Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Emmanuel Bourg-3
Package: ftp.debian.org
Severity: normal

Hi,

Please remove the tomcat8 package from testing and unstable (not experimental).
This package has been replaced by tomcat9 for Buster.

Thank you,

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Thorsten Glaser-6
On Mon, 25 Mar 2019, Emmanuel Bourg wrote:

> Please remove the tomcat8 package from testing and unstable (not
> experimental). This package has been replaced by tomcat9 for Buster.

Please don’t, tomcat9 has no sysvinit script, and you did
not like any of my suggestions for it.

bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

**!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings
und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und
Zukunftstechnologien an. Besuchen Sie uns
auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf
Ihren Kontakt.

*************************************************

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Bastian Blank
In reply to this post by Emmanuel Bourg-3
On Mon, Mar 25, 2019 at 11:51:29AM +0100, Emmanuel Bourg wrote:
> Please remove the tomcat8 package from testing and unstable (not experimental).
> This package has been replaced by tomcat9 for Buster.

Why not experimental?

Regards,
Bastian

--
The joys of love made her human and the agonies of love destroyed her.
                -- Spock, "Requiem for Methuselah", stardate 5842.8

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Emmanuel Bourg-3
Le 25/03/2019 à 14:22, Bastian Blank a écrit :

> Why not experimental?

I'd like to keep building up to date tomcat8 packages until Buster is
released with tomcat9.

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Emmanuel Bourg-3
In reply to this post by Thorsten Glaser-6
Hi Thorsten,

Le 25/03/2019 à 14:17, Thorsten Glaser a écrit :

> Please don’t, tomcat9 has no sysvinit script, and you did
> not like any of my suggestions for it.

I don't mind if tomcat8 is released with Buster, but I won't be able to
commit any time on the security fixes. Do you volunteer? The security
team might want to have a say too.

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Moritz Mühlenhoff-2
On Mon, Mar 25, 2019 at 02:53:03PM +0100, Emmanuel Bourg wrote:

> Hi Thorsten,
>
> Le 25/03/2019 à 14:17, Thorsten Glaser a écrit :
>
> > Please don’t, tomcat9 has no sysvinit script, and you did
> > not like any of my suggestions for it.
>
> I don't mind if tomcat8 is released with Buster, but I won't be able to
> commit any time on the security fixes. Do you volunteer? The security
> team might want to have a say too.

We don't keep duplicate/old source packages in the archive.

If keeping it in experimental is useful for anyone, that's fine (we also
do that for openjdk-X to stage updates in stable/oldstable), but let's remove
it from unstable/testing in any case.

Cheers,
        Moritz

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Thorsten Glaser-6
In reply to this post by Emmanuel Bourg-3
On Mon, 25 Mar 2019, Emmanuel Bourg wrote:

> Hi Thorsten,
>
> Le 25/03/2019 à 14:17, Thorsten Glaser a écrit :
>
> > Please don’t, tomcat9 has no sysvinit script, and you did
> > not like any of my suggestions for it.
>
> I don't mind if tomcat8 is released with Buster, but I won't be able to
> commit any time on the security fixes. Do you volunteer? The security
> team might want to have a say too.

I’d prefer if we could amend the tomcat9 package with a sysvinit
script. (Although we currently don’t have most inhouse software
tested with Tomcat 9, that can be done.) On the other hand, by
now, also the SRM need to agree to that upload.

I’d very happily maintain the init script.


If this is not possible, I’d agree to upload fixes for tomcat8,
if I get a hold of them. I see upstream has not published an
EOL date for 8.5, and the antecessor Tomcat 7 is still supported,
so this might be feasible. I have no problem doing this in the
experimental distribution. I would, however, appreciate a ping
whenever there’s something, as I have no means to know when
something relevant were to pop up.


But somehow, I think the “let’s add a sensible init script to
tomcat9 now” is the better solution for everyone. Emmanuel, can
you please reconsider your rejection? Then we can ask SRM if
they’d allow it.

To recall the justification I posted to the list that were,
IIRC, never replied:

I will happily maintain the init script. If there’s something,
ping me. I know shell scripting very well. And even if I don’t
respond for weeks on end (unlikely) you can still remove it if
it’s RC-buggy, but I’d prefer keeping it in.

(The only sad thing is that I had ideas of creating a better
init script concept, and that was not done obviously.)

bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

**!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings
und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und
Zukunftstechnologien an. Besuchen Sie uns
auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf
Ihren Kontakt.

*************************************************

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Scott Kitterman-5
In reply to this post by Thorsten Glaser-6
On Monday, March 25, 2019 02:17:15 PM Thorsten Glaser wrote:
> On Mon, 25 Mar 2019, Emmanuel Bourg wrote:
> > Please remove the tomcat8 package from testing and unstable (not
> > experimental). This package has been replaced by tomcat9 for Buster.
>
> Please don’t, tomcat9 has no sysvinit script, and you did
> not like any of my suggestions for it.

Isn't one required by policy 9.11 (must is in the second paragraph of the main
part).

Scott K

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Thorsten Glaser-6
clone 925454 -1
reassign -1 tomcat9
found -1 9.0.16-3
retitle -1 tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)
severity -1 serious
tags -1 = confirmed
outlook -1 working on it within the week --mirabilos
owner -1 [hidden email]
thanks

On Mon, 25 Mar 2019, Scott Kitterman wrote:

> Isn't one required by policy 9.11 (must is in the second paragraph of
> the main part).

Oh, goodie. I had not realised this is, as the init system diversity GR
did not pass, still a “must”.

In this case it’s easy… I’m cloning this as RC bug against tomcat9 and
will work within the next couple of days on fixing this by providing a
proper init script, as team upload / RC squash.

Then I’ll withdraw my objection against tomcat8 removal fully.

Thanks,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

**!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings
und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und
Zukunftstechnologien an. Besuchen Sie uns
auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf
Ihren Kontakt.

*************************************************

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Emmanuel Bourg-3
In reply to this post by Thorsten Glaser-6
Le 25/03/2019 à 16:09, Thorsten Glaser a écrit :

> But somehow, I think the “let’s add a sensible init script to
> tomcat9 now” is the better solution for everyone. Emmanuel, can
> you please reconsider your rejection? Then we can ask SRM if
> they’d allow it.

We've got two serious security issues in the Tomcat init script in the
past. I'm not a big fan of systemd but this convinced me that a 40 lines
declarative service file was much more maintainable than a 300 lines
init script, and I'm unlikely to maintain one anymore.

systemd brought other important benefits for the tomcat9 package and I
don't want to go back on these features.


> To recall the justification I posted to the list that were,
> IIRC, never replied:

I made the suggestion to package the init script in a separate package
under your control, but you didn't follow up.

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Emmanuel Bourg-3
In reply to this post by Thorsten Glaser-6
Le 25/03/2019 à 16:33, Thorsten Glaser a écrit :

> Oh, goodie. I had not realised this is, as the init system diversity GR
> did not pass, still a “must”.
>
> In this case it’s easy… I’m cloning this as RC bug against tomcat9 and
> will work within the next couple of days on fixing this by providing a
> proper init script, as team upload / RC squash.

When it's ready please let me review the update before uploading. Not
changing the maintainer scripts nor the configuration files in the
process would be nice.

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Thorsten Glaser-6
In reply to this post by Emmanuel Bourg-3
On Mon, 25 Mar 2019, Emmanuel Bourg wrote:

> We've got two serious security issues in the Tomcat init script in the

You told me this. I replied by:

• I’m active and willing to maintain it
• if I don’t realise there’s a bug you can ping me
• if even that fails, you can *still* remove it

You never replied to these.

> past. I'm not a big fan of systemd but this convinced me that a 40 lines
> declarative service file was much more maintainable than a 300 lines
> init script, and I'm unlikely to maintain one anymore.

Perhaps, but thankfully Policy prescribes the existence of one.
I’ll provide one and team-upload. You need not personally maintain it,
just don’t break it. That’s what a team is for.

> systemd brought other important benefits for the tomcat9 package and I
> don't want to go back on these features.

You don’t need to. The sysvinit script is not optional, but
systemd users need not use it.

We already realised (in that thread on d-java) that they will
most likely behave slightly differently, but that’s okay. (It
can be documented.)

> > To recall the justification I posted to the list that were,
> > IIRC, never replied:
>
> I made the suggestion to package the init script in a separate package
> under your control, but you didn't follow up.

I’ve replied saying that such tiny packages aren’t liked by
ftpmasters and mirror admins.

Anyway, Policy solved the issue for us, the initscript will
be in the main tomcat9 package where it belongs. (Do note that
the option of removing it (from above) is no longer pertinent,
as one is required if a startup script for another init system
is present. However, I’ll do my best, and even if that fails,
I know at least one other DD at my employer’s who’s capable
enough to maintain complex shell scripts and fixing RC bugs.)

bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

**!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings
und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und
Zukunftstechnologien an. Besuchen Sie uns
auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf
Ihren Kontakt.

*************************************************

Reply | Threaded
Open this post in threaded view
|

Bug#925473: Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Thorsten Glaser-6
In reply to this post by Emmanuel Bourg-3
On Mon, 25 Mar 2019, Emmanuel Bourg wrote:

> When it's ready please let me review the update before uploading.

OK.

> Not changing the maintainer scripts nor the configuration files in the
> process would be nice.

I agree; at the current point in time, this should be least-intrusive.

bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

*************************************************

**!!! NEU !!!** Mit der **tarent Academy** bieten wir ab sofort auch Trainings
und Schulungen in den Bereichen Softwareentwicklung, Agiles Arbeiten und
Zukunftstechnologien an. Besuchen Sie uns
auf [www.tarent.de/academy](http://www.tarent.de/academy). Wir freuen uns auf
Ihren Kontakt.

*************************************************

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Moritz Mühlenhoff-2
In reply to this post by Scott Kitterman-5
On Mon, Mar 25, 2019 at 11:18:29AM -0400, Scott Kitterman wrote:

> On Monday, March 25, 2019 02:17:15 PM Thorsten Glaser wrote:
> > On Mon, 25 Mar 2019, Emmanuel Bourg wrote:
> > > Please remove the tomcat8 package from testing and unstable (not
> > > experimental). This package has been replaced by tomcat9 for Buster.
> >
> > Please don’t, tomcat9 has no sysvinit script, and you did
> > not like any of my suggestions for it.
>
> Isn't one required by policy 9.11 (must is in the second paragraph of the main
> part).

That's just policy not being updated for whatever reason. The CTTE declared
that the default init system is systemd (#727708) and later decided in
#746715 the following:

---
For the record, the TC expects maintainers to continue to support
the multiple available init systems in Debian.  That includes
merging reasonable contributions, and not reverting existing
support without a compelling reason.
---

IOW, there's no hard requirement and the Debian Java team has compelling
reasons (very limited workforce etc.)

But most importantly, the removal bug against tomcat8 is still valid by
itself, buster must not be released with it. Please don't let random
init system discussions derail this.

Cheers,
        Moritz

Reply | Threaded
Open this post in threaded view
|

Bug#925454: RM: tomcat8 -- ROM; Replaced by tomcat9

Thorsten Glaser-6
On Fri, 29 Mar 2019, Moritz Mühlenhoff wrote:

> IOW, there's no hard requirement and the Debian Java team has compelling
> reasons (very limited workforce etc.)

I’ve been a member of the Debian Java team for work-related reasons
for a while and have expressed willingness to work on the init script
multiple times.

But, anyway, we’ve agreed on it now, and I’m currently working on
it (been delayed a bit, I expected to be done by today, but I guess
it’ll be a bit of weekend work to continue, as I found other issues
in the meantime).

> But most importantly, the removal bug against tomcat8 is still valid by
> itself, buster must not be released with it. Please don't let random

My last mail to the bug stated I withdraw all objections, so
this is already a given, too.

bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**********

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**********

Reply | Threaded
Open this post in threaded view
|

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

Thorsten Glaser-6
In reply to this post by Emmanuel Bourg-3
Hi Emmanuel,

> > When it's ready please let me review the update before uploading.
>
> OK.

Here we are, now. I’m posting the entire diff, but with comments
in between. This is exactly what’s on git master right now. I’d
like to merge the fixes for #925928 and #925929 and upload once
you have reviewed this.

diff --git a/debian/libexec/tomcat-locate-java.sh b/debian/libexec/tomcat-locate-java.sh
old mode 100755
new mode 100644
index 341f9b15..b6dbb01e
--- a/debian/libexec/tomcat-locate-java.sh
+++ b/debian/libexec/tomcat-locate-java.sh
@@ -1,4 +1,3 @@
-#!/bin/sh
 #
 # Script looking for a Java runtime suitable for running Tomcat
 #

This script is only ever sourced, not executed, so it ought to not
have a shebang and not be executable. (As it merely sets a variable,
executing it makes no sense anyway.)

diff --git a/debian/libexec/tomcat-start.sh b/debian/libexec/tomcat-start.sh
index 31aaecf8..f22a3422 100755
--- a/debian/libexec/tomcat-start.sh
+++ b/debian/libexec/tomcat-start.sh
@@ -15,7 +15,7 @@ export JAVA_OPTS
 
 # Enable the Java security manager?
 SECURITY=""
-[ "$TOMCAT_SECURITY" = "yes" ] && SECURITY="-security"
+[ "$SECURITY_MANAGER" = "true" ] && SECURITY="-security"
 
 
 # Start Tomcat

This unbreaks using the SECURITY_MANAGER parameter, which
TOMCAT_SECURITY was renamed to (also yes/no → true/not true).
It’s an unrelated fix discovered in the meantime.

diff --git a/debian/README.Debian b/debian/README.Debian
index d11fb47b..c005bb0b 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -54,6 +54,13 @@ Getting started
       systemctl daemon-reload
       systemctl restart tomcat9
 
+    ⚠ This is supported only when Tomcat is started with the systemd unit.
+
+    Using Tomcat with other init systems is supported, however that will
+    negate the security hardening detailed above, make Tomcat not have
+    its own temporary directory, not drop privileges/capabilities after
+    start, and not be restarted on crashing. Use at your own risk.
+
   * To run more than one Tomcat instance on your server, install the package
     tomcat9-user and run the tomcat9-instance-create utility.
     You should remove the tomcat9 package if you don't want Tomcat to
diff --git a/debian/logging.properties b/debian/logging.properties
index 37fa30d1..69ac42f0 100644
--- a/debian/logging.properties
+++ b/debian/logging.properties
@@ -33,7 +33,9 @@ handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.jul
 2localhost.org.apache.juli.AsyncFileHandler.maxDays = 90
 
 java.util.logging.ConsoleHandler.level = FINE
+# use one of these depending on whether you use systemd or not, or roll your own
 java.util.logging.ConsoleHandler.formatter = org.apache.juli.SystemdFormatter
+#java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter
 
 
 ############################################################

These update some comments for non-systemd users and warn them off.

diff --git a/debian/control b/debian/control
index 41ab0f8f..a1652a93 100644
--- a/debian/control
+++ b/debian/control
@@ -47,7 +47,7 @@ Package: tomcat9
 Architecture: all
 Depends:
  lsb-base (>= 3.0-6),
- systemd (>= 215),
+ systemd (>= 215) | adduser,
  tomcat9-common (>= ${source:Version}),
  ucf,
  ${misc:Depends}
diff --git a/debian/tomcat9.lintian-overrides b/debian/tomcat9.lintian-overrides
new file mode 100644
index 00000000..9b0d6593
--- /dev/null
+++ b/debian/tomcat9.lintian-overrides
@@ -0,0 +1,2 @@
+# handled in dependencies and maintainer script as alternative
+tomcat9: maintainer-script-needs-depends-on-adduser postinst
diff --git a/debian/tomcat9.postinst b/debian/tomcat9.postinst
index 55fb55c2..7cd34950 100644
--- a/debian/tomcat9.postinst
+++ b/debian/tomcat9.postinst
@@ -5,6 +5,7 @@
 
 set -e
 
+# Note these are no longer configurable (as of commit 243d00dc688ea47f4c7cde570ccaaa70efe269bf)
 TOMCAT_USER="tomcat"
 TOMCAT_GROUP="tomcat"
 
@@ -12,8 +13,18 @@ CONFFILES="tomcat-users.xml web.xml server.xml logging.properties context.xml ca
 
 case "$1" in
     configure)
- # Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf
- systemd-sysusers
+ if which systemd-sysusers >/dev/null; then
+ # Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf
+ systemd-sysusers
+ elif id tomcat >/dev/null 2>&1; then
+ : The tomcat user already exists
+ else
+ # Create the tomcat user without systemd
+ adduser --system --home /var/lib/tomcat9 \
+    --shell /usr/sbin/nologin --no-create-home \
+    --group --disabled-password --disabled-login \
+    --gecos 'Apache Tomcat' tomcat
+ fi
 
  # Install the configuration files
  for conffile in $CONFFILES;

This restores the ability to create the tomcat user without systemd.

diff --git a/debian/libexec/sysv-getjre.sh b/debian/libexec/sysv-getjre.sh
new file mode 100755
index 00000000..456bdf64
--- /dev/null
+++ b/debian/libexec/sysv-getjre.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# SYSVinit script helper to determine the JRE (for start-stop-daemon)
+#
+
+. /usr/libexec/tomcat9/tomcat-locate-java.sh
+set +e
+
+. /usr/share/tomcat9/bin/setclasspath.sh
+
+if test -n "$_RUNJAVA"; then
+ printf "OK<%s>" "$_RUNJAVA"
+else
+ echo UNSET
+fi
diff --git a/debian/libexec/sysv-start.sh b/debian/libexec/sysv-start.sh
new file mode 100755
index 00000000..ac8c46e0
--- /dev/null
+++ b/debian/libexec/sysv-start.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# SYSVinit script helper to wrap the systemd startup script
+#
+
+set -e
+
+# redirect stdio
+exec </dev/null
+exec >>/var/log/tomcat9/catalina.out
+exec 2>&1
+# write an initial log entry
+echo "[$(date +'%FT%T%z')] starting..."
+
+# make sure Tomcat is started with system locale
+
+# restore LC_ALL that was (un)set at initscript startup
+case $saved_LC_ALL in
+(x*) LC_ALL=${saved_LC_ALL#x} ;;
+(*) unset LC_ALL ;;
+esac
+# read global locale configuration
+test -r /etc/default/locale && . /etc/default/locale
+# export all POSIX locale-relevant environment variables if set
+for v in LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY \
+    LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE \
+    LC_MEASUREMENT LC_IDENTIFICATION LC_ALL; do
+ eval "x=\${$v-x}"
+ test x"$x" = x"x" || eval export "$v"
+done
+
+# hand control to the systemd startup script we wrap
+exec /usr/libexec/tomcat9/tomcat-start.sh "$@"
diff --git a/debian/tomcat9.init b/debian/tomcat9.init
new file mode 100644
index 00000000..e948c173
--- /dev/null
+++ b/debian/tomcat9.init
@@ -0,0 +1,163 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          tomcat9
+# Required-Start:    $local_fs $remote_fs $network
+# Required-Stop:     $local_fs $remote_fs $network
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Tomcat 9
+# Description:       The Tomcat 9 servlet engine runs Java Web Archives.
+### END INIT INFO
+
+# stuff away, used later
+saved_LC_ALL=${LC_ALL+x$LC_ALL}
+export saved_LC_ALL
+
+# absolute basics
+LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin
+export LC_ALL PATH
+unset LANGUAGE
+
+# exit cleanly if disabled or not installed
+test -x /usr/libexec/tomcat9/sysv-start.sh || exit 0
+test -x /usr/libexec/tomcat9/sysv-getjre.sh || exit 0
+test -x /usr/libexec/tomcat9/tomcat-update-policy.sh || exit 0
+test -x /usr/libexec/tomcat9/tomcat-start.sh || exit 0
+
+# Debian/LSB init script foobar
+DESC='Tomcat 9 servlet engine'
+NAME=tomcat9
+readonly DESC NAME
+. /lib/init/vars.sh
+test -t 0 && VERBOSE=yes
+. /lib/lsb/init-functions
+
+# somewhat LSB-compliant exit with failure
+if test x"$1" = x"status"; then
+ exit_failure_msg() {
+ log_failure_msg "$@"
+ exit 4
+ }
+else
+ exit_failure_msg() {
+ log_failure_msg "$@"
+ exit 1
+ }
+fi
+
+# set defaults for options
+CATALINA_HOME=/usr/share/tomcat9
+CATALINA_BASE=/var/lib/tomcat9
+CATALINA_TMPDIR=/tmp/tomcat9-tmp
+export CATALINA_HOME CATALINA_BASE CATALINA_TMPDIR
+JAVA_HOME= # determined later if empty
+JAVA_OPTS=-Djava.awt.headless=true
+JSP_COMPILER= # only used if nonempty
+SECURITY_MANAGER=false
+export JAVA_HOME JAVA_OPTS JSP_COMPILER SECURITY_MANAGER
+UMASK=022
+export UMASK
+# read options
+test -r /etc/default/tomcat9 && . /etc/default/tomcat9
+
+# ensure the temporary directory exist and change to it
+rm -rf "$CATALINA_TMPDIR"
+mkdir "$CATALINA_TMPDIR" || \
+    exit_failure_msg 'could not create JVM temporary directory'
+chown -h tomcat "$CATALINA_TMPDIR"
+cd "$CATALINA_TMPDIR"
+
+# figure out the JRE executable catalina.sh will use
+# (we need it for start-stop-daemon --exec for reliability)
+_RUNJAVA=$(su tomcat -s /bin/sh -c /usr/libexec/tomcat9/sysv-getjre.sh) || \
+    _RUNJAVA="FAIL:$?"
+case $_RUNJAVA in
+('OK<'*'>')
+ _RUNJAVA=${_RUNJAVA#'OK<'}
+ _RUNJAVA=${_RUNJAVA%'>'}
+ ;;
+(*)
+ exit_failure_msg "could not determine JRE: $_RUNJAVA"
+ ;;
+esac
+
+# prepare for actions
+case $1 in
+(start|stop|restart|force-reload)
+ # handled below
+ ;;
+(try-restart|status)
+ start-stop-daemon --status --quiet \
+    --pidfile /var/run/tomcat9.pid \
+    --exec "$_RUNJAVA" --user tomcat
+ rv=$?
+ # clean up stale pidfile if necessary
+ (test x"$rv" = x"1" && rm -f /var/run/tomcat9.pid || :)
+ # process status result
+ case $1 in
+ (try-restart)
+ test x"$rv" = x"0" || {
+ # service is not running, or status is unknown
+ log_success_msg "$NAME is not running"
+ exit 0
+ }
+ # service running, restart it
+ ;;
+ (status)
+ case $rv in
+ (0)
+ log_success_msg "$NAME is running"
+ ;;
+ (4)
+ log_failure_msg "could not access PID file for $NAME"
+ ;;
+ (*)
+ log_failure_msg "$NAME is not running"
+ ;;
+ esac
+ exit $rv
+ ;;
+ esac
+ ;;
+(reload|*)
+ # not supported
+ echo >&2 "Usage: $0 {start|stop|restart|try-restart|force-reload|status}"
+ exit 3
+ ;;
+esac
+
+# handle stopping/starting
+rv=0
+
+case $1 in
+(stop|restart|try-restart|force-reload)
+ test x"$VERBOSE" = x"no" || log_daemon_msg "Stopping $DESC"
+ start-stop-daemon --stop --quiet \
+    --retry=10 --oknodo --remove-pidfile \
+    --pidfile /var/run/tomcat9.pid \
+    --exec "$_RUNJAVA" --user tomcat
+ rv=$?
+ test x"$VERBOSE" = x"no" || log_end_msg $rv
+ ;;
+esac
+
+test x"$rv" = x"0" || exit $rv
+
+case $1 in
+(start|restart|try-restart|force-reload)
+ /usr/libexec/tomcat9/tomcat-update-policy.sh || \
+    exit_failure_msg 'could not regenerating catalina.policy file'
+ rm -f /var/run/tomcat9.pid
+ test x"$VERBOSE" = x"no" || log_daemon_msg "Starting $DESC"
+ start-stop-daemon --start --quiet \
+    --chuid tomcat --umask "$UMASK" \
+    --startas /usr/libexec/tomcat9/sysv-start.sh \
+    --background --make-pidfile \
+    --pidfile /var/run/tomcat9.pid \
+    --exec "$_RUNJAVA" --user tomcat
+ rv=$?
+ test x"$VERBOSE" = x"no" || log_end_msg $rv
+ ;;
+esac
+
+exit $rv
diff --git a/debian/tomcat9.install b/debian/tomcat9.install
index f9fa6756..1daa7147 100644
--- a/debian/tomcat9.install
+++ b/debian/tomcat9.install
@@ -8,5 +8,6 @@ debian/default.template    /usr/share/tomcat9/
 debian/logrotate.template  /usr/share/tomcat9/
 debian/sysusers/*.conf     /usr/lib/sysusers.d/
 
+debian/libexec/sysv-*                  /usr/libexec/tomcat9/
 debian/libexec/tomcat-start.sh         /usr/libexec/tomcat9/
 debian/libexec/tomcat-update-policy.sh /usr/libexec/tomcat9/

This is the initscript itself and two helper scripts.
I managed to make the sysvinit scripts just call the systemd scripts,
so there is no duplication except where necessary (e.g. the sysvinit
script creates the temporary directory manually).

diff --git a/debian/copyright b/debian/copyright
index eace6038..8d605065 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -49,6 +49,7 @@ Copyright: 2008,2011, Canonical Ltd.
            2013-2014, Gianfranco Costamagna <[hidden email]>
            2013-2018, Emmanuel Bourg <[hidden email]>
            2001-2017, Markus Koschany <[hidden email]>
+           2015–2019, mirabilos <[hidden email]>
 License: Apache-2.0
 
 License: Apache-2.0
diff --git a/debian/changelog b/debian/changelog
index 9e1dab71..163eb8d9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+tomcat9 (9.0.16-4) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * debian/logging.properties: Add commented-out non-systemd configuration
+  * Make tomcat9 installable without systemd:
+    - Readd logic to create the system user via adduser
+    - Add sysvinit script, for init independence (Closes: #925473)
+  * debian/README.Debian: Document non-systemd risks
+  * debian/libexec/tomcat-locate-java.sh: Remove shebang and make
+    not executable as this is only ever sourced (makes no sense otherwise)
+  * Make the systemd startup script honour the (renamed) $SECURITY_MANAGER
+
+ -- Thorsten Glaser <[hidden email]>  Mon, 01 Apr 2019 15:42:02 +0200
+
 tomcat9 (9.0.16-3) unstable; urgency=medium
 
   * Removed read/write access to /var/lib/solr (Closes: #923299)

Metadata update.

bye,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**********

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**********

Reply | Threaded
Open this post in threaded view
|

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

Emmanuel Bourg-3
In reply to this post by Emmanuel Bourg-3
Hi Thorsten,

Le 02/04/2019 à 16:54, Thorsten Glaser a écrit :

> due to your objection against perceived complexity, I changed the way
> I’ve implemented this. Doing this at all is required because the hard
> “Depends: systemd” will not work on many non-systemd systems

What is the issue with the dependency on systemd? I was under the
impression systemd-sysusers could be used even on systems using sysvinit
as the init system. I understand it won't work on Debian derivatives
that vowed to burn any systemd related code, but that's not the matter here.


> diff --git a/debian/tomcat9.postinst b/debian/tomcat9.postinst
> index 55fb55c2..8edcfc5c 100644
> --- a/debian/tomcat9.postinst
> +++ b/debian/tomcat9.postinst
> @@ -5,6 +5,7 @@
>  
>  set -e
>  
> +# Note these are no longer configurable (as of commit 243d00dc688ea47f4c7cde570ccaaa70efe269bf)
>  TOMCAT_USER="tomcat"
>  TOMCAT_GROUP="tomcat"

The comment doesn't add much value. The non configurable user/group is
already documented in the changelog.

>  
> @@ -12,8 +13,8 @@ CONFFILES="tomcat-users.xml web.xml server.xml logging.properties context.xml ca
>  
>  case "$1" in
>      configure)
> - # Create the tomcat user as defined in /usr/lib/sysusers.d/tomcat9.conf
> - systemd-sysusers
> + # Create the tomcat user
> + /usr/libexec/tomcat9/create-sysuser.sh

If systemd-sysusers can't be used directly I prefer an inline code to an
external file.

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

Thorsten Glaser-6
Hi Emmanuel,

>What is the issue with the dependency on systemd?

Most people using Debian without systemd have APT pinning or other
measures in place that prevent the systemd package, which ships the
systemd-sysusers binary (and service?), from being installed, in
order to not sneakily being converted to systemd (it did happen).
I only know of the elogind case (which most likely will only be
available in bullseye) as one where non-systemd init but systemd
binaries will be used.

What is the issue with using adduser, which is the standard Debian
tool doing the same job, instead? After all, depending on systemd
just to create a system user and group is very heavy-weight.

>> diff --git a/debian/tomcat9.postinst b/debian/tomcat9.postinst
>> index 55fb55c2..8edcfc5c 100644
>> --- a/debian/tomcat9.postinst
>> +++ b/debian/tomcat9.postinst
>> @@ -5,6 +5,7 @@
>>
>>  set -e
>>
>> +# Note these are no longer configurable (as of commit 243d00dc688ea47f4c7cde570ccaaa70efe269bf)
>>  TOMCAT_USER="tomcat"
>>  TOMCAT_GROUP="tomcat"
>
>The comment doesn't add much value. The non configurable user/group is
>already documented in the changelog.

OK, removed.

>If systemd-sysusers can't be used directly I prefer an inline code to an
>external file.

OK, reverted.

(I kept the check whether the user exists as first check, though;
there’s no need to try to create it over and over on every upgrade
on systemd systems either, and since its presence is needed for the
non-systemd case, it can be made use of in the systemd case, too.)


Did you have a chance to test this on a buster/systemd Debian?
I don’t currently have such a machine existing in a meaningful
way. (Granted, I could probably cobble together some test VM,
but I’m sure you have something at hand.)

I tried one with sysvinit, but it turns out that the software
does not yet work under Tomcat 9, so I had to revert the VM to
Tomcat 8; it did start and write logs with sensible ownership
and permission, though.

Thanks,
//mirabilos
--  
When he found out that the m68k port was in a pretty bad shape, he did
not, like many before him, shrug and move on; instead, he took it upon
himself to start compiling things, just so he could compile his shell.
How's that for dedication. -- Wouter, about my Debian/m68k revival

Reply | Threaded
Open this post in threaded view
|

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

Emmanuel Bourg-3
Le 02/04/2019 à 23:01, Thorsten Glaser a écrit :

> Most people using Debian without systemd have APT pinning or other
> measures in place that prevent the systemd package, which ships the
> systemd-sysusers binary (and service?), from being installed, in
> order to not sneakily being converted to systemd (it did happen).

I did some tests in a VM with a minimal install where I switched to
sysvinit with:
  apt install sysvinit-core
  cp /usr/share/sysvinit/inittab /etc/inittab
  reboot
  apt remove systemd

In Stretch I can install the systemd package and it won't switch the
init system as advertised. In Buster unfortunately installing systemd
pulls systemd-sysv through libpam-systemd and the init system is
switched. The --no-install-recommends flag has to be used to avoid that.
I've filed a bug for systemd (#926316).

Assuming #926316 gets fixed, I think we should focus only on providing a
usable sysvinit script as required by the policy. Supporting people
allergic to systemd and using APT pinning to exclude it is out of topic
(they should only exclude systemd-sysv anyway, not systemd).


> What is the issue with using adduser, which is the standard Debian
> tool doing the same job, instead? After all, depending on systemd
> just to create a system user and group is very heavy-weight.

There is a growing consensus around the idea that imperative maintainer
scripts are a bad thing and they should be replaced with something
declarative. systemd-sysusers does exactly that for the user creation,
that's why I favored it over the traditional adduser.

Regarding the weight, at this point you've already installed the JRE and
Tomcat, the few extra MB for systemd are negligible.


> OK, removed.
>
>
> OK, reverted.

Thank you


> Did you have a chance to test this on a buster/systemd Debian?
> I don’t currently have such a machine existing in a meaningful
> way. (Granted, I could probably cobble together some test VM,
> but I’m sure you have something at hand.)

I haven't checked yet.

Emmanuel Bourg

Reply | Threaded
Open this post in threaded view
|

Bug#925473: tomcat9: sysvinit script missing (Policy §9.11¶2 “must”)

Thorsten Glaser-6
On Wed, 3 Apr 2019, Emmanuel Bourg wrote:

> Assuming #926316 gets fixed, I think we should focus only on providing a
> usable sysvinit script as required by the policy. Supporting people

I really insist on being able to install tomcat9 without having to
install a whole other init system, even if it is not used.

> Regarding the weight, at this point you've already installed the JRE and
> Tomcat, the few extra MB for systemd are negligible.

It’s also about attack surface, or other tools that assume something
(such as systemd being actually run when installed). I’ve seen that
systemd-sysusers is a service… does that mean the service needs to
run in order for it to be useful? If not now, then perhaps later?

> There is a growing consensus around the idea that imperative maintainer
> scripts are a bad thing and they should be replaced with something
> declarative. systemd-sysusers does exactly that for the user creation,

Not all of them, but I can see this for some cases. On the other hand,
user creation with adduser is *really* light.

If we weren’t this deep into the freeze, I’d offer to write a
systemd-less replacement that parses the same configuration files
and upload it separately. Or maybe, if systemd-sysusers really has
no dependency on anything else except libsystemd0, it could become
split off into another package.

But can we keep things working for buster, please?

Thanks,
//mirabilos
--
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**********

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**********

12