svn commit: r454614 - in head/textproc: . elasticsearch5-search-guard elasticsearch5-search-guard/files

Torsten Zuehlsdorff tz at FreeBSD.org
Tue Nov 21 15:13:34 UTC 2017 

Author: tz
Date: Tue Nov 21 15:13:31 2017
New Revision: 454614
URL: https://svnweb.freebsd.org/changeset/ports/454614

Log:
  New port: textproc/elasticsearch5-search-guard
  
  Search Guard() is an Elasticsearch plugin that offers encryption,
  authentication, and authorization. It builds on Search Guard SSL and provides
  pluggable authentication and authorization modules in addition.
  Search Guard is fully compatible with Kibana, Logstash and Beats.
  
  As an alternative to other security solutions for Elasticsearch,
  Search Guard offers the following main features:
  
      TLS on transport- and REST-layer
      Fine-grained role- and index-based access control
      HTTP Basic Authentication
      LDAP / Active Directory
      Kerberos / SPNEGO
      JSON web token
      Document- and Field-level security
      Audit logging
      Kibana multi-tenancy
      REST management API
      Proxy support
      User impersonation
  
  WWW: https://github.com/floragunncom/search-guard
  
  PR:           219739
  Submitted by: Miroslav Lachman <000.fbsd at quip.cz>

Added:
  head/textproc/elasticsearch5-search-guard/
  head/textproc/elasticsearch5-search-guard/Makefile   (contents, props changed)
  head/textproc/elasticsearch5-search-guard/distinfo   (contents, props changed)
  head/textproc/elasticsearch5-search-guard/files/
  head/textproc/elasticsearch5-search-guard/files/patch-elasticsearch-tools-install_demo_configuration.sh   (contents, props changed)
  head/textproc/elasticsearch5-search-guard/pkg-descr   (contents, props changed)
  head/textproc/elasticsearch5-search-guard/pkg-message   (contents, props changed)
  head/textproc/elasticsearch5-search-guard/pkg-plist   (contents, props changed)
Modified:
  head/textproc/Makefile

Modified: head/textproc/Makefile
==============================================================================
--- head/textproc/Makefile	Tue Nov 21 14:45:45 2017	(r454613)
+++ head/textproc/Makefile	Tue Nov 21 15:13:31 2017	(r454614)
@@ -162,6 +162,7 @@
     SUBDIR += elasticsearch2-plugin-migration
     SUBDIR += elasticsearch2-plugin-sql
     SUBDIR += elasticsearch5
+    SUBDIR += elasticsearch5-search-guard
     SUBDIR += elasticsearch5-x-pack
     SUBDIR += elixir-earmark
     SUBDIR += elixir-ex_doc

Added: head/textproc/elasticsearch5-search-guard/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/elasticsearch5-search-guard/Makefile	Tue Nov 21 15:13:31 2017	(r454614)
@@ -0,0 +1,42 @@
+# Created by: Miroslav Lachman <000.fbsd at quip.cz>
+# $FreeBSD$
+
+PORTNAME=	search-guard
+DISTVERSION=	5.3.0-12
+CATEGORIES=	textproc java
+MASTER_SITES=	https://oss.sonatype.org/content/repositories/releases/com/floragunn/search-guard-5/${DISTVERSION}/
+PKGNAMEPREFIX=	elasticsearch5-
+DISTNAME=	search-guard-5-${DISTVERSION}
+
+MAINTAINER=	000.fbsd at quip.cz
+COMMENT=	Elasticsearch Search Guard plugin
+
+LICENSE=	APACHE20
+
+RUN_DEPENDS:=	elasticsearch5>=5.3.0:textproc/elasticsearch5
+
+NO_BUILD=	yes
+
+USES+=		zip shebangfix
+
+SCRIPTS=	hash.sh install_demo_configuration.sh sgadmin.sh
+SHEBANG_FILES=	./elasticsearch/tools/*.sh
+
+do-extract:
+	@${MKDIR} ${WRKSRC}
+	( cd ${WRKDIR} && ${EXTRACT_CMD} ${EXTRACT_BEFORE_ARGS} -d ${DISTNAME} \
+	      ${_DISTDIR}${DISTFILES} )
+
+pre-configure:
+	${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${SCRIPTS:S|^|${WRKSRC}/elasticsearch/tools/|}
+
+post-configure:
+	@${RM} ${WRKSRC}/elasticsearch/tools/*.bat
+	@${RM} ${WRKSRC}/elasticsearch/tools/install_demo_configuration.sh.orig
+
+do-install:
+	@cd ${WRKSRC}/elasticsearch && ${COPYTREE_SHARE} . ${STAGEDIR}${PREFIX}/lib/elasticsearch/plugins/search-guard-5 "! -name *\.bak -o ! -name *\.bat"
+	@${CHMOD} 544 ${STAGEDIR}${PREFIX}/lib/elasticsearch/plugins/search-guard-5/tools/*.sh
+	@${CHMOD} 644 ${STAGEDIR}${PREFIX}/lib/elasticsearch/plugins/search-guard-5/sgconfig/*
+
+.include <bsd.port.mk>

Added: head/textproc/elasticsearch5-search-guard/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/elasticsearch5-search-guard/distinfo	Tue Nov 21 15:13:31 2017	(r454614)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1496327095
+SHA256 (search-guard-5-5.3.0-12.zip) = 6c346b6910f3f9fd5017984889f37fbb95fe86c0a64729dd8198b14ed6e699ad
+SIZE (search-guard-5-5.3.0-12.zip) = 4751764

Added: head/textproc/elasticsearch5-search-guard/files/patch-elasticsearch-tools-install_demo_configuration.sh
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/elasticsearch5-search-guard/files/patch-elasticsearch-tools-install_demo_configuration.sh	Tue Nov 21 15:13:31 2017	(r454614)
@@ -0,0 +1,54 @@
+--- elasticsearch/tools/install_demo_configuration.sh.orig	2017-09-15 11:37:44 UTC
++++ elasticsearch/tools/install_demo_configuration.sh
+@@ -17,25 +17,14 @@ fi
+ 
+ set -e
+ BASE_DIR="$DIR/../../../"
+-ES_CONF_FILE="$BASE_DIR/config/elasticsearch.yml"
++ES_CONF_FILE="%%PREFIX%%/etc/elasticsearch/elasticsearch.yml"
+ ES_BIN_DIR="$BASE_DIR/bin"
+ ES_PLUGINS_DIR="$BASE_DIR/plugins"
+ ES_LIB_PATH="$BASE_DIR/lib"
+ SUDO_CMD=""
+-BASE_64_DECODE_CMD="base64 -d"
++BASE_64_DECODE_CMD="b64decode -m -p -r"
+ ES_INSTALL_TYPE=".tar.gz"
+ 
+-#Check if its a rpm/deb install
+-if [ -f /usr/share/elasticsearch/bin/elasticsearch ]; then
+-    ES_CONF_FILE="/etc/elasticsearch/elasticsearch.yml"
+-    ES_BIN_DIR="/usr/share/elasticsearch/bin"
+-    ES_PLUGINS_DIR="/usr/share/elasticsearch/plugins"
+-    ES_LIB_PATH="/usr/share/elasticsearch/lib"
+-    SUDO_CMD="sudo"
+-    ES_INSTALL_TYPE="rpm/deb"
+-    echo "This script maybe require your root password for 'sudo' privileges"
+-fi
+-
+ if $SUDO_CMD test -f "$ES_CONF_FILE"; then
+     :
+ else
+@@ -58,12 +47,8 @@ if [ ! -d $ES_LIB_PATH ]; then
+ 	exit -1
+ fi
+ 
+-if [ "$ES_INSTALL_TYPE" != "rpm/deb" ];then
+-    ES_CONF_DIR=$(dirname "${ES_CONF_FILE}")
+-    ES_CONF_DIR=`cd "$ES_CONF_DIR" ; pwd`
+-else
+-    ES_CONF_DIR="/etc/elasticsearch"    
+-fi
++ES_CONF_DIR=$(dirname "${ES_CONF_FILE}")
++ES_CONF_DIR=`cd "$ES_CONF_DIR" ; pwd`
+ 
+ ES_CONF_FILE="$ES_CONF_DIR/elasticsearch.yml"
+ 
+@@ -123,7 +108,7 @@ ES_PLUGINS_DIR=`cd "$ES_PLUGINS_DIR" ; p
+ echo "### Success"
+ echo "### Execute this script now on all your nodes and then start all nodes"
+ echo "### After the whole cluster is up execute: "
+-echo "#!/bin/bash" | $SUDO_CMD tee sgadmin_demo.sh > /dev/null 
++echo "#!/usr/local/bin/bash" | $SUDO_CMD tee sgadmin_demo.sh > /dev/null 
+ echo $SUDO_CMD "$ES_PLUGINS_DIR/search-guard-5/tools/sgadmin.sh" -cd "$ES_PLUGINS_DIR/search-guard-5/sgconfig" -cn searchguard_demo -ks "$ES_CONF_DIR/kirk.jks" -ts "$ES_CONF_DIR/truststore.jks" -nhnv | $SUDO_CMD tee -a sgadmin_demo.sh > /dev/null
+ $SUDO_CMD chmod +x sgadmin_demo.sh
+ $SUDO_CMD cat sgadmin_demo.sh | tail -1

Added: head/textproc/elasticsearch5-search-guard/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/elasticsearch5-search-guard/pkg-descr	Tue Nov 21 15:13:31 2017	(r454614)
@@ -0,0 +1,22 @@
+Search Guard() is an Elasticsearch plugin that offers encryption, 
+authentication, and authorization. It builds on Search Guard SSL and provides
+pluggable authentication and authorization modules in addition. 
+Search Guard is fully compatible with Kibana, Logstash and Beats.
+
+As an alternative to other security solutions for Elasticsearch,
+Search Guard offers the following main features:
+
+    TLS on transport- and REST-layer
+    Fine-grained role- and index-based access control
+    HTTP Basic Authentication
+    LDAP / Active Directory
+    Kerberos / SPNEGO
+    JSON web token
+    Document- and Field-level security
+    Audit logging
+    Kibana multi-tenancy
+    REST management API
+    Proxy support
+    User impersonation
+
+WWW: https://github.com/floragunncom/search-guard

Added: head/textproc/elasticsearch5-search-guard/pkg-message
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/elasticsearch5-search-guard/pkg-message	Tue Nov 21 15:13:31 2017	(r454614)
@@ -0,0 +1,21 @@
+-------------------------------------------------------------------------------
+cd into %%PREFIX%%/lib/elasticsearch/plugins/search-guard-5/tools/
+
+Execute ./install_demo_configuration.sh, chmod the script first if necessary. 
+This will generate all required TLS certificates and add the Search Guard 
+configuration to your elasticsearch.yml file.
+
+Start Elasticsearch (service elasticsearch start)
+
+Execute ./sgadmin_demo.sh, chmod the script if necessary first. This will
+execute sgadmin and populate the Search Guard configuration index 
+with the files contained in the plugins/search-guard-<version>/sgconfig
+directory.
+
+Test the installation by visiting https://localhost:9200. When prompted,
+use admin/admin as username and password. This user has full access
+to the cluster.
+
+Display information about the currently logged in user by visiting
+ https://localhost:9200/_searchguard/authinfo
+-------------------------------------------------------------------------------

Added: head/textproc/elasticsearch5-search-guard/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/textproc/elasticsearch5-search-guard/pkg-plist	Tue Nov 21 15:13:31 2017	(r454614)
@@ -0,0 +1,23 @@
+lib/elasticsearch/plugins/search-guard-5/commons-cli-1.3.1.jar
+lib/elasticsearch/plugins/search-guard-5/guava-19.0.jar
+lib/elasticsearch/plugins/search-guard-5/netty-buffer-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/netty-codec-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/netty-codec-http-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/netty-common-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/netty-handler-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/netty-resolver-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/netty-transport-4.1.7.Final.jar
+lib/elasticsearch/plugins/search-guard-5/plugin-descriptor.properties
+lib/elasticsearch/plugins/search-guard-5/plugin-security.policy
+lib/elasticsearch/plugins/search-guard-5/search-guard-5-5.3.0-12.jar
+lib/elasticsearch/plugins/search-guard-5/search-guard-ssl-5.3.0-21.jar
+lib/elasticsearch/plugins/search-guard-5/sgconfig/elasticsearch.yml.example
+lib/elasticsearch/plugins/search-guard-5/sgconfig/sg_action_groups.yml
+lib/elasticsearch/plugins/search-guard-5/sgconfig/sg_config.yml
+lib/elasticsearch/plugins/search-guard-5/sgconfig/sg_internal_users.yml
+lib/elasticsearch/plugins/search-guard-5/sgconfig/sg_roles.yml
+lib/elasticsearch/plugins/search-guard-5/sgconfig/sg_roles_mapping.yml
+lib/elasticsearch/plugins/search-guard-5/tools/hash.sh
+lib/elasticsearch/plugins/search-guard-5/tools/install_demo_configuration.sh
+lib/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh
+lib/elasticsearch/plugins/search-guard-5/transport-netty4-client-5.3.0.jar

More information about the svn-ports-all mailing list