[Git][clojure-team/trapperkeeper-webserver-jetty9-clojure][debian/main] 6 commits: New upstream version 4.5.2
Jérôme Charaoui (@lavamind)
gitlab at salsa.debian.org
Sun Feb 18 00:57:32 GMT 2024
Jérôme Charaoui pushed to branch debian/main at Debian Clojure Maintainers / trapperkeeper-webserver-jetty9-clojure
Commits:
433e198b by Jérôme Charaoui at 2024-02-16T23:48:47-05:00
New upstream version 4.5.2
- - - - -
56b1f067 by Jérôme Charaoui at 2024-02-16T23:48:51-05:00
Update upstream source from tag 'upstream/4.5.2'
Update to upstream version '4.5.2'
with Debian dir 337f316f25d496d6b8500c613f5c6dd08d3d6bca
- - - - -
2b7bcfa6 by Jérôme Charaoui at 2024-02-17T08:32:40-05:00
d/patches: refresh patches for new upstream version
- - - - -
5aeebe4d by Jérôme Charaoui at 2024-02-17T08:32:42-05:00
d/patches: fix service test with upstream patch
- - - - -
543c824a by Jérôme Charaoui at 2024-02-17T08:32:42-05:00
d/rules: improve clean target
- - - - -
6e4ad9e5 by Jérôme Charaoui at 2024-02-17T08:32:56-05:00
Update changelog for 4.5.2-1 release
- - - - -
22 changed files:
- + .github/workflows/lein-test.yaml
- + .github/workflows/mend.yaml
- − .github/workflows/snyk_merge.yaml
- − .travis.yml
- CHANGELOG.md
- README.md
- debian/changelog
- debian/patches/0005-maint-Disable-EndpointIdentification.patch
- debian/patches/0006_Lein_Local.patch
- debian/patches/0007_No_Gniazdo.patch
- debian/patches/0009_Testsuite_Requires_Network.patch
- + debian/patches/make-service-test-less-sensitive.patch
- debian/patches/series
- debian/rules
- project.clj
- src/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_core.clj
- + src/puppetlabs/trapperkeeper/services/webserver/jetty9.clj
- src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
- test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
- test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_core_test.clj
- test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_test.clj
- test/clj/puppetlabs/trapperkeeper/testutils/webserver.clj
Changes:
=====================================
.github/workflows/lein-test.yaml
=====================================
@@ -0,0 +1,41 @@
+name: lein_test
+
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+ paths: ['src/**','test/**']
+ pull_request:
+ types: [opened, reopened, edited, synchronize]
+ paths: ['src/**','test/**']
+
+jobs:
+ run-lein-tests:
+ name: lein test - Java ${{ matrix.java }}
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ java: [ '8', '11', '17' ]
+ steps:
+ - name: Check out repository code
+ uses: actions/checkout at v3
+ - name: Setup java
+ uses: actions/setup-java at v3
+ with:
+ distribution: temurin
+ java-version: ${{ matrix.java }}
+ - name: Install Clojure tools
+ uses: DeLaGuardo/setup-clojure at 10.2
+ with:
+ cli: latest # Clojure CLI based on tools.deps
+ lein: latest # Leiningen
+ boot: latest # Boot.clj
+ bb: latest # Babashka
+ clj-kondo: latest # Clj-kondo
+ cljstyle: latest # cljstyle
+ zprint: latest # zprint
+ - name: Run lein tests with dev test profile
+ run: lein with-profile dev test
+ - name: Run lein tests with pseudo-dev, fips profiles
+ run: lein with-profile pseudo-dev,fips test
=====================================
.github/workflows/mend.yaml
=====================================
@@ -0,0 +1,55 @@
+name: mend_scan
+on:
+ workflow_dispatch:
+ push:
+ branches:
+ - main
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ steps:
+ - name: connect_twingate
+ uses: twingate/github-action at v1
+ with:
+ service-key: ${{ secrets.TWINGATE_PUBLIC_REPO_KEY }}
+ - name: checkout repo content
+ uses: actions/checkout at v2 # checkout the repository content to github runner.
+ with:
+ fetch-depth: 1
+ # install java which is required for mend and clojure
+ - name: setup java
+ uses: actions/setup-java at v3
+ with:
+ distribution: temurin
+ java-version: 17
+ # install clojure tools
+ - name: Install Clojure tools
+ uses: DeLaGuardo/setup-clojure at 10.1
+ with:
+ # Install just one or all simultaneously
+ # The value must indicate a particular version of the tool, or use 'latest'
+ # to always provision the latest version
+ cli: latest # Clojure CLI based on tools.deps
+ lein: latest # Leiningen
+ boot: latest # Boot.clj
+ bb: latest # Babashka
+ clj-kondo: latest # Clj-kondo
+ cljstyle: latest # cljstyle
+ zprint: latest # zprint
+ # run lein gen
+ - name: create pom.xml
+ run: lein pom
+ # download mend
+ - name: download_mend
+ run: curl -o wss-unified-agent.jar https://unified-agent.s3.amazonaws.com/wss-unified-agent.jar
+ - name: run mend
+ run: env WS_INCLUDES=pom.xml java -jar wss-unified-agent.jar
+ env:
+ WS_APIKEY: ${{ secrets.MEND_API_KEY }}
+ WS_WSS_URL: https://saas-eu.whitesourcesoftware.com/agent
+ WS_USERKEY: ${{ secrets.MEND_TOKEN }}
+ WS_PRODUCTNAME: Puppet Enterprise
+ WS_PROJECTNAME: ${{ github.event.repository.name }}
+ WS_FILESYSTEMSCAN: true
+ WS_CHECKPOLICIES: true
+ WS_FORCEUPDATE: true
=====================================
.github/workflows/snyk_merge.yaml deleted
=====================================
@@ -1,29 +0,0 @@
----
-name: Snyk Clojure Merge
-
-on: push
-
-jobs:
- snyk_clojure:
- runs-on: ubuntu-latest
- steps:
- - name: Connect to Twingate
- uses: twingate/github-action at v1
- with:
- service-key: ${{ secrets.TWINGATE_PUBLIC_REPO_KEY }}
- - name: checkout the current HEAD
- uses: actions/checkout at v2
- with:
- fetch-depth: 1
- persist-credentials: false
- - name: Run Clojure Snyk Scan
- id: scan
- uses: puppetlabs/security-snyk-clojure-action at v2
- with:
- snykToken: ${{ secrets.SNYK_PE_TOKEN }}
- snykOrg: 'puppet-enterprise'
- snykProject: 'trapperkeeper-webserver-jetty9'
- snykPolicy: '.snyk'
- - name: Check output
- if: steps.scan.outputs.vulns != ''
- run: echo "Vulnerabilities detected; ${{ steps.scan.outputs.vulns }}" && exit 1
=====================================
.travis.yml deleted
=====================================
@@ -1,29 +0,0 @@
-language: clojure
-lein: 2.9.10
-jobs:
- include:
- - stage: jdk8
- script: lein with-profile dev test
- jdk: openjdk8
- # this env var isn't actually used, but helps with readability
- # in the Travis CI web page
- env:
- - FIPS=false
- - # still jdk8
- script: lein with-profile fips test
- jdk: openjdk8
- env:
- - FIPS=true
-
- - stage: jdk11
- script: lein with-profile dev test
- jdk: openjdk11
- env:
- - FIPS=false
- - # still jdk11
- script: lein with-profile fips test
- jdk: openjdk11
- env:
- - FIPS=true
-notifications:
- email: false
=====================================
CHANGELOG.md
=====================================
@@ -1,3 +1,30 @@
+## 4.5.2
+* update jetty9 to [9.4.53.v20231009](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009) to address:
+ * CVE-2023-44487
+ * CVE-2023-36478
+* update clj-parent to 5.6.3
+
+## 4.5.1
+* update jetty9 to [9.4.52.v20230823](https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.52.v20230823) to address
+ * https://github.com/advisories/GHSA-58qw-p7qm-5rvh
+ * https://github.com/advisories/GHSA-hmr7-m48g-48f6
+ * https://github.com/advisories/GHSA-3gh6-v5v9-6v9j
+ * https://github.com/advisories/GHSA-pwh8-58vv-vw48
+
+## 4.5.0
+
+* Add `:include-response` option to request that the pending response
+ instance be provided to
+ [`add-ring-handler`](./README.md#add-ring-handler) as a second
+ argument.
+ [(PDB-5645)](https://tickets.puppetlabs.com/browse/PDB-5645)
+
+## 4.4.3
+* restore jdk 8 compatiblity
+
+## 4.4.2
+* update jetty to 9.4.51.v20230217 to resolve CVE-2023-26048
+
## 4.4.1
* update clj-parent to 5.2.9, which includes the stylefruits/gniazdo dependency.
=====================================
README.md
=====================================
@@ -87,27 +87,41 @@ You may specify `""` as the value for `path` if you are only registering a singl
handler and do not need to prefix the URL.
There is also a three argument version of this function which takes these arguments:
-`[handler path options]`. `options` is a map containing three optional keys.
-
-The first is
-`:server-id`, which specifies which server you want to add the ring-handler to. If
-`:server-id` is specified, the ring handler will be added to the server with id
-`:server-id`. If no `:server-id` is specified, or the two argument version is called,
-the ring handler will be added to the default server. Calling the two-argument version or
-leaving out `:server-id` will not work in a multiserver set-up if no default server is specified.
-
-The second optional argument is `:redirect-if-no-trailing-slash`. When set to `true`,
-all requests made to the endpoint at which the ring-handler was registered will, if
-no trailing slash is present, return a 302 redirect response to the same URL but with a trailing slash
-added. If the option is set to `false`, no redirect will occur, and the request will be
-routed through to the registered handler. This option defaults to `false`.
-
-The third optional argument is `:normalize-request-uri`. When set to `true`, the
-URI made available to the ring handler request map via the `:uri` key will have
-been "normalized". See the [Request URI Normalization]
-(#request-uri-normalization) section for more information on the
-normalization process. When set to `false` (the default value), the raw path
-component from the HTTP request URI will be the value for the `:uri` key.
+`[handler path options]`. `options` is a map containing optional keys.
+
+* `:server-id`
+
+ This option specifies which server you want to add the ring-handler
+ to. If `:server-id` is specified, the ring handler will be added to
+ the server with id `:server-id`. If no `:server-id` is specified, or
+ the two argument version is called, the ring handler will be added
+ to the default server. Calling the two-argument version or leaving
+ out `:server-id` will not work in a multiserver set-up if no default
+ server is specified.
+
+* `:redirect-if-no-trailing-slash`
+
+ When set to `true`, all requests made to the endpoint at which the
+ ring-handler was registered will, if no trailing slash is present,
+ return a 302 redirect response to the same URL but with a trailing
+ slash added. If the option is set to `false`, no redirect will
+ occur, and the request will be routed through to the registered
+ handler. This option defaults to `false`.
+
+* `:normalize-request-uri`
+
+ When set to `true`, the URI made available to the ring handler
+ request map via the `:uri` key will have been "normalized". See the
+ [Request URI Normalization] (#request-uri-normalization) section for
+ more information on the normalization process. When set to `false`
+ (the default value), the raw path component from the HTTP request
+ URI will be the value for the `:uri` key.
+
+* `:include-response`
+
+ When set to `true`, the request will include the pending jetty
+ [`Response`](https://www.eclipse.org/jetty/javadoc/jetty-9/org/eclipse/jetty/server/Response.html)
+ instance as `:puppetlabs.trapperkeeper.services.webserver.jetty9/response`.
Here's an example of how to use the `:WebserverService`:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+trapperkeeper-webserver-jetty9-clojure (4.5.2-1) unstable; urgency=medium
+
+ * New upstream version 4.5.2
+ * d/patches: refresh patches for new upstream version
+ * d/patches: fix service test with upstream patch
+ * d/rules: improve clean target
+
+ -- Jérôme Charaoui <jerome at riseup.net> Sat, 17 Feb 2024 08:32:49 -0500
+
trapperkeeper-webserver-jetty9-clojure (4.4.1-5) unstable; urgency=medium
* d/control: bump Breaks: on puppetserver
=====================================
debian/patches/0005-maint-Disable-EndpointIdentification.patch
=====================================
@@ -28,11 +28,11 @@ https://github.com/eclipse/jetty.project/pull/3480/files#diff-58640db0f8f2cd84b7
src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj | 1 +
1 file changed, 1 insertion(+)
-diff --git a/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj b/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
-index c15f1e3..2c88b1e 100644
---- a/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
-+++ b/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
-@@ -207,6 +207,7 @@
+Index: trapperkeeper-webserver-jetty9-clojure/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
++++ trapperkeeper-webserver-jetty9-clojure/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
+@@ -211,6 +211,7 @@
(.setKeyStore (:keystore keystore-config))
(.setKeyStorePassword (:key-password keystore-config))
(.setTrustStore (:truststore keystore-config))
=====================================
debian/patches/0006_Lein_Local.patch
=====================================
@@ -9,64 +9,64 @@ Forwarded: not-needed
project.clj | 92 +++++++++++++++++++++++--------------------------------------
1 file changed, 34 insertions(+), 58 deletions(-)
-diff --git a/project.clj b/project.clj
-index c9e5b7a..a02f11e 100644
---- a/project.clj
-+++ b/project.clj
-@@ -8,48 +8,40 @@
+Index: trapperkeeper-webserver-jetty9-clojure/project.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/project.clj
++++ trapperkeeper-webserver-jetty9-clojure/project.clj
+@@ -1,4 +1,4 @@
+-(def jetty-version "9.4.53.v20231009")
++(def jetty-version "9.x")
+
+ (defproject puppetlabs/trapperkeeper-webserver-jetty9 "4.5.2"
+ :description "A jetty9-based webserver implementation for use with the puppetlabs/trapperkeeper service framework."
+@@ -8,21 +8,18 @@
:min-lein-version "2.9.1"
-- :parent-project {:coords [puppetlabs/clj-parent "5.2.9"]
+- :parent-project {:coords [puppetlabs/clj-parent "5.6.3"]
- :inherit [:managed-dependencies]}
-+ :dependencies [[org.clojure/clojure "1.x"]
-+ [org.clojure/java.jmx "debian"]
-+ [org.clojure/tools.logging "debian"]
-
-- ;; Abort when version ranges or version conflicts are detected in
-- ;; dependencies. Also supports :warn to simply emit warnings.
-- ;; requires lein 2.2.0+.
-- :pedantic? :abort
+-
+ ;; Abort when version ranges or version conflicts are detected in
+ ;; dependencies. Also supports :warn to simply emit warnings.
+ ;; requires lein 2.2.0+.
+ :pedantic? :abort
- :dependencies [[org.clojure/clojure]
- [org.clojure/java.jmx]
- [org.clojure/tools.logging]
-+ [org.codehaus.janino/janino "debian"]
-+ [org.flatland/ordered "debian"]
++ :dependencies [[org.clojure/clojure "1.x"]
++ [org.clojure/java.jmx "debian"]
++ [org.clojure/tools.logging "debian"]
- [org.codehaus.janino/janino]
- [org.flatland/ordered "1.5.9"]
--
++ [org.codehaus.janino/janino "debian"]
++ [org.flatland/ordered "debian"]
+
- [javax.servlet/javax.servlet-api "3.1.0"]
-+ [javax.servlet/javax.servlet-api "debian"]
++ [javax.servlet/javax.servlet-api "debian"]
;; Jetty Webserver
-- [org.eclipse.jetty/jetty-server ~jetty-version
-+ [org.eclipse.jetty/jetty-server "9.x"
+ [org.eclipse.jetty/jetty-server ~jetty-version
:exclusions [org.eclipse.jetty.orbit/javax.servlet]]
-- [org.eclipse.jetty/jetty-servlet ~jetty-version]
-- [org.eclipse.jetty/jetty-servlets ~jetty-version]
-- [org.eclipse.jetty/jetty-webapp ~jetty-version]
-- [org.eclipse.jetty/jetty-proxy ~jetty-version]
-- [org.eclipse.jetty/jetty-jmx ~jetty-version]
+@@ -31,25 +28,24 @@
+ [org.eclipse.jetty/jetty-webapp ~jetty-version]
+ [org.eclipse.jetty/jetty-proxy ~jetty-version]
+ [org.eclipse.jetty/jetty-jmx ~jetty-version]
- [org.eclipse.jetty.websocket/websocket-server ~jetty-version]
-+ [org.eclipse.jetty/jetty-servlet "9.x"]
-+ [org.eclipse.jetty/jetty-servlets "9.x"]
-+ [org.eclipse.jetty/jetty-webapp "9.x"]
-+ [org.eclipse.jetty/jetty-proxy "9.x"]
-+ [org.eclipse.jetty/jetty-jmx "9.x"]
+ [org.eclipse.jetty.websocket/websocket-server "debian"]
- [prismatic/schema]
- [ring/ring-servlet]
- [ring/ring-codec]
-+ [prismatic/schema "debian"]
-+ [ring/ring-servlet "debian"]
-+ [ring/ring-codec "debian"]
-
+-
- [puppetlabs/ssl-utils]
- [puppetlabs/kitchensink]
- [puppetlabs/trapperkeeper]
- [puppetlabs/i18n]
- [puppetlabs/trapperkeeper-filesystem-watcher]
++ [prismatic/schema "debian"]
++ [ring/ring-servlet "debian"]
++ [ring/ring-codec "debian"]
++
+ [puppetlabs/ssl-utils "debian"]
+ [puppetlabs/kitchensink "debian"]
+ [puppetlabs/trapperkeeper "debian"]
@@ -85,7 +85,7 @@ index c9e5b7a..a02f11e 100644
:deploy-repositories [["releases" {:url "https://clojars.org/repo"
:username :env/clojars_jenkins_username
-@@ -71,51 +63,35 @@
+@@ -71,24 +67,23 @@
"examples/webrouting_app/src"]
:java-source-paths ["examples/servlet_app/src/java"
"test/java"]
@@ -94,57 +94,34 @@ index c9e5b7a..a02f11e 100644
- [puppetlabs/trapperkeeper nil :classifier "test"]
- [org.clojure/tools.namespace]
- [compojure]
+- [ring/ring-core]]
+ :dependencies [[puppetlabs/http-client "debian"]
+ [puppetlabs/kitchensink "debian" :classifier "test"]
-+ [puppetlabs/trapperkeeper "debian" :classifier "test"]
++ [puppetlabs/trapperkeeper "debian" :classifier "test"]
+ [org.clojure/tools.namespace "debian"]
-+ [compojure "debian"]
- [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
- org.eclipse.jetty.websocket/websocket-client
- org.eclipse.jetty/jetty-util]]
-- [ring/ring-core]]
-+ [ring/ring-core "debian"]]
++ [ring/ring-core "debian"]]
:resource-paths ["dev-resources"]
:jvm-opts ["-Djava.util.logging.config.file=dev-resources/logging.properties"]}
:dev [:defaults
-- {:dependencies [[org.bouncycastle/bcpkix-jdk18on]]}]
-+ {:dependencies [[org.bouncycastle/bcpkix "debian"]]}]
+- {:dependencies [[org.bouncycastle/bcpkix-jdk18on]
++ {:dependencies [[org.bouncycastle/bcpkix "debian"]
+ [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
+ org.eclipse.jetty.websocket/websocket-client
+ org.eclipse.jetty/jetty-util]]]}]
;; per https://github.com/technomancy/leiningen/issues/1907
;; the provided profile is necessary for lein jar / lein install
- :provided {:dependencies [[org.bouncycastle/bcpkix-jdk18on]]
+ :provided {:dependencies [[org.bouncycastle/bcpkix "debian"]]
:resource-paths ["dev-resources"]}
-
- :fips [:defaults ; merge in the dev profile
- {:dependencies [[org.bouncycastle/bcpkix-fips]
- [org.bouncycastle/bc-fips]
- [org.bouncycastle/bctls-fips]]
-- :exclusions [[org.bouncycastle/bcpkix-jdk18on]]
-- ;; this only ensures that we run with the proper profiles
-- ;; during testing. This JVM opt will be set in the puppet module
-- ;; that sets up the JVM classpaths during installation.
-- :jvm-opts ~(let [version (System/getProperty "java.version")
-- [major minor _] (clojure.string/split version #"\.")
-- unsupported-ex (ex-info "Unsupported major Java version. Expects 8 or 11."
-- {:major major
-- :minor minor})]
-- (condp = (java.lang.Integer/parseInt major)
-- 1 (if (= 8 (java.lang.Integer/parseInt minor))
-- ["-Djava.security.properties==dev-resources/jdk8-fips-security"]
-- (throw unsupported-ex))
-- 11 ["-Djava.security.properties==dev-resources/jdk11-fips-security"]
-- (throw unsupported-ex)))}]
-+ :exclusions [[org.bouncycastle/bcpkix-jdk18on]]}]
-
- :testutils {:source-paths ^:replace ["test/clj"]
- :java-source-paths ^:replace ["test/java"]}}
-
+ ;; a pseudo dev profile that can be combined with the FIPS profiling for testing only
+ :pseudo-dev {:dependencies [
+@@ -122,5 +117,6 @@
:main puppetlabs.trapperkeeper.main
--
-- :repositories [["puppet-releases" "https://artifactory.delivery.puppetlabs.net/artifactory/list/clojure-releases__local/"]
+
+ :repositories [["puppet-releases" "https://artifactory.delivery.puppetlabs.net/artifactory/list/clojure-releases__local/"]
- ["puppet-snapshots" "https://artifactory.delivery.puppetlabs.net/artifactory/list/clojure-snapshots__local/"]])
--
-+ :local-repo "debian/maven-repo"
-+ )
++ ["puppet-snapshots" "https://artifactory.delivery.puppetlabs.net/artifactory/list/clojure-snapshots__local/"]]
+
++ :local-repo "debian/maven-repo")
=====================================
debian/patches/0007_No_Gniazdo.patch
=====================================
@@ -11,24 +11,26 @@ WebSocket features of this library, we're patching it out.
.../webserver/jetty9_service_handlers_test.clj | 39 ++--------------------
3 files changed, 4 insertions(+), 46 deletions(-)
-diff --git a/project.clj b/project.clj
-index a02f11e..a497bd5 100644
---- a/project.clj
-+++ b/project.clj
-@@ -68,9 +68,6 @@
- [puppetlabs/trapperkeeper "debian" :classifier "test"]
- [org.clojure/tools.namespace "debian"]
- [compojure "debian"]
-- [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
-- org.eclipse.jetty.websocket/websocket-client
-- org.eclipse.jetty/jetty-util]]
- [ring/ring-core "debian"]]
- :resource-paths ["dev-resources"]
+Index: trapperkeeper-webserver-jetty9-clojure/project.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/project.clj
++++ trapperkeeper-webserver-jetty9-clojure/project.clj
+@@ -76,10 +76,7 @@
:jvm-opts ["-Djava.util.logging.config.file=dev-resources/logging.properties"]}
-diff --git a/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj b/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj
-index ab1173f..3d84f6a 100644
---- a/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj
-+++ b/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj
+
+ :dev [:defaults
+- {:dependencies [[org.bouncycastle/bcpkix "debian"]
+- [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
+- org.eclipse.jetty.websocket/websocket-client
+- org.eclipse.jetty/jetty-util]]]}]
++ {:dependencies [[org.bouncycastle/bcpkix "debian"]]}]
+
+ ;; per https://github.com/technomancy/leiningen/issues/1907
+ ;; the provided profile is necessary for lein jar / lein install
+Index: trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj
++++ trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_test.clj
@@ -1,7 +1,6 @@
(ns puppetlabs.trapperkeeper.services.webrouting.webrouting-service-test
(:require [clojure.test :refer :all]
@@ -51,10 +53,10 @@ index ab1173f..3d84f6a 100644
(testing "Error occurs when specifying service that does not exist in config file"
(with-app-with-config
-diff --git a/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj b/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
-index 606eee2..7574f68 100644
---- a/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
-+++ b/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
+Index: trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
++++ trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
@@ -5,7 +5,6 @@
(java.nio.file.attribute FileAttribute)
(javax.servlet.http HttpServlet HttpServletRequest HttpServletResponse))
=====================================
debian/patches/0009_Testsuite_Requires_Network.patch
=====================================
@@ -10,11 +10,11 @@ details.
.../webserver/jetty9_service_handlers_test.clj | 58 ++++++++---------
2 files changed, 67 insertions(+), 67 deletions(-)
-diff --git a/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj b/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
-index f998a56..cd1fae6 100644
---- a/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
-+++ b/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
-@@ -154,44 +154,44 @@
+Index: trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
++++ trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
+@@ -159,44 +159,44 @@
(is (= (:status response) 200))
(is (= (:body response) body))))))))
@@ -97,10 +97,10 @@ index f998a56..cd1fae6 100644
(deftest endpoints-test-web-routing
(testing (str "get-registered-endpoints and log-registered-endpoints are "
-diff --git a/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj b/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
-index 7574f68..b485e77 100644
---- a/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
-+++ b/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
+Index: trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
+===================================================================
+--- trapperkeeper-webserver-jetty9-clojure.orig/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
++++ trapperkeeper-webserver-jetty9-clojure/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_handlers_test.clj
@@ -239,35 +239,35 @@
handlers {:on-connect (fn [ws] (ws-session/close! ws 4000 "Bye"))}]
(add-websocket-handler handlers path))))))
=====================================
debian/patches/make-service-test-less-sensitive.patch
=====================================
@@ -0,0 +1,30 @@
+From: jonathannewman <jonathan.newman at puppetlabs.com>
+Date: Tue, 10 Oct 2023 11:51:21 -0700
+Subject: [PATCH] (maint) make service test less sensitive
+
+The service test contained a regular expression that matched on the
+size of the content. The headers that are included in the response
+depend on the platform and java version that are used to run the
+tests, so this removes the size part of the regular expression to
+make the tests less sensitive to environment. The underlying behavior
+in the test isn't impacted; it still validates that the logging occurred.
+
+Origin: upstream, https://github.com/puppetlabs/trapperkeeper-webserver-jetty9/commit/ff7fb6686d4aeb7fbb3688c8e792df5e719f86d1
+Forwarded: not-needed
+---
+ .../trapperkeeper/services/webserver/jetty9_service_test.clj | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_test.clj b/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_test.clj
+index a6f0bb9..e39488b 100644
+--- a/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_test.clj
++++ b/test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_test.clj
+@@ -737,7 +737,7 @@
+ ; we have to sleep the thread to avoid a race condition.
+ (Thread/sleep 10)
+ (let [list (TestListAppender/list)]
+- (is (re-find #"\"GET /hi_world/ HTTP/1.1\" 200 28" (first list))))))
++ (is (re-find #"\"GET /hi_world/ HTTP/1.1\" 200 " (first list))))))
+
+ (testing "Mapped Diagnostic Context values are available to the access logger"
+ (with-test-access-logging
=====================================
debian/patches/series
=====================================
@@ -4,3 +4,4 @@
0007_No_Gniazdo.patch
0008_Jetty_Post_Config_Failure.patch
0009_Testsuite_Requires_Network.patch
+make-service-test-less-sensitive.patch
=====================================
debian/rules
=====================================
@@ -29,8 +29,6 @@ ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
lein test
endif
-override_dh_clean:
- rm -f debian/maven-repo
- rm -f debian/pom.xml
- rm -Rf target
- dh_clean
+execute_before_dh_clean:
+ rm -f .lein-failures debian/maven-repo debian/pom.xml resources/locales.clj
+ rm -rf .lein resources/puppetlabs target
=====================================
project.clj
=====================================
@@ -1,6 +1,6 @@
-(def jetty-version "9.4.48.v20220622")
+(def jetty-version "9.4.53.v20231009")
-(defproject puppetlabs/trapperkeeper-webserver-jetty9 "4.4.1"
+(defproject puppetlabs/trapperkeeper-webserver-jetty9 "4.5.2"
:description "A jetty9-based webserver implementation for use with the puppetlabs/trapperkeeper service framework."
:url "https://github.com/puppetlabs/trapperkeeper-webserver-jetty9"
:license {:name "Apache License, Version 2.0"
@@ -8,7 +8,7 @@
:min-lein-version "2.9.1"
- :parent-project {:coords [puppetlabs/clj-parent "5.2.9"]
+ :parent-project {:coords [puppetlabs/clj-parent "5.6.3"]
:inherit [:managed-dependencies]}
;; Abort when version ranges or version conflicts are detected in
@@ -76,22 +76,26 @@
[puppetlabs/trapperkeeper nil :classifier "test"]
[org.clojure/tools.namespace]
[compojure]
- [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
- org.eclipse.jetty.websocket/websocket-client
- org.eclipse.jetty/jetty-util]]
[ring/ring-core]]
:resource-paths ["dev-resources"]
:jvm-opts ["-Djava.util.logging.config.file=dev-resources/logging.properties"]}
:dev [:defaults
- {:dependencies [[org.bouncycastle/bcpkix-jdk18on]]}]
+ {:dependencies [[org.bouncycastle/bcpkix-jdk18on]
+ [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
+ org.eclipse.jetty.websocket/websocket-client
+ org.eclipse.jetty/jetty-util]]]}]
;; per https://github.com/technomancy/leiningen/issues/1907
;; the provided profile is necessary for lein jar / lein install
:provided {:dependencies [[org.bouncycastle/bcpkix-jdk18on]]
:resource-paths ["dev-resources"]}
-
- :fips [:defaults ; merge in the dev profile
+ ;; a pseudo dev profile that can be combined with the FIPS profiling for testing only
+ :pseudo-dev {:dependencies [
+ [stylefruits/gniazdo nil :exclusions [org.eclipse.jetty.websocket/websocket-api
+ org.eclipse.jetty.websocket/websocket-client
+ org.eclipse.jetty/jetty-util]]]}
+ :fips [:defaults ; merge in the default profile
{:dependencies [[org.bouncycastle/bcpkix-fips]
[org.bouncycastle/bc-fips]
[org.bouncycastle/bctls-fips]]
@@ -101,7 +105,7 @@
;; that sets up the JVM classpaths during installation.
:jvm-opts ~(let [version (System/getProperty "java.version")
[major minor _] (clojure.string/split version #"\.")
- unsupported-ex (ex-info "Unsupported major Java version. Expects 8 or 11."
+ unsupported-ex (ex-info "Unsupported major Java version. Expects 11 or 17."
{:major major
:minor minor})]
(condp = (java.lang.Integer/parseInt major)
@@ -109,6 +113,7 @@
["-Djava.security.properties==dev-resources/jdk8-fips-security"]
(throw unsupported-ex))
11 ["-Djava.security.properties==dev-resources/jdk11-fips-security"]
+ 17 ["-Djava.security.properties==dev-resources/jdk11-fips-security"]
(throw unsupported-ex)))}]
:testutils {:source-paths ^:replace ["test/clj"]
=====================================
src/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_core.clj
=====================================
@@ -26,6 +26,9 @@
(def ContextHandlerOptions
(dissoc (merge jetty9-core/ContextHandlerOptions RouteOption) :server-id))
+(def RingHandlerOptions
+ (dissoc (merge jetty9-core/RingHandlerOptions RouteOption) :server-id))
+
(def ServletHandlerOptions
(dissoc (merge jetty9-core/ServletHandlerOptions RouteOption) :server-id))
@@ -123,7 +126,7 @@
(schema/defn ^:always-validate add-ring-handler!
[context webserver-service
svc :- (schema/protocol tk-services/Service)
- handler options :- CommonOptions]
+ handler options :- RingHandlerOptions]
(let [{:keys [path opts]} (compute-common-elements context svc options)
add-ring-handler (:add-ring-handler webserver-service)]
(add-ring-handler handler path opts)))
=====================================
src/puppetlabs/trapperkeeper/services/webserver/jetty9.clj
=====================================
@@ -0,0 +1,14 @@
+(ns puppetlabs.trapperkeeper.services.webserver.jetty9
+ "Currently only provides support for aliased keyword access for
+ clojure versions without :as-alias (before 1.11)."
+ (:require
+ [clojure.spec.alpha :as s])
+ (:import
+ (org.eclipse.jetty.server Response)))
+
+;; Currently just informational, i.e. not committing to support the
+;; spec alpha declaration publicly for now.
+
+(defn- response? [x] (instance? Response x))
+
+(s/def ::response response?)
=====================================
src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
=====================================
@@ -31,6 +31,7 @@
[ring.util.codec :as codec]
[clojure.string :as str]
[clojure.tools.logging :as log]
+ [puppetlabs.trapperkeeper.services.webserver.jetty9 :as jetty9]
[puppetlabs.trapperkeeper.services.webserver.jetty9-config :as config]
[puppetlabs.trapperkeeper.services.webserver.experimental.jetty9-websockets :as websockets]
[puppetlabs.trapperkeeper.services.webserver.normalized-uri-helpers
@@ -86,6 +87,9 @@
(assoc CommonOptions (schema/optional-key :context-listeners) [ServletContextListener]
(schema/optional-key :follow-links) schema/Bool))
+(def RingHandlerOptions
+ (assoc CommonOptions (schema/optional-key :include-response) schema/Bool))
+
(def ServletHandlerOptions
(assoc CommonOptions (schema/optional-key :servlet-init-params) {schema/Str schema/Str}))
@@ -448,10 +452,11 @@
(defn- ring-handler
"Returns an Jetty Handler implementation for the given Ring handler."
- [handler]
+ [handler include-response]
(proxy [AbstractHandler] []
(handle [_ ^Request base-request request response]
- (let [request-map (servlet/build-request-map request)
+ (let [request-map (cond-> (servlet/build-request-map request)
+ include-response (assoc ::jetty9/response response))
response-map (handler request-map)]
(when response-map
(servlet/update-servlet-response response response-map)
@@ -466,7 +471,7 @@
options :- ProxyOptions]
(let [custom-ssl-ctxt-factory (when (map? (:ssl-config options))
(get-proxy-client-context-factory
- (:ssl-config options)))
+ (:ssl-config options)))
{:keys [request-buffer-size idle-timeout]} options]
(proxy [ProxyServlet] []
(rewriteTarget [req]
@@ -497,7 +502,7 @@
(let [client (if custom-ssl-ctxt-factory
(HttpClient. custom-ssl-ctxt-factory)
(if-let [ssl-ctxt-factory (:ssl-context-factory
- @(:state webserver-context))]
+ @(:state webserver-context))]
(HttpClient. ssl-ctxt-factory)
(HttpClient.)))]
(when request-buffer-size
@@ -519,8 +524,8 @@
(sendProxyRequest [req resp proxy-req]
(if-let [callback-fn (:callback-fn options)]
- (callback-fn proxy-req req))
- (proxy-super sendProxyRequest req resp proxy-req))
+ (callback-fn proxy-req req))
+ (proxy-super sendProxyRequest req resp proxy-req))
;; The implementation of onResponseFailure is duplicated heavily from:
;; https://github.com/eclipse/jetty.project/blob/jetty-9.4.1.v20170120/jetty-proxy/src/main/java/org/eclipse/jetty/proxy/AbstractProxyServlet.java#L624-L658
@@ -755,11 +760,11 @@
handler :- (schema/pred ifn? 'ifn?)
path :- schema/Str
enable-trailing-slash-redirect? :- schema/Bool
- normalize-request-uri? :- schema/Bool]
- (let [handler
- (normalized-uri-helpers/handler-maybe-wrapped-with-normalized-uri
- (ring-handler handler)
- normalize-request-uri?)
+ normalize-request-uri? :- schema/Bool
+ include-response :- (schema/maybe schema/Bool)]
+ (let [handler (normalized-uri-helpers/handler-maybe-wrapped-with-normalized-uri
+ (ring-handler handler include-response)
+ normalize-request-uri?)
path (if (= "" path) "/" path)
ctxt-handler (doto (ContextHandler. path)
(.setHandler handler))]
@@ -1060,8 +1065,8 @@
(nil? new-config) (start-server-multiple context config))))
(schema/defn ^:always-validate add-ring-handler!
- [context handler path options :- CommonOptions]
- (let [server-id (:server-id options)
+ [context handler path options :- RingHandlerOptions]
+ (let [{:keys [include-response server-id]} options
s (get-server-context context server-id)
state (:state s)
endpoint-map {:type :ring}
@@ -1069,7 +1074,8 @@
enable-redirect (get options :redirect-if-no-trailing-slash false)
normalize-request-uri (get options :normalize-request-uri false)]
(register-endpoint! state endpoint-map path)
- (add-ring-handler s handler path enable-redirect normalize-request-uri)))
+ (add-ring-handler s handler path enable-redirect normalize-request-uri
+ include-response)))
(schema/defn ^:always-validate add-websocket-handler!
[context
=====================================
test/clj/puppetlabs/trapperkeeper/services/webrouting/webrouting_service_handlers_test.clj
=====================================
@@ -1,15 +1,20 @@
(ns puppetlabs.trapperkeeper.services.webrouting.webrouting-service-handlers-test
- (:import (servlet SimpleServlet))
- (:require [clojure.test :refer :all]
- [schema.test :as schema-test]
- [puppetlabs.trapperkeeper.services :as tk-services]
- [puppetlabs.trapperkeeper.services.webrouting.webrouting-service :refer :all]
- [puppetlabs.trapperkeeper.services.webserver.jetty9-service :refer [jetty9-service]]
- [puppetlabs.trapperkeeper.app :refer [get-service]]
- [puppetlabs.trapperkeeper.testutils.webrouting.common :refer :all]
- [puppetlabs.trapperkeeper.testutils.bootstrap :refer [with-app-with-config]]
- [puppetlabs.trapperkeeper.testutils.logging :refer [with-test-logging]]
- [puppetlabs.trapperkeeper.testutils.webserver :as testutils]))
+ (:require
+ [clojure.test :refer :all]
+ [schema.test :as schema-test]
+ [puppetlabs.trapperkeeper.services :as tk-services]
+ [puppetlabs.trapperkeeper.services.webrouting.webrouting-service :refer :all]
+ [puppetlabs.trapperkeeper.services.webserver.jetty9 :as jetty9]
+ [puppetlabs.trapperkeeper.services.webserver.jetty9-service :refer [jetty9-service]]
+ [puppetlabs.trapperkeeper.app :refer [get-service]]
+ [puppetlabs.trapperkeeper.testutils.webrouting.common
+ :refer [default-options-for-https-client http-get webrouting-plaintext-config]]
+ [puppetlabs.trapperkeeper.testutils.bootstrap :refer [with-app-with-config]]
+ [puppetlabs.trapperkeeper.testutils.logging :refer [with-test-logging]]
+ [puppetlabs.trapperkeeper.testutils.webserver :as testutils])
+ (:import
+ (org.eclipse.jetty.server Response)
+ (servlet SimpleServlet)))
(use-fixtures :once
schema-test/validate-schemas
@@ -215,4 +220,20 @@
(is (logged? #"^\{\"\/foo\" \[\{:type :ring}\]\}$"))
(is (logged? #"^\{\"\/foo\" \[\{:type :ring}\]\}$" :info)))))))
-
+(deftest ring-handler-include-response
+ (with-test-logging
+ (with-app-with-config app
+ [jetty9-service webrouting-service test-dummy]
+ webrouting-plaintext-config
+ (let [handler-args (atom nil)]
+ (add-ring-handler (get-service app :WebroutingService)
+ (get-service app :TestDummy)
+ (fn [& args]
+ (reset! handler-args args)
+ {:status 200 :body "yep"})
+ {:include-response true})
+ (let [{:keys [status body]} (http-get "http://localhost:8080/foo")]
+ (is (= 200 status))
+ (is (= "yep" body))
+ (is (= 1 (count @handler-args)))
+ (is (instance? Response (-> @handler-args first ::jetty9/response))))))))
=====================================
test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_core_test.clj
=====================================
@@ -37,6 +37,7 @@
:body "I am a handler"})
"/"
true
+ false
false)
(is (= (count (.getHandlers handlers)) 1)))))
=====================================
test/clj/puppetlabs/trapperkeeper/services/webserver/jetty9_service_test.clj
=====================================
@@ -737,7 +737,7 @@
; we have to sleep the thread to avoid a race condition.
(Thread/sleep 10)
(let [list (TestListAppender/list)]
- (is (re-find #"\"GET /hi_world/ HTTP/1.1\" 200 8" (first list))))))
+ (is (re-find #"\"GET /hi_world/ HTTP/1.1\" 200 28" (first list))))))
(testing "Mapped Diagnostic Context values are available to the access logger"
(with-test-access-logging
=====================================
test/clj/puppetlabs/trapperkeeper/testutils/webserver.clj
=====================================
@@ -27,7 +27,7 @@
`(let [srv# (jetty9/start-webserver!
(jetty9/initialize-context)
(assoc ~config :port 0))
- _# (jetty9/add-ring-handler srv# ~app "/" true false)
+ _# (jetty9/add-ring-handler srv# ~app "/" true false false)
~port-var (-> (:server srv#)
(.getConnectors)
(first)
View it on GitLab: https://salsa.debian.org/clojure-team/trapperkeeper-webserver-jetty9-clojure/-/compare/00616b47b43c1c1e03912c8e95f464ae30ddddcd...6e4ad9e5e940f0a63d50e81a7036e85cc3b24309
--
View it on GitLab: https://salsa.debian.org/clojure-team/trapperkeeper-webserver-jetty9-clojure/-/compare/00616b47b43c1c1e03912c8e95f464ae30ddddcd...6e4ad9e5e940f0a63d50e81a7036e85cc3b24309
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20240218/d45c13db/attachment.htm>
More information about the pkg-java-commits
mailing list