[Pkg-freeipa-devel] [Git][freeipa-team/tomcatjss][upstream] 21 commits: Update version number to 8.0.0-alpha1
Timo Aaltonen (@tjaalton)
gitlab at salsa.debian.org
Tue Oct 19 08:53:15 BST 2021
Timo Aaltonen pushed to branch upstream at FreeIPA packaging / tomcatjss
Commits:
5baf1b72 by Endi S. Dewata at 2021-06-16T16:40:27-05:00
Update version number to 8.0.0-alpha1
- - - - -
90f005ef by Endi S. Dewata at 2021-06-18T19:25:29-05:00
Drop Java 1.8 support
- - - - -
7cb22849 by Endi S. Dewata at 2021-06-18T19:49:10-05:00
Add configurable test matrix
The test workflow have been modified to load the test
matrix from MATRIX secret variable. If the secret is
not defined, it will use the latest Fedora version
and the previous version.
- - - - -
4dedaae9 by Endi S. Dewata at 2021-06-18T20:34:17-05:00
Add Dockerfile
- - - - -
a0f11722 by Endi S. Dewata at 2021-06-18T20:35:14-05:00
Add test tools
- - - - -
df977d7a by Endi S. Dewata at 2021-06-18T20:46:34-05:00
Add PKI tests
- - - - -
29c80842 by Chris Kelley at 2021-06-21T17:24:59+01:00
Add missing @override annotations
- - - - -
1636c78a by Chris Kelley at 2021-06-21T17:24:59+01:00
Remove redundant type specifications
- - - - -
3179b499 by Endi S. Dewata at 2021-07-16T14:41:37-05:00
Add GitLab synchronization job
The .gitlab-ci.yml has been added to define a job to
synchronize a branch from an upstream repository to a
GitLab repository.
- - - - -
012bf803 by Endi S. Dewata at 2021-07-28T15:16:45-05:00
Add init-workflow.sh
The init-workflow.sh has been added to configure the test
matrix based on the BASE64_MATRIX variable. The test matrix
needs to be base64-encoded since otherwise GitHub will mask
the value rendering it unusable.
- - - - -
a0c6db64 by Endi S. Dewata at 2021-07-29T15:23:07-05:00
Add test repository configuration
The init-workflow.sh has been modified to load the test
repository from BASE64_REPO variable. The test repository
will be configured in the runner image so all tests using
the same image will automatically use the same repository.
- - - - -
5417289e by Endi S. Dewata at 2021-07-29T17:20:29-05:00
Update default test matrix
The init-workflow.sh has been modified to test
against the latest Fedora version by default.
- - - - -
b373daa2 by Endi S. Dewata at 2021-08-03T15:43:22-05:00
Replace backquote with $() in build.sh
- - - - -
4ab95988 by Endi S. Dewata at 2021-08-11T21:09:25-05:00
Drop Java 1.8 compatibility
- - - - -
9f10a5fe by Endi S. Dewata at 2021-08-11T21:09:25-05:00
Fix build directory in tomcatjss.spec
- - - - -
b42527c8 by Endi S. Dewata at 2021-08-11T21:09:25-05:00
Update version number to 8.0.0-alpha2
- - - - -
70c8612a by Endi S. Dewata at 2021-09-23T08:56:50-05:00
Add SSL test
A new job has been added to test creating an SSL connector
in a basic PKI server instance.
- - - - -
6f20e697 by Endi S. Dewata at 2021-09-30T15:14:47-05:00
Fix java_home path
- - - - -
3c434ce4 by Endi S. Dewata at 2021-09-30T15:14:47-05:00
Update version number to 8.0.0
- - - - -
44d7114e by Endi S. Dewata at 2021-09-30T18:10:21-05:00
Fix java_home path
- - - - -
dd21d767 by Endi S. Dewata at 2021-09-30T22:29:07-05:00
Revert java_home path
- - - - -
19 changed files:
- + .github/workflows/pki-tests.yml
- − .github/workflows/required.yml
- .gitignore
- + .gitlab-ci.yml
- + Dockerfile
- build.sh
- build.xml
- core/src/main/java/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
- core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
- + docs/development/Synchronizing-GitLab-Branch.adoc
- + tests/bin/ds-artifacts-save.sh
- + tests/bin/ds-create.sh
- + tests/bin/ds-remove.sh
- + tests/bin/init-workflow.sh
- + tests/bin/pki-artifacts-save.sh
- + tests/bin/runner-init.sh
- tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
- tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSUtil.java
- tomcatjss.spec
Changes:
=====================================
.github/workflows/pki-tests.yml
=====================================
@@ -0,0 +1,227 @@
+name: PKI Tests
+
+on: [push, pull_request]
+
+jobs:
+ init:
+ name: Initializing Workflow
+ runs-on: ubuntu-latest
+ outputs:
+ matrix: ${{ steps.init.outputs.matrix }}
+ repo: ${{ steps.init.outputs.repo }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Initialize workflow
+ id: init
+ env:
+ BASE64_MATRIX: ${{ secrets.BASE64_MATRIX }}
+ BASE64_REPO: ${{ secrets.BASE64_REPO }}
+ run: |
+ tests/bin/init-workflow.sh
+
+ build:
+ name: Building TomcatJSS
+ needs: init
+ runs-on: ubuntu-latest
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Set up Docker Buildx
+ uses: docker/setup-buildx-action at v1
+
+ - name: Build runner image
+ uses: docker/build-push-action at v2
+ with:
+ context: .
+ build-args: |
+ OS_VERSION=${{ matrix.os }}
+ COPR_REPO=${{ needs.init.outputs.repo }}
+ BUILD_OPTS=--with-timestamp --with-commit-id
+ tags: tomcatjss-runner
+ target: tomcatjss-runner
+ outputs: type=docker,dest=/tmp/tomcatjss-runner.tar
+
+ - name: Upload runner image
+ uses: actions/upload-artifact at v2
+ with:
+ name: tomcatjss-runner-${{ matrix.os }}
+ path: /tmp/tomcatjss-runner.tar
+
+ # https://github.com/dogtagpki/pki/blob/master/docs/installation/server/Installing_Basic_PKI_Server.md
+ ssl-test:
+ name: Testing SSL Connector
+ needs: [init, build]
+ runs-on: ubuntu-latest
+ env:
+ SHARED: /tmp/workdir/tomcatjss
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Download runner image
+ uses: actions/download-artifact at v2
+ with:
+ name: tomcatjss-runner-${{ matrix.os }}
+ path: /tmp
+
+ - name: Load runner image
+ run: docker load --input /tmp/tomcatjss-runner.tar
+
+ - name: Run container
+ run: |
+ IMAGE=tomcatjss-runner \
+ NAME=pki \
+ HOSTNAME=pki.example.com \
+ tests/bin/runner-init.sh
+
+ - name: Install PKI packages
+ run: docker exec pki dnf install -y pki-server sslscan
+
+ - name: Create PKI server
+ run: docker exec pki pki-server create
+
+ - name: Create NSS database
+ run: docker exec pki pki-server nss-create --no-password
+
+ - name: Create SSL server cert request
+ run: |
+ docker exec pki pki \
+ -d /var/lib/pki/pki-tomcat/conf/alias \
+ nss-cert-request \
+ --subject "CN=pki.example.com" \
+ --ext /usr/share/pki/server/certs/sslserver.conf \
+ --csr sslserver.csr
+ docker exec pki openssl req -text -noout -in sslserver.csr
+
+ - name: Issue self-signed SSL server cert
+ run: |
+ docker exec pki pki \
+ -d /var/lib/pki/pki-tomcat/conf/alias \
+ nss-cert-issue \
+ --csr sslserver.csr \
+ --ext /usr/share/pki/server/certs/sslserver.conf \
+ --cert sslserver.crt
+ docker exec pki openssl x509 -text -noout -in sslserver.crt
+
+ - name: Import SSL server cert
+ run: |
+ docker exec pki pki \
+ -d /var/lib/pki/pki-tomcat/conf/alias \
+ nss-cert-import \
+ --cert sslserver.crt \
+ sslserver
+
+ - name: Enable JSS in PKI server
+ run: docker exec pki pki-server jss-enable
+
+ - name: Create SSL connector
+ run: |
+ docker exec pki pki-server http-connector-add \
+ --port 8443 \
+ --scheme https \
+ --secure true \
+ --sslEnabled true \
+ --sslProtocol SSL \
+ --sslImpl org.dogtagpki.tomcat.JSSImplementation \
+ Secure
+
+ - name: Configure SSL certificate
+ run: |
+ docker exec pki pki-server http-connector-cert-add \
+ --keyAlias sslserver \
+ --keystoreType pkcs11 \
+ --keystoreProvider Mozilla-JSS
+
+ - name: Create ROOT web application
+ run: |
+ docker exec pki mkdir /var/lib/pki/pki-tomcat/webapps/ROOT
+ docker exec pki touch /var/lib/pki/pki-tomcat/webapps/ROOT/index.html
+
+ - name: Start PKI server
+ run: docker exec pki pki-server start --wait
+
+ - name: Verify SSL connection
+ run: docker exec pki sslscan pki.example.com:8443
+
+ - name: Stop PKI server
+ run: docker exec pki pki-server stop --wait
+
+ - name: Remove PKI server
+ run: docker exec pki pki-server remove
+
+ # https://github.com/dogtagpki/pki/blob/master/docs/installation/ca/Installing_CA.md
+ ca-test:
+ name: Testing CA Installation
+ needs: [init, build]
+ runs-on: ubuntu-latest
+ env:
+ SHARED: /tmp/workdir/tomcatjss
+ strategy:
+ matrix: ${{ fromJSON(needs.init.outputs.matrix) }}
+ steps:
+ - name: Clone repository
+ uses: actions/checkout at v2
+
+ - name: Download runner image
+ uses: actions/download-artifact at v2
+ with:
+ name: tomcatjss-runner-${{ matrix.os }}
+ path: /tmp
+
+ - name: Load runner image
+ run: docker load --input /tmp/tomcatjss-runner.tar
+
+ - name: Run container
+ run: |
+ IMAGE=tomcatjss-runner \
+ NAME=pki \
+ HOSTNAME=pki.example.com \
+ tests/bin/runner-init.sh
+
+ - name: Install DS and PKI packages
+ run: docker exec pki dnf install -y 389-ds-base pki-ca
+
+ - name: Install DS
+ run: docker exec pki ${SHARED}/tests/bin/ds-create.sh
+
+ - name: Install CA
+ run: docker exec pki pkispawn -f /usr/share/pki/server/examples/installation/ca.cfg -s CA -v
+
+ - name: Run PKI healthcheck
+ run: docker exec pki pki-healthcheck --debug
+
+ - name: Verify CA admin
+ run: |
+ docker exec pki pki-server cert-export ca_signing --cert-file ca_signing.crt
+ docker exec pki pki client-cert-import ca_signing --ca-cert ca_signing.crt
+ docker exec pki pki client-cert-import \
+ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \
+ --pkcs12-password-file /root/.dogtag/pki-tomcat/ca/pkcs12_password.conf
+ docker exec pki pki -n caadmin ca-user-show caadmin
+
+ - name: Gather artifacts
+ if: always()
+ run: |
+ tests/bin/ds-artifacts-save.sh pki
+ tests/bin/pki-artifacts-save.sh pki
+
+ - name: Remove CA
+ run: docker exec pki pkidestroy -i pki-tomcat -s CA -v
+
+ - name: Remove DS
+ run: docker exec pki ${SHARED}/tests/bin/ds-remove.sh
+
+ - name: Upload artifacts
+ if: always()
+ uses: actions/upload-artifact at v2
+ with:
+ name: ca-${{ matrix.os }}
+ path: |
+ /tmp/artifacts/pki
=====================================
.github/workflows/required.yml deleted
=====================================
@@ -1,20 +0,0 @@
-name: Required Tests
-
-on: [push, pull_request]
-
-jobs:
- test:
- runs-on: ubuntu-latest
- container: ${{ matrix.image }}
- strategy:
- matrix:
- image: ['fedora:33', 'fedora:latest']
- steps:
- - run: dnf install -y dnf-plugins-core gcc make rpm-build git
- - name: Clone the repository
- uses: actions/checkout at v2
- - run: dnf copr -y enable ${TOMCATJSS_7_4_REPO:- at pki/master}
- - run: dnf builddep -y --spec tomcatjss.spec
- - run: dnf remove -y tomcat-native
- - run: ./build.sh --with-timestamp --with-commit-id --work-dir=../packages rpm
- - run: rpm -Uvh ../packages/RPMS/*
=====================================
.gitignore
=====================================
@@ -1,3 +1,4 @@
-bin
+/bin
build
dist
+target/
=====================================
.gitlab-ci.yml
=====================================
@@ -0,0 +1,22 @@
+image: fedora
+
+sync:
+
+ script:
+ - echo "Synchronizing $CI_COMMIT_BRANCH branch from $UPSTREAM_URL to $CI_PROJECT_URL"
+ - dnf install -y git
+ - git remote set-url origin https://sync:$ACCESS_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git
+ - git remote remove upstream || true
+ - git remote add upstream $UPSTREAM_URL
+ - git remote -v
+ - git fetch upstream $CI_COMMIT_BRANCH
+ - git checkout upstream/$CI_COMMIT_BRANCH
+ - git log origin/$CI_COMMIT_BRANCH..upstream/$CI_COMMIT_BRANCH --oneline
+ - GIT_SSL_NO_VERIFY=true git push origin HEAD:$CI_COMMIT_BRANCH
+
+ rules:
+ - if: $SYNC == "true"
+
+ tags:
+ # Use shared runners.
+ - shared
=====================================
Dockerfile
=====================================
@@ -0,0 +1,47 @@
+#
+# Copyright Red Hat, Inc.
+#
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+
+ARG OS_VERSION="latest"
+ARG COPR_REPO="@pki/master"
+
+################################################################################
+FROM registry.fedoraproject.org/fedora:$OS_VERSION AS tomcatjss-builder
+
+ARG COPR_REPO
+ARG BUILD_OPTS
+
+# Enable COPR repo if specified
+RUN if [ -n "$COPR_REPO" ]; then dnf install -y dnf-plugins-core; dnf copr enable -y $COPR_REPO; fi
+
+# Import source
+COPY . /tmp/tomcatjss/
+WORKDIR /tmp/tomcatjss
+
+# Build packages
+RUN dnf install -y git rpm-build
+RUN dnf builddep -y --spec tomcatjss.spec
+RUN ./build.sh $BUILD_OPTS --work-dir=build rpm
+
+################################################################################
+FROM registry.fedoraproject.org/fedora:$OS_VERSION AS tomcatjss-runner
+
+ARG COPR_REPO
+
+EXPOSE 389 8080 8443
+
+# Enable COPR repo if specified
+RUN if [ -n "$COPR_REPO" ]; then dnf install -y dnf-plugins-core; dnf copr enable -y $COPR_REPO; fi
+
+# Import packages
+COPY --from=tomcatjss-builder /tmp/tomcatjss/build/RPMS /tmp/RPMS/
+
+# Install packages
+RUN dnf localinstall -y /tmp/RPMS/*; rm -rf /tmp/RPMS
+
+# Install systemd to run the container
+RUN dnf install -y systemd
+
+CMD [ "/usr/sbin/init" ]
=====================================
build.sh
=====================================
@@ -7,10 +7,10 @@
NAME=tomcatjss
-SCRIPT_PATH=`readlink -f "$0"`
-SCRIPT_NAME=`basename "$SCRIPT_PATH"`
+SCRIPT_PATH="$(readlink -f "$0")"
+SCRIPT_NAME="$(basename "$SCRIPT_PATH")"
-SRC_DIR=`dirname "$SCRIPT_PATH"`
+SRC_DIR="$(dirname "$SCRIPT_PATH")"
WORK_DIR="$HOME/build/$NAME"
SOURCE_TAG=
@@ -61,8 +61,8 @@ generate_rpm_sources() {
if [ "$SOURCE_TAG" != "HEAD" ] ; then
- TAG_ID=`git -C "$SRC_DIR" rev-parse $SOURCE_TAG`
- HEAD_ID=`git -C "$SRC_DIR" rev-parse HEAD`
+ TAG_ID="$(git -C "$SRC_DIR" rev-parse $SOURCE_TAG)"
+ HEAD_ID="$(git -C "$SRC_DIR" rev-parse HEAD)"
if [ "$TAG_ID" != "$HEAD_ID" ] ; then
generate_patch
@@ -136,7 +136,7 @@ while getopts v-: arg ; do
case $OPTARG in
work-dir=?*)
- WORK_DIR=`readlink -f "$LONG_OPTARG"`
+ WORK_DIR="$(readlink -f "$LONG_OPTARG")"
;;
source-tag=?*)
SOURCE_TAG="$LONG_OPTARG"
@@ -203,13 +203,13 @@ if [ "$BUILD_TARGET" != "src" ] &&
fi
SPEC_TEMPLATE="$SRC_DIR/$NAME.spec"
-VERSION="`rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}'`"
+VERSION="$(rpmspec -P "$SPEC_TEMPLATE" | grep "^Version:" | awk '{print $2;}')"
if [ "$DEBUG" = true ] ; then
echo "VERSION: $VERSION"
fi
-RELEASE="`rpmspec -P "$SPEC_TEMPLATE" --undefine dist | grep "^Release:" | awk '{print $2;}'`"
+RELEASE="$(rpmspec -P "$SPEC_TEMPLATE" --undefine dist | grep "^Release:" | awk '{print $2;}')"
if [ "$DEBUG" = true ] ; then
echo "RELEASE: $RELEASE"
@@ -235,7 +235,7 @@ if [ "$DEBUG" = true ] ; then
fi
if [ "$WITH_COMMIT_ID" = true ]; then
- COMMIT_ID="`git -C "$SRC_DIR" rev-parse --short=8 HEAD`"
+ COMMIT_ID="$(git -C "$SRC_DIR" rev-parse --short=8 HEAD)"
_COMMIT_ID=".$COMMIT_ID"
fi
@@ -329,7 +329,7 @@ if [ $rc != 0 ]; then
exit 1
fi
-SRPM=`find "$WORK_DIR/SRPMS" -type f`
+SRPM="$(find "$WORK_DIR/SRPMS" -type f)"
echo "SRPM package:"
echo " $SRPM"
=====================================
build.xml
=====================================
@@ -217,7 +217,7 @@
description="compile the source " >
<!-- Compile the java code from ${src} into ${build} -->
<mkdir dir="${build.classes}"/>
- <javac debug="on" destdir="${build.classes}" source="1.8" target="1.8">
+ <javac debug="on" destdir="${build.classes}">
<src path="core/src/main/java"/>
<src path="${src.dir}/src/main/java"/>
<classpath refid="classpath"/>
=====================================
core/src/main/java/org/apache/tomcat/util/net/jss/PlainPasswordFile.java
=====================================
@@ -81,6 +81,7 @@ public class PlainPasswordFile implements IPasswordStore {
* @exception IOException if an error occurred when reading from the
* input stream.
*/
+ @Override
public void init(String pwdPath) throws IOException {
logger.debug("PlainPasswordFile: Initializing PlainPasswordFile");
// initialize mPwdStore
@@ -111,24 +112,29 @@ public class PlainPasswordFile implements IPasswordStore {
}
}
+ @Override
public String getPassword(String tag) {
return getPassword(tag, 0);
}
+ @Override
public String getPassword(String tag, int iteration) {
return mPwdStore.getProperty(tag);
}
// return an array of String-based tag
+ @Override
@SuppressWarnings("unchecked")
public Enumeration<String> getTags() {
return (Enumeration<String>) mPwdStore.propertyNames();
}
+ @Override
public Object putPassword(String tag, String password) {
return mPwdStore.setProperty(tag, password);
}
+ @Override
public synchronized void commit()
throws IOException, ClassCastException, NullPointerException {
try (FileOutputStream file = new FileOutputStream(mPwdPath);
=====================================
core/src/main/java/org/apache/tomcat/util/net/jss/TomcatJSS.java
=====================================
@@ -59,7 +59,7 @@ public class TomcatJSS implements SSLSocketListener {
public static TomcatJSS getInstance() { return INSTANCE; }
- Collection<SSLSocketListener> socketListeners = new ArrayList<SSLSocketListener>();
+ Collection<SSLSocketListener> socketListeners = new ArrayList<>();
String certdbDir;
CryptoManager manager;
=====================================
docs/development/Synchronizing-GitLab-Branch.adoc
=====================================
@@ -0,0 +1,48 @@
+= Synchronizing GitLab Branch =
+
+== Overview ==
+
+This page describes the procedure to synchronize a branch from an upstream repository
+to a GitLab repository.
+
+== Creating Access Token ==
+
+In the GitLab repository create a project access token with a **write_repository** permission.
+
+See link:https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html#creating-a-project-access-token[Creating a project access token].
+
+== Configuring Synchronization ==
+
+In the GitLab repository create the following variables:
+
+* `UPSTREAM_URL`: The URL of the upstream repository.
+** Unselect **Protect variable** to synchronize unprotected branches.
+* `ACCESS_TOKEN`: The value of the access token.
+** Unselect **Protect variable** to synchronize unprotected branches.
+** Select **Mask variable** to keep the access token hidden.
+
+See link:https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project[Add a CI/CD variable to a project].
+
+== Running Synchronization Manually ==
+
+In the GitLab repository run a pipeline with the following parameters:
+
+* **Run for branch name or tag**: The branch to be synchronized.
+* **Variables**:
+** `SYNC`: `true`
+
+See link:https://docs.gitlab.com/ee/ci/pipelines/#run-a-pipeline-manually[Run a pipeline manually].
+
+== Scheduling Automatic Synchronization ==
+
+In the GitLab repository create a schedule with the following parameters:
+
+* **Interval Pattern**: The frequency of synchronization.
+** To synchronize every hour, enter: `0 * * * *`
+* **Target Branch**: The branch to be synchronized.
+* **Variables**:
+** `SYNC`: `true`
+
+Additional schedules can be created for synchronizing other branches.
+
+See link:https://docs.gitlab.com/ee/ci/pipelines/schedules.html#configuring-pipeline-schedules[Configuring pipeline schedules].
=====================================
tests/bin/ds-artifacts-save.sh
=====================================
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+CONTAINER=$1
+INSTANCE=$2
+
+if [ "$INSTANCE" == "" ]
+then
+ INSTANCE=localhost
+fi
+
+ARTIFACTS=/tmp/artifacts/$CONTAINER
+
+mkdir -p $ARTIFACTS/etc
+mkdir -p $ARTIFACTS/var/log
+
+docker exec $CONTAINER ls -la /etc/dirsrv
+docker cp $CONTAINER:/etc/dirsrv $ARTIFACTS/etc
+
+docker exec $CONTAINER ls -la /var/log/dirsrv
+docker cp $CONTAINER:/var/log/dirsrv $ARTIFACTS/var/log
+docker exec $CONTAINER journalctl -u dirsrv@$INSTANCE.service > $ARTIFACTS/var/log/dirsrv/slapd-$INSTANCE/systemd.log
=====================================
tests/bin/ds-create.sh
=====================================
@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template ds.inf
+
+sed -i \
+ -e "s/;instance_name = .*/instance_name = localhost/g" \
+ -e "s/;root_password = .*/root_password = Secret.123/g" \
+ -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+ -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+ ds.inf
+
+dscreate from-file ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF
=====================================
tests/bin/ds-remove.sh
=====================================
@@ -0,0 +1,3 @@
+#!/bin/bash -ex
+
+dsctl slapd-localhost remove --do-it
=====================================
tests/bin/init-workflow.sh
=====================================
@@ -0,0 +1,21 @@
+#!/bin/bash -e
+
+if [ "$BASE64_MATRIX" == "" ]
+then
+ MATRIX="{\"os\":[\"latest\"]}"
+else
+ MATRIX=$(echo "$BASE64_MATRIX" | base64 -d)
+fi
+
+echo "MATRIX: $MATRIX"
+echo "::set-output name=matrix::$MATRIX"
+
+if [ "$BASE64_REPO" == "" ]
+then
+ REPO="@pki/master"
+else
+ REPO=$(echo "$BASE64_REPO" | base64 -d)
+fi
+
+echo "REPO: $REPO"
+echo "::set-output name=repo::$REPO"
=====================================
tests/bin/pki-artifacts-save.sh
=====================================
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+CONTAINER=$1
+INSTANCE=$2
+
+if [ "$INSTANCE" == "" ]
+then
+ INSTANCE=pki-tomcat
+fi
+
+ARTIFACTS=/tmp/artifacts/$CONTAINER
+
+mkdir -p $ARTIFACTS/etc/pki
+mkdir -p $ARTIFACTS/var/log
+
+docker exec $CONTAINER ls -la /etc/pki
+docker cp $CONTAINER:/etc/pki/pki.conf $ARTIFACTS/etc/pki
+docker cp $CONTAINER:/etc/pki/$INSTANCE $ARTIFACTS/etc/pki
+
+docker exec $CONTAINER ls -la /var/log/pki
+docker cp $CONTAINER:/var/log/pki $ARTIFACTS/var/log
+docker exec $CONTAINER journalctl -u pki-tomcatd@$INSTANCE.service > $ARTIFACTS/var/log/pki/$INSTANCE/systemd.log
=====================================
tests/bin/runner-init.sh
=====================================
@@ -0,0 +1,19 @@
+#!/bin/bash -ex
+
+docker run \
+ --name=${NAME} \
+ --hostname=${HOSTNAME} \
+ --detach \
+ --privileged \
+ --tmpfs /tmp \
+ --tmpfs /run \
+ -v /sys/fs/cgroup:/sys/fs/cgroup:ro \
+ -v ${GITHUB_WORKSPACE}:${SHARED} \
+ -i \
+ ${IMAGE}
+
+# Pause 5 seconds to let the container start up.
+# The container uses /usr/sbin/init as its entrypoint which requires few seconds
+# to startup. This avoids the following error:
+# [Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'
+sleep 5
=====================================
tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSContext.java
=====================================
@@ -41,6 +41,7 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
}
}
+ @Override
public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr) throws KeyManagementException {
logger.debug("JSSContext.init(...)");
@@ -57,6 +58,7 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
}
}
+ @Override
public javax.net.ssl.SSLEngine createSSLEngine() {
logger.debug("JSSContext.createSSLEngine()");
javax.net.ssl.SSLEngine eng = ctx.createSSLEngine();
@@ -69,21 +71,25 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
return eng;
}
+ @Override
public javax.net.ssl.SSLSessionContext getServerSessionContext() {
logger.debug("JSSContext.getServerSessionContext()");
return ctx.getServerSessionContext();
}
+ @Override
public javax.net.ssl.SSLServerSocketFactory getServerSocketFactory() {
logger.debug("JSSContext.getServerSocketFactory()");
return ctx.getServerSocketFactory();
}
+ @Override
public javax.net.ssl.SSLParameters getSupportedSSLParameters() {
logger.debug("JSSContext.getSupportedSSLParameters()");
return ctx.getSupportedSSLParameters();
}
+ @Override
public java.security.cert.X509Certificate[] getCertificateChain(java.lang.String alias) {
logger.debug("JSSContext.getCertificateChain(" + alias + ")");
@@ -94,6 +100,7 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
}
}
+ @Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
logger.debug("JSSContext.getAcceptedIssuers()");
@@ -104,6 +111,7 @@ public class JSSContext implements org.apache.tomcat.util.net.SSLContext {
}
}
+ @Override
public void destroy() {
logger.debug("JSSContext.destory()");
}
=====================================
tomcat-9.0/src/main/java/org/dogtagpki/tomcat/JSSUtil.java
=====================================
@@ -69,11 +69,11 @@ public class JSSUtil extends SSLUtilBase {
}
protocols = Collections.unmodifiableSet(
- new HashSet<String>(Arrays.asList(engine.getSupportedProtocols()))
+ new HashSet<>(Arrays.asList(engine.getSupportedProtocols()))
);
ciphers = Collections.unmodifiableSet(
- new HashSet<String>(Arrays.asList(engine.getSupportedCipherSuites()))
+ new HashSet<>(Arrays.asList(engine.getSupportedCipherSuites()))
);
}
=====================================
tomcatjss.spec
=====================================
@@ -9,9 +9,9 @@ BuildArch: noarch
# For development (i.e. unsupported) releases, use x.y.z-0.n.<phase>.
# For official (i.e. supported) releases, use x.y.z-r where r >=1.
-Version: 7.7.0
-Release: 0.1.alpha1%{?_timestamp}%{?_commit_id}%{?dist}
-%global _phase -alpha1
+Version: 8.0.0
+Release: 1%{?_timestamp}%{?_commit_id}%{?dist}
+#global _phase -alpha1
# To generate the source tarball:
# $ git clone https://github.com/dogtagpki/tomcatjss.git
@@ -34,15 +34,9 @@ Source: https://github.com/dogtagpki/tomcatjss/archive/v%{version}%{?_
# Java
################################################################################
-%if 0%{?fedora} && 0%{?fedora} <= 32 || 0%{?rhel} && 0%{?rhel} <= 8
-%define java_devel java-1.8.0-openjdk-devel
-%define java_headless java-1.8.0-openjdk-headless
-%define java_home /usr/lib/jvm/jre-1.8.0-openjdk
-%else
%define java_devel java-11-openjdk-devel
%define java_headless java-11-openjdk-headless
%define java_home /usr/lib/jvm/jre-11-openjdk
-%endif
################################################################################
# Build Dependencies
@@ -63,7 +57,7 @@ BuildRequires: slf4j
BuildRequires: slf4j-jdk14
# JSS
-BuildRequires: jss >= 4.8.0
+BuildRequires: jss >= 5.0.0
# Tomcat
%if 0%{?rhel} && ! 0%{?eln}
@@ -86,7 +80,7 @@ Requires: slf4j
Requires: slf4j-jdk14
# JSS
-Requires: jss >= 4.8.0
+Requires: jss >= 5.0.0
# Tomcat
%if 0%{?rhel} && ! 0%{?eln}
@@ -127,6 +121,7 @@ app_server=tomcat-$tomcat_version
ant -f build.xml \
-Dversion=%{version} \
-Dsrc.dir=$app_server \
+ -Ddist.dir=%{_vpath_builddir} \
-Djnidir=%{_jnidir} \
-Dinstall.doc.dir=%{buildroot}%{_docdir}/%{name} \
-Dinstall.jar.dir=%{buildroot}%{_javadir} \
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/587c7a58d8ae965e3933d41b5ee2b01e8df9d0ef...dd21d767135e79ba9d583ecccd25bf9012cac6d7
--
View it on GitLab: https://salsa.debian.org/freeipa-team/tomcatjss/-/compare/587c7a58d8ae965e3933d41b5ee2b01e8df9d0ef...dd21d767135e79ba9d583ecccd25bf9012cac6d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20211019/22dfc3ae/attachment-0001.htm>
More information about the Pkg-freeipa-devel
mailing list