-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Debian packaging #1470
base: master
Are you sure you want to change the base?
Debian packaging #1470
Conversation
Thanks @vjrj If anyone else would like Debian packages, please comment on this issue. (please comment rather than 👍 and write which institution is interested.) I won't merge it until there's some demand. We only have ~8 servers polling the CentOS/RedHat repository, and maintaining (including testing) a Debian package is more difficult for us, since we mostly use CentOS at GBIF. I also wrote the CentOS build to run within a Docker container, for portability and reliability in any environment. Just |
About the build, I didn't included the war generation because I usually add a extra deb build step after a jenkins war build job. Also because I'm not sure of your build and release procedure. So please build the war before the I recently asked in our small LA community about RedHat/related usage and I didn't find any LA portal using it. As I mentioned, in Tanzania docker was not an option in that moment. To package fat wars is common in non official debian packages when their dependencies are not packaged (I can remember openfire chat server package [2], for instance). java is not so easy to package compared to python libs IMHO. Thanks @MattBlissett [1] In the case of the la-pipelines debian package, I did this war build conditional: |
I updated this PR to master. Now also do the build and I configured it to use with: |
I've just updated this package to use
Tomcat is sandboxed by systemd in Debian and only has write access to some directories (see This is done by creating an
The service has to be restarted afterward with:
This is also useful for ipt manual installations in debian/ubuntu/etc using recent tomcat versions. |
98e561b
to
5472f3d
Compare
I've just updated to So |
I've just rebased this PR and build/published I'll update our https://ipt.gbif.es that is running So far I detected in
|
Thanks for keeping this up-to-date. Is the public URL / baseURL set correctly, and is Nginx changing the path at all? Apache uses the ProxyPathReverse parameter when adjustments are required: https://ipt.gbif.org/manual/en/ipt/2.5/installation#opening-the-ipt-to-the-internet |
Thanks for your help! Our conf:
and I checked that page from the IPT manual for setting up our proxies but the nginx equivalent conf
I have to do more tests. |
For nginx users and login redirect error, because of session.cookie.path: Changes in /var/lib/tomcat9/conf/server.xml
and nginx site.conf file:
Restart tomcat Also you need to check permissions on /var/lib/tomcat9/webapps/ipt/ |
I've just rebased this PR and published the resulting Thanks! |
https://www.mnhn.lu is interested in a debian package. |
Hi @raffael-mnhn right now you can use it adding this repo:
Also you can download the packages manually and use |
@vjrj it seems that there is only a package for bionic available. I'm on ubuntu focal. Do you expect it to work nonetheless? I'm going to give it a try and report back. |
@vjrj The following command also fails I noticed that the key cannot be found on the web service of the keyserver aswell. Maybe it's out of date and was removed. I just added the |
Hi @raffael-mnhn about 20.04 we used the package in 20.04 too. Sorry this was just a testing apt repo for a debian proposal that we are using it meanwhile. About using the last version, I installed it in https://ipt.gbif.es but I discover this issue #1691 (see a fix in the comments). In ipt.gbif.es we are using a local created deb package with this workaround as we were using java 11 in that server. The apt.gbif.es deb package does not include this workaround right now. So you have two options,
About the gpg key you can found it also here: |
For those who wonder how to achieve the first solution proposed by @vjrj : |
Updated to Thanks @MattBlissett |
@vjrj there is another vulnerability in log4j 2.5.4, cf: https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ and https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ |
The other vulnerability doesn't affect the IPT, as it doesn't use the MDC/ThreadContext feature, and doesn't include the relevant patterns in the logging formats. |
The 3.0.2 debian version is available for install. I'll publish newer versions silently. |
6715c47
to
d60bc8f
Compare
How to use the ipt debian package:
You can use the debian package of this PR adding this repo:
https://github.com/AtlasOfLivingAustralia/documentation/wiki/Testing-Debian-Packaging#using-demo-repository
and:
Also you can download the packages manually and use
dpkg -i some-ipt.deb
:https://apt.gbif.es/pool/main/i/ipt/
When you install the package it ask for the
datadir
:In previous versions to
2.7.3
you have to configure thedatadir
manually and it gives you some extra manual steps to continue (not needed in recent versions). Here are the old manual steps:This is also commented in the IPT FAQ:
https://ipt.gbif.org/manual/en/ipt/2.5/faq#sandboxing
Original text of this PR
@Meshack007 from Tanzania dev team, asked me last Friday for help to install the IPT.
Instead to install it manually I prefered to use:
https://github.com/living-atlases/living-atlases-debianizer
to generate a debian package together, as we were using LXC ubuntu images as containers (and docker cannot run there).
Each debian directory file is commented pointing to some part of Debian documentation or to some
man
page. Also there is aREADME
with more info about the package.A summary of how to build the debian package:
We used
tomcat8
as dependency because I didn't findjetty-runner
or similar already packaged in debian/ubuntu. So it doesn't run like a independent service right now maybe in the future as I did with cas5 debian testing package:https://github.com/living-atlases/ala-cas-5/blob/debian-package/debian/ala-cas-5.service
I also included in our test apt repository:
https://github.com/AtlasOfLivingAustralia/documentation/wiki/Testing-Debian-Packaging#using-demo-repository
so you can test the install via
apt install ipt
using this repository.Some suggestions about apt repositories:
https://github.com/AtlasOfLivingAustralia/documentation/wiki/Testing-Debian-Packaging#create-your-own-apt-repository