From 1824168c87be7f531abd4299983ca82f5b32bd31 Mon Sep 17 00:00:00 2001 From: Kevin Risden Date: Wed, 21 May 2025 21:53:45 -0400 Subject: [PATCH 1/4] fix-tmp-symlink --- solr/bin/solr | 1 + 1 file changed, 1 insertion(+) diff --git a/solr/bin/solr b/solr/bin/solr index 846ff39ce32..b20dbf53582 100755 --- a/solr/bin/solr +++ b/solr/bin/solr @@ -1314,6 +1314,7 @@ function start_solr() { SOLR_START_OPTS=('-server' "${JAVA_MEM_OPTS[@]}" "${GC_TUNE_ARR[@]}" "${GC_LOG_OPTS[@]}" "${IP_ACL_OPTS[@]}" \ "${REMOTE_JMX_OPTS[@]}" "${CLOUD_MODE_OPTS[@]}" -Dsolr.log.dir="$SOLR_LOGS_DIR" \ "-Djetty.port=$SOLR_PORT" "-DSTOP.PORT=$stop_port" "-DSTOP.KEY=$STOP_KEY" \ + "-Djava.io.tmpdir=$(cd $TMPDIR; pwd -P)" \ # '-OmitStackTraceInFastThrow' ensures stack traces in errors, # users who don't care about useful error msgs can override in SOLR_OPTS with +OmitStackTraceInFastThrow "${SOLR_HOST_ARG[@]}" "-Duser.timezone=$SOLR_TIMEZONE" "-XX:-OmitStackTraceInFastThrow" \ From 05c45b00e9a9c199b16a453e647a9bfc5013c56e Mon Sep 17 00:00:00 2001 From: Kevin Risden Date: Wed, 21 May 2025 22:15:41 -0400 Subject: [PATCH 2/4] Fix a few more places and make shellcheck less mad --- solr/bin/solr | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/solr/bin/solr b/solr/bin/solr index b20dbf53582..889bea5b7e3 100755 --- a/solr/bin/solr +++ b/solr/bin/solr @@ -495,9 +495,10 @@ function jetty_port() { # useful for doing cross-platform work from the command-line using Java function run_tool() { - # shellcheck disable=SC2086 + # shellcheck disable=SC2086,SC2164 "$JAVA" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_ZK_CREDS_AND_ACLS:-} ${SOLR_TOOL_OPTS:-} -Dsolr.install.dir="$SOLR_TIP" \ -Dlog4j.configurationFile="$DEFAULT_SERVER_DIR/resources/log4j2-console.xml" -Dsolr.pid.dir="$SOLR_PID_DIR" \ + -Djava.io.tmpdir="$(cd "$TMPDIR"; pwd -P)" \ -classpath "$DEFAULT_SERVER_DIR/solr-webapp/webapp/WEB-INF/lib/*:$DEFAULT_SERVER_DIR/lib/ext/*:$DEFAULT_SERVER_DIR/lib/*" \ org.apache.solr.cli.SolrCLI "$@" @@ -517,8 +518,9 @@ function stop_solr() { if [ -n "$SOLR_PID" ]; then echo -e "Sending stop command to Solr running on port $SOLR_PORT ... waiting up to $SOLR_STOP_WAIT seconds to allow Jetty process $SOLR_PID to stop gracefully." - # shellcheck disable=SC2086 - "$JAVA" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_TOOL_OPTS:-} -jar "$DIR/start.jar" "STOP.PORT=$THIS_STOP_PORT" "STOP.KEY=$STOP_KEY" --stop || true + # shellcheck disable=SC2086,SC2164 + "$JAVA" -Djava.io.tmpdir="$(cd "$TMPDIR"; pwd -P)" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_TOOL_OPTS:-} \ + -jar "$DIR/start.jar" "STOP.PORT=$THIS_STOP_PORT" "STOP.KEY=$STOP_KEY" --stop || true (loops=0 while true do @@ -1311,10 +1313,11 @@ function start_solr() { # Add vector optimizations module SCRIPT_SOLR_OPTS+=("--add-modules" "jdk.incubator.vector") + # shellcheck disable=SC2164 SOLR_START_OPTS=('-server' "${JAVA_MEM_OPTS[@]}" "${GC_TUNE_ARR[@]}" "${GC_LOG_OPTS[@]}" "${IP_ACL_OPTS[@]}" \ "${REMOTE_JMX_OPTS[@]}" "${CLOUD_MODE_OPTS[@]}" -Dsolr.log.dir="$SOLR_LOGS_DIR" \ "-Djetty.port=$SOLR_PORT" "-DSTOP.PORT=$stop_port" "-DSTOP.KEY=$STOP_KEY" \ - "-Djava.io.tmpdir=$(cd $TMPDIR; pwd -P)" \ + "-Djava.io.tmpdir=$(cd "$TMPDIR"; pwd -P)" \ # '-OmitStackTraceInFastThrow' ensures stack traces in errors, # users who don't care about useful error msgs can override in SOLR_OPTS with +OmitStackTraceInFastThrow "${SOLR_HOST_ARG[@]}" "-Duser.timezone=$SOLR_TIMEZONE" "-XX:-OmitStackTraceInFastThrow" \ From db332c8143667f524e245124d94d134275acaa1f Mon Sep 17 00:00:00 2001 From: Kevin Risden Date: Wed, 21 May 2025 22:26:47 -0400 Subject: [PATCH 3/4] Try to support other than tmpdir --- solr/bin/solr | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/solr/bin/solr b/solr/bin/solr index 889bea5b7e3..4720b55acda 100755 --- a/solr/bin/solr +++ b/solr/bin/solr @@ -498,7 +498,7 @@ function run_tool() { # shellcheck disable=SC2086,SC2164 "$JAVA" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_ZK_CREDS_AND_ACLS:-} ${SOLR_TOOL_OPTS:-} -Dsolr.install.dir="$SOLR_TIP" \ -Dlog4j.configurationFile="$DEFAULT_SERVER_DIR/resources/log4j2-console.xml" -Dsolr.pid.dir="$SOLR_PID_DIR" \ - -Djava.io.tmpdir="$(cd "$TMPDIR"; pwd -P)" \ + -Djava.io.tmpdir="$(cd "${TMPDIR:-${TEMP:-${TMP:-/tmp}}}"; pwd -P)" \ -classpath "$DEFAULT_SERVER_DIR/solr-webapp/webapp/WEB-INF/lib/*:$DEFAULT_SERVER_DIR/lib/ext/*:$DEFAULT_SERVER_DIR/lib/*" \ org.apache.solr.cli.SolrCLI "$@" @@ -519,7 +519,7 @@ function stop_solr() { if [ -n "$SOLR_PID" ]; then echo -e "Sending stop command to Solr running on port $SOLR_PORT ... waiting up to $SOLR_STOP_WAIT seconds to allow Jetty process $SOLR_PID to stop gracefully." # shellcheck disable=SC2086,SC2164 - "$JAVA" -Djava.io.tmpdir="$(cd "$TMPDIR"; pwd -P)" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_TOOL_OPTS:-} \ + "$JAVA" -Djava.io.tmpdir="$(cd "${TMPDIR:-${TEMP:-${TMP:-/tmp}}}"; pwd -P)" $SOLR_SSL_OPTS $AUTHC_OPTS ${SOLR_TOOL_OPTS:-} \ -jar "$DIR/start.jar" "STOP.PORT=$THIS_STOP_PORT" "STOP.KEY=$STOP_KEY" --stop || true (loops=0 while true @@ -1317,7 +1317,7 @@ function start_solr() { SOLR_START_OPTS=('-server' "${JAVA_MEM_OPTS[@]}" "${GC_TUNE_ARR[@]}" "${GC_LOG_OPTS[@]}" "${IP_ACL_OPTS[@]}" \ "${REMOTE_JMX_OPTS[@]}" "${CLOUD_MODE_OPTS[@]}" -Dsolr.log.dir="$SOLR_LOGS_DIR" \ "-Djetty.port=$SOLR_PORT" "-DSTOP.PORT=$stop_port" "-DSTOP.KEY=$STOP_KEY" \ - "-Djava.io.tmpdir=$(cd "$TMPDIR"; pwd -P)" \ + "-Djava.io.tmpdir=$(cd "${TMPDIR:-${TEMP:-${TMP:-/tmp}}}"; pwd -P)" \ # '-OmitStackTraceInFastThrow' ensures stack traces in errors, # users who don't care about useful error msgs can override in SOLR_OPTS with +OmitStackTraceInFastThrow "${SOLR_HOST_ARG[@]}" "-Duser.timezone=$SOLR_TIMEZONE" "-XX:-OmitStackTraceInFastThrow" \ From a6750a2aa7517dd620b01caa6a74d9c2a496a322 Mon Sep 17 00:00:00 2001 From: Kevin Risden Date: Mon, 30 Jun 2025 08:36:59 -0400 Subject: [PATCH 4/4] Add CHANGES --- solr/CHANGES.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt index bce299e91cf..f0451fb5cd4 100644 --- a/solr/CHANGES.txt +++ b/solr/CHANGES.txt @@ -329,6 +329,8 @@ Bug Fixes * SOLR-16667: Fixed dense/sparse representation in LTR module. (Anna Ruggero, Alessandro Benedetti) +* SOLR-17800: Security Manager should handle symlink on /tmp (Kevin Risden) + Dependency Upgrades --------------------- * SOLR-17471: Upgrade Lucene to 9.12.1. (Pierre Salagnac, Christine Poerschke)