[Git][java-team/tomcat9][master] 5 commits: Revert "Drop tomcat9 server packages because only one Tomcat version is supported per"
Markus Koschany (@apo)
gitlab at salsa.debian.org
Fri May 26 20:09:58 BST 2023
Markus Koschany pushed to branch master at Debian Java Maintainers / tomcat9
Commits:
5f898652 by Markus Koschany at 2023-05-26T15:43:47+02:00
Revert "Drop tomcat9 server packages because only one Tomcat version is supported per"
This reverts commit adbd0b0711de66b67278b10e258c47c805e9b993.
- - - - -
200e87ac by Markus Koschany at 2023-05-26T20:47:35+02:00
Drop all binary packages except of tomcat9-common, tomcat9-user and
libtomcat9-java.
- - - - -
1c731f0e by Markus Koschany at 2023-05-26T20:55:18+02:00
Warn users about tomcat9-user and tomcat9-common.
- - - - -
040096b9 by Markus Koschany at 2023-05-26T20:57:27+02:00
Update changelog
- - - - -
f63cd3d2 by Markus Koschany at 2023-05-26T21:01:38+02:00
Readd debian/logging.properties and debian/tomcat9.postrm.in.
- - - - -
30 changed files:
- debian/changelog
- + debian/context/docs.xml
- + debian/context/examples.xml
- + debian/context/host-manager.xml
- + debian/context/manager.xml
- debian/control
- + debian/default.template
- + debian/default_root/META-INF/context.xml
- + debian/default_root/index.html
- + debian/libexec/tomcat-locate-java.sh
- + debian/libexec/tomcat-start.sh
- + debian/libexec/tomcat-update-policy.sh
- + debian/logging.properties
- + debian/policy/01system.policy
- + debian/policy/02debian.policy
- + debian/policy/03catalina.policy
- + debian/policy/04webapps.policy
- + debian/policy/50local.policy
- + debian/policy/examples/10examples.policy
- + debian/rsyslog/tomcat9.conf
- debian/rules
- + debian/sysusers/tomcat9.conf
- + debian/tomcat9-common.docs
- + debian/tomcat9-common.install
- + debian/tomcat9-common.links
- + debian/tomcat9-instance-create
- + debian/tomcat9-instance-create.1
- + debian/tomcat9-user.install
- + debian/tomcat9-user.manpages
- + debian/tomcat9.postrm.in
Changes:
=====================================
debian/changelog
=====================================
@@ -2,9 +2,11 @@ tomcat9 (9.0.70-2) UNRELEASED; urgency=medium
* Team upload.
* Drop tomcat9 server packages because only one Tomcat version is supported
- per release. (Closes: #1034824)
+ per release. Only retain tomcat9-user, tomcat9-common and libtomcat9-java.
+ Users are strongly encouraged to switch to Tomcat 10 instead.
+ (Closes: #1034824)
- -- Markus Koschany <apo at debian.org> Sat, 13 May 2023 17:58:53 +0200
+ -- Markus Koschany <apo at debian.org> Fri, 26 May 2023 20:57:11 +0200
tomcat9 (9.0.70-1) unstable; urgency=medium
=====================================
debian/context/docs.xml
=====================================
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context path="/docs"
+ docBase="/usr/share/tomcat9-docs/docs"
+ antiResourceLocking="false" />
=====================================
debian/context/examples.xml
=====================================
@@ -0,0 +1,5 @@
+<Context path="/examples"
+ docBase="/usr/share/tomcat9-examples/examples">
+ <!-- Enable symlinks for the jars linked from /usr/share/java -->
+ <Resources allowLinking="true"/>
+</Context>
=====================================
debian/context/host-manager.xml
=====================================
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context path="/host-manager"
+ docBase="/usr/share/tomcat9-admin/host-manager"
+ antiResourceLocking="false" privileged="true" />
=====================================
debian/context/manager.xml
=====================================
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<Context path="/manager"
+ docBase="/usr/share/tomcat9-admin/manager"
+ antiResourceLocking="false" privileged="true" />
=====================================
debian/control
=====================================
@@ -29,9 +29,54 @@ Vcs-Git: https://salsa.debian.org/java-team/tomcat9.git
Vcs-Browser: https://salsa.debian.org/java-team/tomcat9
Homepage: http://tomcat.apache.org
+Package: tomcat9-common
+Architecture: all
+Depends:
+ default-jre-headless | java11-runtime-headless | java11-runtime,
+ libtomcat9-java (>= ${source:Version}),
+ ${misc:Depends}
+Description: Apache Tomcat 9 - Servlet and JSP engine -- common files
+ Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
+ specifications from Oracle, and provides a "pure Java" HTTP web
+ server environment for Java code to run.
+ .
+ This package contains common files needed by the tomcat9-user package (Tomcat
+ 9 scripts and libraries).
+ .
+ WARNING: DO NOT USE FOR PRODUCTION PURPOSES. THIS PACKAGE DOES NOT RECEIVE ANY
+ SECURITY SUPPORT.
+ .
+ Users are advised to switch to tomcat10-common instead.
+
+Package: tomcat9-user
+Architecture: all
+Depends:
+ netcat-openbsd,
+ tomcat9-common (>= ${source:Version}),
+ ${misc:Depends}
+Suggests:
+ tomcat9 (>= ${source:Version}),
+ tomcat9-admin (>= ${source:Version}),
+ tomcat9-docs (>= ${source:Version}),
+ tomcat9-examples (>= ${source:Version})
+Description: Apache Tomcat 9 - Servlet and JSP engine -- tools to create user instances
+ Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
+ specifications from Oracle, and provides a "pure Java" HTTP web
+ server environment for Java code to run.
+ .
+ This package contains files needed to create a user Tomcat instance.
+ This user Tomcat instance can be started and stopped using the scripts
+ provided in the Tomcat instance directory.
+ .
+ WARNING: DO NOT USE FOR PRODUCTION PURPOSES. THIS PACKAGE DOES NOT RECEIVE ANY
+ SECURITY SUPPORT.
+ .
+ Users are advised to switch to tomcat10-user instead.
+
Package: libtomcat9-java
Architecture: all
Depends: libeclipse-jdt-core-java (>= 3.26.0), ${misc:Depends}
+Suggests: tomcat9 (>= ${source:Version})
Description: Apache Tomcat 9 - Servlet and JSP engine -- core libraries
Apache Tomcat implements the Java Servlet and the JavaServer Pages (JSP)
specifications from Oracle, and provides a "pure Java" HTTP web
@@ -40,3 +85,4 @@ Description: Apache Tomcat 9 - Servlet and JSP engine -- core libraries
This package contains the Tomcat core classes which can be used by other
Java applications to embed Tomcat.
+
=====================================
debian/default.template
=====================================
@@ -0,0 +1,23 @@
+# The home directory of the Java development kit (JDK). You need at least
+# JDK version 8. If JAVA_HOME is not set, some common directories for
+# OpenJDK and the Oracle JDK are tried.
+#JAVA_HOME=/usr/lib/jvm/java-8-openjdk
+
+# You may pass JVM startup parameters to Java here. If you run Tomcat with
+# Java 8 instead of 9 or newer, add "-XX:+UseG1GC" to select a suitable GC.
+# If unset, the default options will be: -Djava.awt.headless=true
+JAVA_OPTS="-Djava.awt.headless=true"
+
+# To enable remote debugging uncomment the following line.
+# You will then be able to use a Java debugger on port 8000.
+#JAVA_OPTS="${JAVA_OPTS} -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n"
+
+# Java compiler to use for translating JavaServer Pages (JSPs). You can use all
+# compilers that are accepted by Ant's build.compiler property.
+#JSP_COMPILER=javac
+
+# Enable the Java security manager? (true/false, default: false)
+#SECURITY_MANAGER=true
+
+# Whether to compress logfiles older than today's
+#LOGFILE_COMPRESS=1
=====================================
debian/default_root/META-INF/context.xml
=====================================
@@ -0,0 +1,2 @@
+<Context path=""
+ antiResourceLocking="false" />
=====================================
debian/default_root/index.html
=====================================
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+ <title>Apache Tomcat</title>
+</head>
+
+<body>
+<h1>It works !</h1>
+
+<p>If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p>
+
+<p>This is the default Tomcat home page. It can be found on the local filesystem at: <code>/var/lib/tomcat9/webapps/ROOT/index.html</code></p>
+
+<p>Tomcat veterans might be pleased to learn that this system instance of Tomcat is installed with <code>CATALINA_HOME</code> in <code>/usr/share/tomcat9</code> and <code>CATALINA_BASE</code> in <code>/var/lib/tomcat9</code>, following the rules from <code>/usr/share/doc/tomcat9-common/RUNNING.txt.gz</code>.</p>
+
+<p>You might consider installing the following packages, if you haven't already done so:</p>
+
+<p><b>tomcat9-docs</b>: This package installs a web application that allows to browse the Tomcat 9 documentation locally. Once installed, you can access it by clicking <a href="docs/">here</a>.</p>
+
+<p><b>tomcat9-examples</b>: This package installs a web application that allows to access the Tomcat 9 Servlet and JSP examples. Once installed, you can access it by clicking <a href="examples/">here</a>.</p>
+
+<p><b>tomcat9-admin</b>: This package installs two web applications that can help managing this Tomcat instance. Once installed, you can access the <a href="manager/html">manager webapp</a> and the <a href="host-manager/html">host-manager webapp</a>.</p>
+
+<p>NOTE: For security reasons, using the manager webapp is restricted to users with role "manager-gui". The host-manager webapp is restricted to users with role "admin-gui". Users are defined in <code>/etc/tomcat9/tomcat-users.xml</code>.</p>
+
+</body>
+</html>
=====================================
debian/libexec/tomcat-locate-java.sh
=====================================
@@ -0,0 +1,50 @@
+#
+# Script looking for a Java runtime suitable for running Tomcat
+#
+# The script looks for the default JRE/JDK, OpenJDK and Oracle JDK
+# as packaged by java-package. The Java runtime found is exported
+# in the JAVA_HOME environment variable.
+#
+
+set -e
+
+# Find the Java runtime if JAVA_HOME isn't already defined
+if [ -z "$JAVA_HOME" ]; then
+ # This function sets the variable JDK_DIRS
+ find_jdks()
+ {
+ for java_version in 21 20 19 17 11 8
+ do
+ for jvmdir in /usr/lib/jvm/java-${java_version}-openjdk-* \
+ /usr/lib/jvm/jdk-${java_version}-oracle-* \
+ /usr/lib/jvm/jre-${java_version}-oracle-* \
+ /usr/lib/jvm/java-${java_version}-oracle \
+ /usr/lib/jvm/oracle-java${java_version}-jdk-* \
+ /usr/lib/jvm/oracle-java${java_version}-jre-*
+ do
+ if [ -d "${jvmdir}" ]
+ then
+ JDK_DIRS="${JDK_DIRS} ${jvmdir}"
+ fi
+ done
+ done
+ }
+
+ # The first existing directory is used for JAVA_HOME
+ JDK_DIRS="/usr/lib/jvm/default-java"
+ find_jdks
+
+ # Look for the right JVM to use
+ for jdir in $JDK_DIRS; do
+ if [ -r "$jdir/bin/java" -a -z "${JAVA_HOME}" ]; then
+ JAVA_HOME="$jdir"
+ fi
+ done
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ echo "<2>No JDK or JRE found - Please set the JAVA_HOME variable or install the default-jdk package"
+ exit 1
+fi
+
+export JAVA_HOME
=====================================
debian/libexec/tomcat-start.sh
=====================================
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# Startup script for Apache Tomcat with systemd
+#
+
+set -e
+
+# Load the service settings
+. /etc/default/tomcat9
+
+# Find the Java runtime and set JAVA_HOME
+. /usr/libexec/tomcat9/tomcat-locate-java.sh
+
+# Set the JSP compiler if configured in the /etc/default/tomcat9 file
+[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
+
+export JAVA_OPTS
+
+# Enable the Java security manager?
+SECURITY=""
+[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security"
+
+
+# Start Tomcat
+cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY
=====================================
debian/libexec/tomcat-update-policy.sh
=====================================
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Script regenerating the catalina.policy file from the collection
+# of files in /etc/tomcat9/policy.d/
+#
+# This script is run as root by systemd before starting Tomcat.
+#
+
+set -e
+
+if [ ! -d "$CATALINA_BASE/conf" ]; then
+ echo "<2>Invalid CATALINA_BASE, configuration files not found: $CATALINA_BASE"
+ exit 1
+fi
+
+# Regenerate the catalina.policy file
+POLICY_CACHE="$CATALINA_BASE/policy/catalina.policy"
+umask 022
+rm -rf "$CATALINA_BASE/policy"
+mkdir "$CATALINA_BASE/policy"
+echo "// AUTO-GENERATED FILE from /etc/tomcat9/policy.d/" > "$POLICY_CACHE"
+echo "" >> "$POLICY_CACHE"
+cat $CATALINA_BASE/conf/policy.d/*.policy >> "$POLICY_CACHE"
=====================================
debian/logging.properties
=====================================
@@ -0,0 +1,58 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
+
+.handlers = 1catalina.org.apache.juli.AsyncFileHandler, java.util.logging.ConsoleHandler
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+1catalina.org.apache.juli.AsyncFileHandler.level = FINE
+1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
+1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina.
+1catalina.org.apache.juli.AsyncFileHandler.maxDays = 90
+
+2localhost.org.apache.juli.AsyncFileHandler.level = FINE
+2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
+2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
+2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90
+
+java.util.logging.ConsoleHandler.level = FINE
+java.util.logging.ConsoleHandler.formatter = org.apache.juli.SystemdFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
+org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.AsyncFileHandler
+
+# For example, set the org.apache.catalina.util.LifecycleBase logger to log
+# each component that extends LifecycleBase changing state:
+#org.apache.catalina.util.LifecycleBase.level = FINE
+
+# To see debug messages in TldLocationsCache, uncomment the following line:
+#org.apache.jasper.compiler.TldLocationsCache.level = FINE
+
+# To see debug messages for HTTP/2 handling, uncomment the following line:
+#org.apache.coyote.http2.level = FINE
+
+# To see debug messages for WebSocket handling, uncomment the following line:
+#org.apache.tomcat.websocket.level = FINE
=====================================
debian/policy/01system.policy
=====================================
@@ -0,0 +1,51 @@
+// Licensed to the Apache Software Foundation (ASF) under one or more
+// contributor license agreements. See the NOTICE file distributed with
+// this work for additional information regarding copyright ownership.
+// The ASF licenses this file to You under the Apache License, Version 2.0
+// (the "License"); you may not use this file except in compliance with
+// the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// ============================================================================
+// catalina.policy - Security Policy Permissions for Tomcat
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option. In addition
+// to the permissions granted here, the following additional permissions are
+// granted to each web application:
+//
+// * Read access to the web application's document root directory
+// * Read, write and delete access to the web application's working directory
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+ permission java.security.AllPermission;
+};
=====================================
debian/policy/02debian.policy
=====================================
@@ -0,0 +1,10 @@
+// These permissions apply to all JARs from Debian packages
+grant codeBase "file:/usr/share/java/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/maven-repo/-" {
+ permission java.security.AllPermission;
+};
+grant codeBase "file:/usr/share/ant/lib/-" {
+ permission java.security.AllPermission;
+};
=====================================
debian/policy/03catalina.policy
=====================================
@@ -0,0 +1,67 @@
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to the logging API
+// Note: If tomcat-juli.jar is in ${catalina.base} and not in ${catalina.home},
+// update this section accordingly.
+// grant codeBase "file:${catalina.base}/bin/tomcat-juli.jar" {..}
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+ permission java.io.FilePermission
+ "${java.home}${file.separator}lib${file.separator}logging.properties", "read";
+
+ permission java.io.FilePermission
+ "${catalina.base}${file.separator}conf${file.separator}logging.properties", "read";
+ permission java.io.FilePermission
+ "${catalina.base}${file.separator}logs", "read, write";
+ permission java.io.FilePermission
+ "${catalina.base}${file.separator}logs${file.separator}*", "read, write, delete";
+
+ permission java.lang.RuntimePermission "shutdownHooks";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "setContextClassLoader";
+
+ permission java.lang.management.ManagementPermission "monitor";
+
+ permission java.util.logging.LoggingPermission "control";
+
+ permission java.util.PropertyPermission "java.util.logging.config.class", "read";
+ permission java.util.PropertyPermission "java.util.logging.config.file", "read";
+ permission java.util.PropertyPermission "org.apache.juli.AsyncLoggerPollInterval", "read";
+ permission java.util.PropertyPermission "org.apache.juli.AsyncMaxRecordCount", "read";
+ permission java.util.PropertyPermission "org.apache.juli.AsyncOverflowDropType", "read";
+ permission java.util.PropertyPermission "org.apache.juli.ClassLoaderLogManager.debug", "read";
+ permission java.util.PropertyPermission "catalina.base", "read";
+
+ // Note: To enable per context logging configuration, permit read access to
+ // the appropriate file. Be sure that the logging configuration is
+ // secure before enabling such access.
+ // E.g. for the examples web application (uncomment and unwrap
+ // the following to be on a single line):
+ // permission java.io.FilePermission "${catalina.base}${file.separator}
+ // webapps${file.separator}examples${file.separator}WEB-INF
+ // ${file.separator}classes${file.separator}logging.properties", "read";
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+ permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
+ permission java.security.AllPermission;
+};
+
+
+// If using a per instance lib directory, i.e. ${catalina.base}/lib,
+// then the following permission will need to be uncommented
+// grant codeBase "file:${catalina.base}/lib/-" {
+// permission java.security.AllPermission;
+// };
=====================================
debian/policy/04webapps.policy
=====================================
@@ -0,0 +1,94 @@
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// for all files and directories in its document root.
+grant {
+ // Required for JNDI lookup of named JDBC DataSource's and
+ // javamail named MimePart DataSource used to send mail
+ permission java.util.PropertyPermission "java.home", "read";
+ permission java.util.PropertyPermission "java.naming.*", "read";
+ permission java.util.PropertyPermission "javax.sql.*", "read";
+
+ // OS Specific properties to allow read access
+ permission java.util.PropertyPermission "os.name", "read";
+ permission java.util.PropertyPermission "os.version", "read";
+ permission java.util.PropertyPermission "os.arch", "read";
+ permission java.util.PropertyPermission "file.separator", "read";
+ permission java.util.PropertyPermission "path.separator", "read";
+ permission java.util.PropertyPermission "line.separator", "read";
+
+ // JVM properties to allow read access
+ permission java.util.PropertyPermission "java.version", "read";
+ permission java.util.PropertyPermission "java.vendor", "read";
+ permission java.util.PropertyPermission "java.vendor.url", "read";
+ permission java.util.PropertyPermission "java.class.version", "read";
+ permission java.util.PropertyPermission "java.specification.version", "read";
+ permission java.util.PropertyPermission "java.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.specification.name", "read";
+
+ permission java.util.PropertyPermission "java.vm.specification.version", "read";
+ permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.specification.name", "read";
+ permission java.util.PropertyPermission "java.vm.version", "read";
+ permission java.util.PropertyPermission "java.vm.vendor", "read";
+ permission java.util.PropertyPermission "java.vm.name", "read";
+
+ // Required for OpenJMX
+ permission java.lang.RuntimePermission "getAttribute";
+
+ // Allow read of JAXP compliant XML parser debug
+ permission java.util.PropertyPermission "jaxp.debug", "read";
+
+ // All JSPs need to be able to read this package
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";
+
+ // Precompiled JSPs need access to these packages.
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.el";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+ permission java.lang.RuntimePermission
+ "accessClassInPackage.org.apache.jasper.runtime.*";
+
+ // Applications using WebSocket need to be able to access these packages
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.websocket.server";
+};
+
+
+// The Manager application needs access to the following packages to support the
+// session display functionality. It also requires the custom Tomcat
+// DeployXmlPermission to enable the use of META-INF/context.xml
+// These settings support the following configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Manager in CATALINA_HOME
+grant codeBase "file:${catalina.base}/../tomcat9-admin/manager/-" {
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+ permission org.apache.catalina.security.DeployXmlPermission "manager";
+};
+grant codeBase "file:${catalina.home}/../tomcat9-admin/manager/-" {
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.ha.session";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.manager.util";
+ permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.util";
+ permission org.apache.catalina.security.DeployXmlPermission "manager";
+};
+
+// The Host Manager application needs the custom Tomcat DeployXmlPermission to
+// enable the use of META-INF/context.xml
+// These settings support the following configurations:
+// - default CATALINA_HOME == CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, per instance Host Manager in CATALINA_BASE
+// - CATALINA_HOME != CATALINA_BASE, shared Host Manager in CATALINA_HOME
+grant codeBase "file:${catalina.base}/../tomcat9-admin/host-manager/-" {
+ permission org.apache.catalina.security.DeployXmlPermission "host-manager";
+};
+grant codeBase "file:${catalina.home}/../tomcat9-admin/host-manager/-" {
+ permission org.apache.catalina.security.DeployXmlPermission "host-manager";
+};
=====================================
debian/policy/50local.policy
=====================================
@@ -0,0 +1,42 @@
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server. You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.base}/webapps/examples/-" {
+// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.base}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+// permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.base}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+// permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+
+// To grant permissions for web applications using packed WAR files, use the
+// Tomcat specific WAR url scheme.
+//
+// The permissions granted to the entire web application
+// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/-" {
+// };
+//
+// The permissions granted to a specific JAR
+// grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
+// };
=====================================
debian/policy/examples/10examples.policy
=====================================
@@ -0,0 +1,3 @@
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+ permission java.io.FilePermission "/usr/share/tomcat9-examples/examples/WEB-INF/classes/logging.properties", "read";
+};
=====================================
debian/rsyslog/tomcat9.conf
=====================================
@@ -0,0 +1,7 @@
+# Send Tomcat messages to catalina.out when using systemd
+$template TomcatFormat,"[%timegenerated:::date-year%-%timegenerated:::date-month%-%timegenerated:::date-day% %timegenerated:::date-hour%:%timegenerated:::date-minute%:%timegenerated:::date-second%] [%syslogseverity-text%]%msg%\n"
+
+:programname, startswith, "tomcat9" {
+ action(type="omfile" file="/var/log/tomcat9/catalina.out" Template="TomcatFormat" fileOwner="tomcat" fileCreateMode="0640")
+ stop
+}
=====================================
debian/rules
=====================================
@@ -26,3 +26,7 @@ endif
override_dh_install-indep:
dh_install -i --exclude=.bat --exclude=Thumbs.db
+ # update the checksum for the root webapp
+ unset rwmd5sum \
+ && rwmd5sum=`cat debian/default_root/index.html debian/default_root/META-INF/context.xml | md5sum - 2>/dev/null | cut -d " " -f1` \
+ && sed "s/\@ROOT_WEBAPP_MD5SUM\@/$$rwmd5sum/" debian/tomcat9.postrm.in > debian/tomcat9.postrm
=====================================
debian/sysusers/tomcat9.conf
=====================================
@@ -0,0 +1,7 @@
+#
+# sysusers.d snippet for creating the tomcat user automatically
+# at install time. See sysusers.d(5) for details.
+#
+
+#Type Name ID GECOS Home directory Shell
+u tomcat - "Apache Tomcat" /var/lib/tomcat /usr/sbin/nologin
=====================================
debian/tomcat9-common.docs
=====================================
@@ -0,0 +1,2 @@
+RELEASE-NOTES
+RUNNING.txt
=====================================
debian/tomcat9-common.install
=====================================
@@ -0,0 +1,4 @@
+output/build/bin/bootstrap.jar /usr/share/tomcat9/bin/
+bin/* /usr/share/tomcat9/bin/
+
+debian/libexec/tomcat-locate-java.sh /usr/libexec/tomcat9/
=====================================
debian/tomcat9-common.links
=====================================
@@ -0,0 +1,26 @@
+/usr/share/java/tomcat9-annotations-api.jar /usr/share/tomcat9/lib/annotations-api.jar
+/usr/share/java/tomcat9-api.jar /usr/share/tomcat9/lib/tomcat-api.jar
+/usr/share/java/tomcat9-catalina.jar /usr/share/tomcat9/lib/catalina.jar
+/usr/share/java/tomcat9-catalina-ant.jar /usr/share/tomcat9/lib/catalina-ant.jar
+/usr/share/java/tomcat9-catalina-ha.jar /usr/share/tomcat9/lib/catalina-ha.jar
+/usr/share/java/tomcat9-coyote.jar /usr/share/tomcat9/lib/tomcat-coyote.jar
+/usr/share/java/tomcat9-dbcp.jar /usr/share/tomcat9/lib/tomcat-dbcp.jar
+/usr/share/java/tomcat9-el-api.jar /usr/share/tomcat9/lib/el-api.jar
+/usr/share/java/tomcat9-i18n-es.jar /usr/share/tomcat9/lib/tomcat-i18n-es.jar
+/usr/share/java/tomcat9-i18n-fr.jar /usr/share/tomcat9/lib/tomcat-i18n-fr.jar
+/usr/share/java/tomcat9-i18n-ja.jar /usr/share/tomcat9/lib/tomcat-i18n-ja.jar
+/usr/share/java/tomcat9-i18n-ru.jar /usr/share/tomcat9/lib/tomcat-i18n-ru.jar
+/usr/share/java/tomcat9-jasper.jar /usr/share/tomcat9/lib/jasper.jar
+/usr/share/java/tomcat9-jasper-el.jar /usr/share/tomcat9/lib/jasper-el.jar
+/usr/share/java/tomcat9-jaspic-api.jar /usr/share/tomcat9/lib/jaspic-api.jar
+/usr/share/java/tomcat9-jdbc.jar /usr/share/tomcat9/lib/tomcat-jdbc.jar
+/usr/share/java/tomcat9-jni.jar /usr/share/tomcat9/lib/tomcat-jni.jar
+/usr/share/java/tomcat9-jsp-api.jar /usr/share/tomcat9/lib/jsp-api.jar
+/usr/share/java/tomcat9-juli.jar /usr/share/tomcat9/bin/tomcat-juli.jar
+/usr/share/java/tomcat9-servlet-api.jar /usr/share/tomcat9/lib/servlet-api.jar
+/usr/share/java/tomcat9-storeconfig.jar /usr/share/tomcat9/lib/catalina-storeconfig.jar
+/usr/share/java/tomcat9-tribes.jar /usr/share/tomcat9/lib/catalina-tribes.jar
+/usr/share/java/tomcat9-util.jar /usr/share/tomcat9/lib/tomcat-util.jar
+/usr/share/java/tomcat9-util-scan.jar /usr/share/tomcat9/lib/tomcat-util-scan.jar
+/usr/share/java/tomcat9-websocket.jar /usr/share/tomcat9/lib/tomcat-websocket.jar
+/usr/share/java/tomcat9-websocket-api.jar /usr/share/tomcat9/lib/websocket-api.jar
=====================================
debian/tomcat9-instance-create
=====================================
@@ -0,0 +1,139 @@
+#!/bin/sh
+# Script to create a CATALINA_BASE directory for your own tomcat
+
+PROG=`basename $0`
+TARGET=""
+HPORT=8080
+CPORT=8005
+CWORD="SHUTDOWN"
+warned=0
+warnlowport=0
+
+usage() {
+ echo "Usage: $PROG [options] <directoryname>"
+ echo " directoryname: name of the tomcat instance directory to create"
+ echo "Options:"
+ echo " -h, --help Display this help message"
+ echo " -p httpport HTTP port to be used by Tomcat (default is $HPORT)"
+ echo " -c controlport Server shutdown control port (default is $CPORT)"
+ echo " -w magicword Word to send to trigger shutdown (default is $CWORD)"
+}
+
+checkport() {
+ type=$1
+ port=$2
+ # Fail if port is non-numeric
+ num=`expr ${port} + 1 2> /dev/null`
+ if [ $? != 0 ] || [ $num -lt 2 ]; then
+ echo "Error: ${type} port '${port}' is not a valid TCP port number."
+ exit 1
+ fi
+
+ # Fail if port is above 65535
+ if [ ${port} -gt 65535 ]; then
+ echo "Error: ${type} port ${port} is above TCP port numbers (> 65535)."
+ exit 1
+ fi
+
+ # Warn if port is below 1024 (once)
+ if [ ${warnlowport} -eq 0 ]; then
+ if [ ${port} -lt 1024 ]; then
+ echo "Warning: ports below 1024 are reserved to the super-user."
+ warnlowport=1
+ warned=1
+ fi
+ fi
+
+ # Warn if port appears to be in use
+ if nc localhost "${port}" -z > /dev/null; then
+ echo "Warning: ${type} port ${port} appears to be in use."
+ warned=1
+ fi
+}
+
+if [ "$#" -lt 1 ]; then
+ usage
+ exit 1
+fi
+if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+ usage
+ exit 0
+fi
+
+
+
+while getopts ":p:c:w:h" options; do
+ case $options in
+ p ) HPORT=$OPTARG ;;
+ c ) CPORT=$OPTARG ;;
+ w ) CWORD=$OPTARG ;;
+ h ) usage;;
+ * ) echo "Error: Unknown parameter '$OPTARG'."
+ exit 1;;
+ esac
+done
+
+shift $(($OPTIND - 1))
+TARGET=$1
+shift
+echo "You are about to create a Tomcat instance in directory '$TARGET'"
+
+# Fail if no target specified
+if [ -z "${TARGET}" ]; then
+ echo "Error: No target directory specified (use -d)."
+ exit 1
+fi
+
+# Fail if ports are the same
+if [ "${HPORT}" = "${CPORT}" ]; then
+ echo "Error: HTTP port and control port must be different."
+ exit 1
+fi
+
+# Fail if target directory already exists
+if [ -d "${TARGET}" ]; then
+ echo "Error: Target directory already exists."
+ exit 1
+fi
+
+# Check ports
+checkport HTTP "${HPORT}"
+checkport Control "${CPORT}"
+
+# Ask for confirmation if warnings were printed out
+if [ ${warned} -eq 1 ]; then
+ echo "Type <ENTER> to continue, <CTRL-C> to abort."
+ read answer
+fi
+
+mkdir -p "${TARGET}"
+
+FULLTARGET=`cd "${TARGET}" > /dev/null && pwd`
+
+mkdir "${TARGET}/conf"
+mkdir "${TARGET}/logs"
+mkdir "${TARGET}/webapps"
+mkdir "${TARGET}/work"
+mkdir "${TARGET}/temp"
+cp -r /usr/share/tomcat9/skel/* "${TARGET}"
+
+sed -i -e "s/Connector port=\"8080\"/Connector port=\"${HPORT}\"/;s/Server port=\"-1\" shutdown=\"SHUTDOWN\"/Server port=\"${CPORT}\" shutdown=\"${CWORD}\"/" "${TARGET}/conf/server.xml"
+
+cat > "${TARGET}/bin/startup.sh" << EOT
+#!/bin/sh
+export CATALINA_BASE="${FULLTARGET}"
+/usr/share/tomcat9/bin/startup.sh
+echo "Tomcat started"
+EOT
+
+cat > "${TARGET}/bin/shutdown.sh" << EOT
+#!/bin/sh
+export CATALINA_BASE="${FULLTARGET}"
+/usr/share/tomcat9/bin/shutdown.sh
+echo "Tomcat stopped"
+EOT
+
+chmod a+x "${TARGET}/bin/startup.sh" "${TARGET}/bin/shutdown.sh"
+echo "* New Tomcat instance created in ${TARGET}"
+echo "* You might want to edit default configuration in ${TARGET}/conf"
+echo "* Run ${TARGET}/bin/startup.sh to start your Tomcat instance"
=====================================
debian/tomcat9-instance-create.1
=====================================
@@ -0,0 +1,24 @@
+.TH "TOMCAT9-INSTANCE-CREATE" "2" "Feb 2010" "" ""
+.SH "NAME"
+tomcat9\-instance\-create \- creates a Tomcat 9 instance
+.SH "SYNOPSIS"
+.B tomcat9\-instance\-create [\fIOPTIONS\fR] \fIDIRECTORYNAME\fR
+.SH "DESCRIPTION"
+The
+.B tomcat9\-instance\-create
+script creates a directory with all required Tomcat 9 CATALINA_BASE elements so that a separate Tomcat 9 instance with its own configuration, libraries or web applications can be run by a user. bin/startup.sh and bin/shutdown.sh scripts are also generated to allow the instance to be started and stopped.
+.TP
+.B DIRECTORYNAME
+The name of the directory where the instance will be created. It should not exist and will be created automatically.
+.SH "OPTIONS"
+.TP
+.B \-p HTTPPORT
+The TCP port to use for the default HTTP connector in the instance. The default port is 8080.
+.TP
+.B \-c CONTROLPORT
+The TCP port to use for Tomcat shutdown control port. The default port is 8005.
+.TP
+.B \-w MAGICWORD
+The magic word that sent to the control port will trigger the shutdown of the Tomcat instance. The default word is SHUTDOWN.
+.SH "AUTHOR"
+This man page was written by Thierry Carrez <thierry.carrez at ubuntu.com> and is copyright (C) 2008 Canonical Ltd.
=====================================
debian/tomcat9-user.install
=====================================
@@ -0,0 +1,6 @@
+conf/*.xml /usr/share/tomcat9/skel/conf/
+conf/catalina.properties /usr/share/tomcat9/skel/conf/
+conf/catalina.policy /usr/share/tomcat9/skel/policy/
+debian/logging.properties /usr/share/tomcat9/skel/conf/
+debian/setenv.sh /usr/share/tomcat9/skel/bin/
+debian/tomcat9-instance-create /usr/bin/
=====================================
debian/tomcat9-user.manpages
=====================================
@@ -0,0 +1 @@
+debian/tomcat9-instance-create.1
=====================================
debian/tomcat9.postrm.in
=====================================
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# Post removal script for Tomcat
+#
+
+set -e
+
+#DEBHELPER#
+
+CONFFILES="tomcat-users.xml web.xml server.xml logging.properties context.xml catalina.properties jaspic-providers.xml"
+
+case "$1" in
+ remove)
+ # Remove the ROOT webapp if not modified
+ RWLOC="/var/lib/tomcat9/webapps/ROOT"
+ RWFILES="$RWLOC/index.html $RWLOC/META-INF/context.xml"
+ if [ "`(cat $RWFILES | md5sum -) 2>/dev/null | cut -d ' ' -f 1`" \
+ = "@ROOT_WEBAPP_MD5SUM@" ] ; then
+ rm $RWFILES
+ rmdir --ignore-fail-on-non-empty \
+ /var/lib/tomcat9/webapps/ROOT/META-INF \
+ /var/lib/tomcat9/webapps/ROOT \
+ /var/lib/tomcat9/webapps \
+ /var/lib/tomcat9 || true
+ fi
+
+ # Remove CATALINA_BASE/lib if not empty
+ if [ -d /var/lib/tomcat9/lib ] && [ -z "`(find var/lib/tomcat9/lib/classes -type f)`" ] ; then
+ rmdir --ignore-fail-on-non-empty \
+ /var/lib/tomcat9/lib/classes \
+ /var/lib/tomcat9/lib || true
+ fi
+
+ # Remove the cache files (compiled JSP files)
+ if [ -d "/var/cache/tomcat9" ] ; then
+ rm -rf /var/cache/tomcat9
+ fi
+
+ # Remove the auto-generated catalina.policy file
+ if [ -d "/var/lib/tomcat9/policy" ] ; then
+ rm -rf /var/lib/tomcat9/policy
+ fi
+ ;;
+
+ purge)
+ # Ignore errors during purge
+ set +e
+
+ # Remove the configuration files
+ rm -rf /etc/logrotate.d/tomcat9
+ rm -rf /etc/default/tomcat9
+ for conffile in $CONFFILES;
+ do
+ rm -f /etc/tomcat9/$conffile
+ done
+
+ # Unregister the configuration files from ucf
+ if which ucf >/dev/null; then
+ ucf --purge /etc/logrotate.d/tomcat9
+ ucf --purge /etc/default/tomcat9
+ for conffile in $CONFFILES;
+ do
+ ucf --purge /etc/tomcat9/$conffile
+ done
+ fi
+
+ # Remove the log files
+ rm -rf /var/log/tomcat9
+
+ # Remove the temp directory
+ rm -rf /var/lib/tomcat9/temp
+
+ # Remove the CATALINA_BASE directory if empty
+ if [ -d "/var/lib/tomcat9" ] ; then
+ rmdir --ignore-fail-on-non-empty /var/lib/tomcat9
+ fi
+
+ # Remove the configuration directories
+ rmdir --ignore-fail-on-non-empty /etc/tomcat9/policy.d /etc/tomcat9/Catalina/* /etc/tomcat9/Catalina /etc/tomcat9
+
+ set -e
+ ;;
+
+ upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+ # Nothing to do here
+ ;;
+
+ *)
+ echo "$0 called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/6d5c2a5c791044aad212eff17c543f86f3d1eb51...f63cd3d2b9ccbd8956308ff4105b95ab29dd4af9
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/compare/6d5c2a5c791044aad212eff17c543f86f3d1eb51...f63cd3d2b9ccbd8956308ff4105b95ab29dd4af9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230526/4d2830e1/attachment.htm>
More information about the pkg-java-commits
mailing list