Accepting request 1101006 from home:witekbedyk:branches:server:monitoring

- Upgrade to version 1.0.0 (jsc#PED-5405)
  * Improved flag parsing
  * Added support for custom headers
- Build with Go 1.19
- Build using promu
- Add _service file
- Fix sandboxing options
- Upgrade to version 0.13.4
  * Fix denial of service vulnerability
    (CVE-2022-32149, bsc#1204501)
- Upgrade to version 0.13.3
  * Fix uncontrolled resource consumption
    (CVE-2022-41723, bsc#1208270)
- Upgrade to version 0.13.1
  * Fix panic caused by missing flagConfig options
  
- Upgrade to version 0.13.0
  * Fix authentication bypass vulnarability
    (CVE-2022-46146, bsc#1208046)

OBS-URL: https://build.opensuse.org/request/show/1101006
OBS-URL: https://build.opensuse.org/package/show/server:monitoring/golang-github-lusitaniae-apache_exporter?expand=0&rev=21
This commit is contained in:
Witek Bedyk 2023-08-01 15:58:51 +00:00 committed by Git OBS Bridge
parent 2c2f6f0bac
commit c9c434ba3c
8 changed files with 86 additions and 51 deletions

21
_service Normal file
View File

@ -0,0 +1,21 @@
<services>
<service name="obs_scm" mode="disabled">
<param name="url">https://github.com/Lusitaniae/apache_exporter</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="revision">v1.0.0</param>
<param name="versionrewrite-pattern">v(.*)</param>
</service>
<service name="tar" mode="buildtime"/>
<service name="recompress" mode="buildtime">
<param name="file">*.tar</param>
<param name="compression">gz</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">apache_exporter</param>
</service>
<service name="go_modules" mode="disabled">
<param name="archive">apache_exporter-1.0.0.obscpio</param>
</service>
</services>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f690a9ef9451922dc0b0de0870429b9d0a4f92082a76d51e913926b36955755f
size 41172

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9e418791f2b1e01a074873954e7b71251c0dae722402db76122cb15d781f78d4
size 73739

4
apache_exporter.obsinfo Normal file
View File

@ -0,0 +1,4 @@
name: apache_exporter
version: 1.0.0
mtime: 1687770304
commit: 1e6c01ae15e65e7fc3114311098e9ce724629dce

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Tue Jul 11 11:18:57 UTC 2023 - Witek Bedyk <witold.bedyk@suse.com>
- Upgrade to version 1.0.0 (jsc#PED-5405)
* Improved flag parsing
* Added support for custom headers
- Build with Go 1.19
- Build using promu
- Add _service file
- Fix sandboxing options
- Upgrade to version 0.13.4
* Fix denial of service vulnerability
(CVE-2022-32149, bsc#1204501)
- Upgrade to version 0.13.3
* Fix uncontrolled resource consumption
(CVE-2022-41723, bsc#1208270)
- Upgrade to version 0.13.1
* Fix panic caused by missing flagConfig options
- Upgrade to version 0.13.0
* Fix authentication bypass vulnarability
(CVE-2022-46146, bsc#1208046)
-------------------------------------------------------------------
Sun Sep 25 14:12:03 UTC 2022 - Michael Ströder <michael@stroeder.com>

View File

@ -1,7 +1,7 @@
#
# spec file for package golang-github-lusitaniae-apache_exporter
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2019 João Cavalheiro <jcavalheiro@suse.com>
#
# All modifications and additions to the file contributed by third parties
@ -18,7 +18,9 @@
%if 0%{?rhel}
%if 0%{?rhel} == 8
%global debug_package %{nil}
%endif
# Fix ERROR: No build ID note found in
%undefine _missing_build_ids_terminate_build
%endif
@ -32,34 +34,35 @@
%define serviceuser prometheus
Name: golang-github-lusitaniae-apache_exporter
Version: 0.11.0
Version: 1.0.0
Release: 0
Summary: Apache Exporter for Prometheus
License: MIT
Group: System/Management
URL: http://%{githubrepo}
Source: %{upstreamname}-%{version}.tar.gz
Source: https://%{githubrepo}/archive/refs/tags/v%{version}.tar.gz#/%{upstreamname}-%{version}.tar.gz
Source1: vendor.tar.gz
Source2: %{targetname}.service
%if 0%{?suse_version} && %{with apparmor}
Source3: apparmor-usr.bin.%{targetname}
%endif
BuildRequires: fdupes
BuildRequires: golang-github-prometheus-promu
BuildRequires: golang-packaging
BuildRequires: xz
%if 0%{?rhel}
BuildRequires: golang >= 1.15
BuildRequires: golang >= 1.18
Requires(pre): shadow-utils
%else
BuildRequires: golang(API) = 1.15
BuildRequires: golang(API) >= 1.19
Requires(pre): shadow
%endif
%if %{with apparmor}
BuildRequires: apparmor-abstractions
BuildRequires: apparmor-rpm-macros
Recommends: apparmor-abstractions
%endif
%endif
ExcludeArch: s390
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%{?systemd_requires}
%{?systemd_ordering}
%description
Exports apache mod_status statistics via HTTP for Prometheus consumption.
@ -69,15 +72,15 @@ Exports apache mod_status statistics via HTTP for Prometheus consumption.
%build
%goprep %{githubrepo}
%gobuild -mod=vendor "" ...
GOPATH=%{_builddir}/go promu build
%install
install -D -m0755 %{_builddir}/go/bin/%{upstreamname} %{buildroot}/%{_bindir}/%{targetname}
install -D -m0755 %{_builddir}/%{upstreamname}-%{version}/%{upstreamname}-%{version} %{buildroot}/%{_bindir}/%{targetname}
install -d -m 0755 %{buildroot}%{_unitdir}
install -m 0644 %{SOURCE2} %{buildroot}%{_unitdir}
install -d -m 0755 %{buildroot}%{_sbindir}
ln -s /usr/sbin/service %{buildroot}%{_sbindir}/rc%{targetname}
%if %{with apparmor}
%if 0%{?suse_version} && %{with apparmor}
# AppArmor profile
mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d
install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.%{targetname}
@ -101,10 +104,10 @@ getent passwd %{serviceuser} >/dev/null || %{_sbindir}/useradd -r -g %{serviceus
%systemd_post %{targetname}.service
%else
%service_add_post %{targetname}.service
%endif
%if %{with apparmor}
%apparmor_reload %{_sysconfdir}/apparmor.d/usr.bin.%{targetname}
%endif
%endif
%preun
%if 0%{?rhel}
@ -127,7 +130,7 @@ getent passwd %{serviceuser} >/dev/null || %{_sbindir}/useradd -r -g %{serviceus
%{_bindir}/%{targetname}
%{_unitdir}/%{targetname}.service
%{_sbindir}/rc%{targetname}
%if %{with apparmor}
%if 0%{?suse_version} && %{with apparmor}
%dir %{_sysconfdir}/apparmor.d
%config %{_sysconfdir}/apparmor.d/usr.bin.%{targetname}
%endif

View File

@ -11,38 +11,19 @@ ExecReload=/bin/kill -HUP $MAINPID
TimeoutStopSec=20s
SendSIGKILL=no
# various hardening options
CapabilityBoundingSet=
AmbientCapabilities=
StandardInput=null
UMask=0077
PrivateUsers=yes
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=strict
ProtectProc=invisible
ProtectHome=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
ProtectHostname=yes
ProtectClock=yes
NoNewPrivileges=yes
MountFlags=private
LockPersonality=yes
KeyringMode=private
RestrictRealtime=yes
RestrictNamespaces=yes
RestrictSUIDSGID=yes
DevicePolicy=closed
PrivateIPC=yes
RemoveIPC=yes
MemoryDenyWriteExecute=yes
ProcSubset=pid
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
SystemCallArchitectures=native
SystemCallFilter=~ @clock @cpu-emulation @debug @keyring @module @mount @raw-io @reboot @swap @obsolete splice @resources @chown @privileged @pkey @setuid @timer
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=true
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
[Install]
WantedBy=multi-user.target

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3e90388aa809f6a0cf2d144096b82c1090bdb2480838d87b1a04c3221628acae
size 2973559
oid sha256:e7ed6b557100f47e565aeb08a3f35e7ab7d8a1a51299fa35e2a1bca5d663017a
size 2882176