git: 88eaf4bfcefd - main - security/shibboleth-idp: Update to 5.1.3
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 05 Sep 2024 17:05:55 UTC
The branch main has been updated by zi:
URL: https://cgit.FreeBSD.org/ports/commit/?id=88eaf4bfcefdd543ea4d2466935f8e97cfedfd33
commit 88eaf4bfcefdd543ea4d2466935f8e97cfedfd33
Author: Ryan Steinmetz <zi@FreeBSD.org>
AuthorDate: 2024-09-05 17:05:16 +0000
Commit: Ryan Steinmetz <zi@FreeBSD.org>
CommitDate: 2024-09-05 17:05:42 +0000
security/shibboleth-idp: Update to 5.1.3
---
security/shibboleth-idp/Makefile | 12 +-
security/shibboleth-idp/distinfo | 14 +-
.../files/jetty-base/modules/idp-logging.mod | 9 -
.../files/jetty-base/modules/idp.mod | 14 +-
.../files/jetty-base/resources/logback-access.xml | 13 -
.../files/jetty-base/resources/logback.xml | 16 +
.../files/jetty-base/start.d/http.ini | 4 -
.../files/jetty-base/start.d/idp.ini | 6 +-
.../files/jetty-base/webapps/idp.xml | 6 +-
.../files/jetty-base/webapps/static.xml | 8 +-
security/shibboleth-idp/files/shibboleth-idp.in | 9 +-
security/shibboleth-idp/files/shibboleth-idp.sh | 348 +++++++++++++++------
security/shibboleth-idp/files/shibboleth.in | 1 +
security/shibboleth-idp/pkg-plist | 293 +++++++----------
14 files changed, 416 insertions(+), 337 deletions(-)
diff --git a/security/shibboleth-idp/Makefile b/security/shibboleth-idp/Makefile
index 12bcdcb8c0c2..3a90e04f22e5 100644
--- a/security/shibboleth-idp/Makefile
+++ b/security/shibboleth-idp/Makefile
@@ -1,9 +1,8 @@
PORTNAME= shibboleth
-PORTVERSION= 4.3.3
-PORTREVISION= 1
+PORTVERSION= 5.1.3
CATEGORIES= security www
MASTER_SITES= http://shibboleth.net/downloads/identity-provider/${PORTVERSION}/ \
- http://shibboleth.net/downloads/identity-provider/latest4/${PORTVERSION}/ \
+ http://shibboleth.net/downloads/identity-provider/latest5/${PORTVERSION}/ \
http://shibboleth.net/downloads/identity-provider/archive/${PORTVERSION}/ \
https://repo1.maven.org/maven2/ch/qos/logback/logback-core/${LOGBACKVER}/:logback_core \
https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/${LOGBACKVER}/:logback_classic
@@ -19,9 +18,9 @@ WWW= http://shibboleth.internet2.edu/
LICENSE= APACHE20
-BUILD_DEPENDS= jetty10>=0:www/jetty10
+BUILD_DEPENDS= jetty12>=0:www/jetty12
RUN_DEPENDS= bash:shells/bash \
- jetty10>=0:www/jetty10
+ jetty12>=0:www/jetty12
USE_RC_SUBR= shibboleth-idp
CPE_VENDOR= shibboleth
@@ -30,7 +29,7 @@ WRKSRC= ${WRKDIR}/shibboleth-identity-provider-${PORTVERSION}
NO_ARCH= yes
NO_BUILD= yes
-LOGBACKVER= 1.4.0
+LOGBACKVER= 1.5.6
SHIBUSER= shibd
SHIBGROUP= shibd
LOGDIR= /var/log/${PORTNAME}
@@ -50,6 +49,7 @@ do-install:
@${MKDIR} ${STAGEDIR}${DATADIR} ${STAGEDIR}${ETCDIR}
@${MKDIR} ${STAGEDIR}${LOGDIR} ${STAGEDIR}${RUNDIR}
@${MKDIR} ${STAGEDIR}${WWWDIR}/lib/logging
+ @${MKDIR} ${STAGEDIR}${WWWDIR}/jsp
@${MKDIR} ${STAGEDIR}${EXAMPLESDIR}
.for dir in conf credentials etc modules resources start.d webapps/ROOT
@${MKDIR} ${STAGEDIR}${WWWDIR}/${dir}
diff --git a/security/shibboleth-idp/distinfo b/security/shibboleth-idp/distinfo
index 534ea430b4a2..6ba4a2165721 100644
--- a/security/shibboleth-idp/distinfo
+++ b/security/shibboleth-idp/distinfo
@@ -1,7 +1,7 @@
-TIMESTAMP = 1713232393
-SHA256 (shibboleth-identity-provider-4.3.3.tar.gz) = 815abe9c707c8741278eda8b9120be7d99f09238d2974ccc3a93b37d549cc149
-SIZE (shibboleth-identity-provider-4.3.3.tar.gz) = 60927078
-SHA256 (logback-classic-1.4.0.jar) = 9ce4cfee4834195753b5be5016ded641e8456d9e82995821838dc662e866e212
-SIZE (logback-classic-1.4.0.jar) = 262118
-SHA256 (logback-core-1.4.0.jar) = 14e09a7896bee6ef2e005b48fc5560fe2299a57a826bc4c1f1c6d43002f0512c
-SIZE (logback-core-1.4.0.jar) = 559203
+TIMESTAMP = 1725384814
+SHA256 (shibboleth-identity-provider-5.1.3.tar.gz) = cc72f0b15fda49b43bdd38cef3bdc62cbe01684b59c3d024b5de1ffdba42206e
+SIZE (shibboleth-identity-provider-5.1.3.tar.gz) = 44250595
+SHA256 (logback-classic-1.5.6.jar) = 6115c6cac5ed1d9db810d14f2f7f4dd6a9f21f0acbba8016e4daaca2ba0f5eb8
+SIZE (logback-classic-1.5.6.jar) = 293697
+SHA256 (logback-core-1.5.6.jar) = 898c7d120199f37e1acc8118d97ab15a4d02b0e72e27ba9f05843cb374e160c6
+SIZE (logback-core-1.5.6.jar) = 609942
diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod b/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod
deleted file mode 100644
index dccc34ae12b7..000000000000
--- a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod
+++ /dev/null
@@ -1,9 +0,0 @@
-[description]
-Shibboleth IdP Logging
-
-[depend]
-console-capture
-logback-access
-
-[files]
-/var/log/shibboleth/
diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp.mod b/security/shibboleth-idp/files/jetty-base/modules/idp.mod
index 57a601105222..51fb66e4945d 100644
--- a/security/shibboleth-idp/files/jetty-base/modules/idp.mod
+++ b/security/shibboleth-idp/files/jetty-base/modules/idp.mod
@@ -2,16 +2,18 @@
Shibboleth IdP
[depend]
-annotations
-deploy
+ee9-annotations
+ee9-deploy
ext
+ee9-webapp
+http
#https
-jsp
-jstl
-plus
+ee9-jsp
+ee9-jstl
+ee9-plus
resources
server
-servlets
+ee9-servlets
#ssl
[files]
diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml b/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml
deleted file mode 100644
index cec9236337fa..000000000000
--- a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<configuration>
- <statusListener class="ch.qos.logback.core.status.OnConsoleStatusListener" />
- <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>/var/log/shibboleth/access.log</file>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- </rollingPolicy>
- <encoder>
- <pattern>combined</pattern>
- </encoder>
- </appender>
- <appender-ref ref="FILE" />
-</configuration>
diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback.xml b/security/shibboleth-idp/files/jetty-base/resources/logback.xml
index 9a530677c4a9..5d973afeecf3 100644
--- a/security/shibboleth-idp/files/jetty-base/resources/logback.xml
+++ b/security/shibboleth-idp/files/jetty-base/resources/logback.xml
@@ -10,9 +10,25 @@
<Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n</Pattern>
</encoder>
</appender>
+
+ <appender name="jetty-access" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>/var/log/shibboleth/access.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ </rollingPolicy>
+ <encoder>
+ <pattern>%msg%n</pattern>
+ </encoder>
+ </appender>
+
<root level="INFO">
<appender-ref ref="jetty" />
</root>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="INFO" additivity="false">
+ <appender-ref ref="jetty-access" />
+ </logger>
+
<logger name="org.springframework" level="OFF" />
<logger name="ch.qos.logback" level="WARN" />
</configuration>
diff --git a/security/shibboleth-idp/files/jetty-base/start.d/http.ini b/security/shibboleth-idp/files/jetty-base/start.d/http.ini
index fd91753eb783..3369d64a4a18 100644
--- a/security/shibboleth-idp/files/jetty-base/start.d/http.ini
+++ b/security/shibboleth-idp/files/jetty-base/start.d/http.ini
@@ -6,9 +6,5 @@
--module=http
--module=http-forwarded
-# Allows use of default IdP command line tools.
-jetty.http.host=127.0.0.1
-jetty.http.port=8080
-
# Hide server version
jetty.httpConfig.sendServerVersion=false
diff --git a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini
index e87aa186019d..33b3a39fb8df 100644
--- a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini
+++ b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini
@@ -31,5 +31,9 @@ jetty.ssl.host=127.0.0.1
## Connector port to listen on
jetty.ssl.port=443
-# logging
+## Route request logging through standard logging API
etc/jetty-requestlog.xml
+
+# Allows use of default IdP command line tools.
+jetty.http.host=127.0.0.1
+jetty.http.port=8080
diff --git a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml
index f5ba928e0b73..08676d1e3c26 100644
--- a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml
+++ b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml
@@ -1,10 +1,10 @@
<?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
<!-- =============================================================== -->
<!-- Configure the Shibboleth IdP webapp -->
<!-- =============================================================== -->
-<Configure class="org.eclipse.jetty.webapp.WebAppContext">
- <Set name="war"><SystemProperty name="idp.war.path" default="war/idp.war" /></Set>
+<Configure class="org.eclipse.jetty.ee9.webapp.WebAppContext">
+ <Set name="war"><SystemProperty name="idp.home" default="/usr/local/www/shibboleth" />/war/idp.war</Set>
<Set name="contextPath"><SystemProperty name="idp.context.path" default="/idp" /></Set>
<Set name="extractWAR">false</Set>
<Set name="copyWebDir">false</Set>
diff --git a/security/shibboleth-idp/files/jetty-base/webapps/static.xml b/security/shibboleth-idp/files/jetty-base/webapps/static.xml
index 3c53036abb35..f4f90fcb1ee3 100644
--- a/security/shibboleth-idp/files/jetty-base/webapps/static.xml
+++ b/security/shibboleth-idp/files/jetty-base/webapps/static.xml
@@ -1,5 +1,5 @@
<?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd">
<!-- =============================================================== -->
<!-- Configure static content delivery -->
<!-- =============================================================== -->
@@ -7,10 +7,10 @@
<Set name="contextPath">/</Set>
<Set name="handler">
<New class="org.eclipse.jetty.server.handler.ResourceHandler">
- <Set name="resourceBase">
- <Property name="jetty.base"/>/<Property name="jetty.static.data.path" default="../static"/>
+ <Set name="baseResourceAsString">
+ <SystemProperty name="jetty.base"/>/<Property name="jetty.static.data.path" default="static"/>
</Set>
- <Set name="directoriesListed">false</Set>
+ <Set name="dirAllowed">false</Set>
</New>
</Set>
</Configure>
diff --git a/security/shibboleth-idp/files/shibboleth-idp.in b/security/shibboleth-idp/files/shibboleth-idp.in
index c8904167e00c..e0b425e5eeb4 100644
--- a/security/shibboleth-idp/files/shibboleth-idp.in
+++ b/security/shibboleth-idp/files/shibboleth-idp.in
@@ -80,8 +80,13 @@ shibboleth_idp_initupgrade() {
/bin/rm -f %%WWWDIR%%/idp.ini.bak
PATH="${PATH}:%%LOCALBASE%%/bin"
- %%DATADIR%%/bin/install.sh -Didp.keysize=${shibboleth_idp_keysize} -Didp.target.dir=%%WWWDIR%% -Didp.src.dir=%%DATADIR%% -Didp.conf.credentials.group=%%SHIBUSER%% -Didp.conf.credentials.filemode=640 -Didp.keystore.password=${KEYSTORE} -Didp.sealer.password=${COOKIE} -Didp.host.name=${shibboleth_idp_hostname} -Didp.scope=${shibboleth_idp_scope} -Didp.entityID=${shibboleth_idp_entityid} -Didp.noprompt
- /usr/bin/sed -i'.bak' -e "s|:8443||g" %%WWWDIR%%/metadata/idp-metadata.xml
+ printf "idp.target.dir=%%WWWDIR%%\nidp.keysize=${shibboleth_idp_keysize}\nidp.src.dir=%%DATADIR%%\nidp.conf.credentials.group=%%SHIBUSER%%\nidp.conf.credentials.filemode=640\nidp.scope=${shibboleth_idp_scope}\nidp.host.name=${shibboleth_idp_hostname}\nidp.entityID=${shibboleth_idp_entityid}\n\n# EOF\n" > %%WWWDIR%%/install.properties
+ if [ ! -f %%WWWDIR%%/credentials/secrets.properties ]; then
+ install -o root -g ${shibboleth_idp_group} -m 440 /dev/null %%WWWDIR%%/credentials/secrets.properties
+ printf "idp.keystore.password=${KEYSTORE}\nidp.sealer.password=${COOKIE}\n">%%WWWDIR%%/credentials/secrets.properties
+ fi
+ %%DATADIR%%/bin/install.sh --propertyFile %%WWWDIR%%/install.properties --propertyFiles %%WWWDIR%%/credentials/secrets.properties
+ /usr/bin/sed -i'.bak' -e "s|idp.scope = example.org|idp.scope=${shibboleth_idp_scope}|g" %%WWWDIR%%/conf/idp.properties
}
run_rc_command "$1"
diff --git a/security/shibboleth-idp/files/shibboleth-idp.sh b/security/shibboleth-idp/files/shibboleth-idp.sh
index 13a08d5c8f18..71341ffa127f 100755
--- a/security/shibboleth-idp/files/shibboleth-idp.sh
+++ b/security/shibboleth-idp/files/shibboleth-idp.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/usr/local/bin/bash
# LSB Tags
### BEGIN INIT INFO
@@ -118,35 +118,143 @@ findDirectory()
done
}
+# test if process specified in PID file is still running
running()
{
- if [ -f "$1" ]
- then
- local PID=$(cat "$1" 2>/dev/null) || return 1
- kill -0 "$PID" 2>/dev/null
- return
+ local PIDFILE=$1
+ if [ -r "$PIDFILE" ] ; then
+ local PID=$(tail -1 "$PIDFILE")
+ if kill -0 "$PID" 2>/dev/null ; then
+ return 0
+ fi
fi
- rm -f "$1"
return 1
}
+# Test state file (after timeout) for started state
started()
{
- # wait for 60s to see "STARTED" in PID file, needs jetty-started.xml as argument
- for ((T = 0; T < $(($3 / 4)); T++))
+ local STATEFILE=$1
+ local PIDFILE=$2
+ local STARTTIMEOUT=$3
+
+ if (( DEBUG )) ; then
+ echo "Looking for $STATEFILE"
+ echo -n "State Parent Directory: "
+ ls -lad $(dirname $STATEFILE)
+ fi
+
+ # wait till timeout to see "STARTED" in state file, needs --module=state as argument
+ for ((T = 0; T < $STARTTIMEOUT; T++))
do
- sleep 4
- [ -z "$(tail -1 $1 | grep STARTED 2>/dev/null)" ] || return 0
- [ -z "$(tail -1 $1 | grep STOPPED 2>/dev/null)" ] || return 1
- [ -z "$(tail -1 $1 | grep FAILED 2>/dev/null)" ] || return 1
- local PID=$(cat "$2" 2>/dev/null) || return 1
- kill -0 "$PID" 2>/dev/null || return 1
- echo -n ". "
+ echo -n "."
+ sleep 1
+ if [ -r $STATEFILE ] ; then
+ STATENOW=$(tail -1 $STATEFILE)
+ (( DEBUG )) && echo "State (now): $STATENOW"
+ case "$STATENOW" in
+ STARTED*)
+ echo " started"
+ return 0;;
+ STOPPED*)
+ echo " stopped"
+ return 1;;
+ FAILED*)
+ echo " failed"
+ return 1;;
+ esac
+ else
+ (( DEBUG )) && echo "Unable to read State File: $STATEFILE"
+ fi
done
-
+ (( DEBUG )) && echo "Timeout $STARTTIMEOUT expired waiting for start state from $STATEFILE"
+ echo " timeout"
+ if running "$PIDFILE" ; then
+ echo "INFO: Server process is running"
+ else
+ echo "** ERROR: Server process is NOT running"
+ fi
return 1;
}
+pidKill()
+{
+ local PIDFILE=$1
+ local TIMEOUT=$2
+
+ if [ -r $PIDFILE ] ; then
+ local PID=$(tail -1 "$PIDFILE")
+ if [ -z "$PID" ] ; then
+ echo "** ERROR: no pid found in $PIDFILE"
+ return 1
+ fi
+
+ # Try default kill first
+ if kill -0 "$PID" 2>/dev/null ; then
+ (( DEBUG )) && echo "PID=$PID is running, sending kill"
+ kill "$PID" 2>/dev/null
+ else
+ rm -f $PIDFILE 2> /dev/null
+ return 0
+ fi
+
+ # Perform harsh kill next
+ while kill -0 "$PID" 2>/dev/null
+ do
+ if (( TIMEOUT-- == 0 )) ; then
+ (( DEBUG )) && echo "PID=$PID is running, sending kill signal=KILL (TIMEOUT=$TIMEOUT)"
+ kill -KILL "$PID" 2>/dev/null
+ fi
+ echo -n "."
+ sleep 1
+ done
+ echo "Killed $PID"
+ return 0
+ else
+ (( DEBUG )) && echo "Unable to read PID File: $PIDFILE"
+ return 1
+ fi
+}
+
+testFileSystemPermissions()
+{
+ # Don't test file system permissions if user is root
+ if [ $UID -eq 0 ] ; then
+ (( DEBUG )) && echo "Not testing file system permissions: uid is 0"
+ return 0
+ fi
+
+ # Don't test if JETTY_USER is specified
+ # as the Jetty process will switch to a different user id on startup
+ if [ -n "$JETTY_USER" ] ; then
+ (( DEBUG )) && echo "Not testing file system permissions: JETTY_USER=$JETTY_USER"
+ return 0
+ fi
+
+ # Don't test if setuid is specified
+ # as the Jetty process will switch to a different user id on startup
+ if expr -- "${JETTY_ARGS[*]}" : '.*setuid.*' >/dev/null
+ then
+ (( DEBUG )) && echo "Not testing file system permissions: setuid in use"
+ return 0
+ fi
+
+ # Test if PID can be written from this userid
+ if ! touch "$JETTY_PID"
+ then
+ echo "** ERROR: Unable to touch file: $JETTY_PID"
+ echo " Correct issues preventing use of \$JETTY_PID and try again."
+ exit 1
+ fi
+
+ # Test if STATE can be written from this userid
+ if ! touch "$JETTY_STATE"
+ then
+ echo "** ERROR: Unable to touch file: $JETTY_STATE"
+ echo " Correct issues preventing use of \$JETTY_STATE and try again."
+ exit 1
+ fi
+}
readConfig()
{
@@ -156,31 +264,36 @@ readConfig()
dumpEnv()
{
- echo "JAVA = $JAVA"
- echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}"
- echo "JETTY_HOME = $JETTY_HOME"
- echo "JETTY_BASE = $JETTY_BASE"
- echo "START_D = $START_D"
- echo "START_INI = $START_INI"
- echo "JETTY_START = $JETTY_START"
- echo "JETTY_CONF = $JETTY_CONF"
- echo "JETTY_ARGS = ${JETTY_ARGS[*]}"
- echo "JETTY_RUN = $JETTY_RUN"
- echo "JETTY_PID = $JETTY_PID"
- echo "JETTY_START_LOG = $JETTY_START_LOG"
- echo "JETTY_STATE = $JETTY_STATE"
- echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT"
- echo "RUN_CMD = ${RUN_CMD[*]}"
+ echo "JAVA = $JAVA"
+ echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}"
+ echo "JETTY_HOME = $JETTY_HOME"
+ echo "JETTY_BASE = $JETTY_BASE"
+ echo "START_D = $START_D"
+ echo "START_INI = $START_INI"
+ echo "JETTY_START = $JETTY_START"
+ echo "JETTY_CONF = $JETTY_CONF"
+ echo "JETTY_ARGS = ${JETTY_ARGS[*]}"
+ echo "JETTY_RUN = $JETTY_RUN"
+ echo "JETTY_PID = $JETTY_PID"
+ echo "JETTY_START_LOG = $JETTY_START_LOG"
+ echo "JETTY_STATE = $JETTY_STATE"
+ echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT"
+ echo "JETTY_SYS_PROPS = $JETTY_SYS_PROPS"
+ echo "RUN_ARGS = ${RUN_ARGS[*]}"
+ echo "ID = $(id)"
+ echo "JETTY_USER = $JETTY_USER"
+ echo "USE_START_STOP_DAEMON = $USE_START_STOP_DAEMON"
+ echo "START_STOP_DAEMON = $START_STOP_DAEMON_AVAILABLE"
}
-
##################################################
# Get the action & configs
##################################################
CONFIGS=()
NO_START=0
DEBUG=0
+USE_START_STOP_DAEMON=1
while [[ $1 = -* ]]; do
case $1 in
@@ -300,7 +413,15 @@ fi
if [ -z "$JETTY_RUN" ]
then
JETTY_RUN=$(findDirectory -w /var/run /usr/var/run $JETTY_BASE /tmp)/jetty
- [ -d "$JETTY_RUN" ] || mkdir $JETTY_RUN
+fi
+
+if [ ! -d "$JETTY_RUN" ] ; then
+ if ! mkdir $JETTY_RUN
+ then
+ echo "** ERROR: Unable to create directory: $JETTY_RUN"
+ echo " Correct issues preventing the creation of \$JETTY_RUN and try again."
+ exit 1
+ fi
fi
#####################################################
@@ -328,14 +449,14 @@ case "`uname`" in
CYGWIN*) JETTY_STATE="`cygpath -w $JETTY_STATE`";;
esac
-
-JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE")
+JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE" "jetty.pid=$JETTY_PID")
##################################################
# Get the list of config.xml files from jetty.conf
##################################################
if [ -f "$JETTY_CONF" ] && [ -r "$JETTY_CONF" ]
then
+ (( DEBUG )) && echo "$JETTY_CONF: (begin read) JETTY_ARGS.length=${#JETTY_ARGS[@]}"
while read -r CONF
do
if expr -- "$CONF" : '#' >/dev/null ; then
@@ -351,16 +472,17 @@ then
do
if [ -r "$XMLFILE" ] && [ -f "$XMLFILE" ]
then
- JETTY_ARGS=(${JETTY_ARGS[*]} "$XMLFILE")
+ JETTY_ARGS[${#JETTY_ARGS[@]}]=$XMLFILE
else
echo "** WARNING: Cannot read '$XMLFILE' specified in '$JETTY_CONF'"
fi
done
else
# assume it's a command line parameter (let start.jar deal with its validity)
- JETTY_ARGS=(${JETTY_ARGS[*]} "$CONF")
+ JETTY_ARGS[${#JETTY_ARGS[@]}]=$CONF
fi
done < "$JETTY_CONF"
+ (( DEBUG )) && echo "$JETTY_CONF: (finished read) JETTY_ARGS.length=${#JETTY_ARGS[@]}"
fi
##################################################
@@ -414,9 +536,6 @@ TMPDIR="`cygpath -w $TMPDIR`"
;;
esac
-BASE_JETTY_SYS_PROPS=$(echo -ne "-Djetty.home=$JETTY_HOME" "-Djetty.base=$JETTY_BASE" "-Djava.io.tmpdir=$TMPDIR")
-JETTY_SYS_PROPS=(${JETTY_SYS_PROPS[*]} $BASE_JETTY_SYS_PROPS)
-
#####################################################
# This is how the Jetty server will be started
#####################################################
@@ -434,15 +553,31 @@ case "`uname`" in
CYGWIN*) JETTY_START="`cygpath -w $JETTY_START`";;
esac
-RUN_ARGS=$("$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args ${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]})
-RUN_CMD=("$JAVA" $JETTY_SYS_PROPS ${RUN_ARGS[@]})
+# Determine if we can use start-stop-daemon or not
+START_STOP_DAEMON_AVAILABLE=0
+
+if (( USE_START_STOP_DAEMON ))
+then
+ # only if root user is executing jetty.sh, and the start-stop-daemon exists
+ if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1
+ then
+ START_STOP_DAEMON_AVAILABLE=1
+ else
+ USE_START_STOP_DAEMON=0
+ fi
+fi
+
+# Collect the dry-run (of opts,path,main,args) from the jetty.base configuration
+JETTY_DRY_RUN=$(echo "${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}" | xargs "$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args,envs)
+RUN_ARGS=($JETTY_SYS_PROPS ${JETTY_DRY_RUN[@]})
-#####################################################
-# Comment these out after you're happy with what
-# the script is doing.
-#####################################################
if (( DEBUG ))
then
+ if expr -- "${RUN_ARGS[*]}" : '.*/etc/console-capture.xml.*' > /dev/null
+ then
+ echo "WARNING: Disable console-capture module for best DEBUG results"
+ fi
+ echo "IDs are $(id)"
dumpEnv
fi
@@ -451,14 +586,29 @@ fi
##################################################
case "$ACTION" in
start)
- echo -n "Starting Jetty: "
-
if (( NO_START )); then
echo "Not starting ${NAME} - NO_START=1";
exit
fi
- if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1
+ testFileSystemPermissions
+
+ if running $JETTY_PID
+ then
+ echo "Already Running $(cat $JETTY_PID)!"
+ exit 1
+ fi
+
+ # remove any lingering state file
+ if [ -f $JETTY_STATE ]
+ then
+ rm $JETTY_STATE
+ fi
+
+ echo -n "Starting Jetty: "
+
+ # Startup from a service file
+ if (( USE_START_STOP_DAEMON ))
then
unset CH_USER
if [ -n "$JETTY_USER" ]
@@ -466,22 +616,19 @@ case "$ACTION" in
CH_USER="--chuid $JETTY_USER"
fi
- start-stop-daemon --start $CH_USER \
- --pidfile "$JETTY_PID" \
+ # use of --pidfile /dev/null disables internal pidfile
+ # management of the start-stop-daemon (see man page)
+ echo ${RUN_ARGS[@]} | xargs start-stop-daemon \
+ --start $CH_USER \
+ --pidfile /dev/null \
--chdir "$JETTY_BASE" \
--background \
- --make-pidfile \
+ --output "${JETTY_RUN}/start-stop.log" \
--startas "$JAVA" \
- -- ${RUN_ARGS[@]} start-log-file="$JETTY_START_LOG"
-
+ --
+ (( DEBUG )) && echo "Starting: start-stop-daemon"
else
-
- if running $JETTY_PID
- then
- echo "Already Running $(cat $JETTY_PID)!"
- exit 1
- fi
-
+ # Startup if switching users (not as a service, or from root)
if [ -n "$JETTY_USER" ] && [ `whoami` != "$JETTY_USER" ]
then
unset SU_SHELL
@@ -490,29 +637,30 @@ case "$ACTION" in
SU_SHELL="-s $JETTY_SHELL"
fi
- touch "$JETTY_PID"
chown "$JETTY_USER" "$JETTY_PID"
- # FIXME: Broken solution: wordsplitting, pathname expansion, arbitrary command execution, etc.
su - "$JETTY_USER" $SU_SHELL -c "
cd \"$JETTY_BASE\"
- exec ${RUN_CMD[*]} start-log-file=\"$JETTY_START_LOG\" > /dev/null &
- disown \$!
- echo \$! > \"$JETTY_PID\""
+ echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
+ PID=\$!
+ disown \$PID"
+ (( DEBUG )) && echo "Starting: su shell (w/user $JETTY_USER) on PID $PID"
else
- "${RUN_CMD[@]}" > /dev/null &
- disown $!
- echo $! > "$JETTY_PID"
+ # Startup if not switching users
+ echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
+ PID=$!
+ disown $PID
+ (( DEBUG )) && echo "Starting: java command on PID $PID"
fi
-
fi
- if expr "${JETTY_ARGS[*]}" : '.*jetty-started.xml.*' >/dev/null
+ if expr -- "${JETTY_ARGS[*]}" : '.*jetty\.state=.*' >/dev/null
then
if started "$JETTY_STATE" "$JETTY_PID" "$JETTY_START_TIMEOUT"
then
echo "OK `date`"
else
echo "FAILED `date`"
+ pidKill $JETTY_PID 30
exit 1
fi
else
@@ -523,38 +671,42 @@ case "$ACTION" in
stop)
echo -n "Stopping Jetty: "
- if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1; then
- start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s HUP
-
- TIMEOUT=30
- while running "$JETTY_PID"; do
- if (( TIMEOUT-- == 0 )); then
- start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s KILL
- fi
+ if [ ! -r "$JETTY_PID" ] ; then
+ echo "** ERROR: no pid found at $JETTY_PID"
+ exit 1
+ fi
- sleep 1
- done
- else
- if [ ! -f "$JETTY_PID" ] ; then
- echo "ERROR: no pid found at $JETTY_PID"
- exit 1
- fi
+ PID=$(tail -1 "$JETTY_PID")
+ if [ -z "$PID" ] ; then
+ echo "** ERROR: no pid found in $JETTY_PID"
+ exit 1
+ fi
- PID=$(cat "$JETTY_PID" 2>/dev/null)
- if [ -z "$PID" ] ; then
- echo "ERROR: no pid id found in $JETTY_PID"
- exit 1
- fi
- kill "$PID" 2>/dev/null
+ # Stopping service started with start-stop-daemon
+ if (( USE_START_STOP_DAEMON )) ; then
+ (( DEBUG )) && echo "Issuing HUP to $PID"
+ start-stop-daemon --stop \
+ --pid "$PID" \
+ --chdir "$JETTY_BASE" \
+ --startas "$JAVA" \
+ --signal HUP
TIMEOUT=30
- while running $JETTY_PID; do
+ while running "$JETTY_PID"; do
+ (( DEBUG )) && echo "Issuing KILL to $PID"
if (( TIMEOUT-- == 0 )); then
- kill -KILL "$PID" 2>/dev/null
+ start-stop-daemon --stop \
+ --pid "$PID" \
+ --chdir "$JETTY_BASE" \
+ --startas "$JAVA" \
+ --signal KILL
fi
sleep 1
done
+ else
+ # Stopping from non-service start
+ pidKill "$JETTY_PID" 30
fi
rm -f "$JETTY_PID"
@@ -565,7 +717,7 @@ case "$ACTION" in
restart)
JETTY_SH=$0
- > "$JETTY_STATE"
+ echo "restart" >> "$JETTY_STATE"
if [ ! -f $JETTY_SH ]; then
if [ ! -f $JETTY_HOME/bin/jetty.sh ]; then
echo "$JETTY_HOME/bin/jetty.sh does not exist."
@@ -584,7 +736,7 @@ case "$ACTION" in
# Under control of daemontools supervise monitor which
# handles restarts and shutdowns via the svc program.
#
- exec "${RUN_CMD[@]}"
+ echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
;;
@@ -597,7 +749,7 @@ case "$ACTION" in
exit 1
fi
- exec "${RUN_CMD[@]}"
+ echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null &
;;
check|status)
diff --git a/security/shibboleth-idp/files/shibboleth.in b/security/shibboleth-idp/files/shibboleth.in
index e63c0b1c1b98..424e30b7296e 100644
--- a/security/shibboleth-idp/files/shibboleth.in
+++ b/security/shibboleth-idp/files/shibboleth.in
@@ -4,6 +4,7 @@
# JAVA
# Command to invoke Java. If not set, java (from the PATH) will be used.
#
+JAVA=%%LOCALBASE%%/bin/java
# JAVA_OPTIONS
# Extra options to pass to the JVM
diff --git a/security/shibboleth-idp/pkg-plist b/security/shibboleth-idp/pkg-plist
index ed38e20aef23..e45c1c7549ee 100644
--- a/security/shibboleth-idp/pkg-plist
+++ b/security/shibboleth-idp/pkg-plist
@@ -1,80 +1,19 @@
+%%ETCDIR%%/shibboleth-idp
+sbin/shibboleth-idp.sh
%%DATADIR%%/LICENSE.txt
-%%DATADIR%%/bin/aacli.bat
-%%DATADIR%%/bin/aacli.sh
-%%DATADIR%%/bin/ant-jetty.xml
-%%DATADIR%%/bin/ant.bat
-%%DATADIR%%/bin/ant.sh
-%%DATADIR%%/bin/build.bat
-%%DATADIR%%/bin/build.sh
-%%DATADIR%%/bin/build.xml
-%%DATADIR%%/bin/install-log.xml
%%DATADIR%%/bin/install.bat
%%DATADIR%%/bin/install.sh
-%%DATADIR%%/bin/keygen.bat
-%%DATADIR%%/bin/keygen.sh
@comment %%DATADIR%%/bin/lib/.gitkeep
%%DATADIR%%/bin/lib/ant-1.10.14.jar
%%DATADIR%%/bin/lib/ant-launcher-1.10.14.jar
-%%DATADIR%%/bin/lib/bcpg-jdk18on-1.72.2.jar
-%%DATADIR%%/bin/lib/commons-compress-1.26.1.jar
+%%DATADIR%%/bin/lib/bcpg-jdk18on-1.77.jar
+%%DATADIR%%/bin/lib/commons-compress-1.26.2.jar
%%DATADIR%%/bin/lib/commons-io-2.15.1.jar
+%%DATADIR%%/bin/lib/idp-cli-%%PORTVERSION%%.jar
%%DATADIR%%/bin/lib/idp-installer-%%PORTVERSION%%.jar
%%DATADIR%%/bin/lib/jcommander-1.81.jar
-%%DATADIR%%/bin/mdquery.bat
-%%DATADIR%%/bin/mdquery.sh
-%%DATADIR%%/bin/module.bat
-%%DATADIR%%/bin/module.sh
-%%DATADIR%%/bin/plugin.bat
-%%DATADIR%%/bin/plugin.sh
-%%DATADIR%%/bin/reload-metadata.bat
-%%DATADIR%%/bin/reload-metadata.sh
-%%DATADIR%%/bin/reload-service.bat
-%%DATADIR%%/bin/reload-service.sh
-%%DATADIR%%/bin/runclass.bat
-%%DATADIR%%/bin/runclass.sh
-%%DATADIR%%/bin/sealer.bat
-%%DATADIR%%/bin/sealer.sh
-%%DATADIR%%/bin/seckeygen.bat
-%%DATADIR%%/bin/seckeygen.sh
-%%DATADIR%%/bin/status.bat
-%%DATADIR%%/bin/status.sh
-%%DATADIR%%/bin/version.bat
-%%DATADIR%%/bin/version.sh
-%%DATADIR%%/conf/access-control.xml
-%%DATADIR%%/conf/admin/admin.properties
-%%DATADIR%%/conf/admin/metrics.xml
-%%DATADIR%%/conf/attribute-filter.xml
-%%DATADIR%%/conf/attribute-registry.xml
-%%DATADIR%%/conf/attribute-resolver.xml
-%%DATADIR%%/conf/attributes/custom/README
-%%DATADIR%%/conf/attributes/default-rules.xml
-%%DATADIR%%/conf/attributes/eduCourse.xml
-%%DATADIR%%/conf/attributes/eduPerson.xml
-%%DATADIR%%/conf/attributes/inetOrgPerson.xml
-%%DATADIR%%/conf/attributes/samlSubject.xml
-%%DATADIR%%/conf/attributes/schac.xml
-%%DATADIR%%/conf/audit.xml
-%%DATADIR%%/conf/authn/authn-comparison.xml
-%%DATADIR%%/conf/authn/authn-events-flow.xml
-%%DATADIR%%/conf/authn/authn.properties
-%%DATADIR%%/conf/c14n/subject-c14n-events-flow.xml
-%%DATADIR%%/conf/c14n/subject-c14n.properties
-%%DATADIR%%/conf/c14n/subject-c14n.xml
-%%DATADIR%%/conf/credentials.xml
-%%DATADIR%%/conf/errors.xml
-%%DATADIR%%/conf/examples/attribute-resolver-ldap.xml
-%%DATADIR%%/conf/global.xml
-%%DATADIR%%/conf/idp.properties
-%%DATADIR%%/conf/intercept/intercept-events-flow.xml
-%%DATADIR%%/conf/ldap.properties
-%%DATADIR%%/conf/logback.xml
-%%DATADIR%%/conf/metadata-providers.xml
-%%DATADIR%%/conf/relying-party.xml
-%%DATADIR%%/conf/saml-nameid.properties
-%%DATADIR%%/conf/saml-nameid.xml
-%%DATADIR%%/conf/services.properties
-%%DATADIR%%/conf/services.xml
-%%DATADIR%%/credentials/.gitkeep
+%%DATADIR%%/bin/lib/shib-cli-9.1.3.jar
+@comment %%DATADIR%%/credentials/.gitkeep
%%DATADIR%%/doc/BC-LICENSE.txt
%%DATADIR%%/doc/CREDITS.txt
%%DATADIR%%/doc/DUO-LICENSE.txt
@@ -82,66 +21,31 @@
%%DATADIR%%/doc/README.txt
%%DATADIR%%/doc/RELEASE-NOTES.txt
%%DATADIR%%/doc/SPYMEMCACHED-LICENSE.txt
-%%DATADIR%%/flows/authn/conditions/account-locked/account-locked-flow.xml
-%%DATADIR%%/flows/authn/conditions/conditions-flow.xml
-%%DATADIR%%/flows/authn/conditions/expired-password/expired-password-flow.xml
-%%DATADIR%%/flows/authn/conditions/expiring-password/expiring-password-flow.xml
-%%DATADIR%%/flows/user/prefs/prefs-flow.xml
@comment %%DATADIR%%/logs/.gitkeep
-%%DATADIR%%/messages/messages.properties
-%%DATADIR%%/system/DONOTTOUCH
-%%DATADIR%%/system/conf/global-system.xml
-%%DATADIR%%/system/conf/mvc-beans.xml
-%%DATADIR%%/system/conf/webflow-config.xml
-%%DATADIR%%/views/client-storage/client-storage-read.vm
-%%DATADIR%%/views/client-storage/client-storage-write.vm
-%%DATADIR%%/views/error.vm
-%%DATADIR%%/views/logout-complete.vm
-%%DATADIR%%/views/logout-propagate.vm
-%%DATADIR%%/views/logout.vm
-%%DATADIR%%/views/user-prefs.js
-%%DATADIR%%/views/user-prefs.vm
%%DATADIR%%/webapp/META-INF/MANIFEST.MF
%%DATADIR%%/webapp/WEB-INF/idpui.tld
%%DATADIR%%/webapp/WEB-INF/jsp/metadata.jsp
%%DATADIR%%/webapp/WEB-INF/jsp/status.jsp
-%%DATADIR%%/webapp/WEB-INF/lib/DuoWeb-1.3.jar
-%%DATADIR%%/webapp/WEB-INF/lib/UserAgentUtils-1.21.jar
%%DATADIR%%/webapp/WEB-INF/lib/annotations-17.0.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/antlr-2.7.7.jar
-%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.72.jar
-%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.72.jar
-%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.72.jar
-%%DATADIR%%/webapp/WEB-INF/lib/byte-buddy-1.10.21.jar
-%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.12.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/classmate-1.5.1.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-cli-1.4.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.15.jar
+%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.77.jar
+%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.77.jar
+%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.77.jar
+%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.41.0.jar
+%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.16.1.jar
%%DATADIR%%/webapp/WEB-INF/lib/commons-compiler-3.1.12.jar
%%DATADIR%%/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-lang-2.6.jar
-%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.11.jar
+%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.14.0.jar
%%DATADIR%%/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.5.jar
-%%DATADIR%%/webapp/WEB-INF/lib/dom4j-2.1.3.jar
-%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.11.0.jar
-%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.1.jar
-%%DATADIR%%/webapp/WEB-INF/lib/guava-31.1-jre.jar
-%%DATADIR%%/webapp/WEB-INF/lib/hibernate-commons-annotations-5.1.2.Final.jar
-%%DATADIR%%/webapp/WEB-INF/lib/hibernate-core-5.4.30.Final.jar
-%%DATADIR%%/webapp/WEB-INF/lib/httpclient-4.5.14.jar
-%%DATADIR%%/webapp/WEB-INF/lib/httpclient-cache-4.5.14.jar
-%%DATADIR%%/webapp/WEB-INF/lib/httpcore-4.4.16.jar
+%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.6.jar
+%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.23.0.jar
+%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.2.jar
+%%DATADIR%%/webapp/WEB-INF/lib/guava-33.0.0-jre.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-5.3.1.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-cache-5.3.1.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-5.2.5.jar
+%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-h2-5.2.5.jar
%%DATADIR%%/webapp/WEB-INF/lib/idp-admin-api-%%PORTVERSION%%.jar
%%DATADIR%%/webapp/WEB-INF/lib/idp-admin-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-api-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-api-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-spring-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-api-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-impl-%%PORTVERSION%%.jar
-%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-spring-%%PORTVERSION%%.jar
%%DATADIR%%/webapp/WEB-INF/lib/idp-authn-api-%%PORTVERSION%%.jar
%%DATADIR%%/webapp/WEB-INF/lib/idp-authn-impl-%%PORTVERSION%%.jar
%%DATADIR%%/webapp/WEB-INF/lib/idp-cas-api-%%PORTVERSION%%.jar
*** 194 LINES SKIPPED ***