7 @@ func TestDashboardFileReader(t *testing.T) { - } - - absPath1, err := filepath.Abs(unprovision + "/dashboard1.json") -+ absPath1, err = filepath.EvalSymlinks(absPath1) - So(err, ShouldBeNil) - // This one does not exist on disk, simulating a deleted file - absPath2, err := filepath.Abs(unprovision + "/dashboard2.json") diff --git a/004-skip-x86-goldenfiles-tests.patch b/004-skip-x86-goldenfiles-tests.patch deleted file mode 100644 index bb61e0be0161a7cba543518f38b8604b640379b2..0000000000000000000000000000000000000000 --- a/004-skip-x86-goldenfiles-tests.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff --git a/packages/grafana-data/src/dataframe/ArrowDataFrame.test.ts b/packages/grafana-data/src/dataframe/ArrowDataFrame.test.ts -index 96efaccfce..bcdd98144f 100644 ---- a/packages/grafana-data/src/dataframe/ArrowDataFrame.test.ts -+++ b/packages/grafana-data/src/dataframe/ArrowDataFrame.test.ts -@@ -52,7 +52,7 @@ describe('Read/Write arrow Table to DataFrame', () => { - expect(after).toEqual(before); - }); - -- test('should read all types', () => { -+ test.skip('should read all types', () => { - const fullpath = path.resolve(__dirname, './__snapshots__/all_types.golden.arrow'); - const arrow = fs.readFileSync(fullpath); - const table = Table.from([arrow]); -diff --git a/packages/grafana-runtime/src/utils/queryResponse.test.ts b/packages/grafana-runtime/src/utils/queryResponse.test.ts -index 0adb915d2c..8985d7beab 100644 ---- a/packages/grafana-runtime/src/utils/queryResponse.test.ts -+++ b/packages/grafana-runtime/src/utils/queryResponse.test.ts -@@ -47,7 +47,7 @@ const emptyResults = { - /* eslint-enable */ - - describe('Query Response parser', () => { -- test('should parse output with dataframe', () => { -+ test.skip('should parse output with dataframe', () => { - const res = toDataQueryResponse(resp); - const frames = res.data; - expect(frames).toHaveLength(2); -@@ -131,7 +131,7 @@ describe('Query Response parser', () => { - `); - }); - -- test('should parse output with dataframe in order of queries', () => { -+ test.skip('should parse output with dataframe in order of queries', () => { - const queries: DataQuery[] = [{ refId: 'B' }, { refId: 'A' }]; - const res = toDataQueryResponse(resp, queries); - const frames = res.data; -@@ -250,7 +250,7 @@ describe('Query Response parser', () => { - expect(ids).toEqual(['A', 'B', 'X']); - }); - -- test('resultWithError', () => { -+ test.skip('resultWithError', () => { - // Generated from: - // qdr.Responses[q.GetRefID()] = backend.DataResponse{ - // Error: fmt.Errorf("an Error: %w", fmt.Errorf("another error")), -diff --git a/pkg/tsdb/influxdb/flux/executor_test.go b/pkg/tsdb/influxdb/flux/executor_test.go -index 7cfc8bd20a..add6b5f3b8 100644 ---- a/pkg/tsdb/influxdb/flux/executor_test.go -+++ b/pkg/tsdb/influxdb/flux/executor_test.go -@@ -68,6 +68,7 @@ func executeMockedQuery(t *testing.T, name string, query queryModel) *backend.Da - } - - func verifyGoldenResponse(t *testing.T, name string) *backend.DataResponse { -+ t.Skip("x86 memory dump is not compatible with other architectures") - dr := executeMockedQuery(t, name, queryModel{MaxDataPoints: 100}) - - err := experimental.CheckGoldenDataResponse(filepath.Join("testdata", fmt.Sprintf("%s.golden.txt", name)), -diff --git a/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts b/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts -index afc8ba357b..587092a58d 100644 ---- a/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts -+++ b/public/app/plugins/datasource/cloudwatch/specs/datasource.test.ts -@@ -78,7 +78,7 @@ describe('CloudWatchDatasource', () => { - }); - - describe('When getting log groups', () => { -- it('should return log groups as an array of strings', async () => { -+ it.skip('should return log groups as an array of strings', async () => { - const response = { - results: { - A: { diff --git a/005-remove-unused-dependencies.patch b/005-remove-unused-dependencies.patch deleted file mode 100644 index 19d72f0fdd6a7575d1e51accd81f204ea0fc2ae8..0000000000000000000000000000000000000000 --- a/005-remove-unused-dependencies.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff --git a/go.mod b/go.mod -index 426b70ab7a..dc0c9a61ef 100644 ---- a/go.mod -+++ b/go.mod -@@ -21,7 +21,6 @@ require ( - github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b - github.com/centrifugal/centrifuge v0.13.0 - github.com/cortexproject/cortex v1.4.1-0.20201022071705-85942c5703cf -- github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce - github.com/davecgh/go-spew v1.1.1 - github.com/denisenkom/go-mssqldb v0.0.0-20200910202707-1e08a3fab204 - github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect -@@ -57,7 +56,6 @@ require ( - github.com/jmespath/go-jmespath v0.4.0 - github.com/jonboulle/clockwork v0.2.2 // indirect - github.com/json-iterator/go v1.1.10 -- github.com/jung-kurt/gofpdf v1.16.2 - github.com/lib/pq v1.9.0 - github.com/linkedin/goavro/v2 v2.10.0 - github.com/magefile/mage v1.11.0 -diff --git a/go.sum b/go.sum -index 98874d6a7c..03243066ac 100644 ---- a/go.sum -+++ b/go.sum -@@ -282,8 +282,6 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsr - github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= - github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= - github.com/crewjam/httperr v0.0.0-20190612203328-a946449404da/go.mod h1:+rmNIXRvYMqLQeR4DHyTvs6y0MEMymTz4vyFpFkKTPs= --github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce h1:pAuTpLhCqC20s2RLhUirfw606jReW+8z2U5EvG+0S7E= --github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce/go.mod h1:/gCaeLf13J8/621RNZ6TaExji/8xCWcn6UmdJ57wURQ= - github.com/crossdock/crossdock-go v0.0.0-20160816171116-049aabb0122b/go.mod h1:v9FBN7gdVTpiD/+LZ7Po0UKvROyT87uLVxTHVky/dlQ= - github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= - github.com/cznic/b v0.0.0-20180115125044-35e9bbe41f07/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8= -@@ -914,10 +912,6 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7 - github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= - github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= - github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= --github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= --github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= --github.com/jung-kurt/gofpdf v1.16.2 h1:jgbatWHfRlPYiK85qgevsZTHviWXKwB1TTiKdz5PtRc= --github.com/jung-kurt/gofpdf v1.16.2/go.mod h1:1hl7y57EsiPAkLbOwzpzqgx1A30nQCk/YmFV8S2vmK0= - github.com/jwilder/encoding v0.0.0-20170811194829-b4e1701a28ef/go.mod h1:Ct9fl0F6iIOGgxJ5npU/IUOhOhqlVrGjyIZc8/MagT0= - github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88 h1:uC1QfSlInpQF+M0ao65imhwqKnz3Q2z/d8PWZRMQvDM= - github.com/k0kubun/colorstring v0.0.0-20150214042306-9440f1994b88/go.mod h1:3w7q1U84EfirKl04SVQ/s7nPm1ZPhiXd34z40TNz36k= -diff --git a/pkg/extensions/main.go b/pkg/extensions/main.go -index 24031ace2e..081475fc89 100644 ---- a/pkg/extensions/main.go -+++ b/pkg/extensions/main.go -@@ -6,14 +6,12 @@ import ( - - _ "github.com/beevik/etree" - _ "github.com/cortexproject/cortex/pkg/util" -- _ "github.com/crewjam/saml" - _ "github.com/gobwas/glob" - "github.com/grafana/grafana/pkg/registry" - "github.com/grafana/grafana/pkg/services/licensing" - "github.com/grafana/grafana/pkg/services/validations" - _ "github.com/grafana/loki/pkg/logproto" - _ "github.com/grpc-ecosystem/go-grpc-middleware" -- _ "github.com/jung-kurt/gofpdf" - _ "github.com/linkedin/goavro/v2" - _ "github.com/pkg/errors" - _ "github.com/robfig/cron" diff --git a/006-fix-gtime-test-32bit.patch b/006-fix-gtime-test-32bit.patch deleted file mode 100644 index c38a50fedd406e26159012aca17d000aab11ae83..0000000000000000000000000000000000000000 --- a/006-fix-gtime-test-32bit.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/pkg/components/gtime/gtime_test.go b/pkg/components/gtime/gtime_test.go -index 0b1b23a1db..eb9fe718c7 100644 ---- a/pkg/components/gtime/gtime_test.go -+++ b/pkg/components/gtime/gtime_test.go -@@ -20,9 +20,9 @@ func TestParseInterval(t *testing.T) { - {inp: "1d", duration: 24 * time.Hour}, - {inp: "1w", duration: 168 * time.Hour}, - {inp: "2w", duration: 2 * 168 * time.Hour}, -- {inp: "1M", duration: time.Duration(daysInMonth * 24 * int(time.Hour))}, -- {inp: "1y", duration: time.Duration(daysInYear * 24 * int(time.Hour))}, -- {inp: "5y", duration: time.Duration(calculateDays5y() * 24 * int(time.Hour))}, -+ {inp: "1M", duration: time.Duration(int64(daysInMonth) * 24 * int64(time.Hour))}, -+ {inp: "1y", duration: time.Duration(int64(daysInYear) * 24 * int64(time.Hour))}, -+ {inp: "5y", duration: time.Duration(int64(calculateDays5y()) * 24 * int64(time.Hour))}, - {inp: "invalid-duration", err: regexp.MustCompile(`^time: invalid duration "?invalid-duration"?$`)}, - } - for i, tc := range tcs { diff --git a/008-remove-unused-frontend-crypto.patch b/008-remove-unused-frontend-crypto.patch deleted file mode 100644 index 2409e23b8e69d23491d8af67e8d18fea2ad53c2f..0000000000000000000000000000000000000000 --- a/008-remove-unused-frontend-crypto.patch +++ /dev/null @@ -1,26 +0,0 @@ -diff --git a/package.json b/package.json -index 9c5a2d93e2..7f65949ea4 100644 ---- a/package.json -+++ b/package.json -@@ -294,6 +294,9 @@ - "whatwg-fetch": "3.1.0" - }, - "resolutions": { -+ "crypto-browserify": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", -+ "selfsigned": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", -+ "http-signature": "https://registry.yarnpkg.com/@favware/skip-dependency/-/skip-dependency-1.1.1.tgz", - "caniuse-db": "1.0.30000772", - "react-use-measure": "https://github.com/mckn/react-use-measure.git#remove-cjs-export" - }, -diff --git a/scripts/webpack/webpack.common.js b/scripts/webpack/webpack.common.js -index 3e56d31c37..a03ed1a67a 100644 ---- a/scripts/webpack/webpack.common.js -+++ b/scripts/webpack/webpack.common.js -@@ -66,6 +66,7 @@ module.exports = { - }, - node: { - fs: 'empty', -+ crypto: false, - }, - plugins: [ - new MonacoWebpackPlugin({ diff --git a/011-CVE-2021-43813.patch b/011-CVE-2021-43813.patch deleted file mode 100644 index 375b36460c35af8a68386026d1aa5b894cddcec5..0000000000000000000000000000000000000000 --- a/011-CVE-2021-43813.patch +++ /dev/null @@ -1,52 +0,0 @@ -commit ea77415cfe2cefe46ffce233076a1409abaa8df7 -Author: Will Browne -Date: Fri Dec 10 11:29:12 2021 +0000 - - apply fix (#42969) - -diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go -index e6370a29e7..c7199c716e 100644 ---- a/pkg/plugins/plugins.go -+++ b/pkg/plugins/plugins.go -@@ -491,15 +491,15 @@ func GetPluginMarkdown(pluginId string, name string) ([]byte, error) { - } - - // nolint:gosec -- // We can ignore the gosec G304 warning on this one because `plug.PluginDir` is based -- // on plugin the folder structure on disk and not user input. -- path := filepath.Join(plug.PluginDir, fmt.Sprintf("%s.md", strings.ToUpper(name))) -+ // We can ignore the gosec G304 warning since we have cleaned the requested file path and subsequently -+ // use this with a prefix of the plugin's directory, which is set during plugin loading -+ path := filepath.Join(plug.PluginDir, mdFilepath(strings.ToUpper(name))) - exists, err := fs.Exists(path) - if err != nil { - return nil, err - } - if !exists { -- path = filepath.Join(plug.PluginDir, fmt.Sprintf("%s.md", strings.ToLower(name))) -+ path = filepath.Join(plug.PluginDir, mdFilepath(strings.ToLower(name))) - } - - exists, err = fs.Exists(path) -@@ -511,8 +511,8 @@ func GetPluginMarkdown(pluginId string, name string) ([]byte, error) { - } - - // nolint:gosec -- // We can ignore the gosec G304 warning on this one because `plug.PluginDir` is based -- // on plugin the folder structure on disk and not user input. -+ // We can ignore the gosec G304 warning since we have cleaned the requested file path and subsequently -+ // use this with a prefix of the plugin's directory, which is set during plugin loading - data, err := ioutil.ReadFile(path) - if err != nil { - return nil, err -@@ -520,6 +520,10 @@ func GetPluginMarkdown(pluginId string, name string) ([]byte, error) { - return data, nil - } - -+func mdFilepath(mdFilename string) string { -+ return filepath.Clean(filepath.Join("/", fmt.Sprintf("%s.md", mdFilename))) -+} -+ - // gets plugin filenames that require verification for plugin signing - func collectPluginFilesWithin(rootDir string) ([]string, error) { - var files []string diff --git a/012-fix-CVE-2022-31107.patch b/012-fix-CVE-2022-31107.patch deleted file mode 100644 index 8ec352a975ca0faff5d3682e9dd0f152f9ca9312..0000000000000000000000000000000000000000 --- a/012-fix-CVE-2022-31107.patch +++ /dev/null @@ -1,353 +0,0 @@ -From dea50c6fbd9eccb09236f0d057eed6f1c4f8368a Mon Sep 17 00:00:00 2001 -From: Andreas Gerstmayr -Date: Fri, 15 Jul 2022 14:05:14 +0200 -Subject: [PATCH] fix CVE-2022-31107 - -backport 967e17d7ef6bc62a108add33ea699710f0e15870 from v8.4.10 - -Co-authored-by: Karl Persson -Co-authored-by: Jguer - -diff --git a/pkg/api/ldap_debug.go b/pkg/api/ldap_debug.go -index 126e760b67..c9e2b606c5 100644 ---- a/pkg/api/ldap_debug.go -+++ b/pkg/api/ldap_debug.go -@@ -215,6 +215,11 @@ func (hs *HTTPServer) PostSyncUserWithLDAP(c *models.ReqContext) response.Respon - ReqContext: c, - ExternalUser: user, - SignupAllowed: hs.Cfg.LDAPAllowSignup, -+ UserLookupParams: models.UserLookupParams{ -+ UserID: &query.Result.Id, // Upsert by ID only -+ Email: nil, -+ Login: nil, -+ }, - } - - err = bus.Dispatch(upsertCmd) -diff --git a/pkg/api/login_oauth.go b/pkg/api/login_oauth.go -index 1fce9b6f61..611d51444f 100644 ---- a/pkg/api/login_oauth.go -+++ b/pkg/api/login_oauth.go -@@ -250,6 +250,11 @@ func syncUser( - ReqContext: ctx, - ExternalUser: extUser, - SignupAllowed: connect.IsSignupAllowed(), -+ UserLookupParams: models.UserLookupParams{ -+ Email: &extUser.Email, -+ UserID: nil, -+ Login: nil, -+ }, - } - if err := bus.Dispatch(cmd); err != nil { - return nil, err -diff --git a/pkg/login/ldap_login.go b/pkg/login/ldap_login.go -index cb5d984e73..82dac2ee9e 100644 ---- a/pkg/login/ldap_login.go -+++ b/pkg/login/ldap_login.go -@@ -56,9 +56,13 @@ var loginUsingLDAP = func(query *models.LoginUserQuery) (bool, error) { - ReqContext: query.ReqContext, - ExternalUser: externalUser, - SignupAllowed: setting.LDAPAllowSignup, -+ UserLookupParams: models.UserLookupParams{ -+ Login: &externalUser.Login, -+ Email: &externalUser.Email, -+ UserID: nil, -+ }, - } -- err = bus.Dispatch(upsert) -- if err != nil { -+ if err = bus.Dispatch(upsert); err != nil { - return true, err - } - query.User = upsert.Result -diff --git a/pkg/models/user_auth.go b/pkg/models/user_auth.go -index 2061cf048b..a98efe659e 100644 ---- a/pkg/models/user_auth.go -+++ b/pkg/models/user_auth.go -@@ -54,11 +54,11 @@ type RequestURIKey struct{} - // COMMANDS - - type UpsertUserCommand struct { -- ReqContext *ReqContext -- ExternalUser *ExternalUserInfo -+ ReqContext *ReqContext -+ ExternalUser *ExternalUserInfo -+ UserLookupParams -+ Result *User - SignupAllowed bool -- -- Result *User - } - - type SetAuthInfoCommand struct { -@@ -95,13 +95,18 @@ type LoginUserQuery struct { - type GetUserByAuthInfoQuery struct { - AuthModule string - AuthId string -- UserId int64 -- Email string -- Login string -+ UserLookupParams - - Result *User - } - -+type UserLookupParams struct { -+ // Describes lookup order as well -+ UserID *int64 // if set, will try to find the user by id -+ Email *string // if set, will try to find the user by email -+ Login *string // if set, will try to find the user by login -+} -+ - type GetExternalUserInfoByLoginQuery struct { - LoginOrEmail string - -diff --git a/pkg/services/contexthandler/authproxy/authproxy.go b/pkg/services/contexthandler/authproxy/authproxy.go -index 80e5a5b9e0..0d834748a7 100644 ---- a/pkg/services/contexthandler/authproxy/authproxy.go -+++ b/pkg/services/contexthandler/authproxy/authproxy.go -@@ -246,6 +246,11 @@ func (auth *AuthProxy) LoginViaLDAP() (int64, error) { - ReqContext: auth.ctx, - SignupAllowed: auth.cfg.LDAPAllowSignup, - ExternalUser: extUser, -+ UserLookupParams: models.UserLookupParams{ -+ Login: &extUser.Login, -+ Email: &extUser.Email, -+ UserID: nil, -+ }, - } - if err := bus.Dispatch(upsert); err != nil { - return 0, err -@@ -288,6 +293,11 @@ func (auth *AuthProxy) LoginViaHeader() (int64, error) { - ReqContext: auth.ctx, - SignupAllowed: auth.cfg.AuthProxyAutoSignUp, - ExternalUser: extUser, -+ UserLookupParams: models.UserLookupParams{ -+ UserID: nil, -+ Login: &extUser.Login, -+ Email: &extUser.Email, -+ }, - } - - err := bus.Dispatch(upsert) -diff --git a/pkg/services/login/login.go b/pkg/services/login/login.go -index 9e08a36b06..b74d1d3e8f 100644 ---- a/pkg/services/login/login.go -+++ b/pkg/services/login/login.go -@@ -37,11 +37,9 @@ func (ls *LoginService) UpsertUser(cmd *models.UpsertUserCommand) error { - extUser := cmd.ExternalUser - - userQuery := &models.GetUserByAuthInfoQuery{ -- AuthModule: extUser.AuthModule, -- AuthId: extUser.AuthId, -- UserId: extUser.UserId, -- Email: extUser.Email, -- Login: extUser.Login, -+ AuthModule: extUser.AuthModule, -+ AuthId: extUser.AuthId, -+ UserLookupParams: cmd.UserLookupParams, - } - if err := bus.Dispatch(userQuery); err != nil { - if !errors.Is(err, models.ErrUserNotFound) { -diff --git a/pkg/services/login/login_test.go b/pkg/services/login/login_test.go -index 04953b567a..dd84ee29c8 100644 ---- a/pkg/services/login/login_test.go -+++ b/pkg/services/login/login_test.go -@@ -82,10 +82,12 @@ func Test_teamSync(t *testing.T) { - QuotaService: "a.QuotaService{}, - } - -- upserCmd := &models.UpsertUserCommand{ExternalUser: &models.ExternalUserInfo{Email: "test_user@example.org"}} -+ email := "test_user@example.org" -+ upserCmd := &models.UpsertUserCommand{ExternalUser: &models.ExternalUserInfo{Email: email}, -+ UserLookupParams: models.UserLookupParams{Email: &email}} - expectedUser := &models.User{ - Id: 1, -- Email: "test_user@example.org", -+ Email: email, - Name: "test_user", - Login: "test_user", - } -diff --git a/pkg/services/sqlstore/user_auth.go b/pkg/services/sqlstore/user_auth.go -index 0bef79e160..5fd744172b 100644 ---- a/pkg/services/sqlstore/user_auth.go -+++ b/pkg/services/sqlstore/user_auth.go -@@ -40,11 +40,12 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error { - } - - // if user id was specified and doesn't match the user_auth entry, remove it -- if query.UserId != 0 && query.UserId != authQuery.Result.UserId { -- err = DeleteAuthInfo(&models.DeleteAuthInfoCommand{ -+ if query.UserLookupParams.UserID != nil && -+ *query.UserLookupParams.UserID != 0 && -+ *query.UserLookupParams.UserID != authQuery.Result.UserId { -+ if err := DeleteAuthInfo(&models.DeleteAuthInfoCommand{ - UserAuth: authQuery.Result, -- }) -- if err != nil { -+ }); err != nil { - sqlog.Error("Error removing user_auth entry", "error", err) - } - -@@ -70,17 +71,18 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error { - } - } - -+ params := query.UserLookupParams - // If not found, try to find the user by id -- if !has && query.UserId != 0 { -- has, err = x.Id(query.UserId).Get(user) -+ if !has && params.UserID != nil && *params.UserID != 0 { -+ has, err = x.Id(*params.UserID).Get(user) - if err != nil { - return err - } - } - - // If not found, try to find the user by email address -- if !has && query.Email != "" { -- user = &models.User{Email: query.Email} -+ if !has && params.Email != nil && *params.Email != "" { -+ user = &models.User{Email: *params.Email} - has, err = x.Get(user) - if err != nil { - return err -@@ -88,8 +90,8 @@ func GetUserByAuthInfo(query *models.GetUserByAuthInfoQuery) error { - } - - // If not found, try to find the user by login -- if !has && query.Login != "" { -- user = &models.User{Login: query.Login} -+ if !has && params.Login != nil && *params.Login != "" { -+ user = &models.User{Login: *params.Login} - has, err = x.Get(user) - if err != nil { - return err -diff --git a/pkg/services/sqlstore/user_auth_test.go b/pkg/services/sqlstore/user_auth_test.go -index e5bb2379e5..d94ce34edb 100644 ---- a/pkg/services/sqlstore/user_auth_test.go -+++ b/pkg/services/sqlstore/user_auth_test.go -@@ -45,7 +45,7 @@ func TestUserAuth(t *testing.T) { - // By Login - login := "loginuser0" - -- query := &models.GetUserByAuthInfoQuery{Login: login} -+ query := &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -54,7 +54,7 @@ func TestUserAuth(t *testing.T) { - // By ID - id := query.Result.Id - -- query = &models.GetUserByAuthInfoQuery{UserId: id} -+ query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{UserID: &id}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -63,7 +63,7 @@ func TestUserAuth(t *testing.T) { - // By Email - email := "user1@test.com" - -- query = &models.GetUserByAuthInfoQuery{Email: email} -+ query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Email: &email}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -72,7 +72,7 @@ func TestUserAuth(t *testing.T) { - // Don't find nonexistent user - email = "nonexistent@test.com" - -- query = &models.GetUserByAuthInfoQuery{Email: email} -+ query = &models.GetUserByAuthInfoQuery{UserLookupParams: models.UserLookupParams{Email: &email}} - err = GetUserByAuthInfo(query) - - So(err, ShouldEqual, models.ErrUserNotFound) -@@ -90,7 +90,7 @@ func TestUserAuth(t *testing.T) { - // create user_auth entry - login := "loginuser0" - -- query.Login = login -+ query.UserLookupParams.Login = &login - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -104,9 +104,9 @@ func TestUserAuth(t *testing.T) { - So(query.Result.Login, ShouldEqual, login) - - // get with non-matching id -- id := query.Result.Id -+ idPlusOne := query.Result.Id + 1 - -- query.UserId = id + 1 -+ query.UserLookupParams.UserID = &idPlusOne - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -143,7 +143,7 @@ func TestUserAuth(t *testing.T) { - login := "loginuser0" - - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test", AuthId: "test"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "test", AuthId: "test", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - - So(err, ShouldBeNil) -@@ -178,7 +178,7 @@ func TestUserAuth(t *testing.T) { - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table - // Make the first log-in during the past - getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test1", AuthId: "test1"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "test1", AuthId: "test1", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - getTime = time.Now - -@@ -188,7 +188,7 @@ func TestUserAuth(t *testing.T) { - // Add a second auth module for this user - // Have this module's last log-in be more recent - getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } -- query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "test2", AuthId: "test2"} -+ query = &models.GetUserByAuthInfoQuery{AuthModule: "test2", AuthId: "test2", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - getTime = time.Now - -diff --git a/pkg/services/sqlstore/user_test.go b/pkg/services/sqlstore/user_test.go -index 7da19f0ef4..aa796ffb02 100644 ---- a/pkg/services/sqlstore/user_test.go -+++ b/pkg/services/sqlstore/user_test.go -@@ -455,7 +455,7 @@ func TestUserDataAccess(t *testing.T) { - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table - // Make the first log-in during the past - getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: "ldap0"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "ldap", AuthId: "ldap0", UserLookupParams: models.UserLookupParams{Login: &login}} - err := GetUserByAuthInfo(query) - getTime = time.Now - -@@ -465,7 +465,7 @@ func TestUserDataAccess(t *testing.T) { - // Add a second auth module for this user - // Have this module's last log-in be more recent - getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } -- query = &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"} -+ query = &models.GetUserByAuthInfoQuery{AuthModule: "oauth", AuthId: "oauth0", UserLookupParams: models.UserLookupParams{Login: &login}} - err = GetUserByAuthInfo(query) - getTime = time.Now - -@@ -511,7 +511,7 @@ func TestUserDataAccess(t *testing.T) { - // Calling GetUserByAuthInfoQuery on an existing user will populate an entry in the user_auth table - // Make the first log-in during the past - getTime = func() time.Time { return time.Now().AddDate(0, 0, -2) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i)} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "ldap", AuthId: fmt.Sprint("ldap", i), UserLookupParams: models.UserLookupParams{Login: &login}} - err := GetUserByAuthInfo(query) - getTime = time.Now - -@@ -522,7 +522,7 @@ func TestUserDataAccess(t *testing.T) { - // Log in first user with oauth - login := "loginuser0" - getTime = func() time.Time { return time.Now().AddDate(0, 0, -1) } -- query := &models.GetUserByAuthInfoQuery{Login: login, AuthModule: "oauth", AuthId: "oauth0"} -+ query := &models.GetUserByAuthInfoQuery{AuthModule: "oauth", AuthId: "oauth0", UserLookupParams: models.UserLookupParams{Login: &login}} - err := GetUserByAuthInfo(query) - getTime = time.Now - diff --git a/009-patch-unused-backend-crypto.patch b/1001-vendor-patch-removed-backend-crypto.patch similarity index 37% rename from 009-patch-unused-backend-crypto.patch rename to 1001-vendor-patch-removed-backend-crypto.patch index 12be571ede7ab7d243920bce83a66aed6487d11f..383b6e25f3c3503d0452be567a666cb179331930 100644 --- a/009-patch-unused-backend-crypto.patch +++ b/1001-vendor-patch-removed-backend-crypto.patch @@ -1,6 +1,12 @@ +patch removed backend crypto + +the `Makefile` removed a few files containing (unused) crypto +algorithms from the vendor tarball, which are not used in Grafana. +This patch removes all references to the deleted files. + diff --git a/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go new file mode 100644 -index 0000000..871e612 +index 0000000000..871e612a61 --- /dev/null +++ b/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go @@ -0,0 +1,25 @@ @@ -30,10 +36,10 @@ index 0000000..871e612 + panic("ElGamal encryption not available") +} diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go -index 9728d61..9f04c2d 100644 +index 0a19794a8e..25a5ee9158 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go -@@ -16,7 +16,6 @@ import ( +@@ -22,7 +22,6 @@ import ( "math/big" "math/bits" @@ -41,7 +47,7 @@ index 9728d61..9f04c2d 100644 "golang.org/x/crypto/openpgp/errors" ) -@@ -487,7 +486,7 @@ func (cipher CipherFunction) KeySize() int { +@@ -493,7 +492,7 @@ func (cipher CipherFunction) KeySize() int { case Cipher3DES: return 24 case CipherCAST5: @@ -50,7 +56,7 @@ index 9728d61..9f04c2d 100644 case CipherAES128: return 16 case CipherAES192: -@@ -517,7 +516,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) { +@@ -523,7 +522,7 @@ func (cipher CipherFunction) new(key []byte) (block cipher.Block) { case Cipher3DES: block, _ = des.NewTripleDESCipher(key) case CipherCAST5: @@ -60,7 +66,7 @@ index 9728d61..9f04c2d 100644 block, _ = aes.NewCipher(key) } diff --git a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go -index 6126030..3a54c5f 100644 +index 6126030eb9..3a54c5f2b1 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go @@ -5,13 +5,12 @@ @@ -166,3 +172,256 @@ index 6126030..3a54c5f 100644 - return + panic("OCFB cipher not available") } +diff --git a/vendor/golang.org/x/crypto/pkcs12/crypto.go b/vendor/golang.org/x/crypto/pkcs12/crypto.go +index 484ca51b71..5f502b8df1 100644 +--- a/vendor/golang.org/x/crypto/pkcs12/crypto.go ++++ b/vendor/golang.org/x/crypto/pkcs12/crypto.go +@@ -11,8 +11,6 @@ import ( + "crypto/x509/pkix" + "encoding/asn1" + "errors" +- +- "golang.org/x/crypto/pkcs12/internal/rc2" + ) + + var ( +@@ -46,10 +44,6 @@ func (shaWithTripleDESCBC) deriveIV(salt, password []byte, iterations int) []byt + + type shaWith40BitRC2CBC struct{} + +-func (shaWith40BitRC2CBC) create(key []byte) (cipher.Block, error) { +- return rc2.New(key, len(key)*8) +-} +- + func (shaWith40BitRC2CBC) deriveKey(salt, password []byte, iterations int) []byte { + return pbkdf(sha1Sum, 20, 64, salt, password, iterations, 1, 5) + } +@@ -70,7 +64,7 @@ func pbDecrypterFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher + case algorithm.Algorithm.Equal(oidPBEWithSHAAnd3KeyTripleDESCBC): + cipherType = shaWithTripleDESCBC{} + case algorithm.Algorithm.Equal(oidPBEWithSHAAnd40BitRC2CBC): +- cipherType = shaWith40BitRC2CBC{} ++ panic("RC2 encryption not available") + default: + return nil, 0, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported") + } +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +index ae3ebc03b9..11dbc3c56e 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/handler.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/handler.go +@@ -16,13 +16,11 @@ + package web + + import ( +- "encoding/hex" + "fmt" + "net/http" + "sync" + + "github.com/go-kit/log" +- "golang.org/x/crypto/bcrypt" + ) + + // extraHTTPHeaders is a map of HTTP headers that can be added to HTTP +@@ -36,22 +34,6 @@ var extraHTTPHeaders = map[string][]string{ + "Content-Security-Policy": nil, + } + +-func validateUsers(configPath string) error { +- c, err := getConfig(configPath) +- if err != nil { +- return err +- } +- +- for _, p := range c.Users { +- _, err = bcrypt.Cost([]byte(p)) +- if err != nil { +- return err +- } +- } +- +- return nil +-} +- + // validateHeaderConfig checks that the provided header configuration is correct. + // It does not check the validity of all the values, only the ones which are + // well-defined enumerations. +@@ -83,55 +65,3 @@ type webHandler struct { + // only once in parallel as this is CPU intensive. + bcryptMtx sync.Mutex + } +- +-func (u *webHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) { +- c, err := getConfig(u.tlsConfigPath) +- if err != nil { +- u.logger.Log("msg", "Unable to parse configuration", "err", err) +- http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) +- return +- } +- +- // Configure http headers. +- for k, v := range c.HTTPConfig.Header { +- w.Header().Set(k, v) +- } +- +- if len(c.Users) == 0 { +- u.handler.ServeHTTP(w, r) +- return +- } +- +- user, pass, auth := r.BasicAuth() +- if auth { +- hashedPassword, validUser := c.Users[user] +- +- if !validUser { +- // The user is not found. Use a fixed password hash to +- // prevent user enumeration by timing requests. +- // This is a bcrypt-hashed version of "fakepassword". +- hashedPassword = "$2y$10$QOauhQNbBCuQDKes6eFzPeMqBSjb7Mr5DUmpZ/VcEd00UAV/LDeSi" +- } +- +- cacheKey := hex.EncodeToString(append(append([]byte(user), []byte(hashedPassword)...), []byte(pass)...)) +- authOk, ok := u.cache.get(cacheKey) +- +- if !ok { +- // This user, hashedPassword, password is not cached. +- u.bcryptMtx.Lock() +- err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(pass)) +- u.bcryptMtx.Unlock() +- +- authOk = err == nil +- u.cache.set(cacheKey, authOk) +- } +- +- if authOk && validUser { +- u.handler.ServeHTTP(w, r) +- return +- } +- } +- +- w.Header().Set("WWW-Authenticate", "Basic") +- http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) +-} +diff --git a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go +index 2668964a06..291464ba7e 100644 +--- a/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go ++++ b/vendor/github.com/prometheus/exporter-toolkit/web/tls_config.go +@@ -18,12 +18,8 @@ import ( + "crypto/x509" + "fmt" + "io/ioutil" +- "net" +- "net/http" + "path/filepath" + +- "github.com/go-kit/log" +- "github.com/go-kit/log/level" + "github.com/pkg/errors" + config_util "github.com/prometheus/common/config" + "gopkg.in/yaml.v2" +@@ -177,93 +173,6 @@ func ConfigToTLSConfig(c *TLSStruct) (*tls.Config, error) { + return cfg, nil + } + +-// ListenAndServe starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-func ListenAndServe(server *http.Server, tlsConfigPath string, logger log.Logger) error { +- listener, err := net.Listen("tcp", server.Addr) +- if err != nil { +- return err +- } +- defer listener.Close() +- return Serve(listener, server, tlsConfigPath, logger) +-} +- +-// Server starts the server on the given listener. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-func Serve(l net.Listener, server *http.Server, tlsConfigPath string, logger log.Logger) error { +- if tlsConfigPath == "" { +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false) +- return server.Serve(l) +- } +- +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- +- // Setup basic authentication. +- var handler http.Handler = http.DefaultServeMux +- if server.Handler != nil { +- handler = server.Handler +- } +- +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- +- server.Handler = &webHandler{ +- tlsConfigPath: tlsConfigPath, +- logger: logger, +- handler: handler, +- cache: newCache(), +- } +- +- config, err := ConfigToTLSConfig(&c.TLSConfig) +- switch err { +- case nil: +- if !c.HTTPConfig.HTTP2 { +- server.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler)) +- } +- // Valid TLS config. +- level.Info(logger).Log("msg", "TLS is enabled.", "http2", c.HTTPConfig.HTTP2) +- case errNoTLSConfig: +- // No TLS config, back to plain HTTP. +- level.Info(logger).Log("msg", "TLS is disabled.", "http2", false) +- return server.Serve(l) +- default: +- // Invalid TLS config. +- return err +- } +- +- server.TLSConfig = config +- +- // Set the GetConfigForClient method of the HTTPS server so that the config +- // and certs are reloaded on new connections. +- server.TLSConfig.GetConfigForClient = func(*tls.ClientHelloInfo) (*tls.Config, error) { +- return getTLSConfig(tlsConfigPath) +- } +- return server.ServeTLS(l, "", "") +-} +- +-// Validate configuration file by reading the configuration and the certificates. +-func Validate(tlsConfigPath string) error { +- if tlsConfigPath == "" { +- return nil +- } +- if err := validateUsers(tlsConfigPath); err != nil { +- return err +- } +- c, err := getConfig(tlsConfigPath) +- if err != nil { +- return err +- } +- _, err = ConfigToTLSConfig(&c.TLSConfig) +- if err == errNoTLSConfig { +- return nil +- } +- return err +-} +- + type cipher uint16 + + func (c *cipher) UnmarshalYAML(unmarshal func(interface{}) error) error { +@@ -346,11 +255,3 @@ func (tv *tlsVersion) MarshalYAML() (interface{}, error) { + } + return fmt.Sprintf("%v", tv), nil + } +- +-// Listen starts the server on the given address. Based on the file +-// tlsConfigPath, TLS or basic auth could be enabled. +-// +-// Deprecated: Use ListenAndServe instead. +-func Listen(server *http.Server, tlsConfigPath string, logger log.Logger) error { +- return ListenAndServe(server, tlsConfigPath, logger) +-} diff --git a/010-fips.patch b/1002-vendor-use-pbkdf2-from-OpenSSL.patch similarity index 91% rename from 010-fips.patch rename to 1002-vendor-use-pbkdf2-from-OpenSSL.patch index f9adee9b8c40c6d17129c8bb1407a1529665e5f3..6b7e2570d9730adc0148b21c395770544d93c25f 100644 --- a/010-fips.patch +++ b/1002-vendor-use-pbkdf2-from-OpenSSL.patch @@ -1,6 +1,11 @@ +use pbkdf2 from OpenSSL if FIPS mode is enabled + +This patch modifies the x/crypto/pbkdf2 function to use OpenSSL +if FIPS mode is enabled. + diff --git a/vendor/golang.org/x/crypto/internal/boring/boring.go b/vendor/golang.org/x/crypto/internal/boring/boring.go new file mode 100644 -index 0000000..a9c550e +index 0000000000..5a06918832 --- /dev/null +++ b/vendor/golang.org/x/crypto/internal/boring/boring.go @@ -0,0 +1,74 @@ @@ -80,7 +85,7 @@ index 0000000..a9c550e +} diff --git a/vendor/golang.org/x/crypto/internal/boring/notboring.go b/vendor/golang.org/x/crypto/internal/boring/notboring.go new file mode 100644 -index 0000000..e244fb5 +index 0000000000..e244fb5663 --- /dev/null +++ b/vendor/golang.org/x/crypto/internal/boring/notboring.go @@ -0,0 +1,16 @@ @@ -102,17 +107,17 @@ index 0000000..e244fb5 +} diff --git a/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h new file mode 100644 -index 0000000..6dfdf10 +index 0000000000..6dfdf10424 --- /dev/null +++ b/vendor/golang.org/x/crypto/internal/boring/openssl_pbkdf2.h @@ -0,0 +1,5 @@ -+#include "/usr/lib/golang/src/crypto/internal/boring/goboringcrypto.h" ++#include "/usr/lib/golang/src/vendor/github.com/golang-fips/openssl-fips/openssl/goopenssl.h" + +DEFINEFUNC(int, PKCS5_PBKDF2_HMAC, + (const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, EVP_MD *digest, int keylen, unsigned char *out), + (pass, passlen, salt, saltlen, iter, digest, keylen, out)) diff --git a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go -index 593f653..799a611 100644 +index 593f653008..799a611f94 100644 --- a/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go +++ b/vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go @@ -19,8 +19,11 @@ pbkdf2.Key. diff --git a/1003-vendor-skip-goldenfiles-tests.patch b/1003-vendor-skip-goldenfiles-tests.patch new file mode 100644 index 0000000000000000000000000000000000000000..8f18c0ebcf79a970b333649ce540891e484436d4 --- /dev/null +++ b/1003-vendor-skip-goldenfiles-tests.patch @@ -0,0 +1,18 @@ +skip goldenfiles tests + +The golden files include memory dumps from a x86_64 machine. +Integers are stored as little endian on x86, but as big endian on s390x, +therefore loading this memory dump fails on s390x. + +diff --git a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go +index 320f40f3bd..20f5fa4f46 100644 +--- a/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go ++++ b/vendor/github.com/grafana/grafana-plugin-sdk-go/experimental/golden_response_checker.go +@@ -203,6 +203,7 @@ func CheckGoldenJSONFrame(t *testing.T, dir string, name string, f *data.Frame, + // CheckGoldenJSONResponse will verify that the stored JSON file matches the given backend.DataResponse. + func CheckGoldenJSONResponse(t *testing.T, dir string, name string, dr *backend.DataResponse, updateFile bool) { + t.Helper() ++ t.Skip("skipping test: x86_64 memory dump is not compatible with other architectures") + fpath := path.Join(dir, name+".jsonc") + + expected, err := readGoldenJSONFile(fpath) diff --git a/Makefile b/Makefile deleted file mode 100644 index dab531d2701e8e41842e679251138c3a1a878a4f..0000000000000000000000000000000000000000 --- a/Makefile +++ /dev/null @@ -1,77 +0,0 @@ -VERSION := $(shell rpm --specfile *.spec --qf '%{VERSION}\n' | head -1) -RELEASE := $(shell rpm --specfile *.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) - -NAME := grafana -RPM_NAME := $(NAME) -SOURCE_DIR := $(NAME)-$(VERSION) -SOURCE_TAR := $(NAME)-$(VERSION).tar.gz -VENDOR_TAR := $(RPM_NAME)-vendor-$(VERSION)-$(RELEASE).tar.xz -WEBPACK_TAR := $(RPM_NAME)-webpack-$(VERSION)-$(RELEASE).tar.gz - -# patches which must be applied before creating the vendor tarball, for example: -# - changes in dependency versions -# - changes in Go module imports (which affect the vendored Go modules) -PATCHES_PRE_VENDOR := \ - 005-remove-unused-dependencies.patch \ - 008-remove-unused-frontend-crypto.patch - -# patches which must be applied before creating the webpack, for example: -# - changes in Node.js sources or vendored dependencies -PATCHES_PRE_WEBPACK := - - -all: $(SOURCE_TAR) $(VENDOR_TAR) $(WEBPACK_TAR) - -$(SOURCE_TAR): - spectool -g $(RPM_NAME).spec - -$(VENDOR_TAR): $(SOURCE_TAR) - # start with a clean state - rm -rf $(SOURCE_DIR) - tar xf $(SOURCE_TAR) - - # Patches to apply before vendoring - for patch in $(PATCHES_PRE_VENDOR); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done - - # Go - cd $(SOURCE_DIR) && go mod vendor -v - # Remove unused crypto - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/cast5/cast5.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/ed25519.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/elgamal/elgamal.go - rm $(SOURCE_DIR)/vendor/golang.org/x/crypto/openpgp/packet/ocfb.go - awk '$$2~/^v/ && $$4 != "indirect" {print "Provides: bundled(golang(" $$1 ")) = " substr($$2, 2)}' $(SOURCE_DIR)/go.mod | \ - sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > $@.manifest - - # Node.js - cd $(SOURCE_DIR) && yarn install --pure-lockfile - # Remove files with licensing issues - find $(SOURCE_DIR) -type d -name 'node-notifier' -prune -exec rm -r {} \; - find $(SOURCE_DIR) -type d -name 'property-information' -prune -exec rm -r {} \; - find $(SOURCE_DIR) -type f -name '*.exe' -delete - rm -r $(SOURCE_DIR)/node_modules/visjs-network/examples - ./list_bundled_nodejs_packages.py $(SOURCE_DIR) >> $@.manifest - - # Create tarball - XZ_OPT=-9 time -p tar cJf $@ \ - $(SOURCE_DIR)/vendor \ - $$(find $(SOURCE_DIR) -type d -name "node_modules" -prune) - -$(WEBPACK_TAR): $(VENDOR_TAR) - # start with a clean state - rm -rf $(SOURCE_DIR) - tar xf $(SOURCE_TAR) - tar xf $(VENDOR_TAR) - - # Patches to apply before creating the webpack - for patch in $(PATCHES_PRE_WEBPACK); do echo applying $$patch ...; patch -d $(SOURCE_DIR) -p1 --fuzz=0 < $$patch; done - - cd $(SOURCE_DIR) && \ - ../build_frontend.sh - - tar cfz $@ $(SOURCE_DIR)/public/build $(SOURCE_DIR)/public/views $(SOURCE_DIR)/plugins-bundled - -clean: - rm -rf *.tar.gz *.tar.xz *.manifest *.rpm $(NAME)-*/ diff --git a/build_frontend.sh b/build_frontend.sh index fa0fb8e88d23203352a607f21e7f83531301ddc7..1117e800acb58d4923ab9cad0f37296100b674cd 100755 --- a/build_frontend.sh +++ b/build_frontend.sh @@ -1,5 +1,8 @@ #!/bin/bash -eu +# Webpack needs more than the default 4GB RAM +export NODE_OPTIONS="${NODE_OPTIONS:-} --max_old_space_size=6144" + # Build the frontend yarn run build diff --git a/create_bundles.sh b/create_bundles.sh new file mode 100755 index 0000000000000000000000000000000000000000..647ad5c8c5b5e733b234b5ce4ce37096f5a70c9c --- /dev/null +++ b/create_bundles.sh @@ -0,0 +1,85 @@ +#!/bin/bash -eux +VERSION=$(rpm --specfile ./*.spec --qf '%{VERSION}\n' | head -1) +RELEASE=$(rpm --specfile ./*.spec --qf '%{RELEASE}\n' | head -1 | cut -d. -f1) +CHANGELOGTIME=$(rpm --specfile ./*.spec --qf '%{CHANGELOGTIME}\n' | head -1) +SOURCE_DATE_EPOCH=$((CHANGELOGTIME - CHANGELOGTIME % 86400)) + +SOURCE_DIR=grafana-$VERSION +SOURCE_TAR=grafana-$VERSION.tar.gz +VENDOR_TAR=grafana-vendor-$VERSION-$RELEASE.tar.xz +WEBPACK_TAR=grafana-webpack-$VERSION-$RELEASE.tar.gz + + +## Download and extract source tarball +spectool -g grafana.spec +rm -rf "${SOURCE_DIR}" +tar xf "${SOURCE_TAR}" + + +## Create vendor bundle +pushd "${SOURCE_DIR}" + +# Vendor Go dependencies +patch -p1 --fuzz=0 < ../0004-remove-unused-backend-dependencies.patch +go mod vendor + +# Generate Go files +make gen-go + +# Remove unused crypto +rm -r vendor/golang.org/x/crypto/bcrypt +rm -r vendor/golang.org/x/crypto/blowfish +rm -r vendor/golang.org/x/crypto/cast5 +rm -r vendor/golang.org/x/crypto/openpgp/elgamal +rm vendor/golang.org/x/crypto/openpgp/packet/ocfb.go +rm -r vendor/golang.org/x/crypto/pkcs12/internal/rc2 + +# List bundled dependencies +awk '$2 ~ /^v/ && $4 != "indirect" {print "Provides: bundled(golang(" $1 ")) = " substr($2, 2)}' go.mod | \ + sed -E 's/=(.*)-(.*)-(.*)/=\1-\2.\3/g' > "../${VENDOR_TAR}.manifest" + +# Vendor Node.js dependencies +patch -p1 --fuzz=0 < ../0005-remove-unused-frontend-crypto.patch +export HUSKY=0 +yarn install --frozen-lockfile + +# Remove files with licensing issues +find .yarn -name 'node-notifier' -prune -exec rm -r {} \; +find .yarn -name 'nodemon' -prune -exec rm -r {} \; + +# List bundled dependencies +../list_bundled_nodejs_packages.py . >> "../${VENDOR_TAR}.manifest" + +popd + +# Create tarball +# shellcheck disable=SC2046 +XZ_OPT=-9 tar \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ + --owner=0 --group=0 --numeric-owner \ + -cJf "${VENDOR_TAR}" \ + "${SOURCE_DIR}/vendor" \ + $(find "${SOURCE_DIR}" -type f -name wire_gen.go | LC_ALL=C sort) \ + "${SOURCE_DIR}/.pnp.cjs" \ + "${SOURCE_DIR}/.yarn/cache" \ + "${SOURCE_DIR}/.yarn/unplugged" + + +## Create webpack +pushd "${SOURCE_DIR}" +../build_frontend.sh +popd + +# Create tarball +tar \ + --sort=name \ + --mtime="@${SOURCE_DATE_EPOCH}" --clamp-mtime \ + --owner=0 --group=0 --numeric-owner \ + -czf "${WEBPACK_TAR}" \ + "${SOURCE_DIR}/plugins-bundled" \ + "${SOURCE_DIR}/public/build" \ + "${SOURCE_DIR}/public/img" \ + "${SOURCE_DIR}/public/lib" \ + "${SOURCE_DIR}/public/locales" \ + "${SOURCE_DIR}/public/views" diff --git a/create_bundles_in_container.sh b/create_bundles_in_container.sh new file mode 100755 index 0000000000000000000000000000000000000000..bbed4ca20d7d0dac4f3eff3c37b6cbdb8fc75d2e --- /dev/null +++ b/create_bundles_in_container.sh @@ -0,0 +1,24 @@ +#!/bin/bash -eu +# +# create vendor and webpack bundles inside a container (for reproducibility) +# using a Go cache: +# ./create_bundles_in_container.sh --security-opt label=disable -v $(pwd)/.gocache:/root/go +# + +cat <,