From 8f716057590108b2468eafc85ae8ec16979b0d25 Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Thu, 11 Jan 2024 15:52:44 -0300
Subject: [PATCH 1/3] Adding debian packaging config files from Opensearch

---
 distribution/packages/src/deb/debian/control  | 22 ++++++
 .../packages/src/deb/debian/copyright         | 38 +++++++++
 distribution/packages/src/deb/debian/postinst | 78 +++++++++++++++++++
 distribution/packages/src/deb/debian/preinst  | 31 ++++++++
 distribution/packages/src/deb/debian/prerm    | 26 +++++++
 distribution/packages/src/deb/debian/rules    | 29 +++++++
 6 files changed, 224 insertions(+)
 create mode 100644 distribution/packages/src/deb/debian/control
 create mode 100644 distribution/packages/src/deb/debian/copyright
 create mode 100644 distribution/packages/src/deb/debian/postinst
 create mode 100644 distribution/packages/src/deb/debian/preinst
 create mode 100644 distribution/packages/src/deb/debian/prerm
 create mode 100644 distribution/packages/src/deb/debian/rules

diff --git a/distribution/packages/src/deb/debian/control b/distribution/packages/src/deb/debian/control
new file mode 100644
index 0000000000000..2b93b0c3f8f92
--- /dev/null
+++ b/distribution/packages/src/deb/debian/control
@@ -0,0 +1,22 @@
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+Source: wazuh-indexer
+Section: web
+Priority: optional
+Maintainer: Wazuh Indexer Team <info@wazuh.com>
+Build-Depends: debhelper-compat (= 12)
+Standards-Version: 4.5.0
+Homepage: https://www.wazuh.com/
+
+Package: wazuh-indexer
+Architecture: any
+Description: Wazuh indexer is a near real-time full-text search and analytics engine that gathers security-related data into one platform.
+ This Wazuh central component indexes and stores alerts generated by the Wazuh server.
+ Wazuh indexer can be configured as a single-node or multi-node cluster, providing scalability and high availability.
+ Documentation can be found at https://documentation.wazuh.com/current/getting-started/components/wazuh-indexer.html
+ 
diff --git a/distribution/packages/src/deb/debian/copyright b/distribution/packages/src/deb/debian/copyright
new file mode 100644
index 0000000000000..e7cb0fc0d0109
--- /dev/null
+++ b/distribution/packages/src/deb/debian/copyright
@@ -0,0 +1,38 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: wazuh-indexer
+Upstream-Contact: info@wazuh.com
+Source: https://www.wazuh.com
+Files: *
+Copyright: OpenSearch Contributors
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+      http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License, Version 2
+ can be found in "/usr/share/common-licenses/Apache-2.0".
+
+Files: debian/*
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+      http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian systems, the complete text of the Apache License, Version 2
+ can be found in "/usr/share/common-licenses/Apache-2.0".
diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst
new file mode 100644
index 0000000000000..ea061504683d1
--- /dev/null
+++ b/distribution/packages/src/deb/debian/postinst
@@ -0,0 +1,78 @@
+#!/bin/bash
+
+# Copyright Wazuh Indexer Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The Wazuh Indexer Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# deb wazuh-indexer postinst script
+
+set -e
+
+echo "Running Wazuh Indexer Post-Installation Script"
+
+product_dir=/usr/share/wazuh-indexer
+config_dir=/etc/wazuh-indexer
+data_dir=/var/lib/wazuh-indexer
+log_dir=/var/log/wazuh-indexer
+pid_dir=/var/run/wazuh-indexer
+
+# Apply Security Settings
+if [ -d ${product_dir}/plugins/opensearch-security ]; then
+    bash ${product_dir}/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s > ${log_dir}/install_demo_configuration.log 2>&1
+fi
+
+# Apply PerformanceAnalyzer Settings
+chmod a+rw /tmp
+if ! grep -q '## Wazuh Indexer Performance Analyzer' ${config_dir}/jvm.options; then
+   # Add Performance Analyzer settings in ${config_dir}/jvm.options
+   CLK_TCK=`/usr/bin/getconf CLK_TCK`
+   echo >> ${config_dir}/jvm.options
+   echo '## Wazuh Indexer Performance Analyzer' >> ${config_dir}/jvm.options
+   echo "-Dclk.tck=$CLK_TCK" >> ${config_dir}/jvm.options
+   echo "-Djdk.attach.allowAttachSelf=true" >> ${config_dir}/jvm.options
+   echo "-Djava.security.policy=file://${config_dir}/opensearch-performance-analyzer/opensearch_security.policy" >> ${config_dir}/jvm.options
+   echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED" >> ${config_dir}/jvm.options
+fi
+
+# Set owner
+chown -R wazuh-indexer.wazuh-indexer ${product_dir}
+chown -R wazuh-indexer.wazuh-indexer ${config_dir}
+chown -R wazuh-indexer.wazuh-indexer ${log_dir}
+chown -R wazuh-indexer.wazuh-indexer ${data_dir}
+chown -R wazuh-indexer.wazuh-indexer ${pid_dir}
+
+# Reload systemctl daemon
+if command -v systemctl > /dev/null; then
+    systemctl daemon-reload
+fi
+
+# Reload other configs
+if command -v systemctl > /dev/null; then
+    systemctl restart systemd-sysctl.service || true
+fi
+
+if command -v systemd-tmpfiles > /dev/null; then
+    systemd-tmpfiles --create wazuh-indexer.conf
+fi
+
+# Messages
+echo "### NOT starting on installation, please execute the following statements to configure wazuh-indexer service to start automatically using systemd"
+echo " sudo systemctl daemon-reload"
+echo " sudo systemctl enable wazuh-indexer.service"
+echo "### You can start wazuh-indexer service by executing"
+echo " sudo systemctl start wazuh-indexer.service"
+
+if [ -d ${product_dir}/plugins/opensearch-security ]; then
+    echo "### Create wazuh-indexer demo certificates in ${config_dir}/"
+    echo " See demo certs creation log in ${log_dir}/install_demo_configuration.log"
+fi
+echo "### Upcoming breaking change in packaging"
+echo " In a future release of Wazuh Indexer, we plan to change the permissions associated with access to installed files"
+echo " If you are configuring tools that require read access to the Wazuh Indexer configuration files, we recommend you add the user that runs these tools to the 'wazuh-indexer' group"
+echo " For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043"
+exit 0
+
+
diff --git a/distribution/packages/src/deb/debian/preinst b/distribution/packages/src/deb/debian/preinst
new file mode 100644
index 0000000000000..2cf7ea70a7466
--- /dev/null
+++ b/distribution/packages/src/deb/debian/preinst
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# deb wazuh-indexer preinst script
+
+set -e
+
+echo "Running Wazuh Indexer Pre-Installation Script"
+
+# Stop existing service
+if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then
+    echo "Stop existing wazuh-indexer.service"
+    systemctl --no-reload stop wazuh-indexer.service
+fi
+if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then
+    echo "Stop existing wazuh-indexer-performance-analyzer.service"
+    systemctl --no-reload stop wazuh-indexer-performance-analyzer.service
+fi
+
+# Create user and group if they do not already exist.
+getent group wazuh-indexer > /dev/null 2>&1 || groupadd -r wazuh-indexer
+getent passwd wazuh-indexer > /dev/null 2>&1 || \
+    useradd -r -g wazuh-indexer -M -s /sbin/nologin \
+        -c "wazuh-indexer user/group" wazuh-indexer
+exit 0
diff --git a/distribution/packages/src/deb/debian/prerm b/distribution/packages/src/deb/debian/prerm
new file mode 100644
index 0000000000000..a5222b2caae40
--- /dev/null
+++ b/distribution/packages/src/deb/debian/prerm
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# deb wazuh-indexer prerm script
+
+set -e
+
+echo "Running Wazuh Indexer Pre-Removal Script"
+
+# Stop existing service
+if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer.service >/dev/null; then
+    echo "Stop existing wazuh-indexer.service"
+    systemctl --no-reload stop wazuh-indexer.service
+fi
+if command -v systemctl >/dev/null && systemctl is-active wazuh-indexer-performance-analyzer.service >/dev/null; then
+    echo "Stop existing wazuh-indexer-performance-analyzer.service"
+    systemctl --no-reload stop wazuh-indexer-performance-analyzer.service
+fi
+
+exit 0
diff --git a/distribution/packages/src/deb/debian/rules b/distribution/packages/src/deb/debian/rules
new file mode 100644
index 0000000000000..1e13c8d707b1d
--- /dev/null
+++ b/distribution/packages/src/deb/debian/rules
@@ -0,0 +1,29 @@
+#!/usr/bin/make -f
+
+# Copyright OpenSearch Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# The OpenSearch Contributors require contributions made to
+# this file be licensed under the Apache-2.0 license or a
+# compatible open source license.
+
+# You must remove unused comment lines for the released package.
+#export DH_VERBOSE = 1
+#export DEB_BUILD_MAINT_OPTIONS = hardening=+all
+#export DEB_CFLAGS_MAINT_APPEND  = -Wall -pedantic
+#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed
+
+%:
+	dh $@
+
+override_dh_builddeb:
+	dh_builddeb -- -Zgzip
+
+override_dh_gencontrol:
+	dh_gencontrol -- -DLicense=Apache-2.0
+
+#override_dh_auto_install:
+#	dh_auto_install -- prefix=/usr
+
+#override_dh_install:
+#	dh_install --list-missing -X.pyc -X.pyo

From 385582c01fdd40370d9abe2baed259485cdb2b06 Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Wed, 17 Jan 2024 09:14:01 -0300
Subject: [PATCH 2/3] Copy debian/ folder to the build dir for debmake to parse

---
 distribution/packages/src/deb/debian/postinst | 8 --------
 scripts/README.md                             | 9 ++++++++-
 scripts/assemble.sh                           | 1 +
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst
index ea061504683d1..5204d7b58ce73 100644
--- a/distribution/packages/src/deb/debian/postinst
+++ b/distribution/packages/src/deb/debian/postinst
@@ -65,14 +65,6 @@ echo " sudo systemctl enable wazuh-indexer.service"
 echo "### You can start wazuh-indexer service by executing"
 echo " sudo systemctl start wazuh-indexer.service"
 
-if [ -d ${product_dir}/plugins/opensearch-security ]; then
-    echo "### Create wazuh-indexer demo certificates in ${config_dir}/"
-    echo " See demo certs creation log in ${log_dir}/install_demo_configuration.log"
-fi
-echo "### Upcoming breaking change in packaging"
-echo " In a future release of Wazuh Indexer, we plan to change the permissions associated with access to installed files"
-echo " If you are configuring tools that require read access to the Wazuh Indexer configuration files, we recommend you add the user that runs these tools to the 'wazuh-indexer' group"
-echo " For more information, see https://github.com/opensearch-project/opensearch-build/pull/4043"
 exit 0
 
 
diff --git a/scripts/README.md b/scripts/README.md
index 8c98f8206cab5..7c17b6e827c69 100644
--- a/scripts/README.md
+++ b/scripts/README.md
@@ -98,7 +98,14 @@ The script will:
           |-- etc
           |-- usr
           |-- var
-          `-- wazuh-indexer-min_4.9.0_amd64.deb
+          |-- wazuh-indexer-min_4.9.0_amd64.deb
+          `-- debian/
+              | -- control
+              | -- copyright
+              | -- rules
+              | -- preinst
+              | -- prerm
+              | -- postinst
   ```
 
 ### Running in Act
diff --git a/scripts/assemble.sh b/scripts/assemble.sh
index 9f25c304808b4..06f639a8e52c3 100755
--- a/scripts/assemble.sh
+++ b/scripts/assemble.sh
@@ -312,6 +312,7 @@ function assemble_deb() {
     # Copy spec
     cp "distribution/packages/src/deb/Makefile" "${TMP_DIR}"
     cp "distribution/packages/src/deb/debmake_install.sh" "${TMP_DIR}"
+    cp -r "distribution/packages/src/deb/debian" "${TMP_DIR}"
     chmod a+x "${TMP_DIR}/debmake_install.sh"
     # Copy performance analyzer service file
     enable_performance_analyzer

From ecd1431f221ce4b93e0b05436f6af6935b37ad33 Mon Sep 17 00:00:00 2001
From: Fede Tux <federico.galland@wazuh.com>
Date: Wed, 17 Jan 2024 09:35:22 -0300
Subject: [PATCH 3/3] Remove redundant steps from debian/postinst

---
 distribution/packages/src/deb/debian/postinst | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/distribution/packages/src/deb/debian/postinst b/distribution/packages/src/deb/debian/postinst
index 5204d7b58ce73..da4cbf62be703 100644
--- a/distribution/packages/src/deb/debian/postinst
+++ b/distribution/packages/src/deb/debian/postinst
@@ -19,23 +19,6 @@ data_dir=/var/lib/wazuh-indexer
 log_dir=/var/log/wazuh-indexer
 pid_dir=/var/run/wazuh-indexer
 
-# Apply Security Settings
-if [ -d ${product_dir}/plugins/opensearch-security ]; then
-    bash ${product_dir}/plugins/opensearch-security/tools/install_demo_configuration.sh -y -i -s > ${log_dir}/install_demo_configuration.log 2>&1
-fi
-
-# Apply PerformanceAnalyzer Settings
-chmod a+rw /tmp
-if ! grep -q '## Wazuh Indexer Performance Analyzer' ${config_dir}/jvm.options; then
-   # Add Performance Analyzer settings in ${config_dir}/jvm.options
-   CLK_TCK=`/usr/bin/getconf CLK_TCK`
-   echo >> ${config_dir}/jvm.options
-   echo '## Wazuh Indexer Performance Analyzer' >> ${config_dir}/jvm.options
-   echo "-Dclk.tck=$CLK_TCK" >> ${config_dir}/jvm.options
-   echo "-Djdk.attach.allowAttachSelf=true" >> ${config_dir}/jvm.options
-   echo "-Djava.security.policy=file://${config_dir}/opensearch-performance-analyzer/opensearch_security.policy" >> ${config_dir}/jvm.options
-   echo "--add-opens=jdk.attach/sun.tools.attach=ALL-UNNAMED" >> ${config_dir}/jvm.options
-fi
 
 # Set owner
 chown -R wazuh-indexer.wazuh-indexer ${product_dir}