commit 0254ae4e80f9bf659430d2ec3e452ccb049ce2fb

pyrox.dev / nixpkgs

lol

netdata: 1.9.0 -> 1.10.0 (#44472)

The web_access.patch would no longer apply.
It disabled a check that required the static files
for the web UI to be owned by the user the daemon runs as
(not root, so it doesn't work well with nix).

Besides updating netdata, this commit removes that patch,
changes the netdata service config to set the "web files owner/group"
option to "root" and adds a test that checks that the web UI is being served.

This allows the web files to be owned by root without patching.

authored by

Jesper and committed by

xeji 7 years ago 0254ae4e 606a260f

+12 -27

4 changed files

expand all

unified split

nixos

modules

services

monitoring

netdata.nix

tests

netdata.nix

pkgs

tools

system

netdata

default.nix

web_access.patch

nixos/modules/services/monitoring/netdata.nix

··· 14 14 global = { 15 15 "plugins directory" = "${wrappedPlugins}/libexec/netdata/plugins.d ${pkgs.netdata}/libexec/netdata/plugins.d"; 16 16 }; 17 + web = { 18 + "web files owner" = "root"; 19 + "web files group" = "root"; 20 + }; 17 21 }; 18 22 mkConfig = generators.toINI {} (recursiveUpdate localConfig cfg.config); 19 23 configFile = pkgs.writeText "netdata.conf" (if cfg.configText != null then cfg.configText else mkConfig);

+6 -2

nixos/tests/netdata.nix

··· 19 19 startAll; 20 20 21 21 $netdata->waitForUnit("netdata.service"); 22 - # check if netdata can read disk ops for root owned processes. 23 - # if > 0, successful. verifies both netdata working and 22 + 23 + # check if the netdata main page loads. 24 + $netdata->succeed("curl --fail http://localhost:19999/"); 25 + 26 + # check if netdata can read disk ops for root owned processes. 27 + # if > 0, successful. verifies both netdata working and 24 28 # apps.plugin has elevated capabilities. 25 29 my $cmd = <<'CMD'; 26 30 curl -s http://localhost:19999/api/v1/data\?chart=users.pwrites | \

+2 -5

pkgs/tools/system/netdata/default.nix

··· 1 1 { stdenv, fetchFromGitHub, autoreconfHook, zlib, pkgconfig, libuuid }: 2 2 3 3 stdenv.mkDerivation rec{ 4 - version = "1.9.0"; 4 + version = "1.10.0"; 5 5 name = "netdata-${version}"; 6 6 7 7 src = fetchFromGitHub { 8 8 rev = "v${version}"; 9 9 owner = "firehol"; 10 10 repo = "netdata"; 11 - sha256 = "1vy0jz5lxw63b830l9jgf1qqhp41gzapyhdr5k1gwg3zghvlg10w"; 11 + sha256 = "02spfisabjkkgd9fairldlf84n83vbv2xafg0g5jrpfa972pjl9r"; 12 12 }; 13 13 14 14 nativeBuildInputs = [ autoreconfHook pkgconfig ]; 15 15 buildInputs = [ zlib libuuid ]; 16 - 17 - # Allow UI to load when running as non-root 18 - patches = [ ./web_access.patch ]; 19 16 20 17 # Build will fail trying to create /var/{cache,lib,log}/netdata without this 21 18 postPatch = ''

-20

pkgs/tools/system/netdata/web_access.patch

··· 1 - --- a/src/web_client.c.orig 2 - +++ b/src/web_client.c 3 - @@ -302,7 +302,7 @@ 4 - buffer_strcat_htmlescape(w->response.data, webfilename); 5 - return 404; 6 - } 7 - - 8 - +#if 0 9 - // check if the file is owned by expected user 10 - if(stat.st_uid != web_files_uid()) { 11 - error("%llu: File '%s' is owned by user %u (expected user %u). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); 12 - @@ -320,7 +320,7 @@ 13 - buffer_strcat_htmlescape(w->response.data, webfilename); 14 - return 403; 15 - } 16 - - 17 - +#endif 18 - if((stat.st_mode & S_IFMT) == S_IFDIR) { 19 - snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename); 20 - return mysendfile(w, webfilename);