chore: keycloak-25

.forgejo/workflows/package.yml

@@ -40,6 +40,7 @@ jobs:
   forgejo-runner: *job
   http-mqtt-bridge: *job
   keycloak-24: *job
+  keycloak-25: *job
   linux-diversion-ath-regd-optional: *job
   lottieconverter: *job
   matterbridge: *job

README.md

@@ -16,6 +16,7 @@ information, please see [https://repo.s3lph.me/](https://repo.s3lph.me/).
 - [forgejo-runner](https://code.forgejo.org/forgejo/runner)
 - [http-mqtt-bridge](https://github.com/subzerobo/http-mqtt-bridge)
 - [keycloak-24](https://github.com/keycloak/keycloak)
+- [keycloak-25](https://github.com/keycloak/keycloak)
 - [linux-diversion-ath-regd-optional](https://github.com/twisteroidambassador/arch-linux-ath-user-regd/issues/1)
 - [lottieconverter](https://github.com/sot-tech/LottieConverter)
 - [matrix-element-web](https://github.com/element-hq/element-web/)

keycloak-25/build.sh

@@ -0,0 +1,68 @@
+#!/bin/bash
+
+set -exo pipefail
+
+. ../.skel/helpers.sh
+
+MAJOR_VERSION=25
+export PKGNAME="keycloak-${MAJOR_VERSION}"
+
+API_URL="https://api.github.com/repos/keycloak/keycloak/releases"
+JQ_EXPR='.[] | select( .prerelease==false and .draft==false and .target_commitish=="main" ) | "\(.name) \(.published_at) \(.assets[] | select( .name|test("keycloak-'${MAJOR_VERSION}'.*.tar.gz$") ).browser_download_url)"'
+
+ROOT=$(pwd)
+
+function fetch() {
+    cd "${SRCDIR}"
+    wget "${URL}" --output-document "keycloak-${VERSION}.tar.gz"
+    tar -xf "keycloak-${VERSION}.tar.gz"
+}
+
+function prepare() {
+    mkdir -p \
+          "${PKGDIR}/DEBIAN" \
+          "${PKGDIR}/opt/" \
+          "${PKGDIR}/lib/systemd/system" \
+          "${PKGDIR}/etc/apache2/sites-available" \
+	  "${PKGDIR}/usr/share/doc/${PKGNAME}"
+    cp -r "${SRCDIR}/keycloak-${VERSION}" "${PKGDIR}/opt/keycloak/"
+    mv "${PKGDIR}/opt/keycloak/conf" "${PKGDIR}/etc/keycloak/"
+    ln -s /etc/keycloak "${PKGDIR}/opt/keycloak/conf"
+    mkdir -p \
+	  "${PKGDIR}/opt/keycloak/data" \
+	  "${PKGDIR}/opt/keycloak/ObjectStore"
+    rm "${PKGDIR}/opt/keycloak/bin/kc.bat" \
+       "${PKGDIR}/etc/keycloak/README.md"
+    cp "${ROOT}/debian.control" "${PKGDIR}/DEBIAN/control"
+    cp "${ROOT}/debian.conffiles" "${PKGDIR}/DEBIAN/conffiles"
+    cp "${ROOT}/debian.postinst" "${PKGDIR}/DEBIAN/postinst"
+    cp "${ROOT}/keycloak.service" "${PKGDIR}/lib/systemd/system/"
+    cp "${ROOT}/keycloak.site.conf" "${PKGDIR}/etc/apache2/sites-available/"
+    sed -re "s/__VERSION__/${VERSION}/g" -i "${PKGDIR}/DEBIAN/control"
+    sed -re "s/__MAINTAINER__/${MAINTAINER}/g" -i "${PKGDIR}/DEBIAN/control"
+    cp "${ROOT}/debian.copyright" "${PKGDIR}/usr/share/doc/${PKGNAME}/copyright"
+    github_changelog keycloak/keycloak
+    find "${PKGDIR}" -exec touch -m --reference "${SRCDIR}/keycloak-${VERSION}/version.txt" {} \;
+}
+
+function package() {
+    cd "${BUILDDIR}"
+    dpkg-deb --build "${PKGDIR}" "${BUILDDIR}"
+}
+
+function build() {
+    read VERSION ISODATE URL <<<$(curl "${API_URL}" | jq -r "${JQ_EXPR}" | head -1)
+    export VERSION
+    export ISODATE
+    export URL
+    export BUILDDIR=${ROOT}/build
+    export SRCDIR=${ROOT}/build/srcdir
+    export PKGDIR=${ROOT}/build/pkgdir
+    mkdir -p ${SRCDIR} ${PKGDIR}
+    fetch
+    prepare
+    package
+}
+ 
+
+build

keycloak-25/debian.conffiles

@@ -0,0 +1,3 @@
+/etc/apache2/sites-available/keycloak.site.conf
+/etc/keycloak/cache-ispn.xml
+/etc/keycloak/keycloak.conf

keycloak-25/debian.control

@@ -0,0 +1,16 @@
+Package: keycloak-25
+Version: __VERSION__
+Maintainer: __MAINTAINER__
+Section: web
+Priority: optional
+Architecture: all
+Depends: default-jdk-headless (>=2:1.17), default-jdk-headless (<<2:1.22)
+Suggests: apache2, postgresql
+Provides: keycloak
+Conflicts: keycloak
+Replaces: keycloak
+Description: Open Source Identity and Access Management
+ Add authentication to applications and secure services with minimum
+ effort.  No need to deal with storing users or authenticating users.
+ Keycloak provides user federation, strong authentication, user
+ management, fine-grained authorization, and more.

keycloak-25/debian.copyright

@@ -0,0 +1,6 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: https://github.com/keycloak/keycloak
+
+Files: *
+License: Apache-2.0
+

keycloak-25/debian.postinst

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+if [[ "$1" == "configure" ]]; then
+
+    if ! getent group keycloak >/dev/null; then
+        groupadd --system keycloak
+    fi
+
+    if ! getent passwd keycloak >/dev/null; then
+        useradd --system --gid keycloak --home-dir /opt/keycloak --shell /bin/false keycloak
+    fi
+
+    chown root:keycloak /opt/keycloak /etc/keycloak
+    chown keycloak:keycloak -R /opt/keycloak/lib/quarkus /opt/keycloak/data /opt/keycloak/ObjectStore
+    chmod 0750 /etc/keycloak
+   
+    deb-systemd-helper enable keycloak.service
+    deb-systemd-invoke restart keycloak.service
+
+fi

keycloak-25/keycloak.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=Keycloak
+#Requires=mysql.service
+#Requires=mariadb.service
+#Requires=postgresql.service
+
+[Service]
+ExecStart=/opt/keycloak/bin/kc.sh start
+Restart=always
+User=keycloak
+Group=keycloak
+WorkingDirectory=/opt/keycloak
+CapabilityBoundingSet=
+
+[Install]
+WantedBy=multi-user.target

keycloak-25/keycloak.site.conf

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+
+    ServerName keycloak.example.org
+
+    DocumentRoot /var/www/html
+
+    ProxyPass /js/ http://localhost:8080/js/
+    ProxyPassReverse /js/ http://localhost:8080/js/
+    ProxyPass /realms/ http://localhost:8080/realms/
+    ProxyPassReverse /realms/ http://localhost:8080/realms/
+    ProxyPass /resources/ http://localhost:8080/resources/
+    ProxyPassReverse /resources/ http://localhost:8080/resources/
+
+    # Redirect root to user account management
+    RewriteEngine on
+    RewriteRule ^/?$ /realms/EXAMPLE/account [L,R]
+
+    ## Test client that dumps the id_token
+    #OIDCProviderMetadataURL https://keycloak.example.org/realms/EXAMPLE/.well-known/openid-configuration
+    #OIDCClientID foo
+    #OIDCClientSecret bar
+    #OIDCRedirectURI https://keycloak.example.org/test-client/redirect
+    #OIDCCryptoPassphrase supersecurepassword
+    #OIDCInfoHook id_token
+    #<Location /test-client>
+    #    AuthType openid-connect
+    #    Require valid-user
+    #    RewriteRule .* /test-client/redirect?info=html
+    #</Location>
+
+</VirtualHost>