diff --git a/k/kafka-bv/Dockerfiles/v4.1.0_ubi_9.7/Dockerfile b/k/kafka-bv/Dockerfiles/v4.1.0_ubi_9.7/Dockerfile new file mode 100644 index 0000000000..9394a61a69 --- /dev/null +++ b/k/kafka-bv/Dockerfiles/v4.1.0_ubi_9.7/Dockerfile @@ -0,0 +1,203 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +# Stage 1: Build utilities from source using secure Go version (resolves stdlib CVEs) +FROM registry.access.redhat.com/ubi9/ubi:9.7 AS setupbuilder + +ARG KAFKA_VERSION=4.1.0 +ARG BITNAMI_COMMIT=be4c353 +ARG GO_VERSION=1.26.3 + + +# Install build dependencies and update system packages +RUN yum update -y && yum install -y git wget tar gcc && yum clean all + +# Install secure Go version to fix stdlib CVEs (CVE-2025-68121, CVE-2025-58183, etc.) +RUN wget -q https://go.dev/dl/go${GO_VERSION}.linux-ppc64le.tar.gz && \ + tar -C /usr/local -xzf go${GO_VERSION}.linux-ppc64le.tar.gz && \ + rm go${GO_VERSION}.linux-ppc64le.tar.gz + +ENV PATH="/usr/local/go/bin:$PATH" + +# Build wait-for-port from source +RUN git clone https://github.com/bitnami/wait-for-port /build/wait-for-port && \ + cd /build/wait-for-port && \ + git checkout v1.0.10 && \ + go build . + + +# Assemble prebuildfs +RUN git clone https://github.com/bitnami/containers /build/containers && \ + cd /build/containers && \ + git checkout ${BITNAMI_COMMIT} + +RUN cd /build/containers/bitnami/kafka/4.1/debian-12 && \ + wget https://downloads.bitnami.com/files/stacksmith/kafka-${KAFKA_VERSION}-0-linux-amd64-debian-12.tar.gz || true && \ + if [ -f kafka-${KAFKA_VERSION}-0-linux-amd64-debian-12.tar.gz ]; then \ + tar -xvf kafka-${KAFKA_VERSION}-0-linux-amd64-debian-12.tar.gz && \ + mkdir -p prebuildfs/opt/bitnami/kafka/config && \ + if [ -d kafka-${KAFKA_VERSION}-linux-amd64-debian-12/files/kafka/config ]; then \ + cp -r kafka-${KAFKA_VERSION}-linux-amd64-debian-12/files/kafka/config/* \ + prebuildfs/opt/bitnami/kafka/config/; \ + fi; \ + fi + +# Stage 2: Build Kafka from source +FROM registry.access.redhat.com/ubi9/ubi:9.7 AS kafkabuilder + +ARG KAFKA_VERSION=4.1.0 + +WORKDIR /build + +RUN yum update -y && \ + yum install -y \ + git \ + wget \ + tar \ + gcc \ + gcc-c++ \ + make \ + java-17-openjdk-devel.ppc64le \ + libtool \ + file \ + diffutils && \ + yum clean all && \ + rm -rf /var/cache/yum + +# Build Kafka with CVE fixes for vulnerable dependencies +RUN cd /build && \ + git clone https://github.com/apache/kafka && \ + cd kafka && \ + git checkout ${KAFKA_VERSION} && \ + echo "Checked out Kafka version: ${KAFKA_VERSION}" && \ + git describe --tags && \ + export JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep -P '^(?=.*java-17)(?=.*ppc64le)') && \ + export PATH=$JAVA_HOME/bin:$PATH && \ + echo 'allprojects {' > init.gradle && \ + echo ' configurations.all {' >> init.gradle && \ + echo ' resolutionStrategy {' >> init.gradle && \ + echo " force 'commons-io:commons-io:2.21.0'" >> init.gradle && \ + echo " force 'org.apache.httpcomponents.client5:httpclient5:5.6.1'" >> init.gradle && \ + echo " force 'org.bouncycastle:bcpg-jdk18on:1.84'" >> init.gradle && \ + echo " force 'org.bouncycastle:bcprov-jdk18on:1.84'" >> init.gradle && \ + echo " force 'org.codehaus.plexus:plexus-utils:4.0.3'" >> init.gradle && \ + echo " force 'org.eclipse.jetty:jetty-http:12.0.33'" >> init.gradle && \ + echo " force 'org.eclipse.jetty:jetty-server:12.0.33'" >> init.gradle && \ + echo " force 'org.eclipse.jetty:jetty-io:12.0.33'" >> init.gradle && \ + echo " force 'org.eclipse.jetty:jetty-util:12.0.33'" >> init.gradle && \ + echo " force 'org.eclipse.jetty:jetty-client:12.0.33'" >> init.gradle && \ + echo ' }' >> init.gradle && \ + echo ' }' >> init.gradle && \ + echo '}' >> init.gradle && \ + ./gradlew jar -x test --init-script init.gradle + +# Collect Kafka binaries and libraries +RUN mkdir -p /root/kafka/bin /root/kafka/libs /root/kafka/config && \ + cp -r /build/kafka/bin/* /root/kafka/bin/ && \ + cp -r /build/kafka/config/* /root/kafka/config/ && \ + find /build/kafka -path "*/build/libs/*.jar" -type f -exec cp {} /root/kafka/libs/ \; && \ + find /build/kafka -path "*/build/dependant-libs/*.jar" -type f -exec cp {} /root/kafka/libs/ \; 2>/dev/null || true && \ + find /build/kafka -path "*/build/dependant-libs-*/*.jar" -type f -exec cp {} /root/kafka/libs/ \; 2>/dev/null || true && \ + find /root/.gradle/caches/modules-2/files-2.1 -name "*.jar" -exec cp {} /root/kafka/libs/ \; 2>/dev/null || true && \ + echo "Total JARs before cleanup: $(ls -1 /root/kafka/libs/*.jar | wc -l)" && \ + cd /root/kafka/libs && \ + rm -f commons-io-2.11.0.jar commons-io-2.8.0.jar || true && \ + rm -f httpclient5-5.6.jar || true && \ + rm -f bcpg-jdk18on-1.71.jar bcpg-jdk18on-1.83.jar || true && \ + rm -f bcprov-jdk18on-1.71.jar bcprov-jdk18on-1.83.jar bcprov-jdk15on-1.56.jar || true && \ + rm -f plexus-utils-4.0.2.jar plexus-utils-3.*.jar || true && \ + rm -f jetty-http-12.0.22.jar jetty-server-12.0.22.jar jetty-io-12.0.22.jar || true && \ + rm -f jetty-util-12.0.22.jar jetty-client-12.0.22.jar || true && \ + rm -f jackson-core-2.14.2.jar jackson-databind-2.14.2.jar jackson-annotations-2.14.2.jar || true && \ + rm -f jackson-dataformat-yaml-2.14.2.jar jackson-module-afterburner-2.14.2.jar jackson-module-blackbird-2.14.2.jar || true && \ + rm -f ehcache-2.10.4.jar || true && \ + rm -f h2-2.1.214.jar || true && \ + rm -f xstream-1.4.20.jar || true && \ + rm -f snakeyaml-1.33.jar || true && \ + rm -f lz4-java-1.8.0.jar || true && \ + rm -f mina-core-2.0.16.jar || true && \ + rm -f velocity-engine-core-2.3.jar || true && \ + rm -f commons-beanutils-1.9.4.jar || true && \ + ls -lh /root/kafka/libs/ && \ + echo "Total JARs after cleanup: $(ls -1 /root/kafka/libs/*.jar | wc -l)" + +# Stage 3: Final runtime image +FROM registry.access.redhat.com/ubi9/ubi:9.7 + +LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ + org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kafka/README.md" \ + org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kafka" \ + org.opencontainers.image.title="kafka" \ + org.opencontainers.image.version="4.1.0" + +ENV HOME="/" \ + OS_ARCH="ppc64le" \ + OS_FLAVOUR="rhel9" \ + OS_NAME="linux" + +COPY --from=setupbuilder /build/containers/bitnami/kafka/4.1/debian-12/prebuildfs / +COPY --from=setupbuilder /build/containers/bitnami/kafka/4.1/debian-12/rootfs / + +# Install runtime dependencies and apply all security updates +# Fix HIGH CVEs with available patches: libcap (CVE-2026-4878), vim-minimal (CVE-2026-34982) +RUN yum update -y && \ + yum install -y \ + acl \ + ca-certificates \ + curl-minimal \ + gzip \ + glibc \ + procps-ng \ + tar \ + java-17-openjdk-headless.ppc64le \ + zlib && \ + yum upgrade -y --allowerasing && \ + yum upgrade -y libcap vim-minimal && \ + yum clean all && \ + rm -rf /var/cache/yum /var/tmp/* + +# Set Java environment for runtime (dynamically detect) +RUN export JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep -P '^(?=.*java-17)(?=.*ppc64le)' | head -1) && \ + echo "export JAVA_HOME=$JAVA_HOME" >> /etc/profile.d/java.sh && \ + echo "export PATH=\$JAVA_HOME/bin:\$PATH" >> /etc/profile.d/java.sh + +ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk +ENV PATH=$JAVA_HOME/bin:$PATH + +RUN chmod g+rwX /opt/bitnami +RUN mkdir -p /opt/bitnami/common/bin /opt/bitnami/kafka + +# Copy Kafka artifacts first (before postunpack scripts) +COPY --from=setupbuilder /build/wait-for-port/wait-for-port /opt/bitnami/common/bin/wait-for-port +COPY --from=kafkabuilder /root/kafka/bin /opt/bitnami/kafka/bin +COPY --from=kafkabuilder /root/kafka/libs /opt/bitnami/kafka/libs +COPY --from=kafkabuilder /root/kafka/config /opt/bitnami/kafka/config + +# Now run postunpack scripts +RUN ln -s /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh +RUN ln -s /opt/bitnami/scripts/kafka/run.sh /run.sh +RUN /opt/bitnami/scripts/java/postunpack.sh +RUN /opt/bitnami/scripts/kafka/postunpack.sh +RUN chmod g+rwX /opt/bitnami + +# Set executable permissions +RUN chmod +x /opt/bitnami/common/bin/wait-for-port && \ + chmod +x /opt/bitnami/kafka/bin/*.sh + +# Create symlink for Java compatibility +RUN mkdir -p /opt/bitnami/java/bin && \ + REAL_JAVA_HOME=$(ls -d /usr/lib/jvm/java-17-openjdk-* | head -1) && \ + ln -s $REAL_JAVA_HOME /opt/bitnami/java/jre && \ + ln -s $REAL_JAVA_HOME/bin/java /opt/bitnami/java/bin/java + +ENV APP_VERSION="4.1.0" \ + BITNAMI_APP_NAME="kafka" \ + IMAGE_REVISION="0" \ + JAVA_HOME="/opt/bitnami/java" \ + PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/kafka/bin:$PATH" + +EXPOSE 9092 + +USER 1001 +ENTRYPOINT [ "/opt/bitnami/scripts/kafka/entrypoint.sh" ] +CMD [ "/opt/bitnami/scripts/kafka/run.sh" ] diff --git a/k/kafka-bv/LICENSE b/k/kafka-bv/LICENSE new file mode 100644 index 0000000000..8dada3edaf --- /dev/null +++ b/k/kafka-bv/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/k/kafka-bv/build_info.json b/k/kafka-bv/build_info.json new file mode 100644 index 0000000000..88f2155fd5 --- /dev/null +++ b/k/kafka-bv/build_info.json @@ -0,0 +1,19 @@ +{ + "maintainer": "Veenious D Geevarghese", + "package_name": "kafka-bv", + "github_url": "https://github.com/apache/kafka", + "version": "4.1.0", + "default_branch": "trunk", + "build_script": "kafka-bv_4.1.0_ubi_9.7.sh", + "package_dir": "k/kafka-bv/", + "docker_build": false, + "validate_build_script": true, + "use_non_root_user": false, + "4.*.*": { + "dir": "v4.1.0_ubi_9.7", + "build_script": "kafka-bv_4.1.0_ubi_9.7.sh", + "args": { + "kafka_version": "$PACKAGE_VERSION" + } + } +} \ No newline at end of file diff --git a/k/kafka-bv/kafka-bv_4.1.0_ubi_9.7.sh b/k/kafka-bv/kafka-bv_4.1.0_ubi_9.7.sh new file mode 100644 index 0000000000..4c657a7387 --- /dev/null +++ b/k/kafka-bv/kafka-bv_4.1.0_ubi_9.7.sh @@ -0,0 +1,238 @@ +#!/bin/bash -ex +# ---------------------------------------------------------------------------- +# +# Package : kafka +# Version : v4.1.0 +# Source repo : https://github.com/apache/kafka +# Tested on : UBI:9.7 +# Language : Java +# Ci-Check : True +# Script License: Apache License, Version 2 or later +# Maintainer : Veenious D Geevarghese +# +# Disclaimer: This script has been tested in root mode on given +# ========== platform using the mentioned version of the package. +# It may not work as expected with newer versions of the +# package and/or distribution. In such case, please +# contact "Maintainer" of this script. +# +# ---------------------------------------------------------------------------- + +PACKAGE_NAME=kafka +PACKAGE_VERSION=${1:-'4.1.0'} +PACKAGE_URL=https://github.com/apache/kafka.git + +BITNAMI_COMMIT=${BITNAMI_COMMIT:-be4c353} +GO_VERSION=${GO_VERSION:-1.26.3} + +BUILD_HOME=$(pwd) +SCRIPT_PATH=$(dirname "$(realpath "$0")") +OS_NAME=$(grep ^PRETTY_NAME /etc/os-release | cut -d= -f2) + +# ---------------------------------------------------------------------------- +# Install system dependencies +# ---------------------------------------------------------------------------- +yum update -y +yum install -y \ + git wget tar gcc gcc-c++ make \ + java-17-openjdk-devel.ppc64le \ + libtool file diffutils \ + acl ca-certificates curl-minimal gzip glibc \ + procps-ng zlib xz unzip zip findutils which +yum upgrade -y --allowerasing +yum upgrade -y libcap vim-minimal +yum clean all + +# ---------------------------------------------------------------------------- +# Install Go (fixes stdlib CVEs: CVE-2025-68121, CVE-2025-58183, etc.) +# ---------------------------------------------------------------------------- +wget -q "https://go.dev/dl/go${GO_VERSION}.linux-ppc64le.tar.gz" +tar -C /usr/local -xzf "go${GO_VERSION}.linux-ppc64le.tar.gz" +rm "go${GO_VERSION}.linux-ppc64le.tar.gz" +export PATH="/usr/local/go/bin:$PATH" +go version + +# ---------------------------------------------------------------------------- +# Build wait-for-port from source +# ---------------------------------------------------------------------------- +git clone https://github.com/bitnami/wait-for-port "$BUILD_HOME/wait-for-port" +cd "$BUILD_HOME/wait-for-port" +git checkout v1.0.10 +go build . + +# ---------------------------------------------------------------------------- +# Assemble Bitnami prebuildfs +# ---------------------------------------------------------------------------- +git clone https://github.com/bitnami/containers "$BUILD_HOME/containers" +cd "$BUILD_HOME/containers" +git checkout "$BITNAMI_COMMIT" + +cd "$BUILD_HOME/containers/bitnami/kafka/4.1/debian-12" +wget "https://downloads.bitnami.com/files/stacksmith/kafka-${PACKAGE_VERSION}-0-linux-amd64-debian-12.tar.gz" || true +if [ -f "kafka-${PACKAGE_VERSION}-0-linux-amd64-debian-12.tar.gz" ]; then + tar -xvf "kafka-${PACKAGE_VERSION}-0-linux-amd64-debian-12.tar.gz" + mkdir -p prebuildfs/opt/bitnami/kafka/config + if [ -d "kafka-${PACKAGE_VERSION}-linux-amd64-debian-12/files/kafka/config" ]; then + cp -r "kafka-${PACKAGE_VERSION}-linux-amd64-debian-12/files/kafka/config/"* \ + prebuildfs/opt/bitnami/kafka/config/ + fi +fi + +# Copy prebuildfs and rootfs into place +cp -r prebuildfs/. / +cp -r rootfs/. / + +# ---------------------------------------------------------------------------- +# Clone Kafka +# ---------------------------------------------------------------------------- +if ! git clone "$PACKAGE_URL" "$BUILD_HOME/kafka"; then + echo "------------------$PACKAGE_NAME:clone_fails---------------------------------------" + echo "$PACKAGE_URL $PACKAGE_NAME" + echo "$PACKAGE_NAME | $PACKAGE_URL | $PACKAGE_VERSION | $OS_NAME | GitHub | Fail | Clone_Fails" + exit 0 +fi + +cd "$BUILD_HOME/kafka" +git checkout "$PACKAGE_VERSION" +echo "Checked out Kafka version: $PACKAGE_VERSION" +git describe --tags + +# ---------------------------------------------------------------------------- +# Set Java environment +# ---------------------------------------------------------------------------- +export JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep -P '^(?=.*java-17)(?=.*ppc64le)') +export PATH=$JAVA_HOME/bin:$PATH +java -version + +# ---------------------------------------------------------------------------- +# Create Gradle dependency overrides for CVE fixes +# ---------------------------------------------------------------------------- +cat > init.gradle << 'EOF' +allprojects { + configurations.all { + resolutionStrategy { + force 'commons-io:commons-io:2.21.0' + force 'org.apache.httpcomponents.client5:httpclient5:5.6.1' + force 'org.bouncycastle:bcpg-jdk18on:1.84' + force 'org.bouncycastle:bcprov-jdk18on:1.84' + force 'org.codehaus.plexus:plexus-utils:4.0.3' + force 'org.eclipse.jetty:jetty-http:12.0.33' + force 'org.eclipse.jetty:jetty-server:12.0.33' + force 'org.eclipse.jetty:jetty-io:12.0.33' + force 'org.eclipse.jetty:jetty-util:12.0.33' + force 'org.eclipse.jetty:jetty-client:12.0.33' + } + } +} +EOF + +# ---------------------------------------------------------------------------- +# Build Kafka +# ---------------------------------------------------------------------------- +if ! ./gradlew jar -x test --init-script init.gradle; then + echo "------------------$PACKAGE_NAME:build_fails-------------------------------------" + echo "$PACKAGE_URL $PACKAGE_NAME" + echo "$PACKAGE_NAME | $PACKAGE_URL | $PACKAGE_VERSION | $OS_NAME | GitHub | Fail | Build_Fails" + exit 1 +fi + +# ---------------------------------------------------------------------------- +# Collect Kafka binaries and libraries +# ---------------------------------------------------------------------------- +mkdir -p /root/kafka/bin /root/kafka/libs /root/kafka/config + +cp -r "$BUILD_HOME/kafka/bin/"* /root/kafka/bin/ +cp -r "$BUILD_HOME/kafka/config/"* /root/kafka/config/ +find "$BUILD_HOME/kafka" -path "*/build/libs/*.jar" -type f -exec cp {} /root/kafka/libs/ \; +find "$BUILD_HOME/kafka" -path "*/build/dependant-libs/*.jar" -type f -exec cp {} /root/kafka/libs/ \; 2>/dev/null || true +find "$BUILD_HOME/kafka" -path "*/build/dependant-libs-*/*.jar" -type f -exec cp {} /root/kafka/libs/ \; 2>/dev/null || true +find /root/.gradle/caches/modules-2/files-2.1 -name "*.jar" -exec cp {} /root/kafka/libs/ \; 2>/dev/null || true + +echo "Total JARs before cleanup: $(ls -1 /root/kafka/libs/*.jar | wc -l)" + +# ---------------------------------------------------------------------------- +# Remove vulnerable JAR versions +# ---------------------------------------------------------------------------- +cd /root/kafka/libs +rm -f commons-io-2.11.0.jar commons-io-2.8.0.jar || true +rm -f httpclient5-5.6.jar || true +rm -f bcpg-jdk18on-1.71.jar bcpg-jdk18on-1.83.jar || true +rm -f bcprov-jdk18on-1.71.jar bcprov-jdk18on-1.83.jar bcprov-jdk15on-1.56.jar || true +rm -f plexus-utils-4.0.2.jar plexus-utils-3.*.jar || true +rm -f jetty-http-12.0.22.jar jetty-server-12.0.22.jar jetty-io-12.0.22.jar || true +rm -f jetty-util-12.0.22.jar jetty-client-12.0.22.jar || true +rm -f jackson-core-2.14.2.jar jackson-databind-2.14.2.jar jackson-annotations-2.14.2.jar || true +rm -f jackson-dataformat-yaml-2.14.2.jar jackson-module-afterburner-2.14.2.jar jackson-module-blackbird-2.14.2.jar || true +rm -f ehcache-2.10.4.jar || true +rm -f h2-2.1.214.jar || true +rm -f xstream-1.4.20.jar || true +rm -f snakeyaml-1.33.jar || true +rm -f lz4-java-1.8.0.jar || true +rm -f mina-core-2.0.16.jar || true +rm -f velocity-engine-core-2.3.jar || true +rm -f commons-beanutils-1.9.4.jar || true + +ls -lh /root/kafka/libs/ +echo "Total JARs after cleanup: $(ls -1 /root/kafka/libs/*.jar | wc -l)" + +# ---------------------------------------------------------------------------- +# Install runtime layout under /opt/bitnami +# ---------------------------------------------------------------------------- +chmod g+rwX /opt/bitnami +mkdir -p /opt/bitnami/common/bin /opt/bitnami/kafka /opt/bitnami/java/bin + +# Set Java environment for runtime (dynamically detect) +REAL_JAVA_HOME=$(ls -d /usr/lib/jvm/java-17-openjdk-* | head -1) +echo "export JAVA_HOME=$REAL_JAVA_HOME" >> /etc/profile.d/java.sh +echo "export PATH=\$JAVA_HOME/bin:\$PATH" >> /etc/profile.d/java.sh + +# Create Java symlinks +ln -s "$REAL_JAVA_HOME" /opt/bitnami/java/jre +ln -s "$REAL_JAVA_HOME/bin/java" /opt/bitnami/java/bin/java + +# Copy wait-for-port utility +cp "$BUILD_HOME/wait-for-port/wait-for-port" /opt/bitnami/common/bin/wait-for-port +chmod +x /opt/bitnami/common/bin/wait-for-port + +# Copy Kafka artifacts +cp -r /root/kafka/bin/. /opt/bitnami/kafka/bin/ +cp -r /root/kafka/libs/. /opt/bitnami/kafka/libs/ +cp -r /root/kafka/config/. /opt/bitnami/kafka/config/ + +# Set executable permissions +chmod +x /opt/bitnami/kafka/bin/*.sh + +# Create entrypoint symlinks +ln -sf /opt/bitnami/scripts/kafka/entrypoint.sh /entrypoint.sh +ln -sf /opt/bitnami/scripts/kafka/run.sh /run.sh + +# Run postunpack scripts +/opt/bitnami/scripts/java/postunpack.sh +/opt/bitnami/scripts/kafka/postunpack.sh +chmod g+rwX /opt/bitnami + +# ---------------------------------------------------------------------------- +# Cleanup +# ---------------------------------------------------------------------------- +yum clean all +rm -rf /var/cache/yum /var/tmp/* + +# ---------------------------------------------------------------------------- +# Set environment variables +# ---------------------------------------------------------------------------- +export HOME="/" +export OS_ARCH="ppc64le" +export OS_FLAVOUR="rhel9" +export OS_NAME="linux" +export JAVA_HOME="/opt/bitnami/java" +export PATH="/opt/bitnami/java/bin:/opt/bitnami/common/bin:/opt/bitnami/kafka/bin:$PATH" +export APP_VERSION="$PACKAGE_VERSION" +export BITNAMI_APP_NAME="kafka" +export IMAGE_REVISION="0" + +echo "------------------$PACKAGE_NAME:install_&_build_success-------------------------" +echo "$PACKAGE_URL $PACKAGE_NAME" +echo "$PACKAGE_NAME | $PACKAGE_URL | $PACKAGE_VERSION | $OS_NAME | GitHub | Pass | Build_and_Install_Success" +exit 0 + +