Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / a86c946c2a96fcfccdb74819a610da054401c69d / . / tools / package / onos-prep-karaf
blob: 45029ead007490a070c9d0b3a2a677ddff8e979b [file] [log] [blame]
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]1#!/bin/bash
2# -----------------------------------------------------------------------------
3# Packages ONOS distributable into onos.tar.gz, onos.zip or a deb file
4# -----------------------------------------------------------------------------
5
Ray Milkeyd84f89b2018-08-17 14:54:17 -0700[diff] [blame]6set -eu -o pipefail
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]7
8OUT=$1
Ray Milkey3f274d92018-09-28 14:23:34 -0700[diff] [blame]9KARAF_TAR=$2
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]10ONOS_VERSION=$3
11BRANDING=$4
Thomas Vachuska9e6432c2018-04-20 22:26:19 -0700[diff] [blame]12KARAF_PATCHES=$5
Daniele Morocc41a942020-02-03 23:33:55 -0800[diff] [blame]13LOG4J2_EXTRA=$6
14SANDBOX=${7:-.}
Thomas Vachuska0f956032018-06-12 10:41:12 -0700[diff] [blame]15
Ray Milkeyda746332020-07-06 11:30:36 -0700[diff] [blame]16KARAF_VERSION="4.2.9"
Heedo Kang611a0652017-09-05 12:26:30 +0900[diff] [blame]17ONOS_SECURITY_MODE="false"
Brian O'Connor92ec2132016-05-03 17:30:25 -0700[diff] [blame]18
Brian O'Connor35007342016-09-13 17:41:16 -0700[diff] [blame]19PREFIX="onos-$ONOS_VERSION"
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]20
21# Unroll the Apache Karaf bits, prune them and make ONOS top-level directories.
22tar xf $KARAF_TAR
23
Yuta HIGUCHI6771ef62017-12-19 11:37:48 -0800[diff] [blame]24# rename path name to match what was distributed with vicci
Ray Milkeyd84f89b2018-08-17 14:54:17 -0700[diff] [blame]25# mv "$(ls -d apache*)" "apache-karaf-$KARAF_VERSION" || true
Yuta HIGUCHI6771ef62017-12-19 11:37:48 -0800[diff] [blame]26
Ray Milkeyd84f89b2018-08-17 14:54:17 -0700[diff] [blame]27#tar xf $KARAF_PATCHES
Thomas Vachuska9e6432c2018-04-20 22:26:19 -0700[diff] [blame]28
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]29# Unroll the Apache Karaf bits, prune them and make ONOS top-level directories.
Charles Chan209edb12020-09-04 19:50:57 -0700[diff] [blame]30export KARAF_DIR=$(ls -d apache*)
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]31rm -rf $KARAF_DIR/demos
32
33# Patch the log-file size in place to increase it to 10 MB
34perl -pi.old -e "s/maxFileSize=1MB/maxFileSize=10MB/g" \
35 $KARAF_DIR/etc/org.ops4j.pax.logging.cfg
36
Andrea Campanelladd54d562020-10-07 16:44:21 +0200[diff] [blame]37# Patch the fileinstall to avoid NPE when filter is null
Andrea Campanella8479dd12020-10-19 10:44:15 +0200[diff] [blame]38echo "felix.fileinstall.filter='\\*.jar'" >> \
Andrea Campanelladd54d562020-10-07 16:44:21 +0200[diff] [blame]39 $KARAF_DIR/etc/org.apache.felix.fileinstall-deploy.cfg
40
Daniele Moroa86c9462021-12-16 18:29:05 +0100[diff] [blame^]41# Patch log4j to mitigate CVE-2021-44228
42# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
43zip -q -d $KARAF_DIR/system/org/ops4j/pax/logging/pax-logging-log4j2/1.11.6/pax-logging-log4j2-1.11.6.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
44
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]45# Patch-in proper Karaf version into the startup script
Charles Chan209edb12020-09-04 19:50:57 -0700[diff] [blame]46perl -pi.bk -e 's/apache-karaf-\$KARAF_VERSION/$ENV{KARAF_DIR}/g' $SANDBOX/bin/onos-service
Ray Milkeyf83e4222018-08-08 07:46:51 -0700[diff] [blame]47
48# hack - need to break the link to the script in the source tree for bazel
Charles Chan209edb12020-09-04 19:50:57 -0700[diff] [blame]49perl -pi.bk -e 's/apache-karaf-\$KARAF_VERSION/$ENV{KARAF_DIR}/g' $SANDBOX/bin/onos
Ray Milkeyf83e4222018-08-08 07:46:51 -0700[diff] [blame]50
Charles Chan209edb12020-09-04 19:50:57 -0700[diff] [blame]51rm -f $SANDBOX/bin/*.bk
Thomas Vachuska0f956032018-06-12 10:41:12 -0700[diff] [blame]52chmod a+x $SANDBOX/bin/onos-service $SANDBOX/bin/onos
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]53
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]54# Patch the Apache Karaf distribution with ONOS branding bundle
Thomas Vachuska8fcd2042018-06-12 12:00:16 -0700[diff] [blame]55cp $BRANDING $KARAF_DIR/lib/onos-tools-package-branding.jar
Brian O'Connor9e1352f2016-04-29 17:13:33 -0700[diff] [blame]56
Brian O'Connor92ec2132016-05-03 17:30:25 -0700[diff] [blame]57# **** Moving karaf to subdirectory ****
58mkdir $PREFIX
59mv $KARAF_DIR $PREFIX
60
61# Stage the ONOS admin scripts and patch in Karaf service wrapper extras
Thomas Vachuska0f956032018-06-12 10:41:12 -0700[diff] [blame]62cp -r $SANDBOX/bin $PREFIX
63cp -r $SANDBOX/runtime/bin/* $PREFIX/bin/
64cp -r $SANDBOX/init $PREFIX
65cp -r $SANDBOX/etc/* $PREFIX/$KARAF_DIR/etc/
Brian O'Connor92ec2132016-05-03 17:30:25 -0700[diff] [blame]66
Daniele Morocc41a942020-02-03 23:33:55 -0800[diff] [blame]67ONOS_VERSION_POINT=$(echo ${ONOS_VERSION} | sed -E 's/-/./')
68
Ray Milkeyd84f89b2018-08-17 14:54:17 -0700[diff] [blame]69# Fix the onos version string in the features config
70sed -i".VERBACK" -E "s/.ONOS_VERSION/${ONOS_VERSION}/" $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
Daniele Morocc41a942020-02-03 23:33:55 -0800[diff] [blame]71# Fix onos version in startup properties
72sed -i".VERBACK" "s/.ONOS_VERSION/${ONOS_VERSION_POINT}/" $PREFIX/$KARAF_DIR/etc/startup.properties
73
74# Add log4j2-extra Bundle
75mkdir -p $PREFIX/$KARAF_DIR/system/org/onosproject/onos-log4j2-extra/$ONOS_VERSION_POINT/
76cp $LOG4J2_EXTRA $PREFIX/$KARAF_DIR/system/org/onosproject/onos-log4j2-extra/$ONOS_VERSION_POINT/onos-log4j2-extra-$ONOS_VERSION_POINT.jar
Ray Milkeyd84f89b2018-08-17 14:54:17 -0700[diff] [blame]77
Heedo Kang611a0652017-09-05 12:26:30 +0900[diff] [blame]78if [ "$ONOS_SECURITY_MODE" = true ]
79then
80 # ONOS Patching ----------------------------------------------------------------
81
82 echo "Enabling security mode ONOS..."
83
84 # SM-ONOS step 1: downgrade felix config admin
85 FELIX_CFG_ADMIN=${FELIX_CFG_ADMIN:-~/Downloads/org.apache.felix.configadmin-1.6.0.jar}
86 if [ ! -f $FELIX_CFG_ADMIN ]; then
87 echo "Downloading $FELIX_CFG_ADMIN..."
88 curl -sL http://archive.apache.org/dist/felix/org.apache.felix.configadmin-1.6.0.jar > $FELIX_CFG_ADMIN
89 fi
90 [ ! -f $FELIX_CFG_ADMIN ] && \
91 echo "Felix config admin not found: $FELIX_CFG_ADMIN" && exit 1
92
93 mkdir -p $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
94 cp $FELIX_CFG_ADMIN $PREFIX/$KARAF_DIR/system/org/apache/felix/org.apache.felix.configadmin/1.6.0
95 perl -pi.old -e "s|org.apache.felix.configadmin/1.8.4|org.apache.felix.configadmin/1.6.0|g" \
96 $PREFIX/$KARAF_DIR/etc/startup.properties
97
98 # SM-ONOS step 2: stage ONOS Felix framework security (this is already done by karaf assembly); end
99
100 # SM-ONOS step 3.1: configure karaf
101 perl -pi.old -e "s|#java.security.policy|java.security.policy|" \
102 $PREFIX/$KARAF_DIR/etc/system.properties
103 perl -pi.old -e "s|#org.osgi.framework.security|org.osgi.framework.security|" \
104 $PREFIX/$KARAF_DIR/etc/system.properties
105
106 # SM-ONOS step 3.2: update featuresBoot
107 export BOOT_FEATURES="onos-security,$BOOT_FEATURES"
108
109 # Patch the Apache Karaf distribution file to load onos security feature
110 perl -pi.old -e "s|^(featuresBoot=).*|\1$BOOT_FEATURES|" \
111 $PREFIX/$KARAF_DIR/etc/org.apache.karaf.features.cfg
112fi
113
Brian O'Connor65c0bdf2016-05-03 18:40:17 -0700[diff] [blame]114zip -q -0 -r $OUT $PREFIX