Security-Mode ONOS BUCK
Change-Id: I72ef80d84665049c738eaa89394b95b699b33b6b
diff --git a/core/security/BUCK b/core/security/BUCK
index c9a6a91..f6b0da3 100644
--- a/core/security/BUCK
+++ b/core/security/BUCK
@@ -1,7 +1,15 @@
+SRC = 'src/main/java/org/onosproject/security/**/'
+TEST = 'src/test/java/org/onosproject/security/**/'
+CURRENT_NAME = 'onos-security'
+CURRENT_TARGET = ':' + CURRENT_NAME
+
+
COMPILE_DEPS = [
'//lib:CORE_DEPS',
'//lib:KRYO',
'//core/store/serializers:onos-core-serializers',
+ '//lib:org.apache.felix.framework.security',
+ '//core/api:onos-api',
]
TEST_DEPS = [
@@ -10,7 +18,16 @@
osgi_jar_with_tests (
name = 'onos-security',
+ srcs = glob([SRC + '/*.java']),
deps = COMPILE_DEPS,
test_deps = TEST_DEPS,
visibility = ['PUBLIC'],
)
+
+java_test(
+ name = 'tests',
+ srcs = glob([TEST + '/*.java']),
+ deps = COMPILE_DEPS +
+ TEST_DEPS +
+ [CURRENT_TARGET],
+)
\ No newline at end of file
diff --git a/features/BUCK b/features/BUCK
index bb87afc..7291d53 100644
--- a/features/BUCK
+++ b/features/BUCK
@@ -133,14 +133,13 @@
]
)
-#FIXME
-# osgi_feature (
-# name = 'onos-security',
-# title="Security-Mode ONOS",
-# required_features = ['onos-api'],
-# included_bundles = [
-# 'org.onosproject/org.apache.felix.framework.security/2.2.0.onos',
-# 'org.onosproject/onos-security/@ONOS-VERSION',
-# ]
-# )
+osgi_feature (
+ name = 'onos-security',
+ title="Security-Mode ONOS",
+ required_features = ['onos-api'],
+ included_bundles = [
+ '//lib:org.apache.felix.framework.security',
+ '//core/security:onos-security',
+ ]
+)
diff --git a/lib/BUCK b/lib/BUCK
index 0c7ecc1..26a65cb 100644
--- a/lib/BUCK
+++ b/lib/BUCK
@@ -1,4 +1,4 @@
-# ***** This file was auto-generated at Tue, 17 Oct 2017 22:57:24 GMT. Do not edit this file manually. *****
+# ***** This file was auto-generated at Tue, 31 Oct 2017 16:53:55 GMT. Do not edit this file manually. *****
# ***** Use onos-lib-gen *****
pass_thru_pom(
@@ -928,6 +928,15 @@
)
remote_jar (
+ name = 'org.apache.felix.framework.security',
+ out = 'org.apache.felix.framework.security-2.2.0.onos.jar',
+ url = 'mvn:org.onosproject:org.apache.felix.framework.security:jar:2.2.0.onos',
+ sha1 = '5d39a4ff4a5d3daec8c404789d398c780151de8c',
+ maven_coords = 'org.onosproject:org.apache.felix.framework.security:2.2.0.onos',
+ visibility = [ 'PUBLIC' ],
+)
+
+remote_jar (
name = 'org.apache.felix.scr',
out = 'org.apache.felix.scr-1.8.2.jar',
url = 'mvn:org.apache.felix:org.apache.felix.scr:jar:1.8.2',
diff --git a/lib/deps.json b/lib/deps.json
index bb05865..7685db0 100644
--- a/lib/deps.json
+++ b/lib/deps.json
@@ -199,6 +199,7 @@
"netty-codec-http": "mvn:io.netty:netty-codec-http:4.1.8.Final",
"objenesis": "mvn:org.objenesis:objenesis:2.2",
"openflowj": "mvn:org.onosproject:openflowj:3.2.0.onos",
+ "org.apache.felix.framework.security": "mvn:org.onosproject:org.apache.felix.framework.security:jar:2.2.0.onos",
"org.apache.felix.scr": "mvn:org.apache.felix:org.apache.felix.scr:1.8.2",
"org.apache.felix.scr.annotations": "mvn:org.apache.felix:org.apache.felix.scr.annotations:1.9.12",
"org.apache.karaf.features.core": "mvn:org.apache.karaf.features:org.apache.karaf.features.core:3.0.8",
diff --git a/tools/package/BUCK b/tools/package/BUCK
index 8f429c9..05fefcb 100644
--- a/tools/package/BUCK
+++ b/tools/package/BUCK
@@ -10,7 +10,7 @@
'//features:onos-rest',
'//features:onos-gui',
'//features:onos-cli',
-#'//features:onos-security',
+ '//features:onos-security',
]
#TODO move to buck-tools
diff --git a/tools/package/onos-prep-karaf b/tools/package/onos-prep-karaf
index a6ab98f..ed89fb2 100755
--- a/tools/package/onos-prep-karaf
+++ b/tools/package/onos-prep-karaf
@@ -11,6 +11,7 @@
BRANDING=$4
#FIXME karaf version
KARAF_VERSION="3.0.8"
+ONOS_SECURITY_MODE="false"
PREFIX="onos-$ONOS_VERSION"
@@ -31,8 +32,6 @@
chmod a+x bin/onos-service bin/onos
export BOOT_FEATURES="standard,ssh,scr,war,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
-#FIXME
-#[ "$ONOS_SECURITY_MODE" = true ] && enable_security_mode
# Patch the Apache Karaf distribution file to add ONOS features repository
perl -pi.old -e "s|^(featuresRepositories=).*|\1mvn:org.apache.karaf.features/standard/$KARAF_VERSION/xml/features,mvn:org.onosproject/onos-features/$ONOS_VERSION/xml/features|" \
@@ -56,45 +55,40 @@
cp -r init $PREFIX
cp -r etc/* $PREFIX/$KARAF_DIR/etc/
+if [ "$ONOS_SECURITY_MODE" = true ]
+then
+ # ONOS Patching ----------------------------------------------------------------
+
+ echo "Enabling security mode ONOS..."
+
+ # SM-ONOS step 1: downgrade felix config admin
+ FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+ if [ ! -f $FELIX_CFG_ADMIN ]; then
+ echo "Downloading $FELIX_CFG_ADMIN..."
+ curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+ fi
+ [ ! -f $FELIX_CFG_ADMIN ] && \
+ echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+
+ mkdir -p $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+ cp $FELIX_CFG_ADMIN $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+ perl -pi.old -e "s|org.apache.felix.configadmin/1.8.4|org.apache.felix.configadmin/1.6.0|g" \
+ $PREFIX/$KARAF_DIR/etc/startup.properties
+
+ # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
+
+ # SM-ONOS step 3.1: configure karaf
+ perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+ $PREFIX/$KARAF_DIR/etc/system.properties
+ perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+ $PREFIX/$KARAF_DIR/etc/system.properties
+
+ # SM-ONOS step 3.2: update featuresBoot
+ export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+
+ # Patch the Apache Karaf distribution file to load onos security feature
+ perl -pi.old -e "s|^(featuresBoot=).*|\1$BOOT_FEATURES|" \
+ $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
+fi
+
zip -q -0 -r $OUT $PREFIX
-
-#FIXME
-# Stage all builtin ONOS apps for factory install
-#onos-stage-apps $ONOS_STAGE/apps $ONOS_STAGE/$KARAF_DIST/system
-# Mark the org.onosproject.drivers app active by default
-#touch $ONOS_STAGE/apps/org.onosproject.drivers/active
-
-# copy in features and repos
-# Patch in the ONOS version file
-#echo $ONOS_VERSION > $ONOS_STAGE/VERSION
-
-
-#function enable_security_mode() {
-# echo "Enabling security mode ONOS..."
-#
-# # SM-ONOS step 1: downgrade felix config admin
-# FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
-# if [ ! -f $FELIX_CFG_ADMIN ]; then
-# echo "Downloading $FELIX_CFG_ADMIN..."
-# curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
-# fi
-# [ ! -f $FELIX_CFG_ADMIN ] && \
-# echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
-#
-# mkdir -p $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
-# cp $FELIX_CFG_ADMIN $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
-# perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
-# $ONOS_STAGE/$KARAF_DIST/etc/startup.properties
-#
-# # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
-#
-# # SM-ONOS step 3.1: configure karaf
-# perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
-# $ONOS_STAGE/$KARAF_DIST/etc/system.properties
-# perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
-# $ONOS_STAGE/$KARAF_DIST/etc/system.properties
-#
-# # SM-ONOS step 3.2: update featuresBoot
-# export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
-#}
-