Review unmaintained wazuh-agent packages scripts options

[mjcr99]

Description

Hi team,

Some options in the packaging script are not actively maintained and may be removed or reworked to give them a useful utility.

• packages/generate_package.sh
  • -j option is given as an argument to call the script, but internally, we are always using $(nproc), we should decide if we want to keep this option and give it's functionality or remove it.
  • -d option debug symbols packages are not currently being generated for the 5.0 version, this should be covered.
  • --future options seems to not be very used and we may remove it.
  • --src option would only work in rpm packages.
• packages/macos/generate_wazuh_packages.sh
  • -d as previouslymentioned debug symbols packages are not currently being generated for the 5.0 version, this should be covered.
• packages/windows/generate_wazuh_msi.ps1
  • This script does not support a -j option as an argument and internally uses all the available threads. This option should be added if we want to keep consistency with other scripts.

[cborla]

Observations

packages/generate_package.sh

-j option

As far as I understand this is already supported, I see the following path which uses the default JOBS and not $(nproc).

• generate_package.sh passes JOBS as the second argument to the container.
• build.sh receives it as $2 and exports it.
• helper_function.sh uses it as %_threads macro inside rpmbuild, for deb it use it in setup_build function.

-d option

Under analysis.

--future options

It can be deleted, the affected files are:

• genrate_packages.sh
• build.sh

--src option

• Even if it is used only for rpm, we want to exit by ERROR if it is used for deb?
• How much it can affect the workflows that exist?

The point where it is called in build.sh is the following.

# Post-processing
get_package_and_checksum $wazuh_version $short_commit_hash $src

The functions for deb and rpm are:

RPM:

get_package_and_checksum(){
    src="$3"
    export RPM_NAME=$(ls -R ${rpm_build_dir}/RPMS | grep "\.rpm$")
    export SRC_NAME=$(ls -R ${rpm_build_dir}/SRPMS | grep "\.src\.rpm$")

    if [[ "${checksum}" == "yes" ]]; then
        cd "${rpm_build_dir}/RPMS" && sha512sum $RPM_NAME > /var/local/wazuh/$RPM_NAME.sha512
        if [[ "${src}" == "yes" ]]; then
            cd "${rpm_build_dir}/SRPMS" && sha512sum $SRC_NAME > /var/local/wazuh/$SRC_NAME.sha512
        fi
    fi

    if [[ "${src}" == "yes" ]]; then
        mv ${rpm_build_dir}/SRPMS/$SRC_NAME /var/local/wazuh
    else
        mv ${rpm_build_dir}/RPMS/$RPM_NAME /var/local/wazuh
    fi
}

DEB:

get_package_and_checksum(){
    wazuh_version="$1"
    short_commit_hash="$2"
    base_name="wazuh-${BUILD_TARGET}_${wazuh_version}-${REVISION}"

    if [[ "${ARCHITECTURE_TARGET}" == "ppc64le" ]]; then
        deb_file="${base_name}_ppc64el.deb"
    else
        deb_file="${base_name}_${ARCHITECTURE_TARGET}.deb"
    fi

    if [[ "${IS_STAGE}" == "no" ]]; then
        deb_file="$(sed "s/\.deb/_${short_commit_hash}&/" <<< "$deb_file")"
    fi

    pkg_path="${build_dir}/${BUILD_TARGET}"
    if [[ "${checksum}" == "yes" ]]; then
        cd ${pkg_path} && sha512sum wazuh-${BUILD_TARGET}*deb > /var/local/wazuh/${deb_file}.sha512
    fi

    find ${pkg_path} -type f -name "wazuh-${BUILD_TARGET}*deb" -exec mv {} /var/local/wazuh/${deb_file} \;
}

Of the 3 parameters passed, DEB uses the first 2 and RPM uses the third parameter which is src.

packages/macos/generate_wazuh_packages.sh

Under analysis.

packages/windows/generate_wazuh_msi.ps1

This script does not directly run the build process (like cmake --build) but assumes that the binaries were previously built in build/$CMAKE_CONFIG. It generate the .msi with cpack and sign files if requested.
It could be implemented in the script generate_compiled_windows_agent.ps1

Proposal:

if ($JOBS -le 0) {
    $JOBS = (Get-CimInstance Win32_ComputerSystem).NumberOfLogicalProcessors
    Write-Host "JOBS not specified or <= 0. Using $JOBS logical processors."
} else {
    Write-Host "Using $JOBS threads for compilation."
}

cmake --build build --config $CMAKE_CONFIG --parallel $JOBS

[cborla]

As part of the research and applied changes, it was decided to separate the implementation of debug symbols for agent 5.0.0 for a later stage, therefore the following issue was created:

• Add support for -d option in wazuh-agent packaging scripts