rpm/tomcat
SHA256
1
0
Fork 0
forked from pool/tomcat
Code Pull Requests Activity

Accepting request 823635 from home:mateialbu:branches:Java:packages

Browse Source 
- Don't give write permissions for the tomcat group on files and
  directories where it's not needed (bsc#1172562)
- Change tomcat.pid location from /var/run to /run (bsc#1173103)
- Use the /sbin/nologin shell when creating the tomcat user
- Use %tmpfiles_create macro in %post instead of calling
  systemd-tmpfiles directly

OBS-URL: https://build.opensuse.org/request/show/823635
OBS-URL: https://build.opensuse.org/package/show/Java:packages/tomcat?expand=0&rev=205
This commit is contained in:
Matei Albu 2020-07-30 21:16:33 +00:00 committed by Git OBS Bridge
parent 58c8d0d803
commit 32d59bc711
3 changed files with 51 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
tomcat-9.0.init
View File

@ -77,7 +77,7 @@ TOMCAT_USER="${TOMCAT_USER:-tomcat}"
# Define the tomcat log file # Define the tomcat log file
TOMCAT_LOG="${TOMCAT_LOG:-${CATALINA_HOME}/logs/${NAME}-initd.log}" TOMCAT_LOG="${TOMCAT_LOG:-${CATALINA_HOME}/logs/${NAME}-initd.log}"
# Define the tomcat pid file # Define the tomcat pid file
export CATALINA_PID="/var/run/${NAME}.pid" export CATALINA_PID="/run/${NAME}.pid"
RETVAL="0" RETVAL="0"
@ -193,8 +193,8 @@ function parseOptions() {
function start() { function start() {
echo -n "Starting Tomcat ($CATALINA_BASE)" echo -n "Starting Tomcat ($CATALINA_BASE)"
if [ -f "/var/run/rc${NAME}" ] ; then if [ -f "/var/run/rc${NAME}" ] ; then
if [ -f "/var/run/${NAME}.pid" ]; then if [ -f "/run/${NAME}.pid" ]; then
read kpid < /var/run/${NAME}.pid read kpid < /run/${NAME}.pid
if checkpid $kpid 2>&1; then if checkpid $kpid 2>&1; then
echo "$NAME process already running" echo "$NAME process already running"
rc_failed 0 rc_failed 0
@ -205,7 +205,7 @@ function start() {
fi fi
fi fi
# fix permissions on the log and pid files # fix permissions on the log and pid files
export CATALINA_PID="/var/run/${NAME}.pid" export CATALINA_PID="/run/${NAME}.pid"
touch $CATALINA_PID touch $CATALINA_PID
chown --no-dereference ${TOMCAT_USER}:${TOMCAT_USER} $CATALINA_PID chown --no-dereference ${TOMCAT_USER}:${TOMCAT_USER} $CATALINA_PID
touch $TOMCAT_LOG touch $TOMCAT_LOG
@ -249,8 +249,8 @@ function start() {
# NOTE: checkproc returns LSB compliant status values. # NOTE: checkproc returns LSB compliant status values.
function status() { function status() {
echo -n "Checking for Tomcat ($CATALINA_BASE)" echo -n "Checking for Tomcat ($CATALINA_BASE)"
if [ -f "/var/run/${NAME}.pid" ]; then if [ -f "/run/${NAME}.pid" ]; then
read kpid < /var/run/${NAME}.pid read kpid < /run/${NAME}.pid
if checkpid $kpid 2>&1; then if checkpid $kpid 2>&1; then
rc_failed 0 rc_failed 0
else else
@ -278,8 +278,8 @@ function stop() {
RETVAL="$?" RETVAL="$?"
if [ "$RETVAL" -eq "0" ]; then if [ "$RETVAL" -eq "0" ]; then
count="0" count="0"
if [ -f "/var/run/${NAME}.pid" ]; then if [ -f "/run/${NAME}.pid" ]; then
read kpid < /var/run/${NAME}.pid read kpid < /run/${NAME}.pid
until [ "$(ps --pid $kpid | grep -c $kpid)" -eq "0" ] || \ until [ "$(ps --pid $kpid | grep -c $kpid)" -eq "0" ] || \
[ "$count" -gt "$SHUTDOWN_WAIT" ]; do [ "$count" -gt "$SHUTDOWN_WAIT" ]; do
if [ "$SHUTDOWN_VERBOSE" = "true" ]; then if [ "$SHUTDOWN_VERBOSE" = "true" ]; then
@ -301,7 +301,7 @@ function stop() {
echo -n -e "\n" echo -n -e "\n"
fi fi
fi fi
rm -f /var/run/rc${NAME} /var/run/${NAME}.pid rm -f /var/run/rc${NAME} /run/${NAME}.pid
if [ "${CLEAR_WORK}" = "true" ]; then if [ "${CLEAR_WORK}" = "true" ]; then
echo -n "Cleaning work directory: " echo -n "Cleaning work directory: "
find ${CATALINA_HOME}/work/{Catalina,temp} -mindepth 2 -type d -print0 | xargs -0 rm -rf find ${CATALINA_HOME}/work/{Catalina,temp} -mindepth 2 -type d -print0 | xargs -0 rm -rf
@ -350,7 +350,7 @@ case "$1" in
echo -n "Reload service Tomcat ($CATALINA_BASE)" echo -n "Reload service Tomcat ($CATALINA_BASE)"
## if it supports it: ## if it supports it:
#killproc -HUP $TOMCAT_BIN #killproc -HUP $TOMCAT_BIN
#touch /var/run/FOO.pid #touch /run/FOO.pid
#rc_status -v #rc_status -v
## Otherwise: ## Otherwise:
@ -364,7 +364,7 @@ case "$1" in
# If it supports signalling: # If it supports signalling:
#echo -n "Reload service FOO" #echo -n "Reload service FOO"
#killproc -HUP $TOMCAT_BIN #killproc -HUP $TOMCAT_BIN
#touch /var/run/FOO.pid #touch /run/FOO.pid
#rc_status -v #rc_status -v
## Otherwise if it does not support reload: ## Otherwise if it does not support reload:

10
tomcat.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Jul 29 20:48:14 UTC 2020 - Matei Albu <malbu@suse.com>
- Don't give write permissions for the tomcat group on files and
directories where it's not needed (bsc#1172562)
- Change tomcat.pid location from /var/run to /run (bsc#1173103)
- Use the /sbin/nologin shell when creating the tomcat user
- Use %tmpfiles_create macro in %post instead of calling
systemd-tmpfiles directly
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jun 26 08:03:01 UTC 2020 - Fridrich Strba <fstrba@suse.com> Fri Jun 26 08:03:01 UTC 2020 - Fridrich Strba <fstrba@suse.com>

57
tomcat.spec
View File

@ -335,7 +335,6 @@ install -d -m 0755 %{buildroot}%{_bindir}
install -d -m 0755 %{buildroot}%{_sbindir} install -d -m 0755 %{buildroot}%{_sbindir}
install -d -m 0755 %{buildroot}%{_javadocdir}/%{name} install -d -m 0755 %{buildroot}%{_javadocdir}/%{name}
install -d -m 0755 %{buildroot}%{_initddir} install -d -m 0755 %{buildroot}%{_initddir}
install -d -m 0755 %{buildroot}%{_systemddir}
install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d install -d -m 0755 %{buildroot}%{_sysconfdir}/logrotate.d
install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig install -d -m 0755 %{buildroot}%{_sysconfdir}/sysconfig
install -d -m 0755 %{buildroot}%{appdir} install -d -m 0755 %{buildroot}%{appdir}
@ -343,7 +342,7 @@ install -d -m 0755 %{buildroot}%{tomcatappdir}
install -d -m 0755 %{buildroot}%{bindir} install -d -m 0755 %{buildroot}%{bindir}
install -d -m 0775 %{buildroot}%{confdir} install -d -m 0775 %{buildroot}%{confdir}
install -d -m 0755 %{buildroot}%{cachedir}/Catalina/localhost install -d -m 0755 %{buildroot}%{cachedir}/Catalina/localhost
install -d -m 0775 %{buildroot}%{confdir}/conf.d install -d -m 0755 %{buildroot}%{confdir}/conf.d
/bin/echo "Place your custom *.conf files here. Shell expansion is supported." > %{buildroot}%{confdir}/conf.d/README /bin/echo "Place your custom *.conf files here. Shell expansion is supported." > %{buildroot}%{confdir}/conf.d/README
install -d -m 0755 %{buildroot}%{libdir} install -d -m 0755 %{buildroot}%{libdir}
install -d -m 0775 %{buildroot}%{logdir} install -d -m 0775 %{buildroot}%{logdir}
@ -575,7 +574,7 @@ ln -s -f %{_sysconfdir}/alternatives/servlet %{buildroot}%{_javadir}/%{name}-ser
mkdir -p %{buildroot}%{_tmpfilesdir} mkdir -p %{buildroot}%{_tmpfilesdir}
cat > %{buildroot}%{_tmpfilesdir}/%{name}.conf <<EOF cat > %{buildroot}%{_tmpfilesdir}/%{name}.conf <<EOF
f %{_localstatedir}/run/%{name}.pid 0644 tomcat tomcat - f /run/%{name}.pid 0644 tomcat tomcat -
EOF EOF
# Install tool used to edit server.xml # Install tool used to edit server.xml
@ -589,13 +588,14 @@ popd
# add the tomcat user and group # add the tomcat user and group
%{_sbindir}/groupadd -r tomcat 2>/dev/null || : %{_sbindir}/groupadd -r tomcat 2>/dev/null || :
%{_sbindir}/useradd -c "Apache Tomcat" -g tomcat \ %{_sbindir}/useradd -c "Apache Tomcat" -g tomcat \
-s /bin/sh -r -d %{homedir} tomcat 2>/dev/null || : -s /sbin/nologin -r -d %{homedir} tomcat 2>/dev/null || :
%service_add_pre %{name}.service %service_add_pre %{name}.service
%post %post
%service_add_post %{name}.service %service_add_post %{name}.service
%service_add_post %{name}@.service
%{fillup_only %{name}} %{fillup_only %{name}}
%{_bindir}/systemd-tmpfiles --create >/dev/null 2>&1 || : %tmpfiles_create %_tmpfilesdir/%{name}.conf
%preun %preun
%service_del_preun %{name}.service %service_del_preun %{name}.service
@ -684,7 +684,7 @@ if [ $1 -eq 0 ]; then # uninstall only
fi fi
%files %files
%defattr(0664,root,tomcat,0755) %defattr(-,root,root)
%doc {LICENSE,NOTICE,RELEASE*} %doc {LICENSE,NOTICE,RELEASE*}
%attr(0755,root,root) %{_bindir}/%{name}-digest %attr(0755,root,root) %{_bindir}/%{name}-digest
%attr(0755,root,root) %{_bindir}/%{name}-tool-wrapper %attr(0755,root,root) %{_bindir}/%{name}-tool-wrapper
@ -704,41 +704,43 @@ fi
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%attr(0755,root,tomcat) %dir %{basedir} %attr(0755,root,tomcat) %dir %{basedir}
%attr(0755,root,tomcat) %dir %{confdir} %attr(0755,root,tomcat) %dir %{confdir}
%defattr(0664,tomcat,root,0770)
%attr(0775,root,tomcat) %dir %{appdir} %attr(0775,root,tomcat) %dir %{appdir}
%attr(0770,tomcat,root) %{logdir} %attr(0770,tomcat,root) %dir %{logdir}
%attr(0660,tomcat,tomcat) %{logdir}/catalina.out %attr(0660,tomcat,tomcat) %{logdir}/catalina.out
%attr(0770,root,tomcat) %{cachedir} %attr(0770,root,tomcat) %dir %{cachedir}
%defattr(0664,root,tomcat,0770) %attr(0775,root,tomcat) %dir %{cachedir}/Catalina
# tomcat group writtable dirs - bnc#625415
%attr(0770,root,tomcat) %dir %{tempdir} %attr(0770,root,tomcat) %dir %{tempdir}
%attr(0770,root,tomcat) %dir %{workdir} %attr(0770,root,tomcat) %dir %{workdir}
%attr(0775,root,tomcat) %dir %{tomcatappdir} %attr(0775,root,tomcat) %dir %{tomcatappdir}
# tomcat group writtable dirs - bnc#625415
%defattr(0664,root,tomcat,0775)
%{confdir}/Catalina %{confdir}/Catalina
%attr(0775,root,tomcat) %dir %{confdir}/conf.d %attr(0755,root,tomcat) %dir %{confdir}/conf.d
%attr(0664,tomcat,tomcat) %{confdir}/conf.d/README %attr(0644,root,tomcat) %{confdir}/conf.d/README
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/%{name}.conf %attr(0644,root,tomcat) %config(noreplace) %{confdir}/%{name}.conf
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/*.policy %attr(0644,root,tomcat) %config(noreplace) %{confdir}/*.policy
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/*.properties %attr(0644,root,tomcat) %config(noreplace) %{confdir}/*.properties
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/context.xml %attr(0644,root,tomcat) %config(noreplace) %{confdir}/context.xml
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/server.xml %attr(0644,root,tomcat) %config(noreplace) %{confdir}/server.xml
%attr(0660,tomcat,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml # keep tomcat-users.xml readable only by root and tomcat group
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/web.xml %attr(0640,root,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml
%attr(0664,tomcat,tomcat) %config(noreplace) %{confdir}/jaspic-providers.xml %attr(0644,root,tomcat) %config(noreplace) %{confdir}/web.xml
%dir %{homedir} %attr(0644,root,tomcat) %config(noreplace) %{confdir}/jaspic-providers.xml
%{_tmpfilesdir}/%{name}.conf %attr(0755,root,tomcat) %dir %{homedir}
%{bindir}/bootstrap.jar %attr(0644,root,tomcat) %{_tmpfilesdir}/%{name}.conf
%{bindir}/catalina-tasks.xml %attr(0644,root,tomcat) %{bindir}/bootstrap.jar
%attr(0644,root,tomcat) %{bindir}/catalina-tasks.xml
%{homedir}/lib %{homedir}/lib
%{homedir}/temp %{homedir}/temp
%{homedir}/webapps %{homedir}/webapps
%{homedir}/work %{homedir}/work
%{homedir}/logs %{homedir}/logs
%{homedir}/conf %{homedir}/conf
%{_fillupdir}/sysconfig.%{name} %attr(0644,root,tomcat) %{_fillupdir}/sysconfig.%{name}
%files admin-webapps %files admin-webapps
%defattr(0644,root,tomcat,0755)
%{tomcatappdir}/host-manager %{tomcatappdir}/host-manager
%config(noreplace) %{tomcatappdir}/host-manager/META-INF/context.xml %config(noreplace) %{tomcatappdir}/host-manager/META-INF/context.xml
%{tomcatappdir}/manager %{tomcatappdir}/manager
@ -786,6 +788,7 @@ fi
%ghost %{_sysconfdir}/alternatives/servlet %ghost %{_sysconfdir}/alternatives/servlet
%files webapps %files webapps
%defattr(0644,tomcat,tomcat,0755)
#bnc#520532 #bnc#520532
%config(noreplace) %{tomcatappdir}/ROOT %config(noreplace) %{tomcatappdir}/ROOT
%{tomcatappdir}/examples %{tomcatappdir}/examples