...
| Code Block |
|---|
ssh -L 1581:127.0.0.1:1581 -N build.shibboleth.net -f REM or use Putty set VERSION=5.1.52 set NEXUS_URL=http://127.0.0.1:1581/nexus/content/repositories/releases set REPO_ID=release SET CL1=mvn -Dmaven.repo.local=%MAVEN_REPO% gpg:sign-and-deploy-file -Durl=%NEXUS_URL% -DrepositoryId=%REPO_ID% SET CL2=-Dfile=shibboleth-identity-provider-%VERSION%-x64.msi -DgroupId=net.shibboleth.idp -DartifactId=idp-msi SET CL3=-Dversion=%VERSION% -DgeneratePom=false -Dclassifier=msi Set SIGN_AND_DEPLOY=%CL1% %CL2% %CL3% %SIGN_AND_DEPLOY% |
If you are deploying a version with a non zero version (e.g. 5.1.2.1) you will need to rename the msi file by hand
Building a Release of the Jetty Base installer
...
Updating Jetty Base
The following is for a minor version change. Major version changes usually involved new contents and potentially manipulation of the idp.ini file (the only user configurable part of this install.
The following is for Jetty11
Preparation
Checkout the source of the relevant jetty version
| Code Block |
|---|
git checkout jetty-11.0.20 |
Update the pom to reflect the jettt and procrun versions
| Code Block |
|---|
<procrun.version>1.3.4</procrun.version>
<jetty.version>11.0.20</jetty.version> |
Logback and SLF4J Version
The versions are specified in the top level pom file of the jetty project
| Code Block |
|---|
<logback.version>1.4.14</logback.version>
<slf4j.version>2.0.9</slf4j.version> |
This changes have to be mirrored in the pom file for the jetty base project and the src/main/resources/jetty-base/start.d.dist/idp-system.ini file
| Code Block |
|---|
logback.version=1.4.14
slf4j.version=2.0.9 |
etc/jetty-ssl-context.xml
The is the most complex change and potentially the most fragile. Charges are needed if either of these two files have changed in Jetty
jetty-server/src/main/config/etc/jetty-ssl-context.xml
jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java
You can check this with a command like this
| Code Block |
|---|
git diff jetty-11.0.18 jetty-11.0.20 jetty-server/src/main/config/etc/jetty-ssl-context.xml
git diff jetty-11.0.18 jetty-11.0.20 jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java |
The explicit changes are:
| Code Block |
|---|
--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
@@ -5,25 +5,10 @@
<Arg>
<New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
<Set name="Provider" property="jetty.sslContext.provider" />
- <Set name="KeyStorePath">
- <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
- <Arg><Property name="jetty.base"/></Arg>
- <Arg><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Arg>
- </Call>
- </Set>
+ <Set name="KeyStorePath"><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" /></Set>
<Set name="KeyStoreType" property="jetty.sslContext.keyStoreType" />
<Set name="KeyStoreProvider" property="jetty.sslContext.keyStoreProvider" />
- <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" /></Set>
- <Set name="TrustStorePath">
- <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
- <Arg><Property name="jetty.base"/></Arg>
- <Arg><Property name="jetty.sslContext.trustStorePath" deprecated="jetty.sslContext.trustStoreAbsolutePath,jetty.truststore" /></Arg>
- </Call>
- </Set>
- <Set name="TrustStorePassword" property="jetty.sslContext.trustStorePassword" />
- <Set name="TrustStoreType" property="jetty.sslContext.trustStoreType" />
- <Set name="TrustStoreProvider" property="jetty.sslContext.trustStoreProvider" />
<Set name="EndpointIdentificationAlgorithm" property="jetty.sslContext.endpointIdentificationAlgorithm" />
<Set name="NeedClientAuth" property="jetty.sslContext.needClientAuth" />
<Set name="WantClientAuth" property="jetty.sslContext.wantClientAuth" /> |
Deconstructed this change is
Remove the prefixing of
KeyStorePathwith${Jetty.base},this allows absolute paths to be used. Procrun is setup to allow relative paths to use this shortcut.Remove the explicit setting of 5 bean properties, allowing the Java defaults to take over.. These can be checked in
jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.javaKeyManagerPasswordThis is used ingetKeyManagers().Having it not set means it defaults to the KeyStorePasswordTrustStore reading the
loadTrustStorewill show that if these three properties are not set then the keystore is used.
With Jetty12 we will try to get around these issues
Jetty12
For jetty-12 we track the project version of jetty base. The Branch we build from is currently named dev/IDP-2285
Preparation
Clone and checkout the correct branch
Code Block git clone -b dev/IDP-2285 git@git.shibboleth.net:java-idp-jetty-base cd java-idp-jetty-baseMerge (not rebase) forward to the latest changes on the
12branchCode Block get merge 12Update the pom to reflect the jettty and procrun versions
| Code Block |
|---|
<version>12.0.9.0-SNAPSHOT</version>
<properties>
<jetty.version>12.0.9</jetty.version>
<procrun.version>1.3.4</procrun.version>
|
Commit the changes
Building the Jetty-Base Installer
...
| Code Block |
|---|
git checkout 11-windows git push origin 11-windows git push origin %JETTY_TAG% |
There are two batch files src\main\bin\setrepos.bat and src\main\bin\setvariables.bat which set things up.