net-misc/keycloak-bin: add 25.0.6, 26.0.0; drop olds

Signed-off-by: Ryan Tsien <i@bitbili.net>

net-misc/keycloak-bin/Manifest

@@ -1,2 +1,2 @@
-DIST keycloak-bin-21.0.1.tar.gz 168541817 BLAKE2B 38878c531159a1cbfa4bec8cf46ecf1b546a041518384f630043e3e7e17e7ccc021b3ecb40f67e4bd8f41fb8e39a8563c626f6c13ab44f9e7bf18763a8a56325
-DIST keycloak-bin-22.0.5.tar.gz 164612659 BLAKE2B 045183c8a5f44c82988c6bb11daa9f39778a76740e646f298090d3f6cf8916a8e95bc12a53146d5241dd69ea608e34f996ed830d5bda416a2fc261622a76b420
+DIST keycloak-bin-25.0.6.tar.gz 146485072 BLAKE2B f2cbb7ca94d455847ec41111a81c9281e2fdc081b05c63e2d31a3950e577245aad79bff52451edd10259f887b930c7546397159279024761fc46f58bb2d3aac5
+DIST keycloak-bin-26.0.0.tar.gz 146813779 BLAKE2B f83fe4b7fc4368c9998093334ed0e31af2dc091fd3f0e3059c520670d9b8eb0ceef7151bd7c04eaaec7415cdbffc3749434b0c7c9d60e092af35e9e2e9aca7b1

net-misc/keycloak-bin/files/kc.sh

@@ -10,4 +10,4 @@ if [[ -r $env_file ]]; then
     fi
   done <"$env_file"
 fi
-eval exec @EROOT@/opt/keycloak-bin/bin/kc.sh "$@"
+exec @EROOT@/opt/keycloak-bin/bin/kc.sh "$@"

net-misc/keycloak-bin/files/keycloak.conf

@@ -0,0 +1,60 @@
+# Basic settings for running in production. Change accordingly before deploying the server.
+
+# Database
+
+# The database vendor.
+#db=postgres
+
+# The username of the database user.
+#db-username=keycloak
+
+# The password of the database user.
+#db-password=password
+
+# The full database JDBC URL. If not provided, a default URL is set based on the selected database vendor.
+#db-url=jdbc:postgresql://localhost/keycloak
+
+# Observability
+
+# If the server should expose healthcheck endpoints.
+#health-enabled=true
+
+# If the server should expose metrics endpoints.
+#metrics-enabled=true
+
+# HTTP
+
+# The file path to a server certificate or certificate chain in PEM format.
+#https-certificate-file=${kc.home.dir}conf/server.crt.pem
+
+# The file path to a private key in PEM format.
+#https-certificate-key-file=${kc.home.dir}conf/server.key.pem
+
+# The proxy address forwarding mode if the server is behind a reverse proxy.
+# 'proxy' is deprecated, see: https://www.keycloak.org/docs/latest/upgrading/index.html#deprecated-proxy-option
+#    Deprecated usage              New usage
+#    kc.sh --proxy none            kc.sh
+#    kc.sh --proxy edge            kc.sh --proxy-headers forwarded|xforwarded --http-enabled true
+#    kc.sh --proxy passthrough     kc.sh --hostname-port 80|443 (depending if HTTPS is used)
+#    kc.sh --proxy reencrypt       kc.sh --proxy-headers forwarded|xforwarded
+# For hardened security, the --proxy-headers option does not allow selecting
+# both forwarded and xforwarded values at the same time (as it was the case
+# before for --proxy edge and --proxy reencrypt).
+# When using the proxy headers option, make sure your reverse proxy properly
+# sets and overwrites the Forwarded or X-Forwarded-* headers respectively.
+# To set these headers, consult the documentation for your reverse proxy.
+# Misconfiguration will leave Keycloak exposed to security vulnerabilities.
+#proxy-headers=xforwarded
+#http-enabled=true
+
+# Do not attach route to cookies and rely on the session affinity capabilities from reverse proxy
+#spi-sticky-session-encoder-infinispan-should-attach-route=false
+
+# Hostname for the Keycloak server.
+# see https://www.keycloak.org/server/hostname
+#hostname=myhostname
+
+# Enables a set of one or more features.
+# see https://www.keycloak.org/server/features
+#features="<name>[,<name>]"
+

net-misc/keycloak-bin/keycloak-bin-21.0.1.ebuild → net-misc/keycloak-bin/keycloak-bin-25.0.6.ebuild

@@ -45,13 +45,12 @@ src_install() {
 	fowners -R keycloak:keycloak /var/lib/keycloak
 
 	insinto /etc/keycloak
-	doins conf/cache-ispn.xml conf/keycloak.conf "$FILESDIR"/quarkus.properties
+	doins conf/cache-ispn.xml "$FILESDIR"/keycloak.conf
 	newins "$FILESDIR"/keycloak.runtime.env runtime.env
 	fowners -R keycloak:keycloak /etc/keycloak
 	fperms -R o-rwx /etc/keycloak
 
 	keepdir /opt/keycloak-bin/conf
-	dosym -r /etc/keycloak/quarkus.properties /opt/keycloak-bin/conf/quarkus.properties
 	dosym -r /etc/keycloak/cache-ispn.xml /opt/keycloak-bin/conf/cache-ispn.xml
 	dosym -r /etc/keycloak/keycloak.conf /opt/keycloak-bin/conf/keycloak.conf
 	dosym -r /var/lib/keycloak/providers /opt/keycloak-bin/providers
@@ -67,60 +66,74 @@ src_install() {
 	systemd_install_serviced "${FILESDIR}"/keycloak.service.conf keycloak
 }
 
-pkg_preinst() {
-	sed -Ei "s/@EROOT@/${EROOT//\//\\\/}/" "$ED"/usr/bin/kc.sh || die
-
-	# set the newest available java_vm for user keycloak
+_do_eselect_user_jvm() {
+	# set the newest available java_vm or user specified one (with EMERGE_KC_JVM env var) for user keycloak
 	# prevent the system java_vm is set to 8 which causes keycloak a fatal error
-	local jvm=0 selected=0 minver=11
-	local -a available_jvm
+	local jvm=0 selected=0 selected_fallback=0 minver=11
 	while read -r _ jvm _; do
-		if (( ${jvm##*-} < $minver )); then
-			continue
-		fi
-		if (( ${jvm##*-} > ${selected##*-} )); then
-			selected=$jvm
+		local jvm_version="${jvm##*-}"
+		if [[ $jvm_version =~ ^[[:digit:]]+$ ]]; then
+			if (( jvm_version < minver )); then
+				continue
+			fi
+			if [[ "$EMERGE_KC_JVM" == "$jvm" || "$EMERGE_KC_JVM" == "$jvm_version" ]]; then
+				selected="$jvm"
+				declare -g EMERGE_KC_JVM="$jvm"
+				break
+			fi
+			if (( jvm_version > ${selected_fallback##*-} )); then
+				selected_fallback=$jvm
+			fi
 		fi
 	done <<<"$(eselect java-vm list | tail -n +2)"
+	if [[ -z $EMERGE_KC_JVM ]]; then
+		selected="$selected_fallback"
+	fi
 	if [[ $selected == 0 ]]; then
-		eerror "No available java_vm for keycloak-bin!"
-	else
-		su -s /bin/sh -c "eselect java-vm set user $selected" - keycloak
+		if [[ $selected_fallback != 0 ]]; then
+			ewarn "No available java_vm with specified EMERGE_KC_JVM ('$EMERGE_KC_JVM'),"
+			ewarn "fallback to '$selected_fallback'"
+			selected="$selected_fallback"
+		else
+			eerror "No available java_vm for keycloak-bin!"
+			die
+		fi
 	fi
+	su -s /bin/sh -c "eselect java-vm set user $selected" - keycloak
 	elog "JAVA VM for user: $(su -s /bin/sh -c 'whoami' - keycloak)"
-	su -s /bin/sh -c 'eselect java-vm show' - keycloak
+	elog "$(su -s /bin/sh -c 'eselect --color java-vm show' - keycloak 2>&1)"
+	elog "or you can setup a java_vm with the 'EMERGE_KC_JVM' env variable when installing."
+	elog
+}
+
+pkg_preinst() {
+	sed -Ei "s/@EROOT@/${EROOT//\//\\\/}/" "$ED"/usr/bin/kc.sh || die
+
+	_do_eselect_user_jvm
 
 	# install the bash completion script
 	# generate from keycloak to make sure it always satisfies the lastest version
-	local bashcmpp0="${T}/bash-completion.sh"
-	export JAVA_HOME=$(su -s /bin/sh -c "java -XshowSettings:properties -version 2>&1 | grep 'java.home'" - keycloak)
+	#
+	local bashcmpp0="${T}/completion.sh"
+	JAVA_HOME=$(su -s /bin/sh -c "java -XshowSettings:properties -version 2>&1 | grep 'java.home'" - keycloak)
 	JAVA_HOME=${JAVA_HOME#*=}
 	JAVA_HOME=${JAVA_HOME## }
+	export JAVA_HOME
 	"${ED}"/opt/keycloak-bin/bin/kc.sh tools completion >"$bashcmpp0" || die
-	local cutLN=$(awk '/^Next time/ {print NR}' "$bashcmpp0")
-	if [[ -n $cutLN ]]; then
-		sed -Ei "${cutLN},\$d" "$bashcmpp0" || die
-		cutLN=
-	fi
-	cutLN=$(awk '/^Changes detected/ {print NR}' "$bashcmpp0")
-	if [[ -n $cutLN ]]; then
-		sed -Ei "${cutLN}d" "$bashcmpp0" || die
-	fi
-	sed -Ei "/^$/d" "$bashcmpp0" || die
-	sed -Ei '$s/kc.sh/realcomp/;$s/ kc[^[:space:]]*//g;$s/[[:space:]]+realcomp/ kc.sh/' \
-		"$bashcmpp0" || die
+	unset JAVA_HOME  # we should unset it here to prevent kc.sh always use this JAVA_HOME value in the pkg_config phase
 	newbashcomp "$bashcmpp0" kc.sh
 }
 
 pkg_postinst() {
-	echo
 	elog "Please set/add proper build options in file '${EROOT}/etc/keycloak/keycloak.conf',"
 	elog "  or 'KC_*' env vars (higher priority) in file '${EROOT}/etc/keycloak/runtime.env',"
 	elog "  the details: https://www.keycloak.org/server/all-config?f=build"
 	elog "  (a set of suggested vars: KC_DB, KC_FEATURES, KC_HEALTH_ENABLED)"
 	elog "and than run:"
 	elog "  # emerge --config '=${CATEGORY}/${P}'"
 	elog "before starting the daemon."
+	elog "(Every time you edit keycloak.conf or runtime.env for build arguments,"
+	elog " you should run the above command again to configure keycloak.)"
 	elog
 	elog "If a build option is found at startup with an equal value to the value used"
 	elog "when invoking the \`build\`, it gets silently ignored when using the \`--optimized\`"
@@ -130,15 +143,20 @@ pkg_postinst() {
 	elog "So, whenever pre-built build options change, you have to re-configure before starting."
 	elog
 	elog "Variables 'KEYCLOAK_ADMIN' and 'KEYCLOAK_ADMIN_PASSWORD' can be used to initial"
-	elog "an admin account, just export them in CLI before the first start."
-	echo
+	elog "an admin account, just export them in CLI when first start."
+	elog
+	ewarn "Please always check the migration notes:"
+	ewarn "  https://www.keycloak.org/docs/latest/upgrading/index.html"
+	ewarn "when you upgrade."
 }
 
 pkg_config() {
-	export HOME=$(ls -1d ~keycloak) SHELL=/bin/bash USER=keycloak LOGNAME=keycloak
+	HOME=$(ls -1d ~keycloak) || die
+	SHELL=/bin/bash USER=keycloak LOGNAME=keycloak
+	export HOME SHELL USER LOGNAME
+
 	local pre_exported_kc_vars
 	pre_exported_kc_vars="$(export -p | grep -E '^declare -x KC_' | sed 's/^declare -x //')"
-	echo
 	elog "configuration prioritisation:"
 	elog "  1. exported KC_* variables (in the file '${EROOT}/etc/keycloak/runtime.env')"
 	# this may be a bug or special consideration in portage
@@ -155,8 +173,12 @@ pkg_config() {
 		ewarn "     - (can be override by variables in the above runtime.env file)"
 	fi
 	elog "  2. build options listed in the '${EROOT}/etc/keycloak/keycloak.conf' file"
-	echo
+	elog
 	chown -R keycloak:keycloak "$EROOT"/opt/keycloak-bin/lib
+	if ! su -p -c "java --version" keycloak; then
+		# reset the java_vm due to the java command failed
+		_do_eselect_user_jvm
+	fi
 	su -p -c "'${EROOT}'/opt/keycloak-bin/bin/kc.sh build" keycloak
 	su -p -c "'${EROOT}'/opt/keycloak-bin/bin/kc.sh show-config" keycloak
 	echo