mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-18 02:39:56 +00:00
Updated gradle to v8.3 and nebula to 11.4.0
This commit is contained in:
parent
58b5de3bbb
commit
cb4ad4d51a
@ -1,22 +1,23 @@
|
||||
FROM rockylinux:8.6
|
||||
|
||||
# Install packages for installing HIRS ACA
|
||||
#RUN yum -y update && yum clean all
|
||||
SHELL ["/bin/bash", "-c"]
|
||||
|
||||
# Update and install OS-dependencies
|
||||
RUN dnf update -y
|
||||
|
||||
# Install Java 8
|
||||
RUN dnf install java-1.8.0-openjdk-headless.x86_64 -y
|
||||
# Install Java
|
||||
RUN dnf -y install java-17-openjdk-devel -y
|
||||
|
||||
# Install Tomcat
|
||||
RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
|
||||
RUN dnf install wget -y
|
||||
RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
|
||||
RUN mkdir /opt/tomcat
|
||||
RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
|
||||
#RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
|
||||
#RUN dnf install wget -y
|
||||
#RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
|
||||
#RUN mkdir /opt/tomcat
|
||||
#RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
|
||||
|
||||
# Install HIRS dependencies
|
||||
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
|
||||
RUN dnf install -y openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
|
||||
RUN dnf install -y wget openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
|
||||
|
||||
# Install PACCOR for Device Info Gathering
|
||||
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r2/paccor-1.1.4-2.noarch.rpm && yum -y install paccor-*.rpm && popd
|
||||
@ -33,3 +34,5 @@ RUN dnf -y install packages-microsoft-prod.rpm
|
||||
RUN dnf makecache
|
||||
RUN dnf -y install dotnet-sdk-6.0
|
||||
RUN dotnet tool install --global dotnet-rpm
|
||||
|
||||
EXPOSE 8443
|
||||
|
@ -2,7 +2,7 @@ plugins {
|
||||
id 'application'
|
||||
id 'java'
|
||||
id 'war'
|
||||
id "nebula.ospackage" version "9.1.1"
|
||||
id 'com.netflix.nebula.ospackage' version '11.4.0'
|
||||
id 'org.springframework.boot' version '3.0.6'
|
||||
id 'io.spring.dependency-management' version '1.1.0'
|
||||
}
|
||||
@ -60,14 +60,6 @@ dependencies {
|
||||
testImplementation libs.testng
|
||||
}
|
||||
|
||||
war {
|
||||
from(buildDir) {
|
||||
include 'VERSION'
|
||||
into 'WEB-INF/classes'
|
||||
}
|
||||
archiveFileName = 'HIRS_AttestationCAPortal.war'
|
||||
}
|
||||
|
||||
ospackage {
|
||||
packageName = 'HIRS_AttestationCA'
|
||||
os = LINUX
|
||||
@ -78,85 +70,27 @@ ospackage {
|
||||
user 'root'
|
||||
fileMode = 0755
|
||||
|
||||
def tpath="/opt"
|
||||
|
||||
addParentDirs = true
|
||||
createDirectoryEntry true
|
||||
|
||||
preInstall "rm -rf /opt/hirs/default-properties"
|
||||
preInstall "mkdir -p /opt/hirs/default-properties/"
|
||||
preInstall "mkdir -p /tmp/hirs/default-properties/"
|
||||
|
||||
// Setup /etc/hirs
|
||||
into ('/etc/hirs/aca/') {
|
||||
from '../HIRS_AttestationCA/src/main/resources/defaults.properties'
|
||||
rename {'aca.properties'}
|
||||
// copy setup scripts to /opt/hirs/aca
|
||||
into ('/opt/hirs/aca/scripts/') {
|
||||
from '../package/scripts/'
|
||||
}
|
||||
into ('/etc/hirs/') {
|
||||
from '../HIRS_Utils/src/main/resources/banner.properties'
|
||||
from '../HIRS_Utils/src/main/resources/persistence.properties'
|
||||
from '../HIRS_Utils/src/main/resources/logging.properties'
|
||||
}
|
||||
// Setup tomcat files
|
||||
// Create and package HIRS_AttestationCA:war
|
||||
into ("${tpath}/tomcat/webapps") {
|
||||
from war.outputs.files
|
||||
from '../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war'
|
||||
user 'root'
|
||||
fileMode = 0755
|
||||
}
|
||||
into ("${tpath}/tomcat/lib") {
|
||||
from 'libs'
|
||||
from configurations.runtimeClasspath
|
||||
}
|
||||
into ("/opt/hirs/scripts/aca/") {
|
||||
from '../package/conf/tomcat.service'
|
||||
from '../package/scripts/install_tomcat.sh'
|
||||
from '../package/scripts/aca/aca_property_setup.sh'
|
||||
from '../package/scripts/aca/aca_setup.sh'
|
||||
}
|
||||
into ("/opt/hirs/scripts/pki/") {
|
||||
from '../package/scripts/pki/ca.conf'
|
||||
from '../package/scripts/pki/pki_setup.sh'
|
||||
from '../package/scripts/pki/pki_chain_gen.sh'
|
||||
}
|
||||
into ("/opt/hirs/scripts/db/") {
|
||||
from '../package/scripts/db/db_create.sh'
|
||||
from '../package/scripts/db/db_create.sql'
|
||||
from '../package/scripts/db/db_drop.sh'
|
||||
from '../package/scripts/db/db_drop.sql'
|
||||
from '../package/scripts/db/secure_mysql.sql'
|
||||
}
|
||||
into ("/opt/hirs/scripts/common") {
|
||||
from '../package/scripts/common/'
|
||||
}
|
||||
into ('/opt/hirs/extras/aca/') {
|
||||
from '../package/extras/aca/'
|
||||
// copy the war file into /opt/hirs/aca
|
||||
into ('/opt/hirs/aca/') {
|
||||
from '../HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war'
|
||||
user 'root'
|
||||
fileMode = 0755
|
||||
}
|
||||
|
||||
// Copy json files to /tmp and move into /opt/hirs in postInstall section
|
||||
// Allows HIRS tools to be installed using the same files
|
||||
into ('/tmp/aca/default-properties/') {
|
||||
from '../HIRS_AttestationCA/src/main/resources/vendor-table.json'
|
||||
from '../HIRS_AttestationCA/src/main/resources/component-class.json'
|
||||
}
|
||||
// Post Install
|
||||
// Post Install
|
||||
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
||||
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -p /opt/hirs/aca/HIRS_AttestationCAPortal.war'
|
||||
// Note need to add service or chron job to start on system boot
|
||||
|
||||
postInstall file('../package/scripts/db/db_create.sh')
|
||||
postInstall file('../package/scripts/pki/pki_setup.sh')
|
||||
|
||||
postInstall 'mkdir -p /etc/hirs/aca/certificates'
|
||||
postInstall 'cp /tmp/aca/default-properties/* /opt/hirs/default-properties/.'
|
||||
postInstall 'rm -rf /tmp/aca/'
|
||||
// postInstall file('../package/scripts/install_tomcat.sh')
|
||||
|
||||
postInstall 'sh /opt/tomcat/bin/catalina.sh start'
|
||||
|
||||
// Post Uninstall
|
||||
// Copy files to /tmp that package manager will be expecting them there
|
||||
preUninstall 'mkdir -p /tmp/aca/default-properties/'
|
||||
preUninstall 'cp -f /opt/hirs/default-properties/* /tmp/aca/default-properties/.'
|
||||
preUninstall file('../package/scripts/db/db_drop.sh')
|
||||
// Uninstall
|
||||
preUninstall 'sh /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
|
||||
|
||||
buildRpm {
|
||||
arch = X86_64
|
||||
@ -165,5 +99,4 @@ ospackage {
|
||||
buildDeb {
|
||||
arch = 'amd64'
|
||||
}
|
||||
|
||||
}
|
||||
|
BIN
gradle/wrapper/gradle-wrapper.jar
vendored
BIN
gradle/wrapper/gradle-wrapper.jar
vendored
Binary file not shown.
4
gradle/wrapper/gradle-wrapper.properties
vendored
4
gradle/wrapper/gradle-wrapper.properties
vendored
@ -1,6 +1,6 @@
|
||||
#Thu Feb 15 13:18:16 EST 2018
|
||||
distributionBase=GRADLE_USER_HOME
|
||||
distributionPath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
|
||||
networkTimeout=10000
|
||||
zipStoreBase=GRADLE_USER_HOME
|
||||
zipStorePath=wrapper/dists
|
||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
|
||||
|
310
gradlew
vendored
310
gradlew
vendored
@ -1,74 +1,129 @@
|
||||
#!/usr/bin/env bash
|
||||
#!/bin/sh
|
||||
|
||||
#
|
||||
# Copyright © 2015-2021 the original authors.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# https://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
##############################################################################
|
||||
##
|
||||
## Gradle start up script for UN*X
|
||||
##
|
||||
#
|
||||
# Gradle start up script for POSIX generated by Gradle.
|
||||
#
|
||||
# Important for running:
|
||||
#
|
||||
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
|
||||
# noncompliant, but you have some other compliant shell such as ksh or
|
||||
# bash, then to run this script, type that shell name before the whole
|
||||
# command line, like:
|
||||
#
|
||||
# ksh Gradle
|
||||
#
|
||||
# Busybox and similar reduced shells will NOT work, because this script
|
||||
# requires all of these POSIX shell features:
|
||||
# * functions;
|
||||
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
|
||||
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
|
||||
# * compound commands having a testable exit status, especially «case»;
|
||||
# * various built-in commands including «command», «set», and «ulimit».
|
||||
#
|
||||
# Important for patching:
|
||||
#
|
||||
# (2) This script targets any POSIX shell, so it avoids extensions provided
|
||||
# by Bash, Ksh, etc; in particular arrays are avoided.
|
||||
#
|
||||
# The "traditional" practice of packing multiple parameters into a
|
||||
# space-separated string is a well documented source of bugs and security
|
||||
# problems, so this is (mostly) avoided, by progressively accumulating
|
||||
# options in "$@", and eventually passing that to Java.
|
||||
#
|
||||
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
|
||||
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
|
||||
# see the in-line comments for details.
|
||||
#
|
||||
# There are tweaks for specific operating systems such as AIX, CygWin,
|
||||
# Darwin, MinGW, and NonStop.
|
||||
#
|
||||
# (3) This script is generated from the Groovy template
|
||||
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
|
||||
# within the Gradle project.
|
||||
#
|
||||
# You can find Gradle at https://github.com/gradle/gradle/.
|
||||
#
|
||||
##############################################################################
|
||||
|
||||
# Attempt to set APP_HOME
|
||||
|
||||
# Resolve links: $0 may be a link
|
||||
app_path=$0
|
||||
|
||||
# Need this for daisy-chained symlinks.
|
||||
while
|
||||
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
|
||||
[ -h "$app_path" ]
|
||||
do
|
||||
ls=$( ls -ld "$app_path" )
|
||||
link=${ls#*' -> '}
|
||||
case $link in #(
|
||||
/*) app_path=$link ;; #(
|
||||
*) app_path=$APP_HOME$link ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# This is normally unused
|
||||
# shellcheck disable=SC2034
|
||||
APP_BASE_NAME=${0##*/}
|
||||
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
|
||||
|
||||
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
DEFAULT_JVM_OPTS=""
|
||||
|
||||
APP_NAME="Gradle"
|
||||
APP_BASE_NAME=`basename "$0"`
|
||||
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
|
||||
|
||||
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
||||
MAX_FD="maximum"
|
||||
MAX_FD=maximum
|
||||
|
||||
warn ( ) {
|
||||
warn () {
|
||||
echo "$*"
|
||||
}
|
||||
} >&2
|
||||
|
||||
die ( ) {
|
||||
die () {
|
||||
echo
|
||||
echo "$*"
|
||||
echo
|
||||
exit 1
|
||||
}
|
||||
} >&2
|
||||
|
||||
# OS specific support (must be 'true' or 'false').
|
||||
cygwin=false
|
||||
msys=false
|
||||
darwin=false
|
||||
case "`uname`" in
|
||||
CYGWIN* )
|
||||
cygwin=true
|
||||
;;
|
||||
Darwin* )
|
||||
darwin=true
|
||||
;;
|
||||
MINGW* )
|
||||
msys=true
|
||||
;;
|
||||
nonstop=false
|
||||
case "$( uname )" in #(
|
||||
CYGWIN* ) cygwin=true ;; #(
|
||||
Darwin* ) darwin=true ;; #(
|
||||
MSYS* | MINGW* ) msys=true ;; #(
|
||||
NONSTOP* ) nonstop=true ;;
|
||||
esac
|
||||
|
||||
# Attempt to set APP_HOME
|
||||
# Resolve links: $0 may be a link
|
||||
PRG="$0"
|
||||
# Need this for relative symlinks.
|
||||
while [ -h "$PRG" ] ; do
|
||||
ls=`ls -ld "$PRG"`
|
||||
link=`expr "$ls" : '.*-> \(.*\)$'`
|
||||
if expr "$link" : '/.*' > /dev/null; then
|
||||
PRG="$link"
|
||||
else
|
||||
PRG=`dirname "$PRG"`"/$link"
|
||||
fi
|
||||
done
|
||||
SAVED="`pwd`"
|
||||
cd "`dirname \"$PRG\"`/" >/dev/null
|
||||
APP_HOME="`pwd -P`"
|
||||
cd "$SAVED" >/dev/null
|
||||
|
||||
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
||||
|
||||
|
||||
# Determine the Java command to use to start the JVM.
|
||||
if [ -n "$JAVA_HOME" ] ; then
|
||||
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
||||
# IBM's JDK on AIX uses strange locations for the executables
|
||||
JAVACMD="$JAVA_HOME/jre/sh/java"
|
||||
JAVACMD=$JAVA_HOME/jre/sh/java
|
||||
else
|
||||
JAVACMD="$JAVA_HOME/bin/java"
|
||||
JAVACMD=$JAVA_HOME/bin/java
|
||||
fi
|
||||
if [ ! -x "$JAVACMD" ] ; then
|
||||
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
||||
@ -77,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the
|
||||
location of your Java installation."
|
||||
fi
|
||||
else
|
||||
JAVACMD="java"
|
||||
JAVACMD=java
|
||||
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
|
||||
Please set the JAVA_HOME variable in your environment to match the
|
||||
@ -85,76 +140,105 @@ location of your Java installation."
|
||||
fi
|
||||
|
||||
# Increase the maximum file descriptors if we can.
|
||||
if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
|
||||
MAX_FD_LIMIT=`ulimit -H -n`
|
||||
if [ $? -eq 0 ] ; then
|
||||
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
|
||||
MAX_FD="$MAX_FD_LIMIT"
|
||||
fi
|
||||
ulimit -n $MAX_FD
|
||||
if [ $? -ne 0 ] ; then
|
||||
warn "Could not set maximum file descriptor limit: $MAX_FD"
|
||||
fi
|
||||
else
|
||||
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
|
||||
fi
|
||||
fi
|
||||
|
||||
# For Darwin, add options to specify how the application appears in the dock
|
||||
if $darwin; then
|
||||
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
|
||||
fi
|
||||
|
||||
# For Cygwin, switch paths to Windows format before running java
|
||||
if $cygwin ; then
|
||||
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
|
||||
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
|
||||
JAVACMD=`cygpath --unix "$JAVACMD"`
|
||||
|
||||
# We build the pattern for arguments to be converted via cygpath
|
||||
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
|
||||
SEP=""
|
||||
for dir in $ROOTDIRSRAW ; do
|
||||
ROOTDIRS="$ROOTDIRS$SEP$dir"
|
||||
SEP="|"
|
||||
done
|
||||
OURCYGPATTERN="(^($ROOTDIRS))"
|
||||
# Add a user-defined pattern to the cygpath arguments
|
||||
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
|
||||
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
|
||||
fi
|
||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||
i=0
|
||||
for arg in "$@" ; do
|
||||
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
|
||||
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
|
||||
|
||||
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
|
||||
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
|
||||
else
|
||||
eval `echo args$i`="\"$arg\""
|
||||
fi
|
||||
i=$((i+1))
|
||||
done
|
||||
case $i in
|
||||
(0) set -- ;;
|
||||
(1) set -- "$args0" ;;
|
||||
(2) set -- "$args0" "$args1" ;;
|
||||
(3) set -- "$args0" "$args1" "$args2" ;;
|
||||
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
|
||||
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
|
||||
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
|
||||
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
|
||||
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
|
||||
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
|
||||
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
|
||||
case $MAX_FD in #(
|
||||
max*)
|
||||
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
|
||||
# shellcheck disable=SC3045
|
||||
MAX_FD=$( ulimit -H -n ) ||
|
||||
warn "Could not query maximum file descriptor limit"
|
||||
esac
|
||||
case $MAX_FD in #(
|
||||
'' | soft) :;; #(
|
||||
*)
|
||||
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
|
||||
# shellcheck disable=SC3045
|
||||
ulimit -n "$MAX_FD" ||
|
||||
warn "Could not set maximum file descriptor limit to $MAX_FD"
|
||||
esac
|
||||
fi
|
||||
|
||||
# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
|
||||
function splitJvmOpts() {
|
||||
JVM_OPTS=("$@")
|
||||
}
|
||||
eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
|
||||
JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
|
||||
# Collect all arguments for the java command, stacking in reverse order:
|
||||
# * args from the command line
|
||||
# * the main class name
|
||||
# * -classpath
|
||||
# * -D...appname settings
|
||||
# * --module-path (only if needed)
|
||||
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
|
||||
|
||||
exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
|
||||
# For Cygwin or MSYS, switch paths to Windows format before running java
|
||||
if "$cygwin" || "$msys" ; then
|
||||
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
|
||||
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
|
||||
|
||||
JAVACMD=$( cygpath --unix "$JAVACMD" )
|
||||
|
||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||
for arg do
|
||||
if
|
||||
case $arg in #(
|
||||
-*) false ;; # don't mess with options #(
|
||||
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
|
||||
[ -e "$t" ] ;; #(
|
||||
*) false ;;
|
||||
esac
|
||||
then
|
||||
arg=$( cygpath --path --ignore --mixed "$arg" )
|
||||
fi
|
||||
# Roll the args list around exactly as many times as the number of
|
||||
# args, so each arg winds up back in the position where it started, but
|
||||
# possibly modified.
|
||||
#
|
||||
# NB: a `for` loop captures its iteration list before it begins, so
|
||||
# changing the positional parameters here affects neither the number of
|
||||
# iterations, nor the values presented in `arg`.
|
||||
shift # remove old arg
|
||||
set -- "$@" "$arg" # push replacement arg
|
||||
done
|
||||
fi
|
||||
|
||||
# Collect all arguments for the java command;
|
||||
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
|
||||
# shell script including quotes and variable substitutions, so put them in
|
||||
# double quotes to make sure that they get re-expanded; and
|
||||
# * put everything else in single quotes, so that it's not re-expanded.
|
||||
|
||||
set -- \
|
||||
"-Dorg.gradle.appname=$APP_BASE_NAME" \
|
||||
-classpath "$CLASSPATH" \
|
||||
org.gradle.wrapper.GradleWrapperMain \
|
||||
"$@"
|
||||
|
||||
# Stop when "xargs" is not available.
|
||||
if ! command -v xargs >/dev/null 2>&1
|
||||
then
|
||||
die "xargs is not available"
|
||||
fi
|
||||
|
||||
# Use "xargs" to parse quoted args.
|
||||
#
|
||||
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
|
||||
#
|
||||
# In Bash we could simply go:
|
||||
#
|
||||
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
|
||||
# set -- "${ARGS[@]}" "$@"
|
||||
#
|
||||
# but POSIX shell has neither arrays nor command substitution, so instead we
|
||||
# post-process each arg (as a line of input to sed) to backslash-escape any
|
||||
# character that might be a shell metacharacter, then use eval to reverse
|
||||
# that process (while maintaining the separation between arguments), and wrap
|
||||
# the whole thing up as a single "set" statement.
|
||||
#
|
||||
# This will of course break if any of these variables contains a newline or
|
||||
# an unmatched quote.
|
||||
#
|
||||
|
||||
eval "set -- $(
|
||||
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
|
||||
xargs -n1 |
|
||||
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
|
||||
tr '\n' ' '
|
||||
)" '"$@"'
|
||||
|
||||
exec "$JAVACMD" "$@"
|
||||
|
66
gradlew.bat
vendored
66
gradlew.bat
vendored
@ -1,4 +1,20 @@
|
||||
@if "%DEBUG%" == "" @echo off
|
||||
@rem
|
||||
@rem Copyright 2015 the original author or authors.
|
||||
@rem
|
||||
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@rem you may not use this file except in compliance with the License.
|
||||
@rem You may obtain a copy of the License at
|
||||
@rem
|
||||
@rem https://www.apache.org/licenses/LICENSE-2.0
|
||||
@rem
|
||||
@rem Unless required by applicable law or agreed to in writing, software
|
||||
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
||||
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
@rem See the License for the specific language governing permissions and
|
||||
@rem limitations under the License.
|
||||
@rem
|
||||
|
||||
@if "%DEBUG%"=="" @echo off
|
||||
@rem ##########################################################################
|
||||
@rem
|
||||
@rem Gradle startup script for Windows
|
||||
@ -8,20 +24,24 @@
|
||||
@rem Set local scope for the variables with windows NT shell
|
||||
if "%OS%"=="Windows_NT" setlocal
|
||||
|
||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
set DEFAULT_JVM_OPTS=
|
||||
|
||||
set DIRNAME=%~dp0
|
||||
if "%DIRNAME%" == "" set DIRNAME=.
|
||||
if "%DIRNAME%"=="" set DIRNAME=.
|
||||
@rem This is normally unused
|
||||
set APP_BASE_NAME=%~n0
|
||||
set APP_HOME=%DIRNAME%
|
||||
|
||||
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
|
||||
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
|
||||
|
||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
|
||||
|
||||
@rem Find java.exe
|
||||
if defined JAVA_HOME goto findJavaFromJavaHome
|
||||
|
||||
set JAVA_EXE=java.exe
|
||||
%JAVA_EXE% -version >NUL 2>&1
|
||||
if "%ERRORLEVEL%" == "0" goto init
|
||||
if %ERRORLEVEL% equ 0 goto execute
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||
@ -35,7 +55,7 @@ goto fail
|
||||
set JAVA_HOME=%JAVA_HOME:"=%
|
||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||
|
||||
if exist "%JAVA_EXE%" goto init
|
||||
if exist "%JAVA_EXE%" goto execute
|
||||
|
||||
echo.
|
||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||
@ -45,44 +65,26 @@ echo location of your Java installation.
|
||||
|
||||
goto fail
|
||||
|
||||
:init
|
||||
@rem Get command-line arguments, handling Windowz variants
|
||||
|
||||
if not "%OS%" == "Windows_NT" goto win9xME_args
|
||||
if "%@eval[2+2]" == "4" goto 4NT_args
|
||||
|
||||
:win9xME_args
|
||||
@rem Slurp the command line arguments.
|
||||
set CMD_LINE_ARGS=
|
||||
set _SKIP=2
|
||||
|
||||
:win9xME_args_slurp
|
||||
if "x%~1" == "x" goto execute
|
||||
|
||||
set CMD_LINE_ARGS=%*
|
||||
goto execute
|
||||
|
||||
:4NT_args
|
||||
@rem Get arguments from the 4NT Shell from JP Software
|
||||
set CMD_LINE_ARGS=%$
|
||||
|
||||
:execute
|
||||
@rem Setup the command line
|
||||
|
||||
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||
|
||||
|
||||
@rem Execute Gradle
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
|
||||
|
||||
:end
|
||||
@rem End local scope for the variables with windows NT shell
|
||||
if "%ERRORLEVEL%"=="0" goto mainEnd
|
||||
if %ERRORLEVEL% equ 0 goto mainEnd
|
||||
|
||||
:fail
|
||||
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
||||
rem the _cmd.exe /c_ return code!
|
||||
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
||||
exit /b 1
|
||||
set EXIT_CODE=%ERRORLEVEL%
|
||||
if %EXIT_CODE% equ 0 set EXIT_CODE=1
|
||||
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
|
||||
exit /b %EXIT_CODE%
|
||||
|
||||
:mainEnd
|
||||
if "%OS%"=="Windows_NT" endlocal
|
||||
|
@ -1,18 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# script that pulls version information from git for populating the portal dispalyed version,
|
||||
# RPM file names, and RPM embedded version information
|
||||
|
||||
# script should be invoked with 'source' so that the variables are in the scope of the caller
|
||||
|
||||
GIT_HASH=`git rev-parse HEAD | head -c6`
|
||||
VERSION=`cat $SCRIPT_DIR/../VERSION`
|
||||
GIT_COMMIT_UNIX_TIMESTAMP=`git show -s --format=%ct | xargs echo -n`
|
||||
RELEASE="$((GIT_COMMIT_UNIX_TIMESTAMP)).$GIT_HASH"
|
||||
DISPLAY_VERSION="$VERSION.$GIT_COMMIT_UNIX_TIMESTAMP.$GIT_HASH"
|
||||
|
||||
echo "Building version:"
|
||||
echo "VERSION: $VERSION"
|
||||
echo "GIT_COMMIT_UNIX_TIMESTAMP: $GIT_COMMIT_UNIX_TIMESTAMP"
|
||||
echo "RELEASE: $RELEASE"
|
||||
echo "DISPLAY_VERSION: $DISPLAY_VERSION"
|
@ -1,131 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
# Builds the centos 6/7 package for HIRS. This script can be passed a list of arguments that are relative paths to plugin script files.
|
||||
# The plugin script files are provided the destination directory of where to put the plugin jar file.
|
||||
|
||||
# argument $1: Extra package name addendum string
|
||||
# argument $2 to end: plugin script dirs.
|
||||
|
||||
# store the initial directory so this script can concatenate the relative paths specified for the plugin scripts
|
||||
INITIAL_DIR=`pwd`
|
||||
|
||||
# Enter package directory
|
||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
cd $SCRIPT_DIR/rpm
|
||||
|
||||
# Set variables
|
||||
RPM_BUILD_DIR=`pwd`
|
||||
# assign build version vars
|
||||
source $SCRIPT_DIR/build_version_helper.sh
|
||||
|
||||
PLUGIN_SOURCE="$RPM_BUILD_DIR/PLUGIN_SOURCE"
|
||||
PACKAGE_NAME_ADDENDUM="$1"
|
||||
RPM_EXTRA_CLIENT_DEPENDENCIES="$2"
|
||||
RPM_EXTRA_SERVER_DEPENDENCIES="$3"
|
||||
|
||||
# prepend comma on the extra dependency lists so it can be added to spec file as is, but only if there are
|
||||
# extra dependencies (not empty)
|
||||
if [ ! -z "$RPM_EXTRA_CLIENT_DEPENDENCIES" ]; then
|
||||
RPM_EXTRA_CLIENT_DEPENDENCIES=", $RPM_EXTRA_CLIENT_DEPENDENCIES"
|
||||
fi
|
||||
if [ ! -z "$RPM_EXTRA_SERVER_DEPENDENCIES" ]; then
|
||||
RPM_EXTRA_SERVER_DEPENDENCIES=", $RPM_EXTRA_SERVER_DEPENDENCIES"
|
||||
fi
|
||||
|
||||
echo "extra client dependencies:$RPM_EXTRA_CLIENT_DEPENDENCIES"
|
||||
echo "extra server dependencies:$RPM_EXTRA_SERVER_DEPENDENCIES"
|
||||
|
||||
# Clear old builds
|
||||
rm -rf RPMS SRPMS $PLUGIN_SOURCE
|
||||
|
||||
# Create directories
|
||||
mkdir -p BUILD BUILDROOT RPMS SOURCES SPECS SRPMS $PLUGIN_SOURCE
|
||||
|
||||
|
||||
# build all plugins starting with fourth argument.
|
||||
echo "Building plugins into $PLUGIN_SOURCE"
|
||||
for plugin_script in "${@:4}"
|
||||
do
|
||||
# convert argument to absolute path if necessary
|
||||
if [ "${plugin_script:0:1}" = "/" ]; then
|
||||
plugin_abs_path_script=$plugin_script
|
||||
else
|
||||
plugin_abs_path_script="$INITIAL_DIR/$plugin_script"
|
||||
fi
|
||||
echo "Building Plugin: $plugin_abs_path_script"
|
||||
$plugin_abs_path_script $PLUGIN_SOURCE
|
||||
plugin_return_code=$?
|
||||
|
||||
if [ $plugin_return_code -ne 0 ]; then
|
||||
echo "Failed to build plugin $plugin_abs_path_script. Aborting"
|
||||
exit -1
|
||||
fi
|
||||
done
|
||||
|
||||
# Move specs & sources
|
||||
cp *.spec SPECS
|
||||
|
||||
# Copy sources for TPM Module
|
||||
tar -c -f SOURCES/tpm_module-$GIT_HASH.tar --exclude='dist' --exclude='build' ../../tpm_module/ --transform s/tpm_module/tpm_module-$GIT_HASH/
|
||||
tar --append -f SOURCES/tpm_module-$GIT_HASH.tar ../../NOTICE
|
||||
|
||||
# Build RPM for TPM Module
|
||||
rpmbuild --nodeps -ba SPECS/tpm-module.spec --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH || { echo 'Failed to package tpm_module'; exit 1; }
|
||||
echo '************************************************************************************'
|
||||
echo 'TPM Module RPM successfully built'
|
||||
echo '************************************************************************************'
|
||||
|
||||
# Copy sources
|
||||
tar -c -f SOURCES/HIRS-$GIT_HASH.tar ../../settings.gradle ../../build.gradle ../../VERSION ../../gradle.properties ../../gradlew ../../gradle/
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_AttestationCA
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_AttestationCAPortal
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Provisioner
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Structs
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Utils
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../TPM_Utils
|
||||
|
||||
# copy includes directory into release TAR
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../extras/
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../scripts/
|
||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../../NOTICE
|
||||
|
||||
# Build HIRS CentOS6 RPMs. Provides PLUGIN_SOURCE variable to gradle task.
|
||||
if [ -z "$ONLY_BUILD_EL7_RPMS" ]; then
|
||||
echo "Building CentOS6 RPMs..."
|
||||
rpmbuild --nodeps -ba SPECS/HIRS.spec --define 'build6 1' --define 'dist .el6' --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH --define 'DISPLAY_VERSION '$DISPLAY_VERSION --define 'PLUGIN_SOURCE '$PLUGIN_SOURCE --define 'PACKAGE_NAME_ADDENDUM '$PACKAGE_NAME_ADDENDUM --define 'RPM_EXTRA_CLIENT_DEPENDENCIES '"$RPM_EXTRA_CLIENT_DEPENDENCIES" --define 'RPM_EXTRA_SERVER_DEPENDENCIES '"$RPM_EXTRA_SERVER_DEPENDENCIES"|| { echo 'Failed to package HIRS'; exit 1; }
|
||||
echo '************************************************************************************'
|
||||
echo 'HIRS CentOS6 RPMs successfully built'
|
||||
echo '************************************************************************************'
|
||||
else
|
||||
echo "Skipping building CentOS6 RPMs because of ONLY_BUILD_EL7_RPMS environment variable"
|
||||
fi
|
||||
|
||||
|
||||
# Cleanup before CENTOS 7 build
|
||||
rm -rf BUILD BUILDROOT
|
||||
|
||||
## Build HIRS CentOS7 RPMs. Provides PLUGIN_SOURCE variable to gradle task
|
||||
if [ -z "$ONLY_BUILD_EL6_RPMS" ]; then
|
||||
rpmbuild --nodeps -ba SPECS/HIRS.spec --define 'build7 1' --define 'dist .el7' --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH --define 'DISPLAY_VERSION '$DISPLAY_VERSION --define 'PLUGIN_SOURCE '$PLUGIN_SOURCE --define 'PACKAGE_NAME_ADDENDUM '$PACKAGE_NAME_ADDENDUM --define 'RPM_EXTRA_CLIENT_DEPENDENCIES '"$RPM_EXTRA_CLIENT_DEPENDENCIES" --define 'RPM_EXTRA_SERVER_DEPENDENCIES '"$RPM_EXTRA_SERVER_DEPENDENCIES"|| { echo 'Failed to package HIRS'; exit 1; }
|
||||
echo '************************************************************************************'
|
||||
echo 'HIRS CentOS7 RPMs successfully built'
|
||||
echo '************************************************************************************'
|
||||
else
|
||||
echo "Skipping building CentOS7 RPMs because of ONLY_BUILD_EL6_RPMS environment variable"
|
||||
fi
|
||||
|
||||
# Cleanup
|
||||
rm -rf BUILD BUILDROOT SOURCES SPECS $PLUGIN_SOURCE
|
||||
|
||||
# Build RPM for HIRS_ProvisionerTPM2
|
||||
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.centos7.sh
|
||||
if [ -f RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.rpm ]; then
|
||||
echo '************************************************************************************'
|
||||
echo 'HIRS_ProvisionerTPM2 RPM successfully built'
|
||||
echo '************************************************************************************'
|
||||
else
|
||||
echo 'Error: HIRS_ProvisionerTPM2 failed to package'
|
||||
exit 1
|
||||
fi
|
@ -1,114 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Define script directory
|
||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||
|
||||
# Set variables
|
||||
GIT_HASH=`git rev-parse HEAD | head -c6`
|
||||
# assign build version vars
|
||||
source $SCRIPT_DIR/build_version_helper.sh
|
||||
DEBIAN_FULL_VERSION=$VERSION.$RELEASE
|
||||
OS=`lsb_release -c | awk '{print $2}'`
|
||||
PROVISIONER_FULL_PACKAGE_NAME="hirs-provisioner"
|
||||
|
||||
# Enter package directory
|
||||
mkdir -p $SCRIPT_DIR/deb
|
||||
cd $SCRIPT_DIR/deb
|
||||
|
||||
# Clear old builds
|
||||
rm -rf DEB_SOURCES
|
||||
rm -f DEBS/hirs*.deb
|
||||
rm -f DEBS/tpm-module*.deb
|
||||
|
||||
# Create directories
|
||||
mkdir -p DEBS
|
||||
|
||||
# Copy Sources for HIRS_Provisioner
|
||||
cd $SCRIPT_DIR/..
|
||||
|
||||
# build HIRS items.
|
||||
./gradlew -PdisplayVersion=$DISPLAY_VERSION :HIRS_Provisioner:installDist
|
||||
|
||||
# Setup Provisioner directories
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/bin
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/lib
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
|
||||
|
||||
# Copy Provisioner files
|
||||
cp -r HIRS_Provisioner/build/install/HIRS_Provisioner/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner
|
||||
rm -rf $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/bin/*.bat
|
||||
cp -r HIRS_Provisioner/debian/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
|
||||
cp -r HIRS_Provisioner/man/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
|
||||
cp -r HIRS_Provisioner/scripts/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
||||
cp -r HIRS_Provisioner/src/main/resources/*.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts/install
|
||||
|
||||
cp -r HIRS_Provisioner/setup/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
|
||||
cp HIRS_Provisioner/hirs-provisioner-config.sh $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
||||
cp HIRS_Provisioner/scripts/install/*.sh $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
||||
cp HIRS_Provisioner/setup/hirs-provisioner.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
|
||||
cp HIRS_Provisioner/build/resources/main/defaults.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup/provisioner.properties
|
||||
cp HIRS_Utils/src/main/resources/logging.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner
|
||||
cp NOTICE $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/copyright
|
||||
|
||||
sed -i "s/VER/$DEBIAN_FULL_VERSION/" $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/changelog
|
||||
sed -i "s/RELEASE/$OS/" $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/changelog
|
||||
|
||||
# Build Debian package for HIRS Provisioner
|
||||
echo "Building $PROVISIONER_FULL_PACKAGE_NAME"
|
||||
cd $SCRIPT_DIR/deb/DEB_SOURCES/$PROVISIONER_FULL_PACKAGE_NAME/
|
||||
debuild -i -us -uc -b
|
||||
ret=$?
|
||||
|
||||
if [[ $ret -ne 0 ]]; then
|
||||
echo "Failed to build HIRS Provisioner deb package"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mv $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner*.deb $SCRIPT_DIR/deb/DEBS/
|
||||
|
||||
echo "HIRS Provisioner deb building complete"
|
||||
|
||||
# TPM Module
|
||||
cd $SCRIPT_DIR/..
|
||||
|
||||
# Compile the TPM Module
|
||||
./gradlew :tpm_module:build
|
||||
cd tpm_module
|
||||
|
||||
# Setup build directories
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
|
||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/src
|
||||
|
||||
# Copy build files
|
||||
cp tpm_module $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/src/
|
||||
cp -r debian/* $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
|
||||
cp -r man/* $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
|
||||
cp ../NOTICE $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian/copyright
|
||||
|
||||
# Build Debian package for TPM Module
|
||||
cd $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/
|
||||
debuild -i -us -uc -b
|
||||
ret=$?
|
||||
|
||||
if [[ $ret -ne 0 ]]; then
|
||||
echo "Failed to build tpm-module deb package"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
mkdir -p $SCRIPT_DIR/deb/DEBS/
|
||||
mv $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module*.deb $SCRIPT_DIR/deb/DEBS/
|
||||
|
||||
echo "TPM deb building complete"
|
||||
|
||||
# HIRS Provisioner TPM 2.0
|
||||
cd $SCRIPT_DIR/deb
|
||||
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
|
||||
if [ -f DEBS/HIRSProvisionerTPM2.0*.deb ]; then
|
||||
echo 'HIRS Provisioner TPM 2.0 deb building complete'
|
||||
else
|
||||
echo 'Failed to build HIRS Provisioner TPM 2.0 deb package'
|
||||
exit 1
|
||||
fi
|
@ -1,337 +0,0 @@
|
||||
# need to run rpmbuild with either:
|
||||
# --define 'build6 1' --define 'dist .el6'
|
||||
# --define 'build7 1' --define 'dist .el7'
|
||||
|
||||
# rpm runs scripts with $1 holding the number of currently installed version of the package in question:
|
||||
# Install the first time: 1
|
||||
# Upgrade: 2 or higher (depending on the number of versions installed)
|
||||
# Remove last version of package: 0
|
||||
# from RedHat RPM Guide by Eric Foster-Johnston
|
||||
|
||||
Name : HIRS
|
||||
Version : %{?VERSION}
|
||||
Release : %{?RELEASE}%{?dist}
|
||||
Source : %{name}-%{?GIT_HASH}.tar
|
||||
Group : System Environment/Base
|
||||
License : ASL 2.0
|
||||
Summary : HIRS
|
||||
BuildArch : noarch
|
||||
BuildRoot : %{_tmppath}/%{name}-%{version}-root
|
||||
BuildRequires : java-1.8.0-openjdk-devel
|
||||
|
||||
%description
|
||||
Host Integrity at Runtime and Startup (HIRS) parent spec.
|
||||
|
||||
%prep
|
||||
%setup -q -c
|
||||
|
||||
%define provisioner_package_name HIRS_Provisioner_TPM_1_2%{?PACKAGE_NAME_ADDENDUM}
|
||||
%define __jar_repack 0
|
||||
|
||||
##########################
|
||||
# HIRS_Provisioner_TPM_1_2
|
||||
##########################
|
||||
%package -n %{provisioner_package_name}
|
||||
Summary : Host Integrity at Runtime and Startup (HIRS) Provisioner
|
||||
Group : System Environment/Base
|
||||
|
||||
%if 0%{?build6}
|
||||
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, initscripts, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
|
||||
%endif
|
||||
|
||||
%if 0%{?build7}
|
||||
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, systemd, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
|
||||
%endif
|
||||
|
||||
%description -n %{provisioner_package_name}
|
||||
Host Integrity at Runtime and Startup (HIRS) Provisioner.
|
||||
|
||||
%pre -n %{provisioner_package_name}
|
||||
if [[ $(find /sys/devices -name "tpm0") ]]; then
|
||||
echo "TPM detected"
|
||||
if [ -f "/usr/lib/systemd/system/tcsd.service" ]; then
|
||||
echo "Starting tcsd service"
|
||||
systemctl start tcsd
|
||||
ret=$?
|
||||
if [[ $ret -ne 0 ]]; then
|
||||
echo "WARNING: FAILED TO START tcsd SERVICE, PROVISIONING WILL FAIL WITHOUT THIS SERVICE"
|
||||
fi
|
||||
echo "Adding tcsd (Trousers) to run levels 1,3,5, and 6"
|
||||
chkconfig --level 1356 tcsd on
|
||||
else
|
||||
echo "Starting tcsd service"
|
||||
service tcsd start
|
||||
ret=$?
|
||||
if [[ $ret -ne 0 ]]; then
|
||||
echo "WARNING: FAILED TO START tcsd SERVICE, PROVISIONING WILL FAIL WITHOUT THIS SERVICE"
|
||||
fi
|
||||
echo "Adding tcsd (Trousers) to run levels 1,3,5, and 6"
|
||||
chkconfig --level 1356 tcsd on
|
||||
fi
|
||||
if [ ! -d "/sys/kernel/security/tpm0" ]; then
|
||||
echo "Mounting security fs partition"
|
||||
sed -i '$a securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0' /etc/fstab
|
||||
mount -a
|
||||
if [ -d "/sys/kernel/security/tpm0" ]; then
|
||||
echo "SUCCESS: security fs partition mounted"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "WARNING: UNABLE TO LOCATE TPM DEVICE, TPM PROVISIONING WILL FAIL"
|
||||
fi
|
||||
|
||||
%post -n %{provisioner_package_name}
|
||||
# copy default property files into /etc/hirs if not present
|
||||
mkdir -p /etc/hirs/
|
||||
cp -n /opt/hirs/default-properties/provisioner/* /etc/hirs/
|
||||
|
||||
# copy common scripts into /opt/hirs/scripts/common
|
||||
cp -f /opt/hirs/scripts/common/provisioner/* /opt/hirs/scripts/common/
|
||||
|
||||
echo 'Creating symlink for hirs-provisioner command'
|
||||
ln -s -f /usr/share/hirs/provisioner/tpm_aca_provision /usr/sbin/tpm_aca_provision
|
||||
chmod +x /usr/share/hirs/provisioner/tpm_aca_provision
|
||||
ln -s -f /usr/share/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
|
||||
chmod +x /usr/share/hirs/provisioner/hirs-provisioner.sh
|
||||
hirs-provisioner -c
|
||||
|
||||
%postun -n %{provisioner_package_name}
|
||||
# don't run these during an upgrade
|
||||
if [ "$1" = "0" ]; then
|
||||
rm -rf /etc/hirs/provisioner
|
||||
rm -rf /etc/hirs/certificates
|
||||
rm -f /usr/sbin/hirs-provisioner
|
||||
rm -rf /usr/share/hirs/provisioner
|
||||
|
||||
rm -rf /var/log/hirs/provisioner
|
||||
|
||||
# if there are no more HIRS packages remaining,
|
||||
# remove all HIRS directories
|
||||
if [[ -z `rpm -qa "HIRS*" | grep -v HIRS_Provisioner_TPM_1_2` ]]; then
|
||||
rm -rf /etc/hirs
|
||||
rm -rf /opt/hirs
|
||||
rm -rf /usr/share/hirs
|
||||
rm -rf /var/log/hirs
|
||||
fi
|
||||
fi
|
||||
|
||||
%files -n %{provisioner_package_name}
|
||||
%license NOTICE
|
||||
/etc/hirs/provisioner
|
||||
%attr(664, root, root) /opt/hirs/default-properties/provisioner/logging.properties
|
||||
%attr(774, root, root) /opt/hirs/scripts/common/provisioner/
|
||||
/usr/share/hirs/provisioner
|
||||
%{_mandir}/man1/hirs-provisioner.1.gz
|
||||
|
||||
####################
|
||||
# HIRS_AttestationCA
|
||||
####################
|
||||
|
||||
%package -n HIRS_AttestationCA
|
||||
Summary : Host Integrity at Runtime and Startup (HIRS) Attestation Certificate Authority (HIRS AttestationCA)
|
||||
Group : System Environment/Base
|
||||
|
||||
%if 0%{?build6}
|
||||
Requires : mysql-server, openssl, tomcat6, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, iptables
|
||||
Prefix : /usr/share/tomcat6
|
||||
%endif
|
||||
|
||||
%if 0%{?build7}
|
||||
Requires : mariadb-server, openssl, tomcat, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, firewalld, policycoreutils
|
||||
Prefix : /usr/share/tomcat
|
||||
%endif
|
||||
|
||||
%description -n HIRS_AttestationCA
|
||||
Host Integrity at Runtime and Startup (HIRS) Attestation CA. Installs and creates keys for HIRS Attestation CA to support generating AIKs
|
||||
|
||||
%pre -n HIRS_AttestationCA
|
||||
if [ ! -d $RPM_INSTALL_PREFIX ]; then
|
||||
echo "error: Tomcat directory not found. Re-run this rpm installation with --prefix=\"<absolute-tomcat-directory>\""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
%post -n HIRS_AttestationCA
|
||||
# copy default property files into /etc/hirs if not present
|
||||
mkdir -p /etc/hirs
|
||||
cp -n /opt/hirs/default-properties/attestationca/* /etc/hirs/
|
||||
|
||||
# loop over common scripts and place into /opt/hirs/scripts/common
|
||||
mkdir -p /opt/hirs/scripts/common/
|
||||
cp -f /opt/hirs/scripts/common/aca/* /opt/hirs/scripts/common/
|
||||
|
||||
# run these only on a fresh install of the package
|
||||
if [ $1 == 1 ]; then
|
||||
# open necessary ports
|
||||
sh /opt/hirs/scripts/common/firewall_configure_tomcat.sh
|
||||
|
||||
# Allow Tomcat to use port 3306 to communicate with MySQL
|
||||
%if 0%{?build7}
|
||||
if [ selinuxenabled ]; then
|
||||
semodule -i /opt/hirs/extras/aca/tomcat-mysql-hirs.pp
|
||||
fi
|
||||
%endif
|
||||
|
||||
# create trust stores, configure tomcat and db
|
||||
sh /opt/hirs/scripts/common/ssl_configure.sh server
|
||||
|
||||
# create the database
|
||||
sh /opt/hirs/scripts/common/db_create.sh
|
||||
fi
|
||||
|
||||
# modify mysql schema accordingly on upgrade
|
||||
if [ $1 -gt 1 ]; then
|
||||
#update version number on portal banner
|
||||
echo %{?DISPLAY_VERSION} | tee '%{prefix}/webapps/HIRS_AttestationCAPortal/WEB-INF/classes/VERSION'
|
||||
|
||||
echo "Upgrading hirs_db schema!"
|
||||
if [ %{version} == "1.0.4" ]; then
|
||||
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql); then
|
||||
echo "Upgrade to version 1.0.4"
|
||||
else
|
||||
echo "Error upgrading HIRS database schema to 1.0.4!"
|
||||
exit 1;
|
||||
fi
|
||||
elif [ %{version} == "1.1.0" ]; then
|
||||
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql && \
|
||||
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.0.sql); then
|
||||
echo "Upgrade to version 1.1.0"
|
||||
else
|
||||
echo "Error upgrading HIRS database schema to 1.1.0!"
|
||||
exit 1;
|
||||
fi
|
||||
elif [ %{version} == "1.1.1" ]; then
|
||||
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql && \
|
||||
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.0.sql && \
|
||||
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.1.sql); then
|
||||
echo "Upgrade to version 1.1.1"
|
||||
else
|
||||
echo "Error upgrading HIRS database schema to 1.1.1!"
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
sh /opt/hirs/scripts/aca/certificate_generate.sh
|
||||
|
||||
%preun -n HIRS_AttestationCA
|
||||
# don't run these during an upgrade
|
||||
if [ $1 == 0 ]; then
|
||||
# if the Server isn't installed, deconfigure Tomcat and MySQL SSL and drop the database
|
||||
if [[ -z `rpm -qa HIRS_Server` ]]; then
|
||||
echo 'Restoring Tomcat and MySQL configuration'
|
||||
sh /opt/hirs/scripts/common/ssl_deconfigure.sh server
|
||||
|
||||
echo 'Dropping local HIRS database'
|
||||
sh /opt/hirs/scripts/common/db_drop.sh
|
||||
fi
|
||||
fi
|
||||
|
||||
%postun -n HIRS_AttestationCA
|
||||
# don't run these during an upgrade
|
||||
if [ $1 == 0 ]; then
|
||||
# Removes WARS from the Tomcat installation as well as ACA configuration files and certificates
|
||||
# (/etc/hirs/aca), and ACA installation (/opt/hirs/attestation-ca). Do not run during an upgrade
|
||||
rm -f %{prefix}/webapps/HIRS_AttestationCA*.war
|
||||
rm -rf %{prefix}/webapps/HIRS_AttestationCA*
|
||||
rm -rf /etc/hirs/aca
|
||||
rm -rf /opt/hirs/attestation-ca
|
||||
|
||||
# if the Server and Appraiser are not installed, remove certificates directory
|
||||
if [[ -z `rpm -qa "HIRS_(Server|Appraiser)"` ]]; then
|
||||
rm -rf /etc/hirs/certificates
|
||||
fi
|
||||
|
||||
# if there are no more HIRS packages remaining,
|
||||
# remove all HIRS directories
|
||||
if [[ -z `rpm -qa "HIRS*" | grep -v HIRS_AttestationCA` ]]; then
|
||||
rm -rf /etc/hirs
|
||||
rm -rf /opt/hirs
|
||||
rm -rf /usr/share/hirs
|
||||
rm -rf /var/log/hirs
|
||||
fi
|
||||
fi
|
||||
|
||||
%files -n HIRS_AttestationCA
|
||||
%license NOTICE
|
||||
%attr(664, root, tomcat) %{prefix}/webapps/HIRS_AttestationCA.war
|
||||
%attr(664, root, tomcat) %{prefix}/webapps/HIRS_AttestationCAPortal.war
|
||||
%attr(774, root, tomcat) /etc/hirs/aca/
|
||||
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/logging.properties
|
||||
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/banner.properties
|
||||
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/persistence.properties
|
||||
%attr(664, root, tomcat) /opt/hirs/default-properties/component-class.json
|
||||
%attr(664, root, tomcat) /opt/hirs/default-properties/vendor-table.json
|
||||
%attr(774, root, tomcat) /opt/hirs/scripts/common/aca
|
||||
%attr(774, root, tomcat) /opt/hirs/scripts/aca
|
||||
%attr(774, root, tomcat) /opt/hirs/extras/aca/tomcat-mysql-hirs.pp
|
||||
%attr(774, root, tomcat) /opt/hirs/extras/aca/tomcat-mysql-hirs.te
|
||||
|
||||
####################
|
||||
# Build and install
|
||||
####################
|
||||
|
||||
%build
|
||||
./gradlew -PpluginDir=%{?PLUGIN_SOURCE} -PdisplayVersion=%{?DISPLAY_VERSION} :HIRS_Provisioner:installDist :HIRS_AttestationCA:war :HIRS_AttestationCAPortal:war
|
||||
|
||||
%install
|
||||
# prepare provisioner for packaging
|
||||
cd HIRS_Provisioner
|
||||
mkdir -p %{buildroot}/usr/share/hirs/provisioner
|
||||
mkdir -p %{buildroot}/%{_mandir}/man1
|
||||
cp -r build/install/HIRS_Provisioner/* %{buildroot}/usr/share/hirs/provisioner
|
||||
|
||||
sed -i '/exec "$JAVACMD" "$@"/i /opt/hirs/scripts/common/jvm_version_check.sh $JAVACMD' %{buildroot}/usr/share/hirs/provisioner/bin/HIRS_Provisioner
|
||||
|
||||
mkdir -p %{buildroot}/etc/hirs/provisioner/certs
|
||||
cp scripts/install/hirs-provisioner.sh %{buildroot}/usr/share/hirs/provisioner/
|
||||
cp scripts/install/tpm_aca_provision %{buildroot}/usr/share/hirs/provisioner/
|
||||
cp hirs-provisioner-config.sh %{buildroot}/etc/hirs/provisioner
|
||||
cp create-ek-cert.sh %{buildroot}/etc/hirs/provisioner
|
||||
cp src/main/resources/defaults.properties %{buildroot}/etc/hirs/provisioner/provisioner.properties
|
||||
cp -r setup %{buildroot}/etc/hirs/provisioner/
|
||||
gzip -c man/hirs-provisioner.1 > %{buildroot}/%{_mandir}/man1/hirs-provisioner.1.gz
|
||||
|
||||
mkdir -p %{buildroot}/opt/hirs/scripts/common/provisioner
|
||||
cp ../scripts/common/jvm_version_check.sh %{buildroot}/opt/hirs/scripts/common/provisioner/
|
||||
|
||||
# copy common scripts
|
||||
mkdir -p %{buildroot}/opt/hirs/scripts/common/aca
|
||||
cp ../scripts/common/* %{buildroot}/opt/hirs/scripts/common/aca/
|
||||
|
||||
# prepare ACA for packaging
|
||||
cd ../HIRS_AttestationCA
|
||||
mkdir -p %{buildroot}/opt/hirs/scripts/aca
|
||||
cp ../scripts/aca/* %{buildroot}/opt/hirs/scripts/aca
|
||||
mkdir -p %{buildroot}/opt/hirs/attestation-ca/
|
||||
mkdir -p %{buildroot}/etc/hirs/aca/certificates/
|
||||
mkdir -p %{buildroot}/etc/hirs/aca/client-files/
|
||||
mkdir -p %{buildroot}%{prefix}/webapps/
|
||||
cp build/libs/HIRS_AttestationCA.war %{buildroot}%{prefix}/webapps/
|
||||
cp src/main/resources/defaults.properties %{buildroot}/etc/hirs/aca/aca.properties
|
||||
|
||||
# prepare ACA Portal for packaging
|
||||
cd ../HIRS_AttestationCAPortal
|
||||
mkdir -p %{buildroot}%{prefix}/webapps/
|
||||
cp build/libs/HIRS_AttestationCAPortal.war %{buildroot}%{prefix}/webapps/
|
||||
# note: no ACA Portal specific resource files to copy yet...
|
||||
|
||||
# creates the home directory for activemq user so SELinux doesn't complain
|
||||
mkdir -p %{buildroot}/srv/activemq
|
||||
mkdir -p %{buildroot}/etc/hirs/portal
|
||||
|
||||
cd ..
|
||||
|
||||
# copy over the properties files
|
||||
mkdir -p %{buildroot}/opt/hirs/default-properties/provisioner
|
||||
cp HIRS_Utils/src/main/resources/logging.properties %{buildroot}/opt/hirs/default-properties/provisioner/logging.properties
|
||||
|
||||
mkdir -p %{buildroot}/opt/hirs/default-properties/attestationca
|
||||
cp HIRS_Utils/src/main/resources/persistence.properties %{buildroot}/opt/hirs/default-properties/attestationca/
|
||||
cp HIRS_Utils/src/main/resources/logging.properties %{buildroot}/opt/hirs/default-properties/attestationca/
|
||||
cp HIRS_Utils/src/main/resources/banner.properties %{buildroot}/opt/hirs/default-properties/attestationca/
|
||||
cp HIRS_Utils/src/main/resources/component-class.json %{buildroot}/opt/hirs/default-properties/
|
||||
cp -n HIRS_Utils/src/main/resources/vendor-table.json %{buildroot}/opt/hirs/default-properties/
|
||||
|
||||
# install extras
|
||||
mkdir -p %{buildroot}/opt/hirs/extras
|
||||
cp -r extras/ %{buildroot}/opt/hirs/
|
@ -1,62 +0,0 @@
|
||||
Name : tpm_module
|
||||
Vendor : U.S. Government
|
||||
Summary : Tool used to interface with the TPM
|
||||
Version : %{?VERSION}
|
||||
Release : %{?RELEASE}
|
||||
Source : tpm_module-%{?GIT_HASH}.tar
|
||||
|
||||
Group : System Environment/Base
|
||||
License : ASL 2.0
|
||||
|
||||
Requires : tpm-tools, trousers
|
||||
BuildRequires : cpp
|
||||
BuildRequires : gcc-c++
|
||||
BuildRequires : trousers-devel
|
||||
|
||||
BuildArch : x86_64
|
||||
BuildRoot : %{_tmppath}/%{name}-%{version}-root
|
||||
|
||||
%description
|
||||
Trusted Platform Module (TPM) interface module. This software is designed to provide a platform-independent interface to a client's TPM. It imlpements functionality similar to and exceeding that of tpm-tools in some cases. This software is intended for use with the HIR reporting infrastructure to help clients generate integrity reports based on TPM data.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{?GIT_HASH}
|
||||
|
||||
%build
|
||||
rm -f main.d main.o tpm_module
|
||||
make
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/bin
|
||||
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1
|
||||
cp tpm_module $RPM_BUILD_ROOT/usr/bin/
|
||||
gzip -c man/tpm_module.1 > $RPM_BUILD_ROOT/usr/share/man/man1/tpm_module.1.gz
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files
|
||||
%license ../NOTICE
|
||||
/usr/bin/tpm_module
|
||||
/usr/share/man/man1/tpm_module.1.gz
|
||||
|
||||
%changelog
|
||||
* Thu Feb 5 2015 3.11
|
||||
- Modify to support new directory structure
|
||||
* Mon May 5 2014 3.11
|
||||
- Set up automatic builds
|
||||
* Wed Jan 8 2014 3.10
|
||||
- Added more comments, legal disclaimers, and changed behavior of error output.
|
||||
* Wed Dec 4 2013 3.09
|
||||
- Tweaked toggling of TSS_CAP_VERSION_INFO. Added additional debugging messages to describe errors.
|
||||
* Mon Dec 2 2013 3.08
|
||||
- TSS_CAP_VERSION_INFO is no longer required on quote2. Other tweaks for platform compatibility.
|
||||
* Tue Oct 1 2013 3.08
|
||||
- Improved commenting and documentation, fixed help info, changed behavior of clearing function
|
||||
* Tue Jul 17 2012 3.07
|
||||
- Fixed mask utility function handling of 'F' (70, not 80)
|
||||
* Wed May 2 2012 3.06
|
||||
- Corrected bug in changekeyauth function
|
||||
* Tue May 1 2012 3.05
|
||||
- Initial package release
|
@ -6,7 +6,6 @@
|
||||
#
|
||||
#####################################################################################
|
||||
|
||||
USE_WAR=$1
|
||||
CONFIG_FILE="/etc/hirs/aca/application.properties"
|
||||
ALG=RSA
|
||||
RSA_PATH=rsa_3k_sha384_certs
|
||||
@ -21,6 +20,51 @@ if [ "$EUID" -ne 0 ]
|
||||
exit 1
|
||||
fi
|
||||
|
||||
help () {
|
||||
echo " Setup script for the HIRS ACA"
|
||||
echo " Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
|
||||
echo " options:"
|
||||
echo " -p | --path Path to the HIRS_AttestationCAPortal.war file"
|
||||
echo " -h | --help Print this Help."
|
||||
echo
|
||||
}
|
||||
|
||||
# Process parameters Argument handling
|
||||
POSITIONAL_ARGS=()
|
||||
ORIGINAL_ARGS=("$@")
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case $1 in
|
||||
-p|--path)
|
||||
USE_WAR=YES
|
||||
shift # past argument
|
||||
WAR_PATH=$@
|
||||
shift # past parameter
|
||||
;;
|
||||
-h|--help)
|
||||
help
|
||||
exit 0
|
||||
shift # past argument
|
||||
;;
|
||||
-*|--*)
|
||||
echo "aca_setup.sh: Unknown option $1"
|
||||
help
|
||||
exit 1
|
||||
;;
|
||||
*)
|
||||
POSITIONAL_ARGS+=("$1") # save positional arg
|
||||
# shift # past argument
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ -z "${WAR_PATH}" ]; then
|
||||
WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
|
||||
NOT_USING_RPM=true
|
||||
fi
|
||||
|
||||
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
||||
|
||||
source $SCRIPT_DIR/../db/start_mysqld.sh
|
||||
|
||||
if [ $ALG = "RSA" ]; then
|
||||
@ -43,9 +87,11 @@ if [ ! -d "$CERT_PATH" ]; then
|
||||
exit 1;
|
||||
fi
|
||||
|
||||
if [ ! -f "$GRADLE_WRAPPER" ]; then
|
||||
if [ $NOT_USING_RPM = true ]; then
|
||||
if [ ! -f "$GRADLE_WRAPPER" ]; then
|
||||
echo "This script needs to be run from the HIRS top level project directory. Exiting."
|
||||
exit 1;
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Starting HIRS ACA on https://localhost:8443/HIRS_AttestationCAPortal/portal/index"
|
||||
@ -71,10 +117,11 @@ WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \
|
||||
# uncomment to show spring boot and hibernate properties used as gradle argumanets
|
||||
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
|
||||
|
||||
if [ "$USE_WAR" == "war" ]; then
|
||||
echo "Booting the ACA from a $USE_WAR file..."
|
||||
java -jar HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war $CONNECTOR_PARAMS$WEB_TLS_PARAMS
|
||||
if [ -z "$USE_WAR" ]; then
|
||||
echo "Booting the ACA from local build..."
|
||||
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
|
||||
else
|
||||
echo "Booting the ACA from local build..."
|
||||
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
|
||||
echo "Booting the ACA from a $USE_WAR file..."
|
||||
java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
|
||||
# Note add check for ACA to get started
|
||||
fi
|
||||
|
@ -28,4 +28,6 @@ popd
|
||||
echo "Removing certificates and config files..."
|
||||
rm -rf /etc/hirs
|
||||
|
||||
# Note add check for ACA running and stop the process if it is
|
||||
|
||||
echo "ACA setup removal complete."
|
@ -89,7 +89,7 @@ check_mysql () {
|
||||
echo "mariadb not running , attempting to restart"
|
||||
systemctl start mariadb
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
# Wait for mysql to start before continuing.
|
||||
|
||||
|
@ -1,35 +0,0 @@
|
||||
#!/bin/bash
|
||||
tom_version="10.1.9"
|
||||
tom_maj=$(echo "$tom_version" | cut -d '.' -f 1)
|
||||
CATALINA_HOME=/opt/tomcat/
|
||||
CATALINA_BASE=/opt/tomcat/
|
||||
|
||||
# Check if tomcat already installed
|
||||
if [ -d "/opt/tomcat" ]; then
|
||||
echo "tomcat already installed"
|
||||
else
|
||||
echo "installing $tom_version"
|
||||
pushd /tmp
|
||||
useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
|
||||
dnf install wget -y
|
||||
wget https://downloads.apache.org/tomcat/tomcat-$tom_maj/v$tom_version/bin/apache-tomcat-$tom_version.tar.gz
|
||||
mkdir /opt/tomcat
|
||||
tar -xzf apache-tomcat-$tom_version.tar.gz -C /opt/tomcat --strip-components=1
|
||||
rm apache-tomcat-$tom_version.tar.gz
|
||||
chown -R tomcat: /opt/tomcat
|
||||
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'
|
||||
popd
|
||||
fi
|
||||
if [ -f /.dockerenv ]; then
|
||||
echo "in a container..."
|
||||
sh /opt/tomcat/bin/catalina.sh start
|
||||
else
|
||||
cp /opt/hirs/scripts/aca/tomcat.service /etc/systemd/system/.
|
||||
systemctl daemon-reload
|
||||
systemctl start tomcat
|
||||
systemctl enable tomcat
|
||||
fi
|
||||
if [ $(pgrep -c FirewallD) == "1" ]; then
|
||||
firewall-cmd --add-port=8080/tcp --permanent
|
||||
firewall-cmd --add-port=8443/tcp --permanent
|
||||
fi
|
@ -3,7 +3,7 @@ plugins {
|
||||
id "java"
|
||||
// id "findbugs"
|
||||
// id "checkstyle"
|
||||
id "nebula.ospackage" version "9.1.1"
|
||||
id "com.netflix.nebula.ospackage" version "11.4.0"
|
||||
}
|
||||
// Get version from main project gradle
|
||||
def packVersion = properties.get("packageVersion");
|
||||
|
@ -1,6 +1,6 @@
|
||||
plugins {
|
||||
id "java"
|
||||
id "nebula.ospackage" version "9.1.1"
|
||||
id 'com.netflix.nebula.ospackage' version '11.4.0'
|
||||
id 'com.intershop.gradle.jaxb' version '5.1.0'
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user