onos-package updates for sm-onos

Change-Id: I14e83645361b3ec12cb8b065f10e7db45008bd43
diff --git a/tools/build/onos-package b/tools/build/onos-package
index e7f2cbe..ce8d985 100755
--- a/tools/build/onos-package
+++ b/tools/build/onos-package
@@ -72,12 +72,15 @@
 
     # ONOS Patching ----------------------------------------------------------------
 
+    export BOOT_FEATURES="webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
+
+    [ "$ONOS_SECURITY_MODE" = true ] && enable_security_mode
+
     # Patch the Apache Karaf distribution file to add ONOS features repository
     perl -pi.old -e "s|^(featuresRepositories=.*)|\1,mvn:org.onosproject/onos-features/$ONOS_POM_VERSION/xml/features|" \
         $ONOS_STAGE/$KARAF_DIST/etc/org.apache.karaf.features.cfg
 
     # Patch the Apache Karaf distribution file to load default ONOS boot features
-    export BOOT_FEATURES="webconsole,onos-api,onos-core,onos-incubator,onos-cli,onos-rest,onos-gui"
     perl -pi.old -e "s|^(featuresBoot=.*)|\1,$BOOT_FEATURES|" \
         $ONOS_STAGE/$KARAF_DIST/etc/org.apache.karaf.features.cfg
 
@@ -89,19 +92,49 @@
     echo $ONOS_VERSION > $ONOS_STAGE/VERSION
 }
 
-function build_compressed_package() {
-    # Package up the ONOS tar file
+function clean_stage_dir() {
+    [ -d "$ONOS_STAGE" ] && rm -r $ONOS_STAGE || :
+}
+
+function enable_security_mode() {
+    echo "Enabling security mode ONOS..."
+
+    # SM-ONOS step 1: downgrade felix config admin
+    FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
+    if [ ! -f $FELIX_CFG_ADMIN ]; then
+        echo "Downloading $FELIX_CFG_ADMIN..."
+        curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
+    fi
+    [ ! -f $FELIX_CFG_ADMIN ] && \
+        echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
+
+    mkdir -p $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    cp $FELIX_CFG_ADMIN $ONOS_STAGE/$KARAF_DIST/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
+    perl -pi.old -e "s|org.apache.felix.configadmin/1.8.0|org.apache.felix.configadmin/1.6.0|g" \
+        $ONOS_STAGE/$KARAF_DIST/etc/startup.properties
+
+    # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
+
+    # SM-ONOS step 3.1: configure karaf
+    perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
+        $ONOS_STAGE/$KARAF_DIST/etc/system.properties
+    perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
+        $ONOS_STAGE/$KARAF_DIST/etc/system.properties
+
+    # SM-ONOS step 3.2: update featuresBoot
+    export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
+}
+
+function build_compressed_zip() {
     cd $ONOS_STAGE_ROOT
-    rm -f $ONOS_TAR $ONOS_ZIP
-    COPYFILE_DISABLE=1 tar zcf $ONOS_TAR $ONOS_BITS
+    rm -f $ONOS_ZIP
+    which zip >/dev/null && zip -rq $ONOS_ZIP $ONOS_BITS && ls -lh $ONOS_ZIP
+}
 
-    # Figure out whether we should build ONOS zip file and if so, build it.
-    which zip >/dev/null && [ -z "$ONOS_TAR_ONLY" ] && buildZip=true || unset buildZip
-    [ -n "$buildZip" ] && zip -rq $ONOS_ZIP $ONOS_BITS
-
-    # Report on the archives that were built and clean-up
-    [ -n "$buildZip" ] && ls -lh $ONOS_TAR $ONOS_ZIP || ls -lh $ONOS_TAR
-    rm -r $ONOS_STAGE
+function build_compressed_tar() {
+    cd $ONOS_STAGE_ROOT
+    rm -f $ONOS_TAR
+    COPYFILE_DISABLE=1 tar zcf $ONOS_TAR $ONOS_BITS && ls -lh $ONOS_TAR
 }
 
 # Build a DEB package
@@ -162,25 +195,44 @@
 # Bail on any errors
 set -e
 
+[[ $# == 0 ]] && ONOS_PACKAGE_TAR_arg=true
+while [[ $# > 0 ]]; do
+case $1 in
+    -t|--tar)
+        ONOS_PACKAGE_TAR_arg=true
+    ;;
+    -z|--zip)
+        ONOS_PACKAGE_ZIP_arg=true
+    ;;
+    -d|--deb)
+        ONOS_PACKAGE_DEB_arg=true
+    ;;
+    -r|--rpm)
+        ONOS_PACKAGE_RPM_arg=true
+    ;;
+    -s|--secure)
+        ONOS_SECURITY_MODE=true
+    ;;
+    *)
+       # unknown option
+       echo "Unknown options: $1"
+       echo "usage: $(basename $0) [--tar] [--zip] [--deb] [--rpm] [--secure]" >&2 && exit 1
+    ;;
+esac
+shift
+done
+
 # Run karaf assembly to collect artifacts for off-line installations.
 aux=/tmp/assembly-$$.log
 trap "rm -f $aux 2>/dev/null" EXIT
 cd $ONOS_ROOT/tools/package/karaf-assembly && mvn clean install > $aux 2>&1
 
 # Before starting make sure the environment is clan - delete onos staging folder
-rm -fr $ONOS_STAGE
+clean_stage_dir
 
-# If there are parameters check if we want to build a deb - otherwise build tar.gz
-case ${1:---tar} in
-    "--tar" | "-T") build_stage_dir
-                    build_compressed_package
-    ;;
-    "--deb" | "-D") build_stage_dir
-                    build_deb
-    ;;
-    "--rpm" | "-R") build_stage_dir
-                    build_rpm
-    ;;
-    *) echo "usage: $(basename $0) [--tar|--deb|--rpm]" >&2 && exit 1
-    ;;
-esac
+build_stage_dir
+[ "$ONOS_PACKAGE_TAR_arg" = true ] && build_compressed_tar
+[ "$ONOS_PACKAGE_ZIP_arg" = true ] && build_compressed_zip
+[ "$ONOS_PACKAGE_DEB_arg" = true ] && build_deb
+[ "$ONOS_PACKAGE_RPM_arg" = true ] && build_rpm
+clean_stage_dir