diff options
-rw-r--r-- | .SRCINFO | 37 | ||||
-rw-r--r-- | .gitignore | 15 | ||||
-rw-r--r-- | .nvchecker.toml | 4 | ||||
-rw-r--r-- | PKGBUILD | 183 | ||||
-rw-r--r-- | bin.patch | 6 | ||||
-rw-r--r-- | neo4j-tmpfile.conf | 1 | ||||
-rw-r--r-- | neo4j.conf | 318 | ||||
-rw-r--r-- | neo4j.executable-template | 26 | ||||
-rw-r--r-- | neo4j.install | 36 | ||||
-rw-r--r-- | neo4j.service | 34 | ||||
-rw-r--r-- | neo4j.sysusers | 1 | ||||
-rw-r--r-- | neo4j.tmpfiles | 2 | ||||
-rw-r--r-- | use-system-scala.patch | 12 |
13 files changed, 213 insertions, 462 deletions
@@ -1,28 +1,27 @@ pkgbase = neo4j-community pkgdesc = A fully transactional graph database implemented in Java - pkgver = 4.1.6 + pkgver = 5.18.1 pkgrel = 1 - url = http://neo4j.org/ - install = neo4j.install + url = https://github.com/neo4j/neo4j arch = any - license = custom - makedepends = patch - depends = jre11-openjdk-headless + license = GPL-3.0-only + makedepends = java-environment=17 + makedepends = maven + depends = java-runtime=17 conflicts = neo4j-enterprise - options = !strip + backup = etc/neo4j/neo4j-admin.conf backup = etc/neo4j/neo4j.conf - source = http://dist.neo4j.org/neo4j-community-4.1.6-unix.tar.gz - source = bin.patch - source = neo4j.conf - source = neo4j.install + backup = etc/neo4j/server-logs.xml + backup = etc/neo4j/user-logs.xml + source = neo4j-community-5.18.1.tar.gz::https://github.com/neo4j/neo4j/archive/5.18.1.tar.gz + source = neo4j.executable-template source = neo4j.service - source = neo4j-tmpfile.conf - sha256sums = 877fab336425465728284c008c15401982a7695c019cd2874c9b0f6ef8d5bf36 - sha256sums = 1c7f9c81ef1ab8228b17ddd0db95de94424cc5feda5dffb09d58f2f46b4d4caf - sha256sums = 8b58f52fc827a02eda8aa58fd40c3a19aab9f5ea0687f5eebc421ba49828713b - sha256sums = f95936abc4a519b01d2cd987cd38a253003cf4cd39bfab29948708e82d98de66 - sha256sums = 4e56e56e38cfe91755adf76642972bece509a9fd3f7d1851d65715fff762b9db - sha256sums = e1311352e05b1e698599b91883141b938ceb418abd7e6bc11cc964854f0a21e1 + source = neo4j.sysusers + source = neo4j.tmpfiles + sha256sums = adf109bc170f3a11b7cd024aa9976bd1c24fdef1d592e4c0f80fbb878b0ae301 + sha256sums = 152e35d949fe9090c890e7a213da917c09bc087a060119a1c32541821f91781f + sha256sums = 090e9ced1708e22592f775490360762d973e81061a0170b4150b087b1751e142 + sha256sums = a1d3dd94aecf80289e8d9b6381d4393ed60b7a5dec3cae436e721be676c15f3a + sha256sums = 45033d5009c84340b79f914bfc13b00c67a8c0bf30a5ccf9d016b5e238762f92 pkgname = neo4j-community - diff --git a/.gitignore b/.gitignore index ca392c383294..794f95a711e1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,10 @@ -neo4j-community-*-any.pkg.tar.xz -neo4j-community-*-any.pkg.tar.zst -neo4j-community-*-unix.tar.gz -pkg/ -src/ +* +!.gitignore +!.nvchecker.toml +!.SRCINFO +!PKGBUILD +!use-system-scala.patch +!neo4j.executable-template +!neo4j.service +!neo4j.sysusers +!neo4j.tmpfiles diff --git a/.nvchecker.toml b/.nvchecker.toml new file mode 100644 index 000000000000..6432854fad22 --- /dev/null +++ b/.nvchecker.toml @@ -0,0 +1,4 @@ +[neo4j-community] +source = "github" +github = "neo4j/neo4j" +use_max_tag = true @@ -1,93 +1,140 @@ -# Maintainer: Amina Khakimova <hakami1024@gmail.com> +# Maintainer: Carl Smedstad <carl.smedstad at protonmail dot com> +# Contributor: Amina Khakimova <hakami1024@gmail.com> # Contributor: Marcel Campello Ferreira <marcel.campello.ferreira@gmail.com> # Contributor: Mark Dixon <mark@markdixon.name> + pkgname=neo4j-community -pkgver=4.1.6 +_pkgname=neo4j +pkgver=5.18.1 pkgrel=1 -pkgdesc='A fully transactional graph database implemented in Java' +pkgdesc="A fully transactional graph database implemented in Java" arch=(any) -url=http://neo4j.org/ -license=(custom) -makedepends=(patch) -depends=('jre11-openjdk-headless') +url="https://github.com/neo4j/neo4j" +license=(GPL-3.0-only) +_java_version=17 +depends=("java-runtime=$_java_version") +makedepends=( + "java-environment=$_java_version" + "maven" +) conflicts=(neo4j-enterprise) -backup=(etc/neo4j/neo4j.conf) -options=(!strip) -install=neo4j.install -source=(http://dist.neo4j.org/neo4j-community-$pkgver-unix.tar.gz - bin.patch - neo4j.conf - neo4j.install - neo4j.service - neo4j-tmpfile.conf) -sha256sums=('877fab336425465728284c008c15401982a7695c019cd2874c9b0f6ef8d5bf36' - '1c7f9c81ef1ab8228b17ddd0db95de94424cc5feda5dffb09d58f2f46b4d4caf' - '8b58f52fc827a02eda8aa58fd40c3a19aab9f5ea0687f5eebc421ba49828713b' - 'f95936abc4a519b01d2cd987cd38a253003cf4cd39bfab29948708e82d98de66' - '4e56e56e38cfe91755adf76642972bece509a9fd3f7d1851d65715fff762b9db' - 'e1311352e05b1e698599b91883141b938ceb418abd7e6bc11cc964854f0a21e1') +backup=( + etc/neo4j/neo4j-admin.conf + etc/neo4j/neo4j.conf + etc/neo4j/server-logs.xml + etc/neo4j/user-logs.xml +) +source=( + "$pkgname-$pkgver.tar.gz::$url/archive/$pkgver.tar.gz" + "neo4j.executable-template" + "neo4j.service" + "neo4j.sysusers" + "neo4j.tmpfiles" +) +sha256sums=( + 'adf109bc170f3a11b7cd024aa9976bd1c24fdef1d592e4c0f80fbb878b0ae301' + '152e35d949fe9090c890e7a213da917c09bc087a060119a1c32541821f91781f' + '090e9ced1708e22592f775490360762d973e81061a0170b4150b087b1751e142' + 'a1d3dd94aecf80289e8d9b6381d4393ed60b7a5dec3cae436e721be676c15f3a' + '45033d5009c84340b79f914bfc13b00c67a8c0bf30a5ccf9d016b5e238762f92' +) + +_archive="$_pkgname-$pkgver" + prepare() { + cd "$_archive" + + mvn versions:set -DnewVersion="$pkgver" - cd $srcdir/neo4j-community-$pkgver - patch -Np1 -i ../bin.patch + # Download dependencies + mvn \ + -Dmaven.repo.local="$srcdir/repo" \ + dependency:go-offline + + mkdir -p bin + # shellcheck disable=SC2002 + { + cat "$srcdir/neo4j.executable-template" \ + | sed "s/%APP_NAME%/neo4j/" \ + | sed "s/%CLASS_NAME%/org.neo4j.server.startup.Neo4jBoot/" \ + > bin/neo4j + cat "$srcdir/neo4j.executable-template" \ + | sed "s/%APP_NAME%/neo4j-admin/" \ + | sed "s/%CLASS_NAME%/org.neo4j.server.startup.Neo4jAdminBoot/" \ + > bin/neo4j-admin + cat "$srcdir/neo4j.executable-template" \ + | sed "s/%APP_NAME%/cypher-shell/" \ + | sed "s/%CLASS_NAME%/org.neo4j.shell.startup.CypherShellBoot/" \ + > bin/cypher-shell + } } -package() { - cd $srcdir/neo4j-community-$pkgver +build() { + cd "$_archive" - # Config files - CONFIG_DIR=etc/neo4j - install -dm755 $pkgdir/$CONFIG_DIR - install -dm700 $pkgdir/$CONFIG_DIR/certificates - install -Dm644 $srcdir/neo4j.conf $pkgdir/etc/neo4j/neo4j.conf + export PATH="/usr/lib/jvm/java-$_java_version-openjdk/bin:$PATH" + mvn \ + -Dmaven.repo.local="$srcdir/repo" \ + package -DskipTests +} - # Data, import and log files - DATA_DIR=var/lib/neo4j/data - install -dm755 $pkgdir/$DATA_DIR - [[ $(ls -A data/* 2>/dev/null) ]] && cp -r data/* $pkgdir/$DATA_DIR +check() { + cd "$_archive" - IMPORT_DIR=var/lib/neo4j/import - install -dm755 $pkgdir/$IMPORT_DIR - [[ $(ls -A import/* 2>/dev/null) ]] && cp -r import/* $pkgdir/$IMPORT_DIR + # Running all integration tests takes ~1 hour + mvn \ + -Dmaven.repo.local="$srcdir/repo" \ + integration-test --projects community/community-it/community-it/ +} - LOG_DIR=var/log/neo4j - install -dm755 $pkgdir/$LOG_DIR - [[ $(ls -A logs/* 2>/dev/null) ]] && cp -r logs/* $pkgdir/$LOG_DIR +package() { + cd "$_archive" - # Copy JARs in lib and plugins - LIB_DIR=usr/share/java/neo4j/lib - install -dm755 $pkgdir/$LIB_DIR - [[ $(ls -A lib/* 2>/dev/null) ]] && cp -r lib/* $pkgdir/$LIB_DIR + tar -xf "packaging/standalone/target/neo4j-community-$pkgver-unix.tar.gz" + local bin_archive="neo4j-community-$pkgver" - PLUGINS_DIR=usr/share/java/neo4j/plugins - install -dm755 $pkgdir/$PLUGINS_DIR - [[ $(ls -A plugins/* 2>/dev/null) ]] && cp -r plugins/* $pkgdir/$PLUGINS_DIR + # Config files + install -Dm644 -t "$pkgdir/etc/neo4j" \ + "$bin_archive/conf/neo4j-admin.conf" \ + "$bin_archive/conf/neo4j.conf" \ + "$bin_archive/conf/server-logs.xml" \ + "$bin_archive/conf/user-logs.xml" - # Executable files - BIN_DIR=usr/share/neo4j/bin - install -dm755 $pkgdir/$BIN_DIR - [[ $(ls -A bin/* 2>/dev/null) ]] && cp -r bin/* $pkgdir/$BIN_DIR + sed -i 's|=/usr/share/neo4j/lib|=/usr/share/java/neo4j|' \ + "$pkgdir/etc/neo4j/neo4j.conf" - SYSTEM_BIN_DIR=usr/bin - install -dm755 $pkgdir/$SYSTEM_BIN_DIR - for file in $(find $pkgdir/$BIN_DIR -maxdepth 1 -type f); do - b_file=$(basename $file) - ln -s /$BIN_DIR/$b_file $pkgdir/$SYSTEM_BIN_DIR/$b_file; - done + # Bash completion + install -Dm644 "$bin_archive/bin/completion/neo4j-admin_completion" \ + "$pkgdir/usr/share/bash-completion/completions/neo4j-admin" + install -Dm644 "$bin_archive/bin/completion/neo4j_completion" \ + "$pkgdir/usr/share/bash-completion/completions/neo4j" + + # Install JARs + install -Dm644 -t "$pkgdir/usr/share/java/neo4j" "$bin_archive/lib/"*.jar + + # Man pages + install -Dm644 -t "$pkgdir/usr/share/man/man1" \ + community/cypher-shell/packaging/src/common/manpages/cypher-shell.1 # Documentation - DOC_DIR=usr/share/doc/neo4j - install -dm755 $pkgdir/$DOC_DIR - cp README.txt UPGRADE.txt $pkgdir/$DOC_DIR + install -Dm644 -t "$pkgdir/usr/share/doc/neo4j" \ + "$bin_archive/README.txt" \ + "$bin_archive/UPGRADE.txt" # License files - LICENSES_DIR=usr/share/licenses/neo4j - install -dm755 $pkgdir/$LICENSES_DIR - cp LICENSE.txt LICENSES.txt NOTICE.txt $pkgdir/$LICENSES_DIR + install -Dm644 -t "$pkgdir/usr/share/licenses/$pkgname" \ + "$bin_archive/LICENSE.txt" \ + "$bin_archive/LICENSES.txt" \ + "$bin_archive/NOTICE.txt" - # Service definition files - install -Dm644 $srcdir/neo4j.service $pkgdir/usr/lib/systemd/system/neo4j.service + # Executable files + install -Dm755 -t "$pkgdir/usr/bin" \ + bin/cypher-shell \ + bin/neo4j \ + bin/neo4j-admin - # Runtime files - install -Dm644 $srcdir/neo4j-tmpfile.conf $pkgdir/usr/lib/tmpfiles.d/neo4j.conf + # Systemd files + install -Dm644 -t "$pkgdir/usr/lib/systemd/system" "$srcdir/neo4j.service" + install -Dm644 "$srcdir/neo4j.sysusers" "$pkgdir/usr/lib/sysusers.d/neo4j.conf" + install -Dm644 "$srcdir/neo4j.tmpfiles" "$pkgdir/usr/lib/tmpfiles.d/neo4j.conf" } diff --git a/bin.patch b/bin.patch deleted file mode 100644 index eaf00ecd44c1..000000000000 --- a/bin.patch +++ /dev/null @@ -1,6 +0,0 @@ -diff -au0r neo4j-community-3.4.10-orig/bin/neo4j-admin neo4j-community-3.4.10-mod/bin/neo4j-admin ---- neo4j-community-3.4.10-orig/bin/neo4j-admin 2016-09-14 11:15:28.000000000 -0300 -+++ neo4j-community-3.4.10-mod/bin/neo4j-admin 2016-09-21 21:48:09.366135928 -0300 -@@ -3,0 +4,2 @@ -+export NEO4J_CONF=/etc/neo4j -+ diff --git a/neo4j-tmpfile.conf b/neo4j-tmpfile.conf deleted file mode 100644 index 6553f9e1d47d..000000000000 --- a/neo4j-tmpfile.conf +++ /dev/null @@ -1 +0,0 @@ -d /run/neo4j 0755 neo4j neo4j - diff --git a/neo4j.conf b/neo4j.conf deleted file mode 100644 index 0cfb10bcd149..000000000000 --- a/neo4j.conf +++ /dev/null @@ -1,318 +0,0 @@ -#***************************************************************** -# Neo4j configuration -# -# For more details and a complete list of settings, please see -# https://neo4j.com/docs/operations-manual/current/reference/configuration-settings/ -#***************************************************************** - -# The name of the database to mount -#dbms.active_database=graph.db - -# Paths of directories in the installation. -dbms.directories.data=/var/lib/neo4j/data -dbms.directories.plugins=/usr/share/java/neo4j/plugins -dbms.directories.certificates=/etc/neo4j/certificates -dbms.directories.logs=/var/log/neo4j -dbms.directories.lib=/usr/share/java/neo4j/lib -dbms.directories.run=/run/neo4j - -# This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to -# allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the -# `LOAD CSV` section of the manual for details. -dbms.directories.import=/var/lib/neo4j/import - -# Whether requests to Neo4j are authenticated. -# To disable authentication, uncomment this line -#dbms.security.auth_enabled=false - -# Enable this to be able to upgrade a store from an older version. -#dbms.allow_format_migration=true - -# Java Heap Size: by default the Java heap size is dynamically -# calculated based on available system resources. -# Uncomment these lines to set specific initial and maximum -# heap size. -#dbms.memory.heap.initial_size=512m -#dbms.memory.heap.max_size=512m - -# The amount of memory to use for mapping the store files, in bytes (or -# kilobytes with the 'k' suffix, megabytes with 'm' and gigabytes with 'g'). -# If Neo4j is running on a dedicated server, then it is generally recommended -# to leave about 2-4 gigabytes for the operating system, give the JVM enough -# heap to hold all your transaction state and query context, and then leave the -# rest for the page cache. -# The default page cache memory assumes the machine is dedicated to running -# Neo4j, and is heuristically set to 50% of RAM minus the max Java heap size. -#dbms.memory.pagecache.size=10g - -#***************************************************************** -# Network connector configuration -#***************************************************************** - -# With default configuration Neo4j only accepts local connections. -# To accept non-local connections, uncomment this line: -#dbms.connectors.default_listen_address=0.0.0.0 - -# You can also choose a specific network interface, and configure a non-default -# port for each connector, by setting their individual listen_address. - -# The address at which this server can be reached by its clients. This may be the server's IP address or DNS name, or -# it may be the address of a reverse proxy which sits in front of the server. This setting may be overridden for -# individual connectors below. -#dbms.connectors.default_advertised_address=localhost - -# You can also choose a specific advertised hostname or IP address, and -# configure an advertised port for each connector, by setting their -# individual advertised_address. - -# Bolt connector -dbms.connector.bolt.enabled=true -#dbms.connector.bolt.tls_level=OPTIONAL -#dbms.connector.bolt.listen_address=:7687 - -# HTTP Connector. There must be exactly one HTTP connector. -dbms.connector.http.enabled=true -#dbms.connector.http.listen_address=:7474 - -# HTTPS Connector. There can be zero or one HTTPS connectors. -#dbms.connector.https.enabled=true -#dbms.connector.https.listen_address=:7473 - -# Number of Neo4j worker threads. -#dbms.threads.worker_count= - -#***************************************************************** -# SSL system configuration -#***************************************************************** - -# Names of the SSL policies to be used for the respective components. - -# The legacy policy is a special policy which is not defined in -# the policy configuration section, but rather derives from -# dbms.directories.certificates and associated files -# (by default: neo4j.key and neo4j.cert). Its use will be deprecated. - -# The policies to be used for connectors. -# -# N.B: Note that a connector must be configured to support/require -# SSL/TLS for the policy to actually be utilized. -# -# see: dbms.connector.*.tls_level - -#bolt.ssl_policy=legacy -#https.ssl_policy=legacy - -#***************************************************************** -# SSL policy configuration -#***************************************************************** - -# Each policy is configured under a separate namespace, e.g. -# dbms.ssl.policy.<policyname>.* -# -# The example settings below are for a new policy named 'default'. - -# The base directory for cryptographic objects. Each policy will by -# default look for its associated objects (keys, certificates, ...) -# under the base directory. -# -# Every such setting can be overriden using a full path to -# the respective object, but every policy will by default look -# for cryptographic objects in its base location. -# -# Mandatory setting - -#dbms.ssl.policy.default.base_directory=certificates/default - -# Allows the generation of a fresh private key and a self-signed -# certificate if none are found in the expected locations. It is -# recommended to turn this off again after keys have been generated. -# -# Keys should in general be generated and distributed offline -# by a trusted certificate authority (CA) and not by utilizing -# this mode. - -#dbms.ssl.policy.default.allow_key_generation=false - -# Enabling this makes it so that this policy ignores the contents -# of the trusted_dir and simply resorts to trusting everything. -# -# Use of this mode is discouraged. It would offer encryption but no security. - -#dbms.ssl.policy.default.trust_all=false - -# The private key for the default SSL policy. By default a file -# named private.key is expected under the base directory of the policy. -# It is mandatory that a key can be found or generated. - -#dbms.ssl.policy.default.private_key= - -# The private key for the default SSL policy. By default a file -# named public.crt is expected under the base directory of the policy. -# It is mandatory that a certificate can be found or generated. - -#dbms.ssl.policy.default.public_certificate= - -# The certificates of trusted parties. By default a directory named -# 'trusted' is expected under the base directory of the policy. It is -# mandatory to create the directory so that it exists, because it cannot -# be auto-created (for security purposes). -# -# To enforce client authentication client_auth must be set to 'require'! - -#dbms.ssl.policy.default.trusted_dir= - -# Client authentication setting. Values: none, optional, require -# The default is to require client authentication. -# -# Servers are always authenticated unless explicitly overridden -# using the trust_all setting. In a mutual authentication setup this -# should be kept at the default of require and trusted certificates -# must be installed in the trusted_dir. - -#dbms.ssl.policy.default.client_auth=require - -# A comma-separated list of allowed TLS versions. -# By default TLSv1, TLSv1.1 and TLSv1.2 are allowed. - -#dbms.ssl.policy.default.tls_versions= - -# A comma-separated list of allowed ciphers. -# The default ciphers are the defaults of the JVM platform. - -#dbms.ssl.policy.default.ciphers= - -#***************************************************************** -# Logging configuration -#***************************************************************** - -# To enable HTTP logging, uncomment this line -#dbms.logs.http.enabled=true - -# Number of HTTP logs to keep. -#dbms.logs.http.rotation.keep_number=5 - -# Size of each HTTP log that is kept. -#dbms.logs.http.rotation.size=20m - -# To enable GC Logging, uncomment this line -#dbms.logs.gc.enabled=true - -# GC Logging Options -# see http://docs.oracle.com/cd/E19957-01/819-0084-10/pt_tuningjava.html#wp57013 for more information. -#dbms.logs.gc.options=-XX:+PrintGCDetails -XX:+PrintGCDateStamps -XX:+PrintGCApplicationStoppedTime -XX:+PrintPromotionFailure -XX:+PrintTenuringDistribution - -# Number of GC logs to keep. -#dbms.logs.gc.rotation.keep_number=5 - -# Size of each GC log that is kept. -#dbms.logs.gc.rotation.size=20m - -# Size threshold for rotation of the debug log. If set to zero then no rotation will occur. Accepts a binary suffix "k", -# "m" or "g". -#dbms.logs.debug.rotation.size=20m - -# Maximum number of history files for the internal log. -#dbms.logs.debug.rotation.keep_number=7 - -#***************************************************************** -# Miscellaneous configuration -#***************************************************************** - -# Enable this to specify a parser other than the default one. -#cypher.default_language_version=3.0 - -# Determines if Cypher will allow using file URLs when loading data using -# `LOAD CSV`. Setting this value to `false` will cause Neo4j to fail `LOAD CSV` -# clauses that load data from the file system. -#dbms.security.allow_csv_import_from_file_urls=true - -# Retention policy for transaction logs needed to perform recovery and backups. -dbms.tx_log.rotation.retention_policy=1 days - -# Enable a remote shell server which Neo4j Shell clients can log in to. -#dbms.shell.enabled=true -# The network interface IP the shell will listen on (use 0.0.0.0 for all interfaces). -#dbms.shell.host=127.0.0.1 -# The port the shell will listen on, default is 1337. -#dbms.shell.port=1337 - -# Only allow read operations from this Neo4j instance. This mode still requires -# write access to the directory for lock purposes. -#dbms.read_only=false - -# Comma separated list of JAX-RS packages containing JAX-RS resources, one -# package name for each mountpoint. The listed package names will be loaded -# under the mountpoints specified. Uncomment this line to mount the -# org.neo4j.examples.server.unmanaged.HelloWorldResource.java from -# neo4j-server-examples under /examples/unmanaged, resulting in a final URL of -# http://localhost:7474/examples/unmanaged/helloworld/{nodeId} -#dbms.unmanaged_extension_classes=org.neo4j.examples.server.unmanaged=/examples/unmanaged - -#******************************************************************** -# JVM Parameters -#******************************************************************** - -# G1GC generally strikes a good balance between throughput and tail -# latency, without too much tuning. -dbms.jvm.additional=-XX:+UseG1GC - -# Have common exceptions keep producing stack traces, so they can be -# debugged regardless of how often logs are rotated. -dbms.jvm.additional=-XX:-OmitStackTraceInFastThrow - -# Make sure that `initmemory` is not only allocated, but committed to -# the process, before starting the database. This reduces memory -# fragmentation, increasing the effectiveness of transparent huge -# pages. It also reduces the possibility of seeing performance drop -# due to heap-growing GC events, where a decrease in available page -# cache leads to an increase in mean IO response time. -# Try reducing the heap memory, if this flag degrades performance. -dbms.jvm.additional=-XX:+AlwaysPreTouch - -# Trust that non-static final fields are really final. -# This allows more optimizations and improves overall performance. -# NOTE: Disable this if you use embedded mode, or have extensions or dependencies that may use reflection or -# serialization to change the value of final fields! -dbms.jvm.additional=-XX:+UnlockExperimentalVMOptions -dbms.jvm.additional=-XX:+TrustFinalNonStaticFields - -# Disable explicit garbage collection, which is occasionally invoked by the JDK itself. -dbms.jvm.additional=-XX:+DisableExplicitGC - -# Remote JMX monitoring, uncomment and adjust the following lines as needed. Absolute paths to jmx.access and -# jmx.password files are required. -# Also make sure to update the jmx.access and jmx.password files with appropriate permission roles and passwords, -# the shipped configuration contains only a read only role called 'monitor' with password 'Neo4j'. -# For more details, see: http://download.oracle.com/javase/8/docs/technotes/guides/management/agent.html -# On Unix based systems the jmx.password file needs to be owned by the user that will run the server, -# and have permissions set to 0600. -# For details on setting these file permissions on Windows see: -# http://docs.oracle.com/javase/8/docs/technotes/guides/management/security-windows.html -#dbms.jvm.additional=-Dcom.sun.management.jmxremote.port=3637 -#dbms.jvm.additional=-Dcom.sun.management.jmxremote.authenticate=true -#dbms.jvm.additional=-Dcom.sun.management.jmxremote.ssl=false -#dbms.jvm.additional=-Dcom.sun.management.jmxremote.password.file=/absolute/path/to/conf/jmx.password -#dbms.jvm.additional=-Dcom.sun.management.jmxremote.access.file=/absolute/path/to/conf/jmx.access - -# Some systems cannot discover host name automatically, and need this line configured: -#dbms.jvm.additional=-Djava.rmi.server.hostname=$THE_NEO4J_SERVER_HOSTNAME - -# Expand Diffie Hellman (DH) key size from default 1024 to 2048 for DH-RSA cipher suites used in server TLS handshakes. -# This is to protect the server from any potential passive eavesdropping. -dbms.jvm.additional=-Djdk.tls.ephemeralDHKeySize=2048 - -#******************************************************************** -# Wrapper Windows NT/2000/XP Service Properties -#******************************************************************** -# WARNING - Do not modify any of these properties when an application -# using this configuration file has been installed as a service. -# Please uninstall the service before modifying this section. The -# service can then be reinstalled. - -# Name of the service -dbms.windows_service_name=neo4j - -#******************************************************************** -# Other Neo4j system properties -#******************************************************************** -dbms.jvm.additional=-Dunsupported.dbms.udc.source=tarball diff --git a/neo4j.executable-template b/neo4j.executable-template new file mode 100644 index 000000000000..d09fa5ad76ee --- /dev/null +++ b/neo4j.executable-template @@ -0,0 +1,26 @@ +#!/bin/sh + +BASEDIR=/usr/share/java/neo4j + +export NEO4J_HOME="${NEO4J_HOME:-/var/lib/neo4j}" +export NEO4J_CONF="${NEO4J_CONF:-/etc/neo4j}" + +for name in "$BASEDIR"/*.jar ; do + CLASSPATH=$CLASSPATH:$name +done + +SCALADIR=/usr/share/scala/lib/ +for name in "$SCALADIR"/*.jar ; do + CLASSPATH=$CLASSPATH:$name +done + +export PATH="/usr/lib/jvm/java-17-openjdk/bin/:$PATH" +exec java \ + -classpath "$CLASSPATH" \ + -Dapp.name="%APP_NAME%" \ + -Dapp.pid="$$" \ + -Dapp.repo="$BASEDIR" \ + -Dapp.home="$BASEDIR" \ + -Dbasedir="$BASEDIR" \ + %CLASS_NAME% \ + "$@" diff --git a/neo4j.install b/neo4j.install deleted file mode 100644 index 6ae39408e26f..000000000000 --- a/neo4j.install +++ /dev/null @@ -1,36 +0,0 @@ -post_install() { - assert_user_and_group_exist - directory_permissions - - /usr/bin/systemd-tmpfiles --create neo4j.conf -} - -post_upgrade() { - assert_user_and_group_exist - directory_permissions -} - -post_remove() { - if getent passwd neo4j >/dev/null; then - userdel neo4j - fi - if getent group neo4j >/dev/null; then - groupdel neo4j - fi -} - -directory_permissions() { - chown -R neo4j.neo4j /etc/neo4j/certificates - chown -R neo4j.neo4j /var/lib/neo4j - chown -R neo4j.neo4j /var/log/neo4j - chown -R neo4j.neo4j /etc/neo4j -} - -assert_user_and_group_exist() { - if ! getent group neo4j >/dev/null; then - groupadd --system neo4j - fi - if ! getent passwd neo4j >/dev/null; then - useradd --system -g neo4j -d /var/lib/neo4j -s /bin/false neo4j - fi -} diff --git a/neo4j.service b/neo4j.service index 879fecb24523..645db72a19d1 100644 --- a/neo4j.service +++ b/neo4j.service @@ -1,16 +1,32 @@ [Unit] -Description=Neo4j +Description=Neo4j Graph Database +After=network-online.target +Wants=network-online.target [Service] +ExecStart=/usr/bin/neo4j console +Restart=on-abnormal User=neo4j -Type=forking -Environment=NEO4J_CONF=/etc/neo4j -Environment=NEO4J_HOME=/usr/share/java/neo4j -Environment=JAVA_HOME=/usr/lib/jvm/java-11-openjdk -ExecStart=/usr/bin/neo4j start -ExecStop=/usr/bin/neo4j stop -PIDFile=/run/neo4j/neo4j.pid -LimitNOFILE=40000 +Group=neo4j +Environment="NEO4J_CONF=/etc/neo4j" "NEO4J_HOME=/var/lib/neo4j" +LimitNOFILE=60000 +TimeoutSec=120 + +# Hardening +PrivateTmp=true +ProtectHome=true +ProtectSystem=full +NoNewPrivileges=true +ProtectControlGroups=true +ProtectKernelModules=true +ProtectKernelTunables=true +PrivateDevices=true +# RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=true +RestrictRealtime=true +SystemCallArchitectures=native +ReadOnlyPaths=/ +ReadWritePaths=/var/lib/neo4j /var/log/neo4j [Install] WantedBy=multi-user.target diff --git a/neo4j.sysusers b/neo4j.sysusers new file mode 100644 index 000000000000..fc49e37b90cb --- /dev/null +++ b/neo4j.sysusers @@ -0,0 +1 @@ +u neo4j - "neo4j user" /nonexistent /bin/false diff --git a/neo4j.tmpfiles b/neo4j.tmpfiles new file mode 100644 index 000000000000..b224ccd9dc45 --- /dev/null +++ b/neo4j.tmpfiles @@ -0,0 +1,2 @@ +d /var/lib/neo4j 0755 neo4j neo4j - +d /var/lib/neo4j/plugins 0755 neo4j neo4j - diff --git a/use-system-scala.patch b/use-system-scala.patch new file mode 100644 index 000000000000..a84d4e699b91 --- /dev/null +++ b/use-system-scala.patch @@ -0,0 +1,12 @@ +diff --git a/pom.xml b/pom.xml +index ab410375f7c..625912052f1 100644 +--- a/pom.xml ++++ b/pom.xml +@@ -531,6 +531,7 @@ + <configuration> + <scalaVersion>${scala.version}</scalaVersion> + <scalaCompatVersion>${scala.binary.version}</scalaCompatVersion> ++ <scalaHome>${scala.home}</scalaHome> + <recompileMode>${scala.plugin.recompileMode}</recompileMode> + <args> + <arg>-Xlint:_,-missing-interpolator</arg> |