From f07e57efe6b5fa231d872328cf0b6ba43c006a5f Mon Sep 17 00:00:00 2001
From: Ryan Horiguchi <ryan.horiguchi@gmail.com>
Date: Thu, 22 Aug 2024 00:34:48 +0200
Subject: [PATCH] netdata: 1.46.1 -> 1.46.3

---
 nixos/modules/services/monitoring/netdata.nix   | 16 ++++++++--------
 pkgs/tools/system/netdata/default.nix           | 16 ++++++++++------
 pkgs/tools/system/netdata/ndsudo-fix-path.patch |  7 ++++---
 3 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/nixos/modules/services/monitoring/netdata.nix b/nixos/modules/services/monitoring/netdata.nix
index c47da2cc075de..8ea9d7e669bc6 100644
--- a/nixos/modules/services/monitoring/netdata.nix
+++ b/nixos/modules/services/monitoring/netdata.nix
@@ -374,14 +374,6 @@ in {
         permissions = "u+rx,g+x,o-rwx";
       };
 
-      "logs-management.plugin" = {
-        source = "${cfg.package}/libexec/netdata/plugins.d/logs-management.plugin.org";
-        capabilities = "cap_dac_read_search,cap_syslog+ep";
-        owner = cfg.user;
-        group = cfg.group;
-        permissions = "u+rx,g+x,o-rwx";
-      };
-
       "slabinfo.plugin" = {
         source = "${cfg.package}/libexec/netdata/plugins.d/slabinfo.plugin.org";
         capabilities = "cap_dac_override+ep";
@@ -406,6 +398,14 @@ in {
         group = cfg.group;
         permissions = "u+rx,g+x,o-rwx";
       };
+    } // optionalAttrs (cfg.package.withLogsManagement) {
+      "logs-management.plugin" = {
+        source = "${cfg.package}/libexec/netdata/plugins.d/logs-management.plugin.org";
+        capabilities = "cap_dac_read_search,cap_syslog+ep";
+        owner = cfg.user;
+        group = cfg.group;
+        permissions = "u+rx,g+x,o-rwx";
+      };
     };
 
     security.pam.loginLimits = [
diff --git a/pkgs/tools/system/netdata/default.nix b/pkgs/tools/system/netdata/default.nix
index 214fed86329fc..b83fbefc6bfb0 100644
--- a/pkgs/tools/system/netdata/default.nix
+++ b/pkgs/tools/system/netdata/default.nix
@@ -17,10 +17,11 @@
 , withDebug ? false
 , withEbpf ? false
 , withNetworkViewer ? (!stdenv.isDarwin)
+, withLogsManagement ? false
 }:
 
 stdenv.mkDerivation rec {
-  version = "1.46.1";
+  version = "1.46.3";
   pname = "netdata";
 
   src = fetchFromGitHub {
@@ -28,9 +29,9 @@ stdenv.mkDerivation rec {
     repo = "netdata";
     rev = "v${version}";
     hash = if withCloudUi
-      then "sha256-tFjczhJ7bIEUDZx3MxYBu4tGkJhoQn5V79D4sLV2o8U="
+      then "sha256-VyFqwkB9/cLxuXkxS5fSP48fjSWofuqemJIiZDDsdMU="
       # we delete the v2 GUI after fetching
-      else "sha256-uW3jRiJjFIFSfmmavM3KVF985F8nMKa+lQAgNBZvKyE=";
+      else "sha256-/Sqdi/u2IgNP55RZ6KjbkcHwq2903ZuSOvC8w+8+zvE=";
     fetchSubmodules = true;
 
     # Remove v2 dashboard distributed under NCUL1. Make sure an empty
@@ -94,8 +95,6 @@ stdenv.mkDerivation rec {
        $out/libexec/netdata/plugins.d/slabinfo.plugin.org
     mv $out/libexec/netdata/plugins.d/debugfs.plugin \
        $out/libexec/netdata/plugins.d/debugfs.plugin.org
-    mv $out/libexec/netdata/plugins.d/logs-management.plugin \
-       $out/libexec/netdata/plugins.d/logs-management.plugin.org
     ${lib.optionalString withSystemdJournal ''
       mv $out/libexec/netdata/plugins.d/systemd-journal.plugin \
          $out/libexec/netdata/plugins.d/systemd-journal.plugin.org
@@ -108,6 +107,10 @@ stdenv.mkDerivation rec {
       mv $out/libexec/netdata/plugins.d/network-viewer.plugin \
          $out/libexec/netdata/plugins.d/network-viewer.plugin.org
     ''}
+    ${lib.optionalString withLogsManagement ''
+      mv $out/libexec/netdata/plugins.d/logs-management.plugin \
+         $out/libexec/netdata/plugins.d/logs-management.plugin.org
+    ''}
     ${lib.optionalString (!withCloudUi) ''
       rm -rf $out/share/netdata/web/index.html
       cp $out/share/netdata/web/v1/index.html $out/share/netdata/web/index.html
@@ -156,6 +159,7 @@ stdenv.mkDerivation rec {
     (lib.cmakeBool "ENABLE_PLUGIN_CUPS" withCups)
     (lib.cmakeBool "ENABLE_EXPORTER_PROMETHEUS_REMOTE_WRITE" withConnPrometheus)
     (lib.cmakeBool "ENABLE_JEMALLOC" true)
+    (lib.cmakeBool "ENABLE_PLUGIN_LOGS_MANAGEMENT" withLogsManagement)
     # Suggested by upstream.
     "-G Ninja"
   ];
@@ -194,7 +198,7 @@ stdenv.mkDerivation rec {
         license = lib.licenses.gpl3Only;
       };
     }).goModules;
-    inherit withIpmi withNetworkViewer;
+    inherit withIpmi withNetworkViewer withLogsManagement;
     tests.netdata = nixosTests.netdata;
   };
 
diff --git a/pkgs/tools/system/netdata/ndsudo-fix-path.patch b/pkgs/tools/system/netdata/ndsudo-fix-path.patch
index 04087e54a00ab..0ec9a63231f0c 100644
--- a/pkgs/tools/system/netdata/ndsudo-fix-path.patch
+++ b/pkgs/tools/system/netdata/ndsudo-fix-path.patch
@@ -2,7 +2,7 @@
 #     https://github.com/netdata/netdata/security/advisories/GHSA-pmhq-4cxq-wj93
 
 diff --git a/src/collectors/plugins.d/ndsudo.c b/src/collectors/plugins.d/ndsudo.c
-index 8b4d76f46..68fa52d38 100644
+index d53ca9f28..b42a121bf 100644
 --- a/src/collectors/plugins.d/ndsudo.c
 +++ b/src/collectors/plugins.d/ndsudo.c
 @@ -357,9 +357,6 @@ int main(int argc, char *argv[]) {
@@ -12,5 +12,6 @@ index 8b4d76f46..68fa52d38 100644
 -    char new_path[] = "PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin";
 -    putenv(new_path);
 -
-     bool found = false;
-     char filename[FILENAME_MAX];
\ No newline at end of file
+     setuid(0);
+     setgid(0);
+     setegid(0);