Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

prometheus-snmp-exporter: 0.22.0 -> 0.25.0 #251882

Merged
merged 4 commits into from
Jan 18, 2024
Merged

prometheus-snmp-exporter: 0.22.0 -> 0.25.0 #251882

merged 4 commits into from
Jan 18, 2024

Conversation

r-ryantm
Copy link
Contributor

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/prometheus/snmp_exporter/releases.

meta.description for prometheus-snmp-exporter is: SNMP Exporter for Prometheus

meta.homepage for prometheus-snmp-exporter is: https://github.com/prometheus/snmp_exporter

Updates performed
  • Golang update
To inspect upstream changes
Impact
Checks done (click to expand)
  • built on NixOS
  • Warning: a test defined in passthru.tests did not pass
  • found 0.23.0 in filename of file in /nix/store/fgvyqb6w1v3hpxdjmlgrlbgp1455bnrw-snmp_exporter-0.23.0
Rebuild report (if merged into master) (click to expand) 
1 total rebuild path(s)

1 package rebuild(s)

First fifty rebuilds by attrpath
prometheus-snmp-exporter
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/fgvyqb6w1v3hpxdjmlgrlbgp1455bnrw-snmp_exporter-0.23.0 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A prometheus-snmp-exporter https://github.com/r-ryantm/nixpkgs/archive/e3fe7d2b14b3496253ff476cc9e42132dfbf0845.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/fgvyqb6w1v3hpxdjmlgrlbgp1455bnrw-snmp_exporter-0.23.0
ls -la /nix/store/fgvyqb6w1v3hpxdjmlgrlbgp1455bnrw-snmp_exporter-0.23.0/bin

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review run on x86_64-linux 1

1 package built:
  • prometheus-snmp-exporter
Maintainer pings

cc @oida @WilliButz @Frostman for testing.

@ofborg ofborg bot requested review from WilliButz and Frostman August 28, 2023 02:58
@wegank wegank marked this pull request as draft August 30, 2023 18:15
@r-ryantm r-ryantm force-pushed the auto-update/prometheus-snmp-exporter branch from e3fe7d2 to 99d56bc Compare September 5, 2023 09:58
@r-ryantm r-ryantm changed the title prometheus-snmp-exporter: 0.22.0 -> 0.23.0 prometheus-snmp-exporter: 0.22.0 -> 0.24.1 Sep 5, 2023
@r-ryantm
Copy link
Contributor Author

r-ryantm commented Sep 5, 2023

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://github.com/prometheus/snmp_exporter/releases.

meta.description for prometheus-snmp-exporter is: SNMP Exporter for Prometheus

meta.homepage for prometheus-snmp-exporter is: https://github.com/prometheus/snmp_exporter

Updates performed
  • Golang update
To inspect upstream changes
Impact
Checks done (click to expand)
  • built on NixOS
  • Warning: a test defined in passthru.tests did not pass
  • found 0.24.1 in filename of file in /nix/store/d4ms647q7ch9ach5dv98l7a4drqc0ff5-snmp_exporter-0.24.1
Rebuild report (if merged into master) (click to expand) 
1 total rebuild path(s)

1 package rebuild(s)

First fifty rebuilds by attrpath
prometheus-snmp-exporter
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/d4ms647q7ch9ach5dv98l7a4drqc0ff5-snmp_exporter-0.24.1 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A prometheus-snmp-exporter https://github.com/r-ryantm/nixpkgs/archive/99d56bc8e2d4055e32592efd5ca701cacdf8f28b.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/d4ms647q7ch9ach5dv98l7a4drqc0ff5-snmp_exporter-0.24.1
ls -la /nix/store/d4ms647q7ch9ach5dv98l7a4drqc0ff5-snmp_exporter-0.24.1/bin

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review run on x86_64-linux 1

1 package built:
  • prometheus-snmp-exporter
Maintainer pings

cc @oida @WilliButz @Frostman for testing.

@r-ryantm r-ryantm changed the title prometheus-snmp-exporter: 0.22.0 -> 0.24.1 prometheus-snmp-exporter: 0.22.0 -> 0.25.0 Dec 18, 2023
@r-ryantm r-ryantm force-pushed the auto-update/prometheus-snmp-exporter branch from 99d56bc to 7aa6a0e Compare December 18, 2023 03:06
@r-ryantm
Copy link
Contributor Author

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://repology.org/project/snmp-exporter/versions.

meta.description for prometheus-snmp-exporter is: SNMP Exporter for Prometheus

meta.homepage for prometheus-snmp-exporter is: https://github.com/prometheus/snmp_exporter

Updates performed
  • Golang update
To inspect upstream changes
Impact
Checks done (click to expand)
  • built on NixOS
  • Warning: a test defined in passthru.tests did not pass
  • found 0.25.0 in filename of file in /nix/store/l3v1xy4cl6vliapfxr8lbjk2wbai55j0-snmp_exporter-0.25.0
Rebuild report (if merged into master) (click to expand) 
1 total rebuild path(s)

1 package rebuild(s)

First fifty rebuilds by attrpath
prometheus-snmp-exporter
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/l3v1xy4cl6vliapfxr8lbjk2wbai55j0-snmp_exporter-0.25.0 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A prometheus-snmp-exporter https://github.com/r-ryantm/nixpkgs/archive/7aa6a0efdd937a85ddeda25e80c0001421ebb3ef.tar.gz

Or:

nix build github:r-ryantm/nixpkgs/7aa6a0efdd937a85ddeda25e80c0001421ebb3ef#prometheus-snmp-exporter

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/l3v1xy4cl6vliapfxr8lbjk2wbai55j0-snmp_exporter-0.25.0
ls -la /nix/store/l3v1xy4cl6vliapfxr8lbjk2wbai55j0-snmp_exporter-0.25.0/bin

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review run on x86_64-linux 1

1 package built:
  • prometheus-snmp-exporter
Maintainer pings

cc @oida @WilliButz @Frostman for testing.

@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jan 12, 2024
@WilliButz
Copy link
Member

@ofborg test prometheus-exporters.snmp

@WilliButz WilliButz marked this pull request as ready for review January 12, 2024 17:51
@WilliButz WilliButz added 1.severity: security Issues which raise a security issue, or PRs that fix one backport release-23.11 labels Jan 12, 2024
@LeSuisse
Copy link
Contributor

@WilliButz Looking at the changelogs I'm not sure to see the security issue. Is this for this prometheus/snmp_exporter#968 ?

There are breaking changes in the 0.23.0 version, we will not be able to backport it to 23.11.

@WilliButz
Copy link
Member

Now I'm a bit confused here as well, thank you for asking @LeSuisse.

Looking at the dependencies of the exporter version currently in nixpkgs I see exporter-toolkit at version 0.10.0 and I don't quite follow how it's supposed to be affected by https://nvd.nist.gov/vuln/detail/CVE-2022-46146.
According to upstream, the issue is supposed to be fixed with version 0.8.2 of the toolkit, and that was pulled in here prometheus/snmp_exporter@7dea13b.

Although https://security.gentoo.org/glsa/202401-15 shows that versions <0.24.1 are vulnerable, which I guess is based on this comment: https://bugs.gentoo.org/883649#c1

@mweinelt do you have some additional insights?

@mweinelt
Copy link
Member

My bad, my info did indeed come from the Gentoo advisory and I did not check it further.

@WilliButz
Copy link
Member

@mweinelt ah thank you for resolving the confusion, I also didn't check if it was indeed affected. I only checked that the dependency for 0.25.0 isn't and repurposed this PR.

In this case I'd just make this a regular update, drop the security label and add a small note to the 24.05 release notes about the breaking change. Also, I'll remove myself as maintainer here, as I'm not currently actively using the exporter.

@WilliButz WilliButz removed the 1.severity: security Issues which raise a security issue, or PRs that fix one label Jan 14, 2024
@WilliButz WilliButz force-pushed the auto-update/prometheus-snmp-exporter branch from 65e72b0 to 9128a88 Compare January 14, 2024 19:03
@github-actions github-actions bot added 8.has: documentation This PR adds or changes documentation 8.has: changelog labels Jan 14, 2024
@LeSuisse
Copy link
Contributor

The Gentoo advisory seems to be incomplete, I think it refers to the commit you linked but it is available since 0.23.0 in this exporter 😅 .

For 23.11 we can probably backport only the lib update.

@ofborg ofborg bot added the 2.status: merge conflict This PR has merge conflicts with the target branch label Jan 14, 2024
r-ryantm and others added 4 commits January 17, 2024 20:32
@r-ryantm @WilliButz
prometheus-snmp-exporter: 0.22.0 -> 0.25.0
d4492ab
@WilliButz
nixos/prometheus-snmp-exporter: switch to new config syntax
a8ea9fe 
Introduced with version 0.23.0, see
https://github.com/prometheus/snmp_exporter/blob/b75fc6b839ee3f3ccbee68bee55f1ae99555084a/auth-split-migration.md
@WilliButz
nixos/prometheus-snmp-exporter: add config check
bb9c776 
This is introduced and enabled by default because the config syntax for
the exporter changed with release 0.23.0.

This should make the breaking config change obvious before services are
deployed with an incompatible old config.

The check is based on the check present in the blackbox-exporter module.
@WilliButz
prometheus-snmp-exporter: remove myself as maintainer
4bd2f9c
@WilliButz WilliButz force-pushed the auto-update/prometheus-snmp-exporter branch from 9128a88 to 4bd2f9c Compare January 17, 2024 19:36
@WilliButz
Copy link
Member

rebased on master to resolve the conflicting release notes.

For 23.11 we can probably backport only the lib update.

@LeSuisse I don't follow, which part would you want to backport?

@LeSuisse
Copy link
Contributor

I was thinking of backporting prometheus/snmp_exporter@7dea13b

@WilliButz
Copy link
Member

Oh, I think that is part of the misunderstanding. Version 0.22.0 is currently on stable, that already depends on a more recent version than the one referenced in that commit.

See https://github.com/prometheus/snmp_exporter/blob/v0.22.0/go.sum#L45-L46

@fpletz fpletz removed the 2.status: merge conflict This PR has merge conflicts with the target branch label Jan 17, 2024
@fpletz fpletz merged commit c00a2d0 into NixOS:master Jan 18, 2024
24 checks passed
@r-ryantm r-ryantm deleted the auto-update/prometheus-snmp-exporter branch January 18, 2024 08:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fpletz fpletz fpletz approved these changes

@WilliButz WilliButz Awaiting requested review from WilliButz

@Frostman Frostman Awaiting requested review from Frostman

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: changelog 8.has: documentation This PR adds or changes documentation 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 1-10 10.rebuild-darwin: 1 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@r-ryantm @WilliButz @LeSuisse @mweinelt @zopieux @fpletz