This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch master in repository jetty9.
commit ce025a9badd7b8f17388d65238334b5ba6f40c65 Author: Emmanuel Bourg <[email protected]> Date: Mon Aug 4 19:53:26 2014 +0200 Added authbind support to run Jetty on privileged ports --- debian/TODO | 4 ++-- debian/changelog | 1 + debian/control | 1 + debian/jetty8.default | 8 +++++++- debian/jetty8.init | 16 ++++++++++++---- debian/jetty8.postinst | 19 ++++++++++++++++++- debian/jetty8.postrm | 3 +++ debian/jetty8.prerm | 15 +++++++++++++++ 8 files changed, 59 insertions(+), 8 deletions(-) diff --git a/debian/TODO b/debian/TODO index 584582f..cc24460 100644 --- a/debian/TODO +++ b/debian/TODO @@ -1,6 +1,6 @@ -TODO List for jetty in debian +TODO list for Jetty in Debian +----------------------------- -* evaluate authbind or use jetty-setuid to run on port 80 * Link the Javadoc with the default-jdk-doc Modules to add: diff --git a/debian/changelog b/debian/changelog index 120c6bc..3d6f94a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ jetty8 (8.1.15-1) UNRELEASED; urgency=medium * New upstream release - Refreshed the patches - Ignore the Maven dependency on the Mycila maven-license-plugin + * Added authbind support to run Jetty on privileged ports * Updated the init.d script to detect the recent JDKs and ignore the old ones (Closes: #756310) * debian/control: diff --git a/debian/control b/debian/control index 5a4162e..0a65be5 100644 --- a/debian/control +++ b/debian/control @@ -81,6 +81,7 @@ Depends: adduser, libjetty8-java (>= ${source:Version}), libjetty8-extra-java (>= ${source:Version}), ${misc:Depends} +Recommends: authbind Suggests: libjetty8-java-doc (>= ${source:Version}) Description: Java servlet engine and webserver Jetty is an Open Source HTTP Servlet Server written in 100% Java. diff --git a/debian/jetty8.default b/debian/jetty8.default index 4bfef3d..5aa6ec8 100644 --- a/debian/jetty8.default +++ b/debian/jetty8.default @@ -1,7 +1,7 @@ # Defaults for jetty see /etc/init.d/jetty8 for more # change to 0 to allow Jetty to start -NO_START=1 +NO_START=1 # change to 'no' or uncomment to use the default setting in /etc/default/rcS VERBOSE=yes @@ -16,6 +16,7 @@ VERBOSE=yes #JETTY_HOST=$(uname -n) # The network port used by Jetty +# Enable authbind to use a port lower than 1024 (see below) #JETTY_PORT=8080 # Timeout in seconds for the shutdown of all webapps @@ -46,3 +47,8 @@ VERBOSE=yes # Default for number of days to keep old log files in /var/log/jetty8/ #LOGFILE_DAYS=14 + +# If you run Jetty on port numbers that are all higher than 1023, then you +# do not need authbind. It is used for binding Jetty to lower port numbers. +# (yes/no, default: no) +#AUTHBIND=yes diff --git a/debian/jetty8.init b/debian/jetty8.init index 8ff4b7e..bf7cccf 100644 --- a/debian/jetty8.init +++ b/debian/jetty8.init @@ -299,15 +299,23 @@ case "$1" in chown $JETTY_USER "$JVM_TMP" cd "$JVM_TMP" - start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$JETTY_USER" \ - --chdir "$JETTY_HOME" --background --make-pidfile --startas $JAVA -- \ - $JAVA_OPTIONS $BOOTSTRAP_CLASS $JETTY_ARGS --daemon $CONFIGS + JETTY_CMD="$JAVA $JAVA_OPTIONS $BOOTSTRAP_CLASS $JETTY_ARGS --daemon $CONFIGS" + + AUTHBIND_COMMAND="" + if [ "$AUTHBIND" = "yes" ]; then + AUTHBIND_COMMAND="/usr/bin/authbind --deep /bin/bash -c " + JETTY_CMD="'$JETTY_CMD'" + fi + + start-stop-daemon --start --pidfile "$PIDFILE" --chuid "$JETTY_USER" --verbose \ + --chdir "$JETTY_HOME" --background --make-pidfile -x /bin/bash -- -c \ + "$AUTHBIND_COMMAND $JETTY_CMD" log_daemon_msg "$DESC started, reachable on http://$HOSTNAME:$JETTY_PORT/."; "$NAME" sleep 5 if start-stop-daemon --test --start --pidfile "$PIDFILE" \ - --user $JETTY_USER --startas "$JAVA" >/dev/null; then + --user $JETTY_USER --exec "$JAVA" >/dev/null; then log_end_msg 1 else log_end_msg 0 diff --git a/debian/jetty8.postinst b/debian/jetty8.postinst index 7bc7a76..a2e6ab5 100644 --- a/debian/jetty8.postinst +++ b/debian/jetty8.postinst @@ -1,15 +1,32 @@ #!/bin/sh set -e +JETTY_USER=jetty +JETTY_GROUP=jetty + case "$1" in configure) if ! id jetty > /dev/null 2>&1 ; then adduser --system --home /usr/share/jetty8 --no-create-home \ --group --disabled-password --shell /bin/false \ - jetty + $JETTY_USER fi chown -R jetty:adm /var/cache/jetty8 /var/log/jetty8 /var/lib/jetty8 chmod 750 /var/log/jetty8 + + # Authorize user jetty to open privileged ports via authbind. + JETTY_UID="`id -u $JETTY_USER`" + if [ ! -f "/etc/authbind/byuid/$JETTY_UID" ]; then + if [ ! -d "/etc/authbind/byuid" ]; then + mkdir -p /etc/authbind/byuid + chmod 755 /etc/authbind + chmod 755 /etc/authbind/byuid + fi + echo '0.0.0.0/0:1,1023' >/etc/authbind/byuid/$JETTY_UID + echo '::/0,1-1023' >>/etc/authbind/byuid/$JETTY_UID + chown $JETTY_USER:$JETTY_GROUP /etc/authbind/byuid/$JETTY_UID + chmod 700 /etc/authbind/byuid/$JETTY_UID + fi ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/debian/jetty8.postrm b/debian/jetty8.postrm index c969451..ec0568d 100644 --- a/debian/jetty8.postrm +++ b/debian/jetty8.postrm @@ -33,6 +33,9 @@ case "$1" in rmdir --ignore-fail-on-non-empty /var/lib/jetty8 || true fi rmdir --ignore-fail-on-non-empty /etc/jetty8/contexts /etc/jetty8 || true + + # clean up /etc/authbind after conffiles have been removed + rmdir --ignore-fail-on-non-empty /etc/authbind/byuid /etc/authbind ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) diff --git a/debian/jetty8.prerm b/debian/jetty8.prerm new file mode 100644 index 0000000..deb986b --- /dev/null +++ b/debian/jetty8.prerm @@ -0,0 +1,15 @@ +#!/bin/sh +set -e + +case "$1" in + remove) + # Remove auth for jetty to open privileged ports via authbind. + JETTY_USER="jetty" + JETTY_UID="`id -u $JETTY_USER`" + if [ -f "/etc/authbind/byuid/$JETTY_UID" ]; then + rm -f /etc/authbind/byuid/$JETTY_UID + fi + ;; +esac + +#DEBHELPER# -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/jetty9.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
