From 648cc6defae656f30b47a9e3952244d41c23ee32 Mon Sep 17 00:00:00 2001 From: javanna Date: Thu, 8 Oct 2015 10:43:38 +0200 Subject: [PATCH] Packaging: change permissions/ownership of config dir When generating the rpm and dep package we now set proper group (elasticsearch) and permissions (750) to the conf dir (default /etc/elasticsearch). Same for the scripts subdirectory. Expanded the assert_file bash function to also optionally check the group of files, so we can actually test that the group was set correctly. Relates to #11016 Closes #14017 --- distribution/deb/pom.xml | 22 +++++++++- distribution/rpm/pom.xml | 6 +++ .../packaging/scripts/os_package.bash | 41 ++++++++++--------- .../scripts/packaging_test_utils.bash | 8 +++- 4 files changed, 55 insertions(+), 22 deletions(-) diff --git a/distribution/deb/pom.xml b/distribution/deb/pom.xml index 182398d91eb..c43e32be4f7 100644 --- a/distribution/deb/pom.xml +++ b/distribution/deb/pom.xml @@ -120,6 +120,19 @@ root + + + template + + ${packaging.elasticsearch.conf.dir} + + + perm + 750 + root + elasticsearch + + ${project.basedir}/../src/main/resources/config @@ -128,8 +141,9 @@ perm ${packaging.elasticsearch.conf.dir} + 750 root - root + elasticsearch @@ -137,6 +151,12 @@ ${packaging.elasticsearch.conf.dir}/scripts + + perm + 750 + root + elasticsearch + diff --git a/distribution/rpm/pom.xml b/distribution/rpm/pom.xml index 1e3004cab3d..218e19e57b7 100644 --- a/distribution/rpm/pom.xml +++ b/distribution/rpm/pom.xml @@ -142,10 +142,14 @@ that creates the conf.dir.--> ${packaging.elasticsearch.conf.dir} noreplace + elasticsearch + 750 ${packaging.elasticsearch.conf.dir}/ noreplace + elasticsearch + 750 ${project.basedir}/../src/main/resources/config/ @@ -158,6 +162,8 @@ ${packaging.elasticsearch.conf.dir}/scripts noreplace + elasticsearch + 750 diff --git a/qa/vagrant/src/test/resources/packaging/scripts/os_package.bash b/qa/vagrant/src/test/resources/packaging/scripts/os_package.bash index 4907cdf7ac3..f48532cb3f3 100644 --- a/qa/vagrant/src/test/resources/packaging/scripts/os_package.bash +++ b/qa/vagrant/src/test/resources/packaging/scripts/os_package.bash @@ -72,38 +72,39 @@ verify_package_installation() { getent group elasticsearch - assert_file "$ESHOME" d root 755 - assert_file "$ESHOME/bin" d root 755 - assert_file "$ESHOME/lib" d root 755 - assert_file "$ESCONFIG" d root 755 - assert_file "$ESCONFIG/elasticsearch.yml" f root 644 - assert_file "$ESCONFIG/logging.yml" f root 644 - assert_file "$ESDATA" d elasticsearch 755 - assert_file "$ESLOG" d elasticsearch 755 - assert_file "$ESPLUGINS" d elasticsearch 755 - assert_file "$ESPIDDIR" d elasticsearch 755 - assert_file "$ESHOME/NOTICE.txt" f root 644 - assert_file "$ESHOME/README.textile" f root 644 + assert_file "$ESHOME" d root root 755 + assert_file "$ESHOME/bin" d root root 755 + assert_file "$ESHOME/lib" d root root 755 + assert_file "$ESCONFIG" d root elasticsearch 750 + assert_file "$ESCONFIG/elasticsearch.yml" f root elasticsearch 750 + assert_file "$ESCONFIG/logging.yml" f root elasticsearch 750 + assert_file "$ESSCRIPTS" d root elasticsearch 750 + assert_file "$ESDATA" d elasticsearch elasticsearch 755 + assert_file "$ESLOG" d elasticsearch elasticsearch 755 + assert_file "$ESPLUGINS" d elasticsearch elasticsearch 755 + assert_file "$ESPIDDIR" d elasticsearch elasticsearch 755 + assert_file "$ESHOME/NOTICE.txt" f root root 644 + assert_file "$ESHOME/README.textile" f root root 644 if is_dpkg; then # Env file - assert_file "/etc/default/elasticsearch" f root 644 + assert_file "/etc/default/elasticsearch" f root root 644 # Doc files - assert_file "/usr/share/doc/elasticsearch" d root 755 - assert_file "/usr/share/doc/elasticsearch/copyright" f root 644 + assert_file "/usr/share/doc/elasticsearch" d root root 755 + assert_file "/usr/share/doc/elasticsearch/copyright" f root root 644 fi if is_rpm; then # Env file - assert_file "/etc/sysconfig/elasticsearch" f root 644 + assert_file "/etc/sysconfig/elasticsearch" f root root 644 # License file - assert_file "/usr/share/elasticsearch/LICENSE.txt" f root 644 + assert_file "/usr/share/elasticsearch/LICENSE.txt" f root root 644 fi if is_systemd; then - assert_file "/usr/lib/systemd/system/elasticsearch.service" f root 644 - assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root 644 - assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root 644 + assert_file "/usr/lib/systemd/system/elasticsearch.service" f root root 644 + assert_file "/usr/lib/tmpfiles.d/elasticsearch.conf" f root root 644 + assert_file "/usr/lib/sysctl.d/elasticsearch.conf" f root root 644 fi } diff --git a/qa/vagrant/src/test/resources/packaging/scripts/packaging_test_utils.bash b/qa/vagrant/src/test/resources/packaging/scripts/packaging_test_utils.bash index c81af4311a4..599f6bab513 100644 --- a/qa/vagrant/src/test/resources/packaging/scripts/packaging_test_utils.bash +++ b/qa/vagrant/src/test/resources/packaging/scripts/packaging_test_utils.bash @@ -150,7 +150,8 @@ assert_file() { local file="$1" local type=$2 local user=$3 - local privileges=$4 + local group=$4 + local privileges=$5 assert_file_exist "$file" @@ -167,6 +168,11 @@ assert_file() { [ "$realuser" = "$user" ] fi + if [ "x$group" != "x" ]; then + realgroup=$(find "$file" -maxdepth 0 -printf "%g") + [ "$realgroup" = "$group" ] + fi + if [ "x$privileges" != "x" ]; then realprivileges=$(find "$file" -maxdepth 0 -printf "%m") [ "$realprivileges" = "$privileges" ]