[Git][java-team/tomcat9][sysvinit] 34 commits: Permit read and write access to /var/lib/solr and create /var/lib/solr in case

Fri Jun 21 19:37:01 BST 2019


mirabilos pushed to branch sysvinit at Debian Java Maintainers / tomcat9


Commits:
fc31e79f by Markus Koschany at 2019-03-01T12:27:40Z
Permit read and write access to /var/lib/solr and create /var/lib/solr in case

it does not exist.

Closes: #919638

- - - - -
0f414d52 by Markus Koschany at 2019-03-01T12:28:46Z
Update changelog

- - - - -
df04f9fc by Markus Koschany at 2019-03-03T15:46:29Z
Revert "Permit read and write access to /var/lib/solr and create /var/lib/solr in case"

This reverts commit fc31e79f1c5f94cfcef0c75c3133654edf00a28e.

- - - - -
c4649eef by Markus Koschany at 2019-03-03T15:46:38Z
Revert "Update changelog"

This reverts commit 0f414d5229d8972dd6ce952af5402694c85dfc76.

- - - - -
0c85dd7f by mirabilos at 2019-03-28T16:11:13Z
add (commented-out) non-systemd logging configuration example

(from upstream, cf. commit ef2a6bf92e048d1cbf487e5bad4a5b0564e51af9)

- - - - -
131e4053 by mirabilos at 2019-03-28T16:13:44Z
make installable without systemd: add back adduser support

- - - - -
9ab8b8ac by mirabilos at 2019-03-28T16:28:47Z
document the missing hardening when not using systemd

- - - - -
7d1a0849 by mirabilos at 2019-03-28T17:08:16Z
lintian insists on oversea spelling here

- - - - -
b10968e0 by mirabilos at 2019-03-28T17:21:41Z
update lintian overrides for adduser as an OR’d dependency

- - - - -
93536ef6 by mirabilos at 2019-04-01T13:05:00Z
first cut at sysvinit script, wrapping the systemd script

- - - - -
964dd598 by mirabilos at 2019-04-01T13:06:22Z
make sourced scriptlet not executable (makes no sense anyway)

- - - - -
f7c0eaa8 by mirabilos at 2019-04-01T13:07:50Z
unbreak $SECURITY_MANAGER (which $TOMCAT_SECURITY was renamed to)

- - - - -
3bdb691d by mirabilos at 2019-04-01T13:42:13Z
small fixes in the init script

- - - - -
325b37d5 by mirabilos at 2019-04-01T14:25:09Z
drop -XX:+UseG1GC from standard JAVA_OPTS (Closes: #925928)

rationale: the JRE chooses a suitable GC automatically anyway,
and some VMs (notably Zero) don’t support this flag and then
refuse to start; but  suggest Java 8 users to add it back,
from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925928#22

- - - - -
bb8ea718 by mirabilos at 2019-04-01T14:28:11Z
fix /var/log/tomcat9 to belong to group adm, chmod 2750 (Closes: #925929)

rationale: Debian commonplace allows users in the group adm
to read logs

also add missing RequiresMountsFor for systemd; related fixes
From: Felipe Sateler <fsateler at debian.org>

- - - - -
7463f744 by mirabilos at 2019-04-01T15:16:29Z
prepare for upload

- - - - -
036902fe by mirabilos at 2019-04-02T14:43:40Z
extract system user (and group) creation into a separate script,
which I’ll gladly maintain, to reduce postinst complexity

- - - - -
c8966d77 by mirabilos at 2019-04-02T14:55:22Z
remove now no longer necessary lintian override

This reverts commit b10968e0e31a9187e238de7794f03130125395ba.

- - - - -
253f2735 by mirabilos at 2019-04-02T20:50:54Z
do not add the comment; requested by ebourg

- - - - -
ca0f08fc by mirabilos at 2019-04-02T20:54:21Z
Revert "extract system user … creation into a separate script":

In the discussion around it, ebourg indicated that he prefers
the inline code over a separate script, if it needs to be present
at all (which IMHO is necessary).

I kept the “do nothing if the user exists” check first, though;
there’s no need to try to create it over and over on every upgrade.

This reverts commit 036902fe40f2f3b1fa4ff1c9457b2f3bc5193caa
and c8966d77392d6eb929cebaa854d5f2c25a456f31.

- - - - -
7ca37924 by mirabilos at 2019-06-21T16:03:22Z
Restore tip of “master” from April 2019

https://salsa.debian.org/java-team/tomcat9/commit/ca0f08fc57c5617268815752f3d206a5b9358a0b
but gitlab does not allow fetching by commit id; even a --mirror
clone lacks this object, but downloading from the webinterface yields
tomcat9-ca0f08fc57c5617268815752f3d206a5b9358a0b.tar.gz which this is

- - - - -
6826ceb3 by Emmanuel Bourg at 2019-06-21T16:15:49Z
Fixed CVE-2019-0221: XSS in SSI printenv (Closes: #929895)

(cherry picked from commit ca79dadc717b87cf9539923f03055cce3485ffa6)

- - - - -
12b7de8d by Emmanuel Bourg at 2019-06-21T16:16:18Z
Upload to unstable

(cherry picked from commit 805338f6448639cd46827b0bf502b7c87c91ece0)

- - - - -
04ee8f52 by mirabilos at 2019-06-21T16:18:22Z
align the changelog a bit more with the origin/sysvinit branch
ebourg created while breaking history with his force push

- - - - -
cacb6ae3 by Christian Hänsel at 2019-06-21T16:19:47Z
Restored the variable expansion in /etc/default/tomcat9 (Closes: #926319)

(cherry picked from commit a40b411ac31ca6200bd26f209eeeaf1262a218d8)

- - - - -
2e992e3c by mirabilos at 2019-06-21T16:20:44Z
more changelog merging

- - - - -
3fbab5be by mirabilos at 2019-06-21T16:21:15Z
changelog up to and including 9.0.16-4 identical to master

- - - - -
9307abde by mirabilos at 2019-06-21T16:25:37Z
align with file in master branch (only comment and whitespace changes)

- - - - -
8aee1834 by mirabilos at 2019-06-21T16:26:14Z
add missing dir to RequiresMountsFor

missed from https://salsa.debian.org/java-team/tomcat9/commit/bb8ea7183ca394d43b61ac4c6a20abd7dbffaadd

- - - - -
f92f2a0d by mirabilos at 2019-06-21T16:26:33Z
Merge branch 'master' into sysvinit

- - - - -
f8f0a5f0 by mirabilos at 2019-06-21T16:27:11Z
this was actually reverted in
https://salsa.debian.org/java-team/tomcat9/commit/ca0f08fc57c5617268815752f3d206a5b9358a0b

- - - - -
48bb03f6 by mirabilos at 2019-06-21T16:27:31Z
Merge branch 'sysvinit' into mirabilos

(they’ve been made content-identical beforehand)

- - - - -
c36c23fb by mirabilos at 2019-06-21T16:39:11Z
review after history rewrite reconstruction

• do not read /etc/default/tomcat9 twice; it is already read in
  the init script itself in the sysvinit case, so add an exclusion
  mechanism so that the execution flow point where it’s read in
  the systemd case skips doing that

Also upload to experimental, both so that it doesn’t get lost
again, and to get wider testing and make it available.

- - - - -
6c2e92d2 by mirabilos at 2019-06-21T16:49:33Z
Merge commit ca0f08fc57c5617268815752f3d206a5b9358a0b into sysvinit:

turns out that Gitlab/Salsa d̲o̲e̲s̲ allow you to tag a commit that
has been deleted by force-pushing, then retrieve it… but only
if you tag via the web interface…

… no matter, this is identical (7ca37924..ca0f08fc has no diff)
so we’re fine.

- - - - -


4 changed files:

- debian/changelog
- debian/libexec/tomcat-start.sh
- debian/tomcat9.init
- debian/tomcat9.service


Changes:

=====================================
debian/changelog
=====================================
@@ -1,14 +1,15 @@
-tomcat9 (9.0.16-5) UNRELEASED; urgency=medium
+tomcat9 (9.0.16-5) experimental; urgency=low
 
   * Team upload.
+  * Upload to experimental to get wider testing and availability
   * debian/logging.properties: Add commented-out non-systemd configuration
   * Make tomcat9 installable without systemd:
     - Readd logic to create the system user via adduser
     - Add sysvinit script, for init independence (Closes: #925473)
   * debian/README.Debian: Document non-systemd risks
-  * Reduce postinst complexity: extract user creation into separate script
+  * Do not read /etc/default/tomcat9 twice
 
- -- Thorsten Glaser <tg at mirbsd.de>  Tue, 02 Apr 2019 22:54:17 +0200
+ -- Thorsten Glaser <tg at mirbsd.de>  Fri, 21 Jun 2019 18:38:08 +0200
 
 tomcat9 (9.0.16-4) unstable; urgency=medium
 


=====================================
debian/libexec/tomcat-start.sh
=====================================
@@ -6,7 +6,7 @@
 set -e
 
 # Load the service settings
-. /etc/default/tomcat9
+test x"${TOMCAT9_DEFAULTS_FILE_READ-}" = x"1" || . /etc/default/tomcat9
 
 # Find the Java runtime and set JAVA_HOME
 . /usr/libexec/tomcat9/tomcat-locate-java.sh


=====================================
debian/tomcat9.init
=====================================
@@ -59,6 +59,7 @@ UMASK=022
 export UMASK
 # read options
 test -r /etc/default/tomcat9 && . /etc/default/tomcat9
+TOMCAT9_DEFAULTS_FILE_READ=1; export TOMCAT9_DEFAULTS_FILE_READ
 
 # ensure the temporary directory exist and change to it
 rm -rf "$CATALINA_TMPDIR"


=====================================
debian/tomcat9.service
=====================================
@@ -37,7 +37,7 @@ ProtectSystem=strict
 ReadWritePaths=/etc/tomcat9/Catalina/
 ReadWritePaths=/var/lib/tomcat9/webapps/
 ReadWritePaths=/var/log/tomcat9/
-RequiresMountsFor=/var/log/tomcat9
+RequiresMountsFor=/var/log/tomcat9 /var/lib/tomcat9
 
 [Install]
 WantedBy=multi-user.target



View it on GitLab: https://salsa.debian.org/java-team/tomcat9/compare/12cff39b3b20f10a3095885172ec4628e01192ee...6c2e92d24eb60ceb7d9903357a6e496047dc29bf

-- 
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/compare/12cff39b3b20f10a3095885172ec4628e01192ee...6c2e92d24eb60ceb7d9903357a6e496047dc29bf
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20190621/546451a9/attachment.html>
