Am Sonntag, dem 05.11.2023 um 16:33 +0000 schrieb Adam D. Barratt: > [...] > Do you have an idea how simple rebuilding the bullseye package on > buster would be? I'm happy to try that in general, but I've not really > looked at the Java ecosystem in Debian much.
Sorry, I missed those new or updated dependencies. That complicates the matter a little. We also have to deal with clojure here, a LISP dialect of the Java language with a different build system (leiningen), but if all dependencies were in place a rebuild would be pretty simple. As a last resort I could bundle all those dependencies together with trapperkeeper-* the Java way TM but I hope we can avoid that. The most ideal solution is a patch for the current version in Buster. I have uploaded a new revision to people.debian.org with minimal changes here: https://people.debian.org/~apo/lts/buster/trapperkeeper-webserver-jetty9-clojure/ dget - x https://people.debian.org/~apo/lts/buster/trapperkeeper-webserver-jetty9-clojure/ trapperkeeper-webserver-jetty9-clojure_1.7.0-2+deb10u1.1.dsc should work as expected. I'm attaching the debdiff as well. My solution is to replace the old SslContextFactory class with the new inner SslContextFactory.Server class but I don't know if this change has the desired effect because I couldn't test it. FTR, the already applied 0005-maint-Disable-EndpointIdentification.patch (new in version +deb10u1) is related to the problem. Actually back then it did "fix" the SSL problem and I'm a bit surprised it resurfaced now. There is also a third alternative. I could revert the split change in jetty9. https://github.com/jetty/jetty.project/pull/3480/files#diff-58640db0f8f2cd84b7e653d1c1540913 If the new revision doesn't work for you, please send me your puppetdb config, and I try to figure out a solution myself without the feedback loop delay. Thanks in advance. Regards, Markus
diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/changelog trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/changelog
--- trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/changelog 2019-09-13 11:00:50.000000000 +0200
+++ trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/changelog 2023-11-05 18:06:31.000000000 +0100
@@ -1,3 +1,10 @@
+trapperkeeper-webserver-jetty9-clojure (1.7.0-2+deb10u1.1) buster-security; urgency=medium
+
+ * Non-maintainer upload.
+ * Replace deprecated class SslContextFactory with SslContextFactory.Server.
+
+ -- Markus Koschany <a...@debian.org> Sun, 05 Nov 2023 18:06:31 +0100
+
trapperkeeper-webserver-jetty9-clojure (1.7.0-2+deb10u1) buster; urgency=medium
[ Manfred Stock ]
diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/0005-maint-Disable-EndpointIdentification.patch trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/0005-maint-Disable-EndpointIdentification.patch
--- trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/0005-maint-Disable-EndpointIdentification.patch 2019-09-13 10:54:48.000000000 +0200
+++ trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/0005-maint-Disable-EndpointIdentification.patch 2023-11-05 18:06:31.000000000 +0100
@@ -1,4 +1,3 @@
-From 9db4170381e07165078e544340e12b38676c2613 Mon Sep 17 00:00:00 2001
From: Justin Stoller <justin.stol...@gmail.com>
Date: Fri, 24 May 2019 16:10:44 -0700
Subject: [PATCH] (maint) Disable EndpointIdentification
@@ -30,10 +29,10 @@
1 file changed, 1 insertion(+)
diff --git a/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj b/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
-index 3a577bb..02e7c7d 100644
+index 99c9885..28cfef7 100644
--- a/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
+++ b/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
-@@ -197,6 +197,7 @@
+@@ -192,6 +192,7 @@
(.setKeyStore (:keystore keystore-config))
(.setKeyStorePassword (:key-password keystore-config))
(.setTrustStore (:truststore keystore-config))
@@ -41,6 +40,3 @@
;; Need to clear out the default cipher suite exclude list so
;; that Jetty doesn't potentially remove one or more ciphers
;; that we want to be included.
---
-2.20.1
-
diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/series trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/series
--- trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/series 2019-09-13 10:54:48.000000000 +0200
+++ trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/series 2023-11-05 18:06:31.000000000 +0100
@@ -3,3 +3,4 @@
0003-TK-369-Add-LifeCycleImplementingRequestLogImpl.patch
0004-Implement-LifeCycle-methods-missing-from-RequestLogI.patch
0005-maint-Disable-EndpointIdentification.patch
+SslContextFactory.patch
diff -Nru trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/SslContextFactory.patch trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/SslContextFactory.patch
--- trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/SslContextFactory.patch 1970-01-01 01:00:00.000000000 +0100
+++ trapperkeeper-webserver-jetty9-clojure-1.7.0/debian/patches/SslContextFactory.patch 2023-11-05 18:06:31.000000000 +0100
@@ -0,0 +1,57 @@
+From: Markus Koschany <a...@debian.org>
+Date: Sun, 5 Nov 2023 18:05:37 +0100
+Subject: SslContextFactory
+
+---
+ .../trapperkeeper/services/webserver/jetty9_core.clj | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj b/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
+index 28cfef7..0e65d06 100644
+--- a/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
++++ b/src/puppetlabs/trapperkeeper/services/webserver/jetty9_core.clj
+@@ -137,7 +137,7 @@
+ :overrides-read-by-webserver schema/Bool
+ :overrides (schema/maybe {schema/Keyword schema/Any})
+ :endpoints RegisteredEndpoints
+- :ssl-context-factory (schema/maybe SslContextFactory)})
++ :ssl-context-factory (schema/maybe SslContextFactory.Server)})
+
+ (def ServerContext
+ {:state (schema/atom ServerContextState)
+@@ -181,7 +181,7 @@
+ ;;; SSL Context Functions
+
+ (schema/defn ^:always-validate
+- ssl-context-factory :- SslContextFactory
++ ssl-context-factory :- SslContextFactory.Server
+ "Creates a new SslContextFactory instance from a map of SSL config options."
+ [{:keys [keystore-config client-auth ssl-crl-path cipher-suites protocols]}
+ :- config/WebserverSslContextFactory]
+@@ -218,7 +218,7 @@
+ context))
+
+ (schema/defn ^:always-validate
+- get-proxy-client-context-factory :- SslContextFactory
++ get-proxy-client-context-factory :- SslContextFactory.Server
+ [ssl-config :- ProxySslConfig]
+ (ssl-context-factory {:keystore-config
+ (config/pem-ssl-config->keystore-ssl-config
+@@ -257,7 +257,7 @@
+ [server :- Server
+ config :- (merge config/WebserverConnector
+ {schema/Keyword schema/Any})
+- ssl-ctxt-factory :- (schema/maybe SslContextFactory)]
++ ssl-ctxt-factory :- (schema/maybe SslContextFactory.Server)]
+ (let [request-size (:request-header-max-size config)
+ connector (doto (ServerConnector.
+ server
+@@ -277,7 +277,7 @@
+ ssl-connector :- ServerConnector
+ "Creates a ssl ServerConnector instance."
+ [server :- Server
+- ssl-ctxt-factory :- SslContextFactory
++ ssl-ctxt-factory :- SslContextFactory.Server
+ config :- config/WebserverSslConnector]
+ (connector* server config ssl-ctxt-factory))
+
signature.asc
Description: This is a digitally signed message part
