www-apps/keycloak-bin: new package, add 23.0.7

Signed-off-by: Federico Justus Denkena <federico.denkena@posteo.de>

www-apps/keycloak-bin/Manifest

@@ -0,0 +1,10 @@
+AUX kc.sh 404 BLAKE2B e77a122d4109f12f6a2ce75da73c839db8b7f1cdc389eaab2bbcc236c7b30f49654bf1362b78d173f1f8b8ccc68f505d2dcdca44d9a02e93c92914bb04f3002f SHA512 d6d2780823119870e6e6c10725a0affd39560823729527ad3bae3690be95f0306c47382094c8536fd47ab87b6888eec60c0298e76e5c6872691598c13cf77b66
+AUX keycloak.confd 145 BLAKE2B 95fc77bbaa9b3edba852fb8e5c3eeeff9338acca0ee20d677211fe5847a9eaeb86904ec519162620e6551e14158341c7e992abf84e9efcd6ccc368fe584cafe0 SHA512 10602ee8ac1668d4f48e19f4f12e5e62f2084f285580539df7280ffc6ffa7b0642ae043f101c801c9e831ffc1d95063aed07b7109b98795b1234801b0f1c345c
+AUX keycloak.initd 1004 BLAKE2B 6953f11f1dcb08e41ea944dd0345e61f0aaecc6c5b879ee3efeeac60dd53bdc357ceeb1cb0dc9548737c664e061dfc1ff32f10f75800d5685885de01c63a8eae SHA512 e88489b1d9de23c2b684643d523764172173a267913172ae82af69d11368269e1a08d342473a1b76beb7f68365026a14041322583c684e5f48dca87d85b21fc7
+AUX keycloak.runtime.env 1027 BLAKE2B 4f18508c1b19acaefbab9fa37cc2dd7ede83a33075e8098981415bc57baae967dab3872501af426e4cba38e3b3dd0224e8ecf7fa96c4c483cc70bd820da07f3f SHA512 007c8fff9c9036a3e2579f6cf2e3a347dd6f68a58b9aa9f688baaeb8297fec3f43ffbdb268f864ab2ef638180ce27012c935293c03497a763b5be4e8a1c80f59
+AUX keycloak.service 401 BLAKE2B 516c48e4a031bb46ea2e2cbccf5a449ad7203256b8b211338858b25d1f42fed3c43729af52eb527a7ecdad1097118d52445e7985fb4b3be0d630fc712304e587 SHA512 445cc2d5ccd3c2868fcf4b180e15c39f0500506ce458aa5e63ad9237a12dfb8b86629fd5e16c1a04f1a94f904a0b1cc437854e39e0a925613e86bf197af841d9
+AUX keycloak.service.conf 89 BLAKE2B 699ec00422403d3fe4ccbdde44d0e60e81c96a13a6add0704585f1e99907241caff2f3fcf778928962971085382c2ebe8092a89bb997fbeadf255d754d90f9b5 SHA512 0688674fb0c768d846110197f268ac638d1ca15b5f49a61314e2efb3d457a90b373d5fa807fefc5c3977710f9e562ae7aba10e45331ca41a8f34674f48091266
+AUX quarkus.properties 107 BLAKE2B 302063b4c06e198bfb0e90f37ff7190ca7aa07f310a68b5618f346469f37a682f2aaa31b928a67a2fafbf6291abfd97e60cb786241a30d1e655275bfaa7a6a54 SHA512 dabb557140585bb9d5967af568d1a7aebb60fbaa12230fa6fe465673c15a2e18768e74fb2173674f4ad1968a53dcc9881aed9cf98432f9fc3600a7a663bd0dd2
+DIST keycloak-bin-23.0.7.tar.gz 177866300 BLAKE2B c439533f7bee5d2e3d3b41d7c11de25fab3f6c398fb340f6bb04fc6053441dc0665106ff6177a02b36b76928b6fe95408bae81e4bbf0a10837d2a0e55bde8908 SHA512 4e42dc706a840653da1d5ea3626e2c6e8eb6bdc77f5593f88c5cd4216edfc4d68b72f2e8e4f6bfd6cbad8f13854585a448de2240571b8ec325d9f1e6b8a218dd
+EBUILD keycloak-bin-23.0.7.ebuild 6198 BLAKE2B 4cde2078103b14649c1047f682fa989bf5b8aaf295fdfcdbc0d7b8166d42caf69fd6cf8ce43cead1ec18bd085e7efa4b263daa2487f7f990653d12e435cddbfa SHA512 ff1c4b16323bcfbab18562d94764cddf3ae54bd37fb4957cafed601a31e7ff91d37b0d494d68357b7d503f982d375355adb5cf1374afeb1395c98527996d8416
+MISC metadata.xml 413 BLAKE2B 57f755713c69b190e716810381fd74340d3a4144de1c8eaf108e01f3947ede9d7a490707bf95bd518db4787e2fba399fc10f6b6a71b281583601d974daeb6c6c SHA512 00d5f0c68b53f531b246f805ba29efd05c81ae8f6c6e507eee6f59c11693db85b1cb830c1d53ec747685e45a8b4dcae5f80c9e560e62c2a2a55505119e3d8cc8

www-apps/keycloak-bin/files/kc.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+#
+env_file="@EROOT@/etc/keycloak/runtime.env"
+if [[ -r $env_file ]]; then
+  while read -r line; do
+    if [[ ${line} =~ ^[[:space:]]*export[[:space:]]+[[:alpha:]_][[:alnum:]_]*= ]]; then
+      eval "$line"
+    elif [[ ${line} =~ ^[[:space:]]*[[:alpha:]_][[:alnum:]_]*= ]]; then
+      eval "export $line"
+    fi
+  done <"$env_file"
+fi
+eval exec @EROOT@/opt/keycloak-bin/bin/kc.sh "$@"

www-apps/keycloak-bin/files/keycloak.confd

@@ -0,0 +1,10 @@
+# openrc config file for keycloak service
+
+# development mode or not
+#DEVMODE="true"
+
+# additional options
+OPTS=
+
+# log to syslog
+SYSLOG="false"

www-apps/keycloak-bin/files/keycloak.initd

@@ -0,0 +1,38 @@
+#!/sbin/openrc-run
+# Copyright 2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+name="keycloak daemon"
+description="Open Source Identity and Access Management"
+
+command="/usr/bin/kc.sh"
+command_args="start$(yesno DEVMODE && echo -n '-dev' || echo -n ' --optimized') ${OPTS}"
+command_user="keycloak:keycloak"
+command_background=true
+pidfile="/run/${RC_SVCNAME}.pid"
+
+output_log=
+error_log=
+output_logger=
+error_logger=
+
+depend() {
+  need net
+  after logger
+}
+
+start_pre() {
+  if yesno SYSLOG && logger -t ${RC_SVCNAME} 'logger: start pre check ...'; then
+    # the pid logged is the pid of subprocess, logger
+    local logger_cmd="logger -t ${RC_SVCNAME}"
+    output_logger="${logger_cmd}"
+    error_logger="${logger_cmd}"
+    unset output_log error_log
+  else
+    local log="/var/log/${RC_SVCNAME}/keycloak.log"
+    checkpath -d -m 750 -o ${command_user} "${log%/keycloak.log}"
+    output_log="$log"
+    error_log="$log"
+    unset output_logger error_logger
+  fi
+}

www-apps/keycloak-bin/files/keycloak.runtime.env

@@ -0,0 +1,19 @@
+# specify the JAVA_HOME instead of the default java command
+# which is the newest 'user_vm' configured via `emerge --config net-misc/keycloak`
+#JAVA_HOME=
+
+# The system properties 'java.net.preferIPv4Stack'
+# and 'java.net.preferIPv6Addresses' are used to
+# configure the JVM for use with IPv4 or IPv6 addresses.
+# By default, Keycloak is configured to prefer IPv4 addresses.
+# In order to run with IPv6 addresses, you need to specify
+# 'java.net.preferIPv4Stack=false' (the JVM default) and
+# 'java.net.preferIPv6Addresses=true'. The latter ensures that
+# any hostname to IP address conversions always return IPv6 address variants.
+# The default is:
+#JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Dfile.encoding=UTF-8"
+# you may need:
+#JAVA_OPTS="-Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true"
+
+# Enable debug mode for java with JDWP
+#DEBUG_MODE="true"

www-apps/keycloak-bin/files/keycloak.service

@@ -0,0 +1,21 @@
+[Unit]
+Description=keycloak daemon
+After=syslog.target
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/opt/keycloak-bin/bin/kc.sh start --optimized
+Restart=always
+RestartSec=5
+
+# Optional security enhancements
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/var/lib/keycloak
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target

www-apps/keycloak-bin/files/keycloak.service.conf

@@ -0,0 +1,4 @@
+[Service]
+User=keycloak
+Group=keycloak
+# ExecStart=/opt/keycloak-bin/bin/kc.sh start-dev

www-apps/keycloak-bin/files/quarkus.properties

@@ -0,0 +1,2 @@
+# Bug: https://github.com/keycloak/keycloak/issues/15255
+#quarkus.transaction-manager.enable-recovery=true

www-apps/keycloak-bin/keycloak-bin-23.0.7.ebuild

@@ -0,0 +1,174 @@
+# Copyright 2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+##
+# >=22.0.0 error when generating completion scripts
+# https://github.com/keycloak/keycloak/issues/24551
+##
+#inherit bash-completion-r1 systemd
+inherit systemd
+
+DESCRIPTION="Open Source Identity and Access Management"
+HOMEPAGE="https://github.com/keycloak/keycloak"
+SRC_URI="https://github.com/keycloak/keycloak/releases/download/${PV}/keycloak-${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64"
+
+RDEPEND="
+	|| (
+		>=dev-java/openjdk-jre-bin-11
+		>=virtual/jdk-11
+	)
+	acct-user/keycloak
+	acct-group/keycloak
+"
+
+S="${WORKDIR}/keycloak-$PV"
+
+src_install() {
+	insinto /opt/keycloak-bin
+	doins -r bin lib
+	fowners -R keycloak:keycloak /opt/keycloak-bin/lib
+
+	local b
+	for b in kc{,adm,reg}.sh; do
+		fperms +x /opt/keycloak-bin/bin/$b
+		if [[ $b != kc.sh ]]; then
+			dosym -r /opt/keycloak-bin/bin/$b /usr/bin/$b
+		else
+			dobin "$FILESDIR"/kc.sh
+		fi
+	done
+
+	insinto /var/lib/keycloak
+	keepdir /var/lib/keycloak/data
+	doins -r providers themes
+	fowners -R keycloak:keycloak /var/lib/keycloak
+
+	insinto /etc/keycloak
+	doins conf/cache-ispn.xml conf/keycloak.conf "$FILESDIR"/quarkus.properties
+	newins "$FILESDIR"/keycloak.runtime.env runtime.env
+	fowners -R keycloak:keycloak /etc/keycloak
+	fperms -R o-rwx /etc/keycloak
+
+	keepdir /opt/keycloak-bin/conf
+	dosym -r /etc/keycloak/quarkus.properties /opt/keycloak-bin/conf/quarkus.properties
+	dosym -r /etc/keycloak/cache-ispn.xml /opt/keycloak-bin/conf/cache-ispn.xml
+	dosym -r /etc/keycloak/keycloak.conf /opt/keycloak-bin/conf/keycloak.conf
+	dosym -r /var/lib/keycloak/providers /opt/keycloak-bin/providers
+	dosym -r /var/lib/keycloak/themes /opt/keycloak-bin/themes
+	dosym -r /var/lib/keycloak/data /opt/keycloak-bin/data
+
+	dodoc README.md LICENSE.txt
+
+	newinitd "${FILESDIR}/keycloak.initd" keycloak
+	newconfd "${FILESDIR}/keycloak.confd" keycloak
+
+	systemd_dounit "${FILESDIR}/keycloak.service"
+	systemd_install_serviced "${FILESDIR}"/keycloak.service.conf keycloak
+}
+
+pkg_preinst() {
+	sed -Ei "s/@EROOT@/${EROOT//\//\\\/}/" "$ED"/usr/bin/kc.sh || die
+
+	# set the newest available java_vm for user keycloak
+	# prevent the system java_vm is set to 8 which causes keycloak a fatal error
+	local jvm=0 selected=0 minver=11
+	local -a available_jvm
+	while read -r _ jvm _; do
+		if (( ${jvm##*-} < $minver )); then
+			continue
+		fi
+		if (( ${jvm##*-} > ${selected##*-} )); then
+			selected=$jvm
+		fi
+	done <<<"$(eselect java-vm list | tail -n +2)"
+	if [[ $selected == 0 ]]; then
+		eerror "No available java_vm for keycloak-bin!"
+	else
+		su -s /bin/sh -c "eselect java-vm set user $selected" - keycloak
+	fi
+	elog "JAVA VM for user: $(su -s /bin/sh -c 'whoami' - keycloak)"
+	su -s /bin/sh -c 'eselect java-vm show' - keycloak
+
+	# install the bash completion script
+	# generate from keycloak to make sure it always satisfies the lastest version
+	#
+	##
+	# >=22.0.0 error when generating completion scripts
+	# https://github.com/keycloak/keycloak/issues/24551
+	# comment out
+	##
+	#local bashcmpp0="${T}/bash-completion.sh"
+	#export JAVA_HOME=$(su -s /bin/sh -c "java -XshowSettings:properties -version 2>&1 | grep 'java.home'" - keycloak)
+	#JAVA_HOME=${JAVA_HOME#*=}
+	#JAVA_HOME=${JAVA_HOME## }
+	#"${ED}"/opt/keycloak-bin/bin/kc.sh tools completion >"$bashcmpp0" || die
+	#local cutLN=$(awk '/^Next time/ {print NR}' "$bashcmpp0")
+	#if [[ -n $cutLN ]]; then
+	#	sed -Ei "${cutLN},\$d" "$bashcmpp0" || die
+	#	cutLN=
+	#fi
+	#cutLN=$(awk '/^Changes detected/ {print NR}' "$bashcmpp0")
+	#if [[ -n $cutLN ]]; then
+	#	sed -Ei "${cutLN}d" "$bashcmpp0" || die
+	#fi
+	#sed -Ei "/^$/d" "$bashcmpp0" || die
+	#sed -Ei '$s/kc.sh/realcomp/;$s/ kc[^[:space:]]*//g;$s/[[:space:]]+realcomp/ kc.sh/' \
+	#	"$bashcmpp0" || die
+	#newbashcomp "$bashcmpp0" kc.sh
+}
+
+pkg_postinst() {
+	echo
+	elog "Please set/add proper build options in file '${EROOT}/etc/keycloak/keycloak.conf',"
+	elog "  or 'KC_*' env vars (higher priority) in file '${EROOT}/etc/keycloak/runtime.env',"
+	elog "  the details: https://www.keycloak.org/server/all-config?f=build"
+	elog "  (a set of suggested vars: KC_DB, KC_FEATURES, KC_HEALTH_ENABLED)"
+	elog "and than run:"
+	elog "  # emerge --config '=${CATEGORY}/${P}'"
+	elog "before starting the daemon."
+	elog
+	elog "If a build option is found at startup with an equal value to the value used"
+	elog "when invoking the \`build\`, it gets silently ignored when using the \`--optimized\`"
+	elog "flag (the default behavior of the service script). If it has a different value"
+	elog "than the value used when a build was invoked, a warning is shown in the logs and"
+	elog "the previously built value is used."
+	elog "So, whenever pre-built build options change, you have to re-configure before starting."
+	elog
+	elog "Variables 'KEYCLOAK_ADMIN' and 'KEYCLOAK_ADMIN_PASSWORD' can be used to initial"
+	elog "an admin account, just export them in CLI before the first start."
+	echo
+}
+
+pkg_config() {
+	export HOME=$(ls -1d ~keycloak) SHELL=/bin/bash USER=keycloak LOGNAME=keycloak
+	local pre_exported_kc_vars
+	pre_exported_kc_vars="$(export -p | grep -E '^declare -x KC_' | sed 's/^declare -x //')"
+	echo
+	elog "configuration prioritisation:"
+	elog "  1. exported KC_* variables (in the file '${EROOT}/etc/keycloak/runtime.env')"
+	# this may be a bug or special consideration in portage
+	# refer to: https://bugs.gentoo.org/900465
+	# `emerge` command uses the exported variables when install this package
+	# but, `emerge --config` not, so, the pre-exported env variable cannot be
+	# override from the portage's side.
+	if [[ -n $pre_exported_kc_vars ]]; then
+		ewarn "     - ATTENTION!!"
+		ewarn "     - exists pre-exported KC_* env vars that exported when installing this pkg:"
+		while read -r var; do
+			ewarn "     -   $var"
+		done <<<"$pre_exported_kc_vars"
+		ewarn "     - (can be override by variables in the above runtime.env file)"
+	fi
+	elog "  2. build options listed in the '${EROOT}/etc/keycloak/keycloak.conf' file"
+	echo
+	chown -R keycloak:keycloak "$EROOT"/opt/keycloak-bin/lib
+	su -p -c "'${EROOT}'/opt/keycloak-bin/bin/kc.sh build" keycloak
+	su -p -c "'${EROOT}'/opt/keycloak-bin/bin/kc.sh show-config" keycloak
+	echo
+}

www-apps/keycloak-bin/metadata.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>federico.denkena@posteo.de</email>
+		<name>Federico Justus Denkena</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">keycloak/keycloak</remote-id>
+		<bugs-to>https://github.com/keycloak/keycloak/issues</bugs-to>
+	</upstream>
+</pkgmetadata>
+