| #!/bin/bash |
| # ----------------------------------------------------------------------------- |
| # Packages ONOS distributable into onos.tar.gz, onos.zip or a deb file |
| # ----------------------------------------------------------------------------- |
| |
| set -eu -o pipefail |
| |
| OUT=$1 |
| KARAF_TAR=$2 |
| ONOS_VERSION=$3 |
| BRANDING=$4 |
| KARAF_PATCHES=$5 |
| LOG4J2_EXTRA=$6 |
| SANDBOX=${7:-.} |
| |
| KARAF_VERSION="4.2.9" |
| ONOS_SECURITY_MODE="false" |
| |
| PREFIX="onos-$ONOS_VERSION" |
| |
| # Unroll the Apache Karaf bits, prune them and make ONOS top-level directories. |
| tar xf $KARAF_TAR |
| |
| # rename path name to match what was distributed with vicci |
| # mv "$(ls -d apache*)" "apache-karaf-$KARAF_VERSION" || true |
| |
| #tar xf $KARAF_PATCHES |
| |
| # Unroll the Apache Karaf bits, prune them and make ONOS top-level directories. |
| export KARAF_DIR=$(ls -d apache*) |
| rm -rf $KARAF_DIR/demos |
| |
| # Patch the log-file size in place to increase it to 10 MB |
| perl -pi.old -e "s/maxFileSize=1MB/maxFileSize=10MB/g" \ |
| $KARAF_DIR/etc/org.ops4j.pax.logging.cfg |
| |
| # Patch the fileinstall to avoid NPE when filter is null |
| echo "felix.fileinstall.filter='\\*.jar'" >> \ |
| $KARAF_DIR/etc/org.apache.felix.fileinstall-deploy.cfg |
| |
| # Patch log4j to mitigate CVE-2021-44228 |
| # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228 |
| zip -q -d $KARAF_DIR/system/org/ops4j/pax/logging/pax-logging-log4j2/1.11.6/pax-logging-log4j2-1.11.6.jar org/apache/logging/log4j/core/lookup/JndiLookup.class |
| |
| # Patch-in proper Karaf version into the startup script |
| perl -pi.bk -e 's/apache-karaf-\$KARAF_VERSION/$ENV{KARAF_DIR}/g' $SANDBOX/bin/onos-service |
| |
| # hack - need to break the link to the script in the source tree for bazel |
| perl -pi.bk -e 's/apache-karaf-\$KARAF_VERSION/$ENV{KARAF_DIR}/g' $SANDBOX/bin/onos |
| |
| rm -f $SANDBOX/bin/*.bk |
| chmod a+x $SANDBOX/bin/onos-service $SANDBOX/bin/onos |
| |
| # Patch the Apache Karaf distribution with ONOS branding bundle |
| cp $BRANDING $KARAF_DIR/lib/onos-tools-package-branding.jar |
| |
| # **** Moving karaf to subdirectory **** |
| mkdir $PREFIX |
| mv $KARAF_DIR $PREFIX |
| |
| # Stage the ONOS admin scripts and patch in Karaf service wrapper extras |
| cp -r $SANDBOX/bin $PREFIX |
| cp -r $SANDBOX/runtime/bin/* $PREFIX/bin/ |
| cp -r $SANDBOX/init $PREFIX |
| cp -r $SANDBOX/etc/* $PREFIX/$KARAF_DIR/etc/ |
| |
| ONOS_VERSION_POINT=$(echo ${ONOS_VERSION} | sed -E 's/-/./') |
| |
| # Fix the onos version string in the features config |
| sed -i".VERBACK" -E "s/.ONOS_VERSION/${ONOS_VERSION}/" $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg |
| # Fix onos version in startup properties |
| sed -i".VERBACK" "s/.ONOS_VERSION/${ONOS_VERSION_POINT}/" $PREFIX/$KARAF_DIR/etc/startup.properties |
| |
| # Add log4j2-extra Bundle |
| mkdir -p $PREFIX/$KARAF_DIR/system/org/onosproject/onos-log4j2-extra/$ONOS_VERSION_POINT/ |
| cp $LOG4J2_EXTRA $PREFIX/$KARAF_DIR/system/org/onosproject/onos-log4j2-extra/$ONOS_VERSION_POINT/onos-log4j2-extra-$ONOS_VERSION_POINT.jar |
| |
| if [ "$ONOS_SECURITY_MODE" = true ] |
| then |
| # ONOS Patching ---------------------------------------------------------------- |
| |
| echo "Enabling security mode ONOS..." |
| |
| # SM-ONOS step 1: downgrade felix config admin |
| FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar} |
| if [ ! -f $FELIX_CFG_ADMIN ]; then |
| echo "Downloading $FELIX_CFG_ADMIN..." |
| curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN |
| fi |
| [ ! -f $FELIX_CFG_ADMIN ] && \ |
| echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1 |
| |
| mkdir -p $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0 |
| cp $FELIX_CFG_ADMIN $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0 |
| perl -pi.old -e "s|org.apache.felix.configadmin/1.8.4|org.apache.felix.configadmin/1.6.0|g" \ |
| $PREFIX/$KARAF_DIR/etc/startup.properties |
| |
| # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end |
| |
| # SM-ONOS step 3.1: configure karaf |
| perl -pi.old -e "s|#java.security.policy|java.security.policy|" \ |
| $PREFIX/$KARAF_DIR/etc/system.properties |
| perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \ |
| $PREFIX/$KARAF_DIR/etc/system.properties |
| |
| # SM-ONOS step 3.2: update featuresBoot |
| export BOOT_FEATURES="onos-security,$BOOT_FEATURES" |
| |
| # Patch the Apache Karaf distribution file to load onos security feature |
| perl -pi.old -e "s|^(featuresBoot=).*|\1$BOOT_FEATURES|" \ |
| $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg |
| fi |
| |
| zip -q -0 -r $OUT $PREFIX |