addeded OS sepcific checks for mariadb

package/scripts/aca/aca_check_setup.sh

@@ -37,7 +37,15 @@ DB_SRV_CONF="/etc/my.cnf.d/mariadb-server.cnf"
 DB_CLIENT_CONF="/etc/my.cnf.d/client.cnf"
 ALL_CHECKS_PASSED=true
 ALL_CERTS_PASSED=true
+
 source $SCRIPT_DIR/../db/mysql_util.sh
+source /etc/os-release 
+
+# Setup distro specifc paths and variables
+if [ $ID = "ubuntu" ]; then 
+   DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
+   DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
+fi
 
 # Check for Admin privileges
 if [ "$EUID" -ne 0 ]; then
@@ -69,16 +77,24 @@ done
 echo "Checking HIRS ACA Setup on this device..."
 # Check if aca setup was performed
   # Check is RPM was installed via RPM package 
-  rpm -q --quiet HIRS_AttestationCA
+  if [ $ID = "rhel" ]; then
+     echo "RHEL distro detected"
+     rpm -q --quiet HIRS_AttestationCA
+    elif [ $ID = 'ubuntu' ]; then
+     echo "Ubuntu distro detected"
+     dpkg -l "HIRS_AttestationCA" > /dev/null
+   else
+    echo "Unsupported OS Distro encountered"
+  fi
   if [ $? -eq 0 ]; then
-      echo "HIRS ACA was installed via rpm package on this device"
+      echo "HIRS ACA was installed via an OS package on this device"
       if [[ $(cat /etc/crontab | grep -c hirs/aca) > 0 ]]; then 
            echo "  HIRS ACA is set to start on boot via crontab file"
         else
            echo "  HIRS ACA is NOT set to start on boot via crontab file"
       fi
     else
-      echo "HIRS ACA was NOT installed via rpm package on this device" 
+      echo "HIRS ACA was NOT installed via an OS package on this device" 
   fi
 
 # Check install setup pki files
@@ -92,7 +108,6 @@ echo "Checking HIRS ACA Setup on this device..."
 
 source /etc/hirs/aca/aca.properties;
 
-
 check_pwds () {
 
 PRESENT=true
@@ -121,13 +136,13 @@ check_mysql_setup () {
   # make sure mysql is running and restart if its not...
   check_mysql
   # Check DB server/client TLS setup.
-  if [[ $(cat "$DB_SRV_CONF" | grep -c "ssl") < 1 ]]; then
+  if [[ $(cat "$DB_SRV_CONF" | grep -c "HIRS") < 1 ]]; then
      echo "   Mysql server ($DB_SRV_CONF) is NOT configured for Server Side TLS"
      ALL_CHECKS_PASSED=false
    else
      echo "   Mysql server ($DB_SRV_CONF) is configured for Server Side TLS"
   fi
-  if [[ $(cat "$DB_CLIENT_CONF" | grep -c "ssl") < 1 ]]; then
+  if [[ $(cat "$DB_CLIENT_CONF" | grep -c "HIRS") < 1 ]]; then
       echo "   Mysql client ($DB_CLIENT_CONF)is NOT configured for command line use of TLS without provding key/cert ino the commandline"
       ALL_CHECKS_PASSED=false
     else
@@ -240,12 +255,18 @@ check_db () {
     mysql -u hirs_db --password=$hirs_db_password -e "SHOW DATABASES;";
     echo "Privileges for the hirs_db user:"
     mysql -u hirs_db --password=$hirs_db_password -e "SHOW GRANTS FOR 'hirs_db'@'localhost'" 
+    echo "MYSQL Log:"
+    mysql -u root --password=$mysql_admin_password -e "SHOW GLOBAL VARIABLES LIKE 'log_error'" 
   fi
   
 }
 
 # Check selinux status and files that require specific contexts
 check_selinux () {
+   if [ $ID = "ubuntu" ]; then
+     echo "Skipping selinux check on ubuntu"
+     return
+   fi
    SELINUXSTATUS=$(getenforce)
    DB_SRV_CONTEXT=$(ls -Z $DB_SRV_CONF)
    DB_CLIENT_CONTEXT=$(ls -Z $DB_CLIENT_CONF)
@@ -283,4 +304,4 @@ if [ $ALL_CHECKS_PASSED = true  ]; then
   echo "ACA setup checks passed!"
 else
   echo "ACA setup checks failed."
-fi
+fi

package/scripts/aca/aca_remove_setup.sh

@@ -22,7 +22,7 @@ check_mysql_root
 
 # remove the hrs-db and hirs_db user
 pushd $SCRIPT_DIR/../db/  &>/dev/null
-sh db_drop.sh $DB_ADMIN_PWD
+./db_drop.sh $DB_ADMIN_PWD
 popd  &>/dev/null
 
 # remove pki files and config files if not installed by rpm
@@ -36,4 +36,4 @@ echo "Removing the ACA crontab"
 sed -i '/aca_bootRun.sh/d' /etc/crontab
 echo "Shutting down the aca..."
 ps axf | grep HIRS_AttestationCAPortal.war | grep -v grep | awk '{print "kill " $1}' | sh  >/dev/null 2>&1
-echo "ACA setup removal complete."
+echo "ACA setup removal complete."

package/scripts/aca/aca_setup.sh

@@ -25,7 +25,7 @@ help () {
   echo "     -u  | --unattended   Run unattended"
   echo "     -h  | --help   Print this Help."
   echo "     -sp | --skip-pki run the setup without pki setup."
-  echo "     -sb | --skip-db run the setup without database setup."
+  echo "     -sd | --skip-db run the setup without database setup."
   echo
 }
 
@@ -97,7 +97,7 @@ if [ -z $HIRS_PKI_PWD ]; then
 fi
 
 if [ -z "${ARG_SKIP_PKI}" ]; then
-   sh ../pki/pki_setup.sh $LOG_FILE $PKI_PASS $ARG_UNATTEND
+   ../pki/pki_setup.sh $LOG_FILE $PKI_PASS $ARG_UNATTEND
    if [ $? -eq 0 ]; then 
         echo "ACA PKI  setup complete" | tee -a "$LOG_FILE"
       else
@@ -109,7 +109,7 @@ if [ -z "${ARG_SKIP_PKI}" ]; then
 fi
 
 if [ -z "${ARG_SKIP_DB}" ]; then
-   sh ../db/db_create.sh $LOG_FILE $PKI_PASS $ARG_UNATTEND
+   ../db/db_create.sh $LOG_FILE $PKI_PASS $ARG_UNATTEND
    if [ $? -eq 0 ]; then
       echo "ACA database setup complete" | tee -a "$LOG_FILE"
     else
@@ -122,4 +122,4 @@ fi
 
 echo "ACA setup complete" | tee -a "$LOG_FILE"
 
-popd &>/dev/null
+popd &>/dev/null

package/scripts/db/db_create.sh

@@ -17,7 +17,7 @@ SCRIPT_DIR=$( dirname -- "$( readlink -f -- "$0"; )"; )
 SPRING_PROP_FILE="/etc/hirs/aca/application.properties"
 ACA_PROP_FILE="/etc/hirs/aca/aca.properties"
 DB_ADMIN_PWD=""
-# Db Configuration files
+# Db Configuration fileis, use RHELpaths as default
 DB_SRV_CONF="/etc/my.cnf.d/mariadb-server.cnf"
 DB_CLIENT_CONF="/etc/my.cnf.d/client.cnf"
 # Default Server Side Certificates
@@ -39,6 +39,14 @@ mkdir -p /var/log/hirs/
 
 source $SCRIPT_DIR/mysql_util.sh
 source $ACA_PROP_FILE 
+source /etc/os-release 
+
+# Setup distro specifc paths and variables
+if [ $ID = "ubuntu" ]; then 
+   DB_SRV_CONF="/etc/mysql/mariadb.conf.d/50-server.cnf"
+   DB_CLIENT_CONF="/etc/mysql/mariadb.conf.d/50-client.cnf"
+   echo log_error=/var/log/mysql/mariadb.log >> $DB_SRV_CONF
+fi
 
 check_mysql_root_pwd () {
   # Check if DB root password needs to be obtained
@@ -79,8 +87,8 @@ check_mysql_root_pwd () {
 }
 
 set_mysql_server_tls () {
-  # Check DB server setup. If ssl params dont exist then we need to add them.
-  if [[ $(cat "$DB_SRV_CONF" | grep -c "ssl") < 1 ]]; then
+  # Check DB server setup. If HIRS ssl params dont exist then we need to add them.
+  if [[ $(cat "$DB_SRV_CONF" | grep -c "HIRS") < 1 ]]; then
     # Add TLS files to my.cnf
     echo "Updating $DB_SRV_CONF with ssl parameters..." | tee -a "$LOG_FILE"
     echo "ssl_ca=$SSL_DB_SRV_CHAIN" >> "$DB_SRV_CONF"
@@ -101,7 +109,7 @@ set_mysql_server_tls () {
 
 set_mysql_client_tls () {
 # Update ACA property file with client cert info, if not there already
-if [[ $(cat "$DB_CLIENT_CONF" | grep -c "ssl") < 1 ]]; then 
+if [[ $(cat "$DB_CLIENT_CONF" | grep -c "HIRS") < 1 ]]; then 
   echo "Updating $DB_CLIENT_CONF with ssl parameters..." | tee -a "$LOG_FILE"
   echo "ssl_ca=$SSL_DB_CLIENT_CHAIN" >> $DB_CLIENT_CONF
   echo "ssl_cert=$SSL_DB_CLIENT_CERT" >> $DB_CLIENT_CONF

package/scripts/pki/pki_setup.sh

@@ -33,8 +33,8 @@ if [ -z "$2" ]; then
 fi
 
 # Check for sudo or root user 
-if [ "$EUID" -ne 0 ]
-        then echo "This script requires root.  Please run as root" | tee -a "$LOG_FILE"
+if [ "$EUID" -ne 0 ]; then 
+   echo "This script requires root.  Please run as root" | tee -a "$LOG_FILE"
         exit 1
 fi
 
@@ -52,8 +52,8 @@ if [ ! -d "/etc/hirs/certificates" ]; then
 
   pushd  /etc/hirs/certificates/ &> /dev/null
   cp $PKI_SETUP_DIR/ca.conf .
-  sh $PKI_SETUP_DIR/pki_chain_gen.sh "HIRS" "rsa" "3072" "sha384" "$PKI_PASS" "$LOG_FILE"
-  sh $PKI_SETUP_DIR/pki_chain_gen.sh "HIRS" "ecc" "512" "sha384" "$PKI_PASS" "$LOG_FILE"
+    $PKI_SETUP_DIR/pki_chain_gen.sh "HIRS" "rsa" "3072" "sha384" "$PKI_PASS" "$LOG_FILE"
+    $PKI_SETUP_DIR/pki_chain_gen.sh "HIRS" "ecc" "512" "sha384" "$PKI_PASS" "$LOG_FILE"
   popd &> /dev/null
 
   echo "hirs_pki_password="$PKI_PASS >>  $ACA_PROP

test.sh

@@ -1,5 +0,0 @@
-echo "
-# *** ACA Directories ***
-aca.directories.root         = /etc/hirs/
-aca.prop.file=aca.directories.root/aca.properties
-aca.directories.certificates = root/certificates"