added a chron job to start the ACA on reboot

.ci/docker/Dockerfile.rocky

@@ -16,7 +16,7 @@ RUN dnf -y install java-17-openjdk-devel -y
 #RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
 
 # Install HIRS dependencies
-RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
+RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ cronie  && yum clean all
 RUN dnf install -y wget openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd  libcurl-devel libssh-devel && yum clean all
 
 # Install PACCOR for Device Info Gathering

HIRS_AttestationCAPortal/build.gradle

@@ -86,8 +86,11 @@ ospackage {
 
     // Post Install
     postInstall 'sh /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
-    postInstall 'sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -p /opt/hirs/aca/HIRS_AttestationCAPortal.war'
+    // add chrontab to run ACA at boot
-// Note need to add service or chron job to start on system boot
+    postInstall 'echo "@reboot sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
+    // run ACA after install
+    postInstall 'sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w'
+    postInstall 'chmod +x /opt/hirs/aca/scripts/aca/aca_bootRun.sh'
 
     // Uninstall
     preUninstall 'sh /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'

package/scripts/aca/aca_bootRun.sh

@@ -13,6 +13,7 @@ ECC_PATH=ecc_512_sha384_certs
 SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
 LOG_FILE=/dev/null
 GRADLE_WRAPPER="./gradlew"
+DEPLOYED_WAR=false
 
 # Check for sudo or root user 
 if [ "$EUID" -ne 0 ]
@@ -25,7 +26,8 @@ help () {
   echo "  Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
   echo "  options:"
   echo "     -p  | --path   Path to the HIRS_AttestationCAPortal.war file"
-  echo "     -h  | --help   Print this Help."
+  echo "     -w  | --war    Use deployed war file"
+  echo "     -h  | --help   Print this help"
   echo
 }
 
@@ -38,8 +40,15 @@ while [[ $# -gt 0 ]]; do
       USE_WAR=YES
       shift # past argument
       WAR_PATH=$@
+      DEPLOYED_WAR=true
       shift # past parameter
       ;;
+    -w|--war)
+      USE_WAR=YES
+      shift # past argument
+      WAR_PATH="/opt/hirs/aca/HIRS_AttestationCAPortal.war"
+      DEPLOYED_WAR=true
+      ;;
     -h|--help)
       help     
       exit 0
@@ -60,7 +69,6 @@ done
 
 if [ -z "${WAR_PATH}" ]; then
   WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
-  NOT_USING_RPM=true
 fi 
 
 set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
@@ -87,7 +95,7 @@ if [ ! -d "$CERT_PATH" ]; then
      exit 1;
 fi
 
-if [ $NOT_USING_RPM = true ]; then
+if [ $DEPLOYED_WAR = false ]; then
   if [ ! -f "$GRADLE_WRAPPER" ]; then
     echo "This script needs to be run from the HIRS top level project directory. Exiting."
     exit 1;
@@ -123,5 +131,4 @@ if [ -z "$USE_WAR" ]; then
 else 
   echo "Booting the ACA from a $USE_WAR file..."
   java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
-  # Note add check for ACA to get started
 fi

package/scripts/aca/aca_check_setup.sh

@@ -43,11 +43,6 @@ if [ "$EUID" -ne 0 ]; then
       echo "This script requires root.  Please run as root"
       exit 1
 fi
-# Check install setup pki files
-if [ ! -d $CERT_PATH ]; then
-  echo "$CERT_PATH directory does not exist. Please run aca_setup.sh and try again."
-     exit 1;
-fi
 
 # Argument handling 
 
@@ -70,6 +65,26 @@ while [[ $# -gt 0 ]]; do
   esac
 done
 
+# Check if aca setup was performed
+  # Check is RPM was installed via RPM package 
+  rpm -q --quiet HIRS_AttestationCA
+  if [ $? -eq 0 ]; then
+      echo "HIRS ACA was installed via rpm package on this device"
+      if [[ $(cat /etc/crontab | grep -c hirs/aca) > 0 ]]; then 
+           echo "  HIRS ACA is set to start on boot via crontab file"
+        else
+           echo "  HIRS ACA is NOT set to start on boot via crontab file"
+      fi
+    else
+      echo "HIRS ACA was NOT installed via rpm package on this device" 
+  fi
+   # Check install setup pki files
+  if [ ! -d $CERT_PATH ]; then
+      echo "  $CERT_PATH directory does not exist. Exiting..."
+      echo "Please run aca_setup.sh and try again"
+      exit 1;
+  fi
+
 source /etc/hirs/aca/aca.properties;
 source $SCRIPT_DIR/../db/start_mysqld.sh
 
@@ -127,16 +142,16 @@ check_mysql_setup () {
 }
 
 check_cert () {
-TRUST_STORE=$1
+  TRUST_STORE=$1
-CERT=$2
+  CERT=$2
-RESULT=$(openssl verify -CAfile "$TRUST_STORE" $CERT)
+  RESULT=$(openssl verify -CAfile "$TRUST_STORE" $CERT)
-if [ $? -ne 0 ]; then
+  if [ $? -ne 0 ]; then
-   ALL_CHECKS_PASSED=false
+     ALL_CHECKS_PASSED=false
-   ALL_CERTS_PASSED=false
+     ALL_CERTS_PASSED=false
-fi
+  fi
-if [ ! -z "${ARG_VERBOSE}" ]; then
+  if [ ! -z "${ARG_VERBOSE}" ]; then
     echo "     "$RESULT
-fi
+  fi
 }
 
 check_pki () {
@@ -250,7 +265,7 @@ check_fips () {
    echo "Checking FIPS mode on this device..."
    echo "   "$(sysctl -a | grep crypto.fips_enabled)
 }
-
+# Run Checks
 check_for_container
 check_pwds
 check_pki

package/scripts/aca/aca_remove_setup.sh

@@ -28,6 +28,10 @@ popd
 echo "Removing certificates and config files..."
 rm -rf /etc/hirs
 
-# Note add check for ACA running and stop the process if it is 
+# Remove crontab and current ACA process
-
+echo "Removing the ACA crontab"
+sed -i '/aca_bootRun.sh/d' /etc/crontab
+echo "Shutting down the aca..."
+#pkill -f hirs/aca >/dev/null 2>&1;
+ps axf | grep HIRS_AttestationCAPortal.war | grep -v grep | awk '{print "kill " $1}' | sh  >/dev/null 2>&1
 echo "ACA setup removal complete."

package/scripts/aca/aca_setup.sh

@@ -14,7 +14,7 @@ help () {
   echo "     -u  | --unattended   Run unattended"
   echo "     -h  | --help   Print this Help."
   echo "     -sp | --skip-pki run the setup without pki setup."
-  echo "     -sb | --skip-db run the setup without databse setup."
+  echo "     -sb | --skip-db run the setup without database setup."
   echo
 }