JettyBase9.4ForWindows
The embedded Jetty that is installed by with Windows IdP installer requires a forked version of the standard 9.4 jetty-base. This differs from the standard by the addition of four files and the modification of one. Since the branch is not used in regular testing, part of the preparation for building the Windows installer is due diligence on this branch.
It is easiest to do this if you have the git repository cloned and updated
Check Changes
We need to track any changes to the 9.4 branch and and breaking changes in jetty itself.
A potential quick cut is to difference the jetty sources between the two tags
git diff jetty-9.4.30.v20200611 jetty-9.4.28.v20200408 jetty-deploy/src/main/config/etc/jetty-deploy.xml
and so forth.
modules/logging-logback.mod
This should differ from the one in the distribution/git (in directory jetty-util\src\main\config\modules
) purely by the removal of the lines to do with forked operation
@@ -14,5 +14,3 @@ logback-impl
[provides]
logging
-[exec]
--Dorg.eclipse.jetty.util.log.class?=org.eclipse.jetty.util.log.Slf4jLog
The setting of this system variable is done inside the configuration of procrun.
etc/jetty-deploy.xml
This should differ from the one in the distribution/git (in directory jetty-deploy\src\main\config\etc
) only in that the commented out section on how to include a property file is commented in and points to idp.ini
--- a/etty-deploy/src/main/config/etc/jetty-deploy.xml
+++ b/./jetty-deploy.xml
@@ -59,9 +59,8 @@
<Set name="extractWars"><Property name="jetty.deploy.extractWars" default="true"/></Set>
<Set name="configurationManager">
<New class="org.eclipse.jetty.deploy.PropertiesConfigurationManager">
- <!-- file of context configuration properties
- <Set name="file"><SystemProperty name="jetty.base"/>/etc/some.properties</Set>
- -->
+ <!-- file of context configuration properties -->
+ <Set name="file"><SystemProperty name="jetty.base"/>/start.d/idp.ini</Set>
<!-- set a context configuration property
<Call name="put"><Arg>name</Arg><Arg>value</Arg></Call>
-->
start.d/idp.ini
Any changes to this file may need to be reflected in changes to the file idp.ini.rewrite.property.names
and/or idp.ini.windows
and/or idp-system.windows
Properties new to
idp.ini
that are occur inidp.ini.rewrite.property.names
should be added toidp-system.ini
if they are requiredProperties name changes must be added to
idp.ini.rewrite.property.names
. Note that the name changes are cumulativeProperties new to
idp.ini
that do not occur inidp.ini.rewrite.property.names
should be added toidp.ini.windows
if they are required. Add them below the "don't change these values" lines.
start.d/idp.ini.rewrite.property.names
The target property names (values) starting with jetty.
should be checked against the distribution xml files to ensure that they are still valid.
etc/jetty-ssl-context.xml
The is the most complex change and potentially the most fragile. In general if this file has not changed since the last release (folder jetty-server\src\main\config\etc
and the file jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java
has not changed either then no changes are needed.
The explicit changes are:
--- a/./jetty-ssl-context.xml
+++ b/etty-server/src/main/config/etc/jetty-ssl-context.xml
@@ -12,10 +12,15 @@
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
- <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
+ <Set name="KeyStorePath"><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" deprecated="jetty.keystore.password" default="OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"/></Set>
<Set name="KeyStoreType"><Property name="jetty.sslContext.keyStoreType" default="JKS"/></Set>
<Set name="KeyStoreProvider"><Property name="jetty.sslContext.keyStoreProvider"/></Set>
- <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" deprecated="jetty.keymanager.password" default="OBF:1u2u1wml1z7s1z7a1wnl1u2g"/></Set>
- <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.sslContext.trustStorePath" deprecated="jetty.truststore" default="etc/keystore"/></Set>
- <Set name="TrustStorePassword"><Property name="jetty.sslContext.trustStorePassword" deprecated="jetty.truststore.password"/></Set>
- <Set name="TrustStoreType"><Property name="jetty.sslContext.trustStoreType"/></Set>
- <Set name="TrustStoreProvider"><Property name="jetty.sslContext.trustStoreProvider"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
Deconstructed this change is
Remove the prefixing of
KeyStorePath
with${Jetty.base}
,this allows absolute paths to be used. Procrun is setup to allow relative paths to use this shortcut.Remove the explicit setting of 5 bean properties, allowing the Java defaults to take over.. These can be checked in
jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java
KeyManagerPassword
This is used ingetKeyManagers().
Having it not set means it defaults to the KeyStorePasswordTrustStore reading the
loadTrustStore
will show that if these three properties are not set then the keystore is used.
Logging versions
The versions of logback and slf4j need to match the version that jetty ships with. Check the version in the pom file for jetty base with the version at the top level if jetty.project
Build
Having completed the review the artefact used to build the installer can be created. You should change version in the pom file to reflect the Jetty version.
The build artefact can now be used in the build of the installer
Tag and push
Once the installer has been created the branch should be tagged. The tag is associated with the Jetty version
Revise the version back into pom and push the branch.