Timo Aaltonen · Timo Aaltonen · Timo Aaltonen · Timo Aaltonen · Timo Aaltonen · Timo Aaltonen
--- a/debian/changelog
+++ b/debian/changelog
+dogtag-pki (10.7.3-4) unstable; urgency=medium
+
+  * tomcat-start.sh: Dropped everything we don't need from the original
+    copy from tomcat9.
+  * debian-support.diff: Drop the hunk about disabling
+    pki_security_manager, it works fine with defaults.
+  * control: Bump pki-base-java dep on libjss-java.
+  * fix-tomcat-paths.diff: Cleanups.
+  * tests: Redirect dscreate stderr to stdout.
+
+ -- Timo Aaltonen <tjaalton@debian.org>  Tue, 17 Sep 2019 18:18:35 +0300
+
 dogtag-pki (10.7.3-3) unstable; urgency=medium

  * fix-tomcat-paths.diff: We have /etc/default/tomcat9 instead of

--- a/debian/control
+++ b/debian/control
@@ -111,7 +111,7 @@ Depends:
 libhttpclient-java,
 libhttpcore-java,
 libjettison-java,
- libjss-java (>= 4.6.0),
+ libjss-java (>= 4.6.1-3),
 libldap-java (>= 4.21.0+dfsg1),
 libresteasy3.0-java (>= 3.0.19-5),
 libservlet3.1-java,

--- a/debian/patches/debian-support.diff
+++ b/debian/patches/debian-support.diff
@@ -16,15 +16,6 @@ Description: changes for Debian
 pki_instance_path=%(pki_path)s/%(pki_instance_name)s
 pki_instance_log_path=%(pki_log_path)s/%(pki_instance_name)s
 pki_instance_configuration_path=%(pki_configuration_path)s/%(pki_instance_name)s
-@@ -263,7 +263,7 @@ pki_enable_on_system_boot=True
- pki_enable_proxy=False
- pki_proxy_http_port=80
- pki_proxy_https_port=443
-pki_security_manager=true
-+pki_security_manager=false
- pki_tomcat_server_port=8005
- 
- # Paths
 @@ -279,11 +279,11 @@ pki_cgroup_systemd_service=%(pki_cgroup_
 pki_cgroup_cpu_systemd_service_path=/sys/fs/cgroup/cpu\,cpuacct/system/%(pki_systemd_service)s
 pki_cgroup_cpu_systemd_service=%(pki_cgroup_cpu_systemd_service_path)s/%(pki_systemd_service)s
@@ -61,7 +52,7 @@ Description: changes for Debian
     def __init__(self,
 --- a/base/server/python/pki/server/deployment/pkiparser.py
 +++ b/base/server/python/pki/server/deployment/pkiparser.py
-@@ -758,7 +758,7 @@ class PKIConfigParser:
+@@ -764,7 +764,7 @@ class PKIConfigParser:
                     self.mdict['pki_instance_configuration_path'],
                     "context.xml")
             self.mdict['pki_target_tomcat_conf_instance_id'] = \
@@ -70,7 +61,7 @@ Description: changes for Debian
                 self.mdict['pki_instance_name']
             self.mdict['pki_target_tomcat_conf'] = \
                 os.path.join(
-@@ -1306,7 +1306,7 @@ class PKIConfigParser:
+@@ -1312,7 +1312,7 @@ class PKIConfigParser:
         instance_root = os.path.join('/var/lib/pki', instance_name)
         if not os.path.exists(instance_root):
             return data

--- a/debian/patches/fix-tomcat-paths.diff
+++ b/debian/patches/fix-tomcat-paths.diff
@@ -37,21 +37,28 @@
 
 --- a/base/server/python/pki/server/__init__.py
 +++ b/base/server/python/pki/server/__init__.py
-@@ -60,12 +60,12 @@ parser = etree.XMLParser(remove_blank_te
- class Tomcat(object):
+@@ -61,11 +61,11 @@ class Tomcat(object):
 
     BASE_DIR = '/var/lib/tomcats'
-    CONF_DIR = '/etc/tomcat'
+     CONF_DIR = '/etc/tomcat'
 -    LIB_DIR = '/usr/share/java/tomcat'
 -    SHARE_DIR = '/usr/share/tomcat'
-+    CONF_DIR = '/etc/tomcat9'
 +    LIB_DIR = '/usr/share/java'
 +    SHARE_DIR = '/usr/share/tomcat9'
     EXECUTABLE = '/usr/sbin/tomcat'
-    UNIT_FILE = '/lib/systemd/system/tomcat@.service'
+     UNIT_FILE = '/lib/systemd/system/tomcat@.service'
 -    TOMCAT_CONF = CONF_DIR + '/tomcat.conf'
-+    UNIT_FILE = '/lib/systemd/system/tomcat9.service'
-+    TOMCAT_CONF = '/etc/default/tomcat9'
+    TOMCAT_CONF = '/dev/null'
 
     @classmethod
     def get_version(cls):
+--- a/base/server/scripts/operations
+++ b/base/server/scripts/operations
+@@ -926,7 +926,6 @@ EOF
+ 
+     # Generate catalina.policy dynamically.
+     cat /usr/share/pki/server/conf/catalina.policy \
+-        /usr/share/tomcat/conf/catalina.policy \
+         /var/lib/pki/$PKI_INSTANCE_NAME/conf/pki.policy \
+         /var/lib/pki/$PKI_INSTANCE_NAME/conf/custom.policy > \
+         /var/lib/pki/$PKI_INSTANCE_NAME/conf/catalina.policy
--- a/debian/tests/pkispawn
+++ b/debian/tests/pkispawn
@@ -20,7 +20,7 @@ echo "$IP $HOSTNAME.debci $HOSTNAME" >> /etc/hosts
 echo ">>>> /etc/hosts now has:"
 cat /etc/hosts

-/usr/sbin/dscreate from-file debian/tests/debci.inf
+/usr/sbin/dscreate from-file debian/tests/debci.inf 2>&1

 for subsys in CA KRA OCSP TKS; do
    pkispawn -s $subsys -f debian/tests/deploy.cfg

--- a/debian/tomcat-start.sh
+++ b/debian/tomcat-start.sh
 #!/bin/sh
 #
-# Startup script for Apache Tomcat with systemd
+# Startup script for PKI Tomcat with systemd
 #

 set -e

-# Find the Java runtime and set JAVA_HOME
-. /usr/libexec/tomcat9/tomcat-locate-java.sh
-
-# Set the JSP compiler if configured in the /etc/default/tomcat9 file
-[ -n "$JSP_COMPILER" ] && JAVA_OPTS="$JAVA_OPTS -Dbuild.compiler=\"$JSP_COMPILER\""
-
-export JAVA_OPTS
-
-# Enable the Java security manager?
-SECURITY=""
-[ "$TOMCAT_SECURITY" = "yes" ] && SECURITY="-security"
-
-
 # Start Tomcat
-cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run $SECURITY
+cd $CATALINA_BASE && exec $CATALINA_HOME/bin/catalina.sh run