hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-17 23:13:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dependabot/maven/build-tools-0ef32859ab' of github.com:DSpace/DSpace into dependabot/maven/build-tools-0ef32859ab

Browse Source
This commit is contained in:
Tim Donohue
2025-07-28 15:32:12 -05:00
parent 0f1ae92d21 31fa65f0d3
commit 88a376f5d2
17 changed files with 46 additions and 666 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@@ -4,7 +4,6 @@
*/target/ */target/
dspace/modules/*/target/ dspace/modules/*/target/
Dockerfile.* Dockerfile.*
dspace/src/main/docker/dspace-postgres-pgcrypto dspace/src/main/docker/dspace-postgres-loadsql
dspace/src/main/docker/dspace-postgres-pgcrypto-curl
dspace/src/main/docker/README.md dspace/src/main/docker/README.md
dspace/src/main/docker-compose/ dspace/src/main/docker-compose/

38
.github/workflows/docker.yml vendored
View File

@@ -113,39 +113,19 @@ jobs:
REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_SOLR_URL }} REDEPLOY_SANDBOX_URL: ${{ secrets.REDEPLOY_SANDBOX_SOLR_URL }}
REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_SOLR_URL }} REDEPLOY_DEMO_URL: ${{ secrets.REDEPLOY_DEMO_SOLR_URL }}
########################################################### ########################################################
# Build/Push the 'dspace/dspace-postgres-pgcrypto' image # Build/Push the 'dspace/dspace-postgres-loadsql' image
########################################################### ########################################################
dspace-postgres-pgcrypto: dspace-postgres-loadsql:
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace' # Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
if: github.repository == 'dspace/dspace' if: github.repository == 'dspace/dspace'
uses: ./.github/workflows/reusable-docker-build.yml uses: ./.github/workflows/reusable-docker-build.yml
with: with:
build_id: dspace-postgres-pgcrypto-prod build_id: dspace-postgres-loadsql
image_name: dspace/dspace-postgres-pgcrypto image_name: dspace/dspace-postgres-loadsql
# Must build out of subdirectory to have access to install script for pgcrypto. # Must build out of subdirectory to have access to install script.
# NOTE: this context will build the image based on the Dockerfile in the specified directory # NOTE: this context will build the image based on the Dockerfile in the specified directory
dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/ dockerfile_context: ./dspace/src/main/docker/dspace-postgres-loadsql/
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
########################################################################
# Build/Push the 'dspace/dspace-postgres-pgcrypto' image (-loadsql tag)
########################################################################
dspace-postgres-pgcrypto-loadsql:
# Ensure this job never runs on forked repos. It's only executed for 'dspace/dspace'
if: github.repository == 'dspace/dspace'
uses: ./.github/workflows/reusable-docker-build.yml
with:
build_id: dspace-postgres-pgcrypto-loadsql
image_name: dspace/dspace-postgres-pgcrypto
# Must build out of subdirectory to have access to install script for pgcrypto.
# NOTE: this context will build the image based on the Dockerfile in the specified directory
dockerfile_context: ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/
# Suffix all tags with "-loadsql". Otherwise, it uses the same
# tagging logic as the primary 'dspace/dspace-postgres-pgcrypto' image above.
tags_flavor: suffix=-loadsql
secrets: secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }} DOCKER_ACCESS_TOKEN: ${{ secrets.DOCKER_ACCESS_TOKEN }}
@@ -158,7 +138,7 @@ jobs:
if: github.repository == 'dspace/dspace' if: github.repository == 'dspace/dspace'
runs-on: ubuntu-latest runs-on: ubuntu-latest
# Must run after all major images are built # Must run after all major images are built
needs: [dspace, dspace-test, dspace-cli, dspace-postgres-pgcrypto, dspace-solr] needs: [dspace, dspace-test, dspace-cli, dspace-solr]
env: env:
# Override defaults dspace.server.url because backend starts at http://127.0.0.1:8080 # Override defaults dspace.server.url because backend starts at http://127.0.0.1:8080
dspace__P__server__P__url: http://127.0.0.1:8080/server dspace__P__server__P__url: http://127.0.0.1:8080/server

9
docker-compose.yml
View File

@@ -65,13 +65,12 @@ services:
# DSpace PostgreSQL database container # DSpace PostgreSQL database container
dspacedb: dspacedb:
container_name: dspacedb container_name: dspacedb
# Uses a custom Postgres image with pgcrypto installed # Uses the base PostgreSQL image
image: "${DOCKER_REGISTRY:-docker.io}/${DOCKER_OWNER:-dspace}/dspace-postgres-pgcrypto:${DSPACE_VER:-latest}" image: "docker.io/postgres:${POSTGRES_VERSION:-15}"
build:
# Must build out of subdirectory to have access to install script for pgcrypto
context: ./dspace/src/main/docker/dspace-postgres-pgcrypto/
environment: environment:
PGDATA: /pgdata PGDATA: /pgdata
POSTGRES_DB: dspace
POSTGRES_USER: dspace
POSTGRES_PASSWORD: dspace POSTGRES_PASSWORD: dspace
networks: networks:
dspacenet: dspacenet:

4
dspace-api/pom.xml
View File

@@ -734,7 +734,7 @@
<dependency> <dependency>
<groupId>com.amazonaws</groupId> <groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-s3</artifactId> <artifactId>aws-java-sdk-s3</artifactId>
<version>1.12.785</version> <version>1.12.788</version>
</dependency> </dependency>
<!-- TODO: This may need to be replaced with the "orcid-model" artifact once this ticket is resolved: <!-- TODO: This may need to be replaced with the "orcid-model" artifact once this ticket is resolved:
@@ -775,7 +775,7 @@
<dependency> <dependency>
<groupId>com.opencsv</groupId> <groupId>com.opencsv</groupId>
<artifactId>opencsv</artifactId> <artifactId>opencsv</artifactId>
<version>5.11.1</version> <version>5.12.0</version>
</dependency> </dependency>
<!-- Email templating --> <!-- Email templating -->

148
dspace-api/src/main/java/org/dspace/storage/rdbms/DatabaseUtils.java
View File

@@ -123,16 +123,6 @@ public class DatabaseUtils {
// Print basic database connection information // Print basic database connection information
printDBInfo(connection); printDBInfo(connection);
// Print any database warnings/errors found (if any)
boolean issueFound = printDBIssues(connection);
// If issues found, exit with an error status (even if connection succeeded).
if (issueFound) {
System.exit(1);
} else {
System.exit(0);
}
} catch (SQLException sqle) { } catch (SQLException sqle) {
System.err.println("\nError running 'test': "); System.err.println("\nError running 'test': ");
System.err.println(" - " + sqle); System.err.println(" - " + sqle);
@@ -170,16 +160,6 @@ public class DatabaseUtils {
"migrate'."); "migrate'.");
} }
} }
// Print any database warnings/errors found (if any)
boolean issueFound = printDBIssues(connection);
// If issues found, exit with an error status
if (issueFound) {
System.exit(1);
} else {
System.exit(0);
}
} catch (SQLException e) { } catch (SQLException e) {
System.err.println("Info exception:"); System.err.println("Info exception:");
e.printStackTrace(System.err); e.printStackTrace(System.err);
@@ -335,31 +315,6 @@ public class DatabaseUtils {
} }
try (Connection connection = dataSource.getConnection()) { try (Connection connection = dataSource.getConnection()) {
String dbType = getDbType(connection);
// Not all Postgres user accounts will be able to run a 'clean',
// as only 'superuser' accounts can remove the 'pgcrypto' extension.
if (dbType.equals(DBMS_POSTGRES)) {
// Check if database user has permissions suitable to run a clean
if (!PostgresUtils.checkCleanPermissions(connection)) {
String username = connection.getMetaData().getUserName();
// Exit immediately, providing a descriptive error message
System.out.println(
"\nERROR: The database user '" + username + "' does not have sufficient " +
"privileges to run a 'database clean' (via Flyway).");
System.out.println(
"\nIn order to run a 'clean', the database user MUST have 'superuser' privileges");
System.out.println(
"OR the '" + PostgresUtils.PGCRYPTO + "' extension must be installed in a " +
"separate schema (see documentation).");
System.out.println(
"\nOptionally, you could also manually remove the '" + PostgresUtils.PGCRYPTO +
"' extension first (DROP EXTENSION " + PostgresUtils.PGCRYPTO +
" CASCADE;), then rerun the 'clean'");
System.exit(1);
}
}
BufferedReader input = new BufferedReader(new InputStreamReader(System.in, BufferedReader input = new BufferedReader(new InputStreamReader(System.in,
StandardCharsets.UTF_8)); StandardCharsets.UTF_8));
@@ -368,11 +323,6 @@ public class DatabaseUtils {
.println("\nWARNING: ALL DATA AND TABLES IN YOUR DATABASE WILL BE PERMANENTLY DELETED.\n"); .println("\nWARNING: ALL DATA AND TABLES IN YOUR DATABASE WILL BE PERMANENTLY DELETED.\n");
System.out.println("There is NO turning back from this action. Backup your DB before " + System.out.println("There is NO turning back from this action. Backup your DB before " +
"continuing."); "continuing.");
if (dbType.equals(DBMS_POSTGRES)) {
System.out.println(
"\nPOSTGRES WARNING: the '" + PostgresUtils.PGCRYPTO + "' extension will be dropped " +
"if it is in the same schema as the DSpace database.\n");
}
System.out.print("Do you want to PERMANENTLY DELETE everything from your database? [y/n]: "); System.out.print("Do you want to PERMANENTLY DELETE everything from your database? [y/n]: ");
String choiceString = input.readLine(); String choiceString = input.readLine();
input.close(); input.close();
@@ -476,108 +426,10 @@ public class DatabaseUtils {
"Database Software: " + meta.getDatabaseProductName() + " version " + meta.getDatabaseProductVersion()); "Database Software: " + meta.getDatabaseProductName() + " version " + meta.getDatabaseProductVersion());
System.out.println("Database Driver: " + meta.getDriverName() + " version " + meta.getDriverVersion()); System.out.println("Database Driver: " + meta.getDriverName() + " version " + meta.getDriverVersion());
// For Postgres, report whether pgcrypto is installed
// (If it isn't, we'll also write out warnings...see below)
if (dbType.equals(DBMS_POSTGRES)) {
boolean pgcryptoUpToDate = PostgresUtils.isPgcryptoUpToDate();
Double pgcryptoVersion = PostgresUtils.getPgcryptoInstalledVersion(connection);
System.out.println(
"PostgreSQL '" + PostgresUtils.PGCRYPTO + "' extension installed/up-to-date? " + pgcryptoUpToDate + "" +
" " + ((pgcryptoVersion != null) ? "(version=" + pgcryptoVersion + ")" : "(not installed)"));
}
// Finally, print out our version of Flyway // Finally, print out our version of Flyway
System.out.println("FlywayDB Version: " + VersionPrinter.getVersion()); System.out.println("FlywayDB Version: " + VersionPrinter.getVersion());
} }
/**
* Print any warnings about current database setup to System.err (if any).
* This is utilized by both the 'test' and 'info' commandline options.
*
* @param connection current database connection
* @return boolean true if database issues found, false otherwise
* @throws SQLException if database error occurs
*/
private static boolean printDBIssues(Connection connection) throws SQLException {
boolean issueFound = false;
// Get the DB Type
String dbType = getDbType(connection);
// For PostgreSQL databases, we need to check for the 'pgcrypto' extension.
// If it is NOT properly installed, we'll need to warn the user, as DSpace will be unable to proceed.
if (dbType.equals(DBMS_POSTGRES)) {
// Get version of pgcrypto available in this postgres instance
Double pgcryptoAvailable = PostgresUtils.getPgcryptoAvailableVersion(connection);
// Generic requirements message
String requirementsMsg = "\n** DSpace REQUIRES PostgreSQL >= " + PostgresUtils.POSTGRES_VERSION + " AND "
+ PostgresUtils.PGCRYPTO + " extension >= " + PostgresUtils.PGCRYPTO_VERSION + " **\n";
// Check if installed in PostgreSQL & a supported version
if (pgcryptoAvailable != null && pgcryptoAvailable.compareTo(PostgresUtils.PGCRYPTO_VERSION) >= 0) {
// We now know it's available in this Postgres. Let's see if it is installed in this database.
Double pgcryptoInstalled = PostgresUtils.getPgcryptoInstalledVersion(connection);
// Check if installed in database, but outdated version
if (pgcryptoInstalled != null && pgcryptoInstalled.compareTo(PostgresUtils.PGCRYPTO_VERSION) < 0) {
System.out.println(
"\nWARNING: Required PostgreSQL '" + PostgresUtils.PGCRYPTO + "' extension is OUTDATED " +
"(installed version=" + pgcryptoInstalled + ", available version = " + pgcryptoAvailable
+ ").");
System.out.println(requirementsMsg);
System.out.println(
"To update it, please connect to your DSpace database as a 'superuser' and manually run the " +
"following command: ");
System.out.println(
"\n ALTER EXTENSION " + PostgresUtils.PGCRYPTO + " UPDATE TO '" + pgcryptoAvailable + "';\n");
issueFound = true;
} else if (pgcryptoInstalled == null) {
// If it's not installed in database
System.out.println(
"\nWARNING: Required PostgreSQL '" + PostgresUtils.PGCRYPTO + "' extension is NOT INSTALLED " +
"on this database.");
System.out.println(requirementsMsg);
System.out.println(
"To install it, please connect to your DSpace database as a 'superuser' and manually run the " +
"following command: ");
System.out.println("\n CREATE EXTENSION " + PostgresUtils.PGCRYPTO + ";\n");
issueFound = true;
}
} else if (pgcryptoAvailable != null && pgcryptoAvailable.compareTo(PostgresUtils.PGCRYPTO_VERSION) < 0) {
// If installed in Postgres, but an unsupported version
System.out.println(
"\nWARNING: UNSUPPORTED version of PostgreSQL '" + PostgresUtils.PGCRYPTO + "' extension found " +
"(version=" + pgcryptoAvailable + ").");
System.out.println(requirementsMsg);
System.out.println(
"Make sure you are running a supported version of PostgreSQL, and then install " + PostgresUtils
.PGCRYPTO + " version >= " + PostgresUtils.PGCRYPTO_VERSION);
System.out.println(
"The '" + PostgresUtils.PGCRYPTO + "' extension is often provided in the 'postgresql-contrib' " +
"package for your operating system.");
issueFound = true;
} else if (pgcryptoAvailable == null) {
// If it's not installed in Postgres
System.out.println(
"\nWARNING: PostgreSQL '" + PostgresUtils.PGCRYPTO + "' extension is NOT AVAILABLE. Please " +
"install it into this PostgreSQL instance.");
System.out.println(requirementsMsg);
System.out.println(
"The '" + PostgresUtils.PGCRYPTO + "' extension is often provided in the 'postgresql-contrib' " +
"package for your operating system.");
System.out.println(
"Once the extension is installed globally, please connect to your DSpace database as a " +
"'superuser' and manually run the following command: ");
System.out.println("\n CREATE EXTENSION " + PostgresUtils.PGCRYPTO + ";\n");
issueFound = true;
}
}
return issueFound;
}
/** /**
* Setup/Initialize the Flyway Configuration to run against our DSpace database * Setup/Initialize the Flyway Configuration to run against our DSpace database
* and point at our migration scripts. * and point at our migration scripts.

149
dspace-api/src/main/java/org/dspace/storage/rdbms/PostgreSQLCryptoChecker.java
View File

@@ -1,149 +0,0 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.storage.rdbms;
import java.sql.Connection;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.logging.log4j.Logger;
import org.flywaydb.core.api.FlywayException;
import org.flywaydb.core.api.callback.Callback;
import org.flywaydb.core.api.callback.Context;
import org.flywaydb.core.api.callback.Event;
/**
* This is a FlywayCallback class which automatically verifies that "pgcrypto"
* is at the proper version before running any database migrations.
* <P>
* When running PostgreSQL, pgcrypto is REQUIRED by DSpace as it allows UUIDs
* to be generated.
* <P>
* During a database "clean", this also de-registers "pgcrypto" proir to the
* full database clean.
*
* @author Tim Donohue
*/
public class PostgreSQLCryptoChecker implements Callback {
private Logger log = org.apache.logging.log4j.LogManager.getLogger(PostgreSQLCryptoChecker.class);
/**
* Check for pgcrypto (if needed). Throws an exception if pgcrypto is
* not installed or needs an upgrade.
*
* @param connection database connection
*/
public void checkPgCrypto(Connection connection) {
String dbType;
try {
dbType = DatabaseUtils.getDbType(connection);
} catch (SQLException se) {
throw new FlywayException("Unable to determine database type.", se);
}
// ONLY Check if this is a PostgreSQL database
if (dbType != null && dbType.equals(DatabaseUtils.DBMS_POSTGRES)) {
// If this is a PostgreSQL database, then a supported version
// of the 'pgcrypto' extension MUST be installed to continue.
// Check if pgcrypto is both installed & a supported version
if (!PostgresUtils.isPgcryptoUpToDate()) {
throw new FlywayException(
"This PostgreSQL Database is INCOMPATIBLE with DSpace. The upgrade will NOT proceed. " +
"A supported version (>=" + PostgresUtils.PGCRYPTO_VERSION + ") of the '" + PostgresUtils
.PGCRYPTO + "' extension must be installed! " +
"Please run 'dspace database info' for additional info/tips.");
}
}
}
/**
* Remove pgcrypto (if necessary).
* <P>
* The pgcrypto extension MUST be removed before a clean or else errors occur.
* This method checks if it needs to be removed and, if so, removes it.
*
* @param connection database connection
*/
public void removePgCrypto(Connection connection) {
try {
String dbType = DatabaseUtils.getDbType(connection);
// ONLY remove if this is a PostgreSQL database
if (dbType != null && dbType.equals(DatabaseUtils.DBMS_POSTGRES)) {
// Get current schema
String schema = DatabaseUtils.getSchemaName(connection);
// Check if pgcrypto is in this schema
// If so, it MUST be removed before a 'clean'
if (PostgresUtils.isPgcryptoInSchema(schema)) {
// remove the extension
try (Statement statement = connection.createStatement()) {
// WARNING: ONLY superusers can remove pgcrypto. However, at this point,
// we have already verified user acct permissions via PostgresUtils.checkCleanPermissions()
// (which is called prior to a 'clean' being triggered).
statement.execute("DROP EXTENSION " + PostgresUtils.PGCRYPTO + " CASCADE");
}
}
}
} catch (SQLException e) {
throw new FlywayException("Failed to check for and/or remove '" + PostgresUtils.PGCRYPTO + "' extension",
e);
}
}
/**
* The callback name, Flyway will use this to sort the callbacks alphabetically before executing them
* @return The callback name
*/
@Override
public String getCallbackName() {
// Return class name only (not prepended by package)
return PostgreSQLCryptoChecker.class.getSimpleName();
}
/**
* Events supported by this callback.
* @param event Flyway event
* @param context Flyway context
* @return true if BEFORE_BASELINE, BEFORE_MIGRATE or BEFORE_CLEAN
*/
@Override
public boolean supports(Event event, Context context) {
return event.equals(Event.BEFORE_BASELINE) || event.equals(Event.BEFORE_MIGRATE) ||
event.equals(Event.BEFORE_CLEAN);
}
/**
* Whether event can be handled in a transaction or whether it must be handle outside of transaction.
* @param event Flyway event
* @param context Flyway context
* @return true
*/
@Override
public boolean canHandleInTransaction(Event event, Context context) {
return true;
}
/**
* What to run when the callback is triggered.
* @param event Flyway event
* @param context Flyway context
*/
@Override
public void handle(Event event, Context context) {
// If, before initializing or migrating database, check for pgcrypto
// Else, before Cleaning database, remove pgcrypto (if exists)
if (event.equals(Event.BEFORE_BASELINE) || event.equals(Event.BEFORE_MIGRATE)) {
checkPgCrypto(context.getConnection());
} else if (event.equals(Event.BEFORE_CLEAN)) {
removePgCrypto(context.getConnection());
}
}
}

218
dspace-api/src/main/java/org/dspace/storage/rdbms/PostgresUtils.java
View File

@@ -1,218 +0,0 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.storage.rdbms;
import static org.dspace.storage.rdbms.DatabaseUtils.getSchemaName;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.sql.DataSource;
import org.flywaydb.core.api.FlywayException;
/**
* Database utility class specific to Postgres.
* This class contains tools and methods which are useful in determining
* the status of a PostgreSQL database backend. It's a companion class
* to DatabaseUtils, but PostgreSQL specific.
*
* @author Tim Donohue
*/
public class PostgresUtils {
// PostgreSQL pgcrypto extension name, and required versions of Postgres & pgcrypto
public static final String PGCRYPTO = "pgcrypto";
public static final Double PGCRYPTO_VERSION = 1.1;
public static final Double POSTGRES_VERSION = 9.4;
/**
* Default constructor
*/
private PostgresUtils() { }
/**
* Get version of pgcrypto extension available. The extension is "available"
* if it's been installed via operating system tools/packages. It also
* MUST be installed in the DSpace database (see getPgcryptoInstalled()).
* <P>
* The pgcrypto extension is required for Postgres databases
*
* @param connection database connection
* @return version number or null if not available
*/
protected static Double getPgcryptoAvailableVersion(Connection connection) {
Double version = null;
String checkPgCryptoAvailable = "SELECT default_version AS version FROM pg_available_extensions WHERE name=?";
// Run the query to obtain the version of 'pgcrypto' available
try (PreparedStatement statement = connection.prepareStatement(checkPgCryptoAvailable)) {
statement.setString(1, PGCRYPTO);
try (ResultSet results = statement.executeQuery()) {
if (results.next()) {
version = results.getDouble("version");
}
}
} catch (SQLException e) {
throw new FlywayException("Unable to determine whether 'pgcrypto' extension is available.", e);
}
return version;
}
/**
* Get version of pgcrypto extension installed in the DSpace database.
* <P>
* The pgcrypto extension is required for Postgres databases to support
* UUIDs.
*
* @param connection database connection
* @return version number or null if not installed
*/
protected static Double getPgcryptoInstalledVersion(Connection connection) {
Double version = null;
String checkPgCryptoInstalled = "SELECT extversion AS version FROM pg_extension WHERE extname=?";
// Run the query to obtain the version of 'pgcrypto' installed on this database
try (PreparedStatement statement = connection.prepareStatement(checkPgCryptoInstalled)) {
statement.setString(1, PGCRYPTO);
try (ResultSet results = statement.executeQuery()) {
if (results.next()) {
version = results.getDouble("version");
}
}
} catch (SQLException e) {
throw new FlywayException("Unable to determine whether 'pgcrypto' extension is installed.", e);
}
return version;
}
/**
* Check if the pgcrypto extension is BOTH installed AND up-to-date.
* <P>
* This requirement is only needed for PostgreSQL databases.
* It doesn't matter what schema pgcrypto is installed in, as long as it exists.
*
* @return true if everything is installed and up-to-date. False otherwise.
*/
public static boolean isPgcryptoUpToDate() {
// Get our configured dataSource
DataSource dataSource = DatabaseUtils.getDataSource();
try (Connection connection = dataSource.getConnection()) {
Double pgcryptoInstalled = getPgcryptoInstalledVersion(connection);
// Check if installed & up-to-date in this DSpace database
if (pgcryptoInstalled != null && pgcryptoInstalled.compareTo(PGCRYPTO_VERSION) >= 0) {
return true;
}
return false;
} catch (SQLException e) {
throw new FlywayException("Unable to determine whether 'pgcrypto' extension is up-to-date.", e);
}
}
/**
* Check if the pgcrypto extension is installed into a particular schema
* <P>
* This allows us to check if pgcrypto needs to be REMOVED prior to running
* a 'clean' on this database. If pgcrypto is in the same schema as the
* dspace database, a 'clean' will require removing pgcrypto FIRST.
*
* @param schema name of schema
* @return true if pgcrypto is in this schema. False otherwise.
*/
public static boolean isPgcryptoInSchema(String schema) {
// Get our configured dataSource
DataSource dataSource = DatabaseUtils.getDataSource();
try (Connection connection = dataSource.getConnection()) {
// Check if pgcrypto is installed in the current database schema.
String pgcryptoInstalledInSchema = "SELECT extversion FROM pg_extension,pg_namespace " +
"WHERE pg_extension.extnamespace=pg_namespace.oid " +
"AND extname=? " +
"AND nspname=?;";
Double pgcryptoVersion = null;
try (PreparedStatement statement = connection.prepareStatement(pgcryptoInstalledInSchema)) {
statement.setString(1, PGCRYPTO);
statement.setString(2, schema);
try (ResultSet results = statement.executeQuery()) {
if (results.next()) {
pgcryptoVersion = results.getDouble("extversion");
}
}
}
// If a pgcrypto version returns, it's installed in this schema
if (pgcryptoVersion != null) {
return true;
} else {
return false;
}
} catch (SQLException e) {
throw new FlywayException(
"Unable to determine whether 'pgcrypto' extension is installed in schema '" + schema + "'.", e);
}
}
/**
* Check if the current user has permissions to run a clean on existing
* database.
* <P>
* Mostly this just checks if you need to remove pgcrypto, and if so,
* whether you have permissions to do so.
*
* @param connection database connection
* @return true if permissions valid, false otherwise
*/
protected static boolean checkCleanPermissions(Connection connection) {
try {
// get username of our db user
String username = connection.getMetaData().getUserName();
// Check their permissions. Are they a 'superuser'?
String checkSuperuser = "SELECT rolsuper FROM pg_roles WHERE rolname=?;";
boolean superuser = false;
try (PreparedStatement statement = connection.prepareStatement(checkSuperuser)) {
statement.setString(1, username);
try (ResultSet results = statement.executeQuery()) {
if (results.next()) {
superuser = results.getBoolean("rolsuper");
}
}
} catch (SQLException e) {
throw new FlywayException("Unable to determine if user '" + username + "' is a superuser.", e);
}
// If user is a superuser, then "clean" can be run successfully
if (superuser) {
return true;
} else {
// Otherwise, we'll need to see which schema 'pgcrypto' is installed in
// Get current schema name
String schema = getSchemaName(connection);
// If pgcrypto is installed in this schema, then superuser privileges are needed to remove it
if (isPgcryptoInSchema(schema)) {
return false;
} else {
// otherwise, a 'clean' can be run by anyone
return true;
}
}
} catch (SQLException e) {
throw new FlywayException("Unable to determine if DB user has 'clean' privileges.", e);
}
}
}

1
dspace-api/src/main/resources/spring/spring-dspace-core-services.xml
View File

@@ -27,7 +27,6 @@
<!-- Register all our Flyway callback classes (which run before/after database migrations) --> <!-- Register all our Flyway callback classes (which run before/after database migrations) -->
<bean class="org.dspace.storage.rdbms.RegistryUpdater"/> <bean class="org.dspace.storage.rdbms.RegistryUpdater"/>
<bean class="org.dspace.storage.rdbms.GroupServiceInitializer"/> <bean class="org.dspace.storage.rdbms.GroupServiceInitializer"/>
<bean class="org.dspace.storage.rdbms.PostgreSQLCryptoChecker"/>
<bean class="org.dspace.storage.rdbms.SiteServiceInitializer"/> <bean class="org.dspace.storage.rdbms.SiteServiceInitializer"/>
<bean class="org.dspace.storage.rdbms.EntityTypeServiceInitializer"/> <bean class="org.dspace.storage.rdbms.EntityTypeServiceInitializer"/>

13
dspace/src/main/docker-compose/README.md
View File

@@ -297,16 +297,7 @@ Here's how to fix those issues by migrating your old Postgres data to the new ve
1. First, you must start up the older PostgreSQL image (to dump your existing data to a `*.sql` file) 1. First, you must start up the older PostgreSQL image (to dump your existing data to a `*.sql` file)
``` ```
# This command assumes you are using the process described above to start all your containers # This command assumes you are using the process described above to start all your containers
docker compose -p d9 up -d POSTGRES_VERSION=11 docker compose -p d9 up -d
```
* If you've already accidentally updated to the new PostgreSQL image, you have a few options:
* Pull down an older version of the image from Dockerhub (using a tag)
* Or, temporarily rebuild your local image with the old version of Postgres. For example:
```
# This command will rebuild using PostgreSQL v11 & tag it locally as "latest"
docker build --build-arg POSTGRES_VERSION=11 -t dspace/dspace-postgres-pgcrypto:latest ./dspace/src/main/docker/dspace-postgres-pgcrypto/
# Then restart container with that image
docker compose -p d9 up -d
``` ```
2. Dump your entire "dspace" database out of the old "dspacedb" container to a local file named `pgdump.sql` 2. Dump your entire "dspace" database out of the old "dspacedb" container to a local file named `pgdump.sql`
``` ```
@@ -336,7 +327,7 @@ Here's how to fix those issues by migrating your old Postgres data to the new ve
# Assumes you are using `-p d9` which prefixes all volumes with `d9_` # Assumes you are using `-p d9` which prefixes all volumes with `d9_`
docker volume rm d9_pgdata docker volume rm d9_pgdata
``` ```
5. Now, pull down the latest PostgreSQL image with the NEW version of PostgreSQL. 5. Just for safety, pull down the latest versions of all images
``` ```
docker compose -f docker-compose.yml -f docker-compose-cli.yml pull docker compose -f docker-compose.yml -f docker-compose-cli.yml pull
``` ```

2
dspace/src/main/docker-compose/db.entities.yml
View File

@@ -8,7 +8,7 @@
services: services:
dspacedb: dspacedb:
image: dspace/dspace-postgres-pgcrypto:${DSPACE_VER:-latest}-loadsql image: dspace/dspace-postgres-loadsql:${DSPACE_VER:-latest}
environment: environment:
# This SQL is available from https://github.com/DSpace-Labs/AIP-Files/releases/tag/demo-entities-data # This SQL is available from https://github.com/DSpace-Labs/AIP-Files/releases/tag/demo-entities-data
- LOADSQL=https://github.com/DSpace-Labs/AIP-Files/releases/download/demo-entities-data/dspace7-entities-data.sql - LOADSQL=https://github.com/DSpace-Labs/AIP-Files/releases/download/demo-entities-data/dspace7-entities-data.sql

2
dspace/src/main/docker-compose/db.restore.yml
View File

@@ -12,7 +12,7 @@
# This can be used to restore a "dspacedb" container from a pg_dump, or during upgrade to a new version of PostgreSQL. # This can be used to restore a "dspacedb" container from a pg_dump, or during upgrade to a new version of PostgreSQL.
services: services:
dspacedb: dspacedb:
image: dspace/dspace-postgres-pgcrypto:${DSPACE_VER:-latest}-loadsql image: dspace/dspace-postgres-loadsql:${DSPACE_VER:-latest}
environment: environment:
# Location where the dump SQL file will be available on the running container # Location where the dump SQL file will be available on the running container
- LOCALSQL=/tmp/pgdump.sql - LOCALSQL=/tmp/pgdump.sql

39
dspace/src/main/docker/README.md
View File

@@ -75,47 +75,30 @@ Admins to our DockerHub repo can publish with the following command.
docker push dspace/dspace-cli:latest docker push dspace/dspace-cli:latest
``` ```
## ./dspace-postgres-pgcrypto/Dockerfile ## ./dspace-postgres-loadsql/Dockerfile
This is a PostgreSQL Docker image (based off the Official Postgres image) which also contains `curl`.
The image is pre-configured to load a Postgres database dump on initialization. Therefore, its primarily usage is for
database restoration from a SQL file dump / backup. It is not necessary to use this image for a DSpace Docker
installation.
This is a PostgreSQL Docker image containing the `pgcrypto` extension required by DSpace 6+.
This image is built *automatically* after each commit is made to the `main` branch. This image is built *automatically* after each commit is made to the `main` branch.
How to build manually: How to build manually:
``` ```
cd dspace/src/main/docker/dspace-postgres-pgcrypto cd dspace/src/main/docker/dspace-postgres-loadsql
docker build -t dspace/dspace-postgres-pgcrypto:latest . docker build -t dspace/dspace-postgres-loadsql:latest .
``` ```
It is also possible to change the version of PostgreSQL or the PostgreSQL user's password during the build: It is also possible to change the version of PostgreSQL or the PostgreSQL user's password during the build:
``` ```
cd dspace/src/main/docker/dspace-postgres-pgcrypto cd dspace/src/main/docker/dspace-postgres-loadsql
docker build -t dspace/dspace-postgres-pgcrypto:latest --build-arg POSTGRES_VERSION=11 --build-arg POSTGRES_PASSWORD=mypass . docker build -t dspace/dspace-postgres-loadsql:latest --build-arg POSTGRES_VERSION=17 --build-arg POSTGRES_PASSWORD=mypass .
``` ```
Admins to our DockerHub repo can (manually) publish with the following command. Admins to our DockerHub repo can (manually) publish with the following command.
``` ```
docker push dspace/dspace-postgres-pgcrypto:latest docker push dspace/dspace-postgres-loadsql:latest
```
## ./dspace-postgres-pgcrypto-curl/Dockerfile
This is a PostgreSQL Docker image containing the `pgcrypto` extension required by DSpace 6+.
This image also contains `curl`. The image is pre-configured to load a Postgres database dump on initialization.
This image is built *automatically* after each commit is made to the `main` branch.
How to build manually:
```
cd dspace/src/main/docker/dspace-postgres-pgcrypto-curl
docker build -t dspace/dspace-postgres-pgcrypto:latest-loadsql .
```
Similar to `dspace-postgres-pgcrypto` above, you can also modify the version of PostgreSQL or the PostgreSQL user's password.
See examples above.
Admins to our DockerHub repo can (manually) publish with the following command.
```
docker push dspace/dspace-postgres-pgcrypto:latest-loadsql
``` ```
## ./dspace-shibboleth/Dockerfile ## ./dspace-shibboleth/Dockerfile

14
dspace/src/main/docker/dspace-postgres-pgcrypto-curl/Dockerfile → dspace/src/main/docker/dspace-postgres-loadsql/Dockerfile
View File

@@ -6,21 +6,23 @@
# http://www.dspace.org/license/ # http://www.dspace.org/license/
# #
# To build for example use: # Example build:
# docker build --build-arg POSTGRES_VERSION=13 --build-arg POSTGRES_PASSWORD=mypass ./dspace/src/main/docker/dspace-postgres-pgcrypto-curl/ # docker build --build-arg POSTGRES_VERSION=17 --build-arg POSTGRES_PASSWORD=mypass ./dspace/src/main/docker/dspace-postgres-loadsql/
# This will be published as dspace/dspace-postgres-pgcrypto:$DSPACE_VERSION-loadsql # This will be published as dspace/dspace-postgres-loadsql:$DSPACE_VERSION
ARG POSTGRES_VERSION=15 ARG POSTGRES_VERSION=15
ARG POSTGRES_DB=dspace
ARG POSTGRES_USER=dspace
ARG POSTGRES_PASSWORD=dspace ARG POSTGRES_PASSWORD=dspace
FROM docker.io/postgres:${POSTGRES_VERSION} FROM docker.io/postgres:${POSTGRES_VERSION}
ENV POSTGRES_DB=dspace ENV POSTGRES_DB=${POSTGRES_DB}
ENV POSTGRES_USER=dspace ENV POSTGRES_USER=${POSTGRES_USER}
ENV POSTGRES_PASSWORD=${POSTGRES_PASSWORD} ENV POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
# Install curl which is necessary to load SQL file # Install curl which is necessary to load SQL file
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
# Load a SQL dump. Set LOADSQL to a URL for the sql dump file. # Load a SQL dump. Set LOADSQL to a URL for the sql dump file.
COPY install-pgcrypto.sh /docker-entrypoint-initdb.d/ COPY loadsql.sh /docker-entrypoint-initdb.d/

13
dspace/src/main/docker/dspace-postgres-pgcrypto-curl/install-pgcrypto.sh → dspace/src/main/docker/dspace-postgres-loadsql/loadsql.sh
View File

@@ -34,16 +34,3 @@ then
touch $CHECKFILE touch $CHECKFILE
fi fi
# Then, setup pgcrypto on this database
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-- Create a new schema in this database named "extensions" (or whatever you want to name it)
CREATE SCHEMA IF NOT EXISTS extensions;
-- Enable this extension in this new schema
CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions;
-- Update your database's "search_path" to also search the new "extensions" schema.
-- You are just appending it on the end of the existing comma-separated list.
ALTER DATABASE dspace SET search_path TO "\$user",public,extensions;
-- Grant rights to call functions in the extensions schema to your dspace user
GRANT USAGE ON SCHEMA extensions TO $POSTGRES_USER;
EOSQL

23
dspace/src/main/docker/dspace-postgres-pgcrypto/Dockerfile
View File

@@ -1,23 +0,0 @@
#
# The contents of this file are subject to the license and copyright
# detailed in the LICENSE and NOTICE files at the root of the source
# tree and available online at
#
# http://www.dspace.org/license/
#
# To build for example use:
# docker build --build-arg POSTGRES_VERSION=13 --build-arg POSTGRES_PASSWORD=mypass ./dspace/src/main/docker/dspace-postgres-pgcrypto/
# This will be published as dspace/dspace-postgres-pgcrypto:$DSPACE_VERSION
ARG POSTGRES_VERSION=15
ARG POSTGRES_PASSWORD=dspace
FROM docker.io/postgres:${POSTGRES_VERSION}
ENV POSTGRES_DB=dspace
ENV POSTGRES_USER=dspace
ENV POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
# Copy over script which will initialize database and install pgcrypto extension
COPY install-pgcrypto.sh /docker-entrypoint-initdb.d/

22
dspace/src/main/docker/dspace-postgres-pgcrypto/install-pgcrypto.sh
View File

@@ -1,22 +0,0 @@
#!/bin/bash
#
# The contents of this file are subject to the license and copyright
# detailed in the LICENSE and NOTICE files at the root of the source
# tree and available online at
#
# http://www.dspace.org/license/
#
set -e
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
-- Create a new schema in this database named "extensions" (or whatever you want to name it)
CREATE SCHEMA IF NOT EXISTS extensions;
-- Enable this extension in this new schema
CREATE EXTENSION IF NOT EXISTS pgcrypto WITH SCHEMA extensions;
-- Update your database's "search_path" to also search the new "extensions" schema.
-- You are just appending it on the end of the existing comma-separated list.
ALTER DATABASE dspace SET search_path TO "\$user",public,extensions;
-- Grant rights to call functions in the extensions schema to your dspace user
GRANT USAGE ON SCHEMA extensions TO $POSTGRES_USER;
EOSQL

14
pom.xml
View File

@@ -31,8 +31,8 @@
<ehcache.version>3.10.8</ehcache.version> <ehcache.version>3.10.8</ehcache.version>
<errorprone.version>2.41.0</errorprone.version> <errorprone.version>2.41.0</errorprone.version>
<!-- NOTE: when updating jackson.version, also sync jackson-databind.version below --> <!-- NOTE: when updating jackson.version, also sync jackson-databind.version below -->
<jackson.version>2.19.0</jackson.version> <jackson.version>2.19.2</jackson.version>
<jackson-databind.version>2.19.0</jackson-databind.version> <jackson-databind.version>2.19.2</jackson-databind.version>
<jakarta-annotation.version>2.1.1</jakarta-annotation.version> <jakarta-annotation.version>2.1.1</jakarta-annotation.version>
<jaxb-api.version>4.0.2</jaxb-api.version> <jaxb-api.version>4.0.2</jaxb-api.version>
<jaxb-runtime.version>4.0.5</jaxb-runtime.version> <jaxb-runtime.version>4.0.5</jaxb-runtime.version>
@@ -1509,7 +1509,7 @@
<dependency> <dependency>
<groupId>commons-codec</groupId> <groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId> <artifactId>commons-codec</artifactId>
<version>1.18.0</version> <version>1.19.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
@@ -1536,12 +1536,12 @@
<dependency> <dependency>
<groupId>commons-io</groupId> <groupId>commons-io</groupId>
<artifactId>commons-io</artifactId> <artifactId>commons-io</artifactId>
<version>2.19.0</version> <version>2.20.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId> <artifactId>commons-lang3</artifactId>
<version>3.17.0</version> <version>3.18.0</version>
</dependency> </dependency>
<!-- NOTE: We don't use commons-logging, commons-compress or commons-csv directly, <!-- NOTE: We don't use commons-logging, commons-compress or commons-csv directly,
but many dependencies rely on them. Only here specified to avoid dependency convergence issues. --> but many dependencies rely on them. Only here specified to avoid dependency convergence issues. -->
@@ -1568,12 +1568,12 @@
<dependency> <dependency>
<groupId>org.apache.commons</groupId> <groupId>org.apache.commons</groupId>
<artifactId>commons-text</artifactId> <artifactId>commons-text</artifactId>
<version>1.13.1</version> <version>1.14.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>commons-validator</groupId> <groupId>commons-validator</groupId>
<artifactId>commons-validator</artifactId> <artifactId>commons-validator</artifactId>
<version>1.9.0</version> <version>1.10.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>jakarta.activation</groupId> <groupId>jakarta.activation</groupId>