[Git][java-team/tomcat8][master] 5 commits: Look for the Java runtime in the paths used by java-package >= 0.61 (Closes: #894318)
Emmanuel Bourg
gitlab at salsa.debian.org
Thu Aug 9 17:00:04 BST 2018
Emmanuel Bourg pushed to branch master at Debian Java Maintainers / tomcat8
Commits:
063cf49b by Emmanuel Bourg at 2018-08-09T08:50:19Z
Look for the Java runtime in the paths used by java-package >= 0.61 (Closes: #894318)
- - - - -
d2927146 by Emmanuel Bourg at 2018-08-09T09:28:16Z
Install catalina.policy in tomcat8-user to run custom instances with a security manager (Closes: #736321)
- - - - -
ef2a6bf9 by Emmanuel Bourg at 2018-08-09T15:48:35Z
Added a systemd service file (Closes: #832151, #817909)
- - - - -
32baff9e by Emmanuel Bourg at 2018-08-09T15:53:12Z
Standards-Version updated to 4.2.0
- - - - -
722ed827 by Emmanuel Bourg at 2018-08-09T15:53:52Z
Upload to unstable
- - - - -
16 changed files:
- debian/README.Debian
- debian/changelog
- debian/control
- + debian/libexec/tomcat-locate-java.sh
- + debian/libexec/tomcat-start.sh
- + debian/libexec/tomcat-update-policy.sh
- debian/logging.properties
- + debian/patches/0024-systemd-log-formatter.patch
- + debian/patches/0025-invalid-configuration-exit-status.patch
- debian/patches/series
- + debian/rsyslog/tomcat8.conf
- debian/tomcat8-user.install
- debian/tomcat8.NEWS
- debian/tomcat8.init
- debian/tomcat8.install
- + debian/tomcat8.service
Changes:
=====================================
debian/README.Debian
=====================================
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -45,3 +45,5 @@ Getting started
AUTHBIND="yes" to enable it, and then configure your Tomcat to listen
on any port number you wish. See the "man authbind" for information on
configuring authbind.
+
+ authbind isn't required when systemd is used to run the service.
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,20 @@
-tomcat8 (8.5.32-2) UNRELEASED; urgency=medium
+tomcat8 (8.5.32-2) unstable; urgency=medium
* Team upload.
+ * Added a systemd service file (Closes: #832151, #817909)
+ * Look for the Java runtime in the paths used by java-package >= 0.61
+ (/usr/lib/jvm/oracle-java<n>-{jre,jdk}-*) (Closes: #894318)
+ * Install catalina.policy in the tomcat8-user package to be able to run
+ custom instances with a security manager (Closes: #736321)
* Disabled the shutdown port (8005) by default
* Updated the policy files in /etc/tomcat8/policy.d/
* Added the missing Maven rules to use the 8.x generic version for
tomcat-jaspic-api, tomcat-storeconfig and tomcat-util-scan
* Set the gecos field when creating the tomcat8 user
* No longer set JSSE_HOME in the init script (JSSE is enabled by default)
+ * Standards-Version updated to 4.2.0
- -- Emmanuel Bourg <ebourg at apache.org> Tue, 07 Aug 2018 15:15:03 +0200
+ -- Emmanuel Bourg <ebourg at apache.org> Thu, 09 Aug 2018 17:53:44 +0200
tomcat8 (8.5.32-1) unstable; urgency=medium
=====================================
debian/control
=====================================
--- a/debian/control
+++ b/debian/control
@@ -24,7 +24,7 @@ Build-Depends:
lsb-release,
maven-repo-helper,
po-debconf
-Standards-Version: 4.1.4
+Standards-Version: 4.2.0
Vcs-Git: https://salsa.debian.org/java-team/tomcat8.git
Vcs-Browser: https://salsa.debian.org/java-team/tomcat8
Homepage: http://tomcat.apache.org
=====================================
debian/libexec/tomcat-locate-java.sh
=====================================
--- /dev/null
+++ b/debian/libexec/tomcat-locate-java.sh
@@ -0,0 +1,50 @@
+#!/bin/sh
+#
+# Script looking for a Java runtime suitable for running Tomcat
+#
+# The script looks for the default JRE/JDK, OpenJDK and Oracle JDK
+# as packaged by java-package. The Java runtime found is exported
+# in the JAVA_HOME environment variable.
+#
+
+set -e
+
+# Find the Java runtime if JAVA_HOME isn't already defined
+if [ -z "$JAVA_HOME" ]; then
+ # This function sets the variable JDK_DIRS
+ find_jdks()
+ {
+ for java_version in 11 10 9 8
+ do
+ for jvmdir in /usr/lib/jvm/java-${java_version}-openjdk-* \
+ /usr/lib/jvm/jdk-${java_version}-oracle-* \
+ /usr/lib/jvm/jre-${java_version}-oracle-* \
+ /usr/lib/jvm/java-${java_version}-oracle \
+ /usr/lib/jvm/oracle-java${java_version}-jdk-* \
+ /usr/lib/jvm/oracle-java${java_version}-jre-*
+ do
+ if [ -d "${jvmdir}" ]
+ then
+ JDK_DIRS="${JDK_DIRS} ${jvmdir}"
+ fi
+ done
+ done
+ }
+
+ # The first existing directory is used for JAVA_HOME
+ JDK_DIRS="/usr/lib/jvm/default-java"
+ find_jdks
+
+ # Look for the right JVM to use
+ for jdir in $JDK_DIRS; do
+ if [ -r "$jdir/bin/java" -a -z "${JAVA_HOME}" ]; then
+ JAVA_HOME="$jdir"
+ fi
+ done
+ export JAVA_HOME
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+ echo "<2>No JDK or JRE found - Please set the JAVA_HOME variable or install the default-jdk package"
+ exit 1
+fi
=====================================
debian/libexec/tomcat-start.sh
=====================================
--- /dev/null
+++ b/debian/libexec/tomcat-start.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Startup script for Apache Tomcat with systemd
+#
+
+set -e
+
+# Find the Java runtime and set JAVA_HOME
+. /usr/libexec/tomcat8/tomcat-locate-java.sh
+
+# Set the JSP compiler if configured in the /etc/default/tomcat8 file
+[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
+
+export JAVA_OPTS
+
+# Enable the Java security manager?
+SECURITY=""
+[ "$TOMCAT_SECURITY" = "yes" ] && SECURITY="-security"
+
+
+# Start Tomcat
+cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY
=====================================
debian/libexec/tomcat-update-policy.sh
=====================================
--- /dev/null
+++ b/debian/libexec/tomcat-update-policy.sh
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# Script regenerating the catalina.policy file from the collection
+# of files in /etc/tomcat8/policy.d/
+#
+# This script is run as root by systemd before starting Tomcat.
+#
+
+set -e
+
+if [ ! -d "$CATALINA_BASE/conf" ]; then
+ echo "<2>Invalid CATALINA_BASE, configuration files not found: $CATALINA_BASE"
+ exit 1
+fi
+
+# Regenerate the catalina.policy file
+POLICY_CACHE="$CATALINA_BASE/policy/catalina.policy"
+umask 022
+rm -rf "$CATALINA_BASE/policy"
+mkdir "$CATALINA_BASE/policy"
+echo "// AUTO-GENERATED FILE from /etc/tomcat8/policy.d/" > "$POLICY_CACHE"
+echo "" >> "$POLICY_CACHE"
+cat $CATALINA_BASE/conf/policy.d/*.policy >> "$POLICY_CACHE"
=====================================
debian/logging.properties
=====================================
--- a/debian/logging.properties
+++ b/debian/logging.properties
@@ -31,7 +31,7 @@ handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.jul
2localhost.org.apache.juli.AsyncFileHandler.prefix = localhost.
java.util.logging.ConsoleHandler.level = FINE
-java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
+java.util.logging.ConsoleHandler.formatter = org.apache.juli.SystemdFormatter
############################################################
=====================================
debian/patches/0024-systemd-log-formatter.patch
=====================================
--- /dev/null
+++ b/debian/patches/0024-systemd-log-formatter.patch
@@ -0,0 +1,104 @@
+Description: Adds a log formatter suitable for systemd
+Author: Emmanuel Bourg <ebourg at apache.org>
+Forwarded: no
+--- /dev/null
++++ b/java/org/apache/juli/SystemdFormatter.java
+@@ -0,0 +1,98 @@
++/*
++ * Licensed to the Apache Software Foundation (ASF) under one or more
++ * contributor license agreements. See the NOTICE file distributed with
++ * this work for additional information regarding copyright ownership.
++ * The ASF licenses this file to You under the Apache License, Version 2.0
++ * (the "License"); you may not use this file except in compliance with
++ * the License. You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++package org.apache.juli;
++
++import java.io.PrintWriter;
++import java.io.StringWriter;
++import java.util.TreeMap;
++import java.util.logging.Formatter;
++import java.util.logging.Level;
++import java.util.logging.LogRecord;
++
++/**
++ * Formatter suitable for logs handled by systemd/journald:
++ * <ul>
++ * <li>Timestamps are removed (already added by journald)</li>
++ * <li>Messages are prefixed with a marker specifying the log level. For example:
++ * <pre> <6>Tomcat started</pre>
++ * </li>
++ * <li>Tabulations are replaced by spaces (they are escaped as <tt>#011</tt> in /var/log/syslog otherwise)</li>
++ * </ul>
++ */
++public class SystemdFormatter extends Formatter {
++
++ /** Mapping between JUL levels and systemd logging levels */
++ private TreeMap<Integer, String> levelMapping = new TreeMap<>();
++ {
++ levelMapping.put(Level.OFF.intValue(), "<0>"); // emergency
++ levelMapping.put(Level.SEVERE.intValue(), "<2>"); // critical
++ levelMapping.put(Level.WARNING.intValue(), "<4>"); // warning
++ levelMapping.put(Level.INFO.intValue(), "<6>"); // info
++ levelMapping.put(Level.CONFIG.intValue(), "<6>"); // info
++ levelMapping.put(Level.FINE.intValue(), "<7>"); // debug
++ levelMapping.put(Level.FINER.intValue(), "<7>"); // debug
++ levelMapping.put(Level.FINEST.intValue(), "<7>"); // debug
++ }
++
++ @Override
++ public String format(LogRecord record) {
++ StringBuilder sb = new StringBuilder();
++
++ // Severity
++ String prefix = getSystemdLevel(record.getLevel());
++ sb.append(prefix);
++
++ // Message
++ sb.append(formatMessage(record));
++
++ // Stack trace
++ if (record.getThrown() != null) {
++ sb.append("\n").append(prefix);
++ sb.append(toString(record.getThrown())
++ .replaceAll("\t", " ") // tabulations are escaped as #011 in /var/log/syslog
++ .replaceAll("\\n", "\n" + prefix)
++ );
++ }
++
++ // New line for next record
++ sb.append(System.lineSeparator());
++
++ return sb.toString();
++ }
++
++ private String toString(Throwable t) {
++ StringWriter sw = new StringWriter();
++ PrintWriter pw = new PrintWriter(sw);
++ t.printStackTrace(pw);
++ pw.close();
++
++ return sw.toString();
++ }
++
++ /**
++ * Returns the systemd log level mapped to the specified JUL level.
++ */
++ private String getSystemdLevel(Level level) {
++ String systemdLevel = levelMapping.get(level.intValue());
++ if (systemdLevel == null) {
++ // no exact match (custom level?), pick the nearest one above
++ systemdLevel = levelMapping.ceilingEntry(level.intValue()).getValue();
++ levelMapping.put(level.intValue(), systemdLevel);
++ }
++ return systemdLevel;
++ }
++}
=====================================
debian/patches/0025-invalid-configuration-exit-status.patch
=====================================
--- /dev/null
+++ b/debian/patches/0025-invalid-configuration-exit-status.patch
@@ -0,0 +1,16 @@
+Description: Fix the exit status when Tomcat terminates because the configuration is invalid
+Author: Emmanuel Bourg <ebourg at apache.org>
+Bug: https://bz.apache.org/bugzilla/show_bug.cgi?id=62607
+--- a/java/org/apache/catalina/startup/Bootstrap.java
++++ b/java/org/apache/catalina/startup/Bootstrap.java
+@@ -490,6 +490,10 @@
+ } else if (command.equals("start")) {
+ daemon.setAwait(true);
+ daemon.load(args);
++ if (null == daemon.getServer()) {
++ log.fatal("Cannot start server. Server instance is not configured.");
++ System.exit(1);
++ }
+ daemon.start();
+ } else if (command.equals("stop")) {
+ daemon.stopServer(args);
=====================================
debian/patches/series
=====================================
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -9,3 +9,5 @@
0019-add-distribution-to-error-page.patch
0021-dont-test-unsupported-ciphers.patch
0023-disable-shutdown-by-socket.patch
+0024-systemd-log-formatter.patch
+0025-invalid-configuration-exit-status.patch
=====================================
debian/rsyslog/tomcat8.conf
=====================================
--- /dev/null
+++ b/debian/rsyslog/tomcat8.conf
@@ -0,0 +1,7 @@
+# Send Tomcat messages to catalina.out when using systemd
+$template TomcatFormat,"[%timegenerated:::date-year%-%timegenerated:::date-month%-%timegenerated:::date-day% %timegenerated:::date-hour%:%timegenerated:::date-minute%:%timegenerated:::date-second%] [%syslogseverity-text%]%msg%\n"
+
+:programname, startswith, "tomcat8" {
+ /var/log/tomcat8/catalina.out;TomcatFormat
+ stop
+}
=====================================
debian/tomcat8-user.install
=====================================
--- a/debian/tomcat8-user.install
+++ b/debian/tomcat8-user.install
@@ -1,5 +1,6 @@
conf/*.xml /usr/share/tomcat8/skel/conf/
conf/catalina.properties /usr/share/tomcat8/skel/conf/
+conf/catalina.policy /usr/share/tomcat8/skel/policy/
debian/logging.properties /usr/share/tomcat8/skel/conf/
debian/setenv.sh /usr/share/tomcat8/skel/bin/
debian/tomcat8-instance-create /usr/bin/
=====================================
debian/tomcat8.NEWS
=====================================
--- a/debian/tomcat8.NEWS
+++ b/debian/tomcat8.NEWS
@@ -1,3 +1,31 @@
+tomcat8 (8.5.32-2) unstable; urgency=medium
+
+ The tomcat8 package now provides a proper systemd service file.
+ Here are the notable differences with the init.d script previously used
+ to start Tomcat:
+
+ * The service assumes that Tomcat runs as the tomcat8 user. The user and
+ group defined in /etc/default/tomcat8 are ignored. If you've configured
+ a different user you have to override the default service file. This is
+ done by creating a /etc/systemd/system/tomcat8.service.d/override.conf
+ file containing:
+
+ [Service]
+ User=<username>
+ Group=<groupname>
+
+ * authbind is no longer necessary to bind to privileged ports (< 1024)
+
+ * Tomcat log messages are now sent to syslog and can be retrieved with:
+
+ journalctl -t tomcat8
+
+ * The log entries in catalina.out are now timestamped.
+
+ * The /var/run/tomcat8.pid file is no longer created.
+
+ -- Emmanuel Bourg <ebourg at apache.org> Thu, 09 Aug 2018 15:09:16 +0200
+
tomcat8 (8.5.8-1) experimental; urgency=medium
Migrating from Tomcat 8.0.x to 8.5.x
=====================================
debian/tomcat8.init
=====================================
--- a/debian/tomcat8.init
+++ b/debian/tomcat8.init
@@ -53,38 +53,8 @@ fi
TOMCAT8_USER=tomcat8
TOMCAT8_GROUP=tomcat8
-# this is a work-around until there is a suitable runtime replacement
-# for dpkg-architecture for arch:all packages
-# this function sets the variable JDK_DIRS
-find_jdks()
-{
- for java_version in 11 10 9 8
- do
- for jvmdir in /usr/lib/jvm/java-${java_version}-openjdk-* \
- /usr/lib/jvm/jdk-${java_version}-oracle-* \
- /usr/lib/jvm/jre-${java_version}-oracle-* \
- /usr/lib/jvm/java-${java_version}-oracle
- do
- if [ -d "${jvmdir}" ]
- then
- JDK_DIRS="${JDK_DIRS} ${jvmdir}"
- fi
- done
- done
-}
-
-# The first existing directory is used for JAVA_HOME (if JAVA_HOME is not
-# defined in $DEFAULT)
-JDK_DIRS="/usr/lib/jvm/default-java"
-find_jdks
-
-# Look for the right JVM to use
-for jdir in $JDK_DIRS; do
- if [ -r "$jdir/bin/java" -a -z "${JAVA_HOME}" ]; then
- JAVA_HOME="$jdir"
- fi
-done
-export JAVA_HOME
+# Find the Java runtime and set JAVA_HOME
+. /usr/libexec/tomcat8/tomcat-locate-java.sh
# Directory where the Tomcat 8 binary distribution resides
CATALINA_HOME=/usr/share/$NAME
=====================================
debian/tomcat8.install
=====================================
--- a/debian/tomcat8.install
+++ b/debian/tomcat8.install
@@ -1,7 +1,9 @@
+debian/rsyslog/* /etc/rsyslog.d/
conf/catalina.properties /etc/tomcat8/
debian/logging.properties /etc/tomcat8/
conf/*.xml /etc/tomcat8/
debian/policy/*.policy /etc/tomcat8/policy.d/
+debian/libexec/* /usr/libexec/tomcat8/
debian/default_root /usr/share/tomcat8-root/
debian/defaults.template /usr/share/tomcat8/
debian/defaults.md5sum /usr/share/tomcat8/
=====================================
debian/tomcat8.service
=====================================
--- /dev/null
+++ b/debian/tomcat8.service
@@ -0,0 +1,36 @@
+#
+# Systemd unit file for Apache Tomcat
+#
+
+[Unit]
+Description=Apache Tomcat 8.5 Web Application Server
+Documentation=https://tomcat.apache.org/tomcat-8.5-doc/index.html
+After=network.target
+
+[Service]
+
+# Configuration
+Environment="CATALINA_HOME=/usr/share/tomcat8"
+Environment="CATALINA_BASE=/var/lib/tomcat8"
+Environment="CATALINA_TMPDIR=/tmp"
+Environment="JAVA_OPTS=-Djava.awt.headless=true"
+EnvironmentFile=-/etc/default/tomcat8
+
+# Lifecycle
+Type=simple
+ExecStartPre=+/usr/libexec/tomcat8/tomcat-update-policy.sh
+ExecStart=/bin/sh /usr/libexec/tomcat8/tomcat-start.sh
+SuccessExitStatus=143
+
+# Logging
+SyslogIdentifier=tomcat8
+
+# Security
+User=tomcat8
+Group=tomcat8
+PrivateTmp=yes
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+NoNewPrivileges=true
+
+[Install]
+WantedBy=multi-user.target
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/compare/6b59ee90fdc08f7f20feea0110871ead394924f6...722ed8272188c5fb20db11882a54974dcdf30039
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat8/compare/6b59ee90fdc08f7f20feea0110871ead394924f6...722ed8272188c5fb20db11882a54974dcdf30039
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180809/1ac00187/attachment.html>
More information about the pkg-java-commits
mailing list