[Git][java-team/tomcat9][master] 3 commits: drop -XX:+UseG1GC from standard JAVA_OPTS (Closes: #925928)

mirabilos gitlab at salsa.debian.org
Mon Apr 1 17:56:40 BST 2019 


mirabilos pushed to branch master at Debian Java Maintainers / tomcat9


Commits:
325b37d5 by mirabilos at 2019-04-01T14:25:09Z
drop -XX:+UseG1GC from standard JAVA_OPTS (Closes: #925928)

rationale: the JRE chooses a suitable GC automatically anyway,
and some VMs (notably Zero) don’t support this flag and then
refuse to start; but  suggest Java 8 users to add it back,
from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925928#22

- - - - -
bb8ea718 by mirabilos at 2019-04-01T14:28:11Z
fix /var/log/tomcat9 to belong to group adm, chmod 2750 (Closes: #925929)

rationale: Debian commonplace allows users in the group adm
to read logs

also add missing RequiresMountsFor for systemd; related fixes
From: Felipe Sateler <fsateler at debian.org>

- - - - -
7463f744 by mirabilos at 2019-04-01T15:16:29Z
prepare for upload

- - - - -


6 changed files:

- debian/changelog
- debian/default.template
- debian/setenv.sh
- debian/tomcat9.postinst
- debian/tomcat9.service
- + debian/tomcat9.tmpfile


Changes:

=====================================
debian/changelog
=====================================
@@ -1,4 +1,4 @@
-tomcat9 (9.0.16-4) UNRELEASED; urgency=medium
+tomcat9 (9.0.16-4) unstable; urgency=medium
 
   * Team upload.
   * debian/logging.properties: Add commented-out non-systemd configuration
@@ -9,8 +9,12 @@ tomcat9 (9.0.16-4) UNRELEASED; urgency=medium
   * debian/libexec/tomcat-locate-java.sh: Remove shebang and make
     not executable as this is only ever sourced (makes no sense otherwise)
   * Make the systemd startup script honour the (renamed) $SECURITY_MANAGER
+  * Remove -XX:+UseG1GC from standard JAVA_OPTS; the JRE chooses
+    a suitable GC automatically anyway (Closes: #925928)
+  * Correct the ownership and permissions on the log directory:
+    group adm and setgid (Closes: #925929)
 
- -- Thorsten Glaser <tg at mirbsd.de>  Mon, 01 Apr 2019 15:42:02 +0200
+ -- Thorsten Glaser <tg at mirbsd.de>  Mon, 01 Apr 2019 17:16:06 +0200
 
 tomcat9 (9.0.16-3) unstable; urgency=medium
 


=====================================
debian/default.template
=====================================
@@ -3,9 +3,10 @@
 # OpenJDK and the Oracle JDK are tried.
 #JAVA_HOME=/usr/lib/jvm/java-8-openjdk
 
-# You may pass JVM startup parameters to Java here. If unset, the default
-# options will be: -Djava.awt.headless=true -XX:+UseG1GC
-JAVA_OPTS="-Djava.awt.headless=true -XX:+UseG1GC"
+# You may pass JVM startup parameters to Java here. If you run Tomcat with
+# Java 8 instead of 9 or newer, add "-XX:+UseG1GC" to select a suitable GC.
+# If unset, the default options will be: -Djava.awt.headless=true
+JAVA_OPTS="-Djava.awt.headless=true"
 
 # To enable remote debugging uncomment the following line.
 # You will then be able to use a Java debugger on port 8000.


=====================================
debian/setenv.sh
=====================================
@@ -8,5 +8,5 @@ CATALINA_HOME=/usr/share/tomcat9
 
 # Default Java options
 if [ -z "$JAVA_OPTS" ]; then
-	JAVA_OPTS="-Djava.awt.headless=true -XX:+UseG1GC"
+	JAVA_OPTS="-Djava.awt.headless=true"
 fi


=====================================
debian/tomcat9.postinst
=====================================
@@ -74,8 +74,10 @@ case "$1" in
 	chmod 775 /var/lib/tomcat9/webapps
 
 	# Grant read/write access to tomcat to the log and cache directories
-	chown -Rh $TOMCAT_USER:$TOMCAT_GROUP /var/log/tomcat9/ /var/cache/tomcat9/
-	chmod 750 /var/log/tomcat9/ /var/cache/tomcat9/
+	chown -Rh $TOMCAT_USER:adm /var/log/tomcat9/
+	chmod 2750 /var/log/tomcat9/
+	chown -Rh $TOMCAT_USER:$TOMCAT_GROUP /var/cache/tomcat9/
+	chmod 750 /var/cache/tomcat9/
     ;;
 esac
 


=====================================
debian/tomcat9.service
=====================================
@@ -32,13 +32,13 @@ Group=tomcat
 PrivateTmp=yes
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 NoNewPrivileges=true
-LogsDirectory=tomcat9
-LogsDirectoryMode=750
 CacheDirectory=tomcat9
 CacheDirectoryMode=750
 ProtectSystem=strict
 ReadWritePaths=/etc/tomcat9/Catalina/
 ReadWritePaths=/var/lib/tomcat9/webapps/
+ReadWritePaths=/var/log/tomcat9/
+RequiresMountsFor=/var/log/tomcat9 /var/lib/tomcat9
 
 [Install]
 WantedBy=multi-user.target


=====================================
debian/tomcat9.tmpfile
=====================================
@@ -0,0 +1,3 @@
+# type path mode uid gid age arg(symlink target)
+
+d /var/log/tomcat9 2750 tomcat adm -



View it on GitLab: https://salsa.debian.org/java-team/tomcat9/compare/3bdb691dcbe4b0cc46e28adf6d175ff6c647a94f...7463f744a126301b2d28bc8fe4a322e15c3c73b8

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/compare/3bdb691dcbe4b0cc46e28adf6d175ff6c647a94f...7463f744a126301b2d28bc8fe4a322e15c3c73b8
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20190401/ed68db81/attachment.html>

More information about the pkg-java-commits mailing list