diff options
14 files changed, 416 insertions, 337 deletions
diff --git a/security/shibboleth-idp/Makefile b/security/shibboleth-idp/Makefile index 12bcdcb8c0c2..3a90e04f22e5 100644 --- a/security/shibboleth-idp/Makefile +++ b/security/shibboleth-idp/Makefile @@ -1,9 +1,8 @@ PORTNAME= shibboleth -PORTVERSION= 4.3.3 -PORTREVISION= 1 +PORTVERSION= 5.1.3 CATEGORIES= security www MASTER_SITES= http://shibboleth.net/downloads/identity-provider/${PORTVERSION}/ \ - http://shibboleth.net/downloads/identity-provider/latest4/${PORTVERSION}/ \ + http://shibboleth.net/downloads/identity-provider/latest5/${PORTVERSION}/ \ http://shibboleth.net/downloads/identity-provider/archive/${PORTVERSION}/ \ https://repo1.maven.org/maven2/ch/qos/logback/logback-core/${LOGBACKVER}/:logback_core \ https://repo1.maven.org/maven2/ch/qos/logback/logback-classic/${LOGBACKVER}/:logback_classic @@ -19,9 +18,9 @@ WWW= http://shibboleth.internet2.edu/ LICENSE= APACHE20 -BUILD_DEPENDS= jetty10>=0:www/jetty10 +BUILD_DEPENDS= jetty12>=0:www/jetty12 RUN_DEPENDS= bash:shells/bash \ - jetty10>=0:www/jetty10 + jetty12>=0:www/jetty12 USE_RC_SUBR= shibboleth-idp CPE_VENDOR= shibboleth @@ -30,7 +29,7 @@ WRKSRC= ${WRKDIR}/shibboleth-identity-provider-${PORTVERSION} NO_ARCH= yes NO_BUILD= yes -LOGBACKVER= 1.4.0 +LOGBACKVER= 1.5.6 SHIBUSER= shibd SHIBGROUP= shibd LOGDIR= /var/log/${PORTNAME} @@ -50,6 +49,7 @@ do-install: @${MKDIR} ${STAGEDIR}${DATADIR} ${STAGEDIR}${ETCDIR} @${MKDIR} ${STAGEDIR}${LOGDIR} ${STAGEDIR}${RUNDIR} @${MKDIR} ${STAGEDIR}${WWWDIR}/lib/logging + @${MKDIR} ${STAGEDIR}${WWWDIR}/jsp @${MKDIR} ${STAGEDIR}${EXAMPLESDIR} .for dir in conf credentials etc modules resources start.d webapps/ROOT @${MKDIR} ${STAGEDIR}${WWWDIR}/${dir} diff --git a/security/shibboleth-idp/distinfo b/security/shibboleth-idp/distinfo index 534ea430b4a2..6ba4a2165721 100644 --- a/security/shibboleth-idp/distinfo +++ b/security/shibboleth-idp/distinfo @@ -1,7 +1,7 @@ -TIMESTAMP = 1713232393 -SHA256 (shibboleth-identity-provider-4.3.3.tar.gz) = 815abe9c707c8741278eda8b9120be7d99f09238d2974ccc3a93b37d549cc149 -SIZE (shibboleth-identity-provider-4.3.3.tar.gz) = 60927078 -SHA256 (logback-classic-1.4.0.jar) = 9ce4cfee4834195753b5be5016ded641e8456d9e82995821838dc662e866e212 -SIZE (logback-classic-1.4.0.jar) = 262118 -SHA256 (logback-core-1.4.0.jar) = 14e09a7896bee6ef2e005b48fc5560fe2299a57a826bc4c1f1c6d43002f0512c -SIZE (logback-core-1.4.0.jar) = 559203 +TIMESTAMP = 1725384814 +SHA256 (shibboleth-identity-provider-5.1.3.tar.gz) = cc72f0b15fda49b43bdd38cef3bdc62cbe01684b59c3d024b5de1ffdba42206e +SIZE (shibboleth-identity-provider-5.1.3.tar.gz) = 44250595 +SHA256 (logback-classic-1.5.6.jar) = 6115c6cac5ed1d9db810d14f2f7f4dd6a9f21f0acbba8016e4daaca2ba0f5eb8 +SIZE (logback-classic-1.5.6.jar) = 293697 +SHA256 (logback-core-1.5.6.jar) = 898c7d120199f37e1acc8118d97ab15a4d02b0e72e27ba9f05843cb374e160c6 +SIZE (logback-core-1.5.6.jar) = 609942 diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod b/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod deleted file mode 100644 index dccc34ae12b7..000000000000 --- a/security/shibboleth-idp/files/jetty-base/modules/idp-logging.mod +++ /dev/null @@ -1,9 +0,0 @@ -[description] -Shibboleth IdP Logging - -[depend] -console-capture -logback-access - -[files] -/var/log/shibboleth/ diff --git a/security/shibboleth-idp/files/jetty-base/modules/idp.mod b/security/shibboleth-idp/files/jetty-base/modules/idp.mod index 57a601105222..51fb66e4945d 100644 --- a/security/shibboleth-idp/files/jetty-base/modules/idp.mod +++ b/security/shibboleth-idp/files/jetty-base/modules/idp.mod @@ -2,16 +2,18 @@ Shibboleth IdP [depend] -annotations -deploy +ee9-annotations +ee9-deploy ext +ee9-webapp +http #https -jsp -jstl -plus +ee9-jsp +ee9-jstl +ee9-plus resources server -servlets +ee9-servlets #ssl [files] diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml b/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml deleted file mode 100644 index cec9236337fa..000000000000 --- a/security/shibboleth-idp/files/jetty-base/resources/logback-access.xml +++ /dev/null @@ -1,13 +0,0 @@ -<configuration> - <statusListener class="ch.qos.logback.core.status.OnConsoleStatusListener" /> - <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender"> - <file>/var/log/shibboleth/access.log</file> - <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> - <fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern> - </rollingPolicy> - <encoder> - <pattern>combined</pattern> - </encoder> - </appender> - <appender-ref ref="FILE" /> -</configuration> diff --git a/security/shibboleth-idp/files/jetty-base/resources/logback.xml b/security/shibboleth-idp/files/jetty-base/resources/logback.xml index 9a530677c4a9..5d973afeecf3 100644 --- a/security/shibboleth-idp/files/jetty-base/resources/logback.xml +++ b/security/shibboleth-idp/files/jetty-base/resources/logback.xml @@ -10,9 +10,25 @@ <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n</Pattern> </encoder> </appender> + + <appender name="jetty-access" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>/var/log/shibboleth/access.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>/var/log/shibboleth/access-%d{yyyy-MM-dd}.log.gz</fileNamePattern> + </rollingPolicy> + <encoder> + <pattern>%msg%n</pattern> + </encoder> + </appender> + <root level="INFO"> <appender-ref ref="jetty" /> </root> + + <logger name="org.eclipse.jetty.server.RequestLog" level="INFO" additivity="false"> + <appender-ref ref="jetty-access" /> + </logger> + <logger name="org.springframework" level="OFF" /> <logger name="ch.qos.logback" level="WARN" /> </configuration> diff --git a/security/shibboleth-idp/files/jetty-base/start.d/http.ini b/security/shibboleth-idp/files/jetty-base/start.d/http.ini index fd91753eb783..3369d64a4a18 100644 --- a/security/shibboleth-idp/files/jetty-base/start.d/http.ini +++ b/security/shibboleth-idp/files/jetty-base/start.d/http.ini @@ -6,9 +6,5 @@ --module=http --module=http-forwarded -# Allows use of default IdP command line tools. -jetty.http.host=127.0.0.1 -jetty.http.port=8080 - # Hide server version jetty.httpConfig.sendServerVersion=false diff --git a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini index e87aa186019d..33b3a39fb8df 100644 --- a/security/shibboleth-idp/files/jetty-base/start.d/idp.ini +++ b/security/shibboleth-idp/files/jetty-base/start.d/idp.ini @@ -31,5 +31,9 @@ jetty.ssl.host=127.0.0.1 ## Connector port to listen on jetty.ssl.port=443 -# logging +## Route request logging through standard logging API etc/jetty-requestlog.xml + +# Allows use of default IdP command line tools. +jetty.http.host=127.0.0.1 +jetty.http.port=8080 diff --git a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml index f5ba928e0b73..08676d1e3c26 100644 --- a/security/shibboleth-idp/files/jetty-base/webapps/idp.xml +++ b/security/shibboleth-idp/files/jetty-base/webapps/idp.xml @@ -1,10 +1,10 @@ <?xml version="1.0"?> -<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd"> +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd"> <!-- =============================================================== --> <!-- Configure the Shibboleth IdP webapp --> <!-- =============================================================== --> -<Configure class="org.eclipse.jetty.webapp.WebAppContext"> - <Set name="war"><SystemProperty name="idp.war.path" default="war/idp.war" /></Set> +<Configure class="org.eclipse.jetty.ee9.webapp.WebAppContext"> + <Set name="war"><SystemProperty name="idp.home" default="/usr/local/www/shibboleth" />/war/idp.war</Set> <Set name="contextPath"><SystemProperty name="idp.context.path" default="/idp" /></Set> <Set name="extractWAR">false</Set> <Set name="copyWebDir">false</Set> diff --git a/security/shibboleth-idp/files/jetty-base/webapps/static.xml b/security/shibboleth-idp/files/jetty-base/webapps/static.xml index 3c53036abb35..f4f90fcb1ee3 100644 --- a/security/shibboleth-idp/files/jetty-base/webapps/static.xml +++ b/security/shibboleth-idp/files/jetty-base/webapps/static.xml @@ -1,5 +1,5 @@ <?xml version="1.0"?> -<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd"> +<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "https://www.eclipse.org/jetty/configure_10_0.dtd"> <!-- =============================================================== --> <!-- Configure static content delivery --> <!-- =============================================================== --> @@ -7,10 +7,10 @@ <Set name="contextPath">/</Set> <Set name="handler"> <New class="org.eclipse.jetty.server.handler.ResourceHandler"> - <Set name="resourceBase"> - <Property name="jetty.base"/>/<Property name="jetty.static.data.path" default="../static"/> + <Set name="baseResourceAsString"> + <SystemProperty name="jetty.base"/>/<Property name="jetty.static.data.path" default="static"/> </Set> - <Set name="directoriesListed">false</Set> + <Set name="dirAllowed">false</Set> </New> </Set> </Configure> diff --git a/security/shibboleth-idp/files/shibboleth-idp.in b/security/shibboleth-idp/files/shibboleth-idp.in index c8904167e00c..e0b425e5eeb4 100644 --- a/security/shibboleth-idp/files/shibboleth-idp.in +++ b/security/shibboleth-idp/files/shibboleth-idp.in @@ -80,8 +80,13 @@ shibboleth_idp_initupgrade() { /bin/rm -f %%WWWDIR%%/idp.ini.bak PATH="${PATH}:%%LOCALBASE%%/bin" - %%DATADIR%%/bin/install.sh -Didp.keysize=${shibboleth_idp_keysize} -Didp.target.dir=%%WWWDIR%% -Didp.src.dir=%%DATADIR%% -Didp.conf.credentials.group=%%SHIBUSER%% -Didp.conf.credentials.filemode=640 -Didp.keystore.password=${KEYSTORE} -Didp.sealer.password=${COOKIE} -Didp.host.name=${shibboleth_idp_hostname} -Didp.scope=${shibboleth_idp_scope} -Didp.entityID=${shibboleth_idp_entityid} -Didp.noprompt - /usr/bin/sed -i'.bak' -e "s|:8443||g" %%WWWDIR%%/metadata/idp-metadata.xml + printf "idp.target.dir=%%WWWDIR%%\nidp.keysize=${shibboleth_idp_keysize}\nidp.src.dir=%%DATADIR%%\nidp.conf.credentials.group=%%SHIBUSER%%\nidp.conf.credentials.filemode=640\nidp.scope=${shibboleth_idp_scope}\nidp.host.name=${shibboleth_idp_hostname}\nidp.entityID=${shibboleth_idp_entityid}\n\n# EOF\n" > %%WWWDIR%%/install.properties + if [ ! -f %%WWWDIR%%/credentials/secrets.properties ]; then + install -o root -g ${shibboleth_idp_group} -m 440 /dev/null %%WWWDIR%%/credentials/secrets.properties + printf "idp.keystore.password=${KEYSTORE}\nidp.sealer.password=${COOKIE}\n">%%WWWDIR%%/credentials/secrets.properties + fi + %%DATADIR%%/bin/install.sh --propertyFile %%WWWDIR%%/install.properties --propertyFiles %%WWWDIR%%/credentials/secrets.properties + /usr/bin/sed -i'.bak' -e "s|idp.scope = example.org|idp.scope=${shibboleth_idp_scope}|g" %%WWWDIR%%/conf/idp.properties } run_rc_command "$1" diff --git a/security/shibboleth-idp/files/shibboleth-idp.sh b/security/shibboleth-idp/files/shibboleth-idp.sh index 13a08d5c8f18..71341ffa127f 100755 --- a/security/shibboleth-idp/files/shibboleth-idp.sh +++ b/security/shibboleth-idp/files/shibboleth-idp.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/local/bin/bash # LSB Tags ### BEGIN INIT INFO @@ -118,35 +118,143 @@ findDirectory() done } +# test if process specified in PID file is still running running() { - if [ -f "$1" ] - then - local PID=$(cat "$1" 2>/dev/null) || return 1 - kill -0 "$PID" 2>/dev/null - return + local PIDFILE=$1 + if [ -r "$PIDFILE" ] ; then + local PID=$(tail -1 "$PIDFILE") + if kill -0 "$PID" 2>/dev/null ; then + return 0 + fi fi - rm -f "$1" return 1 } +# Test state file (after timeout) for started state started() { - # wait for 60s to see "STARTED" in PID file, needs jetty-started.xml as argument - for ((T = 0; T < $(($3 / 4)); T++)) + local STATEFILE=$1 + local PIDFILE=$2 + local STARTTIMEOUT=$3 + + if (( DEBUG )) ; then + echo "Looking for $STATEFILE" + echo -n "State Parent Directory: " + ls -lad $(dirname $STATEFILE) + fi + + # wait till timeout to see "STARTED" in state file, needs --module=state as argument + for ((T = 0; T < $STARTTIMEOUT; T++)) do - sleep 4 - [ -z "$(tail -1 $1 | grep STARTED 2>/dev/null)" ] || return 0 - [ -z "$(tail -1 $1 | grep STOPPED 2>/dev/null)" ] || return 1 - [ -z "$(tail -1 $1 | grep FAILED 2>/dev/null)" ] || return 1 - local PID=$(cat "$2" 2>/dev/null) || return 1 - kill -0 "$PID" 2>/dev/null || return 1 - echo -n ". " + echo -n "." + sleep 1 + if [ -r $STATEFILE ] ; then + STATENOW=$(tail -1 $STATEFILE) + (( DEBUG )) && echo "State (now): $STATENOW" + case "$STATENOW" in + STARTED*) + echo " started" + return 0;; + STOPPED*) + echo " stopped" + return 1;; + FAILED*) + echo " failed" + return 1;; + esac + else + (( DEBUG )) && echo "Unable to read State File: $STATEFILE" + fi done - + (( DEBUG )) && echo "Timeout $STARTTIMEOUT expired waiting for start state from $STATEFILE" + echo " timeout" + if running "$PIDFILE" ; then + echo "INFO: Server process is running" + else + echo "** ERROR: Server process is NOT running" + fi return 1; } +pidKill() +{ + local PIDFILE=$1 + local TIMEOUT=$2 + + if [ -r $PIDFILE ] ; then + local PID=$(tail -1 "$PIDFILE") + if [ -z "$PID" ] ; then + echo "** ERROR: no pid found in $PIDFILE" + return 1 + fi + + # Try default kill first + if kill -0 "$PID" 2>/dev/null ; then + (( DEBUG )) && echo "PID=$PID is running, sending kill" + kill "$PID" 2>/dev/null + else + rm -f $PIDFILE 2> /dev/null + return 0 + fi + + # Perform harsh kill next + while kill -0 "$PID" 2>/dev/null + do + if (( TIMEOUT-- == 0 )) ; then + (( DEBUG )) && echo "PID=$PID is running, sending kill signal=KILL (TIMEOUT=$TIMEOUT)" + kill -KILL "$PID" 2>/dev/null + fi + echo -n "." + sleep 1 + done + echo "Killed $PID" + return 0 + else + (( DEBUG )) && echo "Unable to read PID File: $PIDFILE" + return 1 + fi +} + +testFileSystemPermissions() +{ + # Don't test file system permissions if user is root + if [ $UID -eq 0 ] ; then + (( DEBUG )) && echo "Not testing file system permissions: uid is 0" + return 0 + fi + + # Don't test if JETTY_USER is specified + # as the Jetty process will switch to a different user id on startup + if [ -n "$JETTY_USER" ] ; then + (( DEBUG )) && echo "Not testing file system permissions: JETTY_USER=$JETTY_USER" + return 0 + fi + + # Don't test if setuid is specified + # as the Jetty process will switch to a different user id on startup + if expr -- "${JETTY_ARGS[*]}" : '.*setuid.*' >/dev/null + then + (( DEBUG )) && echo "Not testing file system permissions: setuid in use" + return 0 + fi + + # Test if PID can be written from this userid + if ! touch "$JETTY_PID" + then + echo "** ERROR: Unable to touch file: $JETTY_PID" + echo " Correct issues preventing use of \$JETTY_PID and try again." + exit 1 + fi + + # Test if STATE can be written from this userid + if ! touch "$JETTY_STATE" + then + echo "** ERROR: Unable to touch file: $JETTY_STATE" + echo " Correct issues preventing use of \$JETTY_STATE and try again." + exit 1 + fi +} readConfig() { @@ -156,31 +264,36 @@ readConfig() dumpEnv() { - echo "JAVA = $JAVA" - echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}" - echo "JETTY_HOME = $JETTY_HOME" - echo "JETTY_BASE = $JETTY_BASE" - echo "START_D = $START_D" - echo "START_INI = $START_INI" - echo "JETTY_START = $JETTY_START" - echo "JETTY_CONF = $JETTY_CONF" - echo "JETTY_ARGS = ${JETTY_ARGS[*]}" - echo "JETTY_RUN = $JETTY_RUN" - echo "JETTY_PID = $JETTY_PID" - echo "JETTY_START_LOG = $JETTY_START_LOG" - echo "JETTY_STATE = $JETTY_STATE" - echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT" - echo "RUN_CMD = ${RUN_CMD[*]}" + echo "JAVA = $JAVA" + echo "JAVA_OPTIONS = ${JAVA_OPTIONS[*]}" + echo "JETTY_HOME = $JETTY_HOME" + echo "JETTY_BASE = $JETTY_BASE" + echo "START_D = $START_D" + echo "START_INI = $START_INI" + echo "JETTY_START = $JETTY_START" + echo "JETTY_CONF = $JETTY_CONF" + echo "JETTY_ARGS = ${JETTY_ARGS[*]}" + echo "JETTY_RUN = $JETTY_RUN" + echo "JETTY_PID = $JETTY_PID" + echo "JETTY_START_LOG = $JETTY_START_LOG" + echo "JETTY_STATE = $JETTY_STATE" + echo "JETTY_START_TIMEOUT = $JETTY_START_TIMEOUT" + echo "JETTY_SYS_PROPS = $JETTY_SYS_PROPS" + echo "RUN_ARGS = ${RUN_ARGS[*]}" + echo "ID = $(id)" + echo "JETTY_USER = $JETTY_USER" + echo "USE_START_STOP_DAEMON = $USE_START_STOP_DAEMON" + echo "START_STOP_DAEMON = $START_STOP_DAEMON_AVAILABLE" } - ################################################## # Get the action & configs ################################################## CONFIGS=() NO_START=0 DEBUG=0 +USE_START_STOP_DAEMON=1 while [[ $1 = -* ]]; do case $1 in @@ -300,7 +413,15 @@ fi if [ -z "$JETTY_RUN" ] then JETTY_RUN=$(findDirectory -w /var/run /usr/var/run $JETTY_BASE /tmp)/jetty - [ -d "$JETTY_RUN" ] || mkdir $JETTY_RUN +fi + +if [ ! -d "$JETTY_RUN" ] ; then + if ! mkdir $JETTY_RUN + then + echo "** ERROR: Unable to create directory: $JETTY_RUN" + echo " Correct issues preventing the creation of \$JETTY_RUN and try again." + exit 1 + fi fi ##################################################### @@ -328,14 +449,14 @@ case "`uname`" in CYGWIN*) JETTY_STATE="`cygpath -w $JETTY_STATE`";; esac - -JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE") +JETTY_ARGS=(${JETTY_ARGS[*]} "jetty.state=$JETTY_STATE" "jetty.pid=$JETTY_PID") ################################################## # Get the list of config.xml files from jetty.conf ################################################## if [ -f "$JETTY_CONF" ] && [ -r "$JETTY_CONF" ] then + (( DEBUG )) && echo "$JETTY_CONF: (begin read) JETTY_ARGS.length=${#JETTY_ARGS[@]}" while read -r CONF do if expr -- "$CONF" : '#' >/dev/null ; then @@ -351,16 +472,17 @@ then do if [ -r "$XMLFILE" ] && [ -f "$XMLFILE" ] then - JETTY_ARGS=(${JETTY_ARGS[*]} "$XMLFILE") + JETTY_ARGS[${#JETTY_ARGS[@]}]=$XMLFILE else echo "** WARNING: Cannot read '$XMLFILE' specified in '$JETTY_CONF'" fi done else # assume it's a command line parameter (let start.jar deal with its validity) - JETTY_ARGS=(${JETTY_ARGS[*]} "$CONF") + JETTY_ARGS[${#JETTY_ARGS[@]}]=$CONF fi done < "$JETTY_CONF" + (( DEBUG )) && echo "$JETTY_CONF: (finished read) JETTY_ARGS.length=${#JETTY_ARGS[@]}" fi ################################################## @@ -414,9 +536,6 @@ TMPDIR="`cygpath -w $TMPDIR`" ;; esac -BASE_JETTY_SYS_PROPS=$(echo -ne "-Djetty.home=$JETTY_HOME" "-Djetty.base=$JETTY_BASE" "-Djava.io.tmpdir=$TMPDIR") -JETTY_SYS_PROPS=(${JETTY_SYS_PROPS[*]} $BASE_JETTY_SYS_PROPS) - ##################################################### # This is how the Jetty server will be started ##################################################### @@ -434,15 +553,31 @@ case "`uname`" in CYGWIN*) JETTY_START="`cygpath -w $JETTY_START`";; esac -RUN_ARGS=$("$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args ${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}) -RUN_CMD=("$JAVA" $JETTY_SYS_PROPS ${RUN_ARGS[@]}) +# Determine if we can use start-stop-daemon or not +START_STOP_DAEMON_AVAILABLE=0 + +if (( USE_START_STOP_DAEMON )) +then + # only if root user is executing jetty.sh, and the start-stop-daemon exists + if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1 + then + START_STOP_DAEMON_AVAILABLE=1 + else + USE_START_STOP_DAEMON=0 + fi +fi + +# Collect the dry-run (of opts,path,main,args) from the jetty.base configuration +JETTY_DRY_RUN=$(echo "${JETTY_ARGS[*]} ${JAVA_OPTIONS[*]}" | xargs "$JAVA" -jar "$JETTY_START" --dry-run=opts,path,main,args,envs) +RUN_ARGS=($JETTY_SYS_PROPS ${JETTY_DRY_RUN[@]}) -##################################################### -# Comment these out after you're happy with what -# the script is doing. -##################################################### if (( DEBUG )) then + if expr -- "${RUN_ARGS[*]}" : '.*/etc/console-capture.xml.*' > /dev/null + then + echo "WARNING: Disable console-capture module for best DEBUG results" + fi + echo "IDs are $(id)" dumpEnv fi @@ -451,14 +586,29 @@ fi ################################################## case "$ACTION" in start) - echo -n "Starting Jetty: " - if (( NO_START )); then echo "Not starting ${NAME} - NO_START=1"; exit fi - if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1 + testFileSystemPermissions + + if running $JETTY_PID + then + echo "Already Running $(cat $JETTY_PID)!" + exit 1 + fi + + # remove any lingering state file + if [ -f $JETTY_STATE ] + then + rm $JETTY_STATE + fi + + echo -n "Starting Jetty: " + + # Startup from a service file + if (( USE_START_STOP_DAEMON )) then unset CH_USER if [ -n "$JETTY_USER" ] @@ -466,22 +616,19 @@ case "$ACTION" in CH_USER="--chuid $JETTY_USER" fi - start-stop-daemon --start $CH_USER \ - --pidfile "$JETTY_PID" \ + # use of --pidfile /dev/null disables internal pidfile + # management of the start-stop-daemon (see man page) + echo ${RUN_ARGS[@]} | xargs start-stop-daemon \ + --start $CH_USER \ + --pidfile /dev/null \ --chdir "$JETTY_BASE" \ --background \ - --make-pidfile \ + --output "${JETTY_RUN}/start-stop.log" \ --startas "$JAVA" \ - -- ${RUN_ARGS[@]} start-log-file="$JETTY_START_LOG" - + -- + (( DEBUG )) && echo "Starting: start-stop-daemon" else - - if running $JETTY_PID - then - echo "Already Running $(cat $JETTY_PID)!" - exit 1 - fi - + # Startup if switching users (not as a service, or from root) if [ -n "$JETTY_USER" ] && [ `whoami` != "$JETTY_USER" ] then unset SU_SHELL @@ -490,29 +637,30 @@ case "$ACTION" in SU_SHELL="-s $JETTY_SHELL" fi - touch "$JETTY_PID" chown "$JETTY_USER" "$JETTY_PID" - # FIXME: Broken solution: wordsplitting, pathname expansion, arbitrary command execution, etc. su - "$JETTY_USER" $SU_SHELL -c " cd \"$JETTY_BASE\" - exec ${RUN_CMD[*]} start-log-file=\"$JETTY_START_LOG\" > /dev/null & - disown \$! - echo \$! > \"$JETTY_PID\"" + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & + PID=\$! + disown \$PID" + (( DEBUG )) && echo "Starting: su shell (w/user $JETTY_USER) on PID $PID" else - "${RUN_CMD[@]}" > /dev/null & - disown $! - echo $! > "$JETTY_PID" + # Startup if not switching users + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & + PID=$! + disown $PID + (( DEBUG )) && echo "Starting: java command on PID $PID" fi - fi - if expr "${JETTY_ARGS[*]}" : '.*jetty-started.xml.*' >/dev/null + if expr -- "${JETTY_ARGS[*]}" : '.*jetty\.state=.*' >/dev/null then if started "$JETTY_STATE" "$JETTY_PID" "$JETTY_START_TIMEOUT" then echo "OK `date`" else echo "FAILED `date`" + pidKill $JETTY_PID 30 exit 1 fi else @@ -523,38 +671,42 @@ case "$ACTION" in stop) echo -n "Stopping Jetty: " - if [ $UID -eq 0 ] && type start-stop-daemon > /dev/null 2>&1; then - start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s HUP - - TIMEOUT=30 - while running "$JETTY_PID"; do - if (( TIMEOUT-- == 0 )); then - start-stop-daemon -K -p"$JETTY_PID" -d"$JETTY_HOME" -a "$JAVA" -s KILL - fi + if [ ! -r "$JETTY_PID" ] ; then + echo "** ERROR: no pid found at $JETTY_PID" + exit 1 + fi - sleep 1 - done - else - if [ ! -f "$JETTY_PID" ] ; then - echo "ERROR: no pid found at $JETTY_PID" - exit 1 - fi + PID=$(tail -1 "$JETTY_PID") + if [ -z "$PID" ] ; then + echo "** ERROR: no pid found in $JETTY_PID" + exit 1 + fi - PID=$(cat "$JETTY_PID" 2>/dev/null) - if [ -z "$PID" ] ; then - echo "ERROR: no pid id found in $JETTY_PID" - exit 1 - fi - kill "$PID" 2>/dev/null + # Stopping service started with start-stop-daemon + if (( USE_START_STOP_DAEMON )) ; then + (( DEBUG )) && echo "Issuing HUP to $PID" + start-stop-daemon --stop \ + --pid "$PID" \ + --chdir "$JETTY_BASE" \ + --startas "$JAVA" \ + --signal HUP TIMEOUT=30 - while running $JETTY_PID; do + while running "$JETTY_PID"; do + (( DEBUG )) && echo "Issuing KILL to $PID" if (( TIMEOUT-- == 0 )); then - kill -KILL "$PID" 2>/dev/null + start-stop-daemon --stop \ + --pid "$PID" \ + --chdir "$JETTY_BASE" \ + --startas "$JAVA" \ + --signal KILL fi sleep 1 done + else + # Stopping from non-service start + pidKill "$JETTY_PID" 30 fi rm -f "$JETTY_PID" @@ -565,7 +717,7 @@ case "$ACTION" in restart) JETTY_SH=$0 - > "$JETTY_STATE" + echo "restart" >> "$JETTY_STATE" if [ ! -f $JETTY_SH ]; then if [ ! -f $JETTY_HOME/bin/jetty.sh ]; then echo "$JETTY_HOME/bin/jetty.sh does not exist." @@ -584,7 +736,7 @@ case "$ACTION" in # Under control of daemontools supervise monitor which # handles restarts and shutdowns via the svc program. # - exec "${RUN_CMD[@]}" + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & ;; @@ -597,7 +749,7 @@ case "$ACTION" in exit 1 fi - exec "${RUN_CMD[@]}" + echo ${RUN_ARGS[*]} | xargs ${JAVA} > /dev/null & ;; check|status) diff --git a/security/shibboleth-idp/files/shibboleth.in b/security/shibboleth-idp/files/shibboleth.in index e63c0b1c1b98..424e30b7296e 100644 --- a/security/shibboleth-idp/files/shibboleth.in +++ b/security/shibboleth-idp/files/shibboleth.in @@ -4,6 +4,7 @@ # JAVA # Command to invoke Java. If not set, java (from the PATH) will be used. # +JAVA=%%LOCALBASE%%/bin/java # JAVA_OPTIONS # Extra options to pass to the JVM diff --git a/security/shibboleth-idp/pkg-plist b/security/shibboleth-idp/pkg-plist index ed38e20aef23..e45c1c7549ee 100644 --- a/security/shibboleth-idp/pkg-plist +++ b/security/shibboleth-idp/pkg-plist @@ -1,80 +1,19 @@ +%%ETCDIR%%/shibboleth-idp +sbin/shibboleth-idp.sh %%DATADIR%%/LICENSE.txt -%%DATADIR%%/bin/aacli.bat -%%DATADIR%%/bin/aacli.sh -%%DATADIR%%/bin/ant-jetty.xml -%%DATADIR%%/bin/ant.bat -%%DATADIR%%/bin/ant.sh -%%DATADIR%%/bin/build.bat -%%DATADIR%%/bin/build.sh -%%DATADIR%%/bin/build.xml -%%DATADIR%%/bin/install-log.xml %%DATADIR%%/bin/install.bat %%DATADIR%%/bin/install.sh -%%DATADIR%%/bin/keygen.bat -%%DATADIR%%/bin/keygen.sh @comment %%DATADIR%%/bin/lib/.gitkeep %%DATADIR%%/bin/lib/ant-1.10.14.jar %%DATADIR%%/bin/lib/ant-launcher-1.10.14.jar -%%DATADIR%%/bin/lib/bcpg-jdk18on-1.72.2.jar -%%DATADIR%%/bin/lib/commons-compress-1.26.1.jar +%%DATADIR%%/bin/lib/bcpg-jdk18on-1.77.jar +%%DATADIR%%/bin/lib/commons-compress-1.26.2.jar %%DATADIR%%/bin/lib/commons-io-2.15.1.jar +%%DATADIR%%/bin/lib/idp-cli-%%PORTVERSION%%.jar %%DATADIR%%/bin/lib/idp-installer-%%PORTVERSION%%.jar %%DATADIR%%/bin/lib/jcommander-1.81.jar -%%DATADIR%%/bin/mdquery.bat -%%DATADIR%%/bin/mdquery.sh -%%DATADIR%%/bin/module.bat -%%DATADIR%%/bin/module.sh -%%DATADIR%%/bin/plugin.bat -%%DATADIR%%/bin/plugin.sh -%%DATADIR%%/bin/reload-metadata.bat -%%DATADIR%%/bin/reload-metadata.sh -%%DATADIR%%/bin/reload-service.bat -%%DATADIR%%/bin/reload-service.sh -%%DATADIR%%/bin/runclass.bat -%%DATADIR%%/bin/runclass.sh -%%DATADIR%%/bin/sealer.bat -%%DATADIR%%/bin/sealer.sh -%%DATADIR%%/bin/seckeygen.bat -%%DATADIR%%/bin/seckeygen.sh -%%DATADIR%%/bin/status.bat -%%DATADIR%%/bin/status.sh -%%DATADIR%%/bin/version.bat -%%DATADIR%%/bin/version.sh -%%DATADIR%%/conf/access-control.xml -%%DATADIR%%/conf/admin/admin.properties -%%DATADIR%%/conf/admin/metrics.xml -%%DATADIR%%/conf/attribute-filter.xml -%%DATADIR%%/conf/attribute-registry.xml -%%DATADIR%%/conf/attribute-resolver.xml -%%DATADIR%%/conf/attributes/custom/README -%%DATADIR%%/conf/attributes/default-rules.xml -%%DATADIR%%/conf/attributes/eduCourse.xml -%%DATADIR%%/conf/attributes/eduPerson.xml -%%DATADIR%%/conf/attributes/inetOrgPerson.xml -%%DATADIR%%/conf/attributes/samlSubject.xml -%%DATADIR%%/conf/attributes/schac.xml -%%DATADIR%%/conf/audit.xml -%%DATADIR%%/conf/authn/authn-comparison.xml -%%DATADIR%%/conf/authn/authn-events-flow.xml -%%DATADIR%%/conf/authn/authn.properties -%%DATADIR%%/conf/c14n/subject-c14n-events-flow.xml -%%DATADIR%%/conf/c14n/subject-c14n.properties -%%DATADIR%%/conf/c14n/subject-c14n.xml -%%DATADIR%%/conf/credentials.xml -%%DATADIR%%/conf/errors.xml -%%DATADIR%%/conf/examples/attribute-resolver-ldap.xml -%%DATADIR%%/conf/global.xml -%%DATADIR%%/conf/idp.properties -%%DATADIR%%/conf/intercept/intercept-events-flow.xml -%%DATADIR%%/conf/ldap.properties -%%DATADIR%%/conf/logback.xml -%%DATADIR%%/conf/metadata-providers.xml -%%DATADIR%%/conf/relying-party.xml -%%DATADIR%%/conf/saml-nameid.properties -%%DATADIR%%/conf/saml-nameid.xml -%%DATADIR%%/conf/services.properties -%%DATADIR%%/conf/services.xml -%%DATADIR%%/credentials/.gitkeep +%%DATADIR%%/bin/lib/shib-cli-9.1.3.jar +@comment %%DATADIR%%/credentials/.gitkeep %%DATADIR%%/doc/BC-LICENSE.txt %%DATADIR%%/doc/CREDITS.txt %%DATADIR%%/doc/DUO-LICENSE.txt @@ -82,66 +21,31 @@ %%DATADIR%%/doc/README.txt %%DATADIR%%/doc/RELEASE-NOTES.txt %%DATADIR%%/doc/SPYMEMCACHED-LICENSE.txt -%%DATADIR%%/flows/authn/conditions/account-locked/account-locked-flow.xml -%%DATADIR%%/flows/authn/conditions/conditions-flow.xml -%%DATADIR%%/flows/authn/conditions/expired-password/expired-password-flow.xml -%%DATADIR%%/flows/authn/conditions/expiring-password/expiring-password-flow.xml -%%DATADIR%%/flows/user/prefs/prefs-flow.xml @comment %%DATADIR%%/logs/.gitkeep -%%DATADIR%%/messages/messages.properties -%%DATADIR%%/system/DONOTTOUCH -%%DATADIR%%/system/conf/global-system.xml -%%DATADIR%%/system/conf/mvc-beans.xml -%%DATADIR%%/system/conf/webflow-config.xml -%%DATADIR%%/views/client-storage/client-storage-read.vm -%%DATADIR%%/views/client-storage/client-storage-write.vm -%%DATADIR%%/views/error.vm -%%DATADIR%%/views/logout-complete.vm -%%DATADIR%%/views/logout-propagate.vm -%%DATADIR%%/views/logout.vm -%%DATADIR%%/views/user-prefs.js -%%DATADIR%%/views/user-prefs.vm %%DATADIR%%/webapp/META-INF/MANIFEST.MF %%DATADIR%%/webapp/WEB-INF/idpui.tld %%DATADIR%%/webapp/WEB-INF/jsp/metadata.jsp %%DATADIR%%/webapp/WEB-INF/jsp/status.jsp -%%DATADIR%%/webapp/WEB-INF/lib/DuoWeb-1.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/UserAgentUtils-1.21.jar %%DATADIR%%/webapp/WEB-INF/lib/annotations-17.0.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/antlr-2.7.7.jar -%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.72.jar -%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.72.jar -%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.72.jar -%%DATADIR%%/webapp/WEB-INF/lib/byte-buddy-1.10.21.jar -%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.12.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/classmate-1.5.1.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-cli-1.4.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.15.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcpkix-jdk18on-1.77.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcprov-jdk18on-1.77.jar +%%DATADIR%%/webapp/WEB-INF/lib/bcutil-jdk18on-1.77.jar +%%DATADIR%%/webapp/WEB-INF/lib/checker-qual-3.41.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-codec-1.16.1.jar %%DATADIR%%/webapp/WEB-INF/lib/commons-compiler-3.1.12.jar %%DATADIR%%/webapp/WEB-INF/lib/commons-dbcp2-2.9.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-lang-2.6.jar -%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/commons-lang3-3.14.0.jar %%DATADIR%%/webapp/WEB-INF/lib/commons-pool2-2.10.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.5.jar -%%DATADIR%%/webapp/WEB-INF/lib/dom4j-2.1.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.11.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.1.jar -%%DATADIR%%/webapp/WEB-INF/lib/guava-31.1-jre.jar -%%DATADIR%%/webapp/WEB-INF/lib/hibernate-commons-annotations-5.1.2.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/hibernate-core-5.4.30.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/httpclient-4.5.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/httpclient-cache-4.5.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/httpcore-4.4.16.jar +%%DATADIR%%/webapp/WEB-INF/lib/cryptacular-1.2.6.jar +%%DATADIR%%/webapp/WEB-INF/lib/error_prone_annotations-2.23.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/failureaccess-1.0.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/guava-33.0.0-jre.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-5.3.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpclient5-cache-5.3.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-5.2.5.jar +%%DATADIR%%/webapp/WEB-INF/lib/httpcore5-h2-5.2.5.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-admin-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-admin-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-api-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-api-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-filter-spring-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-api-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-attribute-resolver-spring-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-authn-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-authn-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-cas-api-%%PORTVERSION%%.jar @@ -152,79 +56,104 @@ %%DATADIR%%/webapp/WEB-INF/lib/idp-core-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-profile-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-profile-impl-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idp-profile-spring-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-saml-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-saml-impl-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-schema-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-session-api-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-session-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/idp-spring-%%PORTVERSION%%.jar %%DATADIR%%/webapp/WEB-INF/lib/idp-ui-%%PORTVERSION%%.jar -%%DATADIR%%/webapp/WEB-INF/lib/idwsfconsumer-2.1.0.jar -%%DATADIR%%/webapp/WEB-INF/lib/istack-commons-runtime-3.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/j2objc-annotations-1.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-annotations-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-core-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-databind-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.14.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.activation-1.2.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.json-1.1.6.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.mail-1.6.7.jar -%%DATADIR%%/webapp/WEB-INF/lib/jakarta.xml.bind-api-2.3.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/jandex-2.2.3.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/j2objc-annotations-2.8.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-annotations-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-core-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-databind-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jackson-datatype-jsr310-2.16.2.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.activation-2.0.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.json-2.0.1.jar +%%DATADIR%%/webapp/WEB-INF/lib/jakarta.mail-2.0.1.jar %%DATADIR%%/webapp/WEB-INF/lib/janino-3.1.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/java-support-8.4.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/javassist-3.27.0-GA.jar -%%DATADIR%%/webapp/WEB-INF/lib/javax.persistence-api-2.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/jaxb-runtime-2.3.9.jar -%%DATADIR%%/webapp/WEB-INF/lib/jboss-logging-3.4.1.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/jboss-transaction-api_1.2_spec-1.1.1.Final.jar -%%DATADIR%%/webapp/WEB-INF/lib/joda-time-2.12.7.jar -%%DATADIR%%/webapp/WEB-INF/lib/jsonapi-converter-0.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/jsonapi-converter-0.13.jar %%DATADIR%%/webapp/WEB-INF/lib/jsr305-3.0.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/jul-to-slf4j-2.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/ldaptive-1.3.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/jul-to-slf4j-2.0.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/ldaptive-2.3.2.jar %%DATADIR%%/webapp/WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar -%%DATADIR%%/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/logback-classic-1.3.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/logback-core-1.3.14.jar -%%DATADIR%%/webapp/WEB-INF/lib/metrics-core-4.2.25.jar -%%DATADIR%%/webapp/WEB-INF/lib/metrics-json-4.2.25.jar -%%DATADIR%%/webapp/WEB-INF/lib/metrics-jvm-4.2.25.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-api-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-impl-4.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/slf4j-api-2.0.12.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-2.5.1.RELEASE.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-context-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-core-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-extensions-6.3.2.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-jdbc-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-orm-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-tx-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-web-5.3.34.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-2.5.1.RELEASE.jar -%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-5.3.34.jar +%%DATADIR%%/webapp/WEB-INF/lib/log4j-over-slf4j-2.0.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/logback-classic-%%LOGBACKVER%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/logback-core-%%LOGBACKVER%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-core-4.2.26.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-json-4.2.26.jar +%%DATADIR%%/webapp/WEB-INF/lib/metrics-jvm-4.2.26.jar +%%DATADIR%%/webapp/WEB-INF/lib/micrometer-commons-1.12.8.jar +%%DATADIR%%/webapp/WEB-INF/lib/micrometer-observation-1.12.8.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-buffer-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-codec-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-common-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-handler-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-resolver-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-classes-epoll-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-classes-kqueue-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.108.Final-linux-aarch_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-epoll-4.1.108.Final-linux-x86_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.108.Final-osx-aarch_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-kqueue-4.1.108.Final-osx-x86_64.jar +%%DATADIR%%/webapp/WEB-INF/lib/netty-transport-native-unix-common-4.1.108.Final.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-core-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-messaging-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-profile-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-saml-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-security-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-soap-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-storage-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/opensaml-xmlsec-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-filter-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-filter-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-filter-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-resolver-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-resolver-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-attribute-resolver-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-metadata-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-metadata-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-metadata-spring-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-networking-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-networking-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-profile-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-profile-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-saml-attribute-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-saml-attribute-impl-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-saml-profile-api-%%PORTVERSION%%.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-security-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-security-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-service-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-support-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-velocity-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/shib-velocity-spring-9.1.3.jar +%%DATADIR%%/webapp/WEB-INF/lib/slf4j-api-2.0.13.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-aop-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-beans-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-binding-3.0.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-context-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-core-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-expression-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-jcl-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-web-6.1.11.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webflow-3.0.0.jar +%%DATADIR%%/webapp/WEB-INF/lib/spring-webmvc-6.1.11.jar %%DATADIR%%/webapp/WEB-INF/lib/spymemcached-2.12.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/txw2-2.3.9.jar -%%DATADIR%%/webapp/WEB-INF/lib/unboundid-ldapsdk-4.0.14.jar %%DATADIR%%/webapp/WEB-INF/lib/velocity-engine-core-2.3.jar -%%DATADIR%%/webapp/WEB-INF/lib/xmlsec-2.3.4.jar +%%DATADIR%%/webapp/WEB-INF/lib/xmlsec-3.0.3.jar %%DATADIR%%/webapp/WEB-INF/spring.tld %%DATADIR%%/webapp/WEB-INF/web.xml %%DATADIR%%/webapp/css/logout.css @@ -233,12 +162,8 @@ %%DATADIR%%/webapp/images/placeholder-logo.png %%DATADIR%%/webapp/images/success-32x32.png %%DATADIR%%/webapp/index.jsp -%%DATADIR%%/webapp/js/Duo-Web-v2.js -%%DATADIR%%/webapp/js/Duo-Web-v2.min.js %%DATADIR%%/webapp/js/jquery-3.6.0.min.js -@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%DATADIR%%/metadata @dir %%DATADIR%%/webapp/WEB-INF/classes -%%ETCDIR%%/shibboleth-idp @dir %%ETCDIR%% @sample %%EXAMPLESDIR%%/etc/jetty-requestlog.xml %%WWWDIR%%/etc/jetty-requestlog.xml @sample %%EXAMPLESDIR%%/index.html %%WWWDIR%%/webapps/ROOT/index.html @@ -261,12 +186,12 @@ @dir %%WWWDIR%%/conf @dir %%WWWDIR%%/credentials @dir %%WWWDIR%%/etc +@dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%WWWDIR%%/jsp @dir %%WWWDIR%%/modules @dir %%WWWDIR%%/resources @dir %%WWWDIR%%/start.d @dir %%WWWDIR%%/webapps/ROOT @dir %%WWWDIR%%/webapps @dir %%WWWDIR%% -sbin/shibboleth-idp.sh @dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%RUNDIR%% @dir(%%SHIBUSER%%,%%SHIBGROUP%%,755) %%LOGDIR%% |