From aeacde2118695e8a28e15a37bc89bc1a53414c44 Mon Sep 17 00:00:00 2001 From: Federico Gustavo Galland <99492720+f-galland@users.noreply.github.com> Date: Fri, 19 Jan 2024 10:47:47 -0300 Subject: [PATCH] Add `wazuh-template.json` to packages (#116) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Download wazuh-template.json from wazuh/wazuh repo * Add wazuh-template.json to RPM package spec * Setting wazuh-template.json attributes to 660 * Change wazuh-template.json attributes in debmake_install.sh * Put template download command within a function * Small fixes and format * Apply correct file permissions to the wazuh-template.json --------- Co-authored-by: Álex Ruiz --- .gitignore | 5 +- .../packages/src/deb/debmake_install.sh | 3 +- .../packages/src/rpm/wazuh-indexer.rpm.spec | 9 +- scripts/build.sh | 115 ++++++++++-------- 4 files changed, 76 insertions(+), 56 deletions(-) diff --git a/.gitignore b/.gitignore index 36172e2b263aa..13c0ba149b575 100644 --- a/.gitignore +++ b/.gitignore @@ -65,4 +65,7 @@ testfixtures_shared/ .ci/jobs/ # build files generated -doc-tools/missing-doclet/bin/ \ No newline at end of file +doc-tools/missing-doclet/bin/ + +# Wazuh template (currently downloaded from the wazuh/wazuh repo directly) +distribution/src/config/wazuh-template.json diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh index 3e0f4141c87d0..4647707b2da3f 100644 --- a/distribution/packages/src/deb/debmake_install.sh +++ b/distribution/packages/src/deb/debmake_install.sh @@ -18,7 +18,7 @@ fi curdir=$1 product_dir=/usr/share/wazuh-indexer -# config_dir=/etc/wazuh-indexer +config_dir=/etc/wazuh-indexer data_dir=/var/lib/wazuh-indexer log_dir=/var/log/wazuh-indexer pid_dir=/run/wazuh-indexer @@ -38,5 +38,6 @@ fi # Change Permissions chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/* +chmod -c 660 "${buildroot}${config_dir}"/wazuh-template.json exit 0 diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec index 9f89b01056993..7fb81f68f22b7 100644 --- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec +++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec @@ -64,9 +64,10 @@ mkdir -p %{buildroot}%{pid_dir} mkdir -p %{buildroot}%{product_dir}/plugins # Install directories/files cp -a etc usr var %{buildroot} -chmod 0755 %{buildroot}%{product_dir}/bin/* +chmod 0750 %{buildroot}%{product_dir}/bin/* if [ -d %{buildroot}%{product_dir}/plugins/opensearch-security ]; then - chmod 0755 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/* + chmod 0640 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/* + chmod 0740 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*.sh fi # Pre-populate the folders to ensure rpm build success even without all plugins mkdir -p %{buildroot}%{config_dir}/opensearch-observability @@ -192,9 +193,7 @@ exit 0 # Wazuh additional files %attr(440, %{name}, %{name}) %{product_dir}/VERSION -%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-security-init.sh -%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-ism-init.sh -%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-init.sh +%attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json %changelog * Thu Mar 28 2024 support - 4.9.0 diff --git a/scripts/build.sh b/scripts/build.sh index 92e1995e57e04..c7fad736eaf3d 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -24,45 +24,48 @@ function usage() { echo -e "-h help" } -while getopts ":h:v:q:s:o:p:a:d:r:" arg; do +while getopts ":h:v:q:s:o:p:a:d:r:b:" arg; do case $arg in - h) - usage - exit 1 - ;; - v) - VERSION=$OPTARG - ;; - q) - QUALIFIER=$OPTARG - ;; - s) - SNAPSHOT=$OPTARG - ;; - o) - OUTPUT=$OPTARG - ;; - p) - PLATFORM=$OPTARG - ;; - a) - ARCHITECTURE=$OPTARG - ;; - d) - DISTRIBUTION=$OPTARG - ;; - r) - REVISION=$OPTARG - ;; - :) - echo "Error: -${OPTARG} requires an argument" - usage - exit 1 - ;; - ?) - echo "Invalid option: -${arg}" - exit 1 - ;; + h) + usage + exit 1 + ;; + v) + VERSION=$OPTARG + ;; + q) + QUALIFIER=$OPTARG + ;; + s) + SNAPSHOT=$OPTARG + ;; + o) + OUTPUT=$OPTARG + ;; + p) + PLATFORM=$OPTARG + ;; + a) + ARCHITECTURE=$OPTARG + ;; + d) + DISTRIBUTION=$OPTARG + ;; + r) + REVISION=$OPTARG + ;; + b) + BRANCH=$OPTARG + ;; + :) + echo "Error: -${OPTARG} requires an argument" + usage + exit 1 + ;; + ?) + echo "Invalid option: -${arg}" + exit 1 + ;; esac done @@ -96,16 +99,33 @@ cp -r ./build/local-test-repo/org/opensearch "${OUTPUT}"/maven/org [ -z "$ARCHITECTURE" ] && ARCHITECTURE=$(uname -m) [ -z "$DISTRIBUTION" ] && DISTRIBUTION="tar" [ -z "$REVISION" ] && REVISION="1" +[ -z "$BRANCH" ] && BRANCH="master" + +# ==== +# Function to download the alerts template +# ==== +function download_template() { + echo "Downloading wazuh-template.json" + local download_url="https://raw.githubusercontent.com/wazuh/wazuh/${BRANCH}/extensions/elasticsearch/7.x/wazuh-template.json" + + if ! curl -s "${download_url}" -o distribution/src/config/wazuh-template.json; then + echo "Unable to download wazuh-template.json" + return 1 + fi + + echo "Successfully downloaded wazuh-template.json" + return 0 +} case $PLATFORM-$DISTRIBUTION-$ARCHITECTURE in - linux-tar-x64|darwin-tar-x64) + linux-tar-x64 | darwin-tar-x64) PACKAGE="tar" EXT="tar.gz" TYPE="archives" TARGET="$PLATFORM-$PACKAGE" SUFFIX="$PLATFORM-x64" ;; - linux-tar-arm64|darwin-tar-arm64) + linux-tar-arm64 | darwin-tar-arm64) PACKAGE="tar" EXT="tar.gz" TYPE="archives" @@ -162,25 +182,22 @@ esac echo "Building OpenSearch for $PLATFORM-$DISTRIBUTION-$ARCHITECTURE" +if ! download_template; then + exit 1 +fi + ./gradlew ":distribution:$TYPE:$TARGET:assemble" -Dbuild.snapshot="$SNAPSHOT" -Dbuild.version_qualifier="$QUALIFIER" # Copy artifact to dist folder in bundle build output echo "Copying artifact to ${OUTPUT}/dist" -# [[ "$SNAPSHOT" == "true" ]] && IDENTIFIER="-SNAPSHOT" - ARTIFACT_BUILD_NAME=$(ls "distribution/$TYPE/$TARGET/build/distributions/" | grep "wazuh-indexer-min.*$SUFFIX.$EXT") - GIT_COMMIT=$(git rev-parse --short HEAD) - WI_VERSION=$( "$OUTPUT/artifact_min_name.txt" +# Used by the GH workflow to upload the artifact +echo "$ARTIFACT_PACKAGE_NAME" >"$OUTPUT/artifact_min_name.txt" mkdir -p "${OUTPUT}/dist" cp "distribution/$TYPE/$TARGET/build/distributions/$ARTIFACT_BUILD_NAME" "${OUTPUT}/dist/$ARTIFACT_PACKAGE_NAME"