Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ignoring /run and /var/run when building directories into RPM packages. #285

Closed
wants to merge 2,077 commits into from

Conversation

f-galland
Copy link
Member

Description

This PR excludes /var/run and /run permissions from being modified upon package installation.

Issues Resolved

Resolves #284

Check List

  • New functionality includes testing.
    • All tests pass
  • New functionality has been documented.
    • New functionality has javadoc added
  • Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
  • Commits are signed per the DCO using --signoff
  • Commit changes are listed out in CHANGELOG.md file (See: Changelog)
  • Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

opensearch-trigger-bot bot and others added 30 commits January 30, 2024 13:40
…dexShardAllocation test (opensearch-project#11878) (opensearch-project#12091)

(cherry picked from commit f9ab801)

Signed-off-by: Suraj Singh <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
… Enable trace logs on replication and recovery (opensearch-project#12088) (opensearch-project#12090)

(cherry picked from commit 64c00b3)

Signed-off-by: Suraj Singh <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…t#8394) (opensearch-project#12080)

* fixed conflicts

Signed-off-by: fahadshamiinsta <[email protected]>

* applying spotless Java check

Signed-off-by: fahadshamiinsta <[email protected]>

* added a comment to test helper  method

Signed-off-by: fahadshamiinsta <[email protected]>

* added a comment to GoogleApplicationDefaultCredentials class with document reference

Signed-off-by: fahadshamiinsta <[email protected]>

* to rerun gradle checks

Signed-off-by: fahadshamiinsta <[email protected]>

* increasing coverage by adding another test

Signed-off-by: fahadshamiinsta <[email protected]>

* test name change

Signed-off-by: fahadshamiinsta <[email protected]>

* rerun ci

Signed-off-by: fahadshamiinsta <[email protected]>

* rerun ci

Signed-off-by: fahadshamiinsta <[email protected]>

* force push to rerun ci

Signed-off-by: fahadshamiinsta <[email protected]>

* pushing to trigger ci checks

Signed-off-by: fahadshamiinsta <[email protected]>

---------

Signed-off-by: fahadshamiinsta <[email protected]>
(cherry picked from commit 4c283a7)

Co-authored-by: Fahad Shami <[email protected]>
…rch-project#12098)

(cherry picked from commit 7526f86)

Signed-off-by: Thomas Seidl <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…rch-project#12070) (opensearch-project#12100)

(cherry picked from commit 2f8d267)

Signed-off-by: Poojita Raj <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…pensearch-project#12107)

Signed-off-by: Prabhat Sharma <[email protected]>
Co-authored-by: Prabhat Sharma <[email protected]>
(cherry picked from commit 829215c)
) (opensearch-project#12078)

* Updating Ip fields to use doc_values to search



* Fix IP tests



* Fix skip to allow yaml test to pass on main



* Update tests to use existing test file



* Changing skip version to match bwc



* Using exact match instead of range



* Spotless



* Fix IP field tests



* Fix spotless + precommit failure



* Get point out of query and into value



* Fix term tests



* Add skip test logic to only doc_values test



---------


(cherry picked from commit cc9ee9d)

Signed-off-by: Harsha Vamsi Kalluri <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Signed-off-by: Andriy Redko <[email protected]>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
(cherry picked from commit cfcb128)

Signed-off-by: Sarthak Aggarwal <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…#12079) (opensearch-project#12115)

* Adding logging for AzureStats



* Debugging



* Removing debugging lines



* Addressing comments



* Addressing feedback 2



---------



(cherry picked from commit 16c5257)

Signed-off-by: Sarat Vemulapalli <[email protected]>
Signed-off-by: Sarat Vemulapalli <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ct#12093) (opensearch-project#12140)

(cherry picked from commit 90a815e)

Signed-off-by: Kunal Kotwani <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…imization to kick in (opensearch-project#12089) (opensearch-project#12129)

* Add advance(int) for numeric values in order to allow point based optimization to kick in

Signed-off-by: Andriy Redko <[email protected]>

* Address code review comments

Signed-off-by: Andriy Redko <[email protected]>

---------

Signed-off-by: Andriy Redko <[email protected]>
(cherry picked from commit 4471a8d)
…ats until sync to remote completes (opensearch-project#11896) (opensearch-project#12143)

(cherry picked from commit 57cc0dd)

Signed-off-by: bansvaru <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…very (opensearch-project#11720) (opensearch-project#12161)

* Giving time for snapshot recovery/local time to upload all the data to remote


(cherry picked from commit 4d055b8)

Signed-off-by: Gaurav Bafna <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
… (opensearch-project#11803) (opensearch-project#11902)

(cherry picked from commit 517f091)

Signed-off-by: Ashish Singh <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…2164)

(cherry picked from commit 985c411)

Signed-off-by: Andriy Redko <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ch-project#12139) (opensearch-project#12145)

The test currently blocks on receiving a response to the request for the
"internal:testNotSeen" action. However, that response is sent from
TransportService before the trace logger [writes its log message][1].
Since the test was not polling for this "sent response" log message to
appear that meant it was possible for the test to remove/stop the mock
log appender concurrently with the logging of that final message. The
fix is to include this final log message as an expectation, so the test
will poll until this message appears and the logger should be quiescent
when the appender is removed and stopped.

[1]: https://github.com/opensearch-project/OpenSearch/blob/71f1fabe149fd0777edf44502ace4a8f0911feeb/server/src/main/java/org/opensearch/transport/TransportService.java#L1273


(cherry picked from commit f55b9e0)

Signed-off-by: Andrew Ross <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ribution/packages (opensearch-project#12167) (opensearch-project#12169)

* Bump com.netflix.nebula.ospackage-base in /distribution/packages

Bumps com.netflix.nebula.ospackage-base from 11.6.0 to 11.8.0.

---
updated-dependencies:
- dependency-name: com.netflix.nebula.ospackage-base
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

* Update changelog

Signed-off-by: dependabot[bot] <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
(cherry picked from commit aad2630)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…-project#11027) (opensearch-project#12171)

* Enable Fuzzy codec for doc id fields using a bloom filter


(cherry picked from commit 0a88963)

Signed-off-by: mgodwan <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
) (opensearch-project#12172)

* Bump org.gradle.test-retry from 1.5.4 to 1.5.8

Bumps org.gradle.test-retry from 1.5.4 to 1.5.8.

---
updated-dependencies:
- dependency-name: org.gradle.test-retry
  dependency-type: direct:production
  update-type: version-update:semver-patch
...



* Update changelog



---------




(cherry picked from commit 60b2ac4)

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
…arch-project#11971)

* Added javadoc for new files/packages
* Added changelog
* Fixing javadoc warnings
* Addressing comments
* Addressing additional minor comments
* Moving non null check to builder for OS onHeapCache
* Adding package-info for new packages
* Removing service and adding different cache interfaces along with event listener support
* Fixing gradle missingDoc issue
* Changing listener logic, removing tiered cache integration with IRC
* Adding opensearch.internal tag for LoadAwareCacheLoader
* Fixing thread safety issue
* Remove compute function and event listener logic change for TieredCache
* Making Cache.compute function private
* Adding javadoc and more test for cache.put
* Adding write locks to refresh API as well
* Removing unwanted EventType class and refactoring one UT
* Removing TieredCache interface

---------

(cherry picked from commit ebda963)
Signed-off-by: Sagar Upadhyaya <[email protected]>
Signed-off-by: Sagar <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ect#12062) (opensearch-project#12175)

* [Metric Framework] Adds support for Histogram metric



* Adds test



* Addresses review comments



* Adds change log



* Fixed spotless



* Fixes javadoc



* Fixes javadoc



* Fixes test



* Removes explicit approach



* Removes explicit approach



* Addresses review comments



---------



(cherry picked from commit a4bc4af)

Signed-off-by: Gagan Juneja <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: Gagan Juneja <[email protected]>
…project#12133)

* Added spotless for json files



* Excluded json files with new line tests



---------


(cherry picked from commit 3c07461)

Signed-off-by: Owais Kazi <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ntroller (opensearch-project#12111)

* Added changes for AdmissionControl Interceptor and AdmissionControlService for RateLimiting (opensearch-project#9286)

* Changes for AdmissionControl Interceptor and AdmissionControlService for RateLimiting (opensearch-project#9286)

Signed-off-by: Ajay Kumar Movva <[email protected]>

* Integrate CPU AC with ResourceUsageCollector and add CPU AC stats to nodes/stats (opensearch-project#10887)

* Added changes to integrade cpu AC to ResourceUsageCollector and Emit Stats

Signed-off-by: Ajay Kumar Movva <[email protected]>
Co-authored-by: Bharathwaj G <[email protected]>

* Updating Version to 2.12 for the AC Stats

Signed-off-by: Ajay Kumar Movva <[email protected]>

---------

Signed-off-by: Ajay Kumar Movva <[email protected]>
Co-authored-by: Bharathwaj G <[email protected]>
Co-authored-by: Ajay Kumar Movva <[email protected]>
…ect#12183) (opensearch-project#12188)

(cherry picked from commit cf3bbb8)

Signed-off-by: mgodwan <[email protected]>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
…ener (opensearch-project#11526) (opensearch-project#12192)

* Support dynamically adding SearchRequestOperationsListener (opensearch-project#11526)

Along the way, also refactored TransportSearchAction.TimeProvider,
so that it's no longer a (redundant) listener.

---------

Signed-off-by: Chenyang Ji <[email protected]>
(cherry picked from commit 6aab360)

* fix compilation error

Signed-off-by: Chenyang Ji <[email protected]>

---------

Signed-off-by: Chenyang Ji <[email protected]>
* Force version of logback-core and logback-classic to 1.2.13 (opensearch-project#11521)

* force version of logback-core and logback-classic to 1.2.13

Signed-off-by: Marc Handalian <[email protected]>

* add changelog

Signed-off-by: Marc Handalian <[email protected]>

---------

Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Kunal Kotwani <[email protected]>

* Bump jetty version in hdfs-fixture to 9.4.53.v20231009 (opensearch-project#11539)

* Bump jetty version in hdfs-fixture to 9.4.53.v20231009

Signed-off-by: Marc Handalian <[email protected]>

* fix changelog

Signed-off-by: Marc Handalian <[email protected]>

---------

Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Kunal Kotwani <[email protected]>

* Exclude apache avro version included with hadoop-minicluster (opensearch-project#11564)

Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Kunal Kotwani <[email protected]>

---------

Signed-off-by: Marc Handalian <[email protected]>
Signed-off-by: Kunal Kotwani <[email protected]>
Co-authored-by: Marc Handalian <[email protected]>
…search-project#12199)

* Query insights plugin implementation

Signed-off-by: Chenyang Ji <[email protected]>

* Increase JavaDoc coverage and update PR based comments

Signed-off-by: Chenyang Ji <[email protected]>

* Refactor record and service to make them generic

Signed-off-by: Chenyang Ji <[email protected]>

* refactor service for improving multithreading efficiency

Signed-off-by: Chenyang Ji <[email protected]>

---------

Signed-off-by: Chenyang Ji <[email protected]>
(cherry picked from commit 3cbf54e)
AlexRuiz7 and others added 24 commits April 26, 2024 14:06
* Map events to OCSF's Security Finding class

* Improve models (inheritance). Add OCSF_CLASS env variable

* Move constants to the models

* Fix validation error
* Added id input

* Changed name to run-name
* Add documentation for the Amazon Security Lake integration

* Add images via upload

Signed-off-by: Álex Ruiz <[email protected]>

* Add files via upload

Signed-off-by: Álex Ruiz <[email protected]>

* Use jpeg

* Add files via upload

Signed-off-by: Álex Ruiz <[email protected]>

* Fix some typos

* Add CONTRIBUTING.md

* Apply improvements to the ASL docu

---------

Signed-off-by: Álex Ruiz <[email protected]>
* Add integration with Elastic

Draft

* Update Elastic integration

Draft

* Add Elastic integration folder

Draft

* Changing the kibana system user

* Add Elastic integration

Working

---------

Co-authored-by: Fede Tux <[email protected]>
* Added S3 URI output

* Added ID input and S3 URI output

* Improved workflow run name

* Added name statement

* Added name statement

* Removed file

* Added ID input description

* Update build.yml

---------

Co-authored-by: Álex Ruiz <[email protected]>
* Add docker environment

* Add README

Move files to the corresponding folde

* Enable TLS in dashboards

---------

Co-authored-by: Álex Ruiz <[email protected]>
* Add Splunk integration

Draft

* Fix certificate errors

* Add cfssl container to generate and sign splunk certs

* Add cfssl configuration fiels

* Update Splunk integration

---------

Signed-off-by: Álex Ruiz <[email protected]>
Co-authored-by: Fede Tux <[email protected]>
* Init commit

[DRAFT] Adds a Compose environment

* Mount alerts as shared volume instead of file

* Update documentation and clean up files

---------

Co-authored-by: Fede Tux <[email protected]>
* Add Manager to OpenSearch integreation

Also fixes small issues on other integrations

* Add changes to README
* Testy test test

* Update artifact name

Skip lintian

* Update Mantainers for Debian package metadata
* Remove references to indexer-ism-init.sh and wazuh-template.json

* Roll back remaining content from ISM rollover+alias feature

* Remove commented code

---------

Co-authored-by: Álex Ruiz <[email protected]>
@f-galland f-galland self-assigned this Jun 28, 2024
@f-galland f-galland requested a review from AlexRuiz7 June 28, 2024 17:41
@f-galland f-galland linked an issue Jun 28, 2024 that may be closed by this pull request
@f-galland
Copy link
Member Author

Permissions on /run are not affected after installation of the package:

[root@alma ~]# ls -lsah / | grep run
   0 drwxr-xr-x  15 root   root    440 Jun 28 17:42 run
[root@alma ~]# yum install /wazuh-indexer-4.9.0.x86_64.rpm 
Last metadata expiration check: 1:37:08 ago on Fri Jun 28 16:05:32 2024.
Dependencies resolved.
======================================================================================================================================================================================
 Package                                        Architecture                            Version                                   Repository                                     Size
======================================================================================================================================================================================
Installing:
 wazuh-indexer                                  x86_64                                  4.9.0-0                                   @commandline                                  813 M

Transaction Summary
======================================================================================================================================================================================
Install  1 Package

Total size: 813 M
Installed size: 1.0 G
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                                                                                              1/1 
  Running scriptlet: wazuh-indexer-4.9.0-0.x86_64                                                                                                                                 1/1 
  Installing       : wazuh-indexer-4.9.0-0.x86_64                                                                                                                                 1/1 
  Running scriptlet: wazuh-indexer-4.9.0-0.x86_64                                                                                                                                 1/1 
### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd
 sudo systemctl daemon-reload
 sudo systemctl enable wazuh-indexer.service
### You can start wazuh-indexer service by executing
 sudo systemctl start wazuh-indexer.service

  Verifying        : wazuh-indexer-4.9.0-0.x86_64                                                                                                                                 1/1 

Installed:
  wazuh-indexer-4.9.0-0.x86_64                                                                                                                                                        

Complete!
[root@alma ~]# ls -lsah / | grep run
   0 drwxr-xr-x  16 root   root    460 Jun 28 17:42 run

@AlexRuiz7 AlexRuiz7 closed this Jul 1, 2024
@AlexRuiz7
Copy link
Member

Superseded by #286

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

[BUG] wazuh-indexer service takes ownership of /run