Skip to content

Commit

Permalink
Merge pull request #586 from nsacyber/v3_issue_578-rpm_update
Browse files Browse the repository at this point in the history
Update ACA RPM to use executable war
  • Loading branch information
cyrus-dev authored Sep 20, 2023
2 parents 6df3ef9 + 9998fa7 commit 37cbb78
Show file tree
Hide file tree
Showing 21 changed files with 454 additions and 1,003 deletions.
25 changes: 14 additions & 11 deletions .ci/docker/Dockerfile.rocky
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
FROM rockylinux:8.6

# Install packages for installing HIRS ACA
#RUN yum -y update && yum clean all
SHELL ["/bin/bash", "-c"]

# Update and install OS-dependencies
RUN dnf update -y

# Install Java 8
RUN dnf install java-1.8.0-openjdk-headless.x86_64 -y
# Install Java
RUN dnf -y install java-17-openjdk-devel -y

# Install Tomcat
RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
RUN dnf install wget -y
RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
RUN mkdir /opt/tomcat
RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1
#RUN useradd -r -d /opt/tomcat/ -s /bin/false -c "Tomcat User" tomcat
#RUN dnf install wget -y
#RUN wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.1/bin/apache-tomcat-10.1.1.tar.gz
#RUN mkdir /opt/tomcat
#RUN tar -xzf apache-tomcat-10.1.1.tar.gz -C /opt/tomcat --strip-components=1

# Install HIRS dependencies
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ && yum clean all
RUN dnf install -y openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all
RUN dnf install -y mariadb-server rpmdevtools initscripts firewalld policycoreutils net-tools libtool cmake make git gcc-c++ cronie && yum clean all
RUN dnf install -y wget openssl openssl-devel protobuf tpm2-tss-devel tpm2-abrmd libcurl-devel libssh-devel && yum clean all

# Install PACCOR for Device Info Gathering
RUN mkdir paccor && pushd paccor && wget https://github.com/nsacyber/paccor/releases/download/v1.1.4r2/paccor-1.1.4-2.noarch.rpm && yum -y install paccor-*.rpm && popd
Expand All @@ -33,3 +34,5 @@ RUN dnf -y install packages-microsoft-prod.rpm
RUN dnf makecache
RUN dnf -y install dotnet-sdk-6.0
RUN dotnet tool install --global dotnet-rpm

EXPOSE 8443
100 changes: 18 additions & 82 deletions HIRS_AttestationCAPortal/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ plugins {
id 'application'
id 'java'
id 'war'
id "nebula.ospackage" version "9.1.1"
id 'com.netflix.nebula.ospackage' version '11.4.0'
id 'org.springframework.boot' version '3.0.6'
id 'io.spring.dependency-management' version '1.1.0'
}
Expand Down Expand Up @@ -60,14 +60,6 @@ dependencies {
testImplementation libs.testng
}

war {
from(buildDir) {
include 'VERSION'
into 'WEB-INF/classes'
}
archiveFileName = 'HIRS_AttestationCAPortal.war'
}

ospackage {
packageName = 'HIRS_AttestationCA'
os = LINUX
Expand All @@ -78,85 +70,30 @@ ospackage {
user 'root'
fileMode = 0755

def tpath="/opt"

addParentDirs = true
createDirectoryEntry true

preInstall "rm -rf /opt/hirs/default-properties"
preInstall "mkdir -p /opt/hirs/default-properties/"
preInstall "mkdir -p /tmp/hirs/default-properties/"

// Setup /etc/hirs
into ('/etc/hirs/aca/') {
from '../HIRS_AttestationCA/src/main/resources/defaults.properties'
rename {'aca.properties'}
}
into ('/etc/hirs/') {
from '../HIRS_Utils/src/main/resources/banner.properties'
from '../HIRS_Utils/src/main/resources/persistence.properties'
from '../HIRS_Utils/src/main/resources/logging.properties'
}
// Setup tomcat files
// Create and package HIRS_AttestationCA:war
into ("${tpath}/tomcat/webapps") {
from war.outputs.files
from '../HIRS_AttestationCA/build/libs/HIRS_AttestationCA.war'
user 'root'
fileMode = 0755
}
into ("${tpath}/tomcat/lib") {
from 'libs'
from configurations.runtimeClasspath
}
into ("/opt/hirs/scripts/aca/") {
from '../package/conf/tomcat.service'
from '../package/scripts/install_tomcat.sh'
from '../package/scripts/aca/aca_property_setup.sh'
from '../package/scripts/aca/aca_setup.sh'
// copy setup scripts to /opt/hirs/aca
into ('/opt/hirs/aca/scripts/') {
from '../package/scripts/'
}
into ("/opt/hirs/scripts/pki/") {
from '../package/scripts/pki/ca.conf'
from '../package/scripts/pki/pki_setup.sh'
from '../package/scripts/pki/pki_chain_gen.sh'
// copy the war file into /opt/hirs/aca
into ('/opt/hirs/aca/') {
from '../HIRS_AttestationCAPortal/build/libs/HIRS_AttestationCAPortal.war'
user 'root'
fileMode = 0755
}
into ("/opt/hirs/scripts/db/") {
from '../package/scripts/db/db_create.sh'
from '../package/scripts/db/db_create.sql'
from '../package/scripts/db/db_drop.sh'
from '../package/scripts/db/db_drop.sql'
from '../package/scripts/db/secure_mysql.sql'
}
into ("/opt/hirs/scripts/common") {
from '../package/scripts/common/'
}
into ('/opt/hirs/extras/aca/') {
from '../package/extras/aca/'
}

// Copy json files to /tmp and move into /opt/hirs in postInstall section
// Allows HIRS tools to be installed using the same files
into ('/tmp/aca/default-properties/') {
from '../HIRS_AttestationCA/src/main/resources/vendor-table.json'
from '../HIRS_AttestationCA/src/main/resources/component-class.json'
}
// Post Install

postInstall file('../package/scripts/db/db_create.sh')
postInstall file('../package/scripts/pki/pki_setup.sh')

postInstall 'mkdir -p /etc/hirs/aca/certificates'
postInstall 'cp /tmp/aca/default-properties/* /opt/hirs/default-properties/.'
postInstall 'rm -rf /tmp/aca/'
// postInstall file('../package/scripts/install_tomcat.sh')
// Post Install
postInstall 'sh /opt/hirs/aca/scripts/aca/aca_setup.sh -u'
// add chrontab to run ACA at boot
postInstall 'echo "@reboot root /opt/hirs/aca/scripts/aca/aca_bootRun.sh -w" >> /etc/crontab'
// run ACA after install
postInstall '/opt/hirs/aca/scripts/aca/aca_bootRun.sh -w'
postInstall 'chmod +x /opt/hirs/aca/scripts/aca/*'

postInstall 'sh /opt/tomcat/bin/catalina.sh start'

// Post Uninstall
// Copy files to /tmp that package manager will be expecting them there
preUninstall 'mkdir -p /tmp/aca/default-properties/'
preUninstall 'cp -f /opt/hirs/default-properties/* /tmp/aca/default-properties/.'
preUninstall file('../package/scripts/db/db_drop.sh')
// Uninstall
preUninstall 'sh /opt/hirs/aca/scripts/aca/aca_remove_setup.sh'

buildRpm {
arch = X86_64
Expand All @@ -165,5 +102,4 @@ ospackage {
buildDeb {
arch = 'amd64'
}

}
Binary file modified gradle/wrapper/gradle-wrapper.jar
Binary file not shown.
4 changes: 2 additions & 2 deletions gradle/wrapper/gradle-wrapper.properties
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#Thu Feb 15 13:18:16 EST 2018
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
Loading

0 comments on commit 37cbb78

Please sign in to comment.