blob: 45029ead007490a070c9d0b3a2a677ddff8e979b [file] [log] [blame]
#!/bin/bash
# -----------------------------------------------------------------------------
# Packages ONOS distributable into onos.tar.gz, onos.zip or a deb file
# -----------------------------------------------------------------------------
set -eu -o pipefail
OUT=$1
KARAF_TAR=$2
ONOS_VERSION=$3
BRANDING=$4
KARAF_PATCHES=$5
LOG4J2_EXTRA=$6
SANDBOX=${7:-.}
KARAF_VERSION="4.2.9"
ONOS_SECURITY_MODE="false"
PREFIX="onos-$ONOS_VERSION"
# Unroll the Apache Karaf bits, prune them and make ONOS top-level directories.
tar xf $KARAF_TAR
# rename path name to match what was distributed with vicci
# mv "$(ls -d apache*)" "apache-karaf-$KARAF_VERSION" || true
#tar xf $KARAF_PATCHES
# Unroll the Apache Karaf bits, prune them and make ONOS top-level directories.
export KARAF_DIR=$(ls -d apache*)
rm -rf $KARAF_DIR/demos
# Patch the log-file size in place to increase it to 10 MB
perl -pi.old -e "s/maxFileSize=1MB/maxFileSize=10MB/g" \
$KARAF_DIR/etc/org.ops4j.pax.logging.cfg
# Patch the fileinstall to avoid NPE when filter is null
echo "felix.fileinstall.filter='\\*.jar'" >> \
$KARAF_DIR/etc/org.apache.felix.fileinstall-deploy.cfg
# Patch log4j to mitigate CVE-2021-44228
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
zip -q -d $KARAF_DIR/system/org/ops4j/pax/logging/pax-logging-log4j2/1.11.6/pax-logging-log4j2-1.11.6.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
# Patch-in proper Karaf version into the startup script
perl -pi.bk -e 's/apache-karaf-\$KARAF_VERSION/$ENV{KARAF_DIR}/g' $SANDBOX/bin/onos-service
# hack - need to break the link to the script in the source tree for bazel
perl -pi.bk -e 's/apache-karaf-\$KARAF_VERSION/$ENV{KARAF_DIR}/g' $SANDBOX/bin/onos
rm -f $SANDBOX/bin/*.bk
chmod a+x $SANDBOX/bin/onos-service $SANDBOX/bin/onos
# Patch the Apache Karaf distribution with ONOS branding bundle
cp $BRANDING $KARAF_DIR/lib/onos-tools-package-branding.jar
# **** Moving karaf to subdirectory ****
mkdir $PREFIX
mv $KARAF_DIR $PREFIX
# Stage the ONOS admin scripts and patch in Karaf service wrapper extras
cp -r $SANDBOX/bin $PREFIX
cp -r $SANDBOX/runtime/bin/* $PREFIX/bin/
cp -r $SANDBOX/init $PREFIX
cp -r $SANDBOX/etc/* $PREFIX/$KARAF_DIR/etc/
ONOS_VERSION_POINT=$(echo ${ONOS_VERSION} | sed -E 's/-/./')
# Fix the onos version string in the features config
sed -i".VERBACK" -E "s/.ONOS_VERSION/${ONOS_VERSION}/" $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
# Fix onos version in startup properties
sed -i".VERBACK" "s/.ONOS_VERSION/${ONOS_VERSION_POINT}/" $PREFIX/$KARAF_DIR/etc/startup.properties
# Add log4j2-extra Bundle
mkdir -p $PREFIX/$KARAF_DIR/system/org/onosproject/onos-log4j2-extra/$ONOS_VERSION_POINT/
cp $LOG4J2_EXTRA $PREFIX/$KARAF_DIR/system/org/onosproject/onos-log4j2-extra/$ONOS_VERSION_POINT/onos-log4j2-extra-$ONOS_VERSION_POINT.jar
if [ "$ONOS_SECURITY_MODE" = true ]
then
# ONOS Patching ----------------------------------------------------------------
echo "Enabling security mode ONOS..."
# SM-ONOS step 1: downgrade felix config admin
FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
if [ ! -f $FELIX_CFG_ADMIN ]; then
echo "Downloading $FELIX_CFG_ADMIN..."
curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
fi
[ ! -f $FELIX_CFG_ADMIN ] && \
echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
mkdir -p $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
cp $FELIX_CFG_ADMIN $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
perl -pi.old -e "s|org.apache.felix.configadmin/1.8.4|org.apache.felix.configadmin/1.6.0|g" \
$PREFIX/$KARAF_DIR/etc/startup.properties
# SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
# SM-ONOS step 3.1: configure karaf
perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
$PREFIX/$KARAF_DIR/etc/system.properties
perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
$PREFIX/$KARAF_DIR/etc/system.properties
# SM-ONOS step 3.2: update featuresBoot
export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
# Patch the Apache Karaf distribution file to load onos security feature
perl -pi.old -e "s|^(featuresBoot=).*|\1$BOOT_FEATURES|" \
$PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
fi
zip -q -0 -r $OUT $PREFIX