accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject accumulo git commit: ACCUMULO-4448 - Remove accumulo.policy.example
Date Thu, 08 Sep 2016 19:20:28 GMT
Repository: accumulo
Updated Branches:
  refs/heads/master 1a663143c -> fa483cf63


ACCUMULO-4448 - Remove accumulo.policy.example

* Example file is no longer included in distribution tarball
* Updated accumulo-env.sh to not look for file or set security policy

Closes apache/accumulo#146

Signed-off-by: Josh Elser <elserj@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/fa483cf6
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/fa483cf6
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/fa483cf6

Branch: refs/heads/master
Commit: fa483cf63794dc2539bec19d1e9c6830dfc39846
Parents: 1a66314
Author: Mike Walch <mwalch@gmail.com>
Authored: Thu Sep 8 13:43:48 2016 -0400
Committer: Josh Elser <elserj@apache.org>
Committed: Thu Sep 8 15:07:19 2016 -0400

----------------------------------------------------------------------
 assemble/conf/templates/accumulo-env.sh         |  10 +-
 assemble/conf/templates/accumulo.policy.example | 143 -------------------
 assemble/src/main/assemblies/component.xml      |  10 --
 3 files changed, 3 insertions(+), 160 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/fa483cf6/assemble/conf/templates/accumulo-env.sh
----------------------------------------------------------------------
diff --git a/assemble/conf/templates/accumulo-env.sh b/assemble/conf/templates/accumulo-env.sh
index 217465b..a91b4b3 100644
--- a/assemble/conf/templates/accumulo-env.sh
+++ b/assemble/conf/templates/accumulo-env.sh
@@ -40,13 +40,9 @@ test -z "$HADOOP_CONF_DIR"       && export HADOOP_CONF_DIR="$HADOOP_PREFIX/etc/h
 test -z "$JAVA_HOME"             && export JAVA_HOME=/path/to/java
 test -z "$ZOOKEEPER_HOME"        && export ZOOKEEPER_HOME=/path/to/zookeeper
 test -z "$ACCUMULO_LOG_DIR"      && export ACCUMULO_LOG_DIR=$ACCUMULO_HOME/logs
-if [[ -f ${ACCUMULO_CONF_DIR}/accumulo.policy ]]
-then
-   POLICY="-Djava.security.manager -Djava.security.policy=${ACCUMULO_CONF_DIR}/accumulo.policy"
-fi
-test -z "$ACCUMULO_TSERVER_OPTS" && export ACCUMULO_TSERVER_OPTS="${POLICY} ${tServerHigh_tServerLow}
"
-test -z "$ACCUMULO_MASTER_OPTS"  && export ACCUMULO_MASTER_OPTS="${POLICY} ${masterHigh_masterLow}"
-test -z "$ACCUMULO_MONITOR_OPTS" && export ACCUMULO_MONITOR_OPTS="${POLICY} ${monitorHigh_monitorLow}"
+test -z "$ACCUMULO_TSERVER_OPTS" && export ACCUMULO_TSERVER_OPTS="${tServerHigh_tServerLow}
"
+test -z "$ACCUMULO_MASTER_OPTS"  && export ACCUMULO_MASTER_OPTS="${masterHigh_masterLow}"
+test -z "$ACCUMULO_MONITOR_OPTS" && export ACCUMULO_MONITOR_OPTS="${monitorHigh_monitorLow}"
 test -z "$ACCUMULO_GC_OPTS"      && export ACCUMULO_GC_OPTS="${gcHigh_gcLow}"
 test -z "$ACCUMULO_SHELL_OPTS"   && export ACCUMULO_SHELL_OPTS="${shellHigh_shellLow}"
 test -z "$ACCUMULO_GENERAL_OPTS" && export ACCUMULO_GENERAL_OPTS="-XX:+UseConcMarkSweepGC
-XX:CMSInitiatingOccupancyFraction=75 -Djava.net.preferIPv4Stack=true -XX:+CMSClassUnloadingEnabled"

http://git-wip-us.apache.org/repos/asf/accumulo/blob/fa483cf6/assemble/conf/templates/accumulo.policy.example
----------------------------------------------------------------------
diff --git a/assemble/conf/templates/accumulo.policy.example b/assemble/conf/templates/accumulo.policy.example
deleted file mode 100644
index 2964f06..0000000
--- a/assemble/conf/templates/accumulo.policy.example
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-grant codeBase "file:${java.home}/lib/ext/*" {
-  permission java.security.AllPermission;
-};
-
-// These should all be empty in a fielded system
-grant codeBase "file:${org.apache.accumulo.core.home.dir}/src/server/target/classes/" {
-  permission java.security.AllPermission;
-};
-grant codeBase "file:${org.apache.accumulo.core.home.dir}/src/core/target/classes/" {
-  permission java.security.AllPermission;
-};
-grant codeBase "file:${org.apache.accumulo.core.home.dir}/src/start/target/classes/" {
-  permission java.security.AllPermission;
-};
-grant codeBase "file:${org.apache.accumulo.core.home.dir}/src/examples/target/classes/" {
-  permission java.security.AllPermission;
-};
-
-grant codebase "file:${hadoop.home.dir}/*" {
-  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-  permission java.lang.RuntimePermission "shutdownHooks"; // hadoop libs use executables
to discover usernames, groups, etc.
-  permission java.lang.RuntimePermission "loadLibrary.*";
-  permission java.io.FilePermission "<<ALL FILES>>", "read, execute";
-  permission java.io.FilePermission "/tmp", "write, delete";
-  permission java.io.FilePermission "/tmp/-", "write, delete";
-  permission java.io.FilePermission "/", "write";
-  permission java.net.SocketPermission "*", "connect, resolve";
-  permission java.util.PropertyPermission "java.library.path", "read";
-  permission java.util.PropertyPermission "user.dir", "read";
-  permission java.util.PropertyPermission "org.apache.commons.logging.*", "read";
-  permission java.util.PropertyPermission "entityExpansionLimit", "read";
-  permission java.util.PropertyPermission "maxOccurLimit", "read";
-  permission java.util.PropertyPermission "os.name", "read";
-};
-
-grant codebase "file:${hadoop.home.dir}/lib/*" {
-  // monitor's jetty web service
-  permission java.security.SecurityPermission "configurationPermission";
-  permission java.security.SecurityPermission "tablesPermission";
-  permission java.security.SecurityPermission "zookeeperWriterPermission";
-  permission java.security.SecurityPermission "tableManagerPermission";
-  permission java.security.SecurityPermission "transportPoolPermission";
-  permission java.security.SecurityPermission "systemCredentialsPermission";
-  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-  // need to accept web requests, and talk to job tracker, name node, etc.
-  permission java.net.SocketPermission "*", "accept, listen, resolve, connect, resolve";
-  permission java.lang.RuntimePermission "getenv.*";
-  permission java.lang.RuntimePermission "loadLibrary.*";
-  permission java.util.PropertyPermission "org.mortbay.*", "read";
-  permission java.util.PropertyPermission "VERBOSE", "read";
-  permission java.util.PropertyPermission "IGNORED", "read";
-  permission java.util.PropertyPermission "ISO_8859_1", "read";
-  permission java.util.PropertyPermission "org.apache.commons.logging.*", "read";
-  permission java.util.PropertyPermission "accumulo.*", "read";
-  permission java.util.PropertyPermission "org.jfree.*", "read";
-  permission java.util.PropertyPermission "elementAttributeLimit", "read";
-  permission java.util.PropertyPermission "entityExpansionLimit", "read";
-  permission java.util.PropertyPermission "maxOccurLimit", "read";
-  // some resources come out of accumulo jars
-  permission java.lang.RuntimePermission "getClassLoader";
-  permission java.io.FilePermission "${org.apache.accumulo.core.home.dir}/lib/*", "read";
-  permission java.io.FilePermission "${org.apache.accumulo.core.home.dir}/src/-", "read";
-  permission java.io.FilePermission "${hadoop.home.dir}/lib/*", "read";
-  // images are cached in /tmp
-  permission java.io.FilePermission "/tmp/*", "read, write";
-  permission java.io.FilePermission "/", "write";
-};
-
-grant codebase "file:${zookeeper.home.dir}/*" {
-  permission java.net.SocketPermission "*", "connect, resolve";
-  permission java.util.PropertyPermission "user.*", "read";
-  permission java.util.PropertyPermission "java.*", "read";
-  permission java.util.PropertyPermission "zookeeper.*", "read";
-  permission java.util.PropertyPermission "jute.*", "read";
-  permission java.util.PropertyPermission "os.*", "read";
-  // accumulo properties read in callbacks
-  permission java.util.PropertyPermission "accumulo.*", "read";
-  permission java.security.SecurityPermission "configurationPermission";
-  permission java.security.SecurityPermission "tablesPermission";
-  permission java.security.SecurityPermission "zookeeperWriterPermission";
-  permission java.security.SecurityPermission "tableManagerPermission";
-  permission java.security.SecurityPermission "transportPoolPermission";
-  permission java.security.SecurityPermission "systemCredentialsPermission";
-  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-  permission java.lang.RuntimePermission "exitVM";
-};
-
-grant codebase "file:${org.apache.accumulo.core.home.dir}/lib/ext/*" {
-};
-
-grant codebase "file:${org.apache.accumulo.core.home.dir}/lib/*" {
-  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-  // logging, configuration and getting user id
-  permission java.io.FilePermission "<<ALL FILES>>", "read, write, execute, delete";
-  permission java.util.PropertyPermission "*", "read, write";
-  permission java.lang.RuntimePermission "getenv.*";
-  permission java.lang.RuntimePermission "getClassLoader";
-  permission java.lang.RuntimePermission "loadLibrary.*";
-  permission java.lang.RuntimePermission "accessDeclaredMembers";
-  permission java.lang.RuntimePermission "selectorProvider";
-  permission java.lang.RuntimePermission "accessClassInPackage.*";
-  permission java.lang.RuntimePermission "readFileDescriptor";
-  permission java.lang.RuntimePermission "writeFileDescriptor";
-  permission java.lang.RuntimePermission "modifyThread";
-  permission java.lang.RuntimePermission "modifyThreadGroup";
-  permission java.lang.RuntimePermission "createClassLoader";
-  permission java.lang.RuntimePermission "setContextClassLoader";
-  permission java.lang.RuntimePermission "exitVM";
-  permission java.lang.RuntimePermission "shutdownHooks";
-  permission java.security.SecurityPermission "getPolicy";
-  permission java.security.SecurityPermission "getProperty.*";
-  permission java.security.SecurityPermission "putProviderProperty.*";
-  permission java.security.SecurityPermission "setSystemScope";
-  permission java.security.SecurityPermission "configurationPermission";
-  permission java.security.SecurityPermission "tablesPermission";
-  permission java.security.SecurityPermission "zookeeperWriterPermission";
-  permission java.security.SecurityPermission "tableManagerPermission";
-  permission java.security.SecurityPermission "transportPoolPermission";
-  permission java.security.SecurityPermission "systemCredentialsPermission";
-  permission java.util.logging.LoggingPermission "control";
-  permission java.net.NetPermission "getProxySelector";
-  permission javax.management.MBeanServerPermission "createMBeanServer";
-  permission javax.management.MBeanTrustPermission "register";
-  permission javax.management.MBeanPermission "*", "registerMBean";
-  permission java.net.SocketPermission "*", "accept, connect, listen, resolve";
-};

http://git-wip-us.apache.org/repos/asf/accumulo/blob/fa483cf6/assemble/src/main/assemblies/component.xml
----------------------------------------------------------------------
diff --git a/assemble/src/main/assemblies/component.xml b/assemble/src/main/assemblies/component.xml
index bfcedc8..6fc6656 100644
--- a/assemble/src/main/assemblies/component.xml
+++ b/assemble/src/main/assemblies/component.xml
@@ -133,16 +133,6 @@
       </excludes>
     </fileSet>
     <fileSet>
-      <!-- preserve old behavior of extra copy in conf -->
-      <directory>conf/templates</directory>
-      <outputDirectory>conf</outputDirectory>
-      <directoryMode>0755</directoryMode>
-      <fileMode>0644</fileMode>
-      <includes>
-        <include>accumulo.policy.example</include>
-      </includes>
-    </fileSet>
-    <fileSet>
       <directory>target/example-configs</directory>
       <outputDirectory>conf/examples</outputDirectory>
       <directoryMode>0755</directoryMode>


Mime
View raw message