diff --git a/libs/arrow/build.gradle b/libs/arrow/build.gradle index 4bcfbd6868c8b..30714aa9e0e29 100644 --- a/libs/arrow/build.gradle +++ b/libs/arrow/build.gradle @@ -25,10 +25,10 @@ dependencies { } runtimeOnly 'com.google.flatbuffers:flatbuffers-java:2.0.0' - runtimeOnly 'com.fasterxml.jackson.core:jackson-databind:2.17.2' - runtimeOnly 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.2' - runtimeOnly 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2' - runtimeOnly 'com.fasterxml.jackson.core:jackson-annotations:2.17.2' + api 'com.fasterxml.jackson.core:jackson-databind:2.17.2' + api 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.17.2' + api 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.17.2' + api 'com.fasterxml.jackson.core:jackson-annotations:2.17.2' testImplementation "com.carrotsearch.randomizedtesting:randomizedtesting-runner:${versions.randomizedrunner}" testImplementation "junit:junit:${versions.junit}" diff --git a/modules/arrow-flight/src/main/plugin-metadata/plugin-security.policy b/modules/arrow-flight/src/main/plugin-metadata/plugin-security.policy deleted file mode 100644 index 27a77e957923a..0000000000000 --- a/modules/arrow-flight/src/main/plugin-metadata/plugin-security.policy +++ /dev/null @@ -1,28 +0,0 @@ -/* - * SPDX-License-Identifier: Apache-2.0 - * - * The OpenSearch Contributors require contributions made to - * this file be licensed under the Apache-2.0 license or a - * compatible open source license. - */ - -grant codeBase "${codebase.netty-common}" { - // for reading the system-wide configuration for the backlog of established sockets - permission java.io.FilePermission "/proc/sys/net/core/somaxconn", "read"; - - // netty makes and accepts socket connections - permission java.net.SocketPermission "*", "accept,connect"; - - // Netty sets custom classloader for some of its internal threads - permission java.lang.RuntimePermission "*", "setContextClassLoader"; -}; - -grant codeBase "${codebase.netty-transport}" { - // Netty NioEventLoop wants to change this, because of https://bugs.openjdk.java.net/browse/JDK-6427854 - // the bug says it only happened rarely, and that its fixed, but apparently it still happens rarely! - permission java.util.PropertyPermission "sun.nio.ch.bugLevel", "write"; -}; - -grant { - permission java.lang.RuntimePermission "accessClassInPackage.*"; -}; diff --git a/server/build.gradle b/server/build.gradle index 9fef5c7554218..403f0756f530e 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -37,7 +37,6 @@ plugins { id('opensearch.internal-cluster-test') id('opensearch.optional-dependencies') id('me.champeau.gradle.japicmp') version '0.4.3' - id('com.github.johnrengelman.shadow') } publishing { @@ -138,9 +137,6 @@ dependencies { exclude group: 'org.opensearch', module: 'server' } } -tasks.withType(JavaCompile) { - options.compilerArgs.removeAll(['-Werror']) -} tasks.withType(JavaCompile).configureEach { options.compilerArgs -= '-Xlint:cast' @@ -153,26 +149,6 @@ compileJava { 'org.opensearch.common.annotation.processor.ApiAnnotationProcessor'].join(',')] } -//shadowJar { -// // Optional: set a classifier to differentiate the shadow JAR if needed -// archiveClassifier.set('all') -// -// // Relocate multiple Netty packages to avoid conflicts -// relocate 'io.netty.buffer', 'org.apache.arrow.shaded.io.netty.buffer' -// relocate 'io.netty.util', 'org.apache.arrow.shaded.io.netty.util' -// relocate 'io.netty.channel', 'org.apache.arrow.shaded.io.netty.channel' -// relocate 'io.netty.handler', 'org.apache.arrow.shaded.io.netty.handler' -//} -tasks.build { - dependsOn shadowJar -} -task listConfigurations { - doLast { - configurations.each { config -> - println config.name - } - } -} tasks.named("internalClusterTest").configure { // TODO: these run faster with C2 only because they run for so, so long jvmArgs -= '-XX:TieredStopAtLevel=1' diff --git a/server/src/main/java/org/opensearch/bootstrap/Security.java b/server/src/main/java/org/opensearch/bootstrap/Security.java index a0bcf7086b6d5..53b1d990f9a0c 100644 --- a/server/src/main/java/org/opensearch/bootstrap/Security.java +++ b/server/src/main/java/org/opensearch/bootstrap/Security.java @@ -138,22 +138,22 @@ static void configure(Environment environment, boolean filterBadDefaults) throws // enable security policy: union of template and environment-based paths, and possibly plugin permissions Map codebases = getCodebaseJarMap(JarHell.parseClassPath()); -// Policy.setPolicy( -// new OpenSearchPolicy( -// codebases, -// createPermissions(environment), -// getPluginPermissions(environment), -// filterBadDefaults, -// createRecursiveDataPathPermission(environment) -// ) -// ); + Policy.setPolicy( + new OpenSearchPolicy( + codebases, + createPermissions(environment), + getPluginPermissions(environment), + filterBadDefaults, + createRecursiveDataPathPermission(environment) + ) + ); // enable security manager final String[] classesThatCanExit = new String[] { // SecureSM matches class names as regular expressions so we escape the $ that arises from the nested class name OpenSearchUncaughtExceptionHandler.PrivilegedHaltAction.class.getName().replace("$", "\\$"), Command.class.getName() }; - // System.setSecurityManager(new SecureSM(classesThatCanExit)); + System.setSecurityManager(new SecureSM(classesThatCanExit)); // do some basic tests selfTest();