2021-04-09 15:28:18 -04:00
/ *
* SPDX - License - Identifier: Apache - 2.0
*
* The OpenSearch Contributors require contributions made to
* this file be licensed under the Apache - 2.0 license or a
* compatible open source license .
*
* Modifications Copyright OpenSearch Contributors . See
* GitHub history for details .
* /
2018-02-14 01:49:53 -05:00
/ *
* Licensed to Elasticsearch under one or more contributor
* license agreements . See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership . Elasticsearch licenses this file to you under
* the Apache License , Version 2.0 ( the "License" ) ; you may
* not use this file except in compliance with the License .
* You may obtain a copy of the License at
*
* http: //www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing ,
* software distributed under the License is distributed on an
* "AS IS" BASIS , WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND , either express or implied . See the License for the
* /
2021-03-16 04:53:48 -04:00
import org.opensearch.gradle.LoggedExec
import org.opensearch.gradle.MavenFilteringHack
import org.opensearch.gradle.OS
import org.opensearch.gradle.info.BuildParams
2020-01-27 16:48:40 -05:00
import org.redline_rpm.header.Flags
2018-02-14 01:49:53 -05:00
2018-04-24 12:10:51 -04:00
import java.nio.file.Files
import java.nio.file.Path
import java.util.regex.Matcher
import java.util.regex.Pattern
2018-02-14 01:49:53 -05:00
/ * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* Deb and rpm configuration *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
*
2018-02-21 20:46:40 -05:00
* The general strategy here is to build a directory on disk that contains
* stuff that needs to be copied into the distributions . This is
2018-02-14 01:49:53 -05:00
* important for two reasons:
* 1 . ospackage wants to copy the directory permissions that it sees off of the
* filesystem . If you ask it to create a directory that doesn ' t already
* exist on disk it petulantly creates it with 0755 permissions , no matter
* how hard you try to convince it otherwise .
* 2 . Convincing ospackage to pick up an empty directory as part of a set of
* directories on disk is reasonably easy . Convincing it to just create an
* empty directory requires more wits than I have .
* 3 . ospackage really wants to suck up some of the debian control scripts
* directly from the filesystem . It doesn ' t want to process them through
* MavenFilteringHack or any other copy - style action .
*
* The following commands are useful when it comes to check the user / group
* and files permissions set within the RPM and DEB packages:
*
2021-03-16 04:53:48 -04:00
* rpm - qlp - - dump path /to/ opensearch . rpm
* dpkg - c path /to/ opensearch . deb
2018-02-14 01:49:53 -05:00
* /
2019-12-09 14:34:35 -05:00
plugins {
2020-05-06 17:52:45 -04:00
id "nebula.ospackage-base" version "8.3.0"
2018-02-14 01:49:53 -05:00
}
2021-02-22 18:08:15 -05:00
void addProcessFilesTask ( String type , boolean jdk ) {
2021-04-20 12:27:40 -04:00
String packagingFiles = "build/packaging/${jdk ? '' : 'no-jdk-'}${type}"
2018-02-21 20:46:40 -05:00
2021-04-20 12:27:40 -04:00
String taskName = "process'${jdk ? '' : 'NoJdk'}${type.capitalize()}Files"
2020-07-31 07:09:04 -04:00
tasks . register ( taskName , Copy ) {
2018-02-14 01:49:53 -05:00
into packagingFiles
2018-02-23 11:03:17 -05:00
with copySpec {
from 'src/common'
from "src/${type}"
2021-02-22 18:08:15 -05:00
MavenFilteringHack . filter ( it , expansionsForDistribution ( type , jdk ) )
2018-02-21 20:46:40 -05:00
}
2018-02-14 01:49:53 -05:00
2021-03-16 04:53:48 -04:00
into ( 'etc/opensearch' ) {
2021-02-22 18:08:15 -05:00
with configFiles ( type , jdk )
2018-02-23 11:03:17 -05:00
}
2021-02-22 18:08:15 -05:00
MavenFilteringHack . filter ( it , expansionsForDistribution ( type , jdk ) )
2018-02-14 01:49:53 -05:00
2018-02-21 20:46:40 -05:00
doLast {
// create empty dirs, we set the permissions when configuring the packages
2021-03-16 04:53:48 -04:00
mkdir "${packagingFiles}/var/log/opensearch"
mkdir "${packagingFiles}/var/lib/opensearch"
mkdir "${packagingFiles}/usr/share/opensearch/plugins"
2019-01-25 11:11:48 -05:00
2021-03-16 04:53:48 -04:00
// bare empty dir for /etc/opensearch and /etc/opensearch/jvm.options.d
mkdir "${packagingFiles}/opensearch"
mkdir "${packagingFiles}/opensearch/jvm.options.d"
2018-02-21 20:46:40 -05:00
}
2018-02-14 01:49:53 -05:00
}
2018-02-21 20:46:40 -05:00
}
2019-11-14 06:01:23 -05:00
2021-02-22 18:08:15 -05:00
addProcessFilesTask ( 'deb' , true )
addProcessFilesTask ( 'deb' , false )
addProcessFilesTask ( 'rpm' , true )
addProcessFilesTask ( 'rpm' , false )
2018-02-14 01:49:53 -05:00
2018-02-21 20:46:40 -05:00
// Common configuration that is package dependent. This can't go in ospackage
// since we have different templated files that need to be consumed, but the structure
// is the same
2021-02-22 18:08:15 -05:00
Closure commonPackageConfig ( String type , boolean jdk , String architecture ) {
2018-02-21 20:46:40 -05:00
return {
2019-10-21 10:09:12 -04:00
onlyIf {
OS . current ( ) . equals ( OS . WINDOWS ) = = false
}
2021-04-20 12:27:40 -04:00
dependsOn "process'${jdk ? '' : 'NoJdk'}${type.capitalize()}Files"
packageName "opensearch"
2020-04-07 06:03:32 -04:00
if ( type = = 'deb' ) {
if ( architecture = = 'x64' ) {
arch ( 'amd64' )
} else {
2021-04-26 12:40:09 -04:00
assert architecture = = 'arm64' : architecture
2020-04-07 06:03:32 -04:00
arch ( 'arm64' )
}
} else {
assert type = = 'rpm' : type
if ( architecture = = 'x64' ) {
2021-05-25 17:11:11 -04:00
arch ( 'x86_64' )
2020-04-07 06:03:32 -04:00
} else {
2021-04-26 12:40:09 -04:00
assert architecture = = 'arm64' : architecture
2020-04-07 06:03:32 -04:00
arch ( 'aarch64' )
}
}
2021-03-16 04:53:48 -04:00
// Follow opensearch's file naming convention
2021-04-21 14:45:53 -04:00
String jdkString = jdk ? "" : "-no-jdk"
2021-04-26 12:40:09 -04:00
String prefix = "${architecture == 'arm64' ? 'arm64-' : ''}${jdk ? '' : 'no-jdk-'}${type}"
2020-07-02 07:08:34 -04:00
destinationDirectory = file ( "${prefix}/build/distributions" )
2019-12-09 14:34:35 -05:00
// SystemPackagingTask overrides default archive task convention mappings, but doesn't provide a setter so we have to override the convention mapping itself
2021-05-13 18:14:02 -04:00
// Deb convention uses a '_' for final separator before architecture, rpm uses a '.'
2021-04-21 14:45:53 -04:00
if ( type = = 'deb' ) {
2021-05-13 18:14:02 -04:00
conventionMapping . archiveFile = { objects . fileProperty ( ) . fileValue ( file ( "${destinationDirectory.get()}/${packageName}_${project.version}${jdkString}_${archString}.${type}" ) ) }
2021-04-21 14:45:53 -04:00
} else {
conventionMapping . archiveFile = { objects . fileProperty ( ) . fileValue ( file ( "${destinationDirectory.get()}/${packageName}-${project.version}${jdkString}.${archString}.${type}" ) ) }
}
2019-12-09 14:34:35 -05:00
2021-04-20 12:27:40 -04:00
String packagingFiles = "build/packaging/${jdk ? '' : 'no-jdk-'}${type}"
2018-02-14 01:49:53 -05:00
String scripts = "${packagingFiles}/scripts"
preInstall file ( "${scripts}/preinst" )
postInstall file ( "${scripts}/postinst" )
preUninstall file ( "${scripts}/prerm" )
postUninstall file ( "${scripts}/postrm" )
2018-03-17 07:48:40 -04:00
if ( type = = 'rpm' ) {
postTrans file ( "${scripts}/posttrans" )
}
2018-02-14 01:49:53 -05:00
2018-02-21 20:46:40 -05:00
// top level "into" directive is not inherited from ospackage for some reason, so we must
// specify it again explicitly for copying common files
2021-03-16 04:53:48 -04:00
into ( '/usr/share/opensearch' ) {
2018-02-21 20:46:40 -05:00
into ( 'bin' ) {
2021-02-22 18:08:15 -05:00
with binFiles ( type , jdk )
2018-02-21 20:46:40 -05:00
}
2018-04-10 16:58:49 -04:00
from ( rootProject . projectDir ) {
2021-04-14 10:02:25 -04:00
include 'README.md'
2018-05-23 23:15:19 -04:00
fileMode 0644
2018-04-10 16:58:49 -04:00
}
2018-05-25 07:56:35 -04:00
into ( 'lib' ) {
2021-02-22 18:08:15 -05:00
with libFiles ( )
2018-05-25 07:56:35 -04:00
}
2018-02-23 11:03:17 -05:00
into ( 'modules' ) {
2021-04-26 12:40:09 -04:00
with modulesFiles ( 'linux-' + ( ( architecture = = 'x64' ) ? 'x64' : architecture ) )
2018-07-23 14:28:24 -04:00
}
2019-03-15 03:55:15 -04:00
if ( jdk ) {
into ( 'jdk' ) {
2020-03-22 11:58:11 -04:00
with jdkFiles ( project , 'linux' , architecture )
2019-03-15 03:55:15 -04:00
}
2019-03-08 14:04:18 -05:00
}
2018-07-23 14:28:24 -04:00
// we need to specify every intermediate directory in these paths so the package managers know they are explicitly
// intended to manage them; otherwise they may be left behind on uninstallation. duplicate calls of the same
// directory are fine
eachFile { FileCopyDetails fcp - >
String [ ] segments = fcp . relativePath . segments
for ( int i = segments . length - 2 ; i > 2 ; - - i ) {
2019-12-09 14:34:35 -05:00
if ( type = = 'rpm' ) {
directory ( '/' + segments [ 0 . . i ] . join ( '/' ) , 0755 )
}
2019-03-07 13:53:44 -05:00
if ( segments [ - 2 ] = = 'bin' | | segments [ - 1 ] = = 'jspawnhelper' ) {
2018-07-23 14:28:24 -04:00
fcp . mode = 0755
} else {
fcp . mode = 0644
2018-02-23 11:03:17 -05:00
}
}
}
2018-02-14 01:49:53 -05:00
}
2018-04-24 12:10:51 -04:00
// license files
if ( type = = 'deb' ) {
into ( "/usr/share/doc/${packageName}" ) {
from "${packagingFiles}/copyright"
fileMode 0644
}
} else {
assert type = = 'rpm'
2021-03-16 04:53:48 -04:00
into ( '/usr/share/opensearch' ) {
2018-04-24 12:10:51 -04:00
from ( rootProject . file ( 'licenses' ) ) {
2021-01-30 01:23:18 -05:00
include 'APACHE-LICENSE-2.0.txt'
2018-04-24 12:10:51 -04:00
rename { 'LICENSE.txt' }
}
2018-05-23 23:15:19 -04:00
fileMode 0644
2018-04-24 12:10:51 -04:00
}
}
2018-02-21 20:46:40 -05:00
// ========= config files =========
2021-03-16 04:53:48 -04:00
configurationFile '/etc/opensearch/opensearch.yml'
configurationFile '/etc/opensearch/jvm.options'
configurationFile '/etc/opensearch/log4j2.properties'
2019-11-14 06:01:23 -05:00
from ( "${packagingFiles}" ) {
dirMode 02750
into ( '/etc' )
2021-03-16 04:53:48 -04:00
permissionGroup 'opensearch'
2019-11-14 06:01:23 -05:00
includeEmptyDirs true
createDirectoryEntry true
2021-03-16 04:53:48 -04:00
include ( "opensearch" ) // empty dir, just to add directory entry
include ( "opensearch/jvm.options.d" ) // empty dir, just to add directory entry
2019-11-14 06:01:23 -05:00
}
2021-03-16 04:53:48 -04:00
from ( "${packagingFiles}/etc/opensearch" ) {
into ( '/etc/opensearch' )
2019-01-15 13:19:32 -05:00
dirMode 02750
2018-02-14 01:49:53 -05:00
fileMode 0660
2021-03-16 04:53:48 -04:00
permissionGroup 'opensearch'
2018-02-14 01:49:53 -05:00
includeEmptyDirs true
createDirectoryEntry true
fileType CONFIG | NOREPLACE
2018-02-21 20:46:40 -05:00
}
2021-02-22 18:08:15 -05:00
String envFile = expansionsForDistribution ( type , jdk ) [ 'path.env' ]
2018-02-21 20:46:40 -05:00
configurationFile envFile
into ( new File ( envFile ) . getParent ( ) ) {
fileType CONFIG | NOREPLACE
2021-03-16 04:53:48 -04:00
permissionGroup 'opensearch'
2018-02-21 20:46:40 -05:00
fileMode 0660
2021-03-16 04:53:48 -04:00
from "${packagingFiles}/env/opensearch"
2018-02-14 01:49:53 -05:00
}
2018-02-21 20:46:40 -05:00
// ========= systemd =========
2018-02-14 01:49:53 -05:00
into ( '/usr/lib/tmpfiles.d' ) {
2021-03-16 04:53:48 -04:00
from "${packagingFiles}/systemd/opensearch.conf"
2018-05-23 23:15:19 -04:00
fileMode 0644
2018-02-14 01:49:53 -05:00
}
into ( '/usr/lib/systemd/system' ) {
fileType CONFIG | NOREPLACE
2021-03-16 04:53:48 -04:00
from "${packagingFiles}/systemd/opensearch.service"
2018-05-23 23:15:19 -04:00
fileMode 0644
2018-02-14 01:49:53 -05:00
}
into ( '/usr/lib/sysctl.d' ) {
fileType CONFIG | NOREPLACE
2021-03-16 04:53:48 -04:00
from "${packagingFiles}/systemd/sysctl/opensearch.conf"
2018-05-23 23:15:19 -04:00
fileMode 0644
2018-02-14 01:49:53 -05:00
}
2021-03-16 04:53:48 -04:00
into ( '/usr/share/opensearch/bin' ) {
Password-protected Keystore Feature Branch PR (#51123) (#51510)
* Reload secure settings with password (#43197)
If a password is not set, we assume an empty string to be
compatible with previous behavior.
Only allow the reload to be broadcast to other nodes if TLS is
enabled for the transport layer.
* Add passphrase support to elasticsearch-keystore (#38498)
This change adds support for keystore passphrases to all subcommands
of the elasticsearch-keystore cli tool and adds a subcommand for
changing the passphrase of an existing keystore.
The work to read the passphrase in Elasticsearch when
loading, which will be addressed in a different PR.
Subcommands of elasticsearch-keystore can handle (open and create)
passphrase protected keystores
When reading a keystore, a user is only prompted for a passphrase
only if the keystore is passphrase protected.
When creating a keystore, a user is allowed (default behavior) to create one with an
empty passphrase
Passphrase can be set to be empty when changing/setting it for an
existing keystore
Relates to: #32691
Supersedes: #37472
* Restore behavior for force parameter (#44847)
Turns out that the behavior of `-f` for the add and add-file sub
commands where it would also forcibly create the keystore if it
didn't exist, was by design - although undocumented.
This change restores that behavior auto-creating a keystore that
is not password protected if the force flag is used. The force
OptionSpec is moved to the BaseKeyStoreCommand as we will presumably
want to maintain the same behavior in any other command that takes
a force option.
* Handle pwd protected keystores in all CLI tools (#45289)
This change ensures that `elasticsearch-setup-passwords` and
`elasticsearch-saml-metadata` can handle a password protected
elasticsearch.keystore.
For setup passwords the user would be prompted to add the
elasticsearch keystore password upon running the tool. There is no
option to pass the password as a parameter as we assume the user is
present in order to enter the desired passwords for the built-in
users.
For saml-metadata, we prompt for the keystore password at all times
even though we'd only need to read something from the keystore when
there is a signing or encryption configuration.
* Modify docs for setup passwords and saml metadata cli (#45797)
Adds a sentence in the documentation of `elasticsearch-setup-passwords`
and `elasticsearch-saml-metadata` to describe that users would be
prompted for the keystore's password when running these CLI tools,
when the keystore is password protected.
Co-Authored-By: Lisa Cawley <lcawley@elastic.co>
* Elasticsearch keystore passphrase for startup scripts (#44775)
This commit allows a user to provide a keystore password on Elasticsearch
startup, but only prompts when the keystore exists and is encrypted.
The entrypoint in Java code is standard input. When the Bootstrap class is
checking for secure keystore settings, it checks whether or not the keystore
is encrypted. If so, we read one line from standard input and use this as the
password. For simplicity's sake, we allow a maximum passphrase length of 128
characters. (This is an arbitrary limit and could be increased or eliminated.
It is also enforced in the keystore tools, so that a user can't create a
password that's too long to enter at startup.)
In order to provide a password on standard input, we have to account for four
different ways of starting Elasticsearch: the bash startup script, the Windows
batch startup script, systemd startup, and docker startup. We use wrapper
scripts to reduce systemd and docker to the bash case: in both cases, a
wrapper script can read a passphrase from the filesystem and pass it to the
bash script.
In order to simplify testing the need for a passphrase, I have added a
has-passwd command to the keystore tool. This command can run silently, and
exit with status 0 when the keystore has a password. It exits with status 1 if
the keystore doesn't exist or exists and is unencrypted.
A good deal of the code-change in this commit has to do with refactoring
packaging tests to cleanly use the same tests for both the "archive" and the
"package" cases. This required not only moving tests around, but also adding
some convenience methods for an abstraction layer over distribution-specific
commands.
* Adjust docs for password protected keystore (#45054)
This commit adds relevant parts in the elasticsearch-keystore
sub-commands reference docs and in the reload secure settings API
doc.
* Fix failing Keystore Passphrase test for feature branch (#50154)
One problem with the passphrase-from-file tests, as written, is that
they would leave a SystemD environment variable set when they failed,
and this setting would cause elasticsearch startup to fail for other
tests as well. By using a try-finally, I hope that these tests will fail
more gracefully.
It appears that our Fedora and Ubuntu environments may be configured to
store journald information under /var rather than under /run, so that it
will persist between boots. Our destructive tests that read from the
journal need to account for this in order to avoid trying to limit the
output we check in tests.
* Run keystore management tests on docker distros (#50610)
* Add Docker handling to PackagingTestCase
Keystore tests need to be able to run in the Docker case. We can do this
by using a DockerShell instead of a plain Shell when Docker is running.
* Improve ES startup check for docker
Previously we were checking truncated output for the packaged JDK as
an indication that Elasticsearch had started. With new preliminary
password checks, we might get a false positive from ES keystore
commands, so we have to check specifically that the Elasticsearch
class from the Bootstrap package is what's running.
* Test password-protected keystore with Docker (#50803)
This commit adds two tests for the case where we mount a
password-protected keystore into a Docker container and provide a
password via a Docker environment variable.
We also fix a logging bug where we were logging the identifier for an
array of strings rather than the contents of that array.
* Add documentation for keystore startup prompting (#50821)
When a keystore is password-protected, Elasticsearch will prompt at
startup. This commit adds documentation for this prompt for the archive,
systemd, and Docker cases.
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
* Warn when unable to upgrade keystore on debian (#51011)
For Red Hat RPM upgrades, we warn if we can't upgrade the keystore. This
commit brings the same logic to the code for Debian packages. See the
posttrans file for gets executed for RPMs.
* Restore handling of string input
Adds tests that were mistakenly removed. One of these tests proved
we were not handling the the stdin (-x) option correctly when no
input was added. This commit restores the original approach of
reading stdin one char at a time until there is no more (-1, \r, \n)
instead of using readline() that might return null
* Apply spotless reformatting
* Use '--since' flag to get recent journal messages
When we get Elasticsearch logs from journald, we want to fetch only log
messages from the last run. There are two reasons for this. First, if
there are many logs, we might get a string that's too large for our
utility methods. Second, when we're looking for a specific message or
error, we almost certainly want to look only at messages from the last
execution.
Previously, we've been trying to do this by clearing out the physical
files under the journald process. But there seems to be some contention
over these directories: if journald writes a log file in between when
our deletion command deletes the file and when it deletes the log
directory, the deletion will fail.
It seems to me that we might be able to use journald's "--since" flag to
retrieve only log messages from the last run, and that this might be
less likely to fail due to race conditions in file deletion.
Unfortunately, it looks as if the "--since" flag has a granularity of
one-second. I've added a two-second sleep to make sure that there's a
sufficient gap between the test that will read from journald and the
test before it.
* Use new journald wrapper pattern
* Update version added in secure settings request
Co-authored-by: Lisa Cawley <lcawley@elastic.co>
Co-authored-by: Ioannis Kakavas <ikakavas@protonmail.com>
2020-01-28 05:32:32 -05:00
from "${packagingFiles}/systemd/systemd-entrypoint"
fileMode 0755
}
2018-02-21 20:46:40 -05:00
// ========= sysV init =========
2021-03-16 04:53:48 -04:00
configurationFile '/etc/init.d/opensearch'
2018-02-14 01:49:53 -05:00
into ( '/etc/init.d' ) {
fileMode 0750
fileType CONFIG | NOREPLACE
2021-03-16 04:53:48 -04:00
from "${packagingFiles}/init.d/opensearch"
2018-02-14 01:49:53 -05:00
}
2018-02-21 20:46:40 -05:00
// ========= empty dirs =========
// NOTE: these are created under packagingFiles as empty, but the permissions are set here
Closure copyEmptyDir = { path , u , g , mode - >
File file = new File ( path )
into ( file . parent ) {
2018-02-22 14:30:49 -05:00
from "${packagingFiles}/${file.parent}"
2018-02-21 20:46:40 -05:00
include file . name
2018-02-14 01:49:53 -05:00
includeEmptyDirs true
createDirectoryEntry true
user u
permissionGroup g
dirMode mode
}
}
2021-03-16 04:53:48 -04:00
copyEmptyDir ( '/var/log/opensearch' , 'opensearch' , 'opensearch' , 02750 )
copyEmptyDir ( '/var/lib/opensearch' , 'opensearch' , 'opensearch' , 02750 )
copyEmptyDir ( '/usr/share/opensearch/plugins' , 'root' , 'root' , 0755 )
2018-03-22 18:20:46 -04:00
2021-03-16 04:53:48 -04:00
into '/usr/share/opensearch'
2021-02-22 18:08:15 -05:00
with noticeFile ( jdk )
2018-02-21 20:46:40 -05:00
}
}
apply plugin: 'nebula.ospackage-base'
// this is package indepdendent configuration
ospackage {
2021-05-16 00:45:48 -04:00
maintainer 'OpenSearch Team <opensearch@amazon.com>'
2019-05-08 15:09:02 -04:00
summary 'Distributed RESTful search engine built for the cloud'
packageDescription '' '
2018-02-21 20:46:40 -05:00
Reference documentation can be found at
2021-03-20 03:26:48 -04:00
https: //github.com/opensearch-project/OpenSearch
2019-05-08 15:09:02 -04:00
'' ' . stripIndent ( ) . trim ( )
2021-03-20 03:26:48 -04:00
url 'https://github.com/opensearch-project/OpenSearch'
2018-02-21 20:46:40 -05:00
// signing setup
2020-01-27 16:48:40 -05:00
if ( project . hasProperty ( 'signing.password' ) & & BuildParams . isSnapshotBuild ( ) = = false ) {
2018-02-21 20:46:40 -05:00
signingKeyId = project . hasProperty ( 'signing.keyId' ) ? project . property ( 'signing.keyId' ) : 'D88E42B4'
signingKeyPassphrase = project . property ( 'signing.password' )
signingKeyRingFile = project . hasProperty ( 'signing.secretKeyRingFile' ) ?
2019-11-14 06:01:23 -05:00
project . file ( project . property ( 'signing.secretKeyRingFile' ) ) :
new File ( new File ( System . getProperty ( 'user.home' ) , '.gnupg' ) , 'secring.gpg' )
2018-02-21 20:46:40 -05:00
}
2019-05-08 15:09:02 -04:00
// version found on oldest supported distro, centos-6
requires ( 'coreutils' , '8.4' , GREATER | EQUAL )
2018-02-21 20:46:40 -05:00
fileMode 0644
dirMode 0755
user 'root'
permissionGroup 'root'
2021-03-16 04:53:48 -04:00
into '/usr/share/opensearch'
2018-02-21 20:46:40 -05:00
}
2021-02-22 18:08:15 -05:00
Closure commonDebConfig ( boolean jdk , String architecture ) {
2018-02-23 11:03:17 -05:00
return {
2021-02-22 18:08:15 -05:00
configure ( commonPackageConfig ( 'deb' , jdk , architecture ) )
2018-02-21 20:46:40 -05:00
2018-04-23 20:24:23 -04:00
// jdeb does not provide a way to set the License control attribute, and ospackage
// silently ignores setting it. Instead, we set the license as "custom field"
2021-01-30 01:23:18 -05:00
customFields [ 'License' ] = 'ASL-2.0'
2018-04-09 18:20:01 -04:00
2020-07-02 07:08:34 -04:00
archiveVersion = project . version . replace ( '-' , '~' )
2018-02-23 11:03:17 -05:00
packageGroup 'web'
2019-05-08 15:09:02 -04:00
// versions found on oldest supported distro, centos-6
requires ( 'bash' , '4.1' , GREATER | EQUAL )
requires ( 'lsb-base' , '4' , GREATER | EQUAL )
2018-02-23 11:03:17 -05:00
requires 'libc6'
requires 'adduser'
2018-02-21 20:46:40 -05:00
2018-02-23 11:03:17 -05:00
into ( '/usr/share/lintian/overrides' ) {
2021-03-16 04:53:48 -04:00
from ( 'src/deb/lintian/opensearch' )
2021-05-16 00:45:48 -04:00
fileMode 0644
2018-02-23 11:03:17 -05:00
}
2018-02-21 20:46:40 -05:00
}
}
2021-04-26 12:40:09 -04:00
tasks . register ( 'buildArm64Deb' , Deb ) {
configure ( commonDebConfig ( true , 'arm64' ) )
2018-02-23 11:03:17 -05:00
}
2021-04-20 12:27:40 -04:00
tasks . register ( 'buildDeb' , Deb ) {
2021-02-22 18:08:15 -05:00
configure ( commonDebConfig ( true , 'x64' ) )
2019-03-15 03:55:15 -04:00
}
2021-04-20 12:27:40 -04:00
tasks . register ( 'buildNoJdkDeb' , Deb ) {
2021-02-22 18:08:15 -05:00
configure ( commonDebConfig ( true , 'x64' ) )
2018-02-23 11:03:17 -05:00
}
2021-02-22 18:08:15 -05:00
Closure commonRpmConfig ( boolean jdk , String architecture ) {
2018-02-23 11:03:17 -05:00
return {
2021-02-22 18:08:15 -05:00
configure ( commonPackageConfig ( 'rpm' , jdk , architecture ) )
2018-02-23 11:03:17 -05:00
2021-05-16 00:45:48 -04:00
license 'ASL-2.0'
2018-04-09 18:20:01 -04:00
2018-02-23 11:03:17 -05:00
packageGroup 'Application/Internet'
requires '/bin/bash'
2019-02-28 15:35:23 -05:00
obsoletes packageName , '7.0.0' , Flags . LESS
2018-02-23 11:03:17 -05:00
prefix '/usr'
2021-03-16 04:53:48 -04:00
packager 'OpenSearch'
2020-07-14 04:25:00 -04:00
archiveVersion = project . version . replace ( '-' , '_' )
2018-02-23 11:03:17 -05:00
release = '1'
os 'LINUX'
2021-03-16 04:53:48 -04:00
distribution 'OpenSearch'
vendor 'OpenSearch'
2018-02-23 11:03:17 -05:00
// TODO ospackage doesn't support icon but we used to have one
2021-03-16 04:53:48 -04:00
// without this the rpm will have parent dirs of any files we copy in, eg /etc/opensearch
2018-02-23 11:03:17 -05:00
addParentDirs false
2018-02-21 20:46:40 -05:00
}
}
2021-04-26 12:40:09 -04:00
tasks . register ( 'buildArm64Rpm' , Rpm ) {
configure ( commonRpmConfig ( true , 'arm64' ) )
2018-02-14 01:49:53 -05:00
}
2021-04-20 12:27:40 -04:00
tasks . register ( 'buildRpm' , Rpm ) {
2021-02-22 18:08:15 -05:00
configure ( commonRpmConfig ( true , 'x64' ) )
2019-03-15 03:55:15 -04:00
}
2021-04-20 12:27:40 -04:00
tasks . register ( 'buildNoJdkRpm' , Rpm ) {
2021-02-22 18:08:15 -05:00
configure ( commonRpmConfig ( true , 'x64' ) )
2018-02-21 20:46:40 -05:00
}
2018-04-24 12:10:51 -04:00
Closure dpkgExists = { it - > new File ( '/bin/dpkg-deb' ) . exists ( ) | | new File ( '/usr/bin/dpkg-deb' ) . exists ( ) | | new File ( '/usr/local/bin/dpkg-deb' ) . exists ( ) }
Closure rpmExists = { it - > new File ( '/bin/rpm' ) . exists ( ) | | new File ( '/usr/bin/rpm' ) . exists ( ) | | new File ( '/usr/local/bin/rpm' ) . exists ( ) }
Closure debFilter = { f - > f . name . endsWith ( '.deb' ) }
2018-02-21 20:46:40 -05:00
// This configures the default artifact for the distribution specific
// subprojects. We have subprojects because Gradle project substitutions
// can only bind to the default configuration of a project
subprojects {
apply plugin: 'distribution'
String buildTask = "build${it.name.replaceAll(/-[a-z]/) { it.substring(1).toUpperCase() }.capitalize()}"
2020-04-08 19:47:02 -04:00
ext . buildDist = parent . tasks . named ( buildTask )
2018-02-21 20:46:40 -05:00
artifacts {
'default' buildDist
}
2019-09-27 02:03:15 -04:00
if ( dpkgExists ( ) | | rpmExists ( ) ) {
// sanity checks if packages can be extracted
final File extractionDir = new File ( buildDir , 'extracted' )
File packageExtractionDir
if ( project . name . contains ( 'deb' ) ) {
packageExtractionDir = new File ( extractionDir , 'deb-extracted' )
} else {
assert project . name . contains ( 'rpm' )
packageExtractionDir = new File ( extractionDir , 'rpm-extracted' )
2018-02-23 11:03:17 -05:00
}
2020-04-08 19:47:02 -04:00
tasks . register ( 'checkExtraction' , LoggedExec ) {
2019-09-27 02:03:15 -04:00
dependsOn buildDist
doFirst {
2020-10-05 09:52:15 -04:00
delete ( extractionDir )
2019-09-27 02:03:15 -04:00
extractionDir . mkdirs ( )
}
2018-02-23 11:03:17 -05:00
}
2019-09-27 02:03:15 -04:00
2020-07-31 07:09:04 -04:00
tasks . named ( "check" ) . configure { dependsOn "checkExtraction" }
2019-09-27 02:03:15 -04:00
if ( project . name . contains ( 'deb' ) ) {
2020-07-31 07:09:04 -04:00
tasks . named ( "checkExtraction" ) . configure {
2019-09-27 02:03:15 -04:00
onlyIf dpkgExists
2020-07-31 07:09:04 -04:00
commandLine 'dpkg-deb' , '-x' , "${-> buildDist.get().outputs.files.filter(debFilter).singleFile}" , packageExtractionDir
2019-09-27 02:03:15 -04:00
}
} else {
assert project . name . contains ( 'rpm' )
2020-07-31 07:09:04 -04:00
tasks . named ( "checkExtraction" ) . configure {
2019-09-27 02:03:15 -04:00
onlyIf rpmExists
final File rpmDatabase = new File ( extractionDir , 'rpm-database' )
commandLine 'rpm' ,
2019-11-14 06:01:23 -05:00
'--badreloc' ,
2020-03-22 11:58:11 -04:00
'--ignorearch' ,
'--ignoreos' ,
2019-11-14 06:01:23 -05:00
'--nodeps' ,
'--noscripts' ,
'--notriggers' ,
'--dbpath' ,
rpmDatabase ,
'--relocate' ,
"/=${packageExtractionDir}" ,
'-i' ,
2020-04-08 19:47:02 -04:00
"${-> buildDist.get().outputs.files.singleFile}"
2019-09-27 02:03:15 -04:00
}
2018-02-23 11:03:17 -05:00
}
2018-04-24 12:10:51 -04:00
2020-07-31 07:09:04 -04:00
tasks . register ( "checkLicense" ) {
dependsOn buildDist , "checkExtraction"
2019-09-27 02:03:15 -04:00
}
2020-07-31 07:09:04 -04:00
check . dependsOn "checkLicense"
2019-09-27 02:03:15 -04:00
if ( project . name . contains ( 'deb' ) ) {
2020-07-31 07:09:04 -04:00
tasks . named ( "checkLicense" ) . configure {
2019-09-27 02:03:15 -04:00
onlyIf dpkgExists
doLast {
Path copyrightPath
String expectedLicense
String licenseFilename
2021-04-20 12:27:40 -04:00
copyrightPath = packageExtractionDir . toPath ( ) . resolve ( "usr/share/doc/opensearch/copyright" )
2021-01-30 01:23:18 -05:00
expectedLicense = "ASL-2.0"
licenseFilename = "APACHE-LICENSE-2.0.txt"
2019-09-27 02:03:15 -04:00
final List < String > header = Arrays . asList ( "Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/" ,
2019-11-14 06:01:23 -05:00
"Copyright: Elasticsearch B.V. <info@elastic.co>" ,
2021-04-05 14:51:20 -04:00
"Copyright: OpenSearch Contributors" ,
2019-11-14 06:01:23 -05:00
"License: " + expectedLicense )
2019-09-27 02:03:15 -04:00
final List < String > licenseLines = Files . readAllLines ( rootDir . toPath ( ) . resolve ( "licenses/" + licenseFilename ) )
final List < String > expectedLines = header + licenseLines . collect { " " + it }
assertLinesInFile ( copyrightPath , expectedLines )
2018-04-24 12:10:51 -04:00
}
}
2019-09-27 02:03:15 -04:00
} else {
assert project . name . contains ( 'rpm' )
2020-07-31 07:09:04 -04:00
tasks . named ( "checkLicense" ) . configure {
2019-09-27 02:03:15 -04:00
onlyIf rpmExists
doLast {
2021-01-30 01:23:18 -05:00
String licenseFilename = "APACHE-LICENSE-2.0.txt"
2019-09-27 02:03:15 -04:00
final List < String > licenseLines = Files . readAllLines ( rootDir . toPath ( ) . resolve ( "licenses/" + licenseFilename ) )
2021-03-16 04:53:48 -04:00
final Path licensePath = packageExtractionDir . toPath ( ) . resolve ( "usr/share/opensearch/LICENSE.txt" )
2019-09-27 02:03:15 -04:00
assertLinesInFile ( licensePath , licenseLines )
2018-04-24 12:10:51 -04:00
}
}
}
2020-07-31 07:09:04 -04:00
tasks . register ( "checkNotice" ) {
dependsOn buildDist , "checkExtraction"
2019-09-27 02:03:15 -04:00
onlyIf {
( project . name . contains ( 'deb' ) & & dpkgExists . call ( it ) ) | | ( project . name . contains ( 'rpm' ) & & rpmExists . call ( it ) )
}
doLast {
2021-08-31 12:55:28 -04:00
final List < String > noticeLines = Arrays . asList ( "OpenSearch (https://opensearch.org/)" , "Copyright OpenSearch Contributors" )
2021-03-19 17:53:23 -04:00
final Path noticePath = packageExtractionDir . toPath ( ) . resolve ( "usr/share/opensearch/NOTICE.txt" )
2019-09-27 02:03:15 -04:00
assertLinesInFile ( noticePath , noticeLines )
}
2018-04-24 12:10:51 -04:00
}
2020-07-31 07:09:04 -04:00
tasks . named ( "check" ) . configure { dependsOn "checkNotice" }
2018-04-24 12:10:51 -04:00
2020-04-08 19:47:02 -04:00
tasks . register ( 'checkLicenseMetadata' , LoggedExec ) {
2020-07-31 07:09:04 -04:00
dependsOn buildDist , "checkExtraction"
2019-09-27 02:03:15 -04:00
}
check . dependsOn checkLicenseMetadata
if ( project . name . contains ( 'deb' ) ) {
checkLicenseMetadata { LoggedExec exec - >
onlyIf dpkgExists
final ByteArrayOutputStream output = new ByteArrayOutputStream ( )
2020-04-08 19:47:02 -04:00
exec . commandLine 'dpkg-deb' , '--info' , "${-> buildDist.get().outputs.files.filter(debFilter).singleFile}"
2019-09-27 02:03:15 -04:00
exec . standardOutput = output
doLast {
2021-01-30 01:23:18 -05:00
String expectedLicense = "ASL-2.0"
2019-09-27 02:03:15 -04:00
final Pattern pattern = Pattern . compile ( "\\s*License: (.+)" )
final String info = output . toString ( 'UTF-8' )
final String [ ] actualLines = info . split ( "\n" )
int count = 0
for ( final String actualLine : actualLines ) {
final Matcher matcher = pattern . matcher ( actualLine )
if ( matcher . matches ( ) ) {
count + +
final String actualLicense = matcher . group ( 1 )
if ( expectedLicense ! = actualLicense ) {
throw new GradleException ( "expected license [${expectedLicense} for package info but found [${actualLicense}]" )
}
2018-04-24 12:10:51 -04:00
}
}
2019-09-27 02:03:15 -04:00
if ( count = = 0 ) {
throw new GradleException ( "expected license [${expectedLicense}] for package info but found none in:\n${info}" )
}
if ( count > 1 ) {
throw new GradleException ( "expected a single license for package info but found [${count}] in:\n${info}" )
}
2018-04-24 12:10:51 -04:00
}
}
2019-09-27 02:03:15 -04:00
} else {
assert project . name . contains ( 'rpm' )
checkLicenseMetadata { LoggedExec exec - >
onlyIf rpmExists
final ByteArrayOutputStream output = new ByteArrayOutputStream ( )
2020-04-08 19:47:02 -04:00
exec . commandLine 'rpm' , '-qp' , '--queryformat' , '%{License}' , "${-> buildDist.get().outputs.files.singleFile}"
2019-09-27 02:03:15 -04:00
exec . standardOutput = output
doLast {
String license = output . toString ( 'UTF-8' )
2021-01-30 01:23:18 -05:00
String expectedLicense = "ASL-2.0"
2019-09-27 02:03:15 -04:00
if ( license ! = expectedLicense ) {
2020-04-08 19:47:02 -04:00
throw new GradleException ( "expected license [${expectedLicense}] for [${-> buildDist.get().outputs.files.singleFile}] but was [${license}]" )
2019-09-27 02:03:15 -04:00
}
2018-04-24 12:10:51 -04:00
}
}
}
}
2018-02-23 11:03:17 -05:00
}