[arch-commits] Commit in keycloak/trunk (8 files)
Leonidas Spyropoulos
artafinde at gemini.archlinux.org
Fri Feb 18 23:07:15 UTC 2022
Date: Friday, February 18, 2022 @ 23:07:15
Author: artafinde
Revision: 1134439
keycloak: use quarkus distribution
Keycloak 17.x officially introduced the Quarkus distribution [1]. With this
almost the whole package has changed along with its service.
The new Keycloak quarkus server has a two phase start up of the service [2]
and part of it is persisting its configuration in serialized format within
binary files (jar, dat files). Currently this is an issue since there's no
way of having /usr/share/java/keycloak/lib/quarkus in a different directory
(e.g. /var/lib/keycloak). This is raised upstream [3].
[1]: https://www.keycloak.org/docs/latest/release_notes/#keycloak-17-0-0
[2]: https://www.keycloak.org/server/configuration
[3]: https://github.com/keycloak/keycloak/discussions/10323
Added:
keycloak/trunk/keycloak.install
Modified:
keycloak/trunk/PKGBUILD
keycloak/trunk/keycloak.service
keycloak/trunk/keycloak.sysusers
keycloak/trunk/keycloak.tmpfiles
keycloak/trunk/pin-java-version.patch
Deleted:
keycloak/trunk/layers.conf
keycloak/trunk/postgresql-module.xml
------------------------+
PKGBUILD | 79 ++++++++++++++++++++++-------------------------
keycloak.install | 7 ++++
keycloak.service | 30 ++++++++++++++++-
keycloak.sysusers | 2 -
keycloak.tmpfiles | 8 +---
layers.conf | 1
pin-java-version.patch | 31 +++++++++++++++++-
postgresql-module.xml | 12 -------
8 files changed, 106 insertions(+), 64 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2022-02-18 23:06:48 UTC (rev 1134438)
+++ PKGBUILD 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -3,9 +3,8 @@
pkgname=keycloak
pkgver=17.0.0
-_postgresql_jdbc=42.3.2
_java=11
-pkgrel=1
+pkgrel=2
pkgdesc="Open Source Identity and Access Management For Modern Applications and Services"
arch=('any')
url="https://www.keycloak.org/"
@@ -13,36 +12,26 @@
depends=("java-runtime=${_java}" 'grep' 'bash' 'coreutils' 'util-linux')
makedepends=('maven' 'git' "java-environment=${_java}")
backup=(
- opt/keycloak/standalone/configuration/application-roles.properties
- opt/keycloak/standalone/configuration/application-users.properties
- opt/keycloak/standalone/configuration/logging.properties
- opt/keycloak/standalone/configuration/mgmt-groups.properties
- opt/keycloak/standalone/configuration/mgmt-users.properties
- opt/keycloak/standalone/configuration/standalone-ha.xml
- opt/keycloak/standalone/configuration/standalone.xml
+ 'etc/keycloak/keycloak.conf'
)
+install=keycloak.install
options=(emptydirs)
source=(https://github.com/keycloak/keycloak/archive/$pkgver/$pkgname-$pkgver.tar.gz
keycloak.service
keycloak.sysusers
keycloak.tmpfiles
- layers.conf
- postgresql-module.xml
- https://jdbc.postgresql.org/download/postgresql-${_postgresql_jdbc}.jar
common.sh
pin-java-version.patch)
sha512sums=('5d6cde979db234dc58d591958fbf4acdb45d461666e4fa9d9616551ce792c18c750f4d5336853052408c0e88ca445944937f1f167ec9ce1eb50732981e84b770'
- 'dd10a38e4c8867de6d1fcbb4939c6c5946684842462eba3d5355bf1de13fa059edfd5eba37adce587c824ddd618b6bb88d4bbe1ee568ca5abd0f72296da3ddfe'
- 'c53b734598ccf675930754514bd2af628355025197e77541e5acb8718629a8ece763c814e8373278758a30475e6a716febeff10bdebf0847d914bc193e732c79'
- '9382b42f09040e34fe1a27d9ff4fb87cabd41525ca26f8ea9629df0169cf93d95cc4bb62bcc5c2ca30efdfd7eeeb13a6f090df9a05823baf701ba729a47f6fd1'
- 'd54a04c120edb933c4f7168460bd813ff92a4e3771cedcabfeeb76c5d3e057b3cd0d0486dc11ddbd91e8d87ca90193e4c74cc3414e45106dd556d455ac7e60b2'
- '5eece4f3eb57372969f0e5319804198b546455828e938ff7f37bbcfb58be08efde43a5b0376c98f359c4bc5eb069e0cd9410daefe19da1c03e9e9c57d3c1b75b'
- 'e28b5a2b15b7b12f3b0c76b914f9aca25867175bc87a0ca84da58e50a5c518c5de94e27ea6d570499b1320c9f8072f1022d08356e9a0e96b3bf9b1084e1f9aea'
+ '1512520528b6893997b8a3c4899fbb84a897f604f279f64fc1228785a27544499f1c8951f8997129fb2b857d2d3c11b09fb9493f83faa20a0594c759adbe0823'
+ '2e2ba147007ad74e38579a8838d79de47beac509b4bd1a14d7f80905953d79a7396d781f141b461ec688f5ceef9a1081a825a4ca8afc1ea12c178d8ae7f5a7dd'
+ '362be58e0f18094a6849aaec56ee51aeb72bf62805c87709aa1f435770891138a6cfe2a7de9a1f106212bda0b905f225fcace299a8b811cc6d977783449538e6'
'4ae3f9fc42bfee602480c1c8cc2d65b44305622b426b74070758fe1c92a06ff12901ffebacbfe2ba34cbf783a8787f6073f74db3674c96e7a6109ed5b45d3a07'
- 'cb7d95aef66303c7935714c58c51aa1714419c455a6f46c32a79e80dbe4b6523d0dd77bb5f606c5cfdf0380f01220af720f93285658fc19a38b860344a2b9198')
+ 'c0351896427c7b7b73f446481a30dc735365a91541e7039cd613d1c7357c55c9559e388bc260e004c2a52211df1d23d9e24cc9c8ca956398f6e508ef96cb0ee2')
prepare() {
cd $pkgname-$pkgver
+
patch -Np1 -i "$srcdir"/pin-java-version.patch
}
@@ -50,39 +39,47 @@
cd $pkgname-$pkgver
export PATH="/usr/lib/jvm/java-${_java}-openjdk/bin:$PATH"
- mvn -Pdistribution \
+ mvn -am \
-s maven-settings.xml \
- -pl distribution/server-dist \
- -am \
- -Dmaven.test.skip \
- clean install
+ -DskipTestsuite \
+ -DskipExamples \
+ -DskipTests \
+ -Dproject.build.outputTimestamp="$SOURCE_DATE_EPOCH" \
+ clean package
}
package() {
cd $pkgname-$pkgver
- mkdir -p "$pkgdir/opt"
- cp -r "distribution/server-dist/target/keycloak-$pkgver" "$pkgdir/opt/keycloak"
- install -Dm 644 "$srcdir"/layers.conf -t "$pkgdir/opt/keycloak/modules"
- install -d "$pkgdir"/opt/keycloak/standalone/{data,log}
+ install -vdm 755 "${pkgdir}"/{usr/share/java,var/log}/"${pkgname}"
+ install -vdm 755 "${pkgdir}"/var/lib/"${pkgname}"/{deployments,data}
+ install -vdm 755 "${pkgdir}"/usr/bin
- install -Dm644 "$srcdir"/postgresql-${_postgresql_jdbc}.jar "$pkgdir"/opt/keycloak/modules/system/layers/keycloak/org/postgresql/main/postgresql-${_postgresql_jdbc}.jar
- sed "s/@JDBC_POSTGRESQL_JAR@/postgresql-${_postgresql_jdbc}.jar/g" "$srcdir"/postgresql-module.xml > "$pkgdir"/opt/keycloak/modules/system/layers/keycloak/org/postgresql/main/module.xml
+ tar xf quarkus/dist/target/${pkgname}-${pkgver}.tar.gz --strip 1 \
+ -C "${pkgdir}/usr/share/java/${pkgname}"
+ install -vDm 755 "${srcdir}/common.sh" "${pkgdir}/usr/share/java/${pkgname}/bin/common.sh"
+ # Clean up unwanted files
+ rm -rvf "${pkgdir}/usr/share/java/${pkgname}"/LICENSE.txt
+ rm -rvf "${pkgdir}/usr/share/java/${pkgname}"/bin/*.bat
+ # Fix permissions from untar
+ chown -R root:root "${pkgdir}/usr/share/java/${pkgname}"
- install -d "$pkgdir/"{etc,var/log,var/lib/keycloak}
- ln -s /opt/keycloak/standalone/configuration "$pkgdir/etc/keycloak"
- ln -s /opt/keycloak/standalone/log "$pkgdir/var/log/keycloak"
- ln -s /opt/keycloak/standalone/deployments "$pkgdir/var/lib/keycloak/deployments"
+ install -vdm 755 "${pkgdir}/etc"
+ mv -v "${pkgdir}/usr/share/java/${pkgname}/conf" "${pkgdir}/etc/${pkgname}"
- install -Dm644 "$srcdir"/keycloak.service "$pkgdir"/usr/lib/systemd/system/keycloak.service
- install -Dm644 "$srcdir"/keycloak.sysusers "$pkgdir"/usr/lib/sysusers.d/keycloak.conf
- install -Dm644 "$srcdir"/keycloak.tmpfiles "$pkgdir"/usr/lib/tmpfiles.d/keycloak.conf
+ ln -svf /var/log/keycloak "${pkgdir}/usr/share/java/${pkgname}/log"
+ ln -svf /var/lib/keycloak/deployments "${pkgdir}/usr/share/java/${pkgname}/deployments"
+ ln -svf /var/lib/keycloak/data "${pkgdir}/usr/share/java/${pkgname}/data"
- mkdir -p "$pkgdir"/usr/bin
- ln -s /opt/keycloak/bin/kcadm.sh "$pkgdir"/usr/bin/kcadm
- ln -s /opt/keycloak/bin/kcreg.sh "$pkgdir"/usr/bin/kcreg
+ install -vDm 644 "${srcdir}"/keycloak.service "${pkgdir}"/usr/lib/systemd/system/keycloak.service
+ install -vDm 644 "${srcdir}"/keycloak.sysusers "${pkgdir}"/usr/lib/sysusers.d/keycloak.conf
+ install -vDm 644 "${srcdir}"/keycloak.tmpfiles "${pkgdir}"/usr/lib/tmpfiles.d/keycloak.conf
- install -Dm644 "$srcdir"/common.sh "$pkgdir"/opt/keycloak/bin/common.sh
+ ln -svf /usr/share/java/keycloak/bin/kc.sh "${pkgdir}"/usr/bin/kc.sh
+ ln -svf /usr/share/java/keycloak/bin/kcadm.sh "${pkgdir}"/usr/bin/kcadm.sh
+ ln -svf /usr/share/java/keycloak/bin/kcreg.sh "${pkgdir}"/usr/bin/kcreg.sh
+
+ install -Dm 644 LICENSE.txt "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE.txt"
}
# vim: ts=2 sw=2 et:
Added: keycloak.install
===================================================================
--- keycloak.install (rev 0)
+++ keycloak.install 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -0,0 +1,7 @@
+post_upgrade() {
+ if [ "$1" = "17.0.0-2" ]; then
+ usermod -d /var/lib/keycloak keycloak
+ fi
+}
+
+# vim: ts=2 sw=2 et:
\ No newline at end of file
Modified: keycloak.service
===================================================================
--- keycloak.service 2022-02-18 23:06:48 UTC (rev 1134438)
+++ keycloak.service 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -6,10 +6,34 @@
[Service]
User=keycloak
Group=keycloak
-ExecStart=/opt/keycloak/bin/standalone.sh
-WorkingDirectory=/opt/keycloak
-ReadWritePaths=/opt/keycloak/standalone/data /opt/keycloak/standalone/tmp /opt/keycloak/standalone/log /opt/keycloak/standalone/configuration /opt/keycloak/standalone/deployments
+# Running the ExecStartPre as root is not ideal, but at the moment
+# the only solution for Quarkus modifying the serialized
+# data under <keycloak-home>/lib/quarkus
+# Raised upstream as https://github.com/keycloak/keycloak/discussions/10323
+ExecStartPre=!/usr/bin/kc.sh -cf /etc/keycloak/keycloak.conf build
+
+ExecStart=/usr/bin/kc.sh -cf /etc/keycloak/keycloak.conf start
+ReadWritePaths=/var/lib/keycloak
+ReadWritePaths=/var/log/keycloak
+ReadWritePaths=/usr/share/java/keycloak/lib/quarkus
+ReadOnlyPaths=/etc/keycloak
+
+# Disable timeout logic and wait until process is stopped
+TimeoutStopSec=0
+
+# SIGTERM signal is used to stop the Java process
+KillSignal=SIGTERM
+
+# Send the signal only to the JVM rather than its control group
+KillMode=process
+
+# Java process is never killed
+SendSIGKILL=no
+
+# When a JVM receives a SIGTERM signal it exits with code 143
+SuccessExitStatus=143
+
# Hardening options
CapabilityBoundingSet=
AmbientCapabilities=
Modified: keycloak.sysusers
===================================================================
--- keycloak.sysusers 2022-02-18 23:06:48 UTC (rev 1134438)
+++ keycloak.sysusers 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -1 +1 @@
-u keycloak - "keycloak user" /opt/keycloak -
+u keycloak - "keycloak user" /var/lib/keycloak -
Modified: keycloak.tmpfiles
===================================================================
--- keycloak.tmpfiles 2022-02-18 23:06:48 UTC (rev 1134438)
+++ keycloak.tmpfiles 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -1,5 +1,3 @@
-z /opt/keycloak/standalone/tmp - keycloak keycloak -
-z /opt/keycloak/standalone/data - keycloak keycloak -
-z /opt/keycloak/standalone/log - keycloak keycloak -
-Z /opt/keycloak/standalone/configuration - keycloak keycloak -
-Z /opt/keycloak/standalone/deployments - keycloak keycloak -
+z /usr/log/keycloak - keycloak keycloak -
+z /var/lib/keycloak/data - keycloak keycloak -
+Z /var/lib/keycloak/deployments - keycloak keycloak -
\ No newline at end of file
Deleted: layers.conf
===================================================================
--- layers.conf 2022-02-18 23:06:48 UTC (rev 1134438)
+++ layers.conf 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -1 +0,0 @@
-layers=keycloak
Modified: pin-java-version.patch
===================================================================
--- pin-java-version.patch 2022-02-18 23:06:48 UTC (rev 1134438)
+++ pin-java-version.patch 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -13,7 +13,7 @@
+$JAVA $KC_OPTS -cp $DIRNAME/client/keycloak-admin-cli-${project.version}.jar org.keycloak.client.admin.cli.KcAdmMain "$@"
diff --git a/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh b/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
-index 83bd4b70e4..0acb8692ce 100755
+index 83bd4b70e4..9cac612b5f 100755
--- a/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
+++ b/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
@@ -20,4 +20,6 @@ if [ "x$RESOLVED_NAME" = "x" ]; then
@@ -25,3 +25,32 @@
+. "$DIRNAME/common.sh"
+
+$JAVA $KC_OPTS -cp $DIRNAME/client/keycloak-client-registration-cli-${project.version}.jar org.keycloak.client.registration.cli.KcRegMain "$@"
+\ No newline at end of file
+diff --git a/quarkus/dist/src/main/content/bin/kc.sh b/quarkus/dist/src/main/content/bin/kc.sh
+index 3097ea7a0a..90f134538a 100644
+--- a/quarkus/dist/src/main/content/bin/kc.sh
++++ b/quarkus/dist/src/main/content/bin/kc.sh
+@@ -22,6 +22,7 @@ fi
+
+ GREP="grep"
+ DIRNAME=`dirname "$RESOLVED_NAME"`
++. "$DIRNAME/common.sh"
+
+ SERVER_OPTS="-Dkc.home.dir=$DIRNAME/../ -Djboss.server.config.dir=$DIRNAME/../conf -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Dquarkus-log-max-startup-records=10000"
+
+@@ -88,11 +89,11 @@ CLASSPATH_OPTS="$DIRNAME/../lib/quarkus-run.jar"
+ JAVA_RUN_OPTS="$JAVA_OPTS $SERVER_OPTS -cp $CLASSPATH_OPTS io.quarkus.bootstrap.runner.QuarkusEntryPoint ${CONFIG_ARGS#?}"
+
+ if [[ $CONFIG_ARGS = *"--auto-build"* ]]; then
+- eval java -Dkc.config.rebuild-and-exit=true $JAVA_RUN_OPTS
++ eval $JAVA -Dkc.config.rebuild-and-exit=true $JAVA_RUN_OPTS
+ EXIT_CODE=$?
+ if [ $EXIT_CODE != 0 ]; then
+ exit $EXIT_CODE
+ fi
+ fi
+
+-eval exec java ${JAVA_RUN_OPTS}
+\ No newline at end of file
++eval exec $JAVA ${JAVA_RUN_OPTS}
+\ No newline at end of file
Deleted: postgresql-module.xml
===================================================================
--- postgresql-module.xml 2022-02-18 23:06:48 UTC (rev 1134438)
+++ postgresql-module.xml 2022-02-18 23:07:15 UTC (rev 1134439)
@@ -1,12 +0,0 @@
-<?xml version="1.0" ?>
-<module xmlns="urn:jboss:module:1.3" name="org.postgresql">
-
- <resources>
- <resource-root path="@JDBC_POSTGRESQL_JAR@"/>
- </resources>
-
- <dependencies>
- <module name="javax.api"/>
- <module name="javax.transaction.api"/>
- </dependencies>
-</module>
More information about the arch-commits
mailing list