Date: Wed, 14 Mar 2018 19:17:59 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r464526 - in head/textproc/elasticsearch6: . files Message-ID: <201803141917.w2EJHxqd023299@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed Mar 14 19:17:59 2018 New Revision: 464526 URL: https://svnweb.freebsd.org/changeset/ports/464526 Log: textproc/elasticsearch6: Fix ability to install plugins - Update pkg-message to provide very useful info - Use login_class=root by default to help users avoid this issue (affects everyone) PR: 226301 Modified: head/textproc/elasticsearch6/Makefile head/textproc/elasticsearch6/files/elasticsearch.in head/textproc/elasticsearch6/files/pkg-message.in Modified: head/textproc/elasticsearch6/Makefile ============================================================================== --- head/textproc/elasticsearch6/Makefile Wed Mar 14 18:12:21 2018 (r464525) +++ head/textproc/elasticsearch6/Makefile Wed Mar 14 19:17:59 2018 (r464526) @@ -3,7 +3,7 @@ PORTNAME= elasticsearch PORTVERSION= 6.2.2 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= textproc java devel MASTER_SITES= https://artifacts.elastic.co/downloads/${PORTNAME}/ \ http://mirrors.rit.edu/zi/ @@ -73,7 +73,7 @@ do-install: (cd ${WRKSRC}/modules && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/lib/elasticsearch/modules/) ${MKDIR} ${STAGEDIR}${PREFIX}/lib/elasticsearch/plugins ${MKDIR} ${STAGEDIR}${PREFIX}/libexec/elasticsearch - ${INSTALL} -lrs ${STAGEDIR}${PREFIX}/lib/elasticsearch/bin/elasticsearch-plugin ${STAGEDIR}${PREFIX}/bin/elasticsearch-plugin + ${INSTALL} -lrs ${STAGEDIR}${ETCDIR} ${STAGEDIR}${PREFIX}/lib/elasticsearch/config ${LN} -s ${JAVASHAREDIR}/classes/jna.jar ${STAGEDIR}${PREFIX}/lib/elasticsearch/lib/jna.jar do-install-DOCS-on: @@ -86,7 +86,6 @@ post-install: ${ECHO} "@sample ${ETCDIR}/elasticsearch.yml.sample" >> ${TMPPLIST} ${ECHO} "@sample ${ETCDIR}/log4j2.properties.sample" >> ${TMPPLIST} ${ECHO} "@sample ${ETCDIR}/jvm.options.sample" >> ${TMPPLIST} - ${ECHO} "bin/elasticsearch-plugin" >> ${TMPPLIST} ${FIND} -s ${STAGEDIR}${PREFIX}/lib/elasticsearch -not -type d | ${SORT} | \ ${SED} -e 's#^${STAGEDIR}${PREFIX}/##' >> ${TMPPLIST} ${ECHO} "@dir lib/elasticsearch/plugins" >> ${TMPPLIST} Modified: head/textproc/elasticsearch6/files/elasticsearch.in ============================================================================== --- head/textproc/elasticsearch6/files/elasticsearch.in Wed Mar 14 18:12:21 2018 (r464525) +++ head/textproc/elasticsearch6/files/elasticsearch.in Wed Mar 14 19:17:59 2018 (r464526) @@ -29,6 +29,7 @@ load_rc_config ${name} : ${elasticsearch_user=elasticsearch} : ${elasticsearch_group=elasticsearch} : ${elasticsearch_config=%%PREFIX%%/etc/elasticsearch} +: ${elasticsearch_login_class=root} required_files="${elasticsearch_config}/elasticsearch.yml" _pidprefix=/var/run/elasticsearch Modified: head/textproc/elasticsearch6/files/pkg-message.in ============================================================================== --- head/textproc/elasticsearch6/files/pkg-message.in Wed Mar 14 18:12:21 2018 (r464525) +++ head/textproc/elasticsearch6/files/pkg-message.in Wed Mar 14 19:17:59 2018 (r464526) @@ -4,14 +4,32 @@ Please see %%ETCDIR%% for sample versions of elasticsearch.yml and logging.yml. ElasticSearch requires memory locking of large amounts of RAM. -You will either need to set: +You may need to set: -sysrc elasticsearch_login_class="root" +sysctl security.bsd.unprivileged_mlock=1 -or +!!! PLUGINS NOTICE !!! -sysctl security.bsd.unprivileged_mlock=1 +ElasticSearch plugins such as X-Pack should only be installed via the +elasticsearch-plugin script included with this software. As we strive +to provide a minimum semblance of security, the files installed by +the package are owned by root:wheel. This is different than upstream +which expects all of the files to be owned by the user and for you to +execute the elasticsearch-plugin script as said user. -to prevent the process from failing the bootstrap. +You will encounter permissions errors with configuration files and +directories created by plugins which you will have to manually correct. +This is the price we have to pay to protect ourselves in the face of +a poorly designed security model. + +e.g., after installing X-Pack you will have to correct: + +%%ETCDIR%%/elasticsearch.keystore file to be owned by root:elasticsearch +%%ETCDIR%%/x-pack directory/files to be owned by root:elasticsearch + +Also you need to add "xpack.ml.enabled: false" to your elasticsearch.yml +configuration as this plugin does not support FreeBSD. + +!!! PLUGINS NOTICE !!! ======================================================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803141917.w2EJHxqd023299>