Merge pull request #586 from nsacyber/v3_issue_578-rpm_update

Update ACA RPM to use executable war
This commit is contained in:
Cyrus 2023-09-20 07:33:15 -04:00 committed by GitHub
commit 37cbb78e3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 460 additions and 1009 deletions

View File

@ -1,22 +1,23 @@
FROM rockylinux:8.6
# Install packages for installing HIRS ACA
#RUN yum -y update && yum clean all
SHELL ["/bin/bash", "-c"]
# Update and install OS-dependencies
RUN dnf update -y
# Install Java 8
RUN dnf install java-1.8.0-openjdk-headless.x86_64 -y
# Install Java
RUN dnf -y install java-17-openjdk-devel -y
# Install Tomcat
RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
RUN dnf install wget -y
RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
RUN mkdir /opt/tomcat
RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
#RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
#RUN dnf install wget -y
#RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
#RUN mkdir /opt/tomcat
#RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
# Install HIRS dependencies
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
RUN dnf install -y openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ cronie && yum clean all
RUN dnf install -y wget openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
# Install PACCOR for Device Info Gathering
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r2/paccor-1.1.4-2.noarch.rpm && yum -y install paccor-*.rpm && popd
@ -33,3 +34,5 @@ RUN dnf -y install packages-microsoft-prod.rpm
RUN dnf makecache
RUN dnf -y install dotnet-sdk-6.0
RUN dotnet tool install --global dotnet-rpm
EXPOSE 8443

View File

@ -2,7 +2,7 @@ plugins {
id 'application'
id 'java'
id 'war'
id "nebula.ospackage" version "9.1.1"
id 'com.netflix.nebula.ospackage' version '11.4.0'
id 'org.springframework.boot' version '3.0.6'
id 'io.spring.dependency-management' version '1.1.0'
}
@ -60,14 +60,6 @@ dependencies {
testImplementation libs.testng
}
war {
from(buildDir) {
include 'VERSION'
into 'WEB-INF/classes'
}
archiveFileName = 'HIRS_AttestationCAPortal.war'
}
ospackage {
packageName = 'HIRS_AttestationCA'
os = LINUX
@ -78,85 +70,30 @@ ospackage {
user 'root'
fileMode = 0755
def tpath="/opt"
addParentDirs = true
createDirectoryEntry true
preInstall "rm -rf /opt/hirs/default-properties"
preInstall "mkdir -p /opt/hirs/default-properties/"
preInstall "mkdir -p /tmp/hirs/default-properties/"
// Setup /etc/hirs
into ('/etc/hirs/aca/') {
from '../HIRS_AttestationCA/src/main/resources/defaults.properties'
rename {'aca.properties'}
// copy setup scripts to /opt/hirs/aca
into ('/opt/hirs/aca/scripts/') {
from '../package/scripts/'
}
into ('/etc/hirs/') {
from '../HIRS_Utils/src/main/resources/banner.properties'
from '../HIRS_Utils/src/main/resources/persistence.properties'
from '../HIRS_Utils/src/main/resources/logging.properties'
}
// Setup tomcat files
// Create and package HIRS_AttestationCA:war
into ("${tpath}/tomcat/webapps") {
from war.outputs.files
from '../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war'
user 'root'
fileMode = 0755
}
into ("${tpath}/tomcat/lib") {
from 'libs'
from configurations.runtimeClasspath
}
into ("/opt/hirs/scripts/aca/") {
from '../package/conf/tomcat.service'
from '../package/scripts/install_tomcat.sh'
from '../package/scripts/aca/aca_property_setup.sh'
from '../package/scripts/aca/aca_setup.sh'
}
into ("/opt/hirs/scripts/pki/") {
from '../package/scripts/pki/ca.conf'
from '../package/scripts/pki/pki_setup.sh'
from '../package/scripts/pki/pki_chain_gen.sh'
}
into ("/opt/hirs/scripts/db/") {
from '../package/scripts/db/db_create.sh'
from '../package/scripts/db/db_create.sql'
from '../package/scripts/db/db_drop.sh'
from '../package/scripts/db/db_drop.sql'
from '../package/scripts/db/secure_mysql.sql'
}
into ("/opt/hirs/scripts/common") {
from '../package/scripts/common/'
}
into ('/opt/hirs/extras/aca/') {
from '../package/extras/aca/'
// copy the war file into /opt/hirs/aca
into ('/opt/hirs/aca/') {
from '../HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war'
user 'root'
fileMode = 0755
}
// Copy json files to /tmp and move into /opt/hirs in postInstall section
// Allows HIRS tools to be installed using the same files
into ('/tmp/aca/default-properties/') {
from '../HIRS_AttestationCA/src/main/resources/vendor-table.json'
from '../HIRS_AttestationCA/src/main/resources/component-class.json'
}
// Post Install
// Post Install
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
// add chrontab to run ACA at boot
postInstall 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
// run ACA after install
postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w'
postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'
postInstall file('../package/scripts/db/db_create.sh')
postInstall file('../package/scripts/pki/pki_setup.sh')
postInstall 'mkdir -p /etc/hirs/aca/certificates'
postInstall 'cp /tmp/aca/default-properties/* /opt/hirs/default-properties/.'
postInstall 'rm -rf /tmp/aca/'
// postInstall file('../package/scripts/install_tomcat.sh')
postInstall 'sh /opt/tomcat/bin/catalina.sh start'
// Post Uninstall
// Copy files to /tmp that package manager will be expecting them there
preUninstall 'mkdir -p /tmp/aca/default-properties/'
preUninstall 'cp -f /opt/hirs/default-properties/* /tmp/aca/default-properties/.'
preUninstall file('../package/scripts/db/db_drop.sh')
// Uninstall
preUninstall 'sh /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
buildRpm {
arch = X86_64
@ -165,5 +102,4 @@ ospackage {
buildDeb {
arch = 'amd64'
}
}

Binary file not shown.

View File

@ -1,6 +1,6 @@
#Thu Feb 15 13:18:16 EST 2018
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip

310
gradlew vendored
View File

@ -1,74 +1,129 @@
#!/usr/bin/env bash
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
##
## Gradle start up script for UN*X
##
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
MAX_FD=maximum
warn ( ) {
warn () {
echo "$*"
}
} >&2
die ( ) {
die () {
echo
echo "$*"
echo
exit 1
}
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
case "`uname`" in
CYGWIN* )
cygwin=true
;;
Darwin* )
darwin=true
;;
MINGW* )
msys=true
;;
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
PRG="$0"
# Need this for relative symlinks.
while [ -h "$PRG" ] ; do
ls=`ls -ld "$PRG"`
link=`expr "$ls" : '.*-> \(.*\)$'`
if expr "$link" : '/.*' > /dev/null; then
PRG="$link"
else
PRG=`dirname "$PRG"`"/$link"
fi
done
SAVED="`pwd`"
cd "`dirname \"$PRG\"`/" >/dev/null
APP_HOME="`pwd -P`"
cd "$SAVED" >/dev/null
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD="$JAVA_HOME/jre/sh/java"
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD="$JAVA_HOME/bin/java"
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@ -77,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD="java"
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
@ -85,76 +140,105 @@ location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
MAX_FD_LIMIT=`ulimit -H -n`
if [ $? -eq 0 ] ; then
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
MAX_FD="$MAX_FD_LIMIT"
fi
ulimit -n $MAX_FD
if [ $? -ne 0 ] ; then
warn "Could not set maximum file descriptor limit: $MAX_FD"
fi
else
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
fi
fi
# For Darwin, add options to specify how the application appears in the dock
if $darwin; then
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
fi
# For Cygwin, switch paths to Windows format before running java
if $cygwin ; then
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
JAVACMD=`cygpath --unix "$JAVACMD"`
# We build the pattern for arguments to be converted via cygpath
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
SEP=""
for dir in $ROOTDIRSRAW ; do
ROOTDIRS="$ROOTDIRS$SEP$dir"
SEP="|"
done
OURCYGPATTERN="(^($ROOTDIRS))"
# Add a user-defined pattern to the cygpath arguments
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
fi
# Now convert the arguments - kludge to limit ourselves to /bin/sh
i=0
for arg in "$@" ; do
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
else
eval `echo args$i`="\"$arg\""
fi
i=$((i+1))
done
case $i in
(0) set -- ;;
(1) set -- "$args0" ;;
(2) set -- "$args0" "$args1" ;;
(3) set -- "$args0" "$args1" "$args2" ;;
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
function splitJvmOpts() {
JVM_OPTS=("$@")
}
eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

66
gradlew.bat vendored
View File

@ -1,4 +1,20 @@
@if "%DEBUG%" == "" @echo off
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@ -8,20 +24,24 @@
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS=
set DIRNAME=%~dp0
if "%DIRNAME%" == "" set DIRNAME=.
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if "%ERRORLEVEL%" == "0" goto init
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@ -35,7 +55,7 @@ goto fail
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto init
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
@ -45,44 +65,26 @@ echo location of your Java installation.
goto fail
:init
@rem Get command-line arguments, handling Windowz variants
if not "%OS%" == "Windows_NT" goto win9xME_args
if "%@eval[2+2]" == "4" goto 4NT_args
:win9xME_args
@rem Slurp the command line arguments.
set CMD_LINE_ARGS=
set _SKIP=2
:win9xME_args_slurp
if "x%~1" == "x" goto execute
set CMD_LINE_ARGS=%*
goto execute
:4NT_args
@rem Get arguments from the 4NT Shell from JP Software
set CMD_LINE_ARGS=%$
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if "%ERRORLEVEL%"=="0" goto mainEnd
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
exit /b 1
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal

View File

@ -1,18 +0,0 @@
#!/bin/bash
# script that pulls version information from git for populating the portal dispalyed version,
# RPM file names, and RPM embedded version information
# script should be invoked with 'source' so that the variables are in the scope of the caller
GIT_HASH=`git rev-parse HEAD | head -c6`
VERSION=`cat $SCRIPT_DIR/../VERSION`
GIT_COMMIT_UNIX_TIMESTAMP=`git show -s --format=%ct | xargs echo -n`
RELEASE="$((GIT_COMMIT_UNIX_TIMESTAMP)).$GIT_HASH"
DISPLAY_VERSION="$VERSION.$GIT_COMMIT_UNIX_TIMESTAMP.$GIT_HASH"
echo "Building version:"
echo "VERSION: $VERSION"
echo "GIT_COMMIT_UNIX_TIMESTAMP: $GIT_COMMIT_UNIX_TIMESTAMP"
echo "RELEASE: $RELEASE"
echo "DISPLAY_VERSION: $DISPLAY_VERSION"

View File

@ -1,131 +0,0 @@
#!/bin/bash
set -e
# Builds the centos 6/7 package for HIRS. This script can be passed a list of arguments that are relative paths to plugin script files.
# The plugin script files are provided the destination directory of where to put the plugin jar file.
# argument $1: Extra package name addendum string
# argument $2 to end: plugin script dirs.
# store the initial directory so this script can concatenate the relative paths specified for the plugin scripts
INITIAL_DIR=`pwd`
# Enter package directory
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $SCRIPT_DIR/rpm
# Set variables
RPM_BUILD_DIR=`pwd`
# assign build version vars
source $SCRIPT_DIR/build_version_helper.sh
PLUGIN_SOURCE="$RPM_BUILD_DIR/PLUGIN_SOURCE"
PACKAGE_NAME_ADDENDUM="$1"
RPM_EXTRA_CLIENT_DEPENDENCIES="$2"
RPM_EXTRA_SERVER_DEPENDENCIES="$3"
# prepend comma on the extra dependency lists so it can be added to spec file as is, but only if there are
# extra dependencies (not empty)
if [ ! -z "$RPM_EXTRA_CLIENT_DEPENDENCIES" ]; then
RPM_EXTRA_CLIENT_DEPENDENCIES=", $RPM_EXTRA_CLIENT_DEPENDENCIES"
fi
if [ ! -z "$RPM_EXTRA_SERVER_DEPENDENCIES" ]; then
RPM_EXTRA_SERVER_DEPENDENCIES=", $RPM_EXTRA_SERVER_DEPENDENCIES"
fi
echo "extra client dependencies:$RPM_EXTRA_CLIENT_DEPENDENCIES"
echo "extra server dependencies:$RPM_EXTRA_SERVER_DEPENDENCIES"
# Clear old builds
rm -rf RPMS SRPMS $PLUGIN_SOURCE
# Create directories
mkdir -p BUILD BUILDROOT RPMS SOURCES SPECS SRPMS $PLUGIN_SOURCE
# build all plugins starting with fourth argument.
echo "Building plugins into $PLUGIN_SOURCE"
for plugin_script in "${@:4}"
do
# convert argument to absolute path if necessary
if [ "${plugin_script:0:1}" = "/" ]; then
plugin_abs_path_script=$plugin_script
else
plugin_abs_path_script="$INITIAL_DIR/$plugin_script"
fi
echo "Building Plugin: $plugin_abs_path_script"
$plugin_abs_path_script $PLUGIN_SOURCE
plugin_return_code=$?
if [ $plugin_return_code -ne 0 ]; then
echo "Failed to build plugin $plugin_abs_path_script. Aborting"
exit -1
fi
done
# Move specs & sources
cp *.spec SPECS
# Copy sources for TPM Module
tar -c -f SOURCES/tpm_module-$GIT_HASH.tar --exclude='dist' --exclude='build' ../../tpm_module/ --transform s/tpm_module/tpm_module-$GIT_HASH/
tar --append -f SOURCES/tpm_module-$GIT_HASH.tar ../../NOTICE
# Build RPM for TPM Module
rpmbuild --nodeps -ba SPECS/tpm-module.spec --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH || { echo 'Failed to package tpm_module'; exit 1; }
echo '************************************************************************************'
echo 'TPM Module RPM successfully built'
echo '************************************************************************************'
# Copy sources
tar -c -f SOURCES/HIRS-$GIT_HASH.tar ../../settings.gradle ../../build.gradle ../../VERSION ../../gradle.properties ../../gradlew ../../gradle/
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_AttestationCA
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_AttestationCAPortal
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Provisioner
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Structs
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Utils
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../TPM_Utils
# copy includes directory into release TAR
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../extras/
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../scripts/
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../../NOTICE
# Build HIRS CentOS6 RPMs. Provides PLUGIN_SOURCE variable to gradle task.
if [ -z "$ONLY_BUILD_EL7_RPMS" ]; then
echo "Building CentOS6 RPMs..."
rpmbuild --nodeps -ba SPECS/HIRS.spec --define 'build6 1' --define 'dist .el6' --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH --define 'DISPLAY_VERSION '$DISPLAY_VERSION --define 'PLUGIN_SOURCE '$PLUGIN_SOURCE --define 'PACKAGE_NAME_ADDENDUM '$PACKAGE_NAME_ADDENDUM --define 'RPM_EXTRA_CLIENT_DEPENDENCIES '"$RPM_EXTRA_CLIENT_DEPENDENCIES" --define 'RPM_EXTRA_SERVER_DEPENDENCIES '"$RPM_EXTRA_SERVER_DEPENDENCIES"|| { echo 'Failed to package HIRS'; exit 1; }
echo '************************************************************************************'
echo 'HIRS CentOS6 RPMs successfully built'
echo '************************************************************************************'
else
echo "Skipping building CentOS6 RPMs because of ONLY_BUILD_EL7_RPMS environment variable"
fi
# Cleanup before CENTOS 7 build
rm -rf BUILD BUILDROOT
## Build HIRS CentOS7 RPMs. Provides PLUGIN_SOURCE variable to gradle task
if [ -z "$ONLY_BUILD_EL6_RPMS" ]; then
rpmbuild --nodeps -ba SPECS/HIRS.spec --define 'build7 1' --define 'dist .el7' --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH --define 'DISPLAY_VERSION '$DISPLAY_VERSION --define 'PLUGIN_SOURCE '$PLUGIN_SOURCE --define 'PACKAGE_NAME_ADDENDUM '$PACKAGE_NAME_ADDENDUM --define 'RPM_EXTRA_CLIENT_DEPENDENCIES '"$RPM_EXTRA_CLIENT_DEPENDENCIES" --define 'RPM_EXTRA_SERVER_DEPENDENCIES '"$RPM_EXTRA_SERVER_DEPENDENCIES"|| { echo 'Failed to package HIRS'; exit 1; }
echo '************************************************************************************'
echo 'HIRS CentOS7 RPMs successfully built'
echo '************************************************************************************'
else
echo "Skipping building CentOS7 RPMs because of ONLY_BUILD_EL6_RPMS environment variable"
fi
# Cleanup
rm -rf BUILD BUILDROOT SOURCES SPECS $PLUGIN_SOURCE
# Build RPM for HIRS_ProvisionerTPM2
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.centos7.sh
if [ -f RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.rpm ]; then
echo '************************************************************************************'
echo 'HIRS_ProvisionerTPM2 RPM successfully built'
echo '************************************************************************************'
else
echo 'Error: HIRS_ProvisionerTPM2 failed to package'
exit 1
fi

View File

@ -1,114 +0,0 @@
#!/bin/bash
# Define script directory
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Set variables
GIT_HASH=`git rev-parse HEAD | head -c6`
# assign build version vars
source $SCRIPT_DIR/build_version_helper.sh
DEBIAN_FULL_VERSION=$VERSION.$RELEASE
OS=`lsb_release -c | awk '{print $2}'`
PROVISIONER_FULL_PACKAGE_NAME="hirs-provisioner"
# Enter package directory
mkdir -p $SCRIPT_DIR/deb
cd $SCRIPT_DIR/deb
# Clear old builds
rm -rf DEB_SOURCES
rm -f DEBS/hirs*.deb
rm -f DEBS/tpm-module*.deb
# Create directories
mkdir -p DEBS
# Copy Sources for HIRS_Provisioner
cd $SCRIPT_DIR/..
# build HIRS items.
./gradlew -PdisplayVersion=$DISPLAY_VERSION :HIRS_Provisioner:installDist
# Setup Provisioner directories
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/bin
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/lib
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
# Copy Provisioner files
cp -r HIRS_Provisioner/build/install/HIRS_Provisioner/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner
rm -rf $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/bin/*.bat
cp -r HIRS_Provisioner/debian/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
cp -r HIRS_Provisioner/man/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
cp -r HIRS_Provisioner/scripts/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
cp -r HIRS_Provisioner/src/main/resources/*.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts/install
cp -r HIRS_Provisioner/setup/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
cp HIRS_Provisioner/hirs-provisioner-config.sh $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
cp HIRS_Provisioner/scripts/install/*.sh $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
cp HIRS_Provisioner/setup/hirs-provisioner.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
cp HIRS_Provisioner/build/resources/main/defaults.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup/provisioner.properties
cp HIRS_Utils/src/main/resources/logging.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner
cp NOTICE $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/copyright
sed -i "s/VER/$DEBIAN_FULL_VERSION/" $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/changelog
sed -i "s/RELEASE/$OS/" $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/changelog
# Build Debian package for HIRS Provisioner
echo "Building $PROVISIONER_FULL_PACKAGE_NAME"
cd $SCRIPT_DIR/deb/DEB_SOURCES/$PROVISIONER_FULL_PACKAGE_NAME/
debuild -i -us -uc -b
ret=$?
if [[ $ret -ne 0 ]]; then
echo "Failed to build HIRS Provisioner deb package"
exit 1
fi
mv $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner*.deb $SCRIPT_DIR/deb/DEBS/
echo "HIRS Provisioner deb building complete"
# TPM Module
cd $SCRIPT_DIR/..
# Compile the TPM Module
./gradlew :tpm_module:build
cd tpm_module
# Setup build directories
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/src
# Copy build files
cp tpm_module $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/src/
cp -r debian/* $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
cp -r man/* $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
cp ../NOTICE $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian/copyright
# Build Debian package for TPM Module
cd $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/
debuild -i -us -uc -b
ret=$?
if [[ $ret -ne 0 ]]; then
echo "Failed to build tpm-module deb package"
exit 1
fi
mkdir -p $SCRIPT_DIR/deb/DEBS/
mv $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module*.deb $SCRIPT_DIR/deb/DEBS/
echo "TPM deb building complete"
# HIRS Provisioner TPM 2.0
cd $SCRIPT_DIR/deb
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
if [ -f DEBS/HIRSProvisionerTPM2.0*.deb ]; then
echo 'HIRS Provisioner TPM 2.0 deb building complete'
else
echo 'Failed to build HIRS Provisioner TPM 2.0 deb package'
exit 1
fi

View File

@ -1,337 +0,0 @@
# need to run rpmbuild with either:
# --define 'build6 1' --define 'dist .el6'
# --define 'build7 1' --define 'dist .el7'
# rpm runs scripts with $1 holding the number of currently installed version of the package in question:
# Install the first time: 1
# Upgrade: 2 or higher (depending on the number of versions installed)
# Remove last version of package: 0
# from RedHat RPM Guide by Eric Foster-Johnston
Name : HIRS
Version : %{?VERSION}
Release : %{?RELEASE}%{?dist}
Source : %{name}-%{?GIT_HASH}.tar
Group : System Environment/Base
License : ASL 2.0
Summary : HIRS
BuildArch : noarch
BuildRoot : %{_tmppath}/%{name}-%{version}-root
BuildRequires : java-1.8.0-openjdk-devel
%description
Host Integrity at Runtime and Startup (HIRS) parent spec.
%prep
%setup -q -c
%define provisioner_package_name HIRS_Provisioner_TPM_1_2%{?PACKAGE_NAME_ADDENDUM}
%define __jar_repack 0
##########################
# HIRS_Provisioner_TPM_1_2
##########################
%package -n %{provisioner_package_name}
Summary : Host Integrity at Runtime and Startup (HIRS) Provisioner
Group : System Environment/Base
%if 0%{?build6}
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, initscripts, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
%endif
%if 0%{?build7}
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, systemd, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
%endif
%description -n %{provisioner_package_name}
Host Integrity at Runtime and Startup (HIRS) Provisioner.
%pre -n %{provisioner_package_name}
if [[ $(find /sys/devices -name "tpm0") ]]; then
echo "TPM detected"
if [ -f "/usr/lib/systemd/system/tcsd.service" ]; then
echo "Starting tcsd service"
systemctl start tcsd
ret=$?
if [[ $ret -ne 0 ]]; then
echo "WARNING: FAILED TO START tcsd SERVICE, PROVISIONING WILL FAIL WITHOUT THIS SERVICE"
fi
echo "Adding tcsd (Trousers) to run levels 1,3,5, and 6"
chkconfig --level 1356 tcsd on
else
echo "Starting tcsd service"
service tcsd start
ret=$?
if [[ $ret -ne 0 ]]; then
echo "WARNING: FAILED TO START tcsd SERVICE, PROVISIONING WILL FAIL WITHOUT THIS SERVICE"
fi
echo "Adding tcsd (Trousers) to run levels 1,3,5, and 6"
chkconfig --level 1356 tcsd on
fi
if [ ! -d "/sys/kernel/security/tpm0" ]; then
echo "Mounting security fs partition"
sed -i '$a securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0' /etc/fstab
mount -a
if [ -d "/sys/kernel/security/tpm0" ]; then
echo "SUCCESS: security fs partition mounted"
fi
fi
else
echo "WARNING: UNABLE TO LOCATE TPM DEVICE, TPM PROVISIONING WILL FAIL"
fi
%post -n %{provisioner_package_name}
# copy default property files into /etc/hirs if not present
mkdir -p /etc/hirs/
cp -n /opt/hirs/default-properties/provisioner/* /etc/hirs/
# copy common scripts into /opt/hirs/scripts/common
cp -f /opt/hirs/scripts/common/provisioner/* /opt/hirs/scripts/common/
echo 'Creating symlink for hirs-provisioner command'
ln -s -f /usr/share/hirs/provisioner/tpm_aca_provision /usr/sbin/tpm_aca_provision
chmod +x /usr/share/hirs/provisioner/tpm_aca_provision
ln -s -f /usr/share/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
chmod +x /usr/share/hirs/provisioner/hirs-provisioner.sh
hirs-provisioner -c
%postun -n %{provisioner_package_name}
# don't run these during an upgrade
if [ "$1" = "0" ]; then
rm -rf /etc/hirs/provisioner
rm -rf /etc/hirs/certificates
rm -f /usr/sbin/hirs-provisioner
rm -rf /usr/share/hirs/provisioner
rm -rf /var/log/hirs/provisioner
# if there are no more HIRS packages remaining,
# remove all HIRS directories
if [[ -z `rpm -qa "HIRS*" | grep -v HIRS_Provisioner_TPM_1_2` ]]; then
rm -rf /etc/hirs
rm -rf /opt/hirs
rm -rf /usr/share/hirs
rm -rf /var/log/hirs
fi
fi
%files -n %{provisioner_package_name}
%license NOTICE
/etc/hirs/provisioner
%attr(664, root, root) /opt/hirs/default-properties/provisioner/logging.properties
%attr(774, root, root) /opt/hirs/scripts/common/provisioner/
/usr/share/hirs/provisioner
%{_mandir}/man1/hirs-provisioner.1.gz
####################
# HIRS_AttestationCA
####################
%package -n HIRS_AttestationCA
Summary : Host Integrity at Runtime and Startup (HIRS) Attestation Certificate Authority (HIRS AttestationCA)
Group : System Environment/Base
%if 0%{?build6}
Requires : mysql-server, openssl, tomcat6, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, iptables
Prefix : /usr/share/tomcat6
%endif
%if 0%{?build7}
Requires : mariadb-server, openssl, tomcat, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, firewalld, policycoreutils
Prefix : /usr/share/tomcat
%endif
%description -n HIRS_AttestationCA
Host Integrity at Runtime and Startup (HIRS) Attestation CA. Installs and creates keys for HIRS Attestation CA to support generating AIKs
%pre -n HIRS_AttestationCA
if [ ! -d $RPM_INSTALL_PREFIX ]; then
echo "error: Tomcat directory not found. Re-run this rpm installation with --prefix=\"<absolute-tomcat-directory>\""
exit 1
fi
%post -n HIRS_AttestationCA
# copy default property files into /etc/hirs if not present
mkdir -p /etc/hirs
cp -n /opt/hirs/default-properties/attestationca/* /etc/hirs/
# loop over common scripts and place into /opt/hirs/scripts/common
mkdir -p /opt/hirs/scripts/common/
cp -f /opt/hirs/scripts/common/aca/* /opt/hirs/scripts/common/
# run these only on a fresh install of the package
if [ $1 == 1 ]; then
# open necessary ports
sh /opt/hirs/scripts/common/firewall_configure_tomcat.sh
# Allow Tomcat to use port 3306 to communicate with MySQL
%if 0%{?build7}
if [ selinuxenabled ]; then
semodule -i /opt/hirs/extras/aca/tomcat-mysql-hirs.pp
fi
%endif
# create trust stores, configure tomcat and db
sh /opt/hirs/scripts/common/ssl_configure.sh server
# create the database
sh /opt/hirs/scripts/common/db_create.sh
fi
# modify mysql schema accordingly on upgrade
if [ $1 -gt 1 ]; then
#update version number on portal banner
echo %{?DISPLAY_VERSION} | tee '%{prefix}/webapps/HIRS_AttestationCAPortal/WEB-INF/classes/VERSION'
echo "Upgrading hirs_db schema!"
if [ %{version} == "1.0.4" ]; then
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql); then
echo "Upgrade to version 1.0.4"
else
echo "Error upgrading HIRS database schema to 1.0.4!"
exit 1;
fi
elif [ %{version} == "1.1.0" ]; then
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql && \
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.0.sql); then
echo "Upgrade to version 1.1.0"
else
echo "Error upgrading HIRS database schema to 1.1.0!"
exit 1;
fi
elif [ %{version} == "1.1.1" ]; then
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql && \
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.0.sql && \
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.1.sql); then
echo "Upgrade to version 1.1.1"
else
echo "Error upgrading HIRS database schema to 1.1.1!"
exit 1;
fi
fi
fi
sh /opt/hirs/scripts/aca/certificate_generate.sh
%preun -n HIRS_AttestationCA
# don't run these during an upgrade
if [ $1 == 0 ]; then
# if the Server isn't installed, deconfigure Tomcat and MySQL SSL and drop the database
if [[ -z `rpm -qa HIRS_Server` ]]; then
echo 'Restoring Tomcat and MySQL configuration'
sh /opt/hirs/scripts/common/ssl_deconfigure.sh server
echo 'Dropping local HIRS database'
sh /opt/hirs/scripts/common/db_drop.sh
fi
fi
%postun -n HIRS_AttestationCA
# don't run these during an upgrade
if [ $1 == 0 ]; then
# Removes WARS from the Tomcat installation as well as ACA configuration files and certificates
# (/etc/hirs/aca), and ACA installation (/opt/hirs/attestation-ca). Do not run during an upgrade
rm -f %{prefix}/webapps/HIRS_AttestationCA*.war
rm -rf %{prefix}/webapps/HIRS_AttestationCA*
rm -rf /etc/hirs/aca
rm -rf /opt/hirs/attestation-ca
# if the Server and Appraiser are not installed, remove certificates directory
if [[ -z `rpm -qa "HIRS_(Server|Appraiser)"` ]]; then
rm -rf /etc/hirs/certificates
fi
# if there are no more HIRS packages remaining,
# remove all HIRS directories
if [[ -z `rpm -qa "HIRS*" | grep -v HIRS_AttestationCA` ]]; then
rm -rf /etc/hirs
rm -rf /opt/hirs
rm -rf /usr/share/hirs
rm -rf /var/log/hirs
fi
fi
%files -n HIRS_AttestationCA
%license NOTICE
%attr(664, root, tomcat) %{prefix}/webapps/HIRS_AttestationCA.war
%attr(664, root, tomcat) %{prefix}/webapps/HIRS_AttestationCAPortal.war
%attr(774, root, tomcat) /etc/hirs/aca/
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/logging.properties
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/banner.properties
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/persistence.properties
%attr(664, root, tomcat) /opt/hirs/default-properties/component-class.json
%attr(664, root, tomcat) /opt/hirs/default-properties/vendor-table.json
%attr(774, root, tomcat) /opt/hirs/scripts/common/aca
%attr(774, root, tomcat) /opt/hirs/scripts/aca
%attr(774, root, tomcat) /opt/hirs/extras/aca/tomcat-mysql-hirs.pp
%attr(774, root, tomcat) /opt/hirs/extras/aca/tomcat-mysql-hirs.te
####################
# Build and install
####################
%build
./gradlew -PpluginDir=%{?PLUGIN_SOURCE} -PdisplayVersion=%{?DISPLAY_VERSION} :HIRS_Provisioner:installDist :HIRS_AttestationCA:war :HIRS_AttestationCAPortal:war
%install
# prepare provisioner for packaging
cd HIRS_Provisioner
mkdir -p %{buildroot}/usr/share/hirs/provisioner
mkdir -p %{buildroot}/%{_mandir}/man1
cp -r build/install/HIRS_Provisioner/* %{buildroot}/usr/share/hirs/provisioner
sed -i '/exec "$JAVACMD" "$@"/i /opt/hirs/scripts/common/jvm_version_check.sh $JAVACMD' %{buildroot}/usr/share/hirs/provisioner/bin/HIRS_Provisioner
mkdir -p %{buildroot}/etc/hirs/provisioner/certs
cp scripts/install/hirs-provisioner.sh %{buildroot}/usr/share/hirs/provisioner/
cp scripts/install/tpm_aca_provision %{buildroot}/usr/share/hirs/provisioner/
cp hirs-provisioner-config.sh %{buildroot}/etc/hirs/provisioner
cp create-ek-cert.sh %{buildroot}/etc/hirs/provisioner
cp src/main/resources/defaults.properties %{buildroot}/etc/hirs/provisioner/provisioner.properties
cp -r setup %{buildroot}/etc/hirs/provisioner/
gzip -c man/hirs-provisioner.1 > %{buildroot}/%{_mandir}/man1/hirs-provisioner.1.gz
mkdir -p %{buildroot}/opt/hirs/scripts/common/provisioner
cp ../scripts/common/jvm_version_check.sh %{buildroot}/opt/hirs/scripts/common/provisioner/
# copy common scripts
mkdir -p %{buildroot}/opt/hirs/scripts/common/aca
cp ../scripts/common/* %{buildroot}/opt/hirs/scripts/common/aca/
# prepare ACA for packaging
cd ../HIRS_AttestationCA
mkdir -p %{buildroot}/opt/hirs/scripts/aca
cp ../scripts/aca/* %{buildroot}/opt/hirs/scripts/aca
mkdir -p %{buildroot}/opt/hirs/attestation-ca/
mkdir -p %{buildroot}/etc/hirs/aca/certificates/
mkdir -p %{buildroot}/etc/hirs/aca/client-files/
mkdir -p %{buildroot}%{prefix}/webapps/
cp build/libs/HIRS_AttestationCA.war %{buildroot}%{prefix}/webapps/
cp src/main/resources/defaults.properties %{buildroot}/etc/hirs/aca/aca.properties
# prepare ACA Portal for packaging
cd ../HIRS_AttestationCAPortal
mkdir -p %{buildroot}%{prefix}/webapps/
cp build/libs/HIRS_AttestationCAPortal.war %{buildroot}%{prefix}/webapps/
# note: no ACA Portal specific resource files to copy yet...
# creates the home directory for activemq user so SELinux doesn't complain
mkdir -p %{buildroot}/srv/activemq
mkdir -p %{buildroot}/etc/hirs/portal
cd ..
# copy over the properties files
mkdir -p %{buildroot}/opt/hirs/default-properties/provisioner
cp HIRS_Utils/src/main/resources/logging.properties %{buildroot}/opt/hirs/default-properties/provisioner/logging.properties
mkdir -p %{buildroot}/opt/hirs/default-properties/attestationca
cp HIRS_Utils/src/main/resources/persistence.properties %{buildroot}/opt/hirs/default-properties/attestationca/
cp HIRS_Utils/src/main/resources/logging.properties %{buildroot}/opt/hirs/default-properties/attestationca/
cp HIRS_Utils/src/main/resources/banner.properties %{buildroot}/opt/hirs/default-properties/attestationca/
cp HIRS_Utils/src/main/resources/component-class.json %{buildroot}/opt/hirs/default-properties/
cp -n HIRS_Utils/src/main/resources/vendor-table.json %{buildroot}/opt/hirs/default-properties/
# install extras
mkdir -p %{buildroot}/opt/hirs/extras
cp -r extras/ %{buildroot}/opt/hirs/

View File

@ -1,62 +0,0 @@
Name : tpm_module
Vendor : U.S. Government
Summary : Tool used to interface with the TPM
Version : %{?VERSION}
Release : %{?RELEASE}
Source : tpm_module-%{?GIT_HASH}.tar
Group : System Environment/Base
License : ASL 2.0
Requires : tpm-tools, trousers
BuildRequires : cpp
BuildRequires : gcc-c++
BuildRequires : trousers-devel
BuildArch : x86_64
BuildRoot : %{_tmppath}/%{name}-%{version}-root
%description
Trusted Platform Module (TPM) interface module. This software is designed to provide a platform-independent interface to a client's TPM. It imlpements functionality similar to and exceeding that of tpm-tools in some cases. This software is intended for use with the HIR reporting infrastructure to help clients generate integrity reports based on TPM data.
%prep
%setup -q -n %{name}-%{?GIT_HASH}
%build
rm -f main.d main.o tpm_module
make
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/bin
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1
cp tpm_module $RPM_BUILD_ROOT/usr/bin/
gzip -c man/tpm_module.1 > $RPM_BUILD_ROOT/usr/share/man/man1/tpm_module.1.gz
%clean
rm -rf $RPM_BUILD_ROOT
%files
%license ../NOTICE
/usr/bin/tpm_module
/usr/share/man/man1/tpm_module.1.gz
%changelog
* Thu Feb 5 2015 3.11
- Modify to support new directory structure
* Mon May 5 2014 3.11
- Set up automatic builds
* Wed Jan 8 2014 3.10
- Added more comments, legal disclaimers, and changed behavior of error output.
* Wed Dec 4 2013 3.09
- Tweaked toggling of TSS_CAP_VERSION_INFO. Added additional debugging messages to describe errors.
* Mon Dec 2 2013 3.08
- TSS_CAP_VERSION_INFO is no longer required on quote2. Other tweaks for platform compatibility.
* Tue Oct 1 2013 3.08
- Improved commenting and documentation, fixed help info, changed behavior of clearing function
* Tue Jul 17 2012 3.07
- Fixed mask utility function handling of 'F' (70, not 80)
* Wed May 2 2012 3.06
- Corrected bug in changekeyauth function
* Tue May 1 2012 3.05
- Initial package release

View File

@ -6,7 +6,6 @@
#
#####################################################################################
USE_WAR=$1
CONFIG_FILE="/etc/hirs/aca/application.properties"
ALG=RSA
RSA_PATH=rsa_3k_sha384_certs
@ -14,6 +13,7 @@ ECC_PATH=ecc_512_sha384_certs
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
LOG_FILE=/dev/null
GRADLE_WRAPPER="./gradlew"
DEPLOYED_WAR=false
# Check for sudo or root user
if [ "$EUID" -ne 0 ]
@ -21,7 +21,59 @@ if [ "$EUID" -ne 0 ]
exit 1
fi
source $SCRIPT_DIR/../db/start_mysqld.sh
help () {
echo " Setup script for the HIRS ACA"
echo " Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
echo " options:"
echo " -p | --path Path to the HIRS_AttestationCAPortal.war file"
echo " -w | --war Use deployed war file"
echo " -h | --help Print this help"
echo
}
# Process parameters Argument handling
POSITIONAL_ARGS=()
ORIGINAL_ARGS=("$@")
while [[ $# -gt 0 ]]; do
case $1 in
-p|--path)
USE_WAR=YES
shift # past argument
WAR_PATH=$@
DEPLOYED_WAR=true
shift # past parameter
;;
-w|--war)
USE_WAR=YES
shift # past argument
WAR_PATH="/opt/hirs/aca/HIRS_AttestationCAPortal.war"
DEPLOYED_WAR=true
;;
-h|--help)
help
exit 0
shift # past argument
;;
-*|--*)
echo "aca_setup.sh: Unknown option $1"
help
exit 1
;;
*)
POSITIONAL_ARGS+=("$1") # save positional arg
# shift # past argument
break
;;
esac
done
if [ -z "${WAR_PATH}" ]; then
WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
fi
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
source $SCRIPT_DIR/../db/mysql_util.sh
if [ $ALG = "RSA" ]; then
CERT_PATH="/etc/hirs/certificates/HIRS/$RSA_PATH"
@ -43,9 +95,11 @@ if [ ! -d "$CERT_PATH" ]; then
exit 1;
fi
if [ ! -f "$GRADLE_WRAPPER" ]; then
if [ $DEPLOYED_WAR = false ]; then
if [ ! -f "$GRADLE_WRAPPER" ]; then
echo "This script needs to be run from the HIRS top level project directory. Exiting."
exit 1;
fi
fi
echo "Starting HIRS ACA on https://localhost:8443/HIRS_AttestationCAPortal/portal/index"
@ -71,10 +125,10 @@ WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \
# uncomment to show spring boot and hibernate properties used as gradle argumanets
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
if [ "$USE_WAR" == "war" ]; then
echo "Booting the ACA from a $USE_WAR file..."
java -jar HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war $CONNECTOR_PARAMS$WEB_TLS_PARAMS
if [ -z "$USE_WAR" ]; then
echo "Booting the ACA from local build..."
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
else
echo "Booting the ACA from local build..."
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
echo "Booting the ACA from a war file..."
java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
fi

View File

@ -37,17 +37,13 @@ DB_SRV_CONF="/etc/my.cnf.d/mariadb-server.cnf"
DB_CLIENT_CONF="/etc/my.cnf.d/client.cnf"
ALL_CHECKS_PASSED=true
ALL_CERTS_PASSED=true
source $SCRIPT_DIR/../db/mysql_util.sh
# Check for Admin privileges
if [ "$EUID" -ne 0 ]; then
echo "This script requires root. Please run as root"
exit 1
fi
# Check install setup pki files
if [ ! -d $CERT_PATH ]; then
echo "$CERT_PATH directory does not exist. Please run aca_setup.sh and try again."
exit 1;
fi
# Argument handling
@ -70,8 +66,32 @@ while [[ $# -gt 0 ]]; do
esac
done
echo "Checking HIRS ACA Setup on this device..."
# Check if aca setup was performed
# Check is RPM was installed via RPM package
rpm -q --quiet HIRS_AttestationCA
if [ $? -eq 0 ]; then
echo "HIRS ACA was installed via rpm package on this device"
if [[ $(cat /etc/crontab | grep -c hirs/aca) > 0 ]]; then
echo " HIRS ACA is set to start on boot via crontab file"
else
echo " HIRS ACA is NOT set to start on boot via crontab file"
fi
else
echo "HIRS ACA was NOT installed via rpm package on this device"
fi
# Check install setup pki files
if [ ! -d $CERT_PATH ]; then
check_db_cleared
echo " $CERT_PATH directory does not exist."
echo " Exiting..."
echo "Please run aca_setup.sh and try again"
exit 1;
fi
source /etc/hirs/aca/aca.properties;
source $SCRIPT_DIR/../db/start_mysqld.sh
check_pwds () {
@ -127,16 +147,16 @@ check_mysql_setup () {
}
check_cert () {
TRUST_STORE=$1
CERT=$2
RESULT=$(openssl verify -CAfile "$TRUST_STORE" $CERT)
if [ $? -ne 0 ]; then
ALL_CHECKS_PASSED=false
ALL_CERTS_PASSED=false
fi
if [ ! -z "${ARG_VERBOSE}" ]; then
TRUST_STORE=$1
CERT=$2
RESULT=$(openssl verify -CAfile "$TRUST_STORE" $CERT)
if [ $? -ne 0 ]; then
ALL_CHECKS_PASSED=false
ALL_CERTS_PASSED=false
fi
if [ ! -z "${ARG_VERBOSE}" ]; then
echo " "$RESULT
fi
fi
}
check_pki () {
@ -250,8 +270,8 @@ check_fips () {
echo "Checking FIPS mode on this device..."
echo " "$(sysctl -a | grep crypto.fips_enabled)
}
check_for_container
# Run Checks
check_for_container -p
check_pwds
check_pki
check_mysql_setup

View File

@ -14,18 +14,24 @@ if [ "$EUID" -ne 0 ]; then
echo "This script requires root. ACA setup not removed. Please run as root."
exit 1
fi
if [ ! -f /etc/hirs/aca/aca.properties ]; then
echo "aca.properties does not exist, aborting."
exit 1
fi
source $SCRIPT_DIR/../db/mysql_util.sh
# Make sure myswl root password is available and set $DB_ADIM_PWD before continuing...
check_mysql_root
# remove the hrs-db and hirs_db user
pushd $SCRIPT_DIR/../db/
sh db_drop.sh
popd
pushd $SCRIPT_DIR/../db/ &>/dev/null
sh db_drop.sh $DB_ADMIN_PWD
popd &>/dev/null
# remove pki files and config files
echo "Removing certificates and config files..."
rm -rf /etc/hirs
# Remove crontab and current ACA process
echo "Removing the ACA crontab"
sed -i '/aca_bootRun.sh/d' /etc/crontab
echo "Shutting down the aca..."
ps axf | grep HIRS_AttestationCAPortal.war | grep -v grep | awk '{print "kill " $1}' | sh >/dev/null 2>&1
echo "ACA setup removal complete."

View File

@ -17,7 +17,7 @@ help () {
echo " -u | --unattended Run unattended"
echo " -h | --help Print this Help."
echo " -sp | --skip-pki run the setup without pki setup."
echo " -sb | --skip-db run the setup without databse setup."
echo " -sb | --skip-db run the setup without database setup."
echo
}

View File

@ -34,7 +34,7 @@ touch $DB_SRV_CONF
mkdir -p /etc/hirs/aca/
mkdir -p /var/log/hirs/
source $SCRIPT_DIR/start_mysqld.sh
source $SCRIPT_DIR/mysql_util.sh
source $ACA_PROP_FILE
check_mysql_root_pwd () {
@ -66,7 +66,7 @@ check_mysql_root_pwd () {
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo "root password verified" | tee -a "$LOG_FILE"
echo "Mysql root password verified" | tee -a "$LOG_FILE"
else
echo "MYSQL root password was not the default, not supplied, or was incorrect"
echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
@ -147,7 +147,7 @@ create_hirs_db_with_tls () {
# HIRS ACA Mysqld processing ...
check_mariadb_install
check_for_container
check_for_container -p
set_mysql_server_tls
set_mysql_client_tls
start_mysqlsd

View File

@ -4,9 +4,10 @@ SRV_CNF=/etc/my.cnf.d/mariadb-server.cnf
CLIENT_CNF=/etc/my.cnf.d/client.cnf
SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )";)
LOG_FILE=/dev/null
DB_ADMIN_PWD=$1
source /etc/hirs/aca/aca.properties;
source $SCRIPT_DIR/start_mysqld.sh
#source /etc/hirs/aca/aca.properties;
source $SCRIPT_DIR/mysql_util.sh
# Check for sudo or root user, not actually needed but a good idea
if [ "$EUID" -ne 0 ]
@ -14,12 +15,6 @@ if [ "$EUID" -ne 0 ]
exit 1
fi
if [ -z $mysql_admin_password ]; then
read -p "Enter mysql root password" DB_ADMIN_PWD
else
DB_ADMIN_PWD=$mysql_admin_password
fi
if [ -d /opt/hirs/scripts/db ]; then
MYSQL_DIR="/opt/hirs/scripts/db"
else
@ -29,7 +24,7 @@ fi
echo "dropping hirs_db database"
if pgrep mysqld >/dev/null 2>&1; then
mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
mysql -u root --password=$DB_ADMIN_PWD -e "FLUSH HOSTS; FLUSH LOGS; FLUSH STATUS; FLUSH PRIVILEGES; FLUSH USER_RESOURCES"
mysql -u root --password=$DB_ADMIN_PWD -e "DROP USER 'hirs_db'@'localhost';"
mysql -u root --password=$DB_ADMIN_PWD -e "DROP DATABASE IF EXISTS hirs_db;"
echo "hirs_db database and hirs_db user removed"
@ -38,14 +33,10 @@ if pgrep mysqld >/dev/null 2>&1; then
fi
# reset the mysql root if the password was left in the properties fiel
if [ ! -z $mysql_admin_password ]; then
if [ ! -z $DB_ADMIN_PWD ]; then
echo "Resetting mysql root password to empty"
mysql -u root --password=$mysql_admin_password -e "SET PASSWORD FOR "root@localhost" = PASSWORD('');"
echo "Current list of databases:"
mysql -u root --password=$DB_ADMIN_PWD -e "SET PASSWORD FOR "root@localhost" = PASSWORD('');"
mysql -u "root" -e "FLUSH LOGS;"
mysql -u "root" -e "SHOW DATABASES;"
echo "Current list of users:"
mysql -u root -e "Select user from mysql.user;"
else
echo "Note root password was NOT reset"
fi
@ -62,5 +53,3 @@ mysql -u root -e "SHUTDOWN"
sleep 2
check_for_container
start_mysqlsd
mysql -u root -e "SHOW VARIABLES LIKE '%ssl%'"

View File

@ -7,15 +7,18 @@
#####################################################################################
SQL_SERVICE="mariadb"
# Checks to see if running in a container
# -p to print status
check_for_container () {
PRINT_STATUS=$1
# Check if we're in a Docker container
if [[ $(cat /proc/1/sched | head -n 1) == *"bash"* ]]; then
#if [ -f /.dockerenv ]; then
DOCKER_CONTAINER=true
echo "ACA is running in a container..." | tee -a "$LOG_FILE"
if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is running in a container..." | tee -a "$LOG_FILE"; fi
else
DOCKER_CONTAINER=false
echo "ACA is not running in a container..." | tee -a "$LOG_FILE"
if [[ $PRINT_STATUS == "-p" ]]; then echo "ACA is not running in a container..." | tee -a "$LOG_FILE"; fi
fi
if [ -d /opt/hirs/scripts/db ]; then
MYSQL_DIR="/opt/hirs/scripts/db"
@ -36,24 +39,24 @@ check_mariadb_install () {
}
# Starts mariadb during intial install
start_mysqlsd () {
PRINT_STATUS=$1
# Check if mysql is already running, if not initialize
if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
# Check if running in a container
if [ $DOCKER_CONTAINER = true ]; then
# if in Docker container, avoid services that invoke the D-Bus
echo "ACA is running in a container..."
# Check if mariadb is setup
if [ ! -d "/var/lib/mysql/mysql/" ]; then
echo "Installing mariadb"
/usr/bin/mysql_install_db > "$LOG_FILE"
chown -R mysql:mysql /var/lib/mysql/
/usr/bin/mysql_install_db & >> "$LOG_FILE"
chown -R mysql:mysql /var/lib/mysql/ & >> "$LOG_FILE"
fi
echo "Starting mysql...."
chown -R mysql:mysql /var/log/mariadb
/usr/bin/mysqld_safe &
if [[ $PRINT_STATUS == "-p" ]]; then echo "Starting mysql..."; fi
chown -R mysql:mysql /var/log/mariadb >> "$LOG_FILE";
/usr/bin/mysqld_safe & >> "$LOG_FILE";
else #not a container
systemctl enable $SQL_SERVICE
systemctl start $SQL_SERVICE
systemctl enable $SQL_SERVICE & >> "$LOG_FILE";
systemctl start $SQL_SERVICE & >> "$LOG_FILE";
fi
else # mysql process is running
# check if mysql service is running
@ -61,18 +64,18 @@ start_mysqlsd () {
DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
if [ $DB_STATUS -eq 0 ]; then
echo "mariadb not running , attempting to restart"
systemctl start mariadb
systemctl start mariadb & >> "$LOG_FILE";
fi
fi
fi
# Wait for mysql to start before continuing.
echo "Checking mysqld status..."| tee -a "$LOG_FILE"
if [[ $PRINT_STATUS == "-p" ]]; then echo "Checking mysqld status..."| tee -a "$LOG_FILE"; fi
while ! mysqladmin ping -h "$localhost" --silent; do
sleep 1;
done
echo "mysqld is running."| tee -a "$LOG_FILE"
if [[ $PRINT_STATUS == "-p" ]]; then echo "mysqld is running."| tee -a "$LOG_FILE"; fi
}
# Basic check for marai db status, attempts restart if not running
@ -81,7 +84,7 @@ check_mysql () {
if [ $DOCKER_CONTAINER = true ]; then
if [[ $(pgrep -c -u mysql mysqld) -eq 0 ]]; then
echo "mariadb not running , attempting to restart"
/usr/bin/mysqld_safe &
/usr/bin/mysqld_safe & >> "$LOG_FILE"
fi
else # not in a contianer
DB_STATUS=$(systemctl status mysql |grep 'running' | wc -l )
@ -89,18 +92,69 @@ check_mysql () {
echo "mariadb not running , attempting to restart"
systemctl start mariadb
fi
fi
fi
# Wait for mysql to start before continuing.
while ! mysqladmin ping -h "$localhost" --silent; do
sleep 1;
done
echo " Mariadb is running."
}
# Check for mysql root password , abort if not available
check_mysql_root () {
if [ -z $HIRS_MYSQL_ROOT_PWD ]; then
if [ ! -f /etc/hirs/aca/aca.properties ]; then
echo "aca.properties does not exist."
else
source /etc/hirs/aca/aca.properties;
DB_ADMIN_PWD=$mysql_admin_password
fi
else #HIRS_MYSQL_ROOT_PWD set
DB_ADMIN_PWD=$HIRS_MYSQL_ROOT_PWD
fi
# Allow user to enter password if not using env variabel or file
if [ -z $DB_ADMIN_PWD ]; then
read -p "Enter mysql root password" DB_ADMIN_PWD
else
DB_ADMIN_PWD=$mysql_admin_password
fi
# Make sure root password is correct
$(mysql -u root -p$DB_ADMIN_PWD -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo "root password verified" | tee -a "$LOG_FILE"
else
echo "MYSQL root password was not the default, not supplied, or was incorrect"
echo " please set the HIRS_MYSQL_ROOT_PWD system variable and retry."
echo " ********** ACA Mysql setup aborted ********" ;
exit 1;
fi
}
check_db_cleared () {
$(mysql -u root -e 'quit' &> /dev/null);
if [ $? -eq 0 ]; then
echo " Empty root password verified" | tee -a "$LOG_FILE"
else
echo " Mysql Root password is not empty"
fi
HIRS_DB_USER_EXISTS="$(mysql -uroot -sse "SELECT EXISTS(SELECT 1 FROM mysql.user WHERE user = 'hirs_db')")"
if [ $HIRS_DB_USER_EXISTS = 1 ]; then
echo " hirs_db user exists"
else
echo " hirs_db user does not exist"
fi
HIRS_DB_EXISTS=`mysql -uroot -e "SHOW DATABASES" | grep hirs_db`
if [[ $HIRS_DB_EXISTS == "hirs_db" ]]; then
echo " hirs_db databse exists"
else
echo " hirs_db database does not exists"
fi
}
# restart maraidb
mysqld_reboot () {
# reboot mysql server

View File

@ -1,35 +0,0 @@
#!/bin/bash
tom_version="10.1.9"
tom_maj=$(echo "$tom_version" | cut -d '.' -f 1)
CATALINA_HOME=/opt/tomcat/
CATALINA_BASE=/opt/tomcat/
# Check if tomcat already installed
if [ -d "/opt/tomcat" ]; then
echo "tomcat already installed"
else
echo "installing $tom_version"
pushd /tmp
useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
dnf install wget -y
wget https://downloads.apache.org/tomcat/tomcat-$tom_maj/v$tom_version/bin/apache-tomcat-$tom_version.tar.gz
mkdir /opt/tomcat
tar -xzf apache-tomcat-$tom_version.tar.gz -C /opt/tomcat --strip-components=1
rm apache-tomcat-$tom_version.tar.gz
chown -R tomcat: /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'
popd
fi
if [ -f /.dockerenv ]; then
echo "in a container..."
sh /opt/tomcat/bin/catalina.sh start
else
cp /opt/hirs/scripts/aca/tomcat.service /etc/systemd/system/.
systemctl daemon-reload
systemctl start tomcat
systemctl enable tomcat
fi
if [ $(pgrep -c FirewallD) == "1" ]; then
firewall-cmd --add-port=8080/tcp --permanent
firewall-cmd --add-port=8443/tcp --permanent
fi

View File

@ -3,7 +3,7 @@ plugins {
id "java"
// id "findbugs"
// id "checkstyle"
id "nebula.ospackage" version "9.1.1"
id "com.netflix.nebula.ospackage" version "11.4.0"
}
// Get version from main project gradle
def packVersion = properties.get("packageVersion");

View File

@ -1,6 +1,6 @@
plugins {
id "java"
id "nebula.ospackage" version "9.1.1"
id 'com.netflix.nebula.ospackage' version '11.4.0'
id 'com.intershop.gradle.jaxb' version '5.1.0'
}