Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

The embedded Jetty that is installed by with Windows IdP installer requires a forked version of the standard 9.4 jetty-base.  This differs from the standard by the addition of four files and the modification of one.  Since the branch is not used in regular testing, part of the preparation for building the Windows installer is due diligence on this branch.

It is easiest to do this if you have the git repository cloned and updated

Check Changes

We need to track any changes to the 10 branch and and breaking changes in jetty itself.

A potential quick cut is to difference the jetty sources between the two tags

git diff jetty-10.0.9 jetty-10.0.9 jetty-deploy/src/main/config/etc/jetty-deploy.xml

and so forth.

start.d/idp.ini

Any changes to this file may need to be reflected in changes to the file idp.ini.rewrite.property.names and/or idp.ini.windows and/or idp-system.windows

  • Properties new to idp.ini that are occur in idp.ini.rewrite.property.names should be added to idp-system.ini if they are required

  • Properties name changes must be added to idp.ini.rewrite.property.names.  Note that the name changes are cumulative

  • Properties new to idp.ini that do not occur in idp.ini.rewrite.property.names should be added to idp.ini.windows if they are required.  Add them below the "don't change these values" lines.

start.d/idp.ini.rewrite.property.names

The target property names (values) starting with jetty. should be checked against the distribution xml files to ensure that they are still valid.  

start.d/idp-system.ini

This is reserved to you to change as requirements change,

etc/jetty-ssl-context.xml 

The is the most complex change and potentially the most fragile.  In general if this file has not changed since the last release (folder jetty-server\src\main\config\etc and the file jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java  has not changed either then no changes are needed. 

The explicit changes are:

--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
@@ -5,25 +5,10 @@
     <Arg>
       <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
         <Set name="Provider" property="jetty.sslContext.provider" />
-        <Set name="KeyStorePath">
-          <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
-            <Arg><Property name="jetty.base"/></Arg>
-            <Arg><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Arg>
-          </Call>
-        </Set>
+        <Set name="KeyStorePath"><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Set>
         <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" /></Set>
         <Set name="KeyStoreType" property="jetty.sslContext.keyStoreType" />
         <Set name="KeyStoreProvider" property="jetty.sslContext.keyStoreProvider" />
-        <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" /></Set>
-        <Set name="TrustStorePath">
-          <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
-            <Arg><Property name="jetty.base"/></Arg>
-            <Arg><Property name="jetty.sslContext.trustStorePath" deprecated="jetty.sslContext.trustStoreAbsolutePath,jetty.truststore" /></Arg>
-          </Call>
-        </Set>
-        <Set name="TrustStorePassword" property="jetty.sslContext.trustStorePassword" />
-        <Set name="TrustStoreType" property="jetty.sslContext.trustStoreType" />
-        <Set name="TrustStoreProvider" property="jetty.sslContext.trustStoreProvider" />
         <Set name="EndpointIdentificationAlgorithm" property="jetty.sslContext.endpointIdentificationAlgorithm" />
         <Set name="NeedClientAuth" property="jetty.sslContext.needClientAuth" />
         <Set name="WantClientAuth" property="jetty.sslContext.wantClientAuth" />


Deconstructed this change is

  • Remove the prefixing of KeyStorePath with ${Jetty.base},this  allows absolute paths to be used.  Procrun is setup to allow relative paths to use this shortcut.

  • Remove the explicit setting of 5 bean properties, allowing the Java defaults to take over..  These can be checked in jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java

    • KeyManagerPassword This is used in getKeyManagers().  Having it not set  means it defaults to the KeyStorePassword

    • TrustStore reading the loadTrustStore will show that if these three properties are not set then the keystore is used.

etc\jetty-requestlog.xml

This should track the version checked into the 10 branch

Logging versions

If you this changes then you need to change the pom. You can also overrride the version in start.d\idp-system.ini

Build

Having completed the review the artefact used to build the installer can be created.  You should change version in the pom file to reflect the Jetty version.

cd java-idp-jetty-base
mvn install -D maven.repo.local=.... -D net.shibboleth.maven.enforcer.rules.checkM2=true

The built artifact can now be used in the build of the installer

Tag and push

Once the installer has been created the branch should be tagged.  The tag is associated with the Jetty version

git tag -s -m "Tag Windows jetty-base 3.4.0.0" 9.4.30.v20200611-jetty-distribution-windows
git push [-n] origin 9.4.30.v20200611-jetty-distribution-windows

Revise the version back into pom and push the branch.

  • No labels