Your message dated Mon, 18 Oct 2021 10:18:47 +0000 with message-id <[email protected]> and subject line Bug#994440: fixed in jetty9 9.4.44-2 has caused the Debian Bug report #994440, regarding jetty9 systemd unit too strict for normal use to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 994440: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994440 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: jetty9 Version: 9.4.16-0+deb10u1 Severity: important On a default jetty9 install, the systemd unit file restricts readwrite operations to /var/lib/jetty9/ using the systemd ProtectSystem and ReadWritePaths options. The complaint is that this is way too strict for normal operation and daily use of jetty. E.g. when roughly following the installation instructions for a popular SAML IdP Shibboleth [1] the default installation directory is /opt/ shibboleth-idp, called idp.home. The default logfiles and metadata directory are %{idp.home}/logs and %{idp.home}/metadata, which prevents Shibboleth from correctly logging messages and saving metadata after start. Especially not being able to log to ${idp.home}/log made debugging this problem extremely hard and time consuming. The solution/work-around was to create an override unit for jetty9 that disables ProtectSystem(=no) and ReadWritePaths(=) Please reconsider the ProtectSystem option in jetty9's systemd unit file. Best regards, Martin [1] https://shibboleth.atlassian.net/wiki/spaces/IDP4/pages/1274544254/Jetty94
--- End Message ---
--- Begin Message ---Source: jetty9 Source-Version: 9.4.44-2 Done: Markus Koschany <[email protected]> We believe that the bug you reported is fixed in the latest version of jetty9, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <[email protected]> (supplier of updated jetty9 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 18 Oct 2021 11:51:58 +0200 Source: jetty9 Architecture: source Version: 9.4.44-2 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <[email protected]> Changed-By: Markus Koschany <[email protected]> Closes: 994440 994441 Changes: jetty9 (9.4.44-2) unstable; urgency=medium . * Team upload. * Update README.Debian and clarify how to override systemd security features. (Closes: #994440) * Replace deprecated configuration options in start.ini. Thanks to Martin van Es for the report. (Closes: #994441) Checksums-Sha1: f39270cf582837b49d3f4a9dfb691b73a3222884 2809 jetty9_9.4.44-2.dsc b6b3047f16d00d5e98ec77298541c966823a6303 29160 jetty9_9.4.44-2.debian.tar.xz fc0507e8a386e274833e0bb3fbfe9fb9b9697cd8 17238 jetty9_9.4.44-2_amd64.buildinfo Checksums-Sha256: 553d65d3ba6b7c4a34829656a137e7de26a151708af81745b4c4d48cefdad10f 2809 jetty9_9.4.44-2.dsc 83a1e89f3d9d5b0594343908cc755944b1d57a5b159672dee8fdf5c973ed893b 29160 jetty9_9.4.44-2.debian.tar.xz 0cedee527813bd7097b570de5e8628fe0533eca05df186aa070d64125a4bf1d1 17238 jetty9_9.4.44-2_amd64.buildinfo Files: 00dcd96eb2c44f7276d349c6aa94acd7 2809 java optional jetty9_9.4.44-2.dsc 703078b843186217bf12129427438f67 29160 java optional jetty9_9.4.44-2.debian.tar.xz f16b78209dd93f1e30b828f0582ba56f 17238 java optional jetty9_9.4.44-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFtRNBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkuLUQAKFDoJjaK87PFaMvxAXhOPUQAVu4Om8JBvUh ORgh7eFgQq4BsbldbMd2jLRTln4F5VoyMs2YaDmaeZ442D6YqS+YjEEjn2ELTByt 93/aNE/lGEHzlZNxoM6Z8NU6FfE1hrtODrm9ByLjNSi2X7TxIQP9SHeRRVc22ij2 jGT+0Uh41RM06TiDtzuZ+Ly9X6+wOVyT0EJQTsfpO5Ruu3W2mKVf8+WdJK6K7caC mUEEQT+2nAYrY1MSEkg4dr/O+DwmqvbDhY75jubKy7aSvzepMK831mdoKjQ17yxI /rsZOGG+BYnNDMrpkvH5oIo8kNJV5w7QO88S5cSlRC0YGmZU+AuCxq6dIDG9uWPi 0o0aXo6lfVlR+/6bns5Z8BKNWQrkVEae6HsbdhXM7qY0o8GsHlTNRhRJum8nTggc 7I6yxqaglk+NTg3FuFmu0tUd69HTJ4IQIj/pMLUC/ZrPYcm/eTw6aCaq6WdUwi7d BBHLP9HZZWtCyVAK06ba7cbmF5pKe8R62N0MuWbQ9kkddoyrC1EMXYpdfLj/iK3q H6Ht5kAOf6hQvl3wADP3xQGrq2qf5uvkXGeGX5tsg8FPN1N1vfGiBRgCB3n0RtC9 38EX6ZcSgBZ//0/o+Ym3Mevm5zUcgzIdhfOWuoN/o3OvEx2MyJD8espMPfrCua8w wxRc52Sv =pgje -----END PGP SIGNATURE-----
--- End Message ---

