honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-06 04:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/distribution/packages/build.gradle
Ryan Ernst 6343ec3d3e
Update lintian overrides (#41561) (#41953) 
The deb package has been updated several times in the past to contain
overrides in order to pass lintian inspection. However, there have never
been any tests to ensure we do not fallback to failure. This commit
updates the overrides file given things that have changed since 2.x like
adding ML and bundling the jdk.

closes #17185
2019-05-08 12:09:02 -07:00

570 lines
19 KiB
Groovy
Raw Blame History

/*
* Licensed to Elasticsearch under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
*/
import org.elasticsearch.gradle.LoggedExec
import org.elasticsearch.gradle.MavenFilteringHack
import org.redline_rpm.header.Flags
import java.nio.file.Files
import java.nio.file.Path
import java.util.regex.Matcher
import java.util.regex.Pattern
/*****************************************************************************
* Deb and rpm configuration *
*****************************************************************************
*
* The general strategy here is to build a directory on disk that contains
* stuff that needs to be copied into the distributions. This is
* important for two reasons:
* 1. ospackage wants to copy the directory permissions that it sees off of the
* filesystem. If you ask it to create a directory that doesn't already
* exist on disk it petulantly creates it with 0755 permissions, no matter
* how hard you try to convince it otherwise.
* 2. Convincing ospackage to pick up an empty directory as part of a set of
* directories on disk is reasonably easy. Convincing it to just create an
* empty directory requires more wits than I have.
* 3. ospackage really wants to suck up some of the debian control scripts
* directly from the filesystem. It doesn't want to process them through
* MavenFilteringHack or any other copy-style action.
*
* The following commands are useful when it comes to check the user/group
* and files permissions set within the RPM and DEB packages:
*
* rpm -qlp --dump path/to/elasticsearch.rpm
* dpkg -c path/to/elasticsearch.deb
*/
buildscript {
repositories {
maven {
name "gradle-plugins"
url "https://plugins.gradle.org/m2/"
}
}
dependencies {
classpath 'com.netflix.nebula:gradle-ospackage-plugin:4.7.1'
}
}
void addProcessFilesTask(String type, boolean oss, boolean jdk) {
String packagingFiles = "build/packaging/${oss ? 'oss-' : ''}${jdk ? '' : 'no-jdk-'}${type}"
String taskName = "process${oss ? 'Oss' : ''}${jdk ? '' : 'NoJdk'}${type.capitalize()}Files"
task(taskName, type: Copy) {
into packagingFiles
with copySpec {
from 'src/common'
from "src/${type}"
MavenFilteringHack.filter(it, expansionsForDistribution(type, oss, jdk))
}
into('etc/elasticsearch') {
with configFiles(type, oss, jdk)
}
MavenFilteringHack.filter(it, expansionsForDistribution(type, oss, jdk))
doLast {
// create empty dirs, we set the permissions when configuring the packages
mkdir "${packagingFiles}/var/log/elasticsearch"
mkdir "${packagingFiles}/var/lib/elasticsearch"
mkdir "${packagingFiles}/usr/share/elasticsearch/plugins"
// bare empty dir for /etc/elasticsearch
mkdir "${packagingFiles}/elasticsearch"
}
}
}
addProcessFilesTask('deb', true, true)
addProcessFilesTask('deb', true, false)
addProcessFilesTask('deb', false, true)
addProcessFilesTask('deb', false, false)
addProcessFilesTask('rpm', true, true)
addProcessFilesTask('rpm', true, false)
addProcessFilesTask('rpm', false, true)
addProcessFilesTask('rpm', false, false)
// Common configuration that is package dependent. This can't go in ospackage
// since we have different templated files that need to be consumed, but the structure
// is the same
Closure commonPackageConfig(String type, boolean oss, boolean jdk) {
return {
dependsOn "process${oss ? 'Oss' : ''}${jdk ? '' : 'NoJdk'}${type.capitalize()}Files"
packageName "elasticsearch${oss ? '-oss' : ''}"
arch (type == 'deb' ? 'amd64' : 'X86_64')
// Follow elasticsearch's file naming convention
String jdkString = jdk ? "" : "no-jdk-"
archiveName "${packageName}-${project.version}-${jdkString}${archString}.${type}"
String prefix = "${oss ? 'oss-' : ''}${jdk ? '' : 'no-jdk-'}${type}"
destinationDir = file("${prefix}/build/distributions")
String packagingFiles = "build/packaging/${oss ? 'oss-' : ''}${jdk ? '' : 'no-jdk-'}${type}"
String scripts = "${packagingFiles}/scripts"
preInstall file("${scripts}/preinst")
postInstall file("${scripts}/postinst")
preUninstall file("${scripts}/prerm")
postUninstall file("${scripts}/postrm")
if (type == 'rpm') {
postTrans file("${scripts}/posttrans")
}
// top level "into" directive is not inherited from ospackage for some reason, so we must
// specify it again explicitly for copying common files
into('/usr/share/elasticsearch') {
into('bin') {
with binFiles(type, oss, jdk)
}
from(rootProject.projectDir) {
include 'README.textile'
fileMode 0644
}
into('lib') {
with libFiles(oss)
}
into('modules') {
with modulesFiles(oss, 'linux')
}
if (jdk) {
into('jdk') {
with jdkFiles(project, 'linux')
}
}
// we need to specify every intermediate directory in these paths so the package managers know they are explicitly
// intended to manage them; otherwise they may be left behind on uninstallation. duplicate calls of the same
// directory are fine
eachFile { FileCopyDetails fcp ->
String[] segments = fcp.relativePath.segments
for (int i = segments.length - 2; i > 2; --i) {
directory('/' + segments[0..i].join('/'), 0755)
if (segments[-2] == 'bin' || segments[-1] == 'jspawnhelper') {
fcp.mode = 0755
} else {
fcp.mode = 0644
}
}
}
}
// license files
if (type == 'deb') {
into("/usr/share/doc/${packageName}") {
from "${packagingFiles}/copyright"
fileMode 0644
}
} else {
assert type == 'rpm'
into('/usr/share/elasticsearch') {
from(rootProject.file('licenses')) {
include oss ? 'APACHE-LICENSE-2.0.txt' : 'ELASTIC-LICENSE.txt'
rename { 'LICENSE.txt' }
}
fileMode 0644
}
}
// ========= config files =========
configurationFile '/etc/elasticsearch/elasticsearch.yml'
configurationFile '/etc/elasticsearch/jvm.options'
configurationFile '/etc/elasticsearch/log4j2.properties'
if (oss == false) {
configurationFile '/etc/elasticsearch/role_mapping.yml'
configurationFile '/etc/elasticsearch/roles.yml'
configurationFile '/etc/elasticsearch/users'
configurationFile '/etc/elasticsearch/users_roles'
}
from("${packagingFiles}") {
dirMode 02750
into('/etc')
permissionGroup 'elasticsearch'
includeEmptyDirs true
createDirectoryEntry true
include("elasticsearch") // empty dir, just to add directory entry
}
from("${packagingFiles}/etc/elasticsearch") {
into('/etc/elasticsearch')
dirMode 02750
fileMode 0660
permissionGroup 'elasticsearch'
includeEmptyDirs true
createDirectoryEntry true
fileType CONFIG | NOREPLACE
}
String envFile = expansionsForDistribution(type, oss, jdk)['path.env']
configurationFile envFile
into(new File(envFile).getParent()) {
fileType CONFIG | NOREPLACE
permissionGroup 'elasticsearch'
fileMode 0660
from "${packagingFiles}/env/elasticsearch"
}
// ========= systemd =========
into('/usr/lib/tmpfiles.d') {
from "${packagingFiles}/systemd/elasticsearch.conf"
fileMode 0644
}
into('/usr/lib/systemd/system') {
fileType CONFIG | NOREPLACE
from "${packagingFiles}/systemd/elasticsearch.service"
fileMode 0644
}
into('/usr/lib/sysctl.d') {
fileType CONFIG | NOREPLACE
from "${packagingFiles}/systemd/sysctl/elasticsearch.conf"
fileMode 0644
}
// ========= sysV init =========
configurationFile '/etc/init.d/elasticsearch'
into('/etc/init.d') {
fileMode 0750
fileType CONFIG | NOREPLACE
from "${packagingFiles}/init.d/elasticsearch"
}
// ========= empty dirs =========
// NOTE: these are created under packagingFiles as empty, but the permissions are set here
Closure copyEmptyDir = { path, u, g, mode ->
File file = new File(path)
into(file.parent) {
from "${packagingFiles}/${file.parent}"
include file.name
includeEmptyDirs true
createDirectoryEntry true
user u
permissionGroup g
dirMode mode
}
}
copyEmptyDir('/var/log/elasticsearch', 'elasticsearch', 'elasticsearch', 02750)
copyEmptyDir('/var/lib/elasticsearch', 'elasticsearch', 'elasticsearch', 02750)
copyEmptyDir('/usr/share/elasticsearch/plugins', 'root', 'root', 0755)
// the oss package conflicts with the default distribution and vice versa
conflicts('elasticsearch' + (oss ? '' : '-oss'))
into '/usr/share/elasticsearch'
with noticeFile(oss, jdk)
}
}
apply plugin: 'nebula.ospackage-base'
// this is package indepdendent configuration
ospackage {
maintainer 'Elasticsearch Team <info@elastic.co>'
summary 'Distributed RESTful search engine built for the cloud'
packageDescription '''
Reference documentation can be found at
https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html
and the 'Elasticsearch: The Definitive Guide' book can be found at
https://www.elastic.co/guide/en/elasticsearch/guide/current/index.html
'''.stripIndent().trim()
url 'https://www.elastic.co/'
// signing setup
if (project.hasProperty('signing.password') && System.getProperty('build.snapshot', 'true') == 'false') {
signingKeyId = project.hasProperty('signing.keyId') ? project.property('signing.keyId') : 'D88E42B4'
signingKeyPassphrase = project.property('signing.password')
signingKeyRingFile = project.hasProperty('signing.secretKeyRingFile') ?
project.file(project.property('signing.secretKeyRingFile')) :
new File(new File(System.getProperty('user.home'), '.gnupg'), 'secring.gpg')
}
// version found on oldest supported distro, centos-6
requires('coreutils', '8.4', GREATER | EQUAL)
fileMode 0644
dirMode 0755
user 'root'
permissionGroup 'root'
into '/usr/share/elasticsearch'
}
Closure commonDebConfig(boolean oss, boolean jdk) {
return {
configure(commonPackageConfig('deb', oss, jdk))
// jdeb does not provide a way to set the License control attribute, and ospackage
// silently ignores setting it. Instead, we set the license as "custom field"
if (oss) {
customFields['License'] = 'ASL-2.0'
} else {
customFields['License'] = 'Elastic-License'
}
version = project.version.replace('-', '~')
packageGroup 'web'
// versions found on oldest supported distro, centos-6
requires('bash', '4.1', GREATER | EQUAL)
requires('lsb-base', '4', GREATER | EQUAL)
requires 'libc6'
requires 'adduser'
into('/usr/share/lintian/overrides') {
from('src/deb/lintian/elasticsearch')
if (oss) {
rename('elasticsearch', 'elasticsearch-oss')
}
}
}
}
task buildDeb(type: Deb) {
configure(commonDebConfig(false, true))
}
task buildOssDeb(type: Deb) {
configure(commonDebConfig(true, true))
}
task buildNoJdkDeb(type: Deb) {
configure(commonDebConfig(false, false))
}
task buildOssNoJdkDeb(type: Deb) {
configure(commonDebConfig(true, false))
}
Closure commonRpmConfig(boolean oss, boolean jdk) {
return {
configure(commonPackageConfig('rpm', oss, jdk))
if (oss) {
license 'ASL 2.0'
} else {
license 'Elastic License'
}
packageGroup 'Application/Internet'
requires '/bin/bash'
obsoletes packageName, '7.0.0', Flags.LESS
prefix '/usr'
packager 'Elasticsearch'
version = project.version.replace('-', '_')
release = '1'
os 'LINUX'
distribution 'Elasticsearch'
vendor 'Elasticsearch'
// TODO ospackage doesn't support icon but we used to have one
// without this the rpm will have parent dirs of any files we copy in, eg /etc/elasticsearch
addParentDirs false
}
}
task buildRpm(type: Rpm) {
configure(commonRpmConfig(false, true))
}
task buildOssRpm(type: Rpm) {
configure(commonRpmConfig(true, true))
}
task buildNoJdkRpm(type: Rpm) {
configure(commonRpmConfig(false, false))
}
task buildOssNoJdkRpm(type: Rpm) {
configure(commonRpmConfig(true, false))
}
Closure dpkgExists = { it -> new File('/bin/dpkg-deb').exists() || new File('/usr/bin/dpkg-deb').exists() || new File('/usr/local/bin/dpkg-deb').exists() }
Closure rpmExists = { it -> new File('/bin/rpm').exists() || new File('/usr/bin/rpm').exists() || new File('/usr/local/bin/rpm').exists() }
Closure debFilter = { f -> f.name.endsWith('.deb') }
// This configures the default artifact for the distribution specific
// subprojects. We have subprojects because Gradle project substitutions
// can only bind to the default configuration of a project
subprojects {
apply plugin: 'distribution'
String buildTask = "build${it.name.replaceAll(/-[a-z]/) { it.substring(1).toUpperCase() }.capitalize()}"
ext.buildDist = parent.tasks.getByName(buildTask)
artifacts {
'default' buildDist
}
// sanity checks if packages can be extracted
final File extractionDir = new File(buildDir, 'extracted')
File packageExtractionDir
if (project.name.contains('deb')) {
packageExtractionDir = new File(extractionDir, 'deb-extracted')
} else {
assert project.name.contains('rpm')
packageExtractionDir = new File(extractionDir, 'rpm-extracted')
}
task checkExtraction(type: LoggedExec) {
dependsOn buildDist
doFirst {
project.delete(extractionDir)
extractionDir.mkdirs()
}
}
check.dependsOn checkExtraction
if (project.name.contains('deb')) {
checkExtraction {
onlyIf dpkgExists
commandLine 'dpkg-deb', '-x', "${-> buildDist.outputs.files.filter(debFilter).singleFile}", packageExtractionDir
}
} else {
assert project.name.contains('rpm')
checkExtraction {
onlyIf rpmExists
final File rpmDatabase = new File(extractionDir, 'rpm-database')
commandLine 'rpm',
'--badreloc',
'--nodeps',
'--noscripts',
'--notriggers',
'--dbpath',
rpmDatabase,
'--relocate',
"/=${packageExtractionDir}",
'-i',
"${-> buildDist.outputs.files.singleFile}"
}
}
task checkLicense {
dependsOn buildDist, checkExtraction
}
check.dependsOn checkLicense
if (project.name.contains('deb')) {
checkLicense {
onlyIf dpkgExists
doLast {
Path copyrightPath
String expectedLicense
String licenseFilename
if (project.name.contains('oss-')) {
copyrightPath = packageExtractionDir.toPath().resolve("usr/share/doc/elasticsearch-oss/copyright")
expectedLicense = "ASL-2.0"
licenseFilename = "APACHE-LICENSE-2.0.txt"
} else {
copyrightPath = packageExtractionDir.toPath().resolve("usr/share/doc/elasticsearch/copyright")
expectedLicense = "Elastic-License"
licenseFilename = "ELASTIC-LICENSE.txt"
}
final List<String> header = Arrays.asList("Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/",
"Copyright: Elasticsearch B.V. <info@elastic.co>",
"License: " + expectedLicense)
final List<String> licenseLines = Files.readAllLines(rootDir.toPath().resolve("licenses/" + licenseFilename))
final List<String> expectedLines = header + licenseLines.collect { " " + it }
assertLinesInFile(copyrightPath, expectedLines)
}
}
} else {
assert project.name.contains('rpm')
checkLicense {
onlyIf rpmExists
doLast {
String licenseFilename
if (project.name.contains('oss-')) {
licenseFilename = "APACHE-LICENSE-2.0.txt"
} else {
licenseFilename = "ELASTIC-LICENSE.txt"
}
final List<String> licenseLines = Files.readAllLines(rootDir.toPath().resolve("licenses/" + licenseFilename))
final Path licensePath = packageExtractionDir.toPath().resolve("usr/share/elasticsearch/LICENSE.txt")
assertLinesInFile(licensePath, licenseLines)
}
}
}
task checkNotice {
dependsOn buildDist, checkExtraction
onlyIf { (project.name.contains('deb') && dpkgExists.call(it)) || (project.name.contains('rpm') && rpmExists.call(it)) }
doLast {
final List<String> noticeLines = Arrays.asList("Elasticsearch", "Copyright 2009-2018 Elasticsearch")
final Path noticePath = packageExtractionDir.toPath().resolve("usr/share/elasticsearch/NOTICE.txt")
assertLinesInFile(noticePath, noticeLines)
}
}
check.dependsOn checkNotice
task checkLicenseMetadata(type: LoggedExec) {
dependsOn buildDist, checkExtraction
}
check.dependsOn checkLicenseMetadata
if (project.name.contains('deb')) {
checkLicenseMetadata { LoggedExec exec ->
onlyIf dpkgExists
final ByteArrayOutputStream output = new ByteArrayOutputStream()
exec.commandLine 'dpkg-deb', '--info', "${ -> buildDist.outputs.files.filter(debFilter).singleFile}"
exec.standardOutput = output
doLast {
String expectedLicense
if (project.name.contains('oss-')) {
expectedLicense = "ASL-2.0"
} else {
expectedLicense = "Elastic-License"
}
final Pattern pattern = Pattern.compile("\\s*License: (.+)")
final String info = output.toString('UTF-8')
final String[] actualLines = info.split("\n")
int count = 0
for (final String actualLine : actualLines) {
final Matcher matcher = pattern.matcher(actualLine)
if (matcher.matches()) {
count++
final String actualLicense = matcher.group(1)
if (expectedLicense != actualLicense) {
throw new GradleException("expected license [${expectedLicense} for package info but found [${actualLicense}]")
}
}
}
if (count == 0) {
throw new GradleException("expected license [${expectedLicense}] for package info but found none in:\n${info}")
}
if (count > 1) {
throw new GradleException("expected a single license for package info but found [${count}] in:\n${info}")
}
}
}
} else {
assert project.name.contains('rpm')
checkLicenseMetadata { LoggedExec exec ->
onlyIf rpmExists
final ByteArrayOutputStream output = new ByteArrayOutputStream()
exec.commandLine 'rpm', '-qp', '--queryformat', '%{License}', "${-> buildDist.outputs.files.singleFile}"
exec.standardOutput = output
doLast {
String license = output.toString('UTF-8')
String expectedLicense
if (project.name.contains('oss-')) {
expectedLicense = "ASL 2.0"
} else {
expectedLicense = "Elastic License"
}
if (license != expectedLicense) {
throw new GradleException("expected license [${expectedLicense}] for [${-> buildDist.outputs.files.singleFile}] but was [${license}]")
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink