1 Check Changes
- 1.1 Logback Version
- 1.2 SLF4J Version
- 1.3 start.d/idp.ini
- 1.4 start.d/idp.ini.rewrite.property.names
- 1.5 start.d/idp-system.ini
- 1.6 etc/jetty-ssl-context.xml
2 Build & Release

The embedded Jetty that is installed by with Windows IdP installer requires a forked version of the standard 9.4 jetty-base. This differs from the standard by the addition of four files and the modification of one. Since the branch is not used in regular testing, part of the preparation for building the Windows installer is due diligence on this branch.

It is easiest to do this if you have the git repository cloned and updated

This project has no J2EE/jakarta dependencies and so works with both the 10.x.y and 11.x.y versions of jetty - subject to the version of logback deployed being pinned (see below)

Check Changes

First, we need to track any changes in the origin\11 branch. Cherry pick in any appropriate changes.

We need to track breaking changes in jetty.

A potential quick cut is to difference the jetty sources between the two tags

git diff jetty-10.0.9 jetty-10.0.10 jetty-deploy/src/main/config/etc/jetty-deploy.xml

and so forth.

Logback Version

Check the logback version in the top level pom for the jetty project and amend as appropriate

<logback.version>1.3.5</logback.version>

You must also override the version in start.d\idp-system.ini and in the jetty base pom

The Jetty 11 and Jetty 10 versions no longer interoperate so you need to make changes in the jetty11 and the jetty 10 branches. In practise this does not need to be revised unless there is a logback issue.

SLF4J Version

Check the slf4j version in the top level pom for the jetty project and amend as appropriate

<slf4j.version>2.0.5</slf4j.version>

You should also override the version in start.d\idp-system.ini This is defensive against Jetty 10 and Jetty 11 versions drifting apart

The change must be made in the pom as well as the start.d\idp-system.ini

`start.d/idp.ini`

Any changes to this file may need to be reflected in changes to the file idp.ini.rewrite.property.names and/or idp.ini.windows and/or idp-system.windows

Properties new to idp.ini that occur in idp.ini.rewrite.property.names should be added to idp-system.ini if they are required
Properties name changes must be added to idp.ini.rewrite.property.names. Note that the name changes are cumulative
Properties new to idp.ini that do not occur in idp.ini.rewrite.property.names should be added to idp.ini.windows if they are required. Add them below the "don't change these values" lines.

`start.d/idp.ini.rewrite.property.names`

The target property names (values) starting with jetty. should be checked against the distribution xml files to ensure that they are still valid.

`start.d/idp-system.ini`

This is reserved to you to change as requirements change,

`etc/jetty-ssl-context.xml`

The is the most complex change and potentially the most fragile. In general if this file has not changed since the last release (folder jetty-server\src\main\config\etc and the file jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java has not changed either then no changes are needed.

The explicit changes are:

--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml
+++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml
@@ -5,25 +5,10 @@
     <Arg>
       <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
         <Set name="Provider" property="jetty.sslContext.provider" />
-        <Set name="KeyStorePath">
-          <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
-            <Arg><Property name="jetty.base"/></Arg>
-            <Arg><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Arg>
-          </Call>
-        </Set>
+        <Set name="KeyStorePath"><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Set>
         <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" /></Set>
         <Set name="KeyStoreType" property="jetty.sslContext.keyStoreType" />
         <Set name="KeyStoreProvider" property="jetty.sslContext.keyStoreProvider" />
-        <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" /></Set>
-        <Set name="TrustStorePath">
-          <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration">
-            <Arg><Property name="jetty.base"/></Arg>
-            <Arg><Property name="jetty.sslContext.trustStorePath" deprecated="jetty.sslContext.trustStoreAbsolutePath,jetty.truststore" /></Arg>
-          </Call>
-        </Set>
-        <Set name="TrustStorePassword" property="jetty.sslContext.trustStorePassword" />
-        <Set name="TrustStoreType" property="jetty.sslContext.trustStoreType" />
-        <Set name="TrustStoreProvider" property="jetty.sslContext.trustStoreProvider" />
         <Set name="EndpointIdentificationAlgorithm" property="jetty.sslContext.endpointIdentificationAlgorithm" />
         <Set name="NeedClientAuth" property="jetty.sslContext.needClientAuth" />
         <Set name="WantClientAuth" property="jetty.sslContext.wantClientAuth" />

Deconstructed this change is

Remove the prefixing of KeyStorePath with ${Jetty.base},this allows absolute paths to be used. Procrun is setup to allow relative paths to use this shortcut.
Remove the explicit setting of 5 bean properties, allowing the Java defaults to take over.. These can be checked in jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java
- KeyManagerPassword This is used in getKeyManagers(). Having it not set means it defaults to the KeyStorePassword
- TrustStore reading the loadTrustStore will show that if these three properties are not set then the keystore is used.

etc\jetty-requestlog.xml

This should track the version checked into the 10 branch

Java files to look are
- jetty-server\src\main\java\org\eclipse\jetty\server\Slf4jRequestLogWriter.java
- jetty-server\src\main\java\org\eclipse\jetty\server\CustomRequestLog.java

Build & Release

This should be done within a docker build container

# for interactive passphrase entry (maybe not required for others)
export GPG_TTY=$(tty) 
# somewhere to store a tmp maven repo
export REPO=/tmp/rodsrepo
cd /tmp
git clone git@git.shibboleth.net:java-idp-jetty-base
cd java-idp-jetty-base
git checkout -b 10-windows --track origin/10-windows

mvn -Dmaven.repo.local=$REPO -Prelease clean verify

mvn -Dmaven.repo.local=$REPO -DgenerateBackupPoms=false -DnewVersion=10.0.0.8-WINDOWS versions:set

# Edit pom.xml, bump dependency versions to release
# vi pom.xml

# Be sure there are not SNAPSHOT deps in any pom (from base dir).
find . -name 'pom.xml' -exec grep SNAPSHOT {} \;
# If the output contains SNAPSHOTs change to release

mvn -Dmaven.repo.local=$REPO -Prelease clean verify

git add -A
git commit -m 'Update files to be tagged for release'
git tag -s -m 'Tag 10.0.0.8-WINDOWS release' 10.0.0.8-WINDOWS

mvn -Dmaven.repo.local=$REPO -DgenerateBackupPoms=false -DnewVersion=10.0.0.9-WINDOWS-SNAPSHOT versions:set

# Be sure there are SNAPSHOTs in the right places.
find . -name 'pom.xml' -exec grep SNAPSHOT {} \;

git add -A
git commit -m 'Bump version after release'

cd /tmp/java-idp-jetty-base

git checkout 10.0.0.8-WINDOWS
mvn -Dmaven.repo.local=$REPO -Prelease,sign clean verify

## commit the work
ssh -L 1581:127.0.0.1:1581 -N build.shibboleth.net -f
mvn -Dmaven.repo.local=$REPO -DskipTests -DdeployAtEnd=true -Prelease,sign deploy

git checkout 10-windows
git push origin 10-windows
git push origin 10.0.0.8-WINDOWS

Development Center

JettyBase10ForWindows