From 2931b57f51a33177ab3a213185eda397daa31f05 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=81lex=20Ruiz?= <alejandro.ruiz.becerra@wazuh.com>
Date: Tue, 19 Dec 2023 12:35:56 +0100
Subject: [PATCH] Fix wrong substitution of config files

---
 .../packages/src/rpm/wazuh-indexer.cicd.spec  | 755 ++++++++++++++++++
 .../packages/src/rpm/wazuh-indexer.rpm.spec   | 278 +++++++
 scripts/assemble.sh                           |  50 +-
 3 files changed, 1078 insertions(+), 5 deletions(-)
 create mode 100644 distribution/packages/src/rpm/wazuh-indexer.cicd.spec
 create mode 100644 distribution/packages/src/rpm/wazuh-indexer.rpm.spec

diff --git a/distribution/packages/src/rpm/wazuh-indexer.cicd.spec b/distribution/packages/src/rpm/wazuh-indexer.cicd.spec
new file mode 100644
index 0000000000000..f17e6f7413aab
--- /dev/null
+++ b/distribution/packages/src/rpm/wazuh-indexer.cicd.spec
@@ -0,0 +1,755 @@
+# Wazuh package SPEC
+# Copyright (C) 2021, Wazuh Inc.
+#
+# This program is a free software; you can redistribute it
+# and/or modify it under the terms of the GNU General Public
+# License (version 2) as published by the FSF - Free Software
+# Foundation.
+Summary:     Wazuh indexer is a search and analytics engine for security-related data. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
+Name:        wazuh-indexer
+Version:     %{_version}
+Release:     %{_release}
+License:     GPL
+Group:       System Environment/Daemons
+Source0:     %{name}-%{version}.tar.gz
+URL:         https://www.wazuh.com/
+BuildRoot:   %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+Vendor:      Wazuh, Inc <info@wazuh.com>
+Packager:    Wazuh, Inc <info@wazuh.com>
+AutoReqProv: no
+Requires: coreutils
+ExclusiveOS: linux
+BuildRequires: tar shadow-utils
+
+# -----------------------------------------------------------------------------
+
+%global USER %{name}
+%global GROUP %{name}
+%global CONFIG_DIR /etc/%{name}
+%global LOG_DIR /var/log/%{name}
+%global LIB_DIR /var/lib/%{name}
+%global SYS_DIR /usr/lib
+%global INSTALL_DIR /usr/share/%{name}
+%global REPO_DIR /root/unattended_installer
+%global INDEXER_FILE wazuh-indexer-base-%{version}-%{release}-linux-x64.tar.xz
+
+# -----------------------------------------------------------------------------
+
+%description
+Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform. This Wazuh central component indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability. Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
+
+# -----------------------------------------------------------------------------
+
+%prep
+# Clean BUILDROOT
+rm -fr %{buildroot}
+
+# Create package group
+getent group %{GROUP} || groupadd -r %{GROUP}
+
+# Create package user
+if ! id %{USER} &> /dev/null; then
+    useradd --system \
+            --no-create-home \
+            --home-dir %{INSTALL_DIR} \
+            --gid %{GROUP} \
+            --shell /sbin/nologin \
+            --comment "%{USER} user" \
+            %{USER}
+fi
+
+# -----------------------------------------------------------------------------
+
+%install
+# Create directories
+mkdir -p ${RPM_BUILD_ROOT}%{INSTALL_DIR}
+mkdir -p ${RPM_BUILD_ROOT}/etc
+mkdir -p ${RPM_BUILD_ROOT}%{LOG_DIR}
+mkdir -p ${RPM_BUILD_ROOT}%{LIB_DIR}
+mkdir -p ${RPM_BUILD_ROOT}%{SYS_DIR}
+
+# Set up required files
+cp /tmp/%{INDEXER_FILE} ./
+
+tar -xf %{INDEXER_FILE} && rm -f %{INDEXER_FILE}
+chown -R %{USER}:%{GROUP} wazuh-indexer-*/*
+
+# Copy base files into RPM_BUILD_ROOT directory
+mv wazuh-indexer-*/etc ${RPM_BUILD_ROOT}/
+mv wazuh-indexer-*%{SYS_DIR}/* ${RPM_BUILD_ROOT}%{SYS_DIR}/
+rm -rf wazuh-indexer-*/etc
+rm -rf wazuh-indexer-*/usr
+cp -pr wazuh-indexer-*/* ${RPM_BUILD_ROOT}%{INSTALL_DIR}/
+
+# Build wazuh-certs-tool
+%{REPO_DIR}/builder.sh -c
+
+# Build wazuh-passwords-tool
+%{REPO_DIR}/builder.sh -p
+
+# Copy the security tools
+cp %{REPO_DIR}/wazuh-certs-tool.sh ${RPM_BUILD_ROOT}%{INSTALL_DIR}/plugins/opensearch-security/tools/
+cp %{REPO_DIR}/wazuh-passwords-tool.sh ${RPM_BUILD_ROOT}%{INSTALL_DIR}/plugins/opensearch-security/tools/
+cp /root/documentation-templates/wazuh/config.yml ${RPM_BUILD_ROOT}%{INSTALL_DIR}/plugins/opensearch-security/tools/config.yml
+
+# Copy Wazuh's config files for the security plugin
+cp %{REPO_DIR}/config/indexer/roles/action_groups.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security
+cp %{REPO_DIR}/config/indexer/roles/internal_users.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security
+cp %{REPO_DIR}/config/indexer/roles/roles.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security
+cp %{REPO_DIR}/config/indexer/roles/roles_mapping.yml ${RPM_BUILD_ROOT}%{CONFIG_DIR}/opensearch-security
+
+cp /root/stack/indexer/indexer-security-init.sh ${RPM_BUILD_ROOT}%{INSTALL_DIR}/bin/
+
+chmod 750 ${RPM_BUILD_ROOT}/etc/init.d/wazuh-indexer
+
+# -----------------------------------------------------------------------------
+
+%pre
+if [ $1 = 1 ];then # Install
+    # Create package group
+    getent group %{GROUP} > /dev/null 2>&1 || groupadd -r %{GROUP}
+
+    if ! id %{USER} &> /dev/null; then
+        useradd --system \
+                --no-create-home \
+                --home-dir %{INSTALL_DIR} \
+                --gid %{GROUP} \
+                --shell /sbin/nologin \
+                --comment "%{USER} user" \
+                %{USER} > /dev/null 2>&1
+    fi
+fi
+
+# Stop the services to upgrade the package
+if [ $1 = 2 ]; then
+  if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet %{name} > /dev/null 2>&1; then
+    systemctl stop %{name}.service > /dev/null 2>&1
+    touch %{INSTALL_DIR}/%{name}.restart
+  # Check for SysV
+  elif command -v service > /dev/null 2>&1 && service %{name} status 2>/dev/null | grep "is running" > /dev/null 2>&1; then
+    service %{name} stop > /dev/null 2>&1
+    touch %{INSTALL_DIR}/%{name}.restart
+  elif [ -x /etc/init.d/%{name} ]; then
+      if command -v invoke-rc.d >/dev/null && invoke-rc.d --quiet wazuh-indexer status > /dev/null 2>&1; then
+          invoke-rc.d %{name} stop > /dev/null 2>&1
+          touch %{INSTALL_DIR}/%{name}.restart
+      fi
+
+  # Older Suse linux distributions do not ship with systemd
+  # but do not have an /etc/init.d/ directory
+  # this tries to stop the %{name} service on these
+  # as well without failing this script
+  elif [ -x /etc/rc.d/init.d/%{name} ] ; then
+      /etc/rc.d/init.d/%{name} stop > /dev/null 2>&1
+      touch %{INSTALL_DIR}/%{name}.restart
+  fi
+fi
+
+# -----------------------------------------------------------------------------
+
+%post
+
+export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-%{CONFIG_DIR}}
+
+if [ $1 = 1 ];then # Install
+    echo "%{USER} hard nproc 4096" >> /etc/security/limits.conf
+    echo "%{USER} soft nproc 4096" >> /etc/security/limits.conf
+    echo "%{USER} hard nofile 65535" >> /etc/security/limits.conf
+    echo "%{USER} soft nofile 65535" >> /etc/security/limits.conf
+
+    # To pick up /usr/lib/sysctl.d/wazuh-indexer.conf
+    if command -v systemctl > /dev/null 2>&1; then
+        systemctl restart systemd-sysctl > /dev/null 2>&1 || true
+    fi
+
+fi
+
+
+if [[ -d /run/systemd/system ]] ; then
+    rm -f /etc/init.d/%{name}
+fi
+
+# If is an upgrade, move the securityconfig files if they exist (4.3.x versions)
+if [ ${1} = 2 ]; then
+    if [ -d "%{INSTALL_DIR}"/plugins/opensearch-security/securityconfig ]; then
+
+        if [ ! -d "%{CONFIG_DIR}"/opensearch-security ]; then
+            mkdir "%{CONFIG_DIR}"/opensearch-security
+        fi
+
+        cp -r "%{INSTALL_DIR}"/plugins/opensearch-security/securityconfig/* "%{CONFIG_DIR}"/opensearch-security
+    fi
+fi
+
+# If is an upgrade, move the securityconfig files if they exist (4.3.x versions)
+if [ ${1} = 2 ]; then
+    if [ -d "%{INSTALL_DIR}"/plugins/opensearch-security/securityconfig ]; then
+
+        if [ ! -d "%{CONFIG_DIR}"/opensearch-security ]; then
+            mkdir "%{CONFIG_DIR}"/opensearch-security
+        fi
+
+        cp -r "%{INSTALL_DIR}"/plugins/opensearch-security/securityconfig/* "%{CONFIG_DIR}"/opensearch-security
+    fi
+fi
+
+# -----------------------------------------------------------------------------
+
+%preun
+
+export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-%{CONFIG_DIR}}
+
+if [ $1 = 0 ];then # Remove
+    echo -n "Stopping wazuh-indexer service..."
+    if command -v systemctl > /dev/null 2>&1 && systemctl is-active --quiet %{name} > /dev/null 2>&1; then
+        systemctl --no-reload stop %{name}.service > /dev/null 2>&1
+
+    # Check for SysV
+    elif command -v service > /dev/null 2>&1; then
+        service %{name} stop > /dev/null 2>&1
+    elif [ -x /etc/init.d/%{name} ]; then
+        if command -v invoke-rc.d >/dev/null; then
+            invoke-rc.d %{name} stop > /dev/null 2>&1
+        else
+            /etc/init.d/%{name} stop > /dev/null 2>&1
+        fi
+    elif [ -x /etc/rc.d/init.d/%{name} ] ; then
+        /etc/rc.d/init.d/%{name} stop > /dev/null 2>&1
+    else # Anything else
+        kill -15 `pgrep -f opensearch` > /dev/null 2>&1
+    fi
+    echo " OK"
+
+    # Check for systemd
+    if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then
+        systemctl disable %{name} > /dev/null 2>&1
+        systemctl daemon-reload > /dev/null 2>&1
+    # Check for SysV
+    elif command -v service > /dev/null 2>&1 && command -v chkconfig > /dev/null 2>&1; then
+        chkconfig %{name} off > /dev/null 2>&1
+        chkconfig --del %{name} > /dev/null 2>&1
+    fi
+fi
+
+# -----------------------------------------------------------------------------
+
+%postun
+
+export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-%{CONFIG_DIR}}
+
+if [ $1 = 0 ];then
+    # Cleaning limits file
+    sed -i '/%{USER}/d' /etc/security/limits.conf
+
+    # Remove the user if it exists
+    if getent passwd %{USER} > /dev/null 2>&1; then
+        userdel %{USER} >/dev/null 2>&1
+    fi
+
+    # Remove the group if it exists
+    if command -v getent > /dev/null 2>&1 && getent group %{GROUP} > /dev/null 2>&1; then
+        groupdel %{GROUP} >/dev/null 2>&1
+    elif getent group %{GROUP} > /dev/null 2>&1; then
+        groupdel %{GROUP} >/dev/null 2>&1
+    fi
+
+    # Remove lingering folders and files
+    if [ -d /dev/shm/performanceanalyzer ]; then
+        rm -rf /dev/shm/performanceanalyzer
+    fi
+    rm -rf %{INSTALL_DIR}
+fi
+
+# -----------------------------------------------------------------------------
+
+%posttrans
+
+export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-%{CONFIG_DIR}}
+
+if [ -f %{INSTALL_DIR}/%{name}.restart ]; then
+    echo -n "Starting wazuh-indexer service..."
+    rm -f %{INSTALL_DIR}/%{name}.restart
+    if command -v systemctl > /dev/null 2>&1; then
+        systemctl daemon-reload > /dev/null 2>&1
+        systemctl restart %{name}.service > /dev/null 2>&1
+
+    # Check for SysV
+    elif command -v service > /dev/null 2>&1; then
+        service %{name} restart > /dev/null 2>&1
+    elif [ -x /etc/init.d/%{name} ]; then
+        if command -v invoke-rc.d >/dev/null; then
+            invoke-rc.d %{name} restart > /dev/null 2>&1
+        else
+            /etc/init.d/%{name} restart > /dev/null 2>&1
+        fi
+    elif [ -x /etc/rc.d/init.d/%{name} ] ; then
+        /etc/rc.d/init.d/%{name} restart > /dev/null 2>&1
+    fi
+    echo " OK"
+fi
+
+if [ ! -f "%{CONFIG_DIR}"/opensearch.keystore ]; then
+    "%{INSTALL_DIR}"/bin/opensearch-keystore create
+    chown %{USER}:%{GROUP} "%{CONFIG_DIR}"/opensearch.keystore
+    chmod 660 "%{CONFIG_DIR}"/opensearch.keystore
+    md5sum "%{CONFIG_DIR}"/opensearch.keystore > "%{CONFIG_DIR}"/.opensearch.keystore.initial_md5sum
+    chown %{USER}:%{GROUP} "%{CONFIG_DIR}"/.opensearch.keystore.initial_md5sum
+    chmod 600 "%{CONFIG_DIR}"/.opensearch.keystore.initial_md5sum
+else
+    chown %{USER}:%{GROUP} "%{CONFIG_DIR}"/opensearch.keystore
+    chmod 660 "%{CONFIG_DIR}"/opensearch.keystore
+    if "%{INSTALL_DIR}"/bin/opensearch-keystore has-passwd --silent ; then
+      echo "### Warning: unable to upgrade encrypted keystore" 1>&2
+      echo " Please run opensearch-keystore upgrade and enter password" 1>&2
+    else
+      "%{INSTALL_DIR}"/bin/opensearch-keystore upgrade
+    fi
+fi
+
+# -----------------------------------------------------------------------------
+
+%clean
+rm -fr %{buildroot}
+
+# -----------------------------------------------------------------------------
+
+%files
+%defattr(-, %{USER}, %{GROUP})
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}
+%dir %attr(750, %{USER}, %{GROUP}) %{LIB_DIR}
+%dir %attr(750, %{USER}, %{GROUP}) %{LOG_DIR}
+
+%config(noreplace) %attr(0660, root, %{GROUP}) "/etc/sysconfig/%{name}"
+
+%config(missingok) /etc/init.d/%{name}
+%attr(0640, root, root) %{SYS_DIR}/sysctl.d/%{name}.conf
+%attr(0640, root, root) %{SYS_DIR}/systemd/system/%{name}.service
+%attr(0640, root, root) %{SYS_DIR}/systemd/system/%{name}-performance-analyzer.service
+%attr(0640, root, root) %{SYS_DIR}/tmpfiles.d/%{name}.conf
+
+
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/*.txt
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-job-scheduler/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-job-scheduler/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-job-scheduler/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-ml/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-ml/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-ml/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-ml/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/*.jar
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/
+%attr(740, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/*.sh
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/*.md
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/*.yml
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-index-management/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-index-management/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-index-management/*.txt
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-index-management/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-index-management/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-neural-search/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-neural-search/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-neural-search/*.txt
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-neural-search/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-neural-search/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-asynchronous-search/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-asynchronous-search/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-asynchronous-search/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-asynchronous-search/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-alerting/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-alerting/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-alerting/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-alerting/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-sql/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-sql/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-sql/*.txt
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-sql/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-sql/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-geospatial/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-geospatial/*.txt
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-geospatial/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-geospatial/*.properties
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-geospatial/*.policy
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-reports-scheduler/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-reports-scheduler/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-reports-scheduler/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-reports-scheduler/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-cross-cluster-replication/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-cross-cluster-replication/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-cross-cluster-replication/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-custom-codecs/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-custom-codecs/*.txt
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-custom-codecs/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-custom-codecs/*.properties
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-custom-codecs/*.policy
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/*.properties
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/*.txt
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/lib/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/lib/*.so.1
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-knn/lib/*.so
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-anomaly-detection/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-anomaly-detection/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-anomaly-detection/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-anomaly-detection/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications-core/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications-core/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications-core/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-notifications-core/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security-analytics/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security-analytics/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security-analytics/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security-analytics/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-observability/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-observability/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-observability/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-observability/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-performance-analyzer/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-performance-analyzer/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-performance-analyzer/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-performance-analyzer/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-common/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-common/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-common/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/repository-url/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/repository-url/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/repository-url/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/repository-url/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/percolator/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/percolator/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/percolator/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/search-pipeline-common/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/search-pipeline-common/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/search-pipeline-common/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/opensearch-dashboards/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/opensearch-dashboards/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/opensearch-dashboards/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-painless/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-painless/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-painless/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-painless/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/analysis-common/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/analysis-common/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/analysis-common/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/rank-eval/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/rank-eval/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/rank-eval/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/aggs-matrix-stats/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/aggs-matrix-stats/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/aggs-matrix-stats/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/geo/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/geo/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/geo/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/mapper-extras/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/mapper-extras/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/mapper-extras/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-user-agent/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-user-agent/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-user-agent/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/systemd/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/systemd/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/systemd/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/systemd/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/transport-netty4/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/transport-netty4/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/transport-netty4/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/transport-netty4/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/parent-join/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/parent-join/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/parent-join/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-mustache/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-mustache/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-mustache/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-mustache/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-geoip/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-geoip/*.mmdb
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-geoip/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-geoip/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/ingest-geoip/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/transport-netty4/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/transport-netty4/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/transport-netty4/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/parent-join/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/reindex/parent-join/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-expression/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-expression/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-expression/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/modules/lang-expression/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/upgrade-cli/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/upgrade-cli/*.jar
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/plugin-cli/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/plugin-cli/*.jar
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/keystore-cli/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/tools/keystore-cli/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/lib/*.jar
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/man/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/man/man1/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/man/man1/*.1
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/jmods/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/jmods/*.jmod
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/NOTICE
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/include/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/include/*.h
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/include/linux/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/include/linux/*.h
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.cfg
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.so
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/jspawnhelper
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.properties.ja
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.dat
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.properties
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.sym
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/classlist
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/*.jar
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/jexec
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/security/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/security/*.certs
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/security/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/security/cacerts
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/security/*.dat
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/modules
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/server/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/server/*.so
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/server/*.jsa
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/jfr/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/lib/jfr/*.jfc
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/bin/
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/bin/*
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/release
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.instrument/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.net/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.crypto.cryptoki/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.crypto.cryptoki/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.security.auth/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.smartcardio/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.smartcardio/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.zipfs/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.localedata/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.localedata/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.prefs/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.dynalink/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.dynalink/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jpackage/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.management/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.jvmstat/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.xml.crypto/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.xml.crypto/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.net.http/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.unsupported/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.datatransfer/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jdi/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.incubator.vector/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.charsets/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.management.jfr/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.accessibility/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jartool/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.security.sasl/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.ed/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.editpad/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.httpserver/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.base/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.base/*.md
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.base/ASSEMBLY_EXCEPTION
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.base/ADDITIONAL_LICENSE_INFO
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.base/LICENSE
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jcmd/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.opt/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.opt/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.scripting/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.xml/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.xml/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jdeps/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jstatd/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.management.agent/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.random/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.sctp/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.sql/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.nio.mapmode/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.hotspot.agent/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.attach/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.naming/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.management/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.sql.rowset/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.rmi/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.vm.compiler/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.unsupported.desktop/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.logging/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.security.jgss/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.vm.compiler.management/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jfr/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.transaction.xa/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.crypto.ec/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.vm.ci/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.naming.rmi/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.xml.dom/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.le/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.internal.le/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jsobject/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jdwp.agent/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.se/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.compiler/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.incubator.foreign/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jshell/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.javadoc/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.javadoc/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.compiler/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.security.jgss/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jconsole/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.naming.dns/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.management.rmi/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.desktop/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/java.desktop/*.md
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/legal/jdk.jlink/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/*.security
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/policy/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/policy/limited/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/policy/limited/*.policy
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/policy/unlimited/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/policy/unlimited/*.policy
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/security/policy/*.txt
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/sdp/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/sdp/*.template
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/management/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/management/*.access
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/management/*.properties
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/jdk/conf/management/*.template
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-security/
+%config(noreplace) %attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-security/*.yml
+%config(noreplace) %attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-security/*.example
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-notifications/
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-notifications/*.yml
+%config(noreplace) %attr(660, %{USER}, %{GROUP}) %{CONFIG_DIR}/jvm.options
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/jvm.options.d/
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-reports-scheduler/
+%attr(660, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-reports-scheduler/*.yml
+%config(noreplace) %attr(660, %{USER}, %{GROUP}) %{CONFIG_DIR}/*.properties
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-notifications-core/
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-notifications-core/*.yml
+%config(noreplace) %attr(660, %{USER}, %{GROUP}) %{CONFIG_DIR}/*.yml
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-observability/
+%attr(660, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-observability/*.yml
+%dir %attr(750, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/agent-stats-metadata
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/*.conf
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/*.xml
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/*.properties
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/plugin-stats-metadata
+%attr(640, %{USER}, %{GROUP}) %{CONFIG_DIR}/opensearch-performance-analyzer/*.policy
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/agent-stats-metadata
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/*.conf
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/*.xml
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/*.properties
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/plugin-stats-metadata
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/config/*.policy
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/lib/
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/lib/*.jar
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/bin/
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/bin/performance-analyzer-agent
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/performance-analyzer-rca/bin/performance-analyzer-rca
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-cli
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/systemd-entrypoint
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-upgrade
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-shard
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-plugin
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-node
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-env
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-env-from-file
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-security-init.sh
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-keystore
+%dir %attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-performance-analyzer/
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-performance-analyzer/performance-analyzer-agent-cli
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/opensearch-performance-analyzer/performance-analyzer-agent
+%attr(440, %{USER}, %{GROUP}) %{INSTALL_DIR}/VERSION
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-security-init.sh
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-ism-init.sh
+%attr(750, %{USER}, %{GROUP}) %{INSTALL_DIR}/bin/indexer-init.sh
+%attr(640, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/config.yml
+%attr(740, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/wazuh-certs-tool.sh
+%attr(740, %{USER}, %{GROUP}) %{INSTALL_DIR}/plugins/opensearch-security/tools/wazuh-passwords-tool.sh
+
+
+%changelog
+* Thu Mar 28 2024 support <info@wazuh.com> - 4.9.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html
+* Tue Jan 30 2024 support <info@wazuh.com> - 4.8.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html
+* Fri Dec 15 2023 support <info@wazuh.com> - 4.8.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
+* Tue Dec 05 2023 support <info@wazuh.com> - 4.7.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html
+* Tue Nov 21 2023 support <info@wazuh.com> - 4.7.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html
+* Tue Oct 31 2023 support <info@wazuh.com> - 4.6.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html
+* Tue Oct 24 2023 support <info@wazuh.com> - 4.5.4
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html
+* Tue Oct 10 2023 support <info@wazuh.com> - 4.5.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html
+* Thu Aug 31 2023 support <info@wazuh.com> - 4.5.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html
+* Thu Aug 24 2023 support <info@wazuh.com> - 4.5.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5.1.html
+* Thu Aug 10 2023 support <info@wazuh.com> - 4.5.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html
+* Mon Jul 10 2023 support <info@wazuh.com> - 4.4.5
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html
+* Tue Jun 13 2023 support <info@wazuh.com> - 4.4.4
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-4.html
+* Thu May 25 2023 support <info@wazuh.com> - 4.4.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html
+* Mon May 08 2023 support <info@wazuh.com> - 4.4.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-2.html
+* Mon Apr 17 2023 support <info@wazuh.com> - 4.4.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-1.html
+* Wed Jan 18 2023 support <info@wazuh.com> - 4.4.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-0.html
+* Thu Nov 10 2022 support <info@wazuh.com> - 4.3.10
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-10.html
+* Mon Oct 03 2022 support <info@wazuh.com> - 4.3.9
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-9.html
+* Mon Sep 19 2022 support <info@wazuh.com> - 4.3.8
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-8.html
+* Mon Aug 08 2022 support <info@wazuh.com> - 4.3.7
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-7.html
+* Thu Jul 07 2022 support <info@wazuh.com> - 4.3.6
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html
+* Wed Jun 29 2022 support <info@wazuh.com> - 4.3.5
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-5.html
+* Tue Jun 07 2022 support <info@wazuh.com> - 4.3.4
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-4.html
+* Tue May 31 2022 support <info@wazuh.com> - 4.3.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-3.html
+* Mon May 30 2022 support <info@wazuh.com> - 4.3.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-2.html
+* Wed May 18 2022 support <info@wazuh.com> - 4.3.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html
+* Thu May 05 2022 support <info@wazuh.com> - 4.3.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html
\ No newline at end of file
diff --git a/distribution/packages/src/rpm/wazuh-indexer.rpm.spec b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
new file mode 100644
index 0000000000000..870885e248850
--- /dev/null
+++ b/distribution/packages/src/rpm/wazuh-indexer.rpm.spec
@@ -0,0 +1,278 @@
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# No build, no debuginfo
+%define debug_package %{nil}
+
+# Disable brp-java-repack-jars, so jars will not be decompressed and repackaged
+%define __jar_repack 0
+
+# Generate digests, 8 means algorithm of sha256
+# This is different from rpm sig algorithm
+# Requires rpm version 4.12 + to generate but b/c run on older versions
+%define _source_filedigest_algorithm 8
+%define _binary_filedigest_algorithm 8
+
+# Fixed in Fedora: 
+# https://www.endpointdev.com/blog/2011/10/rpm-building-fedoras-sharedstatedir/
+%define _sharedstatedir /var/lib
+
+# User Define Variables
+%define product_dir %{_datadir}/%{name}
+%define config_dir %{_sysconfdir}/%{name}
+%define data_dir %{_sharedstatedir}/%{name}
+%define log_dir %{_localstatedir}/log/%{name}
+%define pid_dir %{_localstatedir}/run/%{name}
+%{!?_version: %define _version 0.0.0 }
+%{!?_architecture: %define _architecture x86_64 }
+
+Name: wazuh-indexer
+Version: %{_version}
+Release: 1
+License: Apache-2.0
+Summary: An open source distributed and RESTful search engine
+URL: https://www.wazuh.com/
+Vendor:      Wazuh, Inc <info@wazuh.com>
+Packager:    Wazuh, Inc <info@wazuh.com>
+Group: Application/Internet
+ExclusiveArch: %{_architecture}
+AutoReqProv: no
+
+%description
+Wazuh indexer is a near real-time full-text search and analytics engine that 
+gathers security-related data into one platform. This Wazuh central component 
+indexes and stores alerts generated by the Wazuh server. Wazuh indexer can be 
+configured as a single-node or multi-node cluster, providing scalability and 
+high availability.
+For more information, see: https://www.wazuh.com/
+
+%prep
+# No-op. We are using dir so no need to setup.
+
+%build
+# No-op. This is all pre-built Java. Nothing to do here.
+
+%install
+set -e
+cd %{_topdir} && pwd
+# Create necessary directories
+mkdir -p %{buildroot}%{pid_dir}
+mkdir -p %{buildroot}%{product_dir}/plugins
+# Install directories/files
+cp -a etc usr var %{buildroot}
+chmod 0755 %{buildroot}%{product_dir}/bin/*
+if [ -d %{buildroot}%{product_dir}/plugins/opensearch-security ]; then
+    chmod 0755 %{buildroot}%{product_dir}/plugins/opensearch-security/tools/*
+fi
+# Pre-populate the folders to ensure rpm build success even without all plugins
+mkdir -p %{buildroot}%{config_dir}/opensearch-observability
+mkdir -p %{buildroot}%{config_dir}/opensearch-reports-scheduler
+mkdir -p %{buildroot}%{product_dir}/performance-analyzer-rca
+echo %{_sharedstatedir}
+echo %{data_dir}
+# Symlinks (do not symlink config dir as security demo installer has dependency, if no presense it will switch to rpm/deb mode)
+ln -s %{data_dir} %{buildroot}%{product_dir}/data
+ln -s %{log_dir}  %{buildroot}%{product_dir}/logs
+echo %{buildroot}
+echo %{data_dir}
+# Pre-populate PA configs if not present
+if [ ! -f %{buildroot}%{data_dir}/rca_enabled.conf ]; then
+    echo 'true' > %{buildroot}%{data_dir}/rca_enabled.conf
+fi
+if [ ! -f %{buildroot}%{data_dir}/performance_analyzer_enabled.conf ]; then
+    echo 'true' > %{buildroot}%{data_dir}/performance_analyzer_enabled.conf
+fi
+# Change Permissions
+chmod -Rf a+rX,u+w,g-w,o-w %{buildroot}/*
+exit 0
+
+%pre
+set -e
+# Stop existing service
+if command -v systemctl >/dev/null && systemctl is-active %{name}.service >/dev/null; then
+    echo "Stop existing %{name}.service"
+    systemctl --no-reload stop %{name}.service
+fi
+if command -v systemctl >/dev/null && systemctl is-active %{name}-performance-analyzer.service >/dev/null; then
+    echo "Stop existing %{name}-performance-analyzer.service"
+    systemctl --no-reload stop %{name}-performance-analyzer.service
+fi
+# Create user and group if they do not already exist.
+getent group %{name} > /dev/null 2>&1 || groupadd -r %{name}
+getent passwd %{name} > /dev/null 2>&1 || \
+    useradd -r -g %{name} -M -s /sbin/nologin \
+        -c "%{name} user/group" %{name}
+exit 0
+
+%post
+set -e
+# Apply Security Settings
+if [ -d %{product_dir}/plugins/opensearch-security ]; then
+    sh %{product_dir}/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s > %{log_dir}/install_demo_configuration.log 2>&1
+fi
+chown -R %{name}.%{name} %{config_dir}
+chown -R %{name}.%{name} %{log_dir}
+# Apply PerformanceAnalyzer Settings
+chmod a+rw /tmp
+if ! grep -q '## OpenSearch Performance Analyzer' %{config_dir}/jvm.options; then
+   # Add Performance Analyzer settings in %{config_dir}/jvm.options
+   CLK_TCK=`/usr/bin/getconf CLK_TCK`
+   echo >> %{config_dir}/jvm.options
+   echo '## OpenSearch Performance Analyzer' >> %{config_dir}/jvm.options
+   echo "-Dclk.tck=$CLK_TCK" >> %{config_dir}/jvm.options
+   echo "-Djdk.attach.allowAttachSelf=true" >> %{config_dir}/jvm.options
+   echo "-Djava.security.policy=file://%{config_dir}/opensearch-performance-analyzer/opensearch_security.policy" >> %{config_dir}/jvm.options
+   echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED" >> %{config_dir}/jvm.options
+fi
+# Reload systemctl daemon
+if command -v systemctl > /dev/null; then
+    systemctl daemon-reload
+fi
+# Reload other configs
+if command -v systemctl > /dev/null; then
+    systemctl restart systemd-sysctl.service || true
+fi
+
+if command -v systemd-tmpfiles > /dev/null; then
+    systemd-tmpfiles --create %{name}.conf
+fi
+
+# Messages
+echo "### NOT starting on installation, please execute the following statements to configure opensearch service to start automatically using systemd"
+echo " sudo systemctl daemon-reload"
+echo " sudo systemctl enable opensearch.service"
+echo "### You can start opensearch service by executing"
+echo " sudo systemctl start opensearch.service"
+if [ -d %{product_dir}/plugins/opensearch-security ]; then
+    echo "### Create opensearch demo certificates in %{config_dir}/"
+    echo " See demo certs creation log in %{log_dir}/install_demo_configuration.log"
+fi
+echo "### Upcoming breaking change in packaging"
+echo " In a future release of OpenSearch, we plan to change the permissions associated with access to installed files"
+echo " If you are configuring tools that require read access to the OpenSearch configuration files, we recommend you add the user that runs these tools to the 'opensearch' group"
+echo " For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043"
+exit 0
+
+%preun
+set -e
+if command -v systemctl >/dev/null && systemctl is-active %{name}.service >/dev/null; then
+    echo "Stop existing %{name}.service"
+    systemctl --no-reload stop %{name}.service
+fi
+if command -v systemctl >/dev/null && systemctl is-active %{name}-performance-analyzer.service >/dev/null; then
+    echo "Stop existing %{name}-performance-analyzer.service"
+    systemctl --no-reload stop %{name}-performance-analyzer.service
+fi
+exit 0
+
+%files
+# Permissions
+%defattr(-, %{name}, %{name})
+
+# Root dirs/docs/licenses
+%dir %{product_dir}
+%doc %{product_dir}/NOTICE.txt
+%doc %{product_dir}/README.md
+%license %{product_dir}/LICENSE.txt
+
+# Config dirs/files
+%dir %{config_dir}
+%{config_dir}/jvm.options.d
+%{config_dir}/opensearch-*
+%config(noreplace) %{config_dir}/opensearch.yml
+%config(noreplace) %{config_dir}/jvm.options
+%config(noreplace) %{config_dir}/log4j2.properties
+%config(noreplace) %{data_dir}/rca_enabled.conf
+%config(noreplace) %{data_dir}/performance_analyzer_enabled.conf
+
+# Service files
+%attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}.service
+%attr(0644, root, root) %{_prefix}/lib/systemd/system/%{name}-performance-analyzer.service
+%attr(0644, root, root) %{_sysconfdir}/init.d/%{name}
+%attr(0644, root, root) %config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/sysctl.d/%{name}.conf
+%attr(0644, root, root) %config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf
+
+# Main dirs
+%{product_dir}/bin
+%{product_dir}/jdk
+%{product_dir}/lib
+%{product_dir}/modules
+%{product_dir}/performance-analyzer-rca
+%{product_dir}/plugins
+%{log_dir}
+%{pid_dir}
+%dir %{data_dir}
+
+# Symlinks
+%{product_dir}/data
+%{product_dir}/logs
+
+# Wazuh additional files
+%attr(440, %{name}, %{name}) %{product_dir}/VERSION
+%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-security-init.sh
+%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-ism-init.sh
+%attr(750, %{name}, %{name}) %{product_dir}/bin/indexer-init.sh
+
+%changelog
+* Thu Mar 28 2024 support <info@wazuh.com> - 4.9.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-9-0.html
+* Tue Jan 30 2024 support <info@wazuh.com> - 4.8.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-1.html
+* Fri Dec 15 2023 support <info@wazuh.com> - 4.8.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-8-0.html
+* Tue Dec 05 2023 support <info@wazuh.com> - 4.7.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-1.html
+* Tue Nov 21 2023 support <info@wazuh.com> - 4.7.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-7-0.html
+* Tue Oct 31 2023 support <info@wazuh.com> - 4.6.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-6-0.html
+* Tue Oct 24 2023 support <info@wazuh.com> - 4.5.4
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-4.html
+* Tue Oct 10 2023 support <info@wazuh.com> - 4.5.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-3.html
+* Thu Aug 31 2023 support <info@wazuh.com> - 4.5.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-2.html
+* Thu Aug 24 2023 support <info@wazuh.com> - 4.5.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5.1.html
+* Thu Aug 10 2023 support <info@wazuh.com> - 4.5.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-5-0.html
+* Mon Jul 10 2023 support <info@wazuh.com> - 4.4.5
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-5.html
+* Tue Jun 13 2023 support <info@wazuh.com> - 4.4.4
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-4.html
+* Thu May 25 2023 support <info@wazuh.com> - 4.4.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-3.html
+* Mon May 08 2023 support <info@wazuh.com> - 4.4.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-2.html
+* Mon Apr 17 2023 support <info@wazuh.com> - 4.4.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-1.html
+* Wed Jan 18 2023 support <info@wazuh.com> - 4.4.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-4-0.html
+* Thu Nov 10 2022 support <info@wazuh.com> - 4.3.10
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-10.html
+* Mon Oct 03 2022 support <info@wazuh.com> - 4.3.9
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-9.html
+* Mon Sep 19 2022 support <info@wazuh.com> - 4.3.8
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-8.html
+* Mon Aug 08 2022 support <info@wazuh.com> - 4.3.7
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-7.html
+* Thu Jul 07 2022 support <info@wazuh.com> - 4.3.6
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-6.html
+* Wed Jun 29 2022 support <info@wazuh.com> - 4.3.5
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-5.html
+* Tue Jun 07 2022 support <info@wazuh.com> - 4.3.4
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-4.html
+* Tue May 31 2022 support <info@wazuh.com> - 4.3.3
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-3.html
+* Mon May 30 2022 support <info@wazuh.com> - 4.3.2
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-2.html
+* Wed May 18 2022 support <info@wazuh.com> - 4.3.1
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-1.html
+* Thu May 05 2022 support <info@wazuh.com> - 4.3.0
+- More info: https://documentation.wazuh.com/current/release-notes/release-4-3-0.html
+- Initial package
\ No newline at end of file
diff --git a/scripts/assemble.sh b/scripts/assemble.sh
index cb2bbb843d021..7d0eddfff6be5 100644
--- a/scripts/assemble.sh
+++ b/scripts/assemble.sh
@@ -166,7 +166,7 @@ echo "$ARTIFACT_BUILD_NAME" >"$OUTPUT/artifact_name.txt"
 # Create temporal directory and copy the min package there for extraction
 TMP_DIR="${OUTPUT}/tmp/${TARGET}"
 mkdir -p "$TMP_DIR"
-cp "${OUTPUT}/dist/$ARTIFACT_BUILD_NAME" "${TMP_DIR}/${ARTIFACT_BUILD_NAME}"
+cp "${OUTPUT}/dist/$ARTIFACT_BUILD_NAME" "${TMP_DIR}"
 
 function assemble_tar() {
     cd "${TMP_DIR}"
@@ -187,8 +187,8 @@ function assemble_tar() {
 
     # Step 3: swap configuration files
     cp $PATH_CONF/security/* $PATH_CONF/opensearch-security/
-    cp $PATH_CONF/jvm.prod.options $PATH_CONF/opensearch-security/jvm.options
-    cp $PATH_CONF/opensearch.prod.yml $PATH_CONF/opensearch-security/opensearch.yml
+    cp $PATH_CONF/jvm.prod.options $PATH_CONF/jvm.options
+    cp $PATH_CONF/opensearch.prod.yml $PATH_CONF/opensearch.yml
 
     rm -r $PATH_CONF/security
     rm $PATH_CONF/jvm.prod.options $PATH_CONF/opensearch.prod.yml
@@ -205,6 +205,42 @@ function assemble_tar() {
     echo "After execution, shell path is $(pwd)"
 }
 
+
+function assemble_rpm() {
+    cd "${TMP_DIR}"
+    PATH_CONF="./etc/wazuh-indexer"
+    PATH_BIN="./usr/share/wazuh-indexer/bin"
+
+    # Step 1: extract. Create usr/, etc/ and var/
+    echo "Extract ${ARTIFACT_BUILD_NAME} archive"
+    rpm2cpio "${ARTIFACT_BUILD_NAME}" | cpio -imdv 
+    cd "$(ls -d wazuh-indexer-*/)"
+
+    # Step 2: install plugins
+    echo "Install plugins"
+    for plugin in "${plugins[@]}"; do
+        plugin_from_maven="org.opensearch.plugin:${plugin}:$VERSION.0"
+        OPENSEARCH_PATH_CONF=$PATH_CONF "${PATH_BIN}/opensearch-plugin" install --batch --verbose "${plugin_from_maven}"
+    done
+
+    # Step 3: swap configuration files
+    cp $PATH_CONF/security/* $PATH_CONF/opensearch-security/
+    cp $PATH_CONF/jvm.prod.options $PATH_CONF/jvm.options
+    cp $PATH_CONF/opensearch.prod.yml $PATH_CONF/opensearch.yml
+
+    rm -r $PATH_CONF/security
+    rm $PATH_CONF/jvm.prod.options $PATH_CONF/opensearch.prod.yml
+
+    # Step 4: pack
+    # archive_name="wazuh-indexer-$(cat VERSION)"
+    # rpmbuild --bb \
+    #     --define "_topdir $(pwd)" \
+    #     --define "_version $(cat ./usr/share/wazuh-indexer/VERSION)" \
+    #     --define "_architecture ${ARCHITECTURE}" \
+    #     "${RPM_SPEC}"
+
+}
+
 case $SUFFIX.$EXT in
     linux-arm64.tar.gz)
         assemble_tar
@@ -212,8 +248,12 @@ case $SUFFIX.$EXT in
     linux-x64.tar.gz)
         assemble_tar
         ;;
-    aarch64.rpm) ;;
-    x86_64.rpm) ;;
+    aarch64.rpm)
+        assemble_rpm
+        ;;
+    x86_64.rpm)
+        assemble_rpm
+        ;;
     amd64.deb)
         ;;
     arm64.deb)