From 90835fe3088513a6c8ca92f4938acb4209f9deaf Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Fri, 19 Jan 2024 17:24:21 -0300
Subject: [PATCH 1/7] Fine tuning permissions on RPM spec file

---
 .../packages/src/rpm/wazuh-indexer.rpm.spec   | 60 +++++++++++--------
 1 file changed, 35 insertions(+), 25 deletions(-)

diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
index 7fb81f68f22b7..503ea125248d9 100644
--- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -64,10 +64,9 @@ mkdir -p %{buildroot}%{pid_dir}
 mkdir -p %{buildroot}%{product_dir}/plugins
 # Install directories/files
 cp -a etc usr var %{buildroot}
-chmod 0750 %{buildroot}%{product_dir}/bin/*
+chmod 0755 %{buildroot}%{product_dir}/bin/*
 if [ -d %{buildroot}%{product_dir}/plugins/opensearch-security ]; then
-    chmod 0640 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*
-    chmod 0740 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*.sh
+    chmod 0755 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*
 fi
 # Pre-populate the folders to ensure rpm build success even without all plugins
 mkdir -p %{buildroot}%{config_dir}/opensearch-observability
@@ -153,47 +152,58 @@ fi
 exit 0
 
 %files
-# Permissions
-%defattr(-, %{name}, %{name})
+%defattr(640, %{name}, %{name}, 750)
 
 # Root dirs/docs/licenses
+%{data_dir}
+%{config_dir}
+%dir %{log_dir}
+%dir %{pid_dir}
 %dir %{product_dir}
+%dir %{product_dir}/bin
 %doc %{product_dir}/NOTICE.txt
 %doc %{product_dir}/README.md
 %license %{product_dir}/LICENSE.txt
 
-# Config dirs/files
-%dir %{config_dir}
-%{config_dir}/jvm.options.d
-%{config_dir}/opensearch-*
-%config(noreplace) %{config_dir}/opensearch.yml
-%config(noreplace) %{config_dir}/jvm.options
-%config(noreplace) %{config_dir}/log4j2.properties
-%config(noreplace) %{data_dir}/rca_enabled.conf
-%config(noreplace) %{data_dir}/performance_analyzer_enabled.conf
-
 # Service files
 %attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}.service
 %attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}-performance-analyzer.service
 %attr(0644, root, root) %{_sysconfdir}/init.d/%{name}
-%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
 %attr(0644, root, root) %config(noreplace) %{_prefix}/lib/sysctl.d/%{name}.conf
 %attr(0644, root, root) %config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf
 
-# Main dirs
-%{product_dir}/bin
-%{product_dir}/jdk
+# Binary files
 %{product_dir}/lib
 %{product_dir}/modules
-%{product_dir}/performance-analyzer-rca
 %{product_dir}/plugins
-%{log_dir}
-%{pid_dir}
-%dir %{data_dir}
+%{product_dir}/performance-analyzer-rca
+%{product_dir}/jdk/{conf,include,jmods,legal,lib,man,release,NOTICE}
+%exclude %{product_dir}/plugins/opensearch-security/tools/*.sh
+%exclude %{product_dir}/performance-analyzer-rca/bin/{performance-analyzer-rca,performance-analyzer-agent}
+%exclude %{product_dir}/jdk/lib/{jspawnhelper,modules}
+
+# Configuration files
+%config(noreplace) %attr(0660, root, %{name}) "%{_sysconfdir}/sysconfig/%{name}"
+%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/log4j2.properties
+%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/jvm.options
+%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch.yml
+
+
+###
+###	TODO: Need to make at least these two below dependent on whether plugins are built
+###
+#%%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch-observability/observability.yml
+#%%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml
+
 
-# Wazuh additional files
+# Files that need other permissions
 %attr(440, %{name}, %{name}) %{product_dir}/VERSION
-%attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json
+%attr(740, %{name}, %{name}) %{product_dir}/plugins/opensearch-security/tools/*.sh
+%attr(750, %{name}, %{name}) %{product_dir}/bin/*
+%attr(750, %{name}, %{name}) %{product_dir}/jdk/bin/*
+%attr(750, %{name}, %{name}) %{product_dir}/jdk/lib/jspawnhelper
+%attr(750, %{name}, %{name}) %{product_dir}/jdk/lib/modules
+%attr(750, %{name}, %{name}) %{product_dir}/performance-analyzer-rca/bin/*
 
 %changelog
 * Thu Mar 28 2024 support <info@wazuh.com> - 4.9.0

From 4af38ce8ff85002c989489be2501d0fcd280f1bb Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Mon, 22 Jan 2024 16:01:26 -0300
Subject: [PATCH 2/7] Build a list of files to be packaged excluding items that
 need special permissions

---
 .../packages/src/rpm/wazuh-indexer.rpm.spec   | 69 +++++++++++++------
 1 file changed, 47 insertions(+), 22 deletions(-)

diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
index 503ea125248d9..c990d84e4ec1b 100644
--- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -54,7 +54,9 @@ For more information, see: https://www.wazuh.com/
 # No-op. We are using dir so no need to setup.
 
 %build
-# No-op. This is all pre-built Java. Nothing to do here.
+
+%define observability_plugin %( if [ -f %{_topdir}/etc/wazuh-indexer/opensearch-observability/observability.yml ]; then echo "1" ; else echo "0"; fi )
+%define reportsscheduler_plugin %( if [ -f %{_topdir}/etc/wazuh-indexer/opensearch-reports-scheduler/reports-scheduler.yml ]; then echo "1" ; else echo "0"; fi )
 
 %install
 set -e
@@ -80,6 +82,35 @@ fi
 if [ ! -f %{buildroot}%{data_dir}/performance_analyzer_enabled.conf ]; then
     echo 'true' > %{buildroot}%{data_dir}/performance_analyzer_enabled.conf
 fi
+
+find %{buildroot} -type f > filelist.txt
+sed -i 's|%{buildroot}||' filelist.txt
+
+set -- "%{_sysconfdir}/sysconfig/%{name}"
+set -- "$@" "%{config_dir}/log4j2.properties"
+set -- "$@" "%{config_dir}/jvm.options"
+set -- "$@" "%{config_dir}/opensearch.yml"
+set -- "$@" "%{config_dir}/opensearch-observability/observability.yml"
+set -- "$@" "%{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml"
+set -- "$@" "%{product_dir}/VERSION"
+set -- "$@" "%{product_dir}/plugins/opensearch-security/tools/.*\.sh"
+set -- "$@" "%{product_dir}/bin/.*"
+set -- "$@" "%{product_dir}/jdk/bin/.*"
+set -- "$@" "%{product_dir}/jdk/lib/jspawnhelper"
+set -- "$@" "%{product_dir}/jdk/lib/modules"
+set -- "$@" "%{product_dir}/performance-analyzer-rca/bin/.*"
+set -- "$@" "%{product_dir}/NOTICE.txt"
+set -- "$@" "%{product_dir}/README.md"
+set -- "$@" "%{product_dir}/LICENSE.txt"
+
+
+for i in "$@"
+do
+	sed -ri "\|^$i$|d" filelist.txt
+done
+
+
+
 # Change Permissions
 chmod -Rf a+rX,u+w,g-w,o-w %{buildroot}/*
 exit 0
@@ -151,12 +182,12 @@ if command -v systemctl >/dev/null && systemctl is-active %{name}-performance-an
 fi
 exit 0
 
-%files
+%files -f %{_topdir}/filelist.txt
 %defattr(640, %{name}, %{name}, 750)
 
 # Root dirs/docs/licenses
-%{data_dir}
-%{config_dir}
+%dir %{data_dir}
+%dir %{config_dir}
 %dir %{log_dir}
 %dir %{pid_dir}
 %dir %{product_dir}
@@ -166,21 +197,13 @@ exit 0
 %license %{product_dir}/LICENSE.txt
 
 # Service files
-%attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}.service
-%attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}-performance-analyzer.service
-%attr(0644, root, root) %{_sysconfdir}/init.d/%{name}
-%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/sysctl.d/%{name}.conf
-%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf
 
 # Binary files
-%{product_dir}/lib
-%{product_dir}/modules
-%{product_dir}/plugins
-%{product_dir}/performance-analyzer-rca
-%{product_dir}/jdk/{conf,include,jmods,legal,lib,man,release,NOTICE}
-%exclude %{product_dir}/plugins/opensearch-security/tools/*.sh
-%exclude %{product_dir}/performance-analyzer-rca/bin/{performance-analyzer-rca,performance-analyzer-agent}
-%exclude %{product_dir}/jdk/lib/{jspawnhelper,modules}
+%dir %{product_dir}/lib
+%dir %{product_dir}/modules
+%dir %{product_dir}/plugins
+%dir %{product_dir}/performance-analyzer-rca
+%dir %{product_dir}/jdk/{bin,conf,include,jmods,legal,lib,man,release}
 
 # Configuration files
 %config(noreplace) %attr(0660, root, %{name}) "%{_sysconfdir}/sysconfig/%{name}"
@@ -189,11 +212,13 @@ exit 0
 %config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch.yml
 
 
-###
-###	TODO: Need to make at least these two below dependent on whether plugins are built
-###
-#%%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch-observability/observability.yml
-#%%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml
+%if %observability_plugin
+%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch-observability/observability.yml
+%endif
+
+%if %reportsscheduler_plugin
+%config(noreplace) %attr(660, %{name}, %{name}) %{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml
+%endif
 
 
 # Files that need other permissions

From 175213026c9b010739bf6982127125b02ad4d39a Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Tue, 23 Jan 2024 08:12:05 -0300
Subject: [PATCH 3/7] Fix bad permissions on directories

---
 .../packages/src/rpm/wazuh-indexer.rpm.spec   | 64 ++++++++++++++-----
 1 file changed, 47 insertions(+), 17 deletions(-)

diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
index c990d84e4ec1b..f9244d30783ac 100644
--- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -83,15 +83,36 @@ if [ ! -f %{buildroot}%{data_dir}/performance_analyzer_enabled.conf ]; then
     echo 'true' > %{buildroot}%{data_dir}/performance_analyzer_enabled.conf
 fi
 
-find %{buildroot} -type f > filelist.txt
+
+# Build a filelist to be included in the %files section
+echo '%defattr(640, %{name}, %{name}, 750)' > filelist.txt
+find %{buildroot} -type d >> filelist.txt
+sed -i 's|%{buildroot}|%%dir |' filelist.txt
+find %{buildroot} -type f >> filelist.txt
 sed -i 's|%{buildroot}||' filelist.txt
 
-set -- "%{_sysconfdir}/sysconfig/%{name}"
+
+# The %install section gets executed under a dash shell,
+# which doesn't have array structures.
+# Below, we are building a list of directories
+# which will later be excluded from filelist.txt
+set -- "%%dir %{_sysconfdir}"
+set -- "$@" "%%dir %{_sysconfdir}/sysconfig"
+set -- "$@" "%%dir /usr"
+set -- "$@" "%%dir /usr/lib"
+set -- "$@" "%%dir /usr/share"
+set -- "$@" "%%dir /var"
+set -- "$@" "%%dir /var/lib"
+set -- "$@" "%%dir /var/log"
+set -- "$@" "%%dir /etc/init.d"
+set -- "$@" "%%dir /usr/lib/sysctl.d"
+set -- "$@" "%%dir /usr/lib/systemd"
+set -- "$@" "%%dir /usr/lib/systemd"
+set -- "$@" "%{_sysconfdir}/sysconfig/%{name}"
 set -- "$@" "%{config_dir}/log4j2.properties"
 set -- "$@" "%{config_dir}/jvm.options"
 set -- "$@" "%{config_dir}/opensearch.yml"
-set -- "$@" "%{config_dir}/opensearch-observability/observability.yml"
-set -- "$@" "%{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml"
+set -- "$@" "%{config_dir}/wazuh-template.json"
 set -- "$@" "%{product_dir}/VERSION"
 set -- "$@" "%{product_dir}/plugins/opensearch-security/tools/.*\.sh"
 set -- "$@" "%{product_dir}/bin/.*"
@@ -102,7 +123,23 @@ set -- "$@" "%{product_dir}/performance-analyzer-rca/bin/.*"
 set -- "$@" "%{product_dir}/NOTICE.txt"
 set -- "$@" "%{product_dir}/README.md"
 set -- "$@" "%{product_dir}/LICENSE.txt"
+set -- "$@" "%{_prefix}/lib/systemd/system/%{name}.service"
+set -- "$@" "%{_prefix}/lib/systemd/system/%{name}-performance-analyzer.service"
+set -- "$@" "%{_sysconfdir}/init.d/%{name}"
+set -- "$@" "%{_sysconfdir}/sysconfig/%{name}"
+set -- "$@" "%{_prefix}/lib/sysctl.d/%{name}.conf"
+set -- "$@" "%{_prefix}/lib/tmpfiles.d/%{name}.conf"
+set -- "$@" "%%dir %{product_dir}/bin/opensearch-performance-analyzer"
+
+# Check if we are including the observability and reports scheduler
+# plugins
+if [ %observability_plugin -eq 1 ]; then
+set -- "$@" "%{config_dir}/opensearch-observability/observability.yml"
+fi
 
+if [ %reportsscheduler_plugin -eq 1 ]; then
+set -- "$@" "%{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml"
+fi
 
 for i in "$@"
 do
@@ -185,25 +222,17 @@ exit 0
 %files -f %{_topdir}/filelist.txt
 %defattr(640, %{name}, %{name}, 750)
 
-# Root dirs/docs/licenses
-%dir %{data_dir}
-%dir %{config_dir}
-%dir %{log_dir}
-%dir %{pid_dir}
-%dir %{product_dir}
-%dir %{product_dir}/bin
 %doc %{product_dir}/NOTICE.txt
 %doc %{product_dir}/README.md
 %license %{product_dir}/LICENSE.txt
 
 # Service files
+%attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}.service
+%attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}-performance-analyzer.service
+%attr(0644, root, root) %{_sysconfdir}/init.d/%{name}
+%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/sysctl.d/%{name}.conf
+%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf
 
-# Binary files
-%dir %{product_dir}/lib
-%dir %{product_dir}/modules
-%dir %{product_dir}/plugins
-%dir %{product_dir}/performance-analyzer-rca
-%dir %{product_dir}/jdk/{bin,conf,include,jmods,legal,lib,man,release}
 
 # Configuration files
 %config(noreplace) %attr(0660, root, %{name}) "%{_sysconfdir}/sysconfig/%{name}"
@@ -229,6 +258,7 @@ exit 0
 %attr(750, %{name}, %{name}) %{product_dir}/jdk/lib/jspawnhelper
 %attr(750, %{name}, %{name}) %{product_dir}/jdk/lib/modules
 %attr(750, %{name}, %{name}) %{product_dir}/performance-analyzer-rca/bin/*
+%attr(660, %{name}, %{name}) %{config_dir}/wazuh-template.json
 
 %changelog
 * Thu Mar 28 2024 support <info@wazuh.com> - 4.9.0

From 1eba62c35c5625470b51822add4b1abbb1efd42b Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Tue, 23 Jan 2024 08:18:28 -0300
Subject: [PATCH 4/7] Remove system directories from packaging definition

---
 distribution/packages/src/rpm/wazuh-indexer.rpm.spec | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
index f9244d30783ac..549cde92e7a09 100644
--- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -98,13 +98,15 @@ sed -i 's|%{buildroot}||' filelist.txt
 # which will later be excluded from filelist.txt
 set -- "%%dir %{_sysconfdir}"
 set -- "$@" "%%dir %{_sysconfdir}/sysconfig"
+set -- "$@" "%%dir %{_sysconfdir}/init.d"
 set -- "$@" "%%dir /usr"
 set -- "$@" "%%dir /usr/lib"
+set -- "$@" "%%dir /usr/lib/systemd/system"
+set -- "$@" "%%dir /usr/lib/tmpfiles.d"
 set -- "$@" "%%dir /usr/share"
 set -- "$@" "%%dir /var"
 set -- "$@" "%%dir /var/lib"
 set -- "$@" "%%dir /var/log"
-set -- "$@" "%%dir /etc/init.d"
 set -- "$@" "%%dir /usr/lib/sysctl.d"
 set -- "$@" "%%dir /usr/lib/systemd"
 set -- "$@" "%%dir /usr/lib/systemd"

From 49ec5968a2018404374a0cfaf3596a73d1987ff0 Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Tue, 23 Jan 2024 15:15:57 -0300
Subject: [PATCH 5/7] Changing permissions on deb packages

---
 .../packages/src/deb/debmake_install.sh       | 85 ++++++++++++++++---
 1 file changed, 74 insertions(+), 11 deletions(-)

diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh
index 4647707b2da3f..d1b66a51a984d 100644
--- a/distribution/packages/src/deb/debmake_install.sh
+++ b/distribution/packages/src/deb/debmake_install.sh
@@ -17,12 +17,17 @@ if [ -z "$1" ]; then
 fi
 
 curdir=$1
-product_dir=/usr/share/wazuh-indexer
-config_dir=/etc/wazuh-indexer
-data_dir=/var/lib/wazuh-indexer
-log_dir=/var/log/wazuh-indexer
-pid_dir=/run/wazuh-indexer
-buildroot=${curdir}/debian/wazuh-indexer
+
+name="wazuh-indexer"
+
+product_dir="/usr/share/${name}"
+config_dir="/etc/${name}"
+data_dir="/var/lib/${name}"
+log_dir="/var/log/${name}"
+pid_dir="/run/${name}"
+service_dir="/usr/lib/systemd/system"
+
+buildroot="${curdir}/debian/${name}"
 
 # Create necessary directories
 mkdir -p "${buildroot}"
@@ -31,13 +36,71 @@ mkdir -p "${buildroot}${product_dir}/plugins"
 
 # Install directories/files
 cp -a "${curdir}"/etc "${curdir}"/usr "${curdir}"/var "${buildroot}"/
-chmod -c 0755 "${buildroot}${product_dir}"/bin/*
-if [ -d "${buildroot}${product_dir}"/plugins/opensearch-security ]; then
-    chmod -c 0755 "${buildroot}${product_dir}"/plugins/opensearch-security/tools/*
+
+# General permissions for most of the package's files:
+find "${buildroot}" -type d -exec chmod 750 {} \;
+find "${buildroot}" -type f -exec chmod 640 {} \;
+
+
+# Permissions for the Systemd files
+systemd_files=()
+systemd_files+=(${buildroot}/${service_dir}/${name}.service)
+systemd_files+=(${buildroot}/${service_dir}/${name}-performance-analyzer.service)
+systemd_files+=(${buildroot}/${service_dir}/${name}-performance-analyzer.service)
+systemd_files+=(${buildroot}/etc/init.d/${name})
+systemd_files+=(${buildroot}/usr/lib/sysctl.d/${name}.conf)
+systemd_files+=(${buildroot}/usr/lib/tmpfiles.d/${name}.conf)
+
+for i in ${systemd_files[@]}
+do
+	chmod -c 0644 $i
+done
+
+# Permissions for config files
+config_files=()
+config_files+=(${buildroot}/${config_dir}/log4j2.properties)
+config_files+=(${buildroot}/${config_dir}/jvm.options)
+config_files+=(${buildroot}/${config_dir}/opensearch.yml)
+
+for i in ${config_files[@]}
+do
+	chmod -c 0660 $i
+done
+
+
+# Plugin-related files
+if [ -e ${buildroot}/${config_dir}/opensearch-observability/observability.yml ]
+then
+	chmod -c 660 ${buildroot}/${config_dir}/opensearch-observability/observability.yml
+fi
+
+if [ -e ${buildroot}/${config_dir}/opensearch-reports-scheduler/reports-scheduler.yml ]
+then
+	chmod -c 660 ${buildroot}/${config_dir}/opensearch-reports-scheduler/reports-scheduler.yml
 fi
 
+
+# Files that need other permissions
+chmod -c 440 ${buildroot}${product_dir}/VERSION
+if [ -d "${buildroot}${product_dir}/plugins/opensearch-security" ]; then
+    chmod -c 0740 ${buildroot}${product_dir}/plugins/opensearch-security/tools/*.sh
+fi
+
+binary_files=()
+binary_files+=(${buildroot}${product_dir}/bin/*)
+binary_files+=(${buildroot}${product_dir}/jdk/bin/*)
+binary_files+=(${buildroot}${product_dir}/jdk/lib/jspawnhelper)
+binary_files+=(${buildroot}${product_dir}/jdk/lib/modules)
+binary_files+=(${buildroot}${product_dir}/performance-analyzer-rca/bin/*)
+
+for i in ${binary_files[@]}
+do
+	chmod -c 750 $i
+done
+
+chmod -c 660 "${buildroot}${config_dir}/wazuh-template.json"
+
 # Change Permissions
-chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/*
-chmod -c 660 "${buildroot}${config_dir}"/wazuh-template.json
+#chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/*
 
 exit 0

From df04e5d126bd90137564224cfeaa156b575babac Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Wed, 24 Jan 2024 08:27:55 -0300
Subject: [PATCH 6/7] Skip unneeded dh_fixperms stage in debian/rules

---
 distribution/packages/src/deb/debian/rules | 9 +++++++++
 scripts/assemble.sh                        | 3 +++
 2 files changed, 12 insertions(+)

diff --git a/distribution/packages/src/deb/debian/rules b/distribution/packages/src/deb/debian/rules
index 1e13c8d707b1d..7c0d55900543c 100644
--- a/distribution/packages/src/deb/debian/rules
+++ b/distribution/packages/src/deb/debian/rules
@@ -13,9 +13,18 @@
 #export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
 #export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
 
+SHELL != sh -c "command -v /bin/bash"
+.ONESHELL:
+
 %:
 	dh $@
 
+override_dh_strip_nondeterminism:
+	echo "Skipping dh_strip_nondeterminism"
+
+override_dh_fixperms:
+	echo "Skipping dh_fixperms"
+
 override_dh_builddeb:
 	dh_builddeb -- -Zgzip
 
diff --git a/scripts/assemble.sh b/scripts/assemble.sh
index acadc71f2a5bf..d3dc2a29f1e99 100755
--- a/scripts/assemble.sh
+++ b/scripts/assemble.sh
@@ -349,6 +349,9 @@ function assemble_deb() {
     remove_unneeded_files
     add_wazuh_tools "${version}"
 
+		# Configure debmake to only generate binaries
+		echo 'DEBUILD_DPKG_BUILDPACKAGE_OPTS="-us -uc -ui -b"' > ~/.devscripts
+
     # Generate final package
     debmake \
         --fullname "Wazuh Team" \

From 3fcee6cbfb93e4e44d79ff01b9585b27e5a1fffe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com>
Date: Tue, 30 Jan 2024 13:56:51 +0100
Subject: [PATCH 7/7] Clean & format

---
 distribution/packages/src/deb/debian/rules    |  6 --
 .../packages/src/deb/debmake_install.sh       | 75 ++++++++-----------
 .../packages/src/rpm/wazuh-indexer.rpm.spec   | 22 +++---
 scripts/assemble.sh                           |  4 +-
 4 files changed, 45 insertions(+), 62 deletions(-)

diff --git a/distribution/packages/src/deb/debian/rules b/distribution/packages/src/deb/debian/rules
index 7c0d55900543c..cff9a800ada88 100644
--- a/distribution/packages/src/deb/debian/rules
+++ b/distribution/packages/src/deb/debian/rules
@@ -30,9 +30,3 @@ override_dh_builddeb:
 
 override_dh_gencontrol:
 	dh_gencontrol -- -DLicense=Apache-2.0
-
-#override_dh_auto_install:
-#	dh_auto_install -- prefix=/usr
-
-#override_dh_install:
-#	dh_install --list-missing -X.pyc -X.pyo
diff --git a/distribution/packages/src/deb/debmake_install.sh b/distribution/packages/src/deb/debmake_install.sh
index d1b66a51a984d..74064f87620e6 100644
--- a/distribution/packages/src/deb/debmake_install.sh
+++ b/distribution/packages/src/deb/debmake_install.sh
@@ -12,8 +12,8 @@
 set -ex
 
 if [ -z "$1" ]; then
-    echo "Missing curdir path"
-    exit 1
+	echo "Missing curdir path"
+	exit 1
 fi
 
 curdir=$1
@@ -22,8 +22,8 @@ name="wazuh-indexer"
 
 product_dir="/usr/share/${name}"
 config_dir="/etc/${name}"
-data_dir="/var/lib/${name}"
-log_dir="/var/log/${name}"
+# data_dir="/var/lib/${name}"
+# log_dir="/var/log/${name}"
 pid_dir="/run/${name}"
 service_dir="/usr/lib/systemd/system"
 
@@ -41,66 +41,55 @@ cp -a "${curdir}"/etc "${curdir}"/usr "${curdir}"/var "${buildroot}"/
 find "${buildroot}" -type d -exec chmod 750 {} \;
 find "${buildroot}" -type f -exec chmod 640 {} \;
 
-
 # Permissions for the Systemd files
 systemd_files=()
-systemd_files+=(${buildroot}/${service_dir}/${name}.service)
-systemd_files+=(${buildroot}/${service_dir}/${name}-performance-analyzer.service)
-systemd_files+=(${buildroot}/${service_dir}/${name}-performance-analyzer.service)
-systemd_files+=(${buildroot}/etc/init.d/${name})
-systemd_files+=(${buildroot}/usr/lib/sysctl.d/${name}.conf)
-systemd_files+=(${buildroot}/usr/lib/tmpfiles.d/${name}.conf)
-
-for i in ${systemd_files[@]}
-do
-	chmod -c 0644 $i
+systemd_files+=("${buildroot}/${service_dir}/${name}.service")
+systemd_files+=("${buildroot}/${service_dir}/${name}-performance-analyzer.service")
+systemd_files+=("${buildroot}/${service_dir}/${name}-performance-analyzer.service")
+systemd_files+=("${buildroot}/etc/init.d/${name}")
+systemd_files+=("${buildroot}/usr/lib/sysctl.d/${name}.conf")
+systemd_files+=("${buildroot}/usr/lib/tmpfiles.d/${name}.conf")
+
+for i in "${systemd_files[@]}"; do
+	chmod -c 0644 "$i"
 done
 
 # Permissions for config files
 config_files=()
-config_files+=(${buildroot}/${config_dir}/log4j2.properties)
-config_files+=(${buildroot}/${config_dir}/jvm.options)
-config_files+=(${buildroot}/${config_dir}/opensearch.yml)
+config_files+=("${buildroot}/${config_dir}/log4j2.properties")
+config_files+=("${buildroot}/${config_dir}/jvm.options")
+config_files+=("${buildroot}/${config_dir}/opensearch.yml")
 
-for i in ${config_files[@]}
-do
-	chmod -c 0660 $i
+for i in "${config_files[@]}"; do
+	chmod -c 0660 "$i"
 done
 
-
 # Plugin-related files
-if [ -e ${buildroot}/${config_dir}/opensearch-observability/observability.yml ]
-then
-	chmod -c 660 ${buildroot}/${config_dir}/opensearch-observability/observability.yml
+if [ -e "${buildroot}/${config_dir}/opensearch-observability/observability.yml" ]; then
+	chmod -c 660 "${buildroot}/${config_dir}/opensearch-observability/observability.yml"
 fi
 
-if [ -e ${buildroot}/${config_dir}/opensearch-reports-scheduler/reports-scheduler.yml ]
-then
-	chmod -c 660 ${buildroot}/${config_dir}/opensearch-reports-scheduler/reports-scheduler.yml
+if [ -e "${buildroot}/${config_dir}/opensearch-reports-scheduler/reports-scheduler.yml" ]; then
+	chmod -c 660 "${buildroot}/${config_dir}/opensearch-reports-scheduler/reports-scheduler.yml"
 fi
 
-
 # Files that need other permissions
-chmod -c 440 ${buildroot}${product_dir}/VERSION
+chmod -c 440 "${buildroot}${product_dir}/VERSION"
 if [ -d "${buildroot}${product_dir}/plugins/opensearch-security" ]; then
-    chmod -c 0740 ${buildroot}${product_dir}/plugins/opensearch-security/tools/*.sh
+	chmod -c 0740 "${buildroot}${product_dir}"/plugins/opensearch-security/tools/*.sh
 fi
 
 binary_files=()
-binary_files+=(${buildroot}${product_dir}/bin/*)
-binary_files+=(${buildroot}${product_dir}/jdk/bin/*)
-binary_files+=(${buildroot}${product_dir}/jdk/lib/jspawnhelper)
-binary_files+=(${buildroot}${product_dir}/jdk/lib/modules)
-binary_files+=(${buildroot}${product_dir}/performance-analyzer-rca/bin/*)
-
-for i in ${binary_files[@]}
-do
-	chmod -c 750 $i
+binary_files+=("${buildroot}${product_dir}"/bin/*)
+binary_files+=("${buildroot}${product_dir}"/jdk/bin/*)
+binary_files+=("${buildroot}${product_dir}"/jdk/lib/jspawnhelper)
+binary_files+=("${buildroot}${product_dir}"/jdk/lib/modules)
+binary_files+=("${buildroot}${product_dir}"/performance-analyzer-rca/bin/*)
+
+for i in "${binary_files[@]}"; do
+	chmod -c 750 "$i"
 done
 
 chmod -c 660 "${buildroot}${config_dir}/wazuh-template.json"
 
-# Change Permissions
-#chmod -Rf a+rX,u+w,g-w,o-w "${buildroot}"/*
-
 exit 0
diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
index 549cde92e7a09..b81d6a91ecb97 100644
--- a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -17,7 +17,7 @@
 %define _source_filedigest_algorithm 8
 %define _binary_filedigest_algorithm 8
 
-# Fixed in Fedora: 
+# Fixed in Fedora:
 # https://www.endpointdev.com/blog/2011/10/rpm-building-fedoras-sharedstatedir/
 %define _sharedstatedir /var/lib
 
@@ -43,10 +43,10 @@ ExclusiveArch: %{_architecture}
 AutoReqProv: no
 
 %description
-Wazuh indexer is a near real-time full-text search and analytics engine that 
-gathers security-related data into one platform. This Wazuh central component 
-indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be 
-configured as a single-node or multi-node cluster, providing scalability and 
+Wazuh indexer is a near real-time full-text search and analytics engine that
+gathers security-related data into one platform. This Wazuh central component
+indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be
+configured as a single-node or multi-node cluster, providing scalability and
 high availability.
 For more information, see: https://www.wazuh.com/
 
@@ -61,15 +61,18 @@ For more information, see: https://www.wazuh.com/
 %install
 set -e
 cd %{_topdir} && pwd
+
 # Create necessary directories
 mkdir -p %{buildroot}%{pid_dir}
 mkdir -p %{buildroot}%{product_dir}/plugins
+
 # Install directories/files
 cp -a etc usr var %{buildroot}
 chmod 0755 %{buildroot}%{product_dir}/bin/*
 if [ -d %{buildroot}%{product_dir}/plugins/opensearch-security ]; then
     chmod 0755 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*
 fi
+
 # Pre-populate the folders to ensure rpm build success even without all plugins
 mkdir -p %{buildroot}%{config_dir}/opensearch-observability
 mkdir -p %{buildroot}%{config_dir}/opensearch-reports-scheduler
@@ -83,7 +86,6 @@ if [ ! -f %{buildroot}%{data_dir}/performance_analyzer_enabled.conf ]; then
     echo 'true' > %{buildroot}%{data_dir}/performance_analyzer_enabled.conf
 fi
 
-
 # Build a filelist to be included in the %files section
 echo '%defattr(640, %{name}, %{name}, 750)' > filelist.txt
 find %{buildroot} -type d >> filelist.txt
@@ -91,7 +93,6 @@ sed -i 's|%{buildroot}|%%dir |' filelist.txt
 find %{buildroot} -type f >> filelist.txt
 sed -i 's|%{buildroot}||' filelist.txt
 
-
 # The %install section gets executed under a dash shell,
 # which doesn't have array structures.
 # Below, we are building a list of directories
@@ -136,11 +137,11 @@ set -- "$@" "%%dir %{product_dir}/bin/opensearch-performance-analyzer"
 # Check if we are including the observability and reports scheduler
 # plugins
 if [ %observability_plugin -eq 1 ]; then
-set -- "$@" "%{config_dir}/opensearch-observability/observability.yml"
+    set -- "$@" "%{config_dir}/opensearch-observability/observability.yml"
 fi
 
 if [ %reportsscheduler_plugin -eq 1 ]; then
-set -- "$@" "%{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml"
+    set -- "$@" "%{config_dir}/opensearch-reports-scheduler/reports-scheduler.yml"
 fi
 
 for i in "$@"
@@ -148,8 +149,6 @@ do
 	sed -ri "\|^$i$|d" filelist.txt
 done
 
-
-
 # Change Permissions
 chmod -Rf a+rX,u+w,g-w,o-w %{buildroot}/*
 exit 0
@@ -176,6 +175,7 @@ exit 0
 set -e
 chown -R %{name}.%{name} %{config_dir}
 chown -R %{name}.%{name} %{log_dir}
+
 # Apply PerformanceAnalyzer Settings
 chmod a+rw /tmp
 if ! grep -q '## OpenSearch Performance Analyzer' %{config_dir}/jvm.options; then
diff --git a/scripts/assemble.sh b/scripts/assemble.sh
index d3dc2a29f1e99..64e82ccd52046 100755
--- a/scripts/assemble.sh
+++ b/scripts/assemble.sh
@@ -349,8 +349,8 @@ function assemble_deb() {
     remove_unneeded_files
     add_wazuh_tools "${version}"
 
-		# Configure debmake to only generate binaries
-		echo 'DEBUILD_DPKG_BUILDPACKAGE_OPTS="-us -uc -ui -b"' > ~/.devscripts
+    # Configure debmake to only generate binaries
+    echo 'DEBUILD_DPKG_BUILDPACKAGE_OPTS="-us -uc -ui -b"' >~/.devscripts
 
     # Generate final package
     debmake \