Upgrade to OpenSSL 1.1.1

.travis.yml

@@ -17,7 +17,7 @@ before_install:
  libstdc++6 libtool libgif-dev libtiff-dev libgtk2.0-dev libglib2.0-dev
  libx11-dev libxcursor-dev libxerces-c-dev libxft-dev libxinerama-dev
  libxml2-dev libxml2-utils libxmu-dev libxrandr-dev libyaml-cpp-dev libpcre3-dev
- openssl shunit2 git git-lfs libqt4-dev qt4-default libqt4-opengl-dev
+ shunit2 git git-lfs libqt4-dev qt4-default libqt4-opengl-dev
  python-dev python-git python-imaging python-setuptools python-psycopg2 python-lxml
  swig xorg-dev zlib1g-dev
 script: echo "Running build..."

earth_enterprise/BUILD_RHEL_CentOS.md

@@ -138,7 +138,7 @@ sudo yum install -y \
  gdbm-devel geos-devel giflib-devel glib2-devel GitPython gtk2-devel \
  libcap-devel libicu-devel libmng-devel libpng-devel libtiff-devel libX11-devel libXcursor-devel \
  libXft-devel libXinerama-devel libxml2-devel libXmu-devel libXrandr-devel \
- ogdi-devel openjpeg-devel openjpeg2-devel openssl-devel \
+ ogdi-devel openjpeg-devel openjpeg2-devel \
  perl-Alien-Packages perl-Perl4-CoreLibs proj-devel python-devel \
  rpm-build rpmrebuild rsync scons \
  xerces-c xerces-c-devel xorg-x11-server-devel yaml-cpp-devel zlib-devel
@@ -154,7 +154,7 @@ sudo yum install -y \
  gdbm-devel geos-devel gettext giflib-devel gtk2-devel \
  libcap-devel libmng-devel libpng-devel libX11-devel libXcursor-devel \
  libXft-devel libXinerama-devel libxml2-devel libXmu-devel libXrandr-devel \
- ogdi-devel openjpeg-devel openjpeg2-devel openssl-devel pcre pcre-devel \
+ ogdi-devel openjpeg-devel openjpeg2-devel pcre pcre-devel \
  proj-devel python27 glib2-devel libtiff-devel \
  python27-pip python27-devel python27-setuptools python-unittest2 \
  python-devel rpm-build rpmrebuild rsync scons shunit2 \

earth_enterprise/BUILD_Ubuntu.md

@@ -35,10 +35,10 @@ sudo apt-get install \
  libgdbm-dev libgeos-dev libgeos++-dev libgif-dev libgtest-dev \
  libjpeg-dev libjpeg8-dev libmng-dev libogdi3.2-dev \
  libperl4-corelibs-perl libpng12-0 libpng12-dev libpq-dev libproj-dev \
- libstdc++6 libtool libgif-dev libtiff-dev libgtk2.0-dev libglib2.0-dev \
+ libstdc++6 libtool libtiff-dev libgtk2.0-dev libglib2.0-dev \
  libx11-dev libxcursor-dev libxerces-c-dev libxft-dev libxinerama-dev \
  libxml2-dev libxml2-utils libxmu-dev libxrandr-dev libyaml-cpp-dev \
- openssl libpcre3 libpcre3-dev \
+ libpcre3 libpcre3-dev \
  python-dev python-imaging python-psycopg2 \
  python-setuptools python2.7 python2.7-dev python-git \
  scons shunit2 xorg-dev zlib1g-dev

earth_enterprise/rpms/build.gradle

@@ -258,7 +258,16 @@ task openGeePostGisRpm(type: GeeRpm) {
  autoFindProvides = true
  autoFindRequires = true
 
+ // "requires" is for runtime dependencies. "requiresPre" is for pre-install
+ // script dependencies. We need both because pre- and post-install scripts
+ // call Open GEE binaries, and they may fail if a different version of
+ // common libraries is installed.
+ // In this case, opengee-postgis doesn't have a pre- or post-install script
+ // to worry about, but we do need to make sure that opengee-common's
+ // pre-install script runs first.
  requires('opengee-common', ospackage.version, GREATER | EQUAL)
+ requiresPre('opengee-common', ospackage.version, GREATER | EQUAL)
+
  // The code in GeeRpm decides that this RPM should depend on proj, but
  // it actually depends on proj-devel.
  requires('proj-devel')
@@ -463,7 +472,6 @@ task openGeeCommonDeb (type: GeeDeb, dependsOn: openGeeCommonInitScripts) {
  requires('libstdc++6')
  requires('libtool')
  requires('libxml2-utils')
- requires('openssl')
  requires('python-imaging')
  requires('python-lxml')
  requires('python-psycopg2')
@@ -536,9 +544,14 @@ task openGeeServerRpm(type: GeeRpm, dependsOn: openGeeServerInitScripts) {
  autoFindProvides = true
  autoFindRequires = true
 
+ // "requires" is for runtime dependencies. "requiresPre" is for pre-install
+ // script dependencies. We need both because pre- and post-install scripts
+ // call Open GEE binaries, and they may fail if a different version of
+ // common libraries is installed.
  requires('opengee-common', ospackage.version, GREATER | EQUAL)
  requiresPre('opengee-common', ospackage.version, GREATER | EQUAL)
  requires('opengee-postgis', '2.3.9', GREATER | EQUAL)
+ requiresPre('opengee-postgis', '2.3.9', GREATER | EQUAL)
  conflicts('opengee-postgis', '2.0', LESS )
  conflicts('opengee-postgis', '2.4', GREATER | EQUAL)
  requires('python-unittest2')
@@ -770,7 +783,12 @@ built from raster, vector, and location properties data.
  autoFindProvides = true
  autoFindRequires = true
 
+ // "requires" is for runtime dependencies. "requiresPre" is for pre-install
+ // script dependencies. We need both because pre- and post-install scripts
+ // call Open GEE binaries, and they may fail if a different version of
+ // common libraries is installed.
  requires('opengee-common', ospackage.version, GREATER | EQUAL)
+ requiresPre('opengee-common', ospackage.version, GREATER | EQUAL)
  requires('proj-devel') /* This dependency is not being picked up automatically by GeeRpm task */
  requires('/etc/rc.d/init.d/functions')
  requiresCommands(
@@ -914,6 +932,7 @@ task openGeeExtraInitScripts(type: Copy, dependsOn: openGeeSharedFiles) {
 
  CopySpecTemplates.expand(delegate, [
  'openGeeVersion': ospackage.version,
+ 'openGeeRelease': ospackage.release,
  'project': project
  ])
 }

earth_enterprise/rpms/opengee-extra/snippets/post-install.sh

@@ -18,7 +18,15 @@ umask 002
 
 main_postinstall()
 {
- if [ -f "/etc/init.d/geserver" ]; then
+ # Check if opengee-fusion and opengee-server are the expected version. If
+ # not, we may be in the middle of an upgrade with incompatible libraries
+ # and binaries. In that case, we skip the steps below and let
+ # opengee-fusion and opengee-server take care of them.
+ EXTRA_VERSION="${CURRENT_VERSION}"
+ SERVER_VERSION=$(get_package_version opengee-server)
+ FUSION_VERSION=$(get_package_version opengee-fusion)
+
+ if [ "$SERVER_VERSION" == "$EXTRA_VERSION" ]; then
  install_searchexample_database
 
  # Set up the ExampleSearch plugin. The opengee-server-core RPM does
@@ -27,12 +35,16 @@ main_postinstall()
  run_as_user "$GEPGUSER" "$BASEINSTALLDIR_OPT/bin/psql -q -d gesearch geuser -f $SQLDIR/examplesearch.sql"
 
  service geserver restart
+ else
+ echo "Skipping example search set up. It will be set up when opengee-server-${EXTRA_VERSION} is installed."
  fi
 
- if [ -f "/etc/init.d/gefusion" ]; then
+ if [ "$FUSION_VERSION" == "$EXTRA_VERSION" ]; then
  service gefusion stop
  add_fusion_tutorial_volume
  service gefusion start
+ else
+ echo "Skipping tutorial volume set up. It will be set up when opengee-fusion-${EXTRA_VERSION} is installed."
  fi
 }
 

earth_enterprise/rpms/opengee-extra/src/post-install.sh.template

@@ -2,6 +2,7 @@
  // Prefix variable definitions to install script:
  new File("${project.buildDir}/shared/install-utils.sh").text
 %>
+CURRENT_VERSION=<%= openGeeVersion %>-<%= openGeeRelease %>.x86_64
 <%= new File("${project.buildDir}/shared/searchexample.sh").text %>
 <%= new File("${project.buildDir}/shared/fusiontutorial.sh").text %>
 <%= new File(thisTemplateFile.parent, '../snippets/post-install.sh').text %>

earth_enterprise/rpms/shared/snippets/install-utils-main.sh

@@ -100,3 +100,18 @@ run_as_user()
  ( cd / ;sudo -u $1 $2 )
  fi
 }
+
+get_package_version()
+{
+ local PACKAGE_NAME="${1}"
+ # Declare variable first; otherwise $? will be the exit code of local,
+ # which is always 0
+ local FULL_VERSION
+ FULL_VERSION=`rpm -q "${PACKAGE_NAME}"`
+ if [ $? -eq 0 ]; then
+ # Strip off the package name and return just the version
+ echo ${FULL_VERSION#"$PACKAGE_NAME-"}
+ else
+ echo "None"
+ fi
+}

earth_enterprise/src/installer/install_fusion.sh

@@ -627,20 +627,10 @@ copy_files_to_target()
  if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -rf $TMPOPENSSLPATH/private $BASEINSTALLDIR_VAR/openssl
  if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/CA.sh $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -f $TMPOPENSSLPATH/misc/tsget $BASEINSTALLDIR_VAR/openssl/misc
  if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_name $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -f $TMPOPENSSLPATH/misc/CA.pl $BASEINSTALLDIR_VAR/openssl/misc
  if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_issuer $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_info $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f $TMPOPENSSLPATH/misc/c_hash $BASEINSTALLDIR_VAR/openssl/misc
- if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -rf $TMPOPENSSLPATH/certs $BASEINSTALLDIR_VAR/openssl
  if [ $? -ne 0 ]; then error_on_copy=1; fi
 
@@ -990,4 +980,3 @@ main_install
 # Post-Install Main
 #-----------------------------------------------------------------
 main_postinstall
-

earth_enterprise/src/installer/install_server.sh

@@ -498,20 +498,10 @@ copy_files_to_target()
  if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -rf "$TMPOPENSSLPATH/private" "$BASEINSTALLDIR_VAR/openssl"
  if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/CA.sh" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -f "$TMPOPENSSLPATH/misc/tsget" "$BASEINSTALLDIR_VAR/openssl/misc"
  if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_name" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -f "$TMPOPENSSLPATH/misc/CA.pl" "$BASEINSTALLDIR_VAR/openssl/misc"
  if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_issuer" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_info" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
- cp -f "$TMPOPENSSLPATH/misc/c_hash" "$BASEINSTALLDIR_VAR/openssl/misc"
- if [ $? -ne 0 ]; then error_on_copy=1; fi
  cp -rf "$TMPOPENSSLPATH/certs" "$BASEINSTALLDIR_VAR/openssl"
  if [ $? -ne 0 ]; then error_on_copy=1; fi
 

earth_enterprise/src/third_party/apache2/SConscript

@@ -158,9 +158,6 @@ to_prune_http = ['man', 'error', 'bin/htdbm',
  'htdocs/apache_pb.gif', 'htdocs/index.html'
  ]
 
-# Note: used when compiling with crosstool
-# TODO: delete.
-#stdc = '/opt/google/lib64/libstdc++.so.6'
 apache_target = '%s/.install' % current_dir
 apache_install = apache_env.Command(
  apache_target, apache_configure,

earth_enterprise/src/third_party/openssl/SConscript

@@ -19,7 +19,7 @@
 Import('third_party_env')
 import os
 
-openssl_version = 'openssl-1.0.2h'
+openssl_version = 'openssl-1.1.1i'
 ge_version = openssl_version.replace('openssl', 'openssl-ge')
 
 current_dir = Dir('.').abspath
@@ -55,7 +55,6 @@ openssl_configure = openssl_env.Command(
  openssl_target, openssl_extract,
  [openssl_env.MultiCommand(
  'cd %s\n'
- 'perl util/perlpath.pl /usr/bin/perl\n'
  '%s%s ./Configure -DSSL_ALLOW_ADH --prefix=/opt/google '
  '--openssldir=/var/opt/google/openssl linux-x86_64 shared\n'
  'touch %s' % (build_root, openssl_env['ENV']['mod_env'], env_opt,
@@ -79,7 +78,7 @@ openssl_install = openssl_env.Command(
  openssl_target, openssl_build,
  [openssl_env.MultiCommand(
  'cd %s\n'
- 'make INSTALL_PREFIX=%s install_sw\n'
+ 'make DESTDIR=%s install_sw install_ssldirs\n'
  'cd %s\n'
  'if [ -d ./lib64 ]; then rsync -rltpvu ./lib64/ ./lib; rm -rf ./lib64; fi\n'
  'rm -rf lib/pkgconfig\n'
@@ -89,7 +88,7 @@ openssl_install = openssl_env.Command(
  'rm -rf share/doc/packages/%s\n'
  'mkdir -p share/doc/packages/%s\n'
  'cd -\n'
- 'cp -pr CHANGES CHANGES.SSLeay LICENSE NEWS README '
+ 'cp -pr CHANGES LICENSE NEWS README '
  '%s/opt/google/share/doc/packages/%s\n'
  'touch %s' % (build_root, install_root, install_root_opt, ge_version,
  ge_version, install_root, ge_version, openssl_target))])

earth_enterprise/third_party/openssl/README.google

@@ -1,5 +1,5 @@
 URL: http://www.openssl.org/
-Version: 1.0.2h
+Version: 1.1.1h
 License: bsd-ish, requires acknowledgment
 License File: LICENSE