From 0254ae4e80f9bf659430d2ec3e452ccb049ce2fb Mon Sep 17 00:00:00 2001 From: Jesper Date: Sun, 5 Aug 2018 00:05:48 +0200 Subject: [PATCH] netdata: 1.9.0 -> 1.10.0 (#44472) The web_access.patch would no longer apply. It disabled a check that required the static files for the web UI to be owned by the user the daemon runs as (not root, so it doesn't work well with nix). Besides updating netdata, this commit removes that patch, changes the netdata service config to set the "web files owner/group" option to "root" and adds a test that checks that the web UI is being served. This allows the web files to be owned by root without patching. --- nixos/modules/services/monitoring/netdata.nix | 4 ++++ nixos/tests/netdata.nix | 8 ++++++-- pkgs/tools/system/netdata/default.nix | 7 ++----- pkgs/tools/system/netdata/web_access.patch | 20 ------------------- 4 files changed, 12 insertions(+), 27 deletions(-) delete mode 100644 pkgs/tools/system/netdata/web_access.patch diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix index eefddf5a206..edcaa10d969 100644 --- a/nixos/modules/services/monitoring/netdata.nix +++ b/nixos/modules/services/monitoring/netdata.nix @@ -14,6 +14,10 @@ let global = { "plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d"; }; + web = { + "web files owner" = "root"; + "web files group" = "root"; + }; }; mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config); configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig); diff --git a/nixos/tests/netdata.nix b/nixos/tests/netdata.nix index c56506ba287..eb45db6f04c 100644 --- a/nixos/tests/netdata.nix +++ b/nixos/tests/netdata.nix @@ -19,8 +19,12 @@ import ./make-test.nix ({ pkgs, ...} : { startAll; $netdata->waitForUnit("netdata.service"); - # check if netdata can read disk ops for root owned processes. - # if > 0, successful. verifies both netdata working and + + # check if the netdata main page loads. + $netdata->succeed("curl --fail http://localhost:19999/"); + + # check if netdata can read disk ops for root owned processes. + # if > 0, successful. verifies both netdata working and # apps.plugin has elevated capabilities. my $cmd = <<'CMD'; curl -s http://localhost:19999/api/v1/data\?chart=users.pwrites | \ diff --git a/pkgs/tools/system/netdata/default.nix b/pkgs/tools/system/netdata/default.nix index 7bb98e8e80c..6f86647f4c7 100644 --- a/pkgs/tools/system/netdata/default.nix +++ b/pkgs/tools/system/netdata/default.nix @@ -1,22 +1,19 @@ { stdenv, fetchFromGitHub, autoreconfHook, zlib, pkgconfig, libuuid }: stdenv.mkDerivation rec{ - version = "1.9.0"; + version = "1.10.0"; name = "netdata-${version}"; src = fetchFromGitHub { rev = "v${version}"; owner = "firehol"; repo = "netdata"; - sha256 = "1vy0jz5lxw63b830l9jgf1qqhp41gzapyhdr5k1gwg3zghvlg10w"; + sha256 = "02spfisabjkkgd9fairldlf84n83vbv2xafg0g5jrpfa972pjl9r"; }; nativeBuildInputs = [ autoreconfHook pkgconfig ]; buildInputs = [ zlib libuuid ]; - # Allow UI to load when running as non-root - patches = [ ./web_access.patch ]; - # Build will fail trying to create /var/{cache,lib,log}/netdata without this postPatch = '' sed -i '/dist_.*_DATA = \.keep/d' src/Makefile.am diff --git a/pkgs/tools/system/netdata/web_access.patch b/pkgs/tools/system/netdata/web_access.patch deleted file mode 100644 index ae4d29185de..00000000000 --- a/pkgs/tools/system/netdata/web_access.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- a/src/web_client.c.orig -+++ b/src/web_client.c -@@ -302,7 +302,7 @@ - buffer_strcat_htmlescape(w->response.data, webfilename); - return 404; - } -- -+#if 0 - // check if the file is owned by expected user - if(stat.st_uid != web_files_uid()) { - error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); -@@ -320,7 +320,7 @@ - buffer_strcat_htmlescape(w->response.data, webfilename); - return 403; - } -- -+#endif - if((stat.st_mode & S_IFMT) == S_IFDIR) { - snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename); - return mysendfile(w, webfilename);