Security-Mode ONOS BUCK Change-Id: I72ef80d84665049c738eaa89394b95b699b33b6b

commit: 611a065631c43c43a5b3a1f297d3bd7041be46c5 [log] [tgz]
author: Heedo Kang <kangheedo@kaist.ac.kr> Tue Sep 05 12:26:30 2017 +0900
committer: Ray Milkey <ray@opennetworking.org> Tue Oct 31 09:58:50 2017 -0700
tree: e074a2a60e0771a92cd5b1beaf94361da126c7db
parent: 62bac080a303075792a329a23aebd139440c6a80 [diff] [blame]
diff --git a/tools/package/onos-prep-karaf b/tools/package/onos-prep-karaf
index a6ab98f..ed89fb2 100755
--- a/tools/package/onos-prep-karaf
+++ b/tools/package/onos-prep-karaf

@@ -11,6 +11,7 @@
 BRANDING=$4
 #FIXME karaf version
 KARAF_VERSION="3.0.8"
+ONOS_SECURITY_MODE="false"
 
 PREFIX="onos-$ONOS_VERSION"
 
@@ -31,8 +32,6 @@
 chmod a+x bin/onos-service bin/onos
 
 export BOOT_FEATURES="standard,ssh,scr,war,webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
-#FIXME
-#[ "$ONOS_SECURITY_MODE" = true ] && enable_security_mode
 
 # Patch the Apache Karaf distribution file to add ONOS features repository
 perl -pi.old -e "s|^(featuresRepositories=).*|\1mvn:org.apache.karaf.features/standard/$KARAF_VERSION/xml/features,mvn:org.onosproject/onos-features/$ONOS_VERSION/xml/features|" \
@@ -56,45 +55,40 @@
 cp -r init $PREFIX
 cp -r etc/* $PREFIX/$KARAF_DIR/etc/
 
+if [ "$ONOS_SECURITY_MODE" = true ]
+then
+    # ONOS Patching ----------------------------------------------------------------
+
+    echo "Enabling security mode ONOS..."
+
+    # SM-ONOS step 1: downgrade felix config admin
+    FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+    if [ ! -f $FELIX_CFG_ADMIN ]; then
+        echo "Downloading $FELIX_CFG_ADMIN..."
+        curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+    fi
+    [ ! -f $FELIX_CFG_ADMIN ] && \
+        echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+
+    mkdir -p $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    cp $FELIX_CFG_ADMIN $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    perl -pi.old -e "s|org.apache.felix.configadmin/1.8.4|org.apache.felix.configadmin/1.6.0|g" \
+        $PREFIX/$KARAF_DIR/etc/startup.properties
+
+    # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
+
+    # SM-ONOS step 3.1: configure karaf
+    perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+        $PREFIX/$KARAF_DIR/etc/system.properties
+    perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+        $PREFIX/$KARAF_DIR/etc/system.properties
+
+    # SM-ONOS step 3.2: update featuresBoot
+    export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+
+    # Patch the Apache Karaf distribution file to load onos security feature
+    perl -pi.old -e "s|^(featuresBoot=).*|\1$BOOT_FEATURES|" \
+        $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
+fi
+
 zip -q -0 -r $OUT $PREFIX
-
-#FIXME
-# Stage all builtin ONOS apps for factory install
-#onos-stage-apps $ONOS_STAGE/apps $ONOS_STAGE/$KARAF_DIST/system
-# Mark the org.onosproject.drivers app active by default
-#touch $ONOS_STAGE/apps/org.onosproject.drivers/active
-
-# copy in features and repos
-# Patch in the ONOS version file
-#echo $ONOS_VERSION > $ONOS_STAGE/VERSION
-
-
-#function enable_security_mode() {
-#    echo "Enabling security mode ONOS..."
-#
-#    # SM-ONOS step 1: downgrade felix config admin
-#    FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
-#    if [ ! -f $FELIX_CFG_ADMIN ]; then
-#        echo "Downloading $FELIX_CFG_ADMIN..."
-#        curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
-#    fi
-#    [ ! -f $FELIX_CFG_ADMIN ] && \
-#        echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
-#
-#    mkdir -p $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
-#    cp $FELIX_CFG_ADMIN $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
-#    perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
-#        $ONOS_STAGE/$KARAF_DIST/etc/startup.properties
-#
-#    # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
-#
-#    # SM-ONOS step 3.1: configure karaf
-#    perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
-#        $ONOS_STAGE/$KARAF_DIST/etc/system.properties
-#    perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
-#        $ONOS_STAGE/$KARAF_DIST/etc/system.properties
-#
-#    # SM-ONOS step 3.2: update featuresBoot
-#    export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
-#}
-
commit	611a065631c43c43a5b3a1f297d3bd7041be46c5	[log] [tgz]
author	Heedo Kang <kangheedo@kaist.ac.kr>	Tue Sep 05 12:26:30 2017 +0900
committer	Ray Milkey <ray@opennetworking.org>	Tue Oct 31 09:58:50 2017 -0700
tree	e074a2a60e0771a92cd5b1beaf94361da126c7db
parent	62bac080a303075792a329a23aebd139440c6a80 [diff] [blame]