[tomcat] Move jsvc support to subpackage
Ivan Afonichev
van at fedoraproject.org
Wed Jan 11 22:58:15 UTC 2012
commit 94b7c9627f7802e2626cb64135c697436808c78b
Author: Ivan Afonichev <ivan.afonichev at gmail.com>
Date: Thu Jan 12 02:58:04 2012 +0400
Move jsvc support to subpackage
tomcat-7.0-jsvc.service | 19 +++++++
tomcat-7.0-jsvc.wrapper | 83 +++++++++++++++++++++++++++++++
tomcat-7.0-tomcat-jsvc-sysd | 113 +++++++++++++++++++++++++++++++++++++++++++
tomcat-7.0-tomcat-sysd | 12 -----
tomcat-7.0.wrapper | 9 ----
tomcat.spec | 39 +++++++++++++--
6 files changed, 250 insertions(+), 25 deletions(-)
---
diff --git a/tomcat-7.0-jsvc.service b/tomcat-7.0-jsvc.service
new file mode 100644
index 0000000..3792cef
--- /dev/null
+++ b/tomcat-7.0-jsvc.service
@@ -0,0 +1,19 @@
+# Systemd unit file for tomcat
+#
+# To create clones of this service:
+# 1) By default SERVICE_NAME=tomcat. When cloned, the value must be defined
+# before tomcat-sysd is called.
+# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat
+# to override tomcat defaults
+
+[Unit]
+Description=Apache Tomcat Web Application Container JSVC wrapper
+After=syslog.target network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/tomcat-jsvc-sysd start
+ExecStop=/usr/sbin/tomcat-jsvc-sysd stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/tomcat-7.0-jsvc.wrapper b/tomcat-7.0-jsvc.wrapper
new file mode 100644
index 0000000..56fcc09
--- /dev/null
+++ b/tomcat-7.0-jsvc.wrapper
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+if [ -r /usr/share/java-utils/java-functions ]; then
+ . /usr/share/java-utils/java-functions
+else
+ echo "Can't read Java functions library, aborting"
+ exit 1
+fi
+
+# Get the tomcat config (use this for environment specific settings)
+#if [ -z "${TOMCAT_CFG}" ]; then
+# TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+#fi
+
+#if [ -r "$TOMCAT_CFG" ]; then
+# . $TOMCAT_CFG
+#fi
+
+set_javacmd
+
+# CLASSPATH munging
+if [ -n "$JSSE_HOME" ]; then
+ CLASSPATH="${CLASSPATH}:$(build-classpath jcert jnet jsse 2>/dev/null)"
+fi
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)"
+
+# if jsvc installed and USE_JSVC=true
+# then use jsvc instead of calling java directly
+if [ -x /usr/bin/jsvc ]; then
+ JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
+ if [ "$1" = "stop" ]; then
+ JAVACMD="${JAVACMD} -stop"
+ fi
+fi
+
+if [ "$1" = "start" ]; then
+ ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \
+ -classpath "$CLASSPATH" \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \
+ -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \
+ org.apache.catalina.startup.Bootstrap start \
+ >> ${CATALINA_BASE}/logs/catalina.out 2>&1 &
+ if [ ! -z "$CATALINA_PID" ]; then
+ echo $! > $CATALINA_PID
+ fi
+elif [ "$1" = "start-security" ]; then
+ ${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \
+ -classpath "$CLASSPATH" \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ -Djava.security.manager \
+ -Djava.security.policy=="${CATALINA_BASE}/conf/catalina.policy" \
+ -Djava.util.logging.config.file="${CATALINA_BASE}/conf/logging.properties" \
+ -Djava.util.logging.manager="org.apache.juli.ClassLoaderLogManager" \
+ org.apache.catalina.startup.Bootstrap start \
+ >> ${CATALINA_BASE}/logs/catalina.out 2>&1 &
+ if [ ! -z "$CATALINA_PID" ]; then
+ echo $! > $CATALINA_PID
+ fi
+elif [ "$1" = "stop" ]; then
+ ${JAVACMD} $JAVA_OPTS \
+ -classpath "$CLASSPATH" \
+ -Dcatalina.base="$CATALINA_BASE" \
+ -Dcatalina.home="$CATALINA_HOME" \
+ -Djava.endorsed.dirs="$JAVA_ENDORSED_DIRS" \
+ -Djava.io.tmpdir="$CATALINA_TMPDIR" \
+ org.apache.catalina.startup.Bootstrap stop \
+ >> ${CATALINA_BASE}/logs/catalina.out 2>&1
+elif [ "$1" = "version" ]; then
+ ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
+ org.apache.catalina.util.ServerInfo
+else
+ echo "Usage: $0 {start|start-security|stop|version}"
+ exit 1
+fi
diff --git a/tomcat-7.0-tomcat-jsvc-sysd b/tomcat-7.0-tomcat-jsvc-sysd
new file mode 100644
index 0000000..9134d5b
--- /dev/null
+++ b/tomcat-7.0-tomcat-jsvc-sysd
@@ -0,0 +1,113 @@
+#!/bin/bash
+#
+# This script provides systemd activation of the tomcat service
+# To create clones of this service:
+# 1) SERVICE_NAME must be defined before calling this script
+# 2) Create /etc/sysconfig/${SERVICE_NAME} from /etc/sysconfig/tomcat
+# to override tomcat defaults
+
+# SERVICE_NAME is a required value only if the service name is
+# different from 'tomcat'
+#
+NAME="${SERVICE_NAME:-tomcat}"
+
+#I'll bet this isn't required.
+# unset ISBOOT
+
+# For SELinux we need to use 'runuser' not 'su'
+if [ -x "/sbin/runuser" ]; then
+ SU="/sbin/runuser -s /bin/sh"
+else
+ SU="/bin/su -s /bin/sh"
+fi
+
+# Path to the tomcat launch script
+TOMCAT_SCRIPT="/usr/sbin/tomcat-jsvc"
+
+# Define the tomcat username
+TOMCAT_USER="${TOMCAT_USER:-tomcat}"
+
+# TOMCAT_LOG should be different from catalina.out.
+# Usually the below config is all that is necessary
+TOMCAT_LOG=/var/log/${NAME}/${NAME}-sysd.log
+
+# Get the tomcat config (use this for environment specific settings)
+TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+if [ -r "$TOMCAT_CFG" ]; then
+ . $TOMCAT_CFG
+fi
+
+# Get instance specific config file
+if [ -r "/etc/sysconfig/${NAME}" ]; then
+ . /etc/sysconfig/${NAME}
+fi
+
+function parseOptions() {
+ options=""
+ options="$options $(
+ awk '!/^#/ && !/^$/ { ORS=" "; print "export ", $0, ";" }' \
+ $TOMCAT_CFG
+ )"
+ if [ -r "/etc/sysconfig/${NAME}" ]; then
+ options="$options $(
+ awk '!/^#/ && !/^$/ { ORS=" ";
+ print "export ", $0, ";" }' \
+ /etc/sysconfig/${NAME}
+ )"
+ fi
+ TOMCAT_SCRIPT="$options ${TOMCAT_SCRIPT}"
+}
+
+# See how we were called.
+function start() {
+ # fix permissions on the log and pid files
+ export CATALINA_PID="/var/run/${NAME}.pid"
+ touch $CATALINA_PID 2>&1
+ if [ "$?" -eq "0" ]; then
+ chown ${TOMCAT_USER}:${TOMCAT_USER} $CATALINA_PID
+ fi
+
+ touch $TOMCAT_LOG 2>&1
+ if [ "$?" -eq "0" ]; then
+ chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG
+ fi
+
+ # if jsvc installed and USE_JSVC=true
+ # then start as root and use jsvc to drop privileges
+ if [ -x /usr/bin/jsvc ]; then
+ TOMCAT_USER="root"
+ fi
+
+ parseOptions
+ if [ "$SECURITY_MANAGER" = "true" ]; then
+ $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1
+ else
+ $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start" >> $TOMCAT_LOG 2>&1
+ fi
+}
+
+function stop() {
+ # if jsvc installed and USE_JSVC=true
+ # then start as root and use jsvc to drop privileges
+ if [ -x /usr/bin/jsvc ]; then
+ TOMCAT_USER="root"
+ fi
+
+ parseOptions
+ $SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1
+}
+
+# See how we were called.
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+esac
+
diff --git a/tomcat-7.0-tomcat-sysd b/tomcat-7.0-tomcat-sysd
index af3ed17..1e79816 100644
--- a/tomcat-7.0-tomcat-sysd
+++ b/tomcat-7.0-tomcat-sysd
@@ -72,12 +72,6 @@ function start() {
chown ${TOMCAT_USER}:${TOMCAT_USER} $TOMCAT_LOG
fi
- # if jsvc installed and USE_JSVC=true
- # then start as root and use jsvc to drop privileges
- if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
- TOMCAT_USER="root"
- fi
-
parseOptions
if [ "$SECURITY_MANAGER" = "true" ]; then
$SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} start-security" >> $TOMCAT_LOG 2>&1
@@ -87,12 +81,6 @@ function start() {
}
function stop() {
- # if jsvc installed and USE_JSVC=true
- # then start as root and use jsvc to drop privileges
- if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
- TOMCAT_USER="root"
- fi
-
parseOptions
$SU - $TOMCAT_USER -c "${TOMCAT_SCRIPT} stop" >> $TOMCAT_LOG 2>&1
}
diff --git a/tomcat-7.0.wrapper b/tomcat-7.0.wrapper
index 5a81ae2..ad3091b 100644
--- a/tomcat-7.0.wrapper
+++ b/tomcat-7.0.wrapper
@@ -26,15 +26,6 @@ CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
CLASSPATH="${CLASSPATH}:$(build-classpath commons-daemon 2>/dev/null)"
-# if jsvc installed and USE_JSVC=true
-# then use jsvc instead of calling java directly
-if [ -x /usr/bin/jsvc ] && [ "$USE_JSVC" = "true" ]; then
- JAVACMD="/usr/bin/jsvc -nodetach -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
- if [ "$1" = "stop" ]; then
- JAVACMD="${JAVACMD} -stop"
- fi
-fi
-
if [ "$1" = "start" ]; then
${JAVACMD} $JAVA_OPTS $CATALINA_OPTS \
-classpath "$CLASSPATH" \
diff --git a/tomcat.spec b/tomcat.spec
index 51a7fc6..18ac73f 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -54,7 +54,7 @@
Name: tomcat
Epoch: 0
Version: %{major_version}.%{minor_version}.%{micro_version}
-Release: 2%{?dist}
+Release: 4%{?dist}
Summary: Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
Group: System Environment/Daemons
@@ -78,6 +78,11 @@ Source14: jasper-OSGi-MANIFEST.MF
Source15: tomcat-api-OSGi-MANIFEST.MF
Source16: tomcat-juli-OSGi-MANIFEST.MF
Source17: %{name}-%{major_version}.%{minor_version}-tomcat-sysd
+Source18: %{name}-%{major_version}.%{minor_version}-tomcat-jsvc-sysd
+Source19: %{name}-%{major_version}.%{minor_version}-jsvc.wrapper
+Source20: %{name}-%{major_version}.%{minor_version}-jsvc.service
+
+
Patch0: %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
Patch1: %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
#https://issues.apache.org/bugzilla/show_bug.cgi?id=52450
@@ -160,6 +165,17 @@ Requires: %{name} = %{epoch}:%{version}-%{release}
%description systemv
SystemV scripts to start and stop tomcat service
+%package jsvc
+Group: System Environment/Daemons
+Summary: Apache jsvc wrapper for Apache Tomcat as separate service
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: apache-commons-daemon-jsvc
+
+%description jsvc
+Systemd service and wrapper scripts to start tomcat with jsvc,
+which allows tomcat to perform some privileged operations
+(e.g. bind to a port < 1024) and then switch identity to a non-privileged user.
+
%package jsp-%{jspspec}-api
Group: Development/Libraries
Summary: Apache Tomcat JSP API implementation classes
@@ -351,6 +367,12 @@ popd
${RPM_BUILD_ROOT}%{_unitdir}/%{name}.service
%{__install} -m 0644 %{SOURCE17} \
${RPM_BUILD_ROOT}%{_sbindir}/%{name}-sysd
+%{__install} -m 0644 %{SOURCE19} \
+ ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-jsvc
+%{__install} -m 0644 %{SOURCE20} \
+ ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-jsvc.service
+%{__install} -m 0644 %{SOURCE18} \
+ ${RPM_BUILD_ROOT}%{_sbindir}/%{name}-jsvc-sysd
%{__ln_s} %{name} ${RPM_BUILD_ROOT}%{_sbindir}/d%{name}
%{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE5} \
> ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}
@@ -616,7 +638,19 @@ fi
%{_sbindir}/d%{name}
%{_initrddir}/%{name}
+%files jsvc
+%defattr(755,root,root,0755)
+%{_sbindir}/%{name}-jsvc
+%{_sbindir}/%{name}-jsvc-sysd
+%attr(0644,root,root) %{_unitdir}/%{name}-jsvc.service
+
%changelog
+* Wed Jan 12 2012 Ivan Afonichev <ivan.afonichev at gmail.com> 0:7.0.23-4
+- Move jsvc support to subpackage
+
+* Wed Jan 11 2012 Alexander Kurtakov <akurtako at redhat.com> 0:7.0.23-2
+- Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).
+
* Mon Dec 12 2011 Joseph D. Wagner <joe at josephdwagner.info> 0:7.0.23-3
- Added support to /usr/sbin/tomcat-sysd and /usr/sbin/tomcat for
starting tomcat with jsvc, which allows tomcat to perform some
@@ -624,9 +658,6 @@ fi
identity to a non-privileged user. Must add USE_JSVC="true" to
/etc/tomcat/tomcat.conf or /etc/sysconfig/tomcat.
-* Wed Jan 11 2012 Alexander Kurtakov <akurtako at redhat.com> 0:7.0.23-2
-- Add EntityResolver setter patch to jasper for jetty's need. (patch sent upstream).
-
* Mon Nov 28 2011 Ivan Afonichev <ivan.afonichev at gmail.com> 0:7.0.23-1
- Updated to 7.0.23
More information about the scm-commits
mailing list