mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-01-08 02:02:08 +01:00
70 lines
2.8 KiB
Diff
70 lines
2.8 KiB
Diff
From: Jakub Jirutka <jakub@jirutka.cz>
|
|
Date: Wed, 12 Jul 2023 17:04:03 +0200
|
|
Subject: Allow to run on readonly /usr/share
|
|
|
|
Workaround for https://github.com/keycloak/keycloak/issues/11286.
|
|
|
|
We split Keycloak installation into four directories:
|
|
|
|
* /usr/share/keycloak
|
|
* the base installation directory (kc.home.dir)
|
|
* owned by root, read-only for "ǩeycloak"
|
|
* /etc/keycloak
|
|
* configuration files
|
|
* directory is owned by root and "keycloak" group, files are owned and
|
|
writable by "keycloak", but can be also read-only
|
|
* symlinked to /usr/share/keycloak/conf
|
|
* /var/lib/keycloak/build
|
|
* output directory for Quarkus optimised build to speed-up startup - this is
|
|
generated by `kc build` (or `rc-service keycloak rebuild` or on the first
|
|
start of the service) based on the current configuration
|
|
* owned by "keycloak"
|
|
* symlinked to /usr/share/keycloak/lib/quarkus
|
|
* /var/lib/keycloak/data
|
|
* site data
|
|
* owned by "keycloak"
|
|
* symlinked to /usr/share/keycloak/data
|
|
|
|
Note: /usr/share/keycloak/lib/quarkus.dist is a readonly copy of the lib/quarkus
|
|
directory from the distribution package; we use it as a seed for the new
|
|
installation, because `kc build` fails when the quarkus directory is empty.
|
|
|
|
--- a/quarkus/dist/src/main/content/bin/kc.sh
|
|
+++ b/quarkus/dist/src/main/content/bin/kc.sh
|
|
@@ -30,8 +30,12 @@
|
|
fi
|
|
}
|
|
|
|
+# XXX: Alpine-specific variables.
|
|
+BUILD_DIR="${KCSH_BUILD_DIR:-"/var/lib/keycloak/build"}"
|
|
+CONFIG_DIR="${KCSH_CONFIG_DIR:-"$(abs_path '../conf')"}"
|
|
+
|
|
SERVER_OPTS="-Dkc.home.dir='$(abs_path '..')'"
|
|
-SERVER_OPTS="$SERVER_OPTS -Djboss.server.config.dir='$(abs_path '../conf')'"
|
|
+SERVER_OPTS="$SERVER_OPTS -Djboss.server.config.dir='$CONFIG_DIR'"
|
|
SERVER_OPTS="$SERVER_OPTS -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
|
|
SERVER_OPTS="$SERVER_OPTS -Dquarkus-log-max-startup-records=10000"
|
|
CLASSPATH_OPTS="'$(abs_path "../lib/quarkus-run.jar")'"
|
|
@@ -115,7 +119,20 @@
|
|
fi
|
|
|
|
case "$CONFIG_ARGS" in
|
|
- " build"* | *--optimized* | *-h | *--help*) ;;
|
|
+ " build"*)
|
|
+ # XXX-Patched: Added by Alpine Linux aport to allow running Keycloak
|
|
+ # from read-only /usr/share.
|
|
+ if ! [ -e "$BUILD_DIR"/quarkus/build-system.properties ]; then
|
|
+ # Copy the distribution quarkus files. They will be overwritten by
|
|
+ # `kc build`, but this command fails when the directory is empty.
|
|
+ mkdir -p "$BUILD_DIR"/quarkus
|
|
+ cp "$(abs_path '../lib/quarkus.dist')"/* "$BUILD_DIR"/quarkus/
|
|
+ ln -s "$(abs_path '../lib/app')" "$BUILD_DIR"/app
|
|
+ fi
|
|
+ # Workaround to avoid errors related to symlinks.
|
|
+ export QUARKUS_PACKAGE_OUTPUT_DIRECTORY="$BUILD_DIR"
|
|
+ ;;
|
|
+ *--optimized* | *-h | *--help*) ;;
|
|
*)
|
|
eval "'$JAVA'" -Dkc.config.build-and-exit=true $JAVA_RUN_OPTS || exit $?
|
|
JAVA_RUN_OPTS="-Dkc.config.built=true $JAVA_RUN_OPTS"
|