Moved from community

12 files changed, 407 insertions, 0 deletions

diff --git a/.SRCINFO b/.SRCINFO
new file mode 100644
index 000000000000..7b793b19992e
--- /dev/null
+++ b/.SRCINFO
@@ -0,0 +1,39 @@
+pkgbase = elasticsearch
+	pkgdesc = Distributed RESTful search engine built on top of Lucene
+	pkgver = 7.10.2
+	pkgrel = 2
+	url = https://www.elastic.co/products/elasticsearch
+	arch = x86_64
+	license = Apache
+	makedepends = java-environment=11
+	depends = java-runtime-headless<=16
+	depends = systemd
+	depends = libxml2
+	backup = etc/elasticsearch/elasticsearch.yml
+	backup = etc/elasticsearch/log4j2.properties
+	backup = etc/elasticsearch/jvm.options
+	backup = etc/default/elasticsearch
+	source = elasticsearch-7.10.2.tar.gz::https://github.com/elastic/elasticsearch/archive/v7.10.2.tar.gz
+	source = elasticsearch.service
+	source = elasticsearch@.service
+	source = elasticsearch-keystore.service
+	source = elasticsearch-keystore@.service
+	source = elasticsearch-sysctl.conf
+	source = elasticsearch-user.conf
+	source = elasticsearch-tmpfile.conf
+	source = elasticsearch.default
+	source = remove-systemd-distribution-check.patch
+	source = patch-log4j-JAR-to-remove-JndiLookup-class-81629.patch
+	sha256sums = bdb7811882a0d9436ac202a947061b565aa71983c72e1c191e7373119a1cdd1c
+	sha256sums = 9e1f68ff275ef2b5f2b93d2823efc5cc9643da696fcbe09a3ea7520ada35ffba
+	sha256sums = 8a76ad9a44a34eca8d6cb7ec9d8f1b01d46c114765b0a76094de8d72f0477351
+	sha256sums = bac40d87acaa5bee209ceb6dfa253009a072e9243fe3b94be42fb5cd44727d6f
+	sha256sums = 22a78a165a810608188faea6f2b0b381f27b1e9d60126c3b3e729124540589a8
+	sha256sums = b3feb1e9c7e7ce6b33cea6c727728ed700332aae942ca475c3bcc1d56b9f113c
+	sha256sums = 815f6a39db6f54bb40750c382ffbdc298d2c4c187ee8ea7e2f855923e2ff354b
+	sha256sums = 74a772e9f73e2cecda45dcd30ade2f6114db657ed36231292bdf9a7ca04eab78
+	sha256sums = bb74e5fb8bc28f2125e015395ab05bea117b72bfc6dadbca827694b362ee0bf8
+	sha256sums = 96934e6518245a4110714c3e1c1eb7bfaf4dd0026cc917efc322f3bfa4c3b5ec
+	sha256sums = 98724575d454a49ec419eb39c53565cba5d2901eef6246d63205d02b8c6a68e2
+
+pkgname = elasticsearch
diff --git a/PKGBUILD b/PKGBUILD
new file mode 100644
index 000000000000..cefc95989dba
--- /dev/null
+++ b/PKGBUILD
@@ -0,0 +1,97 @@
+# Maintainer: Justin Kromlinger <hashworks@archlinux.org>
+# Contributor: Massimiliano Torromeo <massimiliano.torromeo@gmail.com>
+# Contributor: Marcello "mererghost" Rocha <https://github.com/mereghost>
+# Refactored by Blaž "Speed" Hrastnik <https://github.com/archSeer>
+
+pkgname=elasticsearch
+pkgver=7.10.2
+pkgrel=2
+pkgdesc="Distributed RESTful search engine built on top of Lucene"
+arch=('x86_64')
+url="https://www.elastic.co/products/elasticsearch"
+license=('Apache')
+depends=('java-runtime-headless<=16' 'systemd' 'libxml2')
+makedepends=('java-environment=11')
+source=(
+  $pkgname-$pkgver.tar.gz::"https://github.com/elastic/elasticsearch/archive/v${pkgver}.tar.gz"
+  elasticsearch.service
+  elasticsearch@.service
+  elasticsearch-keystore.service
+  elasticsearch-keystore@.service
+  elasticsearch-sysctl.conf
+  elasticsearch-user.conf
+  elasticsearch-tmpfile.conf
+  elasticsearch.default
+  remove-systemd-distribution-check.patch
+  patch-log4j-JAR-to-remove-JndiLookup-class-81629.patch
+)
+sha256sums=('bdb7811882a0d9436ac202a947061b565aa71983c72e1c191e7373119a1cdd1c'
+            '9e1f68ff275ef2b5f2b93d2823efc5cc9643da696fcbe09a3ea7520ada35ffba'
+            '8a76ad9a44a34eca8d6cb7ec9d8f1b01d46c114765b0a76094de8d72f0477351'
+            'bac40d87acaa5bee209ceb6dfa253009a072e9243fe3b94be42fb5cd44727d6f'
+            '22a78a165a810608188faea6f2b0b381f27b1e9d60126c3b3e729124540589a8'
+            'b3feb1e9c7e7ce6b33cea6c727728ed700332aae942ca475c3bcc1d56b9f113c'
+            '815f6a39db6f54bb40750c382ffbdc298d2c4c187ee8ea7e2f855923e2ff354b'
+            '74a772e9f73e2cecda45dcd30ade2f6114db657ed36231292bdf9a7ca04eab78'
+            'bb74e5fb8bc28f2125e015395ab05bea117b72bfc6dadbca827694b362ee0bf8'
+            '96934e6518245a4110714c3e1c1eb7bfaf4dd0026cc917efc322f3bfa4c3b5ec'
+            '98724575d454a49ec419eb39c53565cba5d2901eef6246d63205d02b8c6a68e2')
+
+backup=('etc/elasticsearch/elasticsearch.yml'
+        'etc/elasticsearch/log4j2.properties'
+        'etc/elasticsearch/jvm.options'
+        'etc/default/elasticsearch')
+
+prepare() {
+  cd $pkgname-$pkgver
+  patch -Np1 -i "$srcdir"/remove-systemd-distribution-check.patch
+  patch -Np1 -i "$srcdir"/patch-log4j-JAR-to-remove-JndiLookup-class-81629.patch
+  sed -i 's|${versions.log4j}|2.11.1|' libs/log4j/build.gradle
+}
+
+build() {
+  cd $pkgname-$pkgver
+  export PATH=/usr/lib/jvm/java-11-openjdk/bin:$PATH
+  export GRADLE_OPTS="-Dbuild.snapshot=false -Dlicense.key=x-pack/plugin/core/snapshot.key"
+  ./gradlew :distribution:buildSystemdModule
+  ./gradlew :distribution:archives:linux-tar:build
+}
+
+package() {
+  cd $pkgname-$pkgver
+
+  install -dm755 "$pkgdir"/{usr/share,var/lib,var/log}/elasticsearch
+  install -dm755 "$pkgdir"/usr/bin
+
+  tar xf distribution/archives/linux-tar/build/distributions/elasticsearch-$pkgver-*linux-x86_64.tar.gz \
+      --strip 1 -C "$pkgdir"/usr/share/elasticsearch
+  rm -r "$pkgdir"/usr/share/elasticsearch/{jdk,logs}
+
+  install -dm755 "$pkgdir"/etc
+  mv "$pkgdir"/usr/share/elasticsearch/config "$pkgdir"/etc/elasticsearch
+  chmod 2750 "$pkgdir"/etc/elasticsearch
+
+  for bin in "$pkgdir"/usr/share/elasticsearch/bin/*; do
+    ln -sT /usr/share/elasticsearch/bin/$(basename $bin) "$pkgdir"/usr/bin/$(basename $bin)
+  done
+
+  ln -s /etc/elasticsearch "$pkgdir"/usr/share/elasticsearch/config
+  ln -s /var/log/elasticsearch "$pkgdir"/usr/share/elasticsearch/logs
+  ln -s /var/lib/elasticsearch "$pkgdir"/usr/share/elasticsearch/data
+
+  install -Dm644 "$srcdir"/elasticsearch.service "$pkgdir"/usr/lib/systemd/system/elasticsearch.service
+  install -Dm644 "$srcdir"/elasticsearch@.service "$pkgdir"/usr/lib/systemd/system/elasticsearch@.service
+  install -Dm644 "$srcdir"/elasticsearch-keystore.service "$pkgdir"/usr/lib/systemd/system/elasticsearch-keystore.service
+  install -Dm644 "$srcdir"/elasticsearch-keystore@.service "$pkgdir"/usr/lib/systemd/system/elasticsearch-keystore@.service
+  install -Dm644 "$srcdir"/elasticsearch-user.conf "$pkgdir"/usr/lib/sysusers.d/elasticsearch.conf
+  install -Dm644 "$srcdir"/elasticsearch-tmpfile.conf "$pkgdir"/usr/lib/tmpfiles.d/elasticsearch.conf
+  install -Dm644 "$srcdir"/elasticsearch-sysctl.conf "$pkgdir"/usr/lib/sysctl.d/elasticsearch.conf
+  install -Dm644 "$srcdir"/elasticsearch.default "$pkgdir"/etc/default/elasticsearch
+
+  cp -r distribution/build/outputs/systemd/modules/systemd "$pkgdir"/usr/share/elasticsearch/modules/
+
+  sed -i '2iJAVA_HOME=/usr/lib/jvm/default-runtime' "$pkgdir"/usr/share/elasticsearch/bin/elasticsearch-env
+  sed -i 's/ES_BUNDLED_JDK=true/ES_BUNDLED_JDK=false/g' "$pkgdir"/usr/share/elasticsearch/bin/elasticsearch-env
+
+  install -Dm644 LICENSE.txt "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE.txt"
+}
diff --git a/elasticsearch-keystore.service b/elasticsearch-keystore.service
new file mode 100644
index 000000000000..8f52b898e03f
--- /dev/null
+++ b/elasticsearch-keystore.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Elasticsearch Keystore Generation
+ConditionPathExists=|!/etc/elasticsearch/elasticsearch.keystore
+
+[Service]
+Type=oneshot
+Group=elasticsearch
+UMask=0007
+ExecStart=/usr/share/elasticsearch/bin/elasticsearch-keystore create
+RemainAfterExit=yes
diff --git a/elasticsearch-keystore@.service b/elasticsearch-keystore@.service
new file mode 100644
index 000000000000..039e2123f4ca
--- /dev/null
+++ b/elasticsearch-keystore@.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Elasticsearch Keystore Generation
+ConditionPathExists=|!/etc/elasticsearch/%I/elasticsearch.keystore
+
+[Service]
+Type=oneshot
+Group=elasticsearch
+UMask=0007
+Environment=ES_PATH_CONF=/etc/elasticsearch/%I
+ExecStart=/usr/share/elasticsearch/bin/elasticsearch-keystore create
+RemainAfterExit=yes
diff --git a/elasticsearch-sysctl.conf b/elasticsearch-sysctl.conf
new file mode 100644
index 000000000000..32da2c91cf27
--- /dev/null
+++ b/elasticsearch-sysctl.conf
@@ -0,0 +1 @@
+vm.max_map_count=262144
\ No newline at end of file
diff --git a/elasticsearch-tmpfile.conf b/elasticsearch-tmpfile.conf
new file mode 100644
index 000000000000..c71ec6ff127a
--- /dev/null
+++ b/elasticsearch-tmpfile.conf
@@ -0,0 +1,14 @@
+d /var/log/elasticsearch 0755 elasticsearch elasticsearch -
+d /var/lib/elasticsearch 0755 elasticsearch elasticsearch -
+d /usr/share/elasticsearch/plugins 0755 elasticsearch elasticsearch -
+
+d /etc/elasticsearch 2750 - elasticsearch -
+d /etc/elasticsearch/scripts 0750 - elasticsearch -
+d /etc/elasticsearch/jvm.options.d 0750 - elasticsearch -
+z /etc/elasticsearch/jvm.options 0640 root elasticsearch
+z /etc/elasticsearch/elasticsearch.yml 0640 root elasticsearch
+z /etc/elasticsearch/log4j2.properties 0640 root elasticsearch
+z /etc/elasticsearch/role_mapping.yml 0640 root elasticsearch
+z /etc/elasticsearch/roles.yml 0640 root elasticsearch
+z /etc/elasticsearch/users 0640 root elasticsearch
+z /etc/elasticsearch/users_roles 0640 root elasticsearch
diff --git a/elasticsearch-user.conf b/elasticsearch-user.conf
new file mode 100644
index 000000000000..d67b6c3fdde1
--- /dev/null
+++ b/elasticsearch-user.conf
@@ -0,0 +1 @@
+u elasticsearch - "Elasticsearch user"
diff --git a/elasticsearch.default b/elasticsearch.default
new file mode 100644
index 000000000000..ade7ae924ddd
--- /dev/null
+++ b/elasticsearch.default
@@ -0,0 +1,13 @@
+JAVA_HOME=/usr/lib/jvm/default-runtime
+
+# Heap Size (defaults to 256m min, 1g max)
+#ES_HEAP_SIZE=1g
+
+# Heap new generation
+#ES_HEAP_NEWSIZE=
+
+# max direct memory
+#ES_DIRECT_SIZE=
+
+# Additional Java OPTS
+#ES_JAVA_OPTS=
diff --git a/elasticsearch.service b/elasticsearch.service
new file mode 100644
index 000000000000..d15fff03901d
--- /dev/null
+++ b/elasticsearch.service
@@ -0,0 +1,66 @@
+[Unit]
+Description=Elasticsearch
+Documentation=http://www.elastic.co
+Wants=elasticsearch-keystore.service
+Wants=network-online.target
+After=elasticsearch-keystore.service
+After=network-online.target
+
+[Service]
+Type=notify
+RuntimeDirectory=elasticsearch
+PrivateTmp=true
+Environment=ES_HOME=/usr/share/elasticsearch
+Environment=ES_PATH_CONF=/etc/elasticsearch
+Environment=PID_DIR=/run/elasticsearch
+Environment=ES_SD_NOTIFY=true
+EnvironmentFile=-/etc/default/elasticsearch
+
+WorkingDirectory=/usr/share/elasticsearch
+
+User=elasticsearch
+Group=elasticsearch
+
+PermissionsStartOnly=true
+ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-keystore upgrade
+
+ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid
+
+# StandardOutput is configured to redirect to journalctl since
+# some error messages may be logged in standard output before
+# elasticsearch logging system is initialized. Elasticsearch
+# stores its logs in /var/log/elasticsearch and does not use
+# journalctl by default. If you also want to enable journalctl
+# logging, you can simply remove the "quiet" option from ExecStart.
+StandardOutput=journal
+StandardError=inherit
+
+# Specifies the maximum file descriptor number that can be opened by this process
+LimitNOFILE=65535
+
+# Specifies the maximum number of processes
+LimitNPROC=4096
+
+# Specifies the maximum size of virtual memory
+LimitAS=infinity
+
+# Specifies the maximum file size
+LimitFSIZE=infinity
+
+# Disable timeout logic and wait until process is stopped
+TimeoutStopSec=0
+
+# SIGTERM signal is used to stop the Java process
+KillSignal=SIGTERM
+
+# Send the signal only to the JVM rather than its control group
+KillMode=process
+
+# Java process is never killed
+SendSIGKILL=no
+
+# When a JVM receives a SIGTERM signal it exits with code 143
+SuccessExitStatus=143
+
+[Install]
+WantedBy=multi-user.target
diff --git a/elasticsearch@.service b/elasticsearch@.service
new file mode 100644
index 000000000000..10849be63e2f
--- /dev/null
+++ b/elasticsearch@.service
@@ -0,0 +1,67 @@
+[Unit]
+Description=Elasticsearch %I
+Documentation=http://www.elastic.co
+Wants=elasticsearch-keystore@%i.service
+Wants=network-online.target
+After=elasticsearch-keystore@%i.service
+After=network-online.target
+
+[Service]
+Type=notify
+RuntimeDirectory=elasticsearch
+PrivateTmp=true
+Environment=ES_HOME=/usr/share/elasticsearch
+Environment=ES_PATH_CONF=/etc/elasticsearch/%I
+Environment=PID_DIR=/run/elasticsearch
+Environment=ES_SD_NOTIFY=true
+EnvironmentFile=-/etc/default/elasticsearch
+PIDFile=/run/elasticsearch/%I.pid
+
+WorkingDirectory=/usr/share/elasticsearch
+
+User=elasticsearch
+Group=elasticsearch
+
+PermissionsStartOnly=true
+ExecStartPre=/usr/share/elasticsearch/bin/elasticsearch-keystore upgrade
+
+ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/%I.pid
+
+# StandardOutput is configured to redirect to journalctl since
+# some error messages may be logged in standard output before
+# elasticsearch logging system is initialized. Elasticsearch
+# stores its logs in /var/log/elasticsearch and does not use
+# journalctl by default. If you also want to enable journalctl
+# logging, you can simply remove the "quiet" option from ExecStart.
+StandardOutput=journal
+StandardError=inherit
+
+# Specifies the maximum file descriptor number that can be opened by this process
+LimitNOFILE=65535
+
+# Specifies the maximum number of processes
+LimitNPROC=4096
+
+# Specifies the maximum size of virtual memory
+LimitAS=infinity
+
+# Specifies the maximum file size
+LimitFSIZE=infinity
+
+# Disable timeout logic and wait until process is stopped
+TimeoutStopSec=0
+
+# SIGTERM signal is used to stop the Java process
+KillSignal=SIGTERM
+
+# Send the signal only to the JVM rather than its control group
+KillMode=process
+
+# Java process is never killed
+SendSIGKILL=no
+
+# When a JVM receives a SIGTERM signal it exits with code 143
+SuccessExitStatus=143
+
+[Install]
+WantedBy=multi-user.target
diff --git a/patch-log4j-JAR-to-remove-JndiLookup-class-81629.patch b/patch-log4j-JAR-to-remove-JndiLookup-class-81629.patch
new file mode 100644
index 000000000000..b0293d2e46e0
--- /dev/null
+++ b/patch-log4j-JAR-to-remove-JndiLookup-class-81629.patch
@@ -0,0 +1,71 @@
+From 9a3422e1a6cf519e3fedce396784be2ef48dc7f9 Mon Sep 17 00:00:00 2001
+From: Mark Vieira <portugee@gmail.com>
+Date: Fri, 10 Dec 2021 15:51:38 -0800
+Subject: [PATCH] Patch log4j JAR to remove JndiLookup class (#81629)
+
+
+diff --git a/distribution/build.gradle b/distribution/build.gradle
+index feab67bfbf8..76549a83d0b 100644
+--- a/distribution/build.gradle
++++ b/distribution/build.gradle
+@@ -275,6 +275,10 @@ configure(subprojects.findAll { ['archives', 'packages'].contains(it.name) }) {
+         }
+       }
+     }
++    all {
++      resolutionStrategy.dependencySubstitution {
++        substitute module("org.apache.logging.log4j:log4j-core") using project(":libs:elasticsearch-log4j") because "patched to remove JndiLookup clas"}
++    }
+   }
+ 
+   dependencies {
+diff --git a/libs/build.gradle b/libs/build.gradle
+index 0614199b97b..952985f5aa5 100644
+--- a/libs/build.gradle
++++ b/libs/build.gradle
+@@ -6,7 +6,7 @@
+  * Side Public License, v 1.
+  */
+ 
+-subprojects {
++configure(subprojects - project('elasticsearch-log4j')) {
+   /*
+    * All subprojects are java projects using Elasticsearch's standard build
+    * tools.
+diff --git a/libs/log4j/build.gradle b/libs/log4j/build.gradle
+new file mode 100644
+index 00000000000..917a9f454a1
+--- /dev/null
++++ b/libs/log4j/build.gradle
+@@ -0,0 +1,28 @@
++plugins {
++  id 'base'
++  id 'elasticsearch.repositories'
++}
++
++configurations {
++  log4j {
++    transitive = false
++  }
++}
++
++dependencies {
++  log4j "org.apache.logging.log4j:log4j-core:${versions.log4j}"
++}
++
++// Strip out JndiLookup class to avoid any possibility of exploitation of CVE-2021-44228
++// See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
++// See: https://issues.apache.org/jira/browse/LOG4J2-3201
++def patchLog4j = tasks.register('patchLog4j', Zip) {
++  archiveExtension = 'jar'
++  from({ zipTree(configurations.log4j.singleFile) }) {
++    exclude '**/JndiLookup.class'
++  }
++}
++
++artifacts {
++  'default'(patchLog4j)
++}
+-- 
+2.34.1
+
diff --git a/remove-systemd-distribution-check.patch b/remove-systemd-distribution-check.patch
new file mode 100644
index 000000000000..8c9c341ff835
--- /dev/null
+++ b/remove-systemd-distribution-check.patch
@@ -0,0 +1,17 @@
+diff --git a/modules/systemd/src/main/java/org/elasticsearch/systemd/SystemdPlugin.java b/modules/systemd/src/main/java/org/elasticsearch/systemd/SystemdPlugin.java
+index 40cc219cbb4..5b89f469da7 100644
+--- a/modules/systemd/src/main/java/org/elasticsearch/systemd/SystemdPlugin.java
++++ b/modules/systemd/src/main/java/org/elasticsearch/systemd/SystemdPlugin.java
+@@ -59,11 +59,7 @@ public class SystemdPlugin extends Plugin implements ClusterPlugin {
+     }
+ 
+     SystemdPlugin(final boolean assertIsPackageDistribution, final Build.Type buildType, final String esSDNotify) {
+-        final boolean isPackageDistribution = buildType == Build.Type.DEB || buildType == Build.Type.RPM;
+-        if (assertIsPackageDistribution) {
+-            // our build is configured to only include this module in the package distributions
+-            assert isPackageDistribution : buildType;
+-        }
++        final boolean isPackageDistribution = true;
+         if (isPackageDistribution == false) {
+             logger.debug("disabling sd_notify as the build type [{}] is not a package distribution", buildType);
+             enabled = false;