www-apps/keycloak-bin: new package, add 23.0.7

Signed-off-by: Federico Justus Denkena <federico.denkena@posteo.de>
2024-03-02 14:31:14 +01:00
parent 6f0b29e914
commit 9ec1b49987
10 changed files with 304 additions and 0 deletions
--- a/www-apps/keycloak-bin/files/kc.sh
+++ b/www-apps/keycloak-bin/files/kc.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+#
+env_file="@EROOT@/etc/keycloak/runtime.env"
+if [[ -r $env_file ]]; then
+  while read -r line; do
+    if [[ ${line} =~ ^[[:space:]]*export[[:space:]]+[[:alpha:]_][[:alnum:]_]*= ]]; then
+      eval "$line"
+    elif [[ ${line} =~ ^[[:space:]]*[[:alpha:]_][[:alnum:]_]*= ]]; then
+      eval "export $line"
+    fi
+  done <"$env_file"
+fi
+eval exec @EROOT@/opt/keycloak-bin/bin/kc.sh "$@"
--- a/www-apps/keycloak-bin/files/keycloak.confd
+++ b/www-apps/keycloak-bin/files/keycloak.confd
@@ -0,0 +1,10 @@
+# openrc config file for keycloak service
+
+# development mode or not
+#DEVMODE="true"
+
+# additional options
+OPTS=
+
+# log to syslog
+SYSLOG="false"
--- a/www-apps/keycloak-bin/files/keycloak.initd
+++ b/www-apps/keycloak-bin/files/keycloak.initd
@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="keycloak daemon"
+description="Open Source Identity and Access Management"
+
+command="/usr/bin/kc.sh"
+command_args="start$(yesno DEVMODE && echo -n '-dev' || echo -n ' --optimized') ${OPTS}"
+command_user="keycloak:keycloak"
+command_background=true
+pidfile="/run/${RC_SVCNAME}.pid"
+
+output_log=
+error_log=
+output_logger=
+error_logger=
+
+depend() {
+  need net
+  after logger
+}
+
+start_pre() {
+  if yesno SYSLOG && logger -t ${RC_SVCNAME} 'logger: start pre check ...'; then
+    # the pid logged is the pid of subprocess, logger
+    local logger_cmd="logger -t ${RC_SVCNAME}"
+    output_logger="${logger_cmd}"
+    error_logger="${logger_cmd}"
+    unset output_log error_log
+  else
+    local log="/var/log/${RC_SVCNAME}/keycloak.log"
+    checkpath -d -m 750 -o ${command_user} "${log%/keycloak.log}"
+    output_log="$log"
+    error_log="$log"
+    unset output_logger error_logger
+  fi
+}
--- a/www-apps/keycloak-bin/files/keycloak.runtime.env
+++ b/www-apps/keycloak-bin/files/keycloak.runtime.env
@@ -0,0 +1,19 @@
+# specify the JAVA_HOME instead of the default java command
+# which is the newest 'user_vm' configured via `emerge --config net-misc/keycloak`
+#JAVA_HOME=
+
+# The system properties 'java.net.preferIPv4Stack'
+# and 'java.net.preferIPv6Addresses' are used to
+# configure the JVM for use with IPv4 or IPv6 addresses.
+# By default, Keycloak is configured to prefer IPv4 addresses.
+# In order to run with IPv6 addresses, you need to specify
+# 'java.net.preferIPv4Stack=false' (the JVM default) and
+# 'java.net.preferIPv6Addresses=true'. The latter ensures that
+# any hostname to IP address conversions always return IPv6 address variants.
+# The default is:
+#JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8"
+# you may need:
+#JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true"
+
+# Enable debug mode for java with JDWP
+#DEBUG_MODE="true"
--- a/www-apps/keycloak-bin/files/keycloak.service
+++ b/www-apps/keycloak-bin/files/keycloak.service
@@ -0,0 +1,21 @@
+[Unit]
+Description=keycloak daemon
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/opt/keycloak-bin/bin/kc.sh start --optimized
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/keycloak
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
--- a/www-apps/keycloak-bin/files/keycloak.service.conf
+++ b/www-apps/keycloak-bin/files/keycloak.service.conf
@@ -0,0 +1,4 @@
+[Service]
+User=keycloak
+Group=keycloak
+# ExecStart=/opt/keycloak-bin/bin/kc.sh start-dev
--- a/www-apps/keycloak-bin/files/quarkus.properties
+++ b/www-apps/keycloak-bin/files/quarkus.properties
@@ -0,0 +1,2 @@
+# Bug: https://github.com/keycloak/keycloak/issues/15255
+#quarkus.transaction-manager.enable-recovery=true