netdata: 1.9.0 -> 1.10.0 (#44472)

The web_access.patch would no longer apply. It disabled a check that required the static files for the web UI to be owned by the user the daemon runs as (not root, so it doesn't work well with nix). Besides updating netdata, this commit removes that patch, changes the netdata service config to set the "web files owner/group" option to "root" and adds a test that checks that the web UI is being served. This allows the web files to be owned by root without patching.
2018-08-05 00:05:48 +02:00 · 2018-08-05 00:05:48 +02:00 · 0254ae4e80
commit 0254ae4e80
parent 606a260f3b
4 changed files with 12 additions and 27 deletions
--- a/nixos/modules/services/monitoring/netdata.nix
+++ b/nixos/modules/services/monitoring/netdata.nix
@ -14,6 +14,10 @@ let
    global = {
      "plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d";
    };
+    web = {
+      "web files owner" = "root";
+      "web files group" = "root";
+    };
  };
  mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
  configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);
--- a/nixos/tests/netdata.nix
+++ b/nixos/tests/netdata.nix
@ -19,8 +19,12 @@ import ./make-test.nix ({ pkgs, ...} : {
    startAll;

    $netdata->waitForUnit("netdata.service");
-    # check if netdata can read disk ops for root owned processes. 
-    # if > 0, successful. verifies both netdata working and 
+
+    # check if the netdata main page loads.
+    $netdata->succeed("curl --fail http://localhost:19999/");
+
+    # check if netdata can read disk ops for root owned processes.
+    # if > 0, successful. verifies both netdata working and
    # apps.plugin has elevated capabilities.
    my $cmd = <<'CMD';
    curl -s http://localhost:19999/api/v1/data\?chart=users.pwrites | \
--- a/pkgs/tools/system/netdata/default.nix
+++ b/pkgs/tools/system/netdata/default.nix
@ -1,22 +1,19 @@
 { stdenv, fetchFromGitHub, autoreconfHook, zlib, pkgconfig, libuuid }:

 stdenv.mkDerivation rec{
-  version = "1.9.0";
+  version = "1.10.0";
  name = "netdata-${version}";

  src = fetchFromGitHub {
    rev = "v${version}";
    owner = "firehol";
    repo = "netdata";
-    sha256 = "1vy0jz5lxw63b830l9jgf1qqhp41gzapyhdr5k1gwg3zghvlg10w";
+    sha256 = "02spfisabjkkgd9fairldlf84n83vbv2xafg0g5jrpfa972pjl9r";
  };

  nativeBuildInputs = [ autoreconfHook pkgconfig ];
  buildInputs = [ zlib libuuid ];

-  # Allow UI to load when running as non-root
-  patches = [ ./web_access.patch ];
-
  # Build will fail trying to create /var/{cache,lib,log}/netdata without this
  postPatch = ''
   sed -i '/dist_.*_DATA = \.keep/d' src/Makefile.am
--- a/pkgs/tools/system/netdata/web_access.patch
+++ b/pkgs/tools/system/netdata/web_access.patch
@ -1,20 +0,0 @@
--- a/src/web_client.c.orig
-+++ b/src/web_client.c
-@@ -302,7 +302,7 @@
-         buffer_strcat_htmlescape(w->response.data, webfilename);
-         return 404;
-     }
-
-+#if 0
-     // check if the file is owned by expected user
-     if(stat.st_uid != web_files_uid()) {
-         error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
-@@ -320,7 +320,7 @@
-         buffer_strcat_htmlescape(w->response.data, webfilename);
-         return 403;
-     }
-
-+#endif
-     if((stat.st_mode & S_IFMT) == S_IFDIR) {
-         snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename);
-         return mysendfile(w, webfilename);