Date: Tuesday, November 1, 2022 @ 17:31:11
Author: freswa
Revision: 1340216
archrelease: copy trunk to community-testing-any
Added:
keycloak/repos/community-testing-any/
keycloak/repos/community-testing-any/PKGBUILD
(from rev 1340215, keycloak/trunk/PKGBUILD)
keycloak/repos/community-testing-any/common.sh
(from rev 1340215, keycloak/trunk/common.sh)
keycloak/repos/community-testing-any/keycloak.install
(from rev 1340215, keycloak/trunk/keycloak.install)
keycloak/repos/community-testing-any/keycloak.service
(from rev 1340215, keycloak/trunk/keycloak.service)
keycloak/repos/community-testing-any/keycloak.sysusers
(from rev 1340215, keycloak/trunk/keycloak.sysusers)
keycloak/repos/community-testing-any/keycloak.tmpfiles
(from rev 1340215, keycloak/trunk/keycloak.tmpfiles)
keycloak/repos/community-testing-any/pin-java-version.patch
(from rev 1340215, keycloak/trunk/pin-java-version.patch)
------------------------+
PKGBUILD | 85 +++++++++++++++++++++++++++++++++++++++++++++++
common.sh | 3 +
keycloak.install | 7 +++
keycloak.service | 51 ++++++++++++++++++++++++++++
keycloak.sysusers | 1
keycloak.tmpfiles | 3 +
pin-java-version.patch | 53 +++++++++++++++++++++++++++++
7 files changed, 203 insertions(+)
Copied: keycloak/repos/community-testing-any/PKGBUILD (from rev 1340215,
keycloak/trunk/PKGBUILD)
===================================================================
--- community-testing-any/PKGBUILD (rev 0)
+++ community-testing-any/PKGBUILD 2022-11-01 17:31:11 UTC (rev 1340216)
@@ -0,0 +1,85 @@
+# Maintainer: Sven-Hendrik Haase <[email protected]>
+# Contributor: Nikita Volodin <volodin.n at gmail dot com>
+
+pkgname=keycloak
+pkgver=20.0.0
+_java=11
+pkgrel=1
+pkgdesc="Open Source Identity and Access Management For Modern Applications
and Services"
+arch=('any')
+url="https://www.keycloak.org/";
+license=('Apache')
+depends=("java-runtime-headless=${_java}" 'grep' 'bash' 'coreutils'
'util-linux')
+makedepends=('maven' "java-environment=${_java}")
+backup=(
+ 'etc/keycloak/keycloak.conf'
+)
+install=keycloak.install
+options=(emptydirs)
+source=(https://github.com/keycloak/keycloak/archive/$pkgver/$pkgname-$pkgver.tar.gz
+ keycloak.service
+ keycloak.sysusers
+ keycloak.tmpfiles
+ common.sh
+ pin-java-version.patch)
+sha512sums=('976faa6351b4337b088d60e43df48c6036d3baa91c9455a38656450c1b93b379773c1a8433b6ea1a21dc77dd4f0caa0655cbe2c0073b84383834e684eaeb60d7'
+
'925ca021a9989a6d5181a90f42ec9e67a4957e98bb716acba75e13e1b01a03e4bd3a5939f5f0abe4cf57157be54dda5e373286041b22d84f5079eba94df4e6c9'
+
'2e2ba147007ad74e38579a8838d79de47beac509b4bd1a14d7f80905953d79a7396d781f141b461ec688f5ceef9a1081a825a4ca8afc1ea12c178d8ae7f5a7dd'
+
'155db40105c08d0aaa810ca5533dc16fc9f82060280541ede6fafd754d30b4844f6d10ace1417a5ad68d89fc54e1b9e6d906ce7ccf973f4ac964422211ed9a72'
+
'4ae3f9fc42bfee602480c1c8cc2d65b44305622b426b74070758fe1c92a06ff12901ffebacbfe2ba34cbf783a8787f6073f74db3674c96e7a6109ed5b45d3a07'
+
'38f014de00db7ec1b5693529401f316f70474c97484cfdea0a7048da6bb9d1ace8fdc915bf8857edcd6aae0d0dd9c1e0b2c0be0aaa99d105be09bed975f049fd')
+
+prepare() {
+ cd $pkgname-$pkgver
+
+ patch -Np1 -i "$srcdir"/pin-java-version.patch
+}
+
+build() {
+ cd $pkgname-$pkgver
+
+ export PATH="/usr/lib/jvm/java-${_java}-openjdk/bin:$PATH"
+ mvn -am \
+ -s maven-settings.xml \
+ -DskipTestsuite \
+ -DskipExamples \
+ -DskipTests \
+ -Dproject.build.outputTimestamp="$SOURCE_DATE_EPOCH" \
+ clean install
+}
+
+package() {
+ cd $pkgname-$pkgver
+
+ install -vdm 755 "${pkgdir}"/{usr/share/java,var/log}/"${pkgname}"
+ install -vdm 755 "${pkgdir}"/var/lib/"${pkgname}"/{deployments,data}
+ install -vdm 755 "${pkgdir}"/usr/bin
+
+ tar xf quarkus/dist/target/${pkgname}-${pkgver}.tar.gz --strip 1 \
+ -C "${pkgdir}/usr/share/java/${pkgname}"
+ install -vDm 755 "${srcdir}/common.sh"
"${pkgdir}/usr/share/java/${pkgname}/bin/common.sh"
+ # Clean up unwanted files
+ rm -rvf "${pkgdir}/usr/share/java/${pkgname}"/LICENSE.txt
+ rm -rvf "${pkgdir}/usr/share/java/${pkgname}"/bin/*.bat
+ # Fix permissions from untar
+ chown -R root:root "${pkgdir}/usr/share/java/${pkgname}"
+
+ install -vdm 755 "${pkgdir}/etc"
+ mv -v "${pkgdir}/usr/share/java/${pkgname}/conf" "${pkgdir}/etc/${pkgname}"
+
+ ln -svf /var/log/keycloak "${pkgdir}/usr/share/java/${pkgname}/log"
+ ln -svf /var/lib/keycloak/deployments
"${pkgdir}/usr/share/java/${pkgname}/deployments"
+ ln -svf /var/lib/keycloak/data "${pkgdir}/usr/share/java/${pkgname}/data"
+
+ install -vDm 644 "${srcdir}"/keycloak.service
"${pkgdir}"/usr/lib/systemd/system/keycloak.service
+ install -vDm 644 "${srcdir}"/keycloak.sysusers
"${pkgdir}"/usr/lib/sysusers.d/keycloak.conf
+ install -vDm 644 "${srcdir}"/keycloak.tmpfiles
"${pkgdir}"/usr/lib/tmpfiles.d/keycloak.conf
+
+ ln -svf /usr/share/java/keycloak/bin/kc.sh "${pkgdir}"/usr/bin/kc.sh
+ ln -svf /usr/share/java/keycloak/bin/kcadm.sh "${pkgdir}"/usr/bin/kcadm.sh
+ ln -svf /usr/share/java/keycloak/bin/kcreg.sh "${pkgdir}"/usr/bin/kcreg.sh
+
+ install -Dm 644 LICENSE.txt
"${pkgdir}/usr/share/licenses/${pkgname}/LICENSE.txt"
+}
+
+# vim: ts=2 sw=2 et:
Copied: keycloak/repos/community-testing-any/common.sh (from rev 1340215,
keycloak/trunk/common.sh)
===================================================================
--- community-testing-any/common.sh (rev 0)
+++ community-testing-any/common.sh 2022-11-01 17:31:11 UTC (rev 1340216)
@@ -0,0 +1,3 @@
+# Pin java version
+export JAVA_HOME=/usr/lib/jvm/java-11-openjdk
+export JAVA="$JAVA_HOME/bin/java"
Copied: keycloak/repos/community-testing-any/keycloak.install (from rev
1340215, keycloak/trunk/keycloak.install)
===================================================================
--- community-testing-any/keycloak.install (rev 0)
+++ community-testing-any/keycloak.install 2022-11-01 17:31:11 UTC (rev
1340216)
@@ -0,0 +1,7 @@
+post_upgrade() {
+ if (($(vercmp $2 17.0.1) < 0)); then
+ usermod -d /var/lib/keycloak keycloak
+ fi
+}
+
+# vim: ts=2 sw=2 et:
\ No newline at end of file
Copied: keycloak/repos/community-testing-any/keycloak.service (from rev
1340215, keycloak/trunk/keycloak.service)
===================================================================
--- community-testing-any/keycloak.service (rev 0)
+++ community-testing-any/keycloak.service 2022-11-01 17:31:11 UTC (rev
1340216)
@@ -0,0 +1,51 @@
+[Unit]
+Description=Keycloak server
+After=network-online.target
+Wants=network-online.target systemd-networkd-wait-online.service
+
+[Service]
+User=keycloak
+Group=keycloak
+
+# Running the ExecStartPre as root is not ideal, but at the moment
+# the only solution for Quarkus modifying the serialized
+# data under <keycloak-home>/lib/quarkus
+# Raised upstream as https://github.com/keycloak/keycloak/discussions/10323
+ExecStartPre=!/usr/bin/kc.sh -cf /etc/keycloak/keycloak.conf build
+
+ExecStart=/usr/bin/kc.sh -cf /etc/keycloak/keycloak.conf start --optimized
+ReadWritePaths=/var/lib/keycloak
+ReadWritePaths=/var/log/keycloak
+ReadWritePaths=/usr/share/java/keycloak/lib/quarkus
+ReadOnlyPaths=/etc/keycloak
+
+# Disable timeout logic and wait until process is stopped
+TimeoutStopSec=0
+
+# SIGTERM signal is used to stop the Java process
+KillSignal=SIGTERM
+
+# Send the signal only to the JVM rather than its control group
+KillMode=process
+
+# Java process is never killed
+SendSIGKILL=no
+
+# When a JVM receives a SIGTERM signal it exits with code 143
+SuccessExitStatus=143
+
+# Hardening options
+CapabilityBoundingSet=
+AmbientCapabilities=
+NoNewPrivileges=true
+ProtectHome=true
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+PrivateTmp=true
+PrivateDevices=true
+LockPersonality=true
+
+[Install]
+WantedBy=multi-user.target
Copied: keycloak/repos/community-testing-any/keycloak.sysusers (from rev
1340215, keycloak/trunk/keycloak.sysusers)
===================================================================
--- community-testing-any/keycloak.sysusers (rev 0)
+++ community-testing-any/keycloak.sysusers 2022-11-01 17:31:11 UTC (rev
1340216)
@@ -0,0 +1 @@
+u keycloak - "keycloak user" /var/lib/keycloak -
Copied: keycloak/repos/community-testing-any/keycloak.tmpfiles (from rev
1340215, keycloak/trunk/keycloak.tmpfiles)
===================================================================
--- community-testing-any/keycloak.tmpfiles (rev 0)
+++ community-testing-any/keycloak.tmpfiles 2022-11-01 17:31:11 UTC (rev
1340216)
@@ -0,0 +1,3 @@
+z /var/log/keycloak - keycloak keycloak -
+z /var/lib/keycloak/data - keycloak keycloak -
+Z /var/lib/keycloak/deployments - keycloak keycloak -
\ No newline at end of file
Copied: keycloak/repos/community-testing-any/pin-java-version.patch (from rev
1340215, keycloak/trunk/pin-java-version.patch)
===================================================================
--- community-testing-any/pin-java-version.patch
(rev 0)
+++ community-testing-any/pin-java-version.patch 2022-11-01 17:31:11 UTC
(rev 1340216)
@@ -0,0 +1,53 @@
+From 24fd4d17d97bfa28971ce980c76ebbf420fb9439 Mon Sep 17 00:00:00 2001
+From: Frederik Schwan <[email protected]>
+Date: Tue, 1 Nov 2022 18:14:03 +0100
+Subject: [PATCH] Pin Java version
+
+Inject JAVA_HOME and JAVA variables into scripts that end up in /usr/bin
+to also pin the java version for the cli tools that otherwise would use
+the default system JAVA_HOME and JAVA var.
+---
+ integration/client-cli/admin-cli/src/main/bin/kcadm.sh | 1 +
+ .../client-cli/client-registration-cli/src/main/bin/kcreg.sh | 1 +
+ quarkus/dist/src/main/content/bin/kc.sh | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/integration/client-cli/admin-cli/src/main/bin/kcadm.sh
b/integration/client-cli/admin-cli/src/main/bin/kcadm.sh
+index 60a9e05f5c..0cdd597cd6 100755
+--- a/integration/client-cli/admin-cli/src/main/bin/kcadm.sh
++++ b/integration/client-cli/admin-cli/src/main/bin/kcadm.sh
+@@ -20,6 +20,7 @@ if [ "x$RESOLVED_NAME" = "x" ]; then
+ fi
+
+ DIRNAME=`dirname "$RESOLVED_NAME"`
++. "$DIRNAME/common.sh"
+
+ if [ "x$JAVA" = "x" ]; then
+ if [ "x$JAVA_HOME" != "x" ]; then
+diff --git
a/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
b/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
+index ce85fb5710..bab287e9b7 100755
+--- a/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
++++ b/integration/client-cli/client-registration-cli/src/main/bin/kcreg.sh
+@@ -20,6 +20,7 @@ if [ "x$RESOLVED_NAME" = "x" ]; then
+ fi
+
+ if [ "x$JAVA" = "x" ]; then
++. "$DIRNAME/common.sh"
+ if [ "x$JAVA_HOME" != "x" ]; then
+ JAVA="$JAVA_HOME/bin/java"
+ else
+diff --git a/quarkus/dist/src/main/content/bin/kc.sh
b/quarkus/dist/src/main/content/bin/kc.sh
+index d7be862cde..fdef64d707 100644
+--- a/quarkus/dist/src/main/content/bin/kc.sh
++++ b/quarkus/dist/src/main/content/bin/kc.sh
+@@ -23,6 +23,7 @@ fi
+
+ GREP="grep"
+ DIRNAME="$(dirname "$RESOLVED_NAME")"
++. "$DIRNAME/common.sh"
+
+ abs_path () {
+ if [ -z $IS_CYGWIN ] ; then
+--
+2.38.1
+
