From 76e37289899412781d0434c22031d16a70968ec0 Mon Sep 17 00:00:00 2001 From: ialarmedalien Date: Tue, 16 Jun 2020 12:23:42 -0700 Subject: [PATCH] try removing sdkbase dir --- .gitignore | 2 - .travis.yml | 1 - Makefile | 7 +- doc/building_sdk.md | 13 +- doc/codebase_anatomy.md | 1 - entrypoint | 3 - sdkbase/Dockerfile | 44 --- sdkbase/create_certs | 20 - sdkbase/lets_encript/lets-encript-readme.txt | 1 - .../lets-encrypt-x3-cross-signed.der | Bin 1174 -> 0 bytes sdkbase/makeconfig | 4 - sdkbase/openssl.cnf | 355 ------------------ sdkbase/sdkbase.build.tag | 1 - .../templates/module_travis.vm.properties | 3 +- 14 files changed, 6 insertions(+), 449 deletions(-) delete mode 100644 sdkbase/Dockerfile delete mode 100755 sdkbase/create_certs delete mode 100644 sdkbase/lets_encript/lets-encript-readme.txt delete mode 100644 sdkbase/lets_encript/lets-encrypt-x3-cross-signed.der delete mode 100755 sdkbase/makeconfig delete mode 100644 sdkbase/openssl.cnf delete mode 100644 sdkbase/sdkbase.build.tag diff --git a/.gitignore b/.gitignore index 1cf1ed55..5705f26d 100644 --- a/.gitignore +++ b/.gitignore @@ -2,8 +2,6 @@ /temp /dist /eclipse-classes/ -/sdkbase/ssl -/sdkbase/cluster.ini /classes/ /temp_* /ASimpleModule* diff --git a/.travis.yml b/.travis.yml index 6b83fb97..4087b9a8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,7 +35,6 @@ install: script: - make - - make sdkbase - export PATH=$(pwd)/bin:$PATH - source src/sh/sdk-completion.sh - kb-sdk help diff --git a/Makefile b/Makefile index b1e51fb5..773931f0 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ KBASE_COMMON_JAR = kbase/common/kbase-common-0.0.23.jar QUOTE = '\'' # make sure our make test works -.PHONY : test test-python sdkbase +.PHONY : test test-python default: compile @@ -103,11 +103,6 @@ deploy-scripts: fi; $(ANT) deploy_bin -DBIN_TARGET=$(TARGET)/bin -DBIN_LIB_TARGET=$(TARGET)/lib -DKBASE_COMMON_JAR=$(KBASE_COMMON_JAR) -sdkbase: - # docker rmi -f kbase/deplbase:latest - cd sdkbase && ./makeconfig - docker build --no-cache -t kbase/kbase:sdkbase2.latest sdkbase - test: submodule-init @echo "Running unit tests" make test-python diff --git a/doc/building_sdk.md b/doc/building_sdk.md index 04a17f8b..cc6d1866 100644 --- a/doc/building_sdk.md +++ b/doc/building_sdk.md @@ -1,9 +1,9 @@ -#### Building SDK +## Building the SDK System Dependencies: - Mac OS X 10.8+ or Linux. kb-sdk does not run natively in Windows, but see [here](doc/FAQ.md#windows) for more details. - - Java JRE 7 or 8 (9 is currently incompatible) http://www.oracle.com/technetwork/java/javase/downloads/index.html + - Java JRE 8: http://www.oracle.com/technetwork/java/javase/downloads/index.html (9 is currently incompatible; the SDK will run on Java 7, but using the more modern Java 8 is recommended) - (Mac only) Xcode https://developer.apple.com/xcode - git https://git-scm.com - Docker https://www.docker.com (for local testing) @@ -11,24 +11,20 @@ System Dependencies: Get the SDK: git clone https://github.com/kbase/kb_sdk + git clone https://github.com/kbase/jars Pull dependencies and configure the SDK: cd kb_sdk make bin -Download the local KBase SDK base Docker image: - - docker pull kbase/sdkbase2:latest - Add the kb-sdk tool to your PATH and enable command completion. From the kb_sdk directory: # for bash export PATH=$(pwd)/bin:$PATH source src/sh/sdk-completion.sh - -#### Build from source +### Build from source Additional System Dependencies: @@ -39,4 +35,3 @@ Follow basic instructions above. Instead of running `make bin` you can run `mak cd kb_sdk make - diff --git a/doc/codebase_anatomy.md b/doc/codebase_anatomy.md index 91ea0e9e..3ef5aa2c 100644 --- a/doc/codebase_anatomy.md +++ b/doc/codebase_anatomy.md @@ -16,7 +16,6 @@ This document describes the the file structure of the `kb_sdk` codebase. * `Makefile` - commands for compiling, building docker images, and initializing submodules * `Pipfile` and `Pipfile.lock` - python dependencies for pipenv * `reports/` - files generated for JaCoCo test coverage reports -* `sdkbase/` - Docker files for the image used inside actual SDK apps * `src/` - the main source code for this project; see below * `submodules/` and `submodules_hacks` - jars and other dependencies * `test_scripts/` - test helpers in perl, python, and js diff --git a/entrypoint b/entrypoint index 65251b46..afa74c85 100755 --- a/entrypoint +++ b/entrypoint @@ -17,9 +17,6 @@ fi exec docker run -it --rm -v \$HOME:\$HOME -u \$(id -u) -w \$(pwd) -v /var/run/docker.sock:/var/run/docker.sock -e DUSER=\$USER -e DSHELL=\$SHELL -e KBASE_TEST_TOKEN=\$KBASE_TEST_TOKEN --group-add \$(cat \$HOME/.kbsdk.cache) kbase/kb-sdk \$@ EOF -elif [ "z$1" = "zsdkbase" ] || [ "z$1" = "zpull-base-image" ] ; then - echo "Pulling and tagging the base image" - docker pull kbase/kbase:sdkbase2.latest elif [ "z$1" = "zprune" ] ; then echo "Used during build to shrink image. Not needed by the user." for f in $(find /src/submodules/jars/lib/jars -type f -name '*.jar') ; do diff --git a/sdkbase/Dockerfile b/sdkbase/Dockerfile deleted file mode 100644 index a4045629..00000000 --- a/sdkbase/Dockerfile +++ /dev/null @@ -1,44 +0,0 @@ -FROM kbase/deplbase:latest - -COPY ./sdkbase.build.tag /tmp/ - -# Update certs -RUN apt-get update -RUN apt-get install ca-certificates - -# Fix Python SSL warnings for python < 2.7.9 (system python on Trusty is 2.7.6) -# https://github.com/pypa/pip/issues/4098 -RUN pip install pip==8.1.2 -RUN pip install --disable-pip-version-check requests requests_toolbelt pyopenssl --upgrade - -#install coverage tool -RUN pip install coverage - -RUN \ - . /kb/dev_container/user-env.sh && \ - cd /kb/dev_container/modules && \ - rm -rf auth && \ - git clone -b auth2 https://github.com/kbase/auth && \ - cd /kb/dev_container/modules/auth && \ - make && make deploy - -COPY ./lets_encript/lets-encrypt-x3-cross-signed.der /tmp/ -RUN keytool -import -keystore /usr/lib/jvm/java-7-oracle/jre/lib/security/cacerts \ - -storepass changeit -noprompt -trustcacerts -alias letsencryptauthorityx31 \ - -file /tmp/lets-encrypt-x3-cross-signed.der -RUN rm /tmp/lets-encrypt-x3-cross-signed.der - -# Update kb_sdk at build time -RUN \ - . /kb/dev_container/user-env.sh && \ - rm /kb/runtime/java && \ - ln -s /usr/lib/jvm/java-7-oracle /kb/runtime/java && \ - cd /kb/dev_container/modules && \ - rm -rf jars && \ - git clone https://github.com/kbase/jars && \ - rm -rf kb_sdk && \ - git clone https://github.com/kbase/kb_sdk -b develop && \ - cd /kb/dev_container/modules/jars && \ - make && make deploy && \ - cd /kb/dev_container/modules/kb_sdk && \ - make && make deploy diff --git a/sdkbase/create_certs b/sdkbase/create_certs deleted file mode 100755 index c78e39d3..00000000 --- a/sdkbase/create_certs +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -[ -e ./ssl ] || mkdir ./ssl - -[ -z $PUBLIC_ADDRESS ] && PUBLIC_ADDRESS="kbase.us" -export PUBLIC_ADDRESS - -# Create certs for development deploy -if [ -e ./ssl/proxy.key ] ; then - echo "Skipping proxy cert" -else - openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout ./ssl/proxy.key -out ./ssl/proxy.crt -config openssl.cnf -batch -fi - -if [ -e ./ssl/narrative.key ] ; then - echo "Skipping narrative cert" -else - cp ./ssl/proxy.key ./ssl/narrative.key - cp ./ssl/proxy.crt ./ssl/narrative.crt -fi diff --git a/sdkbase/lets_encript/lets-encript-readme.txt b/sdkbase/lets_encript/lets-encript-readme.txt deleted file mode 100644 index c0f188be..00000000 --- a/sdkbase/lets_encript/lets-encript-readme.txt +++ /dev/null @@ -1 +0,0 @@ -Certificate was loaded from https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.der on 2016-12-19. \ No newline at end of file diff --git a/sdkbase/lets_encript/lets-encrypt-x3-cross-signed.der b/sdkbase/lets_encript/lets-encrypt-x3-cross-signed.der deleted file mode 100644 index e08466c5a7cc64b2bf97e9e7e658a00543bf3211..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1174 zcmXqLVwq&n#9Xz2nTe5!Nq~#d(TRb9F}Srji@WvBat;GtHcqWJkGAi;jEvl@36s;oISRp<>3NAIrA4Uh&j1wXVrpV! zWSDcA=R?#}J@@TJvF6R2Gm;HnT{l&eRDHO2pXtYfN&4G&cssJLUOCT{BjU|Qts@!j z+>0NVK6&l0_q|9qh$z3@aP-_(ic|2>=eGQq~-^kmKfP`JhC5R4vw5eA)gIAakh*Cmi&<$y_8PCx(i1!@^cPL@*HTc` zWI0xH;DX`VenX3?V!Kut?{NOOQU0(&{h~@kVOw3ZACLchGS1p*X?S$~kzQWe6fxsf zzgjf6UEw}(qxSG*CT2zk#>GvHwZIUmG!Oy?sH`v}<9`+o12!PV#K>U42NL54iLn6F zN1H)C8;3R2P#h-gA@BM&1Jqk%meH_+KEj7|4} z{$n&SFwld!fr(K}3F?Mqpc6oL=~fu(<)oGrr$UmNUVc%!fepx1c@|RxV*|ql`U`a1 zv|*Zxa?sojOz%Pd{vpne5ys9zK6=STIR>&I-Fz%!EFvqsvXWV9@9uhb(Q^AT*VOl) zSG-w>oJ4_H446b28SWZi7yO(YVR2VN^fzbdzOt~L1s+Q?-PNlPsc=mC7$xr|q-m~F z5-5|DvE%I2g7l}~m+bM=2s}Ic#k%&nuWsy$TF5x-&WF2MvROCm!j@;Oxdt4HR-{@kf)2a)+!u%`E2){6W_KTHd;L6O!Z+>x=&G>hD&N+uyM)Tw+#W)@;$%&5TiZ?#vJAaME2mNZDq`5a2Ps~@9)}OFZ z(#`f;o%FJ*_MMBXawUGLE}hse`rwn8e#8bgeVq)oW8O2)-kQ(zvwp%`XD=Zazx?7V bjaN%nhllF4Ox`})Hs(OaAVarCE7 diff --git a/sdkbase/makeconfig b/sdkbase/makeconfig deleted file mode 100755 index 85ac92d9..00000000 --- a/sdkbase/makeconfig +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/bash - -docker run --rm --entrypoint cat kbase/deplbase:latest /kb/deployment/deployment.cfg > cluster.ini -./create_certs diff --git a/sdkbase/openssl.cnf b/sdkbase/openssl.cnf deleted file mode 100644 index 2f072a40..00000000 --- a/sdkbase/openssl.cnf +++ /dev/null @@ -1,355 +0,0 @@ -# -# OpenSSL example configuration file. -# This is mostly being used for generation of certificate requests. -# - -# This definition stops the following lines choking if HOME isn't -# defined. -HOME = . -RANDFILE = $ENV::HOME/.rnd - -# Extra OBJECT IDENTIFIER info: -#oid_file = $ENV::HOME/.oid -oid_section = new_oids - -# To use this configuration file with the "-extfile" option of the -# "openssl x509" utility, name here the section containing the -# X.509v3 extensions to use: -# extensions = -# (Alternatively, use a configuration file that has only -# X.509v3 extensions in its main [= default] section.) - -[ new_oids ] - -# We can add new OIDs in here for use by 'ca', 'req' and 'ts'. -# Add a simple OID like this: -# testoid1=1.2.3.4 -# Or use config file substitution like this: -# testoid2=${testoid1}.5.6 - -# Policies used by the TSA examples. -tsa_policy1 = 1.2.3.4.1 -tsa_policy2 = 1.2.3.4.5.6 -tsa_policy3 = 1.2.3.4.5.7 - -#################################################################### -[ ca ] -default_ca = CA_default # The default ca section - -#################################################################### -[ CA_default ] - -dir = ./demoCA # Where everything is kept -certs = $dir/certs # Where the issued certs are kept -crl_dir = $dir/crl # Where the issued crl are kept -database = $dir/index.txt # database index file. -#unique_subject = no # Set to 'no' to allow creation of - # several ctificates with same subject. -new_certs_dir = $dir/newcerts # default place for new certs. - -certificate = $dir/cacert.pem # The CA certificate -serial = $dir/serial # The current serial number -crlnumber = $dir/crlnumber # the current crl number - # must be commented out to leave a V1 CRL -crl = $dir/crl.pem # The current CRL -private_key = $dir/private/cakey.pem# The private key -RANDFILE = $dir/private/.rand # private random number file - -x509_extensions = usr_cert # The extentions to add to the cert - -# Comment out the following two lines for the "traditional" -# (and highly broken) format. -name_opt = ca_default # Subject Name options -cert_opt = ca_default # Certificate field options - -# Extension copying option: use with caution. -# copy_extensions = copy - -# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs -# so this is commented out by default to leave a V1 CRL. -# crlnumber must also be commented out to leave a V1 CRL. -# crl_extensions = crl_ext - -default_days = 365 # how long to certify for -default_crl_days= 30 # how long before next CRL -default_md = default # use public key default MD -preserve = no # keep passed DN ordering - -# A few difference way of specifying how similar the request should look -# For type CA, the listed attributes must be the same, and the optional -# and supplied fields are just that :-) -policy = policy_match - -# For the CA policy -[ policy_match ] -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -# For the 'anything' policy -# At this point in time, you must list all acceptable 'object' -# types. -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -#################################################################### -[ req ] -default_bits = 1024 -default_keyfile = privkey.pem -distinguished_name = req_distinguished_name -attributes = req_attributes -x509_extensions = v3_ca # The extentions to add to the self signed cert - -# Passwords for private keys if not present they will be prompted for -# input_password = secret -# output_password = secret - -# This sets a mask for permitted string types. There are several options. -# default: PrintableString, T61String, BMPString. -# pkix : PrintableString, BMPString (PKIX recommendation before 2004) -# utf8only: only UTF8Strings (PKIX recommendation after 2004). -# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). -# MASK:XXXX a literal mask value. -# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings. -string_mask = utf8only - -req_extensions = v3_req # The extensions to add to a certificate request - -[ req_distinguished_name ] -countryName = Country Name (2 letter code) -countryName_default = US -countryName_min = 2 -countryName_max = 2 - -stateOrProvinceName = State or Province Name (full name) -stateOrProvinceName_default = California - -localityName = Locality Name (eg, city) - -0.organizationName = Organization Name (eg, company) -0.organizationName_default = KBase - -# we can do this but it is not needed normally :-) -#1.organizationName = Second Organization Name (eg, company) -#1.organizationName_default = World Wide Web Pty Ltd - -organizationalUnitName = Organizational Unit Name (eg, section) -#organizationalUnitName_default = - -commonName = Common Name (e.g. server FQDN or YOUR name) -commonName_max = 64 -commonName_default = ${ENV::PUBLIC_ADDRESS} - -emailAddress = Email Address -emailAddress_max = 64 - -# SET-ex3 = SET extension number 3 - -[ req_attributes ] -challengePassword = A challenge password -challengePassword_min = 4 -challengePassword_max = 20 - -unstructuredName = An optional company name - -[ usr_cert ] - -# These extensions are added when 'ca' signs a request. - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -# This is required for TSA certificates. -# extendedKeyUsage = critical,timeStamping - -[ v3_req ] - -# Extensions to add to a certificate request - -basicConstraints = CA:TRUE -keyUsage = digitalSignature, keyEncipherment -subjectAltName = @alt_names - -[alt_names] -DNS.1 = $ENV::PUBLIC_ADDRESS - -[ v3_ca ] - - -# Extensions for a typical CA - - -# PKIX recommendation. - -subjectKeyIdentifier=hash - -authorityKeyIdentifier=keyid:always,issuer - -# This is what PKIX recommends but some broken software chokes on critical -# extensions. -#basicConstraints = critical,CA:true -# So we do this instead. -basicConstraints = CA:true - -# Key usage: this is typical for a CA certificate. However since it will -# prevent it being used as an test self-signed certificate it is best -# left out by default. -# keyUsage = cRLSign, keyCertSign - -# Some might want this also -# nsCertType = sslCA, emailCA - -# Include email address in subject alt name: another PKIX recommendation -# subjectAltName=email:copy -# Copy issuer details -# issuerAltName=issuer:copy - -# DER hex encoding of an extension: beware experts only! -# obj=DER:02:03 -# Where 'obj' is a standard or added object -# You can even override a supported extension: -# basicConstraints= critical, DER:30:03:01:01:FF - -[ crl_ext ] - -# CRL extensions. -# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL. - -# issuerAltName=issuer:copy -authorityKeyIdentifier=keyid:always - -[ proxy_cert_ext ] -# These extensions should be added when creating a proxy certificate - -# This goes against PKIX guidelines but some CAs do it and some software -# requires this to avoid interpreting an end user certificate as a CA. - -basicConstraints=CA:FALSE - -# Here are some examples of the usage of nsCertType. If it is omitted -# the certificate can be used for anything *except* object signing. - -# This is OK for an SSL server. -# nsCertType = server - -# For an object signing certificate this would be used. -# nsCertType = objsign - -# For normal client use this is typical -# nsCertType = client, email - -# and for everything including object signing: -# nsCertType = client, email, objsign - -# This is typical in keyUsage for a client certificate. -# keyUsage = nonRepudiation, digitalSignature, keyEncipherment - -# This will be displayed in Netscape's comment listbox. -nsComment = "OpenSSL Generated Certificate" - -# PKIX recommendations harmless if included in all certificates. -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer - -# This stuff is for subjectAltName and issuerAltname. -# Import the email address. -# subjectAltName=email:copy -# An alternative to produce certificates that aren't -# deprecated according to PKIX. -# subjectAltName=email:move - -# Copy subject details -# issuerAltName=issuer:copy - -#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem -#nsBaseUrl -#nsRevocationUrl -#nsRenewalUrl -#nsCaPolicyUrl -#nsSslServerName - -# This really needs to be in place for it to be a proxy certificate. -proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo - -#################################################################### -[ tsa ] - -default_tsa = tsa_config1 # the default TSA section - -[ tsa_config1 ] - -# These are used by the TSA reply generation only. -dir = ./demoCA # TSA root directory -serial = $dir/tsaserial # The current serial number (mandatory) -crypto_device = builtin # OpenSSL engine to use for signing -signer_cert = $dir/tsacert.pem # The TSA signing certificate - # (optional) -certs = $dir/cacert.pem # Certificate chain to include in reply - # (optional) -signer_key = $dir/private/tsakey.pem # The TSA private key (optional) - -default_policy = tsa_policy1 # Policy if request did not specify it - # (optional) -other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional) -digests = md5, sha1 # Acceptable message digests (mandatory) -accuracy = secs:1, millisecs:500, microsecs:100 # (optional) -clock_precision_digits = 0 # number of digits after dot. (optional) -ordering = yes # Is ordering defined for timestamps? - # (optional, default: no) -tsa_name = yes # Must the TSA name be included in the reply? - # (optional, default: no) -ess_cert_id_chain = no # Must the ESS cert id chain be included? - # (optional, default: no) diff --git a/sdkbase/sdkbase.build.tag b/sdkbase/sdkbase.build.tag deleted file mode 100644 index c65fbcf7..00000000 --- a/sdkbase/sdkbase.build.tag +++ /dev/null @@ -1 +0,0 @@ -4/7/2017 diff --git a/src/java/us/kbase/templates/module_travis.vm.properties b/src/java/us/kbase/templates/module_travis.vm.properties index a7c1b256..e51dcae5 100644 --- a/src/java/us/kbase/templates/module_travis.vm.properties +++ b/src/java/us/kbase/templates/module_travis.vm.properties @@ -20,7 +20,6 @@ install: - git clone https://github.com/kbase/kb_sdk - cd kb_sdk - make bin - - make sdkbase - export PATH=$(pwd)/bin:$PATH - source src/sh/sdk-completion.sh - popd @@ -28,4 +27,4 @@ install: script: - kb-sdk validate -after_script: \ No newline at end of file +after_script: