diff options
| author | Carl Smedstad | 2023-04-15 16:47:22 +0200 |
|---|---|---|
| committer | Carl Smedstad | 2023-08-10 16:26:26 +0200 |
| commit | 57bff250391e17e4ddab7c00f6f5747359d473dd (patch) | |
| tree | aa893d4d412fbd95c72a39ea064e0aa0625a3218 | |
| parent | 6a3bff623c3bf634eb668e7ad8443ca60ab26e57 (diff) | |
| download | aur-57bff250391e17e4ddab7c00f6f5747359d473dd.tar.gz | |
Publish version 5.10.0-1 - Major refactoring
* Build from source instead re-packaging the Debian package.
* Run a sub-selection of the tests.
* Use system Scala, rather than bundling it.
* Add some security hardening to the service.
| -rw-r--r-- | .SRCINFO | 35 | ||||
| -rw-r--r-- | .gitignore | 10 | ||||
| -rw-r--r-- | PKGBUILD | 173 | ||||
| -rwxr-xr-x | neo4j-admin | 21 | ||||
| -rw-r--r-- | neo4j-tmpfile.conf | 1 | ||||
| -rw-r--r--[-rwxr-xr-x] | neo4j.executable-template (renamed from neo4j) | 9 | ||||
| -rw-r--r-- | neo4j.install | 35 | ||||
| -rw-r--r-- | neo4j.service | 32 | ||||
| -rw-r--r-- | neo4j.sysusers | 1 | ||||
| -rw-r--r-- | neo4j.tmpfiles | 2 | ||||
| -rw-r--r-- | use-system-scala.patch | 12 |
11 files changed, 180 insertions, 151 deletions
@@ -1,27 +1,30 @@ pkgbase = neo4j-community pkgdesc = A fully transactional graph database implemented in Java - pkgver = 5.6.0 + pkgver = 5.10.0 pkgrel = 1 - url = https://neo4j.com - install = neo4j.install + url = https://github.com/neo4j/neo4j arch = any - license = custom - depends = jre17-openjdk-headless + license = GPL3 + makedepends = java-environment=17 + makedepends = maven + depends = java-runtime=17 + depends = scala conflicts = neo4j-enterprise - options = !strip backup = etc/neo4j/neo4j-admin.conf backup = etc/neo4j/neo4j.conf backup = etc/neo4j/server-logs.xml backup = etc/neo4j/user-logs.xml - source = https://dist.neo4j.org/deb/neo4j_5.6.0_all.deb - source = neo4j - source = neo4j-admin - source = neo4j-tmpfile.conf - source = neo4j.install - sha256sums = 7d5d4061be91fe7b168baf0dd948af923b81b3d057d8497915af92ce1f9be443 - sha256sums = 583635b1736267222d429e6b049af70f6ebd4f76388e8f621f369538bced5718 - sha256sums = d3daadb19de811c9d978dba81432c68d78eeff82bc39e11cc493736dadd5660f - sha256sums = e1311352e05b1e698599b91883141b938ceb418abd7e6bc11cc964854f0a21e1 - sha256sums = 86548a74a78e40b7d200d78ae6cf20c8bf05c590d31aa31fb14632df085aeab8 + source = neo4j-community-5.10.0.tar.gz::https://github.com/neo4j/neo4j/archive/refs/tags/5.10.0.tar.gz + source = neo4j.executable-template + source = neo4j.service + source = neo4j.sysusers + source = neo4j.tmpfiles + source = use-system-scala.patch + sha256sums = 35c4d828a1a6007947fddde73f06f46e5d1dc6d1fe832bdca969374754d72d2a + sha256sums = 152e35d949fe9090c890e7a213da917c09bc087a060119a1c32541821f91781f + sha256sums = 090e9ced1708e22592f775490360762d973e81061a0170b4150b087b1751e142 + sha256sums = a1d3dd94aecf80289e8d9b6381d4393ed60b7a5dec3cae436e721be676c15f3a + sha256sums = 45033d5009c84340b79f914bfc13b00c67a8c0bf30a5ccf9d016b5e238762f92 + sha256sums = f0ec370a01d479459c44c096730396524a86c7c04b706ff6094120accc17d6de pkgname = neo4j-community diff --git a/.gitignore b/.gitignore index e1cf05d9c001..f508979de9e8 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,8 @@ !.gitignore !PKGBUILD !.SRCINFO -!cypher-shell -!neo4j -!neo4j-admin -!neo4j.install -!neo4j-tmpfile.conf +!use-system-scala.patch +!neo4j.executable-template +!neo4j.service +!neo4j.sysusers +!neo4j.tmpfiles @@ -4,13 +4,22 @@ # Contributor: Mark Dixon <mark@markdixon.name> pkgname=neo4j-community -pkgver=5.6.0 +_name=neo4j +pkgver=5.10.0 pkgrel=1 -pkgdesc='A fully transactional graph database implemented in Java' +_java=17 +pkgdesc="A fully transactional graph database implemented in Java" arch=(any) -url=https://neo4j.com -license=(custom) -depends=(jre17-openjdk-headless) +url="https://github.com/neo4j/neo4j" +license=(GPL3) +depends=( + "java-runtime=$_java" + "scala" +) +makedepends=( + "java-environment=$_java" + "maven" +) conflicts=(neo4j-enterprise) backup=( etc/neo4j/neo4j-admin.conf @@ -18,96 +27,118 @@ backup=( etc/neo4j/server-logs.xml etc/neo4j/user-logs.xml ) -options=(!strip) -install=neo4j.install source=( - https://dist.neo4j.org/deb/neo4j_${pkgver}_all.deb - neo4j - neo4j-admin - neo4j-tmpfile.conf - neo4j.install + "$pkgname-$pkgver.tar.gz::$url/archive/refs/tags/$pkgver.tar.gz" + "neo4j.executable-template" + "neo4j.service" + "neo4j.sysusers" + "neo4j.tmpfiles" + "use-system-scala.patch" ) sha256sums=( - '7d5d4061be91fe7b168baf0dd948af923b81b3d057d8497915af92ce1f9be443' - '583635b1736267222d429e6b049af70f6ebd4f76388e8f621f369538bced5718' - 'd3daadb19de811c9d978dba81432c68d78eeff82bc39e11cc493736dadd5660f' - 'e1311352e05b1e698599b91883141b938ceb418abd7e6bc11cc964854f0a21e1' - '86548a74a78e40b7d200d78ae6cf20c8bf05c590d31aa31fb14632df085aeab8' + '35c4d828a1a6007947fddde73f06f46e5d1dc6d1fe832bdca969374754d72d2a' + '152e35d949fe9090c890e7a213da917c09bc087a060119a1c32541821f91781f' + '090e9ced1708e22592f775490360762d973e81061a0170b4150b087b1751e142' + 'a1d3dd94aecf80289e8d9b6381d4393ed60b7a5dec3cae436e721be676c15f3a' + '45033d5009c84340b79f914bfc13b00c67a8c0bf30a5ccf9d016b5e238762f92' + 'f0ec370a01d479459c44c096730396524a86c7c04b706ff6094120accc17d6de' ) -_deb_archive="$pkgname-$pkgver-deb" +_archive="$_name-$pkgver" prepare() { - mkdir -p "$_deb_archive" - tar --extract --file data.tar.xz --directory "$_deb_archive" + cd "$_archive" + + patch --forward --strip=1 --input="$srcdir/use-system-scala.patch" + + mvn versions:set -DnewVersion="$pkgver" + + mkdir -p bin + # shellcheck disable=SC2002 + { + cat "$srcdir/neo4j.executable-template" \ + | sed "s/%APP_NAME%/neo4j/" \ + | sed "s/%CLASS_NAME%/org.neo4j.server.startup.Neo4jBoot/" \ + > bin/neo4j + cat "$srcdir/neo4j.executable-template" \ + | sed "s/%APP_NAME%/neo4j-admin/" \ + | sed "s/%CLASS_NAME%/org.neo4j.server.startup.Neo4jAdminBoot/" \ + > bin/neo4j-admin + cat "$srcdir/neo4j.executable-template" \ + | sed "s/%APP_NAME%/cypher-shell/" \ + | sed "s/%CLASS_NAME%/org.neo4j.shell.startup.CypherShellBoot/" \ + > bin/cypher-shell + } +} + +build() { + cd "$_archive" + + export PATH="/usr/lib/jvm/java-$_java-openjdk/bin:$PATH" + mvn \ + -Dmaven.repo.local="$srcdir/repo" \ + -Dscala.home=/usr/share/scala \ + package -DskipTests +} + +check() { + cd "$_archive" + + # Running all integration tests takes ~1 hour + mvn \ + -Dmaven.repo.local="$srcdir/repo" \ + -Dscala.home=/usr/share/scala \ + integration-test --projects community/community-it/community-it/ } package() { - cd "$_deb_archive" + cd "$_archive" + + tar -xf "packaging/standalone/target/neo4j-community-$pkgver-unix.tar.gz" + local bin_archive="neo4j-community-$pkgver" # Config files - install -Dm644 etc/neo4j/neo4j-admin.conf $pkgdir/etc/neo4j/neo4j-admin.conf - install -Dm644 etc/neo4j/neo4j.conf $pkgdir/etc/neo4j/neo4j.conf - install -Dm644 etc/neo4j/server-logs.xml $pkgdir/etc/neo4j/server-logs.xml - install -Dm644 etc/neo4j/user-logs.xml $pkgdir/etc/neo4j/user-logs.xml + install -Dm644 "$bin_archive/conf/neo4j-admin.conf" "$pkgdir/etc/neo4j/neo4j-admin.conf" + install -Dm644 "$bin_archive/conf/neo4j.conf" "$pkgdir/etc/neo4j/neo4j.conf" + install -Dm644 "$bin_archive/conf/server-logs.xml" "$pkgdir/etc/neo4j/server-logs.xml" + install -Dm644 "$bin_archive/conf/user-logs.xml" "$pkgdir/etc/neo4j/user-logs.xml" - sed -i 's:=/usr/share/neo4j/lib:=/usr/share/java/neo4j:' $pkgdir/etc/neo4j/neo4j.conf + sed -i 's:=/usr/share/neo4j/lib:=/usr/share/java/neo4j:' "$pkgdir/etc/neo4j/neo4j.conf" # Bash completion - install -Dm644 etc/bash_completion.d/neo4j-admin_completion $pkgdir/usr/share/bash-completion/completions/neo4j-admin - install -Dm644 etc/bash_completion.d/neo4j_completion $pkgdir/usr/share/bash-completion/completions/neo4j + install -Dm644 "$bin_archive/bin/completion/neo4j-admin_completion" "$pkgdir/usr/share/bash-completion/completions/neo4j-admin" + install -Dm644 "$bin_archive/bin/completion/neo4j_completion" "$pkgdir/usr/share/bash-completion/completions/neo4j" # JARs - install -dm755 $pkgdir/usr/share/java/neo4j - install -Dm644 usr/share/neo4j/lib/*.jar $pkgdir/usr/share/java/neo4j + + ## Remove Scala JARs + rm "$bin_archive/lib/"scala-library-*.jar + rm "$bin_archive/lib/"scala-reflect-*.jar + + ## Install JARs + install -dm755 "$pkgdir/usr/share/java/neo4j" + install -Dm644 "$bin_archive/lib/"*.jar "$pkgdir/usr/share/java/neo4j/" # Man pages - install -Dm644 usr/share/man/man1/neo4j-admin.1.gz $pkgdir/usr/share/man/man1/neo4j-admin.1.gz - install -Dm644 usr/share/man/man1/neo4j.1.gz $pkgdir/usr/share/man/man1/neo4j.1.gz + install -Dm644 community/cypher-shell/packaging/src/common/manpages/cypher-shell.1 "$pkgdir/usr/share/man/man1/cypher-shell.1" # Documentation - gzip --decompress --force usr/share/doc/neo4j/changelog.gz - install -Dm644 usr/share/doc/neo4j/README.txt $pkgdir/usr/share/doc/neo4j/README.txt - install -Dm644 usr/share/doc/neo4j/UPGRADE.txt $pkgdir/usr/share/doc/neo4j/UPGRADE.txt - install -Dm644 usr/share/doc/neo4j/changelog $pkgdir/usr/share/doc/neo4j/changelog + install -Dm644 "$bin_archive/README.txt" "$pkgdir/usr/share/doc/neo4j/README.txt" + install -Dm644 "$bin_archive/UPGRADE.txt" "$pkgdir/usr/share/doc/neo4j/UPGRADE.txt" # License files - gzip --decompress --force usr/share/doc/neo4j/LICENSE.txt.gz - gzip --decompress --force usr/share/doc/neo4j/LICENSES.txt.gz - gzip --decompress --force usr/share/doc/neo4j/NOTICE.txt.gz - install -Dm644 usr/share/doc/neo4j/LICENSE.txt $pkgdir/usr/share/licenses/neo4j/LICENSE.txt - install -Dm644 usr/share/doc/neo4j/LICENSES.txt $pkgdir/usr/share/licenses/neo4j/LICENSES.txt - install -Dm644 usr/share/doc/neo4j/NOTICE.txt $pkgdir/usr/share/licenses/neo4j/NOTICE.txt - install -Dm644 usr/share/doc/neo4j/copyright $pkgdir/usr/share/licenses/neo4j/copyright - - # Plugin directory - install -Dm644 var/lib/neo4j/plugins/README.txt $pkgdir/var/lib/neo4j/plugins/README.txt - - # Labs directory - install -Dm644 var/lib/neo4j/labs/LICENSE $pkgdir/var/lib/neo4j/labs/LICENSE - install -Dm644 var/lib/neo4j/labs/README.txt $pkgdir/var/lib/neo4j/labs/README.txt - install -Dm644 var/lib/neo4j/labs/apoc-$pkgver-core.jar $pkgdir/var/lib/neo4j/labs/apoc-$pkgver-core.jar - - # Lintian - install -Dm644 usr/share/lintian/overrides/neo4j $pkgdir/usr/share/lintian/overrides/neo4j + install -Dm644 "$bin_archive/LICENSE.txt" "$pkgdir/usr/share/licenses/$pkgname/LICENSE.txt" + install -Dm644 "$bin_archive/LICENSES.txt" "$pkgdir/usr/share/licenses/$pkgname/LICENSES.txt" + install -Dm644 "$bin_archive/NOTICE.txt" "$pkgdir/usr/share/licenses/$pkgname/NOTICE.txt" # Executable files - install -Dm755 $srcdir/neo4j $pkgdir/usr/bin/neo4j - install -Dm755 $srcdir/neo4j-admin $pkgdir/usr/bin/neo4j-admin - - # Misc directories - install -dm755 $pkgdir/var/log/neo4j - install -dm755 $pkgdir/var/lib/neo4j/import - install -dm755 $pkgdir/var/lib/neo4j/data - install -dm755 $pkgdir/var/lib/neo4j/certificates - install -dm755 $pkgdir/var/lib/neo4j/licenses - install -dm755 $pkgdir/var/lib/neo4j/run - - # Service definition files - install -Dm644 lib/systemd/system/neo4j.service $pkgdir/usr/lib/systemd/system/neo4j.service - sed -i 's:ExecStart=/usr/share/neo4j/bin/neo4j:ExecStart=/usr/bin/neo4j:' $pkgdir/usr/lib/systemd/system/neo4j.service - - # Runtime files - install -Dm644 $srcdir/neo4j-tmpfile.conf $pkgdir/usr/lib/tmpfiles.d/neo4j.conf + install -Dm755 "bin/cypher-shell" "$pkgdir/usr/bin/cypher-shell" + install -Dm755 "bin/neo4j" "$pkgdir/usr/bin/neo4j" + install -Dm755 "bin/neo4j-admin" "$pkgdir/usr/bin/neo4j-admin" + + # Systemd files + install -Dm644 "$srcdir/$_name.service" "$pkgdir/usr/lib/systemd/system/$_name.service" + install -Dm644 "$srcdir/$_name.sysusers" "$pkgdir/usr/lib/sysusers.d/$_name.conf" + install -Dm644 "$srcdir/$_name.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/$_name.conf" } diff --git a/neo4j-admin b/neo4j-admin deleted file mode 100755 index 3331ec5db585..000000000000 --- a/neo4j-admin +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -BASEDIR=/usr/share/java/neo4j - -export NEO4J_HOME="${NEO4J_HOME:-/var/lib/neo4j}" -export NEO4J_CONF="${NEO4J_CONF:-/etc/neo4j}" - -for name in "$BASEDIR"/*.jar ; do - CLASSPATH=$CLASSPATH:$name -done - -export PATH="/usr/lib/jvm/java-17-openjdk/bin/:$PATH" -exec java \ - -classpath "$CLASSPATH" \ - -Dapp.name="neo4j-admin" \ - -Dapp.pid="$$" \ - -Dapp.repo="$BASEDIR" \ - -Dapp.home="$BASEDIR" \ - -Dbasedir="$BASEDIR" \ - org.neo4j.server.startup.Neo4jAdminBoot \ - "$@" diff --git a/neo4j-tmpfile.conf b/neo4j-tmpfile.conf deleted file mode 100644 index 6553f9e1d47d..000000000000 --- a/neo4j-tmpfile.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/neo4j 0755 neo4j neo4j - diff --git a/neo4j b/neo4j.executable-template index 2a0c660c7708..d09fa5ad76ee 100755..100644 --- a/neo4j +++ b/neo4j.executable-template @@ -9,13 +9,18 @@ for name in "$BASEDIR"/*.jar ; do CLASSPATH=$CLASSPATH:$name done +SCALADIR=/usr/share/scala/lib/ +for name in "$SCALADIR"/*.jar ; do + CLASSPATH=$CLASSPATH:$name +done + export PATH="/usr/lib/jvm/java-17-openjdk/bin/:$PATH" exec java \ -classpath "$CLASSPATH" \ - -Dapp.name="neo4j" \ + -Dapp.name="%APP_NAME%" \ -Dapp.pid="$$" \ -Dapp.repo="$BASEDIR" \ -Dapp.home="$BASEDIR" \ -Dbasedir="$BASEDIR" \ - org.neo4j.server.startup.Neo4jBoot \ + %CLASS_NAME% \ "$@" diff --git a/neo4j.install b/neo4j.install deleted file mode 100644 index c07800490af4..000000000000 --- a/neo4j.install +++ /dev/null @@ -1,35 +0,0 @@ -post_install() { - assert_user_and_group_exist - directory_permissions - - /usr/bin/systemd-tmpfiles --create neo4j.conf -} - -post_upgrade() { - assert_user_and_group_exist - directory_permissions -} - -post_remove() { - if getent passwd neo4j >/dev/null; then - userdel neo4j - fi - if getent group neo4j >/dev/null; then - groupdel neo4j - fi -} - -directory_permissions() { - chown -R neo4j:neo4j /var/lib/neo4j - chown -R neo4j:neo4j /var/log/neo4j - chown -R neo4j:neo4j /etc/neo4j -} - -assert_user_and_group_exist() { - if ! getent group neo4j >/dev/null; then - groupadd --system neo4j - fi - if ! getent passwd neo4j >/dev/null; then - useradd --system -g neo4j -d /var/lib/neo4j -s /bin/false neo4j - fi -} diff --git a/neo4j.service b/neo4j.service new file mode 100644 index 000000000000..645db72a19d1 --- /dev/null +++ b/neo4j.service @@ -0,0 +1,32 @@ +[Unit] +Description=Neo4j Graph Database +After=network-online.target +Wants=network-online.target + +[Service] +ExecStart=/usr/bin/neo4j console +Restart=on-abnormal +User=neo4j +Group=neo4j +Environment="NEO4J_CONF=/etc/neo4j" "NEO4J_HOME=/var/lib/neo4j" +LimitNOFILE=60000 +TimeoutSec=120 + +# Hardening +PrivateTmp=true +ProtectHome=true +ProtectSystem=full +NoNewPrivileges=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +PrivateDevices=true +# RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native +ReadOnlyPaths=/ +ReadWritePaths=/var/lib/neo4j /var/log/neo4j + +[Install] +WantedBy=multi-user.target diff --git a/neo4j.sysusers b/neo4j.sysusers new file mode 100644 index 000000000000..fc49e37b90cb --- /dev/null +++ b/neo4j.sysusers @@ -0,0 +1 @@ +u neo4j - "neo4j user" /nonexistent /bin/false diff --git a/neo4j.tmpfiles b/neo4j.tmpfiles new file mode 100644 index 000000000000..b224ccd9dc45 --- /dev/null +++ b/neo4j.tmpfiles @@ -0,0 +1,2 @@ +d /var/lib/neo4j 0755 neo4j neo4j - +d /var/lib/neo4j/plugins 0755 neo4j neo4j - diff --git a/use-system-scala.patch b/use-system-scala.patch new file mode 100644 index 000000000000..a84d4e699b91 --- /dev/null +++ b/use-system-scala.patch @@ -0,0 +1,12 @@ +diff --git a/pom.xml b/pom.xml +index ab410375f7c..625912052f1 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -531,6 +531,7 @@ + <configuration> + <scalaVersion>${scala.version}</scalaVersion> + <scalaCompatVersion>${scala.binary.version}</scalaCompatVersion> ++ <scalaHome>${scala.home}</scalaHome> + <recompileMode>${scala.plugin.recompileMode}</recompileMode> + <args> + <arg>-Xlint:_,-missing-interpolator</arg> |