From b5584463088a25f7e332b4c08cfd4cdd8d26a40e Mon Sep 17 00:00:00 2001 From: s3lph Date: Mon, 10 Jun 2024 22:53:37 +0200 Subject: [PATCH] chore: keycloak-25 --- .forgejo/workflows/package.yml | 1 + README.md | 1 + keycloak-25/build.sh | 68 ++++++++++++++++++++++++++++++++++ keycloak-25/debian.conffiles | 3 ++ keycloak-25/debian.control | 16 ++++++++ keycloak-25/debian.copyright | 6 +++ keycloak-25/debian.postinst | 22 +++++++++++ keycloak-25/keycloak.service | 16 ++++++++ keycloak-25/keycloak.site.conf | 31 ++++++++++++++++ 9 files changed, 164 insertions(+) create mode 100755 keycloak-25/build.sh create mode 100644 keycloak-25/debian.conffiles create mode 100644 keycloak-25/debian.control create mode 100644 keycloak-25/debian.copyright create mode 100755 keycloak-25/debian.postinst create mode 100644 keycloak-25/keycloak.service create mode 100644 keycloak-25/keycloak.site.conf diff --git a/.forgejo/workflows/package.yml b/.forgejo/workflows/package.yml index c2beb70..8e34285 100644 --- a/.forgejo/workflows/package.yml +++ b/.forgejo/workflows/package.yml @@ -40,6 +40,7 @@ jobs: forgejo-runner: *job http-mqtt-bridge: *job keycloak-24: *job + keycloak-25: *job linux-diversion-ath-regd-optional: *job lottieconverter: *job matterbridge: *job diff --git a/README.md b/README.md index 31dfe0b..18a174f 100644 --- a/README.md +++ b/README.md @@ -16,6 +16,7 @@ information, please see [https://repo.s3lph.me/](https://repo.s3lph.me/). - [forgejo-runner](https://code.forgejo.org/forgejo/runner) - [http-mqtt-bridge](https://github.com/subzerobo/http-mqtt-bridge) - [keycloak-24](https://github.com/keycloak/keycloak) +- [keycloak-25](https://github.com/keycloak/keycloak) - [linux-diversion-ath-regd-optional](https://github.com/twisteroidambassador/arch-linux-ath-user-regd/issues/1) - [lottieconverter](https://github.com/sot-tech/LottieConverter) - [matrix-element-web](https://github.com/element-hq/element-web/) diff --git a/keycloak-25/build.sh b/keycloak-25/build.sh new file mode 100755 index 0000000..68431be --- /dev/null +++ b/keycloak-25/build.sh @@ -0,0 +1,68 @@ +#!/bin/bash + +set -exo pipefail + +. ../.skel/helpers.sh + +MAJOR_VERSION=25 +export PKGNAME="keycloak-${MAJOR_VERSION}" + +API_URL="https://api.github.com/repos/keycloak/keycloak/releases" +JQ_EXPR='.[] | select( .prerelease==false and .draft==false and .target_commitish=="main" ) | "\(.name) \(.published_at) \(.assets[] | select( .name|test("keycloak-'${MAJOR_VERSION}'.*.tar.gz$") ).browser_download_url)"' + +ROOT=$(pwd) + +function fetch() { + cd "${SRCDIR}" + wget "${URL}" --output-document "keycloak-${VERSION}.tar.gz" + tar -xf "keycloak-${VERSION}.tar.gz" +} + +function prepare() { + mkdir -p \ + "${PKGDIR}/DEBIAN" \ + "${PKGDIR}/opt/" \ + "${PKGDIR}/lib/systemd/system" \ + "${PKGDIR}/etc/apache2/sites-available" \ + "${PKGDIR}/usr/share/doc/${PKGNAME}" + cp -r "${SRCDIR}/keycloak-${VERSION}" "${PKGDIR}/opt/keycloak/" + mv "${PKGDIR}/opt/keycloak/conf" "${PKGDIR}/etc/keycloak/" + ln -s /etc/keycloak "${PKGDIR}/opt/keycloak/conf" + mkdir -p \ + "${PKGDIR}/opt/keycloak/data" \ + "${PKGDIR}/opt/keycloak/ObjectStore" + rm "${PKGDIR}/opt/keycloak/bin/kc.bat" \ + "${PKGDIR}/etc/keycloak/README.md" + cp "${ROOT}/debian.control" "${PKGDIR}/DEBIAN/control" + cp "${ROOT}/debian.conffiles" "${PKGDIR}/DEBIAN/conffiles" + cp "${ROOT}/debian.postinst" "${PKGDIR}/DEBIAN/postinst" + cp "${ROOT}/keycloak.service" "${PKGDIR}/lib/systemd/system/" + cp "${ROOT}/keycloak.site.conf" "${PKGDIR}/etc/apache2/sites-available/" + sed -re "s/__VERSION__/${VERSION}/g" -i "${PKGDIR}/DEBIAN/control" + sed -re "s/__MAINTAINER__/${MAINTAINER}/g" -i "${PKGDIR}/DEBIAN/control" + cp "${ROOT}/debian.copyright" "${PKGDIR}/usr/share/doc/${PKGNAME}/copyright" + github_changelog keycloak/keycloak + find "${PKGDIR}" -exec touch -m --reference "${SRCDIR}/keycloak-${VERSION}/version.txt" {} \; +} + +function package() { + cd "${BUILDDIR}" + dpkg-deb --build "${PKGDIR}" "${BUILDDIR}" +} + +function build() { + read VERSION ISODATE URL <<<$(curl "${API_URL}" | jq -r "${JQ_EXPR}" | head -1) + export VERSION + export ISODATE + export URL + export BUILDDIR=${ROOT}/build + export SRCDIR=${ROOT}/build/srcdir + export PKGDIR=${ROOT}/build/pkgdir + mkdir -p ${SRCDIR} ${PKGDIR} + fetch + prepare + package +} + + +build diff --git a/keycloak-25/debian.conffiles b/keycloak-25/debian.conffiles new file mode 100644 index 0000000..c4fe3e2 --- /dev/null +++ b/keycloak-25/debian.conffiles @@ -0,0 +1,3 @@ +/etc/apache2/sites-available/keycloak.site.conf +/etc/keycloak/cache-ispn.xml +/etc/keycloak/keycloak.conf diff --git a/keycloak-25/debian.control b/keycloak-25/debian.control new file mode 100644 index 0000000..e470240 --- /dev/null +++ b/keycloak-25/debian.control @@ -0,0 +1,16 @@ +Package: keycloak-25 +Version: __VERSION__ +Maintainer: __MAINTAINER__ +Section: web +Priority: optional +Architecture: all +Depends: default-jdk-headless (>=2:1.17), default-jdk-headless (<<2:1.22) +Suggests: apache2, postgresql +Provides: keycloak +Conflicts: keycloak +Replaces: keycloak +Description: Open Source Identity and Access Management + Add authentication to applications and secure services with minimum + effort. No need to deal with storing users or authenticating users. + Keycloak provides user federation, strong authentication, user + management, fine-grained authorization, and more. diff --git a/keycloak-25/debian.copyright b/keycloak-25/debian.copyright new file mode 100644 index 0000000..12b1dc4 --- /dev/null +++ b/keycloak-25/debian.copyright @@ -0,0 +1,6 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: https://github.com/keycloak/keycloak + +Files: * +License: Apache-2.0 + diff --git a/keycloak-25/debian.postinst b/keycloak-25/debian.postinst new file mode 100755 index 0000000..322e0ee --- /dev/null +++ b/keycloak-25/debian.postinst @@ -0,0 +1,22 @@ +#!/bin/bash + +set -e + +if [[ "$1" == "configure" ]]; then + + if ! getent group keycloak >/dev/null; then + groupadd --system keycloak + fi + + if ! getent passwd keycloak >/dev/null; then + useradd --system --gid keycloak --home-dir /opt/keycloak --shell /bin/false keycloak + fi + + chown root:keycloak /opt/keycloak /etc/keycloak + chown keycloak:keycloak -R /opt/keycloak/lib/quarkus /opt/keycloak/data /opt/keycloak/ObjectStore + chmod 0750 /etc/keycloak + + deb-systemd-helper enable keycloak.service + deb-systemd-invoke restart keycloak.service + +fi diff --git a/keycloak-25/keycloak.service b/keycloak-25/keycloak.service new file mode 100644 index 0000000..609004f --- /dev/null +++ b/keycloak-25/keycloak.service @@ -0,0 +1,16 @@ +[Unit] +Description=Keycloak +#Requires=mysql.service +#Requires=mariadb.service +#Requires=postgresql.service + +[Service] +ExecStart=/opt/keycloak/bin/kc.sh start +Restart=always +User=keycloak +Group=keycloak +WorkingDirectory=/opt/keycloak +CapabilityBoundingSet= + +[Install] +WantedBy=multi-user.target diff --git a/keycloak-25/keycloak.site.conf b/keycloak-25/keycloak.site.conf new file mode 100644 index 0000000..8e922fd --- /dev/null +++ b/keycloak-25/keycloak.site.conf @@ -0,0 +1,31 @@ + + + ServerName keycloak.example.org + + DocumentRoot /var/www/html + + ProxyPass /js/ http://localhost:8080/js/ + ProxyPassReverse /js/ http://localhost:8080/js/ + ProxyPass /realms/ http://localhost:8080/realms/ + ProxyPassReverse /realms/ http://localhost:8080/realms/ + ProxyPass /resources/ http://localhost:8080/resources/ + ProxyPassReverse /resources/ http://localhost:8080/resources/ + + # Redirect root to user account management + RewriteEngine on + RewriteRule ^/?$ /realms/EXAMPLE/account [L,R] + + ## Test client that dumps the id_token + #OIDCProviderMetadataURL https://keycloak.example.org/realms/EXAMPLE/.well-known/openid-configuration + #OIDCClientID foo + #OIDCClientSecret bar + #OIDCRedirectURI https://keycloak.example.org/test-client/redirect + #OIDCCryptoPassphrase supersecurepassword + #OIDCInfoHook id_token + # + # AuthType openid-connect + # Require valid-user + # RewriteRule .* /test-client/redirect?info=html + # + + \ No newline at end of file