mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-18 20:47:58 +00:00
Updated gradle to v8.3 and nebula to 11.4.0
This commit is contained in:
parent
58b5de3bbb
commit
cb4ad4d51a
@ -1,22 +1,23 @@
|
|||||||
FROM rockylinux:8.6
|
FROM rockylinux:8.6
|
||||||
|
|
||||||
# Install packages for installing HIRS ACA
|
SHELL ["/bin/bash", "-c"]
|
||||||
#RUN yum -y update && yum clean all
|
|
||||||
|
# Update and install OS-dependencies
|
||||||
RUN dnf update -y
|
RUN dnf update -y
|
||||||
|
|
||||||
# Install Java 8
|
# Install Java
|
||||||
RUN dnf install java-1.8.0-openjdk-headless.x86_64 -y
|
RUN dnf -y install java-17-openjdk-devel -y
|
||||||
|
|
||||||
# Install Tomcat
|
# Install Tomcat
|
||||||
RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
|
#RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
|
||||||
RUN dnf install wget -y
|
#RUN dnf install wget -y
|
||||||
RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
|
#RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
|
||||||
RUN mkdir /opt/tomcat
|
#RUN mkdir /opt/tomcat
|
||||||
RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
|
#RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
|
||||||
|
|
||||||
# Install HIRS dependencies
|
# Install HIRS dependencies
|
||||||
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
|
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
|
||||||
RUN dnf install -y openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
|
RUN dnf install -y wget openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
|
||||||
|
|
||||||
# Install PACCOR for Device Info Gathering
|
# Install PACCOR for Device Info Gathering
|
||||||
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r2/paccor-1.1.4-2.noarch.rpm && yum -y install paccor-*.rpm && popd
|
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r2/paccor-1.1.4-2.noarch.rpm && yum -y install paccor-*.rpm && popd
|
||||||
@ -33,3 +34,5 @@ RUN dnf -y install packages-microsoft-prod.rpm
|
|||||||
RUN dnf makecache
|
RUN dnf makecache
|
||||||
RUN dnf -y install dotnet-sdk-6.0
|
RUN dnf -y install dotnet-sdk-6.0
|
||||||
RUN dotnet tool install --global dotnet-rpm
|
RUN dotnet tool install --global dotnet-rpm
|
||||||
|
|
||||||
|
EXPOSE 8443
|
||||||
|
@ -2,7 +2,7 @@ plugins {
|
|||||||
id 'application'
|
id 'application'
|
||||||
id 'java'
|
id 'java'
|
||||||
id 'war'
|
id 'war'
|
||||||
id "nebula.ospackage" version "9.1.1"
|
id 'com.netflix.nebula.ospackage' version '11.4.0'
|
||||||
id 'org.springframework.boot' version '3.0.6'
|
id 'org.springframework.boot' version '3.0.6'
|
||||||
id 'io.spring.dependency-management' version '1.1.0'
|
id 'io.spring.dependency-management' version '1.1.0'
|
||||||
}
|
}
|
||||||
@ -60,14 +60,6 @@ dependencies {
|
|||||||
testImplementation libs.testng
|
testImplementation libs.testng
|
||||||
}
|
}
|
||||||
|
|
||||||
war {
|
|
||||||
from(buildDir) {
|
|
||||||
include 'VERSION'
|
|
||||||
into 'WEB-INF/classes'
|
|
||||||
}
|
|
||||||
archiveFileName = 'HIRS_AttestationCAPortal.war'
|
|
||||||
}
|
|
||||||
|
|
||||||
ospackage {
|
ospackage {
|
||||||
packageName = 'HIRS_AttestationCA'
|
packageName = 'HIRS_AttestationCA'
|
||||||
os = LINUX
|
os = LINUX
|
||||||
@ -78,85 +70,27 @@ ospackage {
|
|||||||
user 'root'
|
user 'root'
|
||||||
fileMode = 0755
|
fileMode = 0755
|
||||||
|
|
||||||
def tpath="/opt"
|
|
||||||
|
|
||||||
addParentDirs = true
|
addParentDirs = true
|
||||||
createDirectoryEntry true
|
createDirectoryEntry true
|
||||||
|
|
||||||
preInstall "rm -rf /opt/hirs/default-properties"
|
// copy setup scripts to /opt/hirs/aca
|
||||||
preInstall "mkdir -p /opt/hirs/default-properties/"
|
into ('/opt/hirs/aca/scripts/') {
|
||||||
preInstall "mkdir -p /tmp/hirs/default-properties/"
|
from '../package/scripts/'
|
||||||
|
|
||||||
// Setup /etc/hirs
|
|
||||||
into ('/etc/hirs/aca/') {
|
|
||||||
from '../HIRS_AttestationCA/src/main/resources/defaults.properties'
|
|
||||||
rename {'aca.properties'}
|
|
||||||
}
|
}
|
||||||
into ('/etc/hirs/') {
|
// copy the war file into /opt/hirs/aca
|
||||||
from '../HIRS_Utils/src/main/resources/banner.properties'
|
into ('/opt/hirs/aca/') {
|
||||||
from '../HIRS_Utils/src/main/resources/persistence.properties'
|
from '../HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war'
|
||||||
from '../HIRS_Utils/src/main/resources/logging.properties'
|
|
||||||
}
|
|
||||||
// Setup tomcat files
|
|
||||||
// Create and package HIRS_AttestationCA:war
|
|
||||||
into ("${tpath}/tomcat/webapps") {
|
|
||||||
from war.outputs.files
|
|
||||||
from '../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war'
|
|
||||||
user 'root'
|
user 'root'
|
||||||
fileMode = 0755
|
fileMode = 0755
|
||||||
}
|
}
|
||||||
into ("${tpath}/tomcat/lib") {
|
|
||||||
from 'libs'
|
|
||||||
from configurations.runtimeClasspath
|
|
||||||
}
|
|
||||||
into ("/opt/hirs/scripts/aca/") {
|
|
||||||
from '../package/conf/tomcat.service'
|
|
||||||
from '../package/scripts/install_tomcat.sh'
|
|
||||||
from '../package/scripts/aca/aca_property_setup.sh'
|
|
||||||
from '../package/scripts/aca/aca_setup.sh'
|
|
||||||
}
|
|
||||||
into ("/opt/hirs/scripts/pki/") {
|
|
||||||
from '../package/scripts/pki/ca.conf'
|
|
||||||
from '../package/scripts/pki/pki_setup.sh'
|
|
||||||
from '../package/scripts/pki/pki_chain_gen.sh'
|
|
||||||
}
|
|
||||||
into ("/opt/hirs/scripts/db/") {
|
|
||||||
from '../package/scripts/db/db_create.sh'
|
|
||||||
from '../package/scripts/db/db_create.sql'
|
|
||||||
from '../package/scripts/db/db_drop.sh'
|
|
||||||
from '../package/scripts/db/db_drop.sql'
|
|
||||||
from '../package/scripts/db/secure_mysql.sql'
|
|
||||||
}
|
|
||||||
into ("/opt/hirs/scripts/common") {
|
|
||||||
from '../package/scripts/common/'
|
|
||||||
}
|
|
||||||
into ('/opt/hirs/extras/aca/') {
|
|
||||||
from '../package/extras/aca/'
|
|
||||||
}
|
|
||||||
|
|
||||||
// Copy json files to /tmp and move into /opt/hirs in postInstall section
|
|
||||||
// Allows HIRS tools to be installed using the same files
|
|
||||||
into ('/tmp/aca/default-properties/') {
|
|
||||||
from '../HIRS_AttestationCA/src/main/resources/vendor-table.json'
|
|
||||||
from '../HIRS_AttestationCA/src/main/resources/component-class.json'
|
|
||||||
}
|
|
||||||
// Post Install
|
// Post Install
|
||||||
|
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
|
||||||
|
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_bootRun.sh -p /opt/hirs/aca/HIRS_AttestationCAPortal.war'
|
||||||
|
// Note need to add service or chron job to start on system boot
|
||||||
|
|
||||||
postInstall file('../package/scripts/db/db_create.sh')
|
// Uninstall
|
||||||
postInstall file('../package/scripts/pki/pki_setup.sh')
|
preUninstall 'sh /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'
|
||||||
|
|
||||||
postInstall 'mkdir -p /etc/hirs/aca/certificates'
|
|
||||||
postInstall 'cp /tmp/aca/default-properties/* /opt/hirs/default-properties/.'
|
|
||||||
postInstall 'rm -rf /tmp/aca/'
|
|
||||||
// postInstall file('../package/scripts/install_tomcat.sh')
|
|
||||||
|
|
||||||
postInstall 'sh /opt/tomcat/bin/catalina.sh start'
|
|
||||||
|
|
||||||
// Post Uninstall
|
|
||||||
// Copy files to /tmp that package manager will be expecting them there
|
|
||||||
preUninstall 'mkdir -p /tmp/aca/default-properties/'
|
|
||||||
preUninstall 'cp -f /opt/hirs/default-properties/* /tmp/aca/default-properties/.'
|
|
||||||
preUninstall file('../package/scripts/db/db_drop.sh')
|
|
||||||
|
|
||||||
buildRpm {
|
buildRpm {
|
||||||
arch = X86_64
|
arch = X86_64
|
||||||
@ -165,5 +99,4 @@ ospackage {
|
|||||||
buildDeb {
|
buildDeb {
|
||||||
arch = 'amd64'
|
arch = 'amd64'
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
BIN
gradle/wrapper/gradle-wrapper.jar
vendored
BIN
gradle/wrapper/gradle-wrapper.jar
vendored
Binary file not shown.
4
gradle/wrapper/gradle-wrapper.properties
vendored
4
gradle/wrapper/gradle-wrapper.properties
vendored
@ -1,6 +1,6 @@
|
|||||||
#Thu Feb 15 13:18:16 EST 2018
|
|
||||||
distributionBase=GRADLE_USER_HOME
|
distributionBase=GRADLE_USER_HOME
|
||||||
distributionPath=wrapper/dists
|
distributionPath=wrapper/dists
|
||||||
|
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
|
||||||
|
networkTimeout=10000
|
||||||
zipStoreBase=GRADLE_USER_HOME
|
zipStoreBase=GRADLE_USER_HOME
|
||||||
zipStorePath=wrapper/dists
|
zipStorePath=wrapper/dists
|
||||||
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
|
|
||||||
|
306
gradlew
vendored
306
gradlew
vendored
@ -1,74 +1,129 @@
|
|||||||
#!/usr/bin/env bash
|
#!/bin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# Copyright © 2015-2021 the original authors.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
#
|
||||||
|
|
||||||
##############################################################################
|
##############################################################################
|
||||||
##
|
#
|
||||||
## Gradle start up script for UN*X
|
# Gradle start up script for POSIX generated by Gradle.
|
||||||
##
|
#
|
||||||
|
# Important for running:
|
||||||
|
#
|
||||||
|
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
|
||||||
|
# noncompliant, but you have some other compliant shell such as ksh or
|
||||||
|
# bash, then to run this script, type that shell name before the whole
|
||||||
|
# command line, like:
|
||||||
|
#
|
||||||
|
# ksh Gradle
|
||||||
|
#
|
||||||
|
# Busybox and similar reduced shells will NOT work, because this script
|
||||||
|
# requires all of these POSIX shell features:
|
||||||
|
# * functions;
|
||||||
|
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
|
||||||
|
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
|
||||||
|
# * compound commands having a testable exit status, especially «case»;
|
||||||
|
# * various built-in commands including «command», «set», and «ulimit».
|
||||||
|
#
|
||||||
|
# Important for patching:
|
||||||
|
#
|
||||||
|
# (2) This script targets any POSIX shell, so it avoids extensions provided
|
||||||
|
# by Bash, Ksh, etc; in particular arrays are avoided.
|
||||||
|
#
|
||||||
|
# The "traditional" practice of packing multiple parameters into a
|
||||||
|
# space-separated string is a well documented source of bugs and security
|
||||||
|
# problems, so this is (mostly) avoided, by progressively accumulating
|
||||||
|
# options in "$@", and eventually passing that to Java.
|
||||||
|
#
|
||||||
|
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
|
||||||
|
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
|
||||||
|
# see the in-line comments for details.
|
||||||
|
#
|
||||||
|
# There are tweaks for specific operating systems such as AIX, CygWin,
|
||||||
|
# Darwin, MinGW, and NonStop.
|
||||||
|
#
|
||||||
|
# (3) This script is generated from the Groovy template
|
||||||
|
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
|
||||||
|
# within the Gradle project.
|
||||||
|
#
|
||||||
|
# You can find Gradle at https://github.com/gradle/gradle/.
|
||||||
|
#
|
||||||
##############################################################################
|
##############################################################################
|
||||||
|
|
||||||
|
# Attempt to set APP_HOME
|
||||||
|
|
||||||
|
# Resolve links: $0 may be a link
|
||||||
|
app_path=$0
|
||||||
|
|
||||||
|
# Need this for daisy-chained symlinks.
|
||||||
|
while
|
||||||
|
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
|
||||||
|
[ -h "$app_path" ]
|
||||||
|
do
|
||||||
|
ls=$( ls -ld "$app_path" )
|
||||||
|
link=${ls#*' -> '}
|
||||||
|
case $link in #(
|
||||||
|
/*) app_path=$link ;; #(
|
||||||
|
*) app_path=$APP_HOME$link ;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
# This is normally unused
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
APP_BASE_NAME=${0##*/}
|
||||||
|
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
|
||||||
|
|
||||||
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||||
DEFAULT_JVM_OPTS=""
|
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
|
||||||
|
|
||||||
APP_NAME="Gradle"
|
|
||||||
APP_BASE_NAME=`basename "$0"`
|
|
||||||
|
|
||||||
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
||||||
MAX_FD="maximum"
|
MAX_FD=maximum
|
||||||
|
|
||||||
warn () {
|
warn () {
|
||||||
echo "$*"
|
echo "$*"
|
||||||
}
|
} >&2
|
||||||
|
|
||||||
die () {
|
die () {
|
||||||
echo
|
echo
|
||||||
echo "$*"
|
echo "$*"
|
||||||
echo
|
echo
|
||||||
exit 1
|
exit 1
|
||||||
}
|
} >&2
|
||||||
|
|
||||||
# OS specific support (must be 'true' or 'false').
|
# OS specific support (must be 'true' or 'false').
|
||||||
cygwin=false
|
cygwin=false
|
||||||
msys=false
|
msys=false
|
||||||
darwin=false
|
darwin=false
|
||||||
case "`uname`" in
|
nonstop=false
|
||||||
CYGWIN* )
|
case "$( uname )" in #(
|
||||||
cygwin=true
|
CYGWIN* ) cygwin=true ;; #(
|
||||||
;;
|
Darwin* ) darwin=true ;; #(
|
||||||
Darwin* )
|
MSYS* | MINGW* ) msys=true ;; #(
|
||||||
darwin=true
|
NONSTOP* ) nonstop=true ;;
|
||||||
;;
|
|
||||||
MINGW* )
|
|
||||||
msys=true
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# Attempt to set APP_HOME
|
|
||||||
# Resolve links: $0 may be a link
|
|
||||||
PRG="$0"
|
|
||||||
# Need this for relative symlinks.
|
|
||||||
while [ -h "$PRG" ] ; do
|
|
||||||
ls=`ls -ld "$PRG"`
|
|
||||||
link=`expr "$ls" : '.*-> \(.*\)$'`
|
|
||||||
if expr "$link" : '/.*' > /dev/null; then
|
|
||||||
PRG="$link"
|
|
||||||
else
|
|
||||||
PRG=`dirname "$PRG"`"/$link"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
SAVED="`pwd`"
|
|
||||||
cd "`dirname \"$PRG\"`/" >/dev/null
|
|
||||||
APP_HOME="`pwd -P`"
|
|
||||||
cd "$SAVED" >/dev/null
|
|
||||||
|
|
||||||
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
||||||
|
|
||||||
|
|
||||||
# Determine the Java command to use to start the JVM.
|
# Determine the Java command to use to start the JVM.
|
||||||
if [ -n "$JAVA_HOME" ] ; then
|
if [ -n "$JAVA_HOME" ] ; then
|
||||||
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
||||||
# IBM's JDK on AIX uses strange locations for the executables
|
# IBM's JDK on AIX uses strange locations for the executables
|
||||||
JAVACMD="$JAVA_HOME/jre/sh/java"
|
JAVACMD=$JAVA_HOME/jre/sh/java
|
||||||
else
|
else
|
||||||
JAVACMD="$JAVA_HOME/bin/java"
|
JAVACMD=$JAVA_HOME/bin/java
|
||||||
fi
|
fi
|
||||||
if [ ! -x "$JAVACMD" ] ; then
|
if [ ! -x "$JAVACMD" ] ; then
|
||||||
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
||||||
@ -77,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the
|
|||||||
location of your Java installation."
|
location of your Java installation."
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
JAVACMD="java"
|
JAVACMD=java
|
||||||
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||||
|
|
||||||
Please set the JAVA_HOME variable in your environment to match the
|
Please set the JAVA_HOME variable in your environment to match the
|
||||||
@ -85,76 +140,105 @@ location of your Java installation."
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# Increase the maximum file descriptors if we can.
|
# Increase the maximum file descriptors if we can.
|
||||||
if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
|
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
|
||||||
MAX_FD_LIMIT=`ulimit -H -n`
|
case $MAX_FD in #(
|
||||||
if [ $? -eq 0 ] ; then
|
max*)
|
||||||
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
|
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
|
||||||
MAX_FD="$MAX_FD_LIMIT"
|
# shellcheck disable=SC3045
|
||||||
fi
|
MAX_FD=$( ulimit -H -n ) ||
|
||||||
ulimit -n $MAX_FD
|
warn "Could not query maximum file descriptor limit"
|
||||||
if [ $? -ne 0 ] ; then
|
esac
|
||||||
warn "Could not set maximum file descriptor limit: $MAX_FD"
|
case $MAX_FD in #(
|
||||||
fi
|
'' | soft) :;; #(
|
||||||
else
|
*)
|
||||||
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
|
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
|
||||||
fi
|
# shellcheck disable=SC3045
|
||||||
fi
|
ulimit -n "$MAX_FD" ||
|
||||||
|
warn "Could not set maximum file descriptor limit to $MAX_FD"
|
||||||
# For Darwin, add options to specify how the application appears in the dock
|
|
||||||
if $darwin; then
|
|
||||||
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# For Cygwin, switch paths to Windows format before running java
|
|
||||||
if $cygwin ; then
|
|
||||||
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
|
|
||||||
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
|
|
||||||
JAVACMD=`cygpath --unix "$JAVACMD"`
|
|
||||||
|
|
||||||
# We build the pattern for arguments to be converted via cygpath
|
|
||||||
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
|
|
||||||
SEP=""
|
|
||||||
for dir in $ROOTDIRSRAW ; do
|
|
||||||
ROOTDIRS="$ROOTDIRS$SEP$dir"
|
|
||||||
SEP="|"
|
|
||||||
done
|
|
||||||
OURCYGPATTERN="(^($ROOTDIRS))"
|
|
||||||
# Add a user-defined pattern to the cygpath arguments
|
|
||||||
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
|
|
||||||
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
|
|
||||||
fi
|
|
||||||
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
|
||||||
i=0
|
|
||||||
for arg in "$@" ; do
|
|
||||||
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
|
|
||||||
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
|
|
||||||
|
|
||||||
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
|
|
||||||
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
|
|
||||||
else
|
|
||||||
eval `echo args$i`="\"$arg\""
|
|
||||||
fi
|
|
||||||
i=$((i+1))
|
|
||||||
done
|
|
||||||
case $i in
|
|
||||||
(0) set -- ;;
|
|
||||||
(1) set -- "$args0" ;;
|
|
||||||
(2) set -- "$args0" "$args1" ;;
|
|
||||||
(3) set -- "$args0" "$args1" "$args2" ;;
|
|
||||||
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
|
|
||||||
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
|
|
||||||
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
|
|
||||||
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
|
|
||||||
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
|
|
||||||
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
|
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
|
# Collect all arguments for the java command, stacking in reverse order:
|
||||||
function splitJvmOpts() {
|
# * args from the command line
|
||||||
JVM_OPTS=("$@")
|
# * the main class name
|
||||||
}
|
# * -classpath
|
||||||
eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
|
# * -D...appname settings
|
||||||
JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
|
# * --module-path (only if needed)
|
||||||
|
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
|
||||||
|
|
||||||
exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
|
# For Cygwin or MSYS, switch paths to Windows format before running java
|
||||||
|
if "$cygwin" || "$msys" ; then
|
||||||
|
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
|
||||||
|
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
|
||||||
|
|
||||||
|
JAVACMD=$( cygpath --unix "$JAVACMD" )
|
||||||
|
|
||||||
|
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
||||||
|
for arg do
|
||||||
|
if
|
||||||
|
case $arg in #(
|
||||||
|
-*) false ;; # don't mess with options #(
|
||||||
|
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
|
||||||
|
[ -e "$t" ] ;; #(
|
||||||
|
*) false ;;
|
||||||
|
esac
|
||||||
|
then
|
||||||
|
arg=$( cygpath --path --ignore --mixed "$arg" )
|
||||||
|
fi
|
||||||
|
# Roll the args list around exactly as many times as the number of
|
||||||
|
# args, so each arg winds up back in the position where it started, but
|
||||||
|
# possibly modified.
|
||||||
|
#
|
||||||
|
# NB: a `for` loop captures its iteration list before it begins, so
|
||||||
|
# changing the positional parameters here affects neither the number of
|
||||||
|
# iterations, nor the values presented in `arg`.
|
||||||
|
shift # remove old arg
|
||||||
|
set -- "$@" "$arg" # push replacement arg
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Collect all arguments for the java command;
|
||||||
|
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
|
||||||
|
# shell script including quotes and variable substitutions, so put them in
|
||||||
|
# double quotes to make sure that they get re-expanded; and
|
||||||
|
# * put everything else in single quotes, so that it's not re-expanded.
|
||||||
|
|
||||||
|
set -- \
|
||||||
|
"-Dorg.gradle.appname=$APP_BASE_NAME" \
|
||||||
|
-classpath "$CLASSPATH" \
|
||||||
|
org.gradle.wrapper.GradleWrapperMain \
|
||||||
|
"$@"
|
||||||
|
|
||||||
|
# Stop when "xargs" is not available.
|
||||||
|
if ! command -v xargs >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
die "xargs is not available"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Use "xargs" to parse quoted args.
|
||||||
|
#
|
||||||
|
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
|
||||||
|
#
|
||||||
|
# In Bash we could simply go:
|
||||||
|
#
|
||||||
|
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
|
||||||
|
# set -- "${ARGS[@]}" "$@"
|
||||||
|
#
|
||||||
|
# but POSIX shell has neither arrays nor command substitution, so instead we
|
||||||
|
# post-process each arg (as a line of input to sed) to backslash-escape any
|
||||||
|
# character that might be a shell metacharacter, then use eval to reverse
|
||||||
|
# that process (while maintaining the separation between arguments), and wrap
|
||||||
|
# the whole thing up as a single "set" statement.
|
||||||
|
#
|
||||||
|
# This will of course break if any of these variables contains a newline or
|
||||||
|
# an unmatched quote.
|
||||||
|
#
|
||||||
|
|
||||||
|
eval "set -- $(
|
||||||
|
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
|
||||||
|
xargs -n1 |
|
||||||
|
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
|
||||||
|
tr '\n' ' '
|
||||||
|
)" '"$@"'
|
||||||
|
|
||||||
|
exec "$JAVACMD" "$@"
|
||||||
|
62
gradlew.bat
vendored
62
gradlew.bat
vendored
@ -1,3 +1,19 @@
|
|||||||
|
@rem
|
||||||
|
@rem Copyright 2015 the original author or authors.
|
||||||
|
@rem
|
||||||
|
@rem Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
@rem you may not use this file except in compliance with the License.
|
||||||
|
@rem You may obtain a copy of the License at
|
||||||
|
@rem
|
||||||
|
@rem https://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
@rem
|
||||||
|
@rem Unless required by applicable law or agreed to in writing, software
|
||||||
|
@rem distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
@rem See the License for the specific language governing permissions and
|
||||||
|
@rem limitations under the License.
|
||||||
|
@rem
|
||||||
|
|
||||||
@if "%DEBUG%"=="" @echo off
|
@if "%DEBUG%"=="" @echo off
|
||||||
@rem ##########################################################################
|
@rem ##########################################################################
|
||||||
@rem
|
@rem
|
||||||
@ -8,20 +24,24 @@
|
|||||||
@rem Set local scope for the variables with windows NT shell
|
@rem Set local scope for the variables with windows NT shell
|
||||||
if "%OS%"=="Windows_NT" setlocal
|
if "%OS%"=="Windows_NT" setlocal
|
||||||
|
|
||||||
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
|
||||||
set DEFAULT_JVM_OPTS=
|
|
||||||
|
|
||||||
set DIRNAME=%~dp0
|
set DIRNAME=%~dp0
|
||||||
if "%DIRNAME%"=="" set DIRNAME=.
|
if "%DIRNAME%"=="" set DIRNAME=.
|
||||||
|
@rem This is normally unused
|
||||||
set APP_BASE_NAME=%~n0
|
set APP_BASE_NAME=%~n0
|
||||||
set APP_HOME=%DIRNAME%
|
set APP_HOME=%DIRNAME%
|
||||||
|
|
||||||
|
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
|
||||||
|
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
|
||||||
|
|
||||||
|
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
||||||
|
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
|
||||||
|
|
||||||
@rem Find java.exe
|
@rem Find java.exe
|
||||||
if defined JAVA_HOME goto findJavaFromJavaHome
|
if defined JAVA_HOME goto findJavaFromJavaHome
|
||||||
|
|
||||||
set JAVA_EXE=java.exe
|
set JAVA_EXE=java.exe
|
||||||
%JAVA_EXE% -version >NUL 2>&1
|
%JAVA_EXE% -version >NUL 2>&1
|
||||||
if "%ERRORLEVEL%" == "0" goto init
|
if %ERRORLEVEL% equ 0 goto execute
|
||||||
|
|
||||||
echo.
|
echo.
|
||||||
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
||||||
@ -35,7 +55,7 @@ goto fail
|
|||||||
set JAVA_HOME=%JAVA_HOME:"=%
|
set JAVA_HOME=%JAVA_HOME:"=%
|
||||||
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
||||||
|
|
||||||
if exist "%JAVA_EXE%" goto init
|
if exist "%JAVA_EXE%" goto execute
|
||||||
|
|
||||||
echo.
|
echo.
|
||||||
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
||||||
@ -45,44 +65,26 @@ echo location of your Java installation.
|
|||||||
|
|
||||||
goto fail
|
goto fail
|
||||||
|
|
||||||
:init
|
|
||||||
@rem Get command-line arguments, handling Windowz variants
|
|
||||||
|
|
||||||
if not "%OS%" == "Windows_NT" goto win9xME_args
|
|
||||||
if "%@eval[2+2]" == "4" goto 4NT_args
|
|
||||||
|
|
||||||
:win9xME_args
|
|
||||||
@rem Slurp the command line arguments.
|
|
||||||
set CMD_LINE_ARGS=
|
|
||||||
set _SKIP=2
|
|
||||||
|
|
||||||
:win9xME_args_slurp
|
|
||||||
if "x%~1" == "x" goto execute
|
|
||||||
|
|
||||||
set CMD_LINE_ARGS=%*
|
|
||||||
goto execute
|
|
||||||
|
|
||||||
:4NT_args
|
|
||||||
@rem Get arguments from the 4NT Shell from JP Software
|
|
||||||
set CMD_LINE_ARGS=%$
|
|
||||||
|
|
||||||
:execute
|
:execute
|
||||||
@rem Setup the command line
|
@rem Setup the command line
|
||||||
|
|
||||||
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
||||||
|
|
||||||
|
|
||||||
@rem Execute Gradle
|
@rem Execute Gradle
|
||||||
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
|
||||||
|
|
||||||
:end
|
:end
|
||||||
@rem End local scope for the variables with windows NT shell
|
@rem End local scope for the variables with windows NT shell
|
||||||
if "%ERRORLEVEL%"=="0" goto mainEnd
|
if %ERRORLEVEL% equ 0 goto mainEnd
|
||||||
|
|
||||||
:fail
|
:fail
|
||||||
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
||||||
rem the _cmd.exe /c_ return code!
|
rem the _cmd.exe /c_ return code!
|
||||||
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
set EXIT_CODE=%ERRORLEVEL%
|
||||||
exit /b 1
|
if %EXIT_CODE% equ 0 set EXIT_CODE=1
|
||||||
|
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
|
||||||
|
exit /b %EXIT_CODE%
|
||||||
|
|
||||||
:mainEnd
|
:mainEnd
|
||||||
if "%OS%"=="Windows_NT" endlocal
|
if "%OS%"=="Windows_NT" endlocal
|
||||||
|
@ -1,18 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# script that pulls version information from git for populating the portal dispalyed version,
|
|
||||||
# RPM file names, and RPM embedded version information
|
|
||||||
|
|
||||||
# script should be invoked with 'source' so that the variables are in the scope of the caller
|
|
||||||
|
|
||||||
GIT_HASH=`git rev-parse HEAD | head -c6`
|
|
||||||
VERSION=`cat $SCRIPT_DIR/../VERSION`
|
|
||||||
GIT_COMMIT_UNIX_TIMESTAMP=`git show -s --format=%ct | xargs echo -n`
|
|
||||||
RELEASE="$((GIT_COMMIT_UNIX_TIMESTAMP)).$GIT_HASH"
|
|
||||||
DISPLAY_VERSION="$VERSION.$GIT_COMMIT_UNIX_TIMESTAMP.$GIT_HASH"
|
|
||||||
|
|
||||||
echo "Building version:"
|
|
||||||
echo "VERSION: $VERSION"
|
|
||||||
echo "GIT_COMMIT_UNIX_TIMESTAMP: $GIT_COMMIT_UNIX_TIMESTAMP"
|
|
||||||
echo "RELEASE: $RELEASE"
|
|
||||||
echo "DISPLAY_VERSION: $DISPLAY_VERSION"
|
|
@ -1,131 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# Builds the centos 6/7 package for HIRS. This script can be passed a list of arguments that are relative paths to plugin script files.
|
|
||||||
# The plugin script files are provided the destination directory of where to put the plugin jar file.
|
|
||||||
|
|
||||||
# argument $1: Extra package name addendum string
|
|
||||||
# argument $2 to end: plugin script dirs.
|
|
||||||
|
|
||||||
# store the initial directory so this script can concatenate the relative paths specified for the plugin scripts
|
|
||||||
INITIAL_DIR=`pwd`
|
|
||||||
|
|
||||||
# Enter package directory
|
|
||||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
||||||
cd $SCRIPT_DIR/rpm
|
|
||||||
|
|
||||||
# Set variables
|
|
||||||
RPM_BUILD_DIR=`pwd`
|
|
||||||
# assign build version vars
|
|
||||||
source $SCRIPT_DIR/build_version_helper.sh
|
|
||||||
|
|
||||||
PLUGIN_SOURCE="$RPM_BUILD_DIR/PLUGIN_SOURCE"
|
|
||||||
PACKAGE_NAME_ADDENDUM="$1"
|
|
||||||
RPM_EXTRA_CLIENT_DEPENDENCIES="$2"
|
|
||||||
RPM_EXTRA_SERVER_DEPENDENCIES="$3"
|
|
||||||
|
|
||||||
# prepend comma on the extra dependency lists so it can be added to spec file as is, but only if there are
|
|
||||||
# extra dependencies (not empty)
|
|
||||||
if [ ! -z "$RPM_EXTRA_CLIENT_DEPENDENCIES" ]; then
|
|
||||||
RPM_EXTRA_CLIENT_DEPENDENCIES=", $RPM_EXTRA_CLIENT_DEPENDENCIES"
|
|
||||||
fi
|
|
||||||
if [ ! -z "$RPM_EXTRA_SERVER_DEPENDENCIES" ]; then
|
|
||||||
RPM_EXTRA_SERVER_DEPENDENCIES=", $RPM_EXTRA_SERVER_DEPENDENCIES"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "extra client dependencies:$RPM_EXTRA_CLIENT_DEPENDENCIES"
|
|
||||||
echo "extra server dependencies:$RPM_EXTRA_SERVER_DEPENDENCIES"
|
|
||||||
|
|
||||||
# Clear old builds
|
|
||||||
rm -rf RPMS SRPMS $PLUGIN_SOURCE
|
|
||||||
|
|
||||||
# Create directories
|
|
||||||
mkdir -p BUILD BUILDROOT RPMS SOURCES SPECS SRPMS $PLUGIN_SOURCE
|
|
||||||
|
|
||||||
|
|
||||||
# build all plugins starting with fourth argument.
|
|
||||||
echo "Building plugins into $PLUGIN_SOURCE"
|
|
||||||
for plugin_script in "${@:4}"
|
|
||||||
do
|
|
||||||
# convert argument to absolute path if necessary
|
|
||||||
if [ "${plugin_script:0:1}" = "/" ]; then
|
|
||||||
plugin_abs_path_script=$plugin_script
|
|
||||||
else
|
|
||||||
plugin_abs_path_script="$INITIAL_DIR/$plugin_script"
|
|
||||||
fi
|
|
||||||
echo "Building Plugin: $plugin_abs_path_script"
|
|
||||||
$plugin_abs_path_script $PLUGIN_SOURCE
|
|
||||||
plugin_return_code=$?
|
|
||||||
|
|
||||||
if [ $plugin_return_code -ne 0 ]; then
|
|
||||||
echo "Failed to build plugin $plugin_abs_path_script. Aborting"
|
|
||||||
exit -1
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Move specs & sources
|
|
||||||
cp *.spec SPECS
|
|
||||||
|
|
||||||
# Copy sources for TPM Module
|
|
||||||
tar -c -f SOURCES/tpm_module-$GIT_HASH.tar --exclude='dist' --exclude='build' ../../tpm_module/ --transform s/tpm_module/tpm_module-$GIT_HASH/
|
|
||||||
tar --append -f SOURCES/tpm_module-$GIT_HASH.tar ../../NOTICE
|
|
||||||
|
|
||||||
# Build RPM for TPM Module
|
|
||||||
rpmbuild --nodeps -ba SPECS/tpm-module.spec --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH || { echo 'Failed to package tpm_module'; exit 1; }
|
|
||||||
echo '************************************************************************************'
|
|
||||||
echo 'TPM Module RPM successfully built'
|
|
||||||
echo '************************************************************************************'
|
|
||||||
|
|
||||||
# Copy sources
|
|
||||||
tar -c -f SOURCES/HIRS-$GIT_HASH.tar ../../settings.gradle ../../build.gradle ../../VERSION ../../gradle.properties ../../gradlew ../../gradle/
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_AttestationCA
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_AttestationCAPortal
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Provisioner
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Structs
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../HIRS_Utils
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar --exclude='build' ../../TPM_Utils
|
|
||||||
|
|
||||||
# copy includes directory into release TAR
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../extras/
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../scripts/
|
|
||||||
tar --append -f SOURCES/HIRS-$GIT_HASH.tar ../../NOTICE
|
|
||||||
|
|
||||||
# Build HIRS CentOS6 RPMs. Provides PLUGIN_SOURCE variable to gradle task.
|
|
||||||
if [ -z "$ONLY_BUILD_EL7_RPMS" ]; then
|
|
||||||
echo "Building CentOS6 RPMs..."
|
|
||||||
rpmbuild --nodeps -ba SPECS/HIRS.spec --define 'build6 1' --define 'dist .el6' --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH --define 'DISPLAY_VERSION '$DISPLAY_VERSION --define 'PLUGIN_SOURCE '$PLUGIN_SOURCE --define 'PACKAGE_NAME_ADDENDUM '$PACKAGE_NAME_ADDENDUM --define 'RPM_EXTRA_CLIENT_DEPENDENCIES '"$RPM_EXTRA_CLIENT_DEPENDENCIES" --define 'RPM_EXTRA_SERVER_DEPENDENCIES '"$RPM_EXTRA_SERVER_DEPENDENCIES"|| { echo 'Failed to package HIRS'; exit 1; }
|
|
||||||
echo '************************************************************************************'
|
|
||||||
echo 'HIRS CentOS6 RPMs successfully built'
|
|
||||||
echo '************************************************************************************'
|
|
||||||
else
|
|
||||||
echo "Skipping building CentOS6 RPMs because of ONLY_BUILD_EL7_RPMS environment variable"
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Cleanup before CENTOS 7 build
|
|
||||||
rm -rf BUILD BUILDROOT
|
|
||||||
|
|
||||||
## Build HIRS CentOS7 RPMs. Provides PLUGIN_SOURCE variable to gradle task
|
|
||||||
if [ -z "$ONLY_BUILD_EL6_RPMS" ]; then
|
|
||||||
rpmbuild --nodeps -ba SPECS/HIRS.spec --define 'build7 1' --define 'dist .el7' --define '_topdir '$RPM_BUILD_DIR --define 'VERSION '$VERSION --define 'RELEASE '$RELEASE --define 'GIT_HASH '$GIT_HASH --define 'DISPLAY_VERSION '$DISPLAY_VERSION --define 'PLUGIN_SOURCE '$PLUGIN_SOURCE --define 'PACKAGE_NAME_ADDENDUM '$PACKAGE_NAME_ADDENDUM --define 'RPM_EXTRA_CLIENT_DEPENDENCIES '"$RPM_EXTRA_CLIENT_DEPENDENCIES" --define 'RPM_EXTRA_SERVER_DEPENDENCIES '"$RPM_EXTRA_SERVER_DEPENDENCIES"|| { echo 'Failed to package HIRS'; exit 1; }
|
|
||||||
echo '************************************************************************************'
|
|
||||||
echo 'HIRS CentOS7 RPMs successfully built'
|
|
||||||
echo '************************************************************************************'
|
|
||||||
else
|
|
||||||
echo "Skipping building CentOS7 RPMs because of ONLY_BUILD_EL6_RPMS environment variable"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Cleanup
|
|
||||||
rm -rf BUILD BUILDROOT SOURCES SPECS $PLUGIN_SOURCE
|
|
||||||
|
|
||||||
# Build RPM for HIRS_ProvisionerTPM2
|
|
||||||
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.centos7.sh
|
|
||||||
if [ -f RPMS/x86_64/HIRS_Provisioner_TPM_2_0*.rpm ]; then
|
|
||||||
echo '************************************************************************************'
|
|
||||||
echo 'HIRS_ProvisionerTPM2 RPM successfully built'
|
|
||||||
echo '************************************************************************************'
|
|
||||||
else
|
|
||||||
echo 'Error: HIRS_ProvisionerTPM2 failed to package'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
@ -1,114 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Define script directory
|
|
||||||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
|
||||||
|
|
||||||
# Set variables
|
|
||||||
GIT_HASH=`git rev-parse HEAD | head -c6`
|
|
||||||
# assign build version vars
|
|
||||||
source $SCRIPT_DIR/build_version_helper.sh
|
|
||||||
DEBIAN_FULL_VERSION=$VERSION.$RELEASE
|
|
||||||
OS=`lsb_release -c | awk '{print $2}'`
|
|
||||||
PROVISIONER_FULL_PACKAGE_NAME="hirs-provisioner"
|
|
||||||
|
|
||||||
# Enter package directory
|
|
||||||
mkdir -p $SCRIPT_DIR/deb
|
|
||||||
cd $SCRIPT_DIR/deb
|
|
||||||
|
|
||||||
# Clear old builds
|
|
||||||
rm -rf DEB_SOURCES
|
|
||||||
rm -f DEBS/hirs*.deb
|
|
||||||
rm -f DEBS/tpm-module*.deb
|
|
||||||
|
|
||||||
# Create directories
|
|
||||||
mkdir -p DEBS
|
|
||||||
|
|
||||||
# Copy Sources for HIRS_Provisioner
|
|
||||||
cd $SCRIPT_DIR/..
|
|
||||||
|
|
||||||
# build HIRS items.
|
|
||||||
./gradlew -PdisplayVersion=$DISPLAY_VERSION :HIRS_Provisioner:installDist
|
|
||||||
|
|
||||||
# Setup Provisioner directories
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/bin
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/lib
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
|
|
||||||
|
|
||||||
# Copy Provisioner files
|
|
||||||
cp -r HIRS_Provisioner/build/install/HIRS_Provisioner/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner
|
|
||||||
rm -rf $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/bin/*.bat
|
|
||||||
cp -r HIRS_Provisioner/debian/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
|
|
||||||
cp -r HIRS_Provisioner/man/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian
|
|
||||||
cp -r HIRS_Provisioner/scripts/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
|
||||||
cp -r HIRS_Provisioner/src/main/resources/*.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts/install
|
|
||||||
|
|
||||||
cp -r HIRS_Provisioner/setup/* $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
|
|
||||||
cp HIRS_Provisioner/hirs-provisioner-config.sh $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
|
||||||
cp HIRS_Provisioner/scripts/install/*.sh $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/scripts
|
|
||||||
cp HIRS_Provisioner/setup/hirs-provisioner.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup
|
|
||||||
cp HIRS_Provisioner/build/resources/main/defaults.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner/setup/provisioner.properties
|
|
||||||
cp HIRS_Utils/src/main/resources/logging.properties $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/install-provisioner
|
|
||||||
cp NOTICE $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/copyright
|
|
||||||
|
|
||||||
sed -i "s/VER/$DEBIAN_FULL_VERSION/" $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/changelog
|
|
||||||
sed -i "s/RELEASE/$OS/" $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner/debian/changelog
|
|
||||||
|
|
||||||
# Build Debian package for HIRS Provisioner
|
|
||||||
echo "Building $PROVISIONER_FULL_PACKAGE_NAME"
|
|
||||||
cd $SCRIPT_DIR/deb/DEB_SOURCES/$PROVISIONER_FULL_PACKAGE_NAME/
|
|
||||||
debuild -i -us -uc -b
|
|
||||||
ret=$?
|
|
||||||
|
|
||||||
if [[ $ret -ne 0 ]]; then
|
|
||||||
echo "Failed to build HIRS Provisioner deb package"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mv $SCRIPT_DIR/deb/DEB_SOURCES/hirs-provisioner*.deb $SCRIPT_DIR/deb/DEBS/
|
|
||||||
|
|
||||||
echo "HIRS Provisioner deb building complete"
|
|
||||||
|
|
||||||
# TPM Module
|
|
||||||
cd $SCRIPT_DIR/..
|
|
||||||
|
|
||||||
# Compile the TPM Module
|
|
||||||
./gradlew :tpm_module:build
|
|
||||||
cd tpm_module
|
|
||||||
|
|
||||||
# Setup build directories
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/src
|
|
||||||
|
|
||||||
# Copy build files
|
|
||||||
cp tpm_module $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/src/
|
|
||||||
cp -r debian/* $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
|
|
||||||
cp -r man/* $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian
|
|
||||||
cp ../NOTICE $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/debian/copyright
|
|
||||||
|
|
||||||
# Build Debian package for TPM Module
|
|
||||||
cd $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module/
|
|
||||||
debuild -i -us -uc -b
|
|
||||||
ret=$?
|
|
||||||
|
|
||||||
if [[ $ret -ne 0 ]]; then
|
|
||||||
echo "Failed to build tpm-module deb package"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mkdir -p $SCRIPT_DIR/deb/DEBS/
|
|
||||||
mv $SCRIPT_DIR/deb/DEB_SOURCES/tpm-module*.deb $SCRIPT_DIR/deb/DEBS/
|
|
||||||
|
|
||||||
echo "TPM deb building complete"
|
|
||||||
|
|
||||||
# HIRS Provisioner TPM 2.0
|
|
||||||
cd $SCRIPT_DIR/deb
|
|
||||||
$SCRIPT_DIR/../HIRS_ProvisionerTPM2/package/package.tpm2.ubuntu.sh
|
|
||||||
if [ -f DEBS/HIRSProvisionerTPM2.0*.deb ]; then
|
|
||||||
echo 'HIRS Provisioner TPM 2.0 deb building complete'
|
|
||||||
else
|
|
||||||
echo 'Failed to build HIRS Provisioner TPM 2.0 deb package'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
@ -1,337 +0,0 @@
|
|||||||
# need to run rpmbuild with either:
|
|
||||||
# --define 'build6 1' --define 'dist .el6'
|
|
||||||
# --define 'build7 1' --define 'dist .el7'
|
|
||||||
|
|
||||||
# rpm runs scripts with $1 holding the number of currently installed version of the package in question:
|
|
||||||
# Install the first time: 1
|
|
||||||
# Upgrade: 2 or higher (depending on the number of versions installed)
|
|
||||||
# Remove last version of package: 0
|
|
||||||
# from RedHat RPM Guide by Eric Foster-Johnston
|
|
||||||
|
|
||||||
Name : HIRS
|
|
||||||
Version : %{?VERSION}
|
|
||||||
Release : %{?RELEASE}%{?dist}
|
|
||||||
Source : %{name}-%{?GIT_HASH}.tar
|
|
||||||
Group : System Environment/Base
|
|
||||||
License : ASL 2.0
|
|
||||||
Summary : HIRS
|
|
||||||
BuildArch : noarch
|
|
||||||
BuildRoot : %{_tmppath}/%{name}-%{version}-root
|
|
||||||
BuildRequires : java-1.8.0-openjdk-devel
|
|
||||||
|
|
||||||
%description
|
|
||||||
Host Integrity at Runtime and Startup (HIRS) parent spec.
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%setup -q -c
|
|
||||||
|
|
||||||
%define provisioner_package_name HIRS_Provisioner_TPM_1_2%{?PACKAGE_NAME_ADDENDUM}
|
|
||||||
%define __jar_repack 0
|
|
||||||
|
|
||||||
##########################
|
|
||||||
# HIRS_Provisioner_TPM_1_2
|
|
||||||
##########################
|
|
||||||
%package -n %{provisioner_package_name}
|
|
||||||
Summary : Host Integrity at Runtime and Startup (HIRS) Provisioner
|
|
||||||
Group : System Environment/Base
|
|
||||||
|
|
||||||
%if 0%{?build6}
|
|
||||||
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, initscripts, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?build7}
|
|
||||||
Requires : tpm_module, java-1.8.0, wget, util-linux, chkconfig, sed, systemd, coreutils, dmidecode, paccor, bash%{?RPM_EXTRA_CLIENT_DEPENDENCIES}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description -n %{provisioner_package_name}
|
|
||||||
Host Integrity at Runtime and Startup (HIRS) Provisioner.
|
|
||||||
|
|
||||||
%pre -n %{provisioner_package_name}
|
|
||||||
if [[ $(find /sys/devices -name "tpm0") ]]; then
|
|
||||||
echo "TPM detected"
|
|
||||||
if [ -f "/usr/lib/systemd/system/tcsd.service" ]; then
|
|
||||||
echo "Starting tcsd service"
|
|
||||||
systemctl start tcsd
|
|
||||||
ret=$?
|
|
||||||
if [[ $ret -ne 0 ]]; then
|
|
||||||
echo "WARNING: FAILED TO START tcsd SERVICE, PROVISIONING WILL FAIL WITHOUT THIS SERVICE"
|
|
||||||
fi
|
|
||||||
echo "Adding tcsd (Trousers) to run levels 1,3,5, and 6"
|
|
||||||
chkconfig --level 1356 tcsd on
|
|
||||||
else
|
|
||||||
echo "Starting tcsd service"
|
|
||||||
service tcsd start
|
|
||||||
ret=$?
|
|
||||||
if [[ $ret -ne 0 ]]; then
|
|
||||||
echo "WARNING: FAILED TO START tcsd SERVICE, PROVISIONING WILL FAIL WITHOUT THIS SERVICE"
|
|
||||||
fi
|
|
||||||
echo "Adding tcsd (Trousers) to run levels 1,3,5, and 6"
|
|
||||||
chkconfig --level 1356 tcsd on
|
|
||||||
fi
|
|
||||||
if [ ! -d "/sys/kernel/security/tpm0" ]; then
|
|
||||||
echo "Mounting security fs partition"
|
|
||||||
sed -i '$a securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0' /etc/fstab
|
|
||||||
mount -a
|
|
||||||
if [ -d "/sys/kernel/security/tpm0" ]; then
|
|
||||||
echo "SUCCESS: security fs partition mounted"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo "WARNING: UNABLE TO LOCATE TPM DEVICE, TPM PROVISIONING WILL FAIL"
|
|
||||||
fi
|
|
||||||
|
|
||||||
%post -n %{provisioner_package_name}
|
|
||||||
# copy default property files into /etc/hirs if not present
|
|
||||||
mkdir -p /etc/hirs/
|
|
||||||
cp -n /opt/hirs/default-properties/provisioner/* /etc/hirs/
|
|
||||||
|
|
||||||
# copy common scripts into /opt/hirs/scripts/common
|
|
||||||
cp -f /opt/hirs/scripts/common/provisioner/* /opt/hirs/scripts/common/
|
|
||||||
|
|
||||||
echo 'Creating symlink for hirs-provisioner command'
|
|
||||||
ln -s -f /usr/share/hirs/provisioner/tpm_aca_provision /usr/sbin/tpm_aca_provision
|
|
||||||
chmod +x /usr/share/hirs/provisioner/tpm_aca_provision
|
|
||||||
ln -s -f /usr/share/hirs/provisioner/hirs-provisioner.sh /usr/sbin/hirs-provisioner
|
|
||||||
chmod +x /usr/share/hirs/provisioner/hirs-provisioner.sh
|
|
||||||
hirs-provisioner -c
|
|
||||||
|
|
||||||
%postun -n %{provisioner_package_name}
|
|
||||||
# don't run these during an upgrade
|
|
||||||
if [ "$1" = "0" ]; then
|
|
||||||
rm -rf /etc/hirs/provisioner
|
|
||||||
rm -rf /etc/hirs/certificates
|
|
||||||
rm -f /usr/sbin/hirs-provisioner
|
|
||||||
rm -rf /usr/share/hirs/provisioner
|
|
||||||
|
|
||||||
rm -rf /var/log/hirs/provisioner
|
|
||||||
|
|
||||||
# if there are no more HIRS packages remaining,
|
|
||||||
# remove all HIRS directories
|
|
||||||
if [[ -z `rpm -qa "HIRS*" | grep -v HIRS_Provisioner_TPM_1_2` ]]; then
|
|
||||||
rm -rf /etc/hirs
|
|
||||||
rm -rf /opt/hirs
|
|
||||||
rm -rf /usr/share/hirs
|
|
||||||
rm -rf /var/log/hirs
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
%files -n %{provisioner_package_name}
|
|
||||||
%license NOTICE
|
|
||||||
/etc/hirs/provisioner
|
|
||||||
%attr(664, root, root) /opt/hirs/default-properties/provisioner/logging.properties
|
|
||||||
%attr(774, root, root) /opt/hirs/scripts/common/provisioner/
|
|
||||||
/usr/share/hirs/provisioner
|
|
||||||
%{_mandir}/man1/hirs-provisioner.1.gz
|
|
||||||
|
|
||||||
####################
|
|
||||||
# HIRS_AttestationCA
|
|
||||||
####################
|
|
||||||
|
|
||||||
%package -n HIRS_AttestationCA
|
|
||||||
Summary : Host Integrity at Runtime and Startup (HIRS) Attestation Certificate Authority (HIRS AttestationCA)
|
|
||||||
Group : System Environment/Base
|
|
||||||
|
|
||||||
%if 0%{?build6}
|
|
||||||
Requires : mysql-server, openssl, tomcat6, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, iptables
|
|
||||||
Prefix : /usr/share/tomcat6
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if 0%{?build7}
|
|
||||||
Requires : mariadb-server, openssl, tomcat, java-1.8.0, rpmdevtools, coreutils, initscripts, chkconfig, sed, grep, firewalld, policycoreutils
|
|
||||||
Prefix : /usr/share/tomcat
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description -n HIRS_AttestationCA
|
|
||||||
Host Integrity at Runtime and Startup (HIRS) Attestation CA. Installs and creates keys for HIRS Attestation CA to support generating AIKs
|
|
||||||
|
|
||||||
%pre -n HIRS_AttestationCA
|
|
||||||
if [ ! -d $RPM_INSTALL_PREFIX ]; then
|
|
||||||
echo "error: Tomcat directory not found. Re-run this rpm installation with --prefix=\"<absolute-tomcat-directory>\""
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
%post -n HIRS_AttestationCA
|
|
||||||
# copy default property files into /etc/hirs if not present
|
|
||||||
mkdir -p /etc/hirs
|
|
||||||
cp -n /opt/hirs/default-properties/attestationca/* /etc/hirs/
|
|
||||||
|
|
||||||
# loop over common scripts and place into /opt/hirs/scripts/common
|
|
||||||
mkdir -p /opt/hirs/scripts/common/
|
|
||||||
cp -f /opt/hirs/scripts/common/aca/* /opt/hirs/scripts/common/
|
|
||||||
|
|
||||||
# run these only on a fresh install of the package
|
|
||||||
if [ $1 == 1 ]; then
|
|
||||||
# open necessary ports
|
|
||||||
sh /opt/hirs/scripts/common/firewall_configure_tomcat.sh
|
|
||||||
|
|
||||||
# Allow Tomcat to use port 3306 to communicate with MySQL
|
|
||||||
%if 0%{?build7}
|
|
||||||
if [ selinuxenabled ]; then
|
|
||||||
semodule -i /opt/hirs/extras/aca/tomcat-mysql-hirs.pp
|
|
||||||
fi
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# create trust stores, configure tomcat and db
|
|
||||||
sh /opt/hirs/scripts/common/ssl_configure.sh server
|
|
||||||
|
|
||||||
# create the database
|
|
||||||
sh /opt/hirs/scripts/common/db_create.sh
|
|
||||||
fi
|
|
||||||
|
|
||||||
# modify mysql schema accordingly on upgrade
|
|
||||||
if [ $1 -gt 1 ]; then
|
|
||||||
#update version number on portal banner
|
|
||||||
echo %{?DISPLAY_VERSION} | tee '%{prefix}/webapps/HIRS_AttestationCAPortal/WEB-INF/classes/VERSION'
|
|
||||||
|
|
||||||
echo "Upgrading hirs_db schema!"
|
|
||||||
if [ %{version} == "1.0.4" ]; then
|
|
||||||
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql); then
|
|
||||||
echo "Upgrade to version 1.0.4"
|
|
||||||
else
|
|
||||||
echo "Error upgrading HIRS database schema to 1.0.4!"
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
elif [ %{version} == "1.1.0" ]; then
|
|
||||||
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql && \
|
|
||||||
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.0.sql); then
|
|
||||||
echo "Upgrade to version 1.1.0"
|
|
||||||
else
|
|
||||||
echo "Error upgrading HIRS database schema to 1.1.0!"
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
elif [ %{version} == "1.1.1" ]; then
|
|
||||||
if (mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.0.4.sql && \
|
|
||||||
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.0.sql && \
|
|
||||||
mysql -u root hirs_db < /opt/hirs/scripts/common/upgrade_schema_1.1.1.sql); then
|
|
||||||
echo "Upgrade to version 1.1.1"
|
|
||||||
else
|
|
||||||
echo "Error upgrading HIRS database schema to 1.1.1!"
|
|
||||||
exit 1;
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
sh /opt/hirs/scripts/aca/certificate_generate.sh
|
|
||||||
|
|
||||||
%preun -n HIRS_AttestationCA
|
|
||||||
# don't run these during an upgrade
|
|
||||||
if [ $1 == 0 ]; then
|
|
||||||
# if the Server isn't installed, deconfigure Tomcat and MySQL SSL and drop the database
|
|
||||||
if [[ -z `rpm -qa HIRS_Server` ]]; then
|
|
||||||
echo 'Restoring Tomcat and MySQL configuration'
|
|
||||||
sh /opt/hirs/scripts/common/ssl_deconfigure.sh server
|
|
||||||
|
|
||||||
echo 'Dropping local HIRS database'
|
|
||||||
sh /opt/hirs/scripts/common/db_drop.sh
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
%postun -n HIRS_AttestationCA
|
|
||||||
# don't run these during an upgrade
|
|
||||||
if [ $1 == 0 ]; then
|
|
||||||
# Removes WARS from the Tomcat installation as well as ACA configuration files and certificates
|
|
||||||
# (/etc/hirs/aca), and ACA installation (/opt/hirs/attestation-ca). Do not run during an upgrade
|
|
||||||
rm -f %{prefix}/webapps/HIRS_AttestationCA*.war
|
|
||||||
rm -rf %{prefix}/webapps/HIRS_AttestationCA*
|
|
||||||
rm -rf /etc/hirs/aca
|
|
||||||
rm -rf /opt/hirs/attestation-ca
|
|
||||||
|
|
||||||
# if the Server and Appraiser are not installed, remove certificates directory
|
|
||||||
if [[ -z `rpm -qa "HIRS_(Server|Appraiser)"` ]]; then
|
|
||||||
rm -rf /etc/hirs/certificates
|
|
||||||
fi
|
|
||||||
|
|
||||||
# if there are no more HIRS packages remaining,
|
|
||||||
# remove all HIRS directories
|
|
||||||
if [[ -z `rpm -qa "HIRS*" | grep -v HIRS_AttestationCA` ]]; then
|
|
||||||
rm -rf /etc/hirs
|
|
||||||
rm -rf /opt/hirs
|
|
||||||
rm -rf /usr/share/hirs
|
|
||||||
rm -rf /var/log/hirs
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
%files -n HIRS_AttestationCA
|
|
||||||
%license NOTICE
|
|
||||||
%attr(664, root, tomcat) %{prefix}/webapps/HIRS_AttestationCA.war
|
|
||||||
%attr(664, root, tomcat) %{prefix}/webapps/HIRS_AttestationCAPortal.war
|
|
||||||
%attr(774, root, tomcat) /etc/hirs/aca/
|
|
||||||
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/logging.properties
|
|
||||||
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/banner.properties
|
|
||||||
%attr(664, root, tomcat) /opt/hirs/default-properties/attestationca/persistence.properties
|
|
||||||
%attr(664, root, tomcat) /opt/hirs/default-properties/component-class.json
|
|
||||||
%attr(664, root, tomcat) /opt/hirs/default-properties/vendor-table.json
|
|
||||||
%attr(774, root, tomcat) /opt/hirs/scripts/common/aca
|
|
||||||
%attr(774, root, tomcat) /opt/hirs/scripts/aca
|
|
||||||
%attr(774, root, tomcat) /opt/hirs/extras/aca/tomcat-mysql-hirs.pp
|
|
||||||
%attr(774, root, tomcat) /opt/hirs/extras/aca/tomcat-mysql-hirs.te
|
|
||||||
|
|
||||||
####################
|
|
||||||
# Build and install
|
|
||||||
####################
|
|
||||||
|
|
||||||
%build
|
|
||||||
./gradlew -PpluginDir=%{?PLUGIN_SOURCE} -PdisplayVersion=%{?DISPLAY_VERSION} :HIRS_Provisioner:installDist :HIRS_AttestationCA:war :HIRS_AttestationCAPortal:war
|
|
||||||
|
|
||||||
%install
|
|
||||||
# prepare provisioner for packaging
|
|
||||||
cd HIRS_Provisioner
|
|
||||||
mkdir -p %{buildroot}/usr/share/hirs/provisioner
|
|
||||||
mkdir -p %{buildroot}/%{_mandir}/man1
|
|
||||||
cp -r build/install/HIRS_Provisioner/* %{buildroot}/usr/share/hirs/provisioner
|
|
||||||
|
|
||||||
sed -i '/exec "$JAVACMD" "$@"/i /opt/hirs/scripts/common/jvm_version_check.sh $JAVACMD' %{buildroot}/usr/share/hirs/provisioner/bin/HIRS_Provisioner
|
|
||||||
|
|
||||||
mkdir -p %{buildroot}/etc/hirs/provisioner/certs
|
|
||||||
cp scripts/install/hirs-provisioner.sh %{buildroot}/usr/share/hirs/provisioner/
|
|
||||||
cp scripts/install/tpm_aca_provision %{buildroot}/usr/share/hirs/provisioner/
|
|
||||||
cp hirs-provisioner-config.sh %{buildroot}/etc/hirs/provisioner
|
|
||||||
cp create-ek-cert.sh %{buildroot}/etc/hirs/provisioner
|
|
||||||
cp src/main/resources/defaults.properties %{buildroot}/etc/hirs/provisioner/provisioner.properties
|
|
||||||
cp -r setup %{buildroot}/etc/hirs/provisioner/
|
|
||||||
gzip -c man/hirs-provisioner.1 > %{buildroot}/%{_mandir}/man1/hirs-provisioner.1.gz
|
|
||||||
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/scripts/common/provisioner
|
|
||||||
cp ../scripts/common/jvm_version_check.sh %{buildroot}/opt/hirs/scripts/common/provisioner/
|
|
||||||
|
|
||||||
# copy common scripts
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/scripts/common/aca
|
|
||||||
cp ../scripts/common/* %{buildroot}/opt/hirs/scripts/common/aca/
|
|
||||||
|
|
||||||
# prepare ACA for packaging
|
|
||||||
cd ../HIRS_AttestationCA
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/scripts/aca
|
|
||||||
cp ../scripts/aca/* %{buildroot}/opt/hirs/scripts/aca
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/attestation-ca/
|
|
||||||
mkdir -p %{buildroot}/etc/hirs/aca/certificates/
|
|
||||||
mkdir -p %{buildroot}/etc/hirs/aca/client-files/
|
|
||||||
mkdir -p %{buildroot}%{prefix}/webapps/
|
|
||||||
cp build/libs/HIRS_AttestationCA.war %{buildroot}%{prefix}/webapps/
|
|
||||||
cp src/main/resources/defaults.properties %{buildroot}/etc/hirs/aca/aca.properties
|
|
||||||
|
|
||||||
# prepare ACA Portal for packaging
|
|
||||||
cd ../HIRS_AttestationCAPortal
|
|
||||||
mkdir -p %{buildroot}%{prefix}/webapps/
|
|
||||||
cp build/libs/HIRS_AttestationCAPortal.war %{buildroot}%{prefix}/webapps/
|
|
||||||
# note: no ACA Portal specific resource files to copy yet...
|
|
||||||
|
|
||||||
# creates the home directory for activemq user so SELinux doesn't complain
|
|
||||||
mkdir -p %{buildroot}/srv/activemq
|
|
||||||
mkdir -p %{buildroot}/etc/hirs/portal
|
|
||||||
|
|
||||||
cd ..
|
|
||||||
|
|
||||||
# copy over the properties files
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/default-properties/provisioner
|
|
||||||
cp HIRS_Utils/src/main/resources/logging.properties %{buildroot}/opt/hirs/default-properties/provisioner/logging.properties
|
|
||||||
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/default-properties/attestationca
|
|
||||||
cp HIRS_Utils/src/main/resources/persistence.properties %{buildroot}/opt/hirs/default-properties/attestationca/
|
|
||||||
cp HIRS_Utils/src/main/resources/logging.properties %{buildroot}/opt/hirs/default-properties/attestationca/
|
|
||||||
cp HIRS_Utils/src/main/resources/banner.properties %{buildroot}/opt/hirs/default-properties/attestationca/
|
|
||||||
cp HIRS_Utils/src/main/resources/component-class.json %{buildroot}/opt/hirs/default-properties/
|
|
||||||
cp -n HIRS_Utils/src/main/resources/vendor-table.json %{buildroot}/opt/hirs/default-properties/
|
|
||||||
|
|
||||||
# install extras
|
|
||||||
mkdir -p %{buildroot}/opt/hirs/extras
|
|
||||||
cp -r extras/ %{buildroot}/opt/hirs/
|
|
@ -1,62 +0,0 @@
|
|||||||
Name : tpm_module
|
|
||||||
Vendor : U.S. Government
|
|
||||||
Summary : Tool used to interface with the TPM
|
|
||||||
Version : %{?VERSION}
|
|
||||||
Release : %{?RELEASE}
|
|
||||||
Source : tpm_module-%{?GIT_HASH}.tar
|
|
||||||
|
|
||||||
Group : System Environment/Base
|
|
||||||
License : ASL 2.0
|
|
||||||
|
|
||||||
Requires : tpm-tools, trousers
|
|
||||||
BuildRequires : cpp
|
|
||||||
BuildRequires : gcc-c++
|
|
||||||
BuildRequires : trousers-devel
|
|
||||||
|
|
||||||
BuildArch : x86_64
|
|
||||||
BuildRoot : %{_tmppath}/%{name}-%{version}-root
|
|
||||||
|
|
||||||
%description
|
|
||||||
Trusted Platform Module (TPM) interface module. This software is designed to provide a platform-independent interface to a client's TPM. It imlpements functionality similar to and exceeding that of tpm-tools in some cases. This software is intended for use with the HIR reporting infrastructure to help clients generate integrity reports based on TPM data.
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%setup -q -n %{name}-%{?GIT_HASH}
|
|
||||||
|
|
||||||
%build
|
|
||||||
rm -f main.d main.o tpm_module
|
|
||||||
make
|
|
||||||
|
|
||||||
%install
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/bin
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/usr/share/man/man1
|
|
||||||
cp tpm_module $RPM_BUILD_ROOT/usr/bin/
|
|
||||||
gzip -c man/tpm_module.1 > $RPM_BUILD_ROOT/usr/share/man/man1/tpm_module.1.gz
|
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf $RPM_BUILD_ROOT
|
|
||||||
|
|
||||||
%files
|
|
||||||
%license ../NOTICE
|
|
||||||
/usr/bin/tpm_module
|
|
||||||
/usr/share/man/man1/tpm_module.1.gz
|
|
||||||
|
|
||||||
%changelog
|
|
||||||
* Thu Feb 5 2015 3.11
|
|
||||||
- Modify to support new directory structure
|
|
||||||
* Mon May 5 2014 3.11
|
|
||||||
- Set up automatic builds
|
|
||||||
* Wed Jan 8 2014 3.10
|
|
||||||
- Added more comments, legal disclaimers, and changed behavior of error output.
|
|
||||||
* Wed Dec 4 2013 3.09
|
|
||||||
- Tweaked toggling of TSS_CAP_VERSION_INFO. Added additional debugging messages to describe errors.
|
|
||||||
* Mon Dec 2 2013 3.08
|
|
||||||
- TSS_CAP_VERSION_INFO is no longer required on quote2. Other tweaks for platform compatibility.
|
|
||||||
* Tue Oct 1 2013 3.08
|
|
||||||
- Improved commenting and documentation, fixed help info, changed behavior of clearing function
|
|
||||||
* Tue Jul 17 2012 3.07
|
|
||||||
- Fixed mask utility function handling of 'F' (70, not 80)
|
|
||||||
* Wed May 2 2012 3.06
|
|
||||||
- Corrected bug in changekeyauth function
|
|
||||||
* Tue May 1 2012 3.05
|
|
||||||
- Initial package release
|
|
@ -6,7 +6,6 @@
|
|||||||
#
|
#
|
||||||
#####################################################################################
|
#####################################################################################
|
||||||
|
|
||||||
USE_WAR=$1
|
|
||||||
CONFIG_FILE="/etc/hirs/aca/application.properties"
|
CONFIG_FILE="/etc/hirs/aca/application.properties"
|
||||||
ALG=RSA
|
ALG=RSA
|
||||||
RSA_PATH=rsa_3k_sha384_certs
|
RSA_PATH=rsa_3k_sha384_certs
|
||||||
@ -21,6 +20,51 @@ if [ "$EUID" -ne 0 ]
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
help () {
|
||||||
|
echo " Setup script for the HIRS ACA"
|
||||||
|
echo " Syntax: sh aca_setup.sh [-u|h|sb|sp|--skip-db|--skip-pki]"
|
||||||
|
echo " options:"
|
||||||
|
echo " -p | --path Path to the HIRS_AttestationCAPortal.war file"
|
||||||
|
echo " -h | --help Print this Help."
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
# Process parameters Argument handling
|
||||||
|
POSITIONAL_ARGS=()
|
||||||
|
ORIGINAL_ARGS=("$@")
|
||||||
|
while [[ $# -gt 0 ]]; do
|
||||||
|
case $1 in
|
||||||
|
-p|--path)
|
||||||
|
USE_WAR=YES
|
||||||
|
shift # past argument
|
||||||
|
WAR_PATH=$@
|
||||||
|
shift # past parameter
|
||||||
|
;;
|
||||||
|
-h|--help)
|
||||||
|
help
|
||||||
|
exit 0
|
||||||
|
shift # past argument
|
||||||
|
;;
|
||||||
|
-*|--*)
|
||||||
|
echo "aca_setup.sh: Unknown option $1"
|
||||||
|
help
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
POSITIONAL_ARGS+=("$1") # save positional arg
|
||||||
|
# shift # past argument
|
||||||
|
break
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "${WAR_PATH}" ]; then
|
||||||
|
WAR_PATH="HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war"
|
||||||
|
NOT_USING_RPM=true
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -- "${POSITIONAL_ARGS[@]}" # restore positional parameters
|
||||||
|
|
||||||
source $SCRIPT_DIR/../db/start_mysqld.sh
|
source $SCRIPT_DIR/../db/start_mysqld.sh
|
||||||
|
|
||||||
if [ $ALG = "RSA" ]; then
|
if [ $ALG = "RSA" ]; then
|
||||||
@ -43,10 +87,12 @@ if [ ! -d "$CERT_PATH" ]; then
|
|||||||
exit 1;
|
exit 1;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ $NOT_USING_RPM = true ]; then
|
||||||
if [ ! -f "$GRADLE_WRAPPER" ]; then
|
if [ ! -f "$GRADLE_WRAPPER" ]; then
|
||||||
echo "This script needs to be run from the HIRS top level project directory. Exiting."
|
echo "This script needs to be run from the HIRS top level project directory. Exiting."
|
||||||
exit 1;
|
exit 1;
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Starting HIRS ACA on https://localhost:8443/HIRS_AttestationCAPortal/portal/index"
|
echo "Starting HIRS ACA on https://localhost:8443/HIRS_AttestationCAPortal/portal/index"
|
||||||
|
|
||||||
@ -71,10 +117,11 @@ WEB_TLS_PARAMS="--server.ssl.key-store-password=$hirs_pki_password \
|
|||||||
# uncomment to show spring boot and hibernate properties used as gradle argumanets
|
# uncomment to show spring boot and hibernate properties used as gradle argumanets
|
||||||
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
|
#echo "--args=\"$CONNECTOR_PARAMS $WEB_TLS_PARAMS\""
|
||||||
|
|
||||||
if [ "$USE_WAR" == "war" ]; then
|
if [ -z "$USE_WAR" ]; then
|
||||||
echo "Booting the ACA from a $USE_WAR file..."
|
|
||||||
java -jar HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war $CONNECTOR_PARAMS$WEB_TLS_PARAMS
|
|
||||||
else
|
|
||||||
echo "Booting the ACA from local build..."
|
echo "Booting the ACA from local build..."
|
||||||
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
|
./gradlew bootRun --args="$CONNECTOR_PARAMS$WEB_TLS_PARAMS"
|
||||||
|
else
|
||||||
|
echo "Booting the ACA from a $USE_WAR file..."
|
||||||
|
java -jar $WAR_PATH $CONNECTOR_PARAMS$WEB_TLS_PARAMS &
|
||||||
|
# Note add check for ACA to get started
|
||||||
fi
|
fi
|
||||||
|
@ -28,4 +28,6 @@ popd
|
|||||||
echo "Removing certificates and config files..."
|
echo "Removing certificates and config files..."
|
||||||
rm -rf /etc/hirs
|
rm -rf /etc/hirs
|
||||||
|
|
||||||
|
# Note add check for ACA running and stop the process if it is
|
||||||
|
|
||||||
echo "ACA setup removal complete."
|
echo "ACA setup removal complete."
|
@ -1,35 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
tom_version="10.1.9"
|
|
||||||
tom_maj=$(echo "$tom_version" | cut -d '.' -f 1)
|
|
||||||
CATALINA_HOME=/opt/tomcat/
|
|
||||||
CATALINA_BASE=/opt/tomcat/
|
|
||||||
|
|
||||||
# Check if tomcat already installed
|
|
||||||
if [ -d "/opt/tomcat" ]; then
|
|
||||||
echo "tomcat already installed"
|
|
||||||
else
|
|
||||||
echo "installing $tom_version"
|
|
||||||
pushd /tmp
|
|
||||||
useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
|
|
||||||
dnf install wget -y
|
|
||||||
wget https://downloads.apache.org/tomcat/tomcat-$tom_maj/v$tom_version/bin/apache-tomcat-$tom_version.tar.gz
|
|
||||||
mkdir /opt/tomcat
|
|
||||||
tar -xzf apache-tomcat-$tom_version.tar.gz -C /opt/tomcat --strip-components=1
|
|
||||||
rm apache-tomcat-$tom_version.tar.gz
|
|
||||||
chown -R tomcat: /opt/tomcat
|
|
||||||
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'
|
|
||||||
popd
|
|
||||||
fi
|
|
||||||
if [ -f /.dockerenv ]; then
|
|
||||||
echo "in a container..."
|
|
||||||
sh /opt/tomcat/bin/catalina.sh start
|
|
||||||
else
|
|
||||||
cp /opt/hirs/scripts/aca/tomcat.service /etc/systemd/system/.
|
|
||||||
systemctl daemon-reload
|
|
||||||
systemctl start tomcat
|
|
||||||
systemctl enable tomcat
|
|
||||||
fi
|
|
||||||
if [ $(pgrep -c FirewallD) == "1" ]; then
|
|
||||||
firewall-cmd --add-port=8080/tcp --permanent
|
|
||||||
firewall-cmd --add-port=8443/tcp --permanent
|
|
||||||
fi
|
|
@ -3,7 +3,7 @@ plugins {
|
|||||||
id "java"
|
id "java"
|
||||||
// id "findbugs"
|
// id "findbugs"
|
||||||
// id "checkstyle"
|
// id "checkstyle"
|
||||||
id "nebula.ospackage" version "9.1.1"
|
id "com.netflix.nebula.ospackage" version "11.4.0"
|
||||||
}
|
}
|
||||||
// Get version from main project gradle
|
// Get version from main project gradle
|
||||||
def packVersion = properties.get("packageVersion");
|
def packVersion = properties.get("packageVersion");
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
plugins {
|
plugins {
|
||||||
id "java"
|
id "java"
|
||||||
id "nebula.ospackage" version "9.1.1"
|
id 'com.netflix.nebula.ospackage' version '11.4.0'
|
||||||
id 'com.intershop.gradle.jaxb' version '5.1.0'
|
id 'com.intershop.gradle.jaxb' version '5.1.0'
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user