chore: keycloak-26
Some checks failed
/ ansible-semaphore (push) Successful in 2m0s
/ daliserver (push) Successful in 1m50s
/ forgejo (push) Successful in 3m37s
/ forgejo-runner (push) Successful in 1m23s
/ http-mqtt-bridge (push) Successful in 3m13s
/ keycloak-25 (push) Successful in 4m7s
/ keycloak-26 (push) Successful in 4m50s
/ linux-diversion-ath-regd-optional (push) Successful in 13m44s
/ lottieconverter (push) Successful in 54s
/ matterbridge (push) Successful in 2m24s
/ matrix-element-web (push) Successful in 2m33s
/ matrix-hydrogen (push) Successful in 1m11s
/ matrix.to (push) Successful in 4m7s
/ maubot (push) Successful in 6m40s
/ maubot-plugin-spaceapi (push) Successful in 1m20s
/ maubot-plugin-ultimaker (push) Successful in 1m34s
/ mautrix-signal (push) Successful in 1m3s
/ mautrix-telegram (push) Successful in 1m4s
/ mediawiki-extension-auth-remoteuser (push) Successful in 39s
/ mediawiki-extension-nativesvghandler (push) Successful in 35s
/ mediawiki-extension-openidconnect (push) Successful in 28s
/ mediawiki-extension-pluggableauth (push) Successful in 1m7s
/ mqtt2prometheus (push) Successful in 3m0s
/ prometheus-ipmi-exporter (push) Successful in 1m43s
/ prometheus-dnsbl-exporter (push) Successful in 1m30s
/ prometheus2influxdb (push) Successful in 52s
/ python3-mautrix (push) Successful in 1m10s
/ python3-telethon (push) Successful in 1m4s
/ repo.s3lph.me-apt-source (push) Successful in 42s
/ republik-feeder (push) Successful in 1m4s
/ ripe-atlas (push) Failing after 2m56s
/ woodpecker-agent (push) Successful in 1m35s
/ woodpecker-cli (push) Successful in 1m22s

This commit is contained in:
s3lph 2024-10-04 10:20:40 +02:00
parent a0ad064a83
commit cdf3074fbb
Signed by: s3lph
GPG key ID: 0AA29A52FB33CFB5
9 changed files with 165 additions and 1 deletions

View file

@ -10,7 +10,7 @@ on:
jobs:
# One step per package
ansible-semaphore: &job
runs-on: docker
container:
@ -39,6 +39,7 @@ jobs:
forgejo-runner: *job
http-mqtt-bridge: *job
keycloak-25: *job
keycloak-26: *job
linux-diversion-ath-regd-optional: *job
lottieconverter: *job
matterbridge: *job

View file

@ -15,6 +15,7 @@ information, please see [https://repo.s3lph.me/](https://repo.s3lph.me/).
- [forgejo-runner](https://code.forgejo.org/forgejo/runner)
- [http-mqtt-bridge](https://github.com/subzerobo/http-mqtt-bridge)
- [keycloak-25](https://github.com/keycloak/keycloak)
- [keycloak-26](https://github.com/keycloak/keycloak)
- [linux-diversion-ath-regd-optional](https://github.com/twisteroidambassador/arch-linux-ath-user-regd/issues/1)
- [lottieconverter](https://github.com/sot-tech/LottieConverter)
- [matrix-element-web](https://github.com/element-hq/element-web/)

68
keycloak-26/build.sh Executable file
View file

@ -0,0 +1,68 @@
#!/bin/bash
set -exo pipefail
. ../.skel/helpers.sh
MAJOR_VERSION=26
export PKGNAME="keycloak-${MAJOR_VERSION}"
API_URL="https://api.github.com/repos/keycloak/keycloak/releases"
JQ_EXPR='.[] | select( .prerelease==false and .draft==false and .target_commitish=="main" ) | "\(.name) \(.published_at) \(.assets[] | select( .name|test("keycloak-'${MAJOR_VERSION}'.*.tar.gz$") ).browser_download_url)"'
ROOT=$(pwd)
function fetch() {
cd "${SRCDIR}"
wget "${URL}" --output-document "keycloak-${VERSION}.tar.gz"
tar -xf "keycloak-${VERSION}.tar.gz"
}
function prepare() {
mkdir -p \
"${PKGDIR}/DEBIAN" \
"${PKGDIR}/opt/" \
"${PKGDIR}/lib/systemd/system" \
"${PKGDIR}/etc/apache2/sites-available" \
"${PKGDIR}/usr/share/doc/${PKGNAME}"
cp -r "${SRCDIR}/keycloak-${VERSION}" "${PKGDIR}/opt/keycloak/"
mv "${PKGDIR}/opt/keycloak/conf" "${PKGDIR}/etc/keycloak/"
ln -s /etc/keycloak "${PKGDIR}/opt/keycloak/conf"
mkdir -p \
"${PKGDIR}/opt/keycloak/data" \
"${PKGDIR}/opt/keycloak/ObjectStore"
rm "${PKGDIR}/opt/keycloak/bin/kc.bat" \
"${PKGDIR}/etc/keycloak/README.md"
cp "${ROOT}/debian.control" "${PKGDIR}/DEBIAN/control"
cp "${ROOT}/debian.conffiles" "${PKGDIR}/DEBIAN/conffiles"
cp "${ROOT}/debian.postinst" "${PKGDIR}/DEBIAN/postinst"
cp "${ROOT}/keycloak.service" "${PKGDIR}/lib/systemd/system/"
cp "${ROOT}/keycloak.site.conf" "${PKGDIR}/etc/apache2/sites-available/"
sed -re "s/__VERSION__/${VERSION}/g" -i "${PKGDIR}/DEBIAN/control"
sed -re "s/__MAINTAINER__/${MAINTAINER}/g" -i "${PKGDIR}/DEBIAN/control"
cp "${ROOT}/debian.copyright" "${PKGDIR}/usr/share/doc/${PKGNAME}/copyright"
github_changelog keycloak/keycloak
find "${PKGDIR}" -exec touch -m --reference "${SRCDIR}/keycloak-${VERSION}/version.txt" {} \;
}
function package() {
cd "${BUILDDIR}"
dpkg-deb --build "${PKGDIR}" "${BUILDDIR}"
}
function build() {
read VERSION ISODATE URL <<<$(curl "${API_URL}" | jq -r "${JQ_EXPR}" | head -1)
export VERSION
export ISODATE
export URL
export BUILDDIR=${ROOT}/build
export SRCDIR=${ROOT}/build/srcdir
export PKGDIR=${ROOT}/build/pkgdir
mkdir -p ${SRCDIR} ${PKGDIR}
fetch
prepare
package
}
build

View file

@ -0,0 +1,3 @@
/etc/apache2/sites-available/keycloak.site.conf
/etc/keycloak/cache-ispn.xml
/etc/keycloak/keycloak.conf

View file

@ -0,0 +1,16 @@
Package: keycloak-26
Version: __VERSION__
Maintainer: __MAINTAINER__
Section: web
Priority: optional
Architecture: all
Depends: default-jdk-headless (>=2:1.17), default-jdk-headless (<<2:1.22)
Suggests: apache2, postgresql
Provides: keycloak
Conflicts: keycloak
Replaces: keycloak
Description: Open Source Identity and Access Management
Add authentication to applications and secure services with minimum
effort. No need to deal with storing users or authenticating users.
Keycloak provides user federation, strong authentication, user
management, fine-grained authorization, and more.

View file

@ -0,0 +1,6 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Source: https://github.com/keycloak/keycloak
Files: *
License: Apache-2.0

22
keycloak-26/debian.postinst Executable file
View file

@ -0,0 +1,22 @@
#!/bin/bash
set -e
if [[ "$1" == "configure" ]]; then
if ! getent group keycloak >/dev/null; then
groupadd --system keycloak
fi
if ! getent passwd keycloak >/dev/null; then
useradd --system --gid keycloak --home-dir /opt/keycloak --shell /bin/false keycloak
fi
chown root:keycloak /opt/keycloak /etc/keycloak
chown keycloak:keycloak -R /opt/keycloak/lib/quarkus /opt/keycloak/data /opt/keycloak/ObjectStore
chmod 0750 /etc/keycloak
deb-systemd-helper enable keycloak.service
deb-systemd-invoke restart keycloak.service
fi

View file

@ -0,0 +1,16 @@
[Unit]
Description=Keycloak
#Requires=mysql.service
#Requires=mariadb.service
#Requires=postgresql.service
[Service]
ExecStart=/opt/keycloak/bin/kc.sh start
Restart=always
User=keycloak
Group=keycloak
WorkingDirectory=/opt/keycloak
CapabilityBoundingSet=
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,31 @@
<VirtualHost *:80>
ServerName keycloak.example.org
DocumentRoot /var/www/html
ProxyPass /js/ http://localhost:8080/js/
ProxyPassReverse /js/ http://localhost:8080/js/
ProxyPass /realms/ http://localhost:8080/realms/
ProxyPassReverse /realms/ http://localhost:8080/realms/
ProxyPass /resources/ http://localhost:8080/resources/
ProxyPassReverse /resources/ http://localhost:8080/resources/
# Redirect root to user account management
RewriteEngine on
RewriteRule ^/?$ /realms/EXAMPLE/account [L,R]
## Test client that dumps the id_token
#OIDCProviderMetadataURL https://keycloak.example.org/realms/EXAMPLE/.well-known/openid-configuration
#OIDCClientID foo
#OIDCClientSecret bar
#OIDCRedirectURI https://keycloak.example.org/test-client/redirect
#OIDCCryptoPassphrase supersecurepassword
#OIDCInfoHook id_token
#<Location /test-client>
# AuthType openid-connect
# Require valid-user
# RewriteRule .* /test-client/redirect?info=html
#</Location>
</VirtualHost>