diff --git a/libs/zstd/build.gradle b/libs/zstd/build.gradle index 9630a0b6855e5..a7084649c43ac 100644 --- a/libs/zstd/build.gradle +++ b/libs/zstd/build.gradle @@ -11,6 +11,13 @@ dependencies { api project(':libs:elasticsearch-core') implementation "net.java.dev.jna:jna:${versions.jna}" + // zstd native implementation bundles + runtimeOnly "org.elasticsearch:zstd:${versions.zstd}:darwin-aarch64" + runtimeOnly "org.elasticsearch:zstd:${versions.zstd}:darwin-x86-64" + runtimeOnly "org.elasticsearch:zstd:${versions.zstd}:linux-aarch64" + runtimeOnly "org.elasticsearch:zstd:${versions.zstd}:linux-x86-64" + runtimeOnly "org.elasticsearch:zstd:${versions.zstd}:windows-x86-64" + testImplementation(project(":test:framework")) { exclude group: 'org.elasticsearch', module: 'elasticsearch-zstd' } diff --git a/libs/zstd/src/main/java/org/elasticsearch/zstd/Zstd.java b/libs/zstd/src/main/java/org/elasticsearch/zstd/Zstd.java index 90d17603166d5..3e8808b37aa89 100644 --- a/libs/zstd/src/main/java/org/elasticsearch/zstd/Zstd.java +++ b/libs/zstd/src/main/java/org/elasticsearch/zstd/Zstd.java @@ -11,6 +11,7 @@ import com.sun.jna.Library; import com.sun.jna.Native; +import java.io.File; import java.io.IOException; import java.io.UncheckedIOException; import java.nio.ByteBuffer; @@ -22,12 +23,14 @@ public final class Zstd { private static ZstdLibrary load() { - String zstdPath; - try { - zstdPath = Native.extractFromResourcePath("zstd").getAbsolutePath(); - } catch (IOException e) { - throw new UncheckedIOException(e); - } + File zstdFile = AccessController.doPrivileged((PrivilegedAction) () -> { + try { + return Native.extractFromResourcePath("zstd"); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + }); + String zstdPath = zstdFile.getAbsolutePath(); return AccessController.doPrivileged((PrivilegedAction) () -> Native.load(zstdPath, ZstdLibrary.class)); } diff --git a/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java b/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java index ae0b89c681d84..6f4ef1f76bdd8 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/PolicyUtil.java @@ -63,7 +63,7 @@ import javax.security.auth.kerberos.ServicePermission; public class PolicyUtil { - private static final Pattern CODEBASE_ALIAS_CLASSIFIER_PATTERN = Pattern.compile(".*-(?:\\d+(?:\\.)?)+(?:-SNAPSHOT)?(-.+)?\\.jar"); + private static final Pattern CODEBASE_ALIAS_CLASSIFIER_PATTERN = Pattern.compile(".*(-(?:darwin|linux|windows)-.*)\\.jar"); // this object is checked by reference, so the value in the list does not matter static final List ALLOW_ALL_NAMES = List.of("ALLOW ALL NAMES SENTINEL"); diff --git a/server/src/main/resources/org/elasticsearch/bootstrap/security.policy b/server/src/main/resources/org/elasticsearch/bootstrap/security.policy index 795605d9c7e38..fb002d4e3aed7 100644 --- a/server/src/main/resources/org/elasticsearch/bootstrap/security.policy +++ b/server/src/main/resources/org/elasticsearch/bootstrap/security.policy @@ -71,6 +71,7 @@ grant codeBase "${codebase.jna}" { // for registering native methods permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.reflect.ReflectPermission "newProxyInPackage.org.elasticsearch.zstd"; + permission java.io.FilePermission "*", "read"; }; grant codeBase "${codebase.log4j-api}" { @@ -86,6 +87,7 @@ grant codeBase "${codebase.elasticsearch-preallocate}" { grant codeBase "${codebase.elasticsearch-zstd}" { permission java.lang.reflect.ReflectPermission "newProxyInPackage.org.elasticsearch.zstd"; + permission java.io.FilePermission "*", "read"; }; //// Everything else: diff --git a/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy b/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy index 37d1a5ae9b75c..112579e511781 100644 --- a/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy +++ b/server/src/main/resources/org/elasticsearch/bootstrap/test-framework.policy @@ -124,7 +124,7 @@ grant codeBase "${codebase.netty-transport}" { }; grant codeBase "${codebase.jna}" { - permission java.io.FilePermission "*" "read"; + permission java.io.FilePermission "*", "read"; }; grant {