netdata: 1.9.0 -> 1.10.0 (#44472)

The web_access.patch would no longer apply.
It disabled a check that required the static files
for the web UI to be owned by the user the daemon runs as
(not root, so it doesn't work well with nix).

Besides updating netdata, this commit removes that patch,
changes the netdata service config to set the "web files owner/group"
option to "root" and adds a test that checks that the web UI is being served.

This allows the web files to be owned by root without patching.
This commit is contained in:
Jesper 2018-08-05 00:05:48 +02:00 committed by xeji
parent 606a260f3b
commit 0254ae4e80
4 changed files with 12 additions and 27 deletions

View File

@ -14,6 +14,10 @@ let
global = {
"plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d";
};
web = {
"web files owner" = "root";
"web files group" = "root";
};
};
mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config);
configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);

View File

@ -19,8 +19,12 @@ import ./make-test.nix ({ pkgs, ...} : {
startAll;
$netdata->waitForUnit("netdata.service");
# check if netdata can read disk ops for root owned processes.
# if > 0, successful. verifies both netdata working and
# check if the netdata main page loads.
$netdata->succeed("curl --fail http://localhost:19999/");
# check if netdata can read disk ops for root owned processes.
# if > 0, successful. verifies both netdata working and
# apps.plugin has elevated capabilities.
my $cmd = <<'CMD';
curl -s http://localhost:19999/api/v1/data\?chart=users.pwrites | \

View File

@ -1,22 +1,19 @@
{ stdenv, fetchFromGitHub, autoreconfHook, zlib, pkgconfig, libuuid }:
stdenv.mkDerivation rec{
version = "1.9.0";
version = "1.10.0";
name = "netdata-${version}";
src = fetchFromGitHub {
rev = "v${version}";
owner = "firehol";
repo = "netdata";
sha256 = "1vy0jz5lxw63b830l9jgf1qqhp41gzapyhdr5k1gwg3zghvlg10w";
sha256 = "02spfisabjkkgd9fairldlf84n83vbv2xafg0g5jrpfa972pjl9r";
};
nativeBuildInputs = [ autoreconfHook pkgconfig ];
buildInputs = [ zlib libuuid ];
# Allow UI to load when running as non-root
patches = [ ./web_access.patch ];
# Build will fail trying to create /var/{cache,lib,log}/netdata without this
postPatch = ''
sed -i '/dist_.*_DATA = \.keep/d' src/Makefile.am

View File

@ -1,20 +0,0 @@
--- a/src/web_client.c.orig
+++ b/src/web_client.c
@@ -302,7 +302,7 @@
buffer_strcat_htmlescape(w->response.data, webfilename);
return 404;
}
-
+#if 0
// check if the file is owned by expected user
if(stat.st_uid != web_files_uid()) {
error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid());
@@ -320,7 +320,7 @@
buffer_strcat_htmlescape(w->response.data, webfilename);
return 403;
}
-
+#endif
if((stat.st_mode & S_IFMT) == S_IFDIR) {
snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename);
return mysendfile(w, webfilename);