svn commit: r464526 - in head/textproc/elasticsearch6: . files
Mark Felder
feld at FreeBSD.org
Wed Mar 14 19:18:00 UTC 2018
Author: feld
Date: Wed Mar 14 19:17:59 2018
New Revision: 464526
URL: https://svnweb.freebsd.org/changeset/ports/464526
Log:
textproc/elasticsearch6: Fix ability to install plugins
- Update pkg-message to provide very useful info
- Use login_class=root by default to help users avoid this issue (affects everyone)
PR: 226301
Modified:
head/textproc/elasticsearch6/Makefile
head/textproc/elasticsearch6/files/elasticsearch.in
head/textproc/elasticsearch6/files/pkg-message.in
Modified: head/textproc/elasticsearch6/Makefile
==============================================================================
--- head/textproc/elasticsearch6/Makefile Wed Mar 14 18:12:21 2018 (r464525)
+++ head/textproc/elasticsearch6/Makefile Wed Mar 14 19:17:59 2018 (r464526)
@@ -3,7 +3,7 @@
PORTNAME= elasticsearch
PORTVERSION= 6.2.2
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= textproc java devel
MASTER_SITES= https://artifacts.elastic.co/downloads/${PORTNAME}/ \
http://mirrors.rit.edu/zi/
@@ -73,7 +73,7 @@ do-install:
(cd ${WRKSRC}/modules && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/lib/elasticsearch/modules/)
${MKDIR} ${STAGEDIR}${PREFIX}/lib/elasticsearch/plugins
${MKDIR} ${STAGEDIR}${PREFIX}/libexec/elasticsearch
- ${INSTALL} -lrs ${STAGEDIR}${PREFIX}/lib/elasticsearch/bin/elasticsearch-plugin ${STAGEDIR}${PREFIX}/bin/elasticsearch-plugin
+ ${INSTALL} -lrs ${STAGEDIR}${ETCDIR} ${STAGEDIR}${PREFIX}/lib/elasticsearch/config
${LN} -s ${JAVASHAREDIR}/classes/jna.jar ${STAGEDIR}${PREFIX}/lib/elasticsearch/lib/jna.jar
do-install-DOCS-on:
@@ -86,7 +86,6 @@ post-install:
${ECHO} "@sample ${ETCDIR}/elasticsearch.yml.sample" >> ${TMPPLIST}
${ECHO} "@sample ${ETCDIR}/log4j2.properties.sample" >> ${TMPPLIST}
${ECHO} "@sample ${ETCDIR}/jvm.options.sample" >> ${TMPPLIST}
- ${ECHO} "bin/elasticsearch-plugin" >> ${TMPPLIST}
${FIND} -s ${STAGEDIR}${PREFIX}/lib/elasticsearch -not -type d | ${SORT} | \
${SED} -e 's#^${STAGEDIR}${PREFIX}/##' >> ${TMPPLIST}
${ECHO} "@dir lib/elasticsearch/plugins" >> ${TMPPLIST}
Modified: head/textproc/elasticsearch6/files/elasticsearch.in
==============================================================================
--- head/textproc/elasticsearch6/files/elasticsearch.in Wed Mar 14 18:12:21 2018 (r464525)
+++ head/textproc/elasticsearch6/files/elasticsearch.in Wed Mar 14 19:17:59 2018 (r464526)
@@ -29,6 +29,7 @@ load_rc_config ${name}
: ${elasticsearch_user=elasticsearch}
: ${elasticsearch_group=elasticsearch}
: ${elasticsearch_config=%%PREFIX%%/etc/elasticsearch}
+: ${elasticsearch_login_class=root}
required_files="${elasticsearch_config}/elasticsearch.yml"
_pidprefix=/var/run/elasticsearch
Modified: head/textproc/elasticsearch6/files/pkg-message.in
==============================================================================
--- head/textproc/elasticsearch6/files/pkg-message.in Wed Mar 14 18:12:21 2018 (r464525)
+++ head/textproc/elasticsearch6/files/pkg-message.in Wed Mar 14 19:17:59 2018 (r464526)
@@ -4,14 +4,32 @@ Please see %%ETCDIR%% for sample versions of
elasticsearch.yml and logging.yml.
ElasticSearch requires memory locking of large amounts of RAM.
-You will either need to set:
+You may need to set:
-sysrc elasticsearch_login_class="root"
+sysctl security.bsd.unprivileged_mlock=1
-or
+!!! PLUGINS NOTICE !!!
-sysctl security.bsd.unprivileged_mlock=1
+ElasticSearch plugins such as X-Pack should only be installed via the
+elasticsearch-plugin script included with this software. As we strive
+to provide a minimum semblance of security, the files installed by
+the package are owned by root:wheel. This is different than upstream
+which expects all of the files to be owned by the user and for you to
+execute the elasticsearch-plugin script as said user.
-to prevent the process from failing the bootstrap.
+You will encounter permissions errors with configuration files and
+directories created by plugins which you will have to manually correct.
+This is the price we have to pay to protect ourselves in the face of
+a poorly designed security model.
+
+e.g., after installing X-Pack you will have to correct:
+
+%%ETCDIR%%/elasticsearch.keystore file to be owned by root:elasticsearch
+%%ETCDIR%%/x-pack directory/files to be owned by root:elasticsearch
+
+Also you need to add "xpack.ml.enabled: false" to your elasticsearch.yml
+configuration as this plugin does not support FreeBSD.
+
+!!! PLUGINS NOTICE !!!
======================================================================
More information about the svn-ports-head
mailing list