Indexer v1 package SPECs

stack/indexer/deb/build_package.sh

@@ -0,0 +1,154 @@
+#!/bin/bash
+
+# Wazuh package generator
+# Copyright (C) 2015-2021, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+CURRENT_PATH="$( cd $(dirname $0) ; pwd -P )"
+ARCHITECTURE="amd64"
+OUTDIR="${CURRENT_PATH}/output"
+REVISION="1"
+BUILD_DOCKER="yes"
+DEB_AMD64_BUILDER="deb_indexer_builder_amd64"
+DEB_BUILDER_DOCKERFILE="${CURRENT_PATH}/docker"
+FUTURE="no"
+
+trap ctrl_c INT
+
+clean() {
+    exit_code=$1
+
+    # Clean the files
+    rm -rf ${DOCKERFILE_PATH}/{*.sh,*.tar.gz,wazuh-*}
+
+    exit ${exit_code}
+}
+
+ctrl_c() {
+    clean 1
+}
+
+build_deb() {
+    CONTAINER_NAME="$1"
+    DOCKERFILE_PATH="$2"
+
+    # Copy the necessary files
+    cp ${CURRENT_PATH}/builder.sh ${DOCKERFILE_PATH}
+
+    # Build the Docker image
+    if [[ ${BUILD_DOCKER} == "yes" ]]; then
+        docker build -t ${CONTAINER_NAME} ${DOCKERFILE_PATH} || return 1
+    fi
+
+
+    # Build the Debian package with a Docker container
+    if [ "${REFERENCE}" ];then
+        docker run -t --rm -v ${OUTDIR}/:/tmp:Z \
+            ${CONTAINER_NAME} ${ARCHITECTURE} ${REVISION} \
+            ${FUTURE} ${REFERENCE} || return 1
+    else
+        docker run -t --rm -v ${OUTDIR}/:/tmp:Z \
+            -v ${CURRENT_PATH}/../../..:/root:Z \
+            ${CONTAINER_NAME} ${ARCHITECTURE} \
+            ${REVISION} ${FUTURE} || return 1
+    fi
+
+    echo "Package $(ls -Art ${OUTDIR} | tail -n 1) added to ${OUTDIR}."
+
+    return 0
+}
+
+build() {
+    BUILD_NAME=""
+    FILE_PATH=""
+    if [ "${ARCHITECTURE}" = "x86_64" ] || [ "${ARCHITECTURE}" = "amd64" ]; then
+        ARCHITECTURE="amd64"
+        BUILD_NAME="${DEB_AMD64_BUILDER}"
+        FILE_PATH="${DEB_BUILDER_DOCKERFILE}/${ARCHITECTURE}"
+    else
+        echo "Invalid architecture. Choose: amd64 (x86_64 is accepted too)"
+        return 1
+    fi
+    build_deb ${BUILD_NAME} ${FILE_PATH} || return 1
+
+    return 0
+}
+
+help() {
+    echo
+    echo "Usage: $0 [OPTIONS]"
+    echo
+    echo "    -a, --architecture <arch>  [Optional] Target architecture of the package [amd64]."
+    echo "    -r, --revision <rev>       [Optional] Package revision. By default: 1."
+    echo "    -s, --store <path>         [Optional] Set the destination path of package. By default, an output folder will be created."
+    echo "    --reference <ref>          [Optional] wazuh-packages branch to download SPECs, not used by default."
+    echo "    --dont-build-docker        [Optional] Locally built docker image will be used instead of generating a new one."
+    echo "    --future                   [Optional] Build test future package x.30.0 Used for development purposes."
+    echo "    -h, --help                 Show this help."
+    echo
+    exit $1
+}
+
+
+main() {
+    while [ -n "$1" ]
+    do
+        case "$1" in
+        "-h"|"--help")
+            help 0
+            ;;
+        "-a"|"--architecture")
+            if [ -n "$2" ]; then
+                ARCHITECTURE="$2"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "-r"|"--revision")
+            if [ -n "$2" ]; then
+                REVISION="$2"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "--reference")
+            if [ -n "$2" ]; then
+                REFERENCE="$2"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        "--dont-build-docker")
+            BUILD_DOCKER="no"
+            shift 1
+            ;;
+        "--future")
+            FUTURE="yes"
+            shift 1
+            ;;
+        "-s"|"--store")
+            if [ -n "$2" ]; then
+                OUTDIR="$2"
+                shift 2
+            else
+                help 1
+            fi
+            ;;
+        *)
+            help 1
+        esac
+    done
+
+    build || clean 1
+
+    clean 0
+}
+
+main "$@"

stack/indexer/deb/builder.sh

@@ -0,0 +1,70 @@
+#!/bin/bash
+
+# Wazuh package builder
+# Copyright (C) 2015-2022, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+set -ex
+# Script parameters to build the package
+target="wazuh-indexer"
+architecture=$1
+release=$2
+future=$3
+spec_reference=$4
+directory_base="/usr/share/wazuh-indexer"
+
+if [ -z "${release}" ]; then
+    release="1"
+fi
+
+if [ "${future}" = "yes" ];then
+    version="99.99.0"
+else
+    if [ "${spec_reference}" ];then
+        version=$(curl -sL https://raw.githubusercontent.com/wazuh/wazuh-packages/${spec_reference}/VERSION | cat)
+    else
+        version=$(cat /root/VERSION)
+    fi
+fi
+
+# Build directories
+build_dir=/build
+pkg_name="${target}-${version}"
+pkg_path="${build_dir}/${target}"
+sources_dir="${pkg_path}/${pkg_name}"
+
+mkdir -p ${sources_dir}/debian
+
+# Including spec file
+if [ "${spec_reference}" ];then
+    curl -sL https://github.com/wazuh/wazuh-packages/tarball/${spec_reference} | tar zx
+    cp -r ./wazuh*/stack/indexer/deb/debian/* ${sources_dir}/debian/
+    cp -r ./wazuh*/* /root/
+else
+    cp -r /root/stack/indexer/deb/debian/* ${sources_dir}/debian/
+fi
+
+# Generating directory structure to build the .deb package
+cd ${build_dir}/${target} && tar -czf ${pkg_name}.orig.tar.gz "${pkg_name}"
+
+# Configure the package with the different parameters
+sed -i "s:VERSION:${version}:g" ${sources_dir}/debian/changelog
+sed -i "s:RELEASE:${release}:g" ${sources_dir}/debian/changelog
+sed -i "s:export INSTALLATION_DIR=.*:export INSTALLATION_DIR=${directory_base}:g" ${sources_dir}/debian/rules
+
+# Installing build dependencies
+cd ${sources_dir}
+mk-build-deps -ir -t "apt-get -o Debug::pkgProblemResolver=yes -y"
+
+# Build package
+debuild -b -uc -us
+
+deb_file="${target}_${version}-${release}_${architecture}.deb"
+
+cd ${pkg_path} && sha512sum ${deb_file} > /tmp/${deb_file}.sha512
+
+mv ${pkg_path}/${deb_file} /tmp/

stack/indexer/deb/debian/changelog

@@ -0,0 +1,11 @@
+wazuh-indexer (VERSION-RELEASE) unstable; urgency=low
+
+  * More info: https://documentation.wazuh.com/current/release-notes/
+
+ -- Wazuh, Inc <[email protected]>  Wed, 5 Jan 2022 10:00:00 +0000
+
+wazuh-indexer (4.2.5-1) UNRELEASED; urgency=low
+
+  * More info: https://documentation.wazuh.com/current/release-notes/
+
+ -- Wazuh, Inc <[email protected]>  Mon, 15 Nov 2021 16:47:07 +0000

stack/indexer/deb/debian/compat

@@ -0,0 +1 @@
+8

stack/indexer/deb/debian/control

@@ -0,0 +1,15 @@
+Source: wazuh-indexer
+Section: admin
+Priority: extra
+Maintainer: Wazuh, Inc <[email protected]>
+Build-Depends: debhelper (>=9)
+Standards-Version: 4.0.0
+Homepage: https://www.wazuh.com
+
+Package: wazuh-indexer
+Architecture: any
+Depends: ${shlibs:Depends}, debconf, adduser, procps
+Description: Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform.
+ This Wazuh central component indexes and stores alerts generated by the Wazuh server.
+ Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability.
+ Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html

stack/indexer/deb/debian/copyright

@@ -0,0 +1,22 @@
+This work was packaged for Debian by:
+
+    Wazuh, Inc <[email protected]> on Fri, 14 Jan 2022 10:00:00 +0000
+
+It was downloaded from:
+
+    https://www.wazuh.com
+
+Copyright:
+
+    GNU General Public License version 2.
+
+License:
+
+    GNU General Public License version 2.
+
+The Debian packaging is:
+
+    Copyright (C) 2015-2022 Wazuh, Inc <[email protected]>
+
+and is licensed under the GPL version 2,
+see "/usr/share/common-licenses/GPL-2".

stack/indexer/deb/debian/postinst

@@ -0,0 +1,105 @@
+#!/bin/sh
+# postinst script for Wazuh-indexer
+# Copyright (C) 2015, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+
+#DEBHELPER#
+
+export NAME=wazuh-indexer
+export USER=${NAME}
+export GROUP=${NAME}
+export CONFIG_DIR=/etc/${NAME}
+export INSTALLATION_DIR=/usr/share/${NAME}
+export LOG_DIR=/var/log/${NAME}
+export PID_DIR=/run/${NAME}
+export LIB_DIR=/var/lib/${NAME}
+export SYS_DIR=/usr/lib
+
+set -e 
+
+#
+# This script is executed in the post-installation phase
+#
+#   On Debian,
+#       $1=configure : is set to 'configure' and if $2 is set, it is an upgrade
+
+# Source the default env file
+if [ -f "/etc/default/wazuh-indexer" ]; then
+    . "/etc/default/wazuh-indexer"
+fi
+
+# to pick up /usr/lib/sysctl.d/wazuh-indexer.conf
+if command -v systemctl > /dev/null 2>&1; then
+    systemctl restart systemd-sysctl.service > /dev/null 2>&1 || true
+fi
+
+# The codeblock below is using the fact that postinst script is called with the most-recently configured version.
+# In other words, a fresh installed will be called like "postinst configure" with no previous version ($2 is null)
+if [ -z "$2" ]; then
+  # If $2 is null, this is an install	
+
+  # Setting owner and group
+  chown -R ${USER}:${GROUP} ${CONFIG_DIR}
+  chown -R ${USER}:${GROUP} ${INSTALLATION_DIR}
+  chown -R ${USER}:${GROUP} ${LOG_DIR}
+
+  # Prepare the RCA reader process for execution
+  mkdir -p "/var/lib/wazuh-indexer"
+  echo 'true' > ${LIB_DIR}/performance_analyzer_enabled.conf
+  echo 'true' > ${LIB_DIR}/rca_enabled.conf
+  # This is needed by the performance-analyzer service
+  echo 'false' > ${LIB_DIR}/batch_metrics_enabled.conf
+  chown ${USER}:${GROUP} ${LIB_DIR}/performance_analyzer_enabled.conf
+  chown ${USER}:${GROUP} ${LIB_DIR}/rca_enabled.conf
+  chown ${USER}:${GROUP} ${LIB_DIR}/batch_metrics_enabled.conf
+  chown ${USER}:${GROUP} ${LIB_DIR}
+
+  # ---------------------------------------------------------------------------
+
+  # Setting performance analyzer options
+  CLK_TCK=$(getconf CLK_TCK)
+  echo >> /etc/wazuh-indexer/jvm.options
+  echo '## OpenDistro Performance Analyzer' >> /etc/wazuh-indexer/jvm.options
+  echo "-Dclk.tck=$CLK_TCK" >> /etc/wazuh-indexer/jvm.options
+  echo "-Djdk.attach.allowAttachSelf=true" >> /etc/wazuh-indexer/jvm.options
+  echo "-Djava.security.policy=file:///usr/share/wazuh-indexer/plugins/opendistro-performance-analyzer/pa_config/es_security.policy" >> /etc/wazuh-indexer/jvm.options
+
+  # ---------------------------------------------------------------------------
+
+  # Setting Indexer default configuration
+  echo "${USER} hard nproc 4096" >> /etc/security/limits.conf
+  echo "${USER} soft nproc 4096" >> /etc/security/limits.conf
+  echo "${USER} hard nofile 65535" >> /etc/security/limits.conf
+  echo "${USER} soft nofile 65535" >> /etc/security/limits.conf
+
+else
+  # Otherwise it is an upgrade
+    echo -n "Restarting wazuh-indexer service..."
+    if command -v systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-indexer > /dev/null 2>&1; then
+        systemctl daemon-reload > /dev/null 2>&1
+        systemctl restart wazuh-indexer.service > /dev/null 2>&1
+
+    # Check for SysV
+    elif command -v service > /dev/null 2>&1; then
+        service wazuh-indexer restart > /dev/null 2>&1
+
+    elif [ -x /etc/init.d/wazuh-indexer ]; then
+        if command -v invoke-rc.d >/dev/null; then
+            invoke-rc.d wazuh-indexer restart > /dev/null 2>&1
+        else
+            /etc/init.d/wazuh-indexer restart > /dev/null 2>&1
+        fi
+
+    # Older Suse linux distributions do not ship with systemd
+    # but do not have an /etc/init.d/ directory
+    # this tries to stop the wazuh-indexer service on these
+    # as well without failing this script
+    elif [ -x /etc/rc.d/init.d/wazuh-indexer ]; then
+        /etc/rc.d/init.d/wazuh-indexer restart > /dev/null 2>&1
+    fi
+    echo " OK"
+fi