diff --git a/HIRS_AttestationCAPortal/build.gradle b/HIRS_AttestationCAPortal/build.gradle index fd619c78..4b885675 100644 --- a/HIRS_AttestationCAPortal/build.gradle +++ b/HIRS_AttestationCAPortal/build.gradle @@ -81,132 +81,84 @@ ospackage { version = "$packVersion" release = '1' + user 'root' + fileMode = 0755 + def tpath="/opt" + addParentDirs = true + createDirectoryEntry true + + preInstall "rm -rf /opt/hirs/default-properties" + preInstall "mkdir -p /opt/hirs/default-properties/" + preInstall "mkdir -p /tmp/hirs/default-properties/" + + // Setup /etc/hirs + into ('/etc/hirs/aca/') { + from '../HIRS_AttestationCA/src/main/resources/defaults.properties' + rename {'aca.properties'} + } + into ('/etc/hirs/') { + from '../HIRS_Utils/src/main/resources/banner.properties' + from '../HIRS_Utils/src/main/resources/persistence.properties' + from '../HIRS_Utils/src/main/resources/logging.properties' + } // Setup tomcat files - from(war.outputs.files) { - into "${tpath}/tomcat/webapps" - user 'root' - fileMode = 0755 - } - // Create and package HIRS_AttestationCA:war - from('../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war') { - into "${tpath}/tomcat/webapps" + into ("${tpath}/tomcat/webapps") { + from war.outputs.files + from '../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war' + user 'root' + fileMode = 0755 } - from('lib') { - into "${tpath}/tomcat/lib" + into ("${tpath}/tomcat/lib") { + from 'lib' + from configurations.runtimeClasspath } - from(configurations.runtimeClasspath) { - into "${tpath}/tomcat/lib" + into ("/opt/hirs/scripts/aca/") { + from '../package/conf/tomcat.service' + from '../package/scripts/install_tomcat.sh' + from '../package/scripts/aca/certificate_generate.sh' } - from ('../package/conf/tomcat.service') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/scripts/aca/' + into ("/opt/hirs/scripts/common") { + from '../package/scripts/common/' } - from ('../package/scripts/install_tomcat.sh') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/scripts/aca/' + into ('/opt/hirs/extras/aca/') { + from '../package/extras/aca/' } - // Setup /opt/hirs defualt property files - - from ('../HIRS_Utils/src/main/resources/vendor-table.json') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/default-properties/' - } - from ('../HIRS_Utils/src/main/resources/component-class.json') { - into '/opt/hirs/default-properties/' - } - from ('../HIRS_Utils/src/main/resources/banner.properties') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/default-properties/attestationca/' - } - from ('../HIRS_Utils/src/main/resources/persistence.properties') { - into '/opt/hirs/default-properties/attestationca/' - } - from ('../HIRS_Utils/src/main/resources/logging.properties') { - into '/opt/hirs/default-properties/attestationca/' + // Copy json files to /tmp and move into /opt/hirs in postInstall section + // Allows HIRS tools to be installed using the same files + into ('/tmp/aca/default-properties/') { + from '../HIRS_Utils/src/main/resources/vendor-table.json' + from '../HIRS_Utils/src/main/resources/component-class.json' } - // Setup script files - from ('../package/scripts/aca/certificate_generate.sh') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/scripts/aca/' - } - from ('../package/scripts/common/') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/scripts/common/' - } - from ('../package/extras/aca/') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/extras/aca/' - } - - // Set /etc/hirs/ files - - from ('../HIRS_Utils/src/main/resources/banner.properties') { - addParentDirs true - createDirectoryEntry true - into '/ect/hirs/' - } - from ('../HIRS_Utils/src/main/resources/persistence.properties') { - into '/ect/hirs/' - } - from ('../HIRS_Utils/src/main/resources/logging.properties') { - into '/ect/hirs/' - } - - // Setup script files - - from ('../package/scripts/aca/certificate_generate.sh') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/scripts/aca/' - } - from ('../package/scripts/common/') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/scripts/common/' - } - from ('../package/extras/aca/') { - addParentDirs true - createDirectoryEntry true - into '/opt/hirs/extras/aca/' - } - - // Set /etc/hirs/ files - - from ('../HIRS_Utils/src/main/resources/banner.properties') { - addParentDirs true - createDirectoryEntry true - into '/ect/hirs/' - } - from ('../HIRS_Utils/src/main/resources/persistence.properties') { - into '/ect/hirs/' - } - from ('../HIRS_Utils/src/main/resources/logging.properties') { - into '/ect/hirs/' - } + // Post Install + postInstall file('../package/scripts/install_tomcat.sh') + postInstall 'mkdir -p /etc/hirs/aca/client_files' + postInstall 'mkdir -p /etc/hirs/aca/certificates' + postInstall 'cp /tmp/aca/default-properties/* /opt/hirs/default-properties/.' + postInstall 'rm -rf /tmp/aca/' + // Old post install files, to be removed... // Note /etc/hirs/aca/certificates files are created by certificate_generate.sh // /etc/hirs/aca/client-files files are created by certificate_generate.sh // /etc/hirs/certificates/ files are created by ssl_configure.sh // /etc/hirs/certificates/mysql/ files are created by ssl_configure.sh // /etc/hirs/certificates/private/ files are created by ssl_configure.sh + // postInstall file('../package/scripts/common/firewall_configure_tomcat.sh') + // postInstall file('../package/scripts/common/ssl_configure.sh') + // postInstall file('../package/scripts/common/db_create.sh') + // postInstall file('../package/scripts/aca/certificate_generate.sh') + // postInstall 'if [ selinuxenabled ]; then semodule -i /opt/hirs/extras/aca/tomcat-mysql-hirs.pp; fi' + + //postInstall file('/opt/tomcat/libs/catalina.sh') - postInstall file('../package/scripts/install_tomcat.sh') - //postInstall file('/opt/hirs/scripts/aca/certificate_generate.sh') - //postInstall file('/opt/hirs/package/scripts/common/ssl_configure.sh') - //postInstall file('../tools/tcg_eventlog_tool/scripts/vendor-table.sh') - //postInstall file('/opt/tomcat/libs/catalina.sh') + // Post Uninstall + // Copy files to /tmp that package manager will be expecting them there + preUninstall 'mkdir -p /tmp/aca/default-properties/' + preUninstall 'cp /opt/hirs/default-properties/* /tmp/aca/default-properties/.' buildRpm.dependsOn ':HIRS_AttestationCA:war' diff --git a/HIRS_AttestationCAPortal/build.gradle.save b/HIRS_AttestationCAPortal/build.gradle.save new file mode 100644 index 00000000..0964a5db --- /dev/null +++ b/HIRS_AttestationCAPortal/build.gradle.save @@ -0,0 +1,181 @@ +plugins { + id 'java' + id 'war' + id "nebula.ospackage" version "9.1.1" +} + +java { + toolchain { + languageVersion = JavaLanguageVersion.of(11) + } +} + +repositories { + flatDir { dirs "lib" } + mavenCentral() +} + +dependencies { + implementation project(':HIRS_Utils') + implementation project(':HIRS_AttestationCA') + implementation libs.bouncy.castle + implementation libs.servlet.api + implementation libs.commons.io + implementation libs.commons.lang + implementation libs.commons.upload + implementation libs.gson + implementation libs.guava // for com.google.common + implementation libs.hibernate + implementation libs.hibernate.validator + implementation libs.http + implementation libs.jstl + implementation libs.javax.validation + implementation libs.log4j2 + implementation libs.log4j2.web + implementation libs.pci.ids + implementation libs.servlet.api + implementation libs.spring.context + implementation libs.spring.jdbc + implementation libs.spring.orm + implementation libs.spring.transaction + implementation libs.spring.webmvc + testImplementation libs.hamcrest + + // override the servlet API for testing. Required for Spring Integration tests + testImplementation libs.servlet.api + testImplementation libs.hsqldb + testImplementation libs.spring.test + testImplementation libs.testng + testImplementation libs.mockito + testImplementation libs.testng + testImplementation libs.jsonassert + testImplementation libs.jsonpath +} + +def copyVersion = project.task('copyVersion') +copyVersion.dependsOn compileJava +war.dependsOn copyVersion + +war { + from(buildDir) { + include 'VERSION' + into 'WEB-INF/classes' + archiveFileName = 'HIRS_AttestationCAPortal.war' + } +} + +ext.configDir = new File(projectDir, 'config') + +ext.checkstyleConfigDir = "$configDir/checkstyle" + +ext.findbugsConfigDir = "$configDir/findbugs" + +// Get version from main project gradle +def packVersion = properties.get("packageVersion"); +//println "packageVersion is ${packVersion}" + +ospackage { + packageName = 'HIRS_AttestationCA' + os = LINUX + arch = NOARCH + version = "$packVersion" + release = '1' + +// into '/opt/hirs/aca' + user 'root' + fileMode = 0755 + + def tpath="/opt" + + addParentDirs = true + createDirectoryEntry true + + preInstall "rm -rf /opt/hirs/default-properties" + preInstall "mkdir -p /opt/hirs/default-properties/" + preInstall "mkdir -p /tmp/hirs/default-properties/" +// preInstall "mkdir -p /opt/hirs/aca" +// preInstall "mkdir -p /etc/hirs/aca" +// preInstall "mkdir -p /opt/hirs/scripts/aca/" +// preInstall "mkdir -p /opt/hirs/scripts/aca/" +// preInstall "mkdir -p /opt/hirs/scripts/common/aca/" +// preInstall "mkdir -p /opt/hirs/extras/aca/" + + // Setup /etc/hirs + into ('/etc/hirs/aca/') { + from '../HIRS_AttestationCA/src/main/resources/defaults.properties' + rename {'aca.properties'} + } + into ('/etc/hirs/') { + from '../HIRS_Utils/src/main/resources/banner.properties' + from '../HIRS_Utils/src/main/resources/persistence.properties' + from '../HIRS_Utils/src/main/resources/logging.properties' + } + + // Setup tomcat files + // Create and package HIRS_AttestationCA:war + into ("${tpath}/tomcat/webapps") { + from war.outputs.files + from '../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war' + user 'root' + fileMode = 0755 + } + into ("${tpath}/tomcat/lib") { + from 'lib' + from configurations.runtimeClasspath + } + into ("/opt/hirs/scripts/aca/") { + from '../package/conf/tomcat.service' + from '../package/scripts/install_tomcat.sh' + } + + // Copy json files to /tmp and move into /opt/hirs in postInstall section + // Allows HIRS tools to be installed using the same files + // into ('/tmp/aca/default-properties/') { + into ('/opt/hirs/default-properties/') { + from '../HIRS_Utils/src/main/resources/vendor-table.json' + from '../HIRS_Utils/src/main/resources/component-class.json' + } + + // Setup opt/hirs/script files + into ('/opt/hirs/scripts/aca/') { + from '../package/scripts/aca/certificate_generate.sh' + } + into ('/opt/hirs/scripts/common/aca/') { + from '../package/scripts/common/' + } + into ('/opt/hirs/extras/aca/') { + from '../package/extras/aca/' + } + + // Note /etc/hirs/aca/certificates files are created by certificate_generate.sh + // /etc/hirs/aca/client-files files are created by certificate_generate.sh + // /etc/hirs/certificates/ files are created by ssl_configure.sh + // /etc/hirs/certificates/mysql/ files are created by ssl_configure.sh + // /etc/hirs/certificates/private/ files are created by ssl_configure.sh + + // Post Install + postInstall file('../package/scripts/install_tomcat.sh') + postInstall 'mkdir -p /etc/hirs/aca/client_files' + postInstall 'mkdir -p /etc/hirs/aca/certificates' + postInstall 'cp /tmp/aca/default-properties/* /opt/hirs/default-properties/.' + postInstall 'rm -rf /tmp/aca/' + + //postInstall file('/opt/hirs/scripts/aca/certificate_generate.sh') + //postInstall file('/opt/hirs/package/scripts/common/ssl_configure.sh') + //postInstall file('../tools/tcg_eventlog_tool/scripts/vendor-table.sh') + //postInstall file('/opt/tomcat/libs/catalina.sh') + + // Post Uninstall + // Copy files to /tmp that package manager will be expecting them there +// preUninstall 'cp /opt/hirs/default-properties/* /tmp/aca/default-properties/.' + + buildRpm.dependsOn ':HIRS_AttestationCA:war' + + buildRpm { + arch = X86_64 + } + + buildDeb { + arch = 'amd64' + } +} diff --git a/package/scripts/aca/certificate_generate.sh b/package/scripts/aca/certificate_generate.sh index 17f35bf6..bf0afc22 100644 --- a/package/scripts/aca/certificate_generate.sh +++ b/package/scripts/aca/certificate_generate.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # Check if we're in a Docker container if [ -f /.dockerenv ]; then diff --git a/package/scripts/common/ssl_configure.sh b/package/scripts/common/ssl_configure.sh index 6ebf0703..8bd4e803 100755 --- a/package/scripts/common/ssl_configure.sh +++ b/package/scripts/common/ssl_configure.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/bin/bash # certificates and key stores generated by this script CERTIFICATES="/etc/hirs/certificates" diff --git a/tools/tcg_eventlog_tool/build.gradle b/tools/tcg_eventlog_tool/build.gradle index 4f1eb249..8b742ea1 100644 --- a/tools/tcg_eventlog_tool/build.gradle +++ b/tools/tcg_eventlog_tool/build.gradle @@ -26,9 +26,8 @@ ext.checkstyleConfigDir = "$configDir/checkstyle" ext.findbugsConfigDir = "$configDir/findbugs" jar { - // Keep jar clean: + // Keep the jar clean: exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF' - manifest { attributes( 'Main-Class': 'hirs.tcg_eventlog.Main', @@ -49,52 +48,51 @@ ospackage { version = "$packVersion" release = '1' - into '/opt/hirs/eventlog' user 'root' fileMode = 0755 - - from(jar.outputs.files) { - into 'lib' + + into ('/opt/hirs/eventlog/lib') { + from jar.outputs.files + from 'lib' + from 'configurations.runtimeClasspath' } - from('lib') { - into 'lib' - } - from(configurations.runtimeClasspath) { - into 'lib' - } - from('scripts') { + into ('/opt/hirs/eventlog/scripts') { + from ('scripts') { exclude { - FileTreeElement details -> - details.file.name.endsWith('.bat') + FileTreeElement details -> + details.file.name.endsWith('.bat') } - into 'scripts' + } } - from('docs') { - exclude { - FileTreeElement details -> - details.file.name.endsWith('.odt') + into ('/opt/hirs/eventlog/docs') { + from ('docs') { + exclude { + FileTreeElement details -> + details.file.name.endsWith('.odt') + } } - into 'docs' } - from('./') { - include { - FileTreeElement details -> - details.file.name.endsWith('.md') - } - into './' - link("/usr/local/bin/elt", "/opt/hirs/eventlog/scripts/eventlog.sh", 0x755) - } - - into('/tmp/') { - fileMode 0664 + // Copy vendor-table into /tmp to avoid conflict with the ACA + into('/tmp/elt/default-properties') { from ('../../HIRS_Utils/src/main/resources/vendor-table.json') { - addParentDirs true - createDirectoryEntry true + fileMode 0664 + addParentDirs = true } } - postInstall file('scripts/vendor-table.sh') + // place elt link in system path to enable command line access + link("/usr/local/bin/elt", "/opt/hirs/eventlog/scripts/eventlog.sh", 0x755) + // PostInstall + // Copy files from /opt/elt/default-properties/ to avoid conflicts with the ACA + postInstall "cp /tmp/elt/default-properties/vendor-table.json /opt/hirs/default-properties/." + postInstall "rm -rf /tmp/elt" + + // Uninstall + // copy files to where package manager exspects them and remove project files + preUninstall "mkdir -p /tmp/elt/default-properties" + preUninstall "cp /opt/hirs/default-properties/vendor-table.json /tmp/elt/default-properties/." + postUninstall "rm -rf /tmp/elt" buildRpm { arch = X86_64 } diff --git a/tools/tcg_rim_tool/build.gradle b/tools/tcg_rim_tool/build.gradle index 804998dd..b65e97b1 100644 --- a/tools/tcg_rim_tool/build.gradle +++ b/tools/tcg_rim_tool/build.gradle @@ -26,9 +26,8 @@ dependencies { } jar { - // Keep jar clean: + // Keep the jar clean: exclude 'META-INF/*.SF', 'META-INF/*.DSA', 'META-INF/*.RSA', 'META-INF/*.MF' - manifest { attributes( 'Main-Class': 'hirs.swid.Main', @@ -52,34 +51,30 @@ ospackage { user 'root' fileMode = 0755 - from(jar.outputs.files) { - into 'lib' + into ('lib') { + from 'jar.outputs.files' + from 'libs' + from 'configurations.runtimeClasspath' } - from('libs') { - into 'lib' - } - - from(configurations.runtimeClasspath) { - into 'lib' - } - - from('scripts') { + into ('scripts') { + from ('scripts') { exclude { FileTreeElement details -> details.file.name.endsWith('.bat') } - into 'scripts' + } } - from('data') { + into ('data') { + from('data') { exclude { FileTreeElement details -> details.file.name.endsWith('.md') } - into './' - link("/usr/local/bin/rim", "/opt/hirs/rimtool/scripts/rimtool.sh", 0x755) + } } + link("/usr/local/bin/rim", "/opt/hirs/rimtool/scripts/rimtool.sh", 0x755) } buildRpm {