databases/neo4j: Fix run-time

- Assign UID and GIT to neo4j (both 369) - Instruct neo4j to run as neo4j user - Move config directory to PREFIX/etc/neo4j - Move certificates base directory to PREFIX/etc/neo4j/certificates - Move data directory to /var/db/neo4j/data - Move metrics directory to /var/db/neo4j/metrics - Move import directory to /var/db/neo4j/import - Fix rc.d script accordingly Partially based on information from [1] and [2] PR: 268526 [1] PR: 228532 [2] Sponsored by: resulta.sk
2025-05-25 15:53:13 +02:00 · 2025-05-25 15:53:13 +02:00 · 882cb317da
parent a8375d1ef1
commit 882cb317da
7 changed files with 142 additions and 31 deletions
--- a/2
+++ b/2
@ -309,7 +309,7 @@ gotify:*:365:
 opengist:*:366:
 velbustcpd:*:367:
 sshesame:*:368:
-# free: 369
+neo4j:*:369:
 _wsdd:*:370:
 # free: 371
 # free: 372
--- a/2
+++ b/2
@ -315,7 +315,7 @@ gotify:*:365:365::0:0:Gotify User:/var/db/gotify:/usr/sbin/nologin
 opengist:*:366:366::0:0:OpenGist User:/var/db/opengist:/usr/sbin/nologin
 velbustcpd:*:367:367::0:0:Velbustcp Deamon:/nonexistent:/usr/sbin/nologin
 sshesame:*:368:368::0:0:Sshesame Daemon:/nonexistent:/usr/sbin/nologin
-# free: 369
+neo4j:*:369:369::0:0:neo4j Database Daemon:/nonexistent:/usr/sbin/nologin
 _wsdd:*:370:370::0:0:Web Service Discovery Daemon:/nonexistent:/usr/sbin/nologin
 # free: 371
 # free: 372
--- a/databases/neo4j/Makefile
+++ b/databases/neo4j/Makefile
@ -1,5 +1,6 @@
 PORTNAME=	neo4j
 DISTVERSION=	4.4.44
+PORTREVISION=	1
 CATEGORIES=	databases java
 MASTER_SITES=	http://dist.neo4j.org/
 DISTNAME=	${PORTNAME}-community-${DISTVERSION}-unix
@ -8,29 +9,58 @@ MAINTAINER=	otis@FreeBSD.org
 COMMENT=	High performance graph store and database
 WWW=		https://neo4j.com

-LICENSE=	GPLv3
+# Bouncy Castle License is in fact MIT.
+# Scala is licensed under BSD3CLAUSE.
+# Java Servlet API is licensed under CDDL and GPLv2wCE
+LICENSE=	APACHE20 BSD2CLAUSE BSD3CLAUSE CDDL GPLv2wCE GPLv3 ISCL MIT MPL20 OFL11
+LICENSE_COMB=	multi
+LICENSE_NAME_GPLv2wCE=	GPLv2 with Classpath Exception
+LICENSE_FILE_GPLv3=	${WRKSRC}/LICENSE.txt
+LICENSE_FILE=	${WRKSRC}/LICENSES.txt
+LICENSE_PERMS_GPLv2wCE=	dist-mirror dist-sell pkg-mirror pkg-sell auto-accept

-RUN_DEPENDS=	bash:shells/bash
-
-WRKSRC=		${WRKDIR}/${DISTNAME:S,-unix,,}
-NO_BUILD=	yes
 USES=		cpe java shebangfix
-SHEBANG_FILES=	bin/cypher-shell bin/neo4j-admin
 JAVA_VERSION=	11
 USE_RC_SUBR=	${PORTNAME}
+
+SHEBANG_FILES=	bin/cypher-shell bin/neo4j-admin
+
+NO_ARCH=	yes
+NO_BUILD=	yes
+
 SUB_FILES=	${PORTNAME}.sh
-SUB_LIST=	LOGDIR=${LOGDIR} RUNDIR=${RUNDIR}
+SUB_LIST=	JAVA_HOME=${JAVA_HOME} \
+		LOGDIR=${LOGDIR} \
+		RUNDIR=${RUNDIR}

-PLIST_SUB=	DBDIR=${DBDIR} DISTVERSION=${DISTVERSION}
+WRKSRC=		${WRKDIR}/${DISTNAME:S,-unix,,}

+USERS?=		neo4j
+GROUPS?=	neo4j
+
+PLIST_SUB=	CERTDIR=${CERTDIR} \
+		DBDATADIR=${DBDATADIR} \
+		DBDIR=${DBDIR} \
+		DBIMPORTDIR=${DBIMPORTDIR} \
+		DISTVERSION=${DISTVERSION} \
+		GROUPS=${GROUPS} \
+		METRICSDIR=${METRICSDIR} \
+		USERS=${USERS}
+
+CERTDIR=	${ETCDIR}/certificates
+DBDATADIR=	${DBDIR}/data
 DBDIR=		${DESTDIR}/var/db/${PORTNAME}
+DBIMPORTDIR=	${DBDIR}/import
 LOGDIR=		${DESTDIR}/var/log/${PORTNAME}
-RUNDIR=		${DESTDIR}/var/run/
+METRICSDIR=	${DBDIR}/metrics
+RUNDIR=		${DESTDIR}/var/run/${PORTNAME}
 NEO4JDIR=	${PREFIX}/${PORTNAME}
-NEO4J_CONFDIR=	${PREFIX}/etc
+NEO4J_CONFDIR=	${PREFIX}/etc/neo4j

 post-patch:
-	${REINPLACE_CMD} 's,%%DBDIR%%,${DBDIR},g;s,%%JAVA_HOME%%,${JAVA_HOME},g;s,%%LOGDIR%%,${LOGDIR},g;s,%%PREFIX%%,${PREFIX},g;s,%%RUNDIR%%,${RUNDIR},g' \
+	${REINPLACE_CMD} 's,%%DBDATADIR%%,${DBDATADIR},g;s,%%DBDIR%%,${DBDIR},g;\
+		s,%%JAVA_HOME%%,${JAVA_HOME},g;s,%%LOGDIR%%,${LOGDIR},g;s,%%PREFIX%%,${PREFIX},g;s,%%RUNDIR%%,${RUNDIR},g;\
+		s,%%DBIMPORTDIR%%,${DBIMPORTDIR},g;s,%%CERTDIR%%,${CERTDIR},g' \
 		${WRKSRC}/bin/cypher-shell ${WRKSRC}/bin/neo4j* \
 		${WRKSRC}/conf/neo4j.conf

@ -38,6 +68,7 @@ post-patch:
 		${WRKSRC}/bin/neo4j

 do-install:
+	${MKDIR} ${STAGEDIR}${ETCDIR}
 	${INSTALL_SCRIPT} ${WRKDIR}/${PORTNAME}.sh ${STAGEDIR}${PREFIX}/bin/${PORTNAME}
 	${MKDIR} ${STAGEDIR}${PREFIX}/${PORTNAME}/libexec/tools
 	${INSTALL_SCRIPT} ${WRKSRC}/bin/tools/* \
@ -49,8 +80,12 @@ do-install:
 	${INSTALL_SCRIPT} ${WRKSRC}/lib/* ${STAGEDIR}${PREFIX}/${PORTNAME}/lib
 .for f in ${PORTNAME}.conf
 	${INSTALL_DATA} ${WRKSRC}/conf/$f \
-		${STAGEDIR}${PREFIX}/etc/$f.sample
+		${STAGEDIR}${ETCDIR}/$f.sample
 .endfor
-	${MKDIR} ${STAGEDIR}${DBDIR} ${STAGEDIR}${PREFIX}/etc/neo4j-certificates
+	${MKDIR} ${STAGEDIR}${DBDIR} \
+		${STAGEDIR}${DBDATADIR} \
+		${STAGEDIR}${DBIMPORTDIR} \
+		${STAGEDIR}${METRICSDIR} \
+		${STAGEDIR}${CERTDIR}

 .include <bsd.port.mk>
--- a/databases/neo4j/files/neo4j.in
+++ b/databases/neo4j/files/neo4j.in
@ -7,6 +7,18 @@
 # Add the following line to /etc/rc.conf to enable neo4j:
 #
 # neo4j_enable=YES
+#
+# The following rc.conf variable can be set:
+#
+# For user/group to run neo4j under:
+#
+# neo4j_user	(str)	Default: neo4j
+# neo4j_group	(str)	Default: neo4j
+#
+# For service jail:
+#
+# neo4j_svcj_options	(str)	Default: net_basic
+#

 . /etc/rc.subr

@ -17,21 +29,30 @@ desc="Graphing database"
 load_rc_config $name

 : ${neo4j_enable:=NO}
+: ${neo4j_user=neo4j}
+: ${neo4j_group=neo4j}
+: ${neo4j_svcj_options:=net_basic}
+: ${neo4j_env:="HOME=%%DBDIR%% NEO4J_CONF=%%ETCDIR%% JAVA_HOME=%%JAVA_HOME%%"}

 command=%%PREFIX%%/bin/neo4j
-start_cmd="$command start"
+procname=%%JAVA_HOME%%/bin/java
+start_cmd="su -m $neo4j_user -c \"$command start\""
 start_precmd=neo4j_prestart
-stop_cmd="$command stop"
-status_cmd="$command status"
+stop_cmd="su -m $neo4j_user -c \"$command stop\""
+status_cmd="su -m $neo4j_user -c \"$command status\""

 neo4j_prestart()
 {
-	NEO4J_DATA=%%DBDIR%%
+	NEO4J_DATA=%%DBDIR%%/data
+	NEO4J_METRICS=%%DBDIR%%/metrics
 	NEO4J_LIB=%%PREFIX%%/neo4j/lib
 	NEO4J_LOGS=%%LOGDIR%%
 	NEO4J_PLUGINS=${NEO4J_LIB}/plugins
 	NEO4J_RUN=%%RUNDIR%%
-	mkdir -p ${NEO4J_LOGS} ${NEO4J_RUN}
+	[ -d ${NEO4J_LOGS} ] || install -d -o ${neo4j_user} -g ${neo4j_group} -m 0750 ${NEO4J_LOGS}
+	[ -d ${NEO4J_RUN} ] || install -d -o ${neo4j_user} -g ${neo4j_group} ${NEO4J_RUN}
+	[ -d ${NEO4J_DATA} ] || install -d -o ${neo4j_user} -g ${neo4j_group} -m 0750 ${NEO4J_DATA}
+	[ -d ${NEO4J_METRICS} ] || install -d -o ${neo4j_user} -g ${neo4j_group} -m 0750 ${NEO4J_METRICS}
 }

 run_rc_command $1
--- a/databases/neo4j/files/neo4j.sh.in
+++ b/databases/neo4j/files/neo4j.sh.in
@ -1,3 +1,3 @@
-#!/usr/bin/env bash
-
+#!/bin/sh
+export JAVA_HOME=${JAVA_HOME:-"%%JAVA_HOME%%"}
 exec %%PREFIX%%/bin/$(basename $0) ${1+"$@"}
--- a/databases/neo4j/files/patch-conf_neo4j.conf
+++ b/databases/neo4j/files/patch-conf_neo4j.conf
@ -1,17 +1,69 @@
--- conf/neo4j.conf.orig	2022-05-06 21:00:03 UTC
+--- conf/neo4j.conf.orig	2025-05-15 11:34:49 UTC
 +++ conf/neo4j.conf
-@@ -9,11 +9,11 @@
+@@ -9,18 +9,18 @@
 #dbms.default_database=neo4j
 
 # Paths of directories in the installation.
 -#dbms.directories.data=data
-+dbms.directories.data=/var/db/neo4j
+dbms.directories.data=%%DBDATADIR%%
 #dbms.directories.plugins=plugins
 -#dbms.directories.logs=logs
-+dbms.directories.logs=/var/log/neo4j
+dbms.directories.logs=%%LOGDIR%%
 #dbms.directories.lib=lib
 -#dbms.directories.run=run
-+dbms.directories.run=/var/run/
+dbms.directories.run=%%RUNDIR%%
 #dbms.directories.licenses=licenses
- #dbms.directories.transaction.logs.root=data/transactions
+-#dbms.directories.transaction.logs.root=data/transactions
+dbms.directories.transaction.logs.root=%%DBDIR%%/transactions
+ 
+ # This setting constrains all `LOAD CSV` import files to be under the `import` directory. Remove or comment it out to
+ # allow files to be loaded from anywhere in the filesystem; this introduces possible security problems. See the
+ # `LOAD CSV` section of the manual for details.
+-dbms.directories.import=import
+dbms.directories.import=%%DBIMPORTDIR%%
+ 
+ # Whether requests to Neo4j are authenticated.
+ # To disable authentication, uncomment this line
+@@ -118,8 +118,8 @@ dbms.connector.https.enabled=false
+ # Allowable values are 'bolt', 'https', 'cluster' or 'backup'.
+ 
+ # E.g if bolt and https connectors should use the same policy, the following could be declared
+-#   dbms.ssl.policy.bolt.base_directory=certificates/default
+-#   dbms.ssl.policy.https.base_directory=certificates/default
+#   dbms.ssl.policy.bolt.base_directory=%%CERTDIR%%/default
+#   dbms.ssl.policy.https.base_directory=%%CERTDIR%%/default
+ # However, it's strongly encouraged to not use the same key pair for multiple scopes.
+ #
+ # N.B: Note that a connector must be configured to support/require
+@@ -157,27 +157,27 @@ dbms.connector.https.enabled=false
+ 
+ # Bolt SSL configuration
+ #dbms.ssl.policy.bolt.enabled=true
+-#dbms.ssl.policy.bolt.base_directory=certificates/bolt
+#dbms.ssl.policy.bolt.base_directory=%%CERTDIR%%/bolt
+ #dbms.ssl.policy.bolt.private_key=private.key
+ #dbms.ssl.policy.bolt.public_certificate=public.crt
+ #dbms.ssl.policy.bolt.client_auth=NONE
+ 
+ # Https SSL configuration
+ #dbms.ssl.policy.https.enabled=true
+-#dbms.ssl.policy.https.base_directory=certificates/https
+#dbms.ssl.policy.https.base_directory=%%CERTDIR%%/https
+ #dbms.ssl.policy.https.private_key=private.key
+ #dbms.ssl.policy.https.public_certificate=public.crt
+ #dbms.ssl.policy.https.client_auth=NONE
+ 
+ # Cluster SSL configuration
+ #dbms.ssl.policy.cluster.enabled=true
+-#dbms.ssl.policy.cluster.base_directory=certificates/cluster
+#dbms.ssl.policy.cluster.base_directory=%%CERTDIR%%/cluster
+ #dbms.ssl.policy.cluster.private_key=private.key
+ #dbms.ssl.policy.cluster.public_certificate=public.crt
+ 
+ # Backup SSL configuration
+ #dbms.ssl.policy.backup.enabled=true
+-#dbms.ssl.policy.backup.base_directory=certificates/backup
+#dbms.ssl.policy.backup.base_directory=%%CERTDIR%%/backup
+ #dbms.ssl.policy.backup.private_key=private.key
+ #dbms.ssl.policy.backup.public_certificate=public.crt
 
--- a/databases/neo4j/pkg-plist
+++ b/databases/neo4j/pkg-plist
@ -1,7 +1,7 @@
 bin/cypher-shell
 bin/neo4j
 bin/neo4j-admin
-@sample etc/neo4j.conf.sample
+@sample %%ETCDIR%%/neo4j.conf.sample
 neo4j/lib/FastInfoset-1.2.16.jar
 neo4j/lib/WMI4Java-1.6.3.jar
 neo4j/lib/annotations-%%DISTVERSION%%.jar
@ -172,6 +172,9 @@ neo4j/lib/txw2-2.3.2.jar
 neo4j/lib/zstd-jni-1.5.0-4.jar
 neo4j/lib/zstd-proxy-%%DISTVERSION%%.jar
 neo4j/libexec/tools/cypher-shell.jar
-@dir etc/neo4j-certificates
@dir neo4j/lib/plugins
-@dir %%DBDIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%CERTDIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%DBDIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%DBDATADIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%METRICSDIR%%
+@dir(%%USERS%%,%%GROUPS%%,750) %%DBIMPORTDIR%%