.gitignore

@@ -0,0 +1,4 @@
+apache-tomcat-*-src.tar.gz
+*tomcat-*-src*
+*.src.rpm
+results_pki-servlet-engine

0001-ascheel-Update-to-JDK-Version-11.patch

@@ -0,0 +1,32 @@
+From 6cfbaebf60aa4410501ea6c94e65d3df195b2d56 Mon Sep 17 00:00:00 2001
+From: Alexander Scheel <ascheel@redhat.com>
+Date: Thu, 25 Feb 2021 08:35:51 -0500
+Subject: [PATCH] Update to JDK Version 11
+
+Signed-off-by: Alexander Scheel <ascheel@redhat.com>
+---
+ build.xml | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/build.xml b/build.xml
+index 37710fd..6664b7a 100644
+--- a/build.xml
++++ b/build.xml
+@@ -90,10 +90,10 @@
+   <property name="tomcat.pool"           value="${tomcat.output}/jdbc-pool"/>
+ 
+   <!-- Servlet 4.0 spec requires Java 8+ -->
+-  <property name="compile.source" value="8"/>
+-  <property name="compile.target" value="8"/>
+-  <property name="compile.release" value="8"/>
+-  <property name="min.java.version" value="8"/>
++  <property name="compile.source" value="11"/>
++  <property name="compile.target" value="11"/>
++  <property name="compile.release" value="11"/>
++  <property name="min.java.version" value="11"/>
+ 
+   <!-- Locations to create the JAR artifacts -->
+   <!-- Standard JARs -->
+-- 
+2.29.2
+

SPECS/pki-servlet-engine.spec

@@ -1,94 +0,0 @@
-# Copyright (c) 2000-2008, JPackage Project
-# All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the
-#    distribution.
-# 3. Neither the name of the JPackage Project nor the names of its
-#    contributors may be used to endorse or promote products derived
-#    from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-Name:          pki-servlet-engine
-Epoch:         1
-Version:       9.0.62
-Release:       1%{?dist}
-Summary:       Servlet Engine for PKI
-Group:         System Environment/Daemons
-License:       ASL 2.0
-URL:           http://tomcat.apache.org
-BuildArch:     noarch
-
-Requires:      tomcat
-
-Obsoletes:     pki-servlet-container < %{epoch}:%{version}-%{release}
-
-Obsoletes:     pki-servlet-4.0-api < %{epoch}:%{version}-%{release}
-Provides:      pki-servlet-4.0-api = %{epoch}:%{version}-%{release}
-
-%description
-The pki-servlet-engine package has been replaced by the tomcat package.
-This package is provided for backward compatibility only, so it contains
-no files and will be removed in the future. Please use the tomcat package
-directly instead.
-
-%files
-
-%changelog
-* Mon Feb 05 2024 Red Hat PKI Team <rhcs-maint@redhat.com> - 1:9.0.62-1
-- Convert pki-servlet-engine into an alias for tomcat
-
-* Fri Jun 11 2021 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-3
-- Reverts: rhbz#1969366 as it causes other issues
-
-* Tue Jun 08 2021 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-2
-- Resolves: rhbz#1969366 CA instance installation fails with error message
-
-* Thu Apr 23 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-1
-- Resolves: rhbz#1721684 Rebase pki-servlet-engine to 9.0.30
-- Update to JWS 5.3.0 distribution
-- Remove new dependencies that PKI doesn't need (and are not provided by RHEL 8)
-
-* Fri May 31 2019 Endi S. Dewata <edewata@redhat.com> - 1:9.0.7-16
-- Obsoleted pki-servlet-container
-
-* Tue Apr 23 2019 Endi S. Dewata <edewata@redhat.com> - 1:9.0.7-15
-- Rename pki-servlet-container into pki-servlet-engine
-
-* Mon Mar 04 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-14
-- Update to JWS 5.0.2 distribution
-- Resolves: rhbz#1658846 CVE-2018-8034 pki-servlet-container: tomcat: host name verification missing in WebSocket client
-- Resolves: rhbz#1579614 CVE-2018-8014 pki-servlet-container: tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
-- Resolves: rhbz#1619232 - CVE-2018-8037 pki-servlet-container: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
-- Resolves: rhbz#1641874 - CVE-2018-11784 pki-servlet-container: tomcat: Open redirect in default servlet
-
-* Fri Aug 03 2018 Fraser Tweedale <ftweedal@redhat.com> - 1:9.0.7-13
-- Reinstate Maven artifacts and fix maven-metadata JAR path
-
-* Fri Jul 20 2018 Jean-Frederic Clere <jclere@redhat.com> - 1:9.0.7-12
-- Add missing BuildRequires: systemd-units
-
-* Fri Jun 22 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-11
-- Resolves: rhbz#1594139 Cleanup Provides and Requires
-
-* Thu Jun 07 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-10
-- Create packages for FreeIPA that wrap the JWS distribution of Tomcat

exclude-OSGi-metadata.patch

@@ -0,0 +1,208 @@
+diff -up ./build.xml.orig ./build.xml
+--- ./build.xml.orig	2021-12-09 13:29:38.000000000 -0500
++++ ./build.xml	2022-03-04 08:56:31.987572758 -0500
+@@ -1032,7 +1032,7 @@
+       filesDir="${tomcat.classes}"
+       filesId="files.annotations-api"
+       manifest="${tomcat.manifests}/annotations-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Servlet Implementation JAR File -->
+     <jarIt jarfile="${servlet-api.jar}"
+@@ -1041,41 +1041,41 @@
+       manifest="${tomcat.manifests}/servlet-api.jar.manifest"
+       notice="${tomcat.manifests}/servlet-api.jar.notice"
+       license="${tomcat.manifests}/servlet-api.jar.license"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- EL Implementation JAR File -->
+     <jarIt jarfile="${el-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.el-api"
+       manifest="${tomcat.manifests}/el-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- JSP Implementation JAR File -->
+     <jarIt jarfile="${jsp-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jsp-api"
+       manifest="${tomcat.manifests}/jsp-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- WebSocket API JAR File -->
+     <jarIt jarfile="${websocket-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.websocket-api"
+       manifest="${tomcat.manifests}/websocket-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- JASPIC API JAR File -->
+     <jarIt jarfile="${jaspic-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jaspic-api"
+       manifest="${tomcat.manifests}/jaspic-api.jar.manifest"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Tomcat-juli JAR File -->
+     <jarIt jarfile="${tomcat-juli.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-juli"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Bootstrap JAR File -->
+     <jarIt jarfile="${bootstrap.jar}"
+@@ -1087,61 +1087,61 @@
+     <jarIt jarfile="${tomcat-util.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-util"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Tomcat API JAR File -->
+     <jarIt jarfile="${tomcat-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-api"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Tomcat Util Scan JAR File -->
+     <jarIt jarfile="${tomcat-util-scan.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-util-scan"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <jarIt jarfile="${tomcat-jni.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-jni"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Protocol handlers - Coyote -->
+     <jarIt jarfile="${tomcat-coyote.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-coyote"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- WebSocket implementation JAR File -->
+     <jarIt jarfile="${tomcat-websocket.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-websocket"
+       meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina GroupCom/Tribes JAR File -->
+     <jarIt jarfile="${catalina-tribes.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-tribes"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina Main JAR File -->
+     <jarIt jarfile="${catalina.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina Cluster/HA JAR File -->
+     <jarIt jarfile="${catalina-ha.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-ha"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Server-Side Includes (SSI) -->
+     <jarIt jarfile="${catalina-ssi.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-ssi"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Catalina Ant Tasks JAR File -->
+     <jarIt jarfile="${catalina-ant.jar}"
+@@ -1152,27 +1152,27 @@
+     <jarIt jarfile="${catalina-storeconfig.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.catalina-storeconfig"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Jasper EL Implementation JAR File -->
+     <jarIt jarfile="${jasper-el.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jasper-el"
+       meta-inf="${tomcat.manifests}/jasper-el.jar"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Jasper Implementation JAR File -->
+     <jarIt jarfile="${jasper.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.jasper"
+       meta-inf="${tomcat.manifests}/jasper.jar"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- Re-packaged Apache Commons DBCP 2-->
+     <jarIt jarfile="${tomcat-dbcp.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.tomcat-dbcp"
+-      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- i18n JARs -->
+     <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
+@@ -1635,7 +1635,7 @@
+            filesId="files.tomcat-embed-core"
+            notice="${tomcat.manifests}/servlet-api.jar.notice"
+            license="${tomcat.manifests}/servlet-api.jar.license"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
+            graalFiles="res/graal/tomcat-embed-core/native-image"
+@@ -1643,7 +1643,7 @@
+     <jarIt jarfile="${tomcat-embed-el.jar}"
+            filesDir="${tomcat.classes}"
+            filesId="files.tomcat-embed-el"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
+            graalFiles="res/graal/tomcat-embed-el/native-image"
+@@ -1652,7 +1652,7 @@
+            filesDir="${tomcat.classes}"
+            filesId="files.tomcat-embed-jasper"
+            meta-inf="${tomcat.manifests}/jasper.jar"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
+            graalFiles="res/graal/tomcat-embed-jasper/native-image"
+@@ -1661,7 +1661,7 @@
+            filesDir="${tomcat.classes}"
+            filesId="files.tomcat-embed-websocket"
+            meta-inf="${tomcat.manifests}/tomcat-websocket.jar"
+-           addOSGi="true"
++           addOSGi="false"
+            addGraal="true"
+            graalPrefix="org.apache.tomcat.embed/tomcat-embed-websocket"
+            graalFiles="res/graal/tomcat-embed-websocket/native-image"
+@@ -3716,6 +3716,7 @@ Read the Building page on the Apache Tom
+     <!-- Add bnd tasks to project -->
+     <path id="bnd.classpath">
+       <fileset file="${bnd.jar}" />
++      <fileset file="${bndannotation.jar}" />
+     </path>
+ 
+     <taskdef resource="aQute/bnd/ant/taskdef.properties" classpathref="bnd.classpath" />

gating.yaml

@@ -0,0 +1,7 @@
+# recipients: rhcs-team
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

pki-servlet-engine.spec

@@ -0,0 +1,444 @@
+# Copyright (c) 2000-2008, JPackage Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in the
+#    documentation and/or other materials provided with the
+#    distribution.
+# 3. Neither the name of the JPackage Project nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+%global major_version 9
+%global minor_version 0
+%global micro_version 50
+%global redhat_version 00006
+%global packdname apache-tomcat-%{version}.redhat-%{redhat_version}-src
+
+# Specification versions
+%global servletspec 4.0
+%global jspspec 2.3
+%global elspec 3.0
+
+%global tcuid 91
+
+# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
+%global basedir %{_var}/lib/tomcat
+%global appdir %{basedir}/webapps
+%global homedir %{_datadir}/tomcat
+%global bindir %{homedir}/bin
+%global confdir %{_sysconfdir}/tomcat
+%global libdir %{_javadir}/tomcat
+%global logdir %{_var}/log/tomcat
+%global cachedir %{_var}/cache/tomcat
+%global tempdir %{cachedir}/temp
+%global workdir %{cachedir}/work
+%global _initrddir %{_sysconfdir}/init.d
+%global _systemddir /lib/systemd/system
+
+Name:          pki-servlet-engine
+Epoch:         1
+Version:       %{major_version}.%{minor_version}.%{micro_version}
+Release:       1%{?dist}
+Summary:       Apache Servlet/JSP Engine, RI for Servlet %{servletspec}/JSP %{jspspec} API
+Group:         System Environment/Daemons
+License:       ASL 2.0
+URL:           http://tomcat.apache.org/
+
+#Source0:       http://www.apache.org/dist/tomcat/tomcat-%%{major_version}/v%%{version}/src/%%{packdname}.tar.gz
+Source0:       tomcat-%{version}.redhat-%{redhat_version}-src.zip
+Source1:       tomcat-%{major_version}.%{minor_version}.conf
+Source3:       tomcat-%{major_version}.%{minor_version}.sysconfig
+Source4:       tomcat-%{major_version}.%{minor_version}.wrapper
+Source6:       tomcat-%{major_version}.%{minor_version}-digest.script
+Source7:       tomcat-%{major_version}.%{minor_version}-tool-wrapper.script
+Source8:       tomcat-%{major_version}.%{minor_version}.service
+Source21:      tomcat-functions
+Source30:      tomcat-preamble
+Source31:      tomcat-server
+Source32:      tomcat-named.service
+
+Patch0:        tomcat-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
+Patch1:        tomcat-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
+Patch2:        tomcat-%{major_version}.%{minor_version}-catalina-policy.patch
+Patch3:        exclude-OSGi-metadata.patch
+
+BuildArch:     noarch
+
+BuildRequires: ant
+BuildRequires: findutils
+BuildRequires: java-11-devel
+BuildRequires: javapackages-tools
+BuildRequires: javapackages-local
+BuildRequires: systemd
+BuildRequires: systemd-rpm-macros
+BuildRequires: aqute-bnd
+BuildRequires: aqute-bndlib
+
+Requires:      ant
+Requires:      java-11-devel
+Requires:      javapackages-tools
+Requires:      procps
+Requires(pre):    shadow-utils
+Requires(post):   chkconfig
+Requires(postun): chkconfig
+Requires(preun):  chkconfig
+Requires(post):   systemd
+Requires(preun):  systemd
+Requires(postun): systemd
+Requires(preun): coreutils
+Requires: pki-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
+
+# Add bundled so that everyone knows this is Tomcat.
+Provides: bundled(tomcat) = %{version}.redhat-%{redhat_version}
+
+Obsoletes:        pki-servlet-container <= 9.0.7
+
+%description
+Tomcat is the servlet engine that is used in the official Reference
+Implementation for the Java Servlet and JavaServer Pages technologies.
+The Java Servlet and JavaServer Pages specifications are developed by
+Sun under the Java Community Process.
+
+Tomcat is developed in an open and participatory environment and
+released under the Apache Software License version 2.0. Tomcat is intended
+to be a collaboration of the best-of-breed developers from around the world.
+
+%package -n pki-servlet-%{servletspec}-api
+Group: Development/Libraries
+Summary: Apache Tomcat Java Servlet v%{servletspec} API Implementation Classes
+Requires(post): chkconfig
+Requires(postun): chkconfig
+
+%description -n pki-servlet-%{servletspec}-api
+Apache Tomcat Servlet API Implementation Classes.
+
+%prep
+%setup -q -n %{packdname}
+
+# remove pre-built binaries and windows files
+find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "*.gz" -o \
+   -name "*.jar" -o -name "*.war" -o -name "*.zip" \) -delete
+
+%patch0 -p0
+%patch1 -p0
+%patch2 -p0
+%patch3 -p0
+
+# Since we don't support ECJ in RHEL anymore, remove the class that requires it
+%{__rm} -f java/org/apache/jasper/compiler/JDTCompiler.java
+# Also remove webservices naming factory as it's unused and causes unnecessary dependencies to be required
+%{__rm} -rf java/org/apache/naming/factory/webservices
+
+# Configure maven files
+%mvn_package ":tomcat-servlet-api" tomcat-servlet-api
+
+
+%build
+export OPT_JAR_LIST="xalan-j2-serializer"
+
+# Create a dummy file for later removal
+touch HACK
+
+# who needs a build.properties file anyway
+%{ant} -Dbase.path="." \
+  -Dbuild.compiler="modern" \
+  -Dcommons-daemon.jar="HACK" \
+  -Dcommons-daemon.native.src.tgz="HACK" \
+  -Djdt.jar="HACK" \
+  -Dtomcat-native.tar.gz="HACK" \
+  -Dtomcat-native.home="." \
+  -Dcommons-daemon.native.win.mgr.exe="HACK" \
+  -Dnsis.exe="HACK" \
+  -Dbnd.jar="$(build-classpath aqute-bnd/biz.aQute.bnd)" \
+  -Dbndlib.jar="$(build-classpath aqute-bnd/biz.aQute.bndlib)" \
+  -Dbndlibg.jar="$(build-classpath aqute-bnd/aQute.libg)" \
+  -Dbndannotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
+  -Dosgi-annotations.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
+  -Dosgi-cmpn.jar="$(build-classpath osgi-compendium/osgi.cmpn)" \
+  deploy dist-prepare dist-source
+
+# remove some jars that we don't need
+#%%{__rm} output/build/bin/commons-daemon.jar
+
+%install
+# build initial path structure
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sbindir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_initrddir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_systemddir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{appdir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{bindir}
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{confdir}
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{confdir}/Catalina/localhost
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{confdir}/conf.d
+/bin/echo "Place your custom *.conf files here. Shell expansion is supported." > ${RPM_BUILD_ROOT}%{confdir}/conf.d/README
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{libdir}
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{logdir}
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{_localstatedir}/lib/tomcats
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{homedir}
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{tempdir}
+%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{workdir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_unitdir}
+%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_libexecdir}/tomcat
+
+# move things into place
+# First copy supporting libs to tomcat lib
+pushd output/build
+    %{__cp} -a bin/*.{jar,xml} ${RPM_BUILD_ROOT}%{bindir}
+    %{__cp} -a conf/*.{policy,properties,xml,xsd} ${RPM_BUILD_ROOT}%{confdir}
+    %{__cp} -a lib/*.jar ${RPM_BUILD_ROOT}%{libdir}
+popd
+
+%{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
+   -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE1} \
+    > ${RPM_BUILD_ROOT}%{confdir}/tomcat.conf
+%{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
+   -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE3} \
+    > ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/tomcat
+%{__install} -m 0644 %{SOURCE4} \
+    ${RPM_BUILD_ROOT}%{_sbindir}/tomcat
+%{__install} -m 0644 %{SOURCE8} \
+    ${RPM_BUILD_ROOT}%{_unitdir}/tomcat.service
+%{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
+   -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE6} \
+    > ${RPM_BUILD_ROOT}%{_bindir}/tomcat-digest
+%{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
+   -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE7} \
+    > ${RPM_BUILD_ROOT}%{_bindir}/tomcat-tool-wrapper
+
+%{__install} -m 0644 %{SOURCE21} \
+    ${RPM_BUILD_ROOT}%{_libexecdir}/tomcat/functions
+%{__install} -m 0755 %{SOURCE30} \
+    ${RPM_BUILD_ROOT}%{_libexecdir}/tomcat/preamble
+%{__install} -m 0755 %{SOURCE31} \
+    ${RPM_BUILD_ROOT}%{_libexecdir}/tomcat/server
+%{__install} -m 0644 %{SOURCE32} \
+    ${RPM_BUILD_ROOT}%{_unitdir}/tomcat@.service
+
+# Substitute libnames in catalina-tasks.xml
+sed -i \
+   "s,el-api.jar,tomcat-el-%{elspec}-api.jar,;
+    s,servlet-api.jar,tomcat-servlet-%{servletspec}-api.jar,;
+    s,jsp-api.jar,tomcat-jsp-%{jspspec}-api.jar,;" \
+    ${RPM_BUILD_ROOT}%{bindir}/catalina-tasks.xml
+
+# create jsp and servlet API symlinks
+pushd ${RPM_BUILD_ROOT}%{_javadir}
+   %{__mv} tomcat/jsp-api.jar tomcat-jsp-%{jspspec}-api.jar
+   %{__ln_s} tomcat-jsp-%{jspspec}-api.jar tomcat-jsp-api.jar
+   %{__mv} tomcat/servlet-api.jar tomcat-servlet-%{servletspec}-api.jar
+   %{__ln_s} tomcat-servlet-%{servletspec}-api.jar tomcat-servlet-api.jar
+   %{__mv} tomcat/el-api.jar tomcat-el-%{elspec}-api.jar
+   %{__ln_s} tomcat-el-%{elspec}-api.jar tomcat-el-api.jar
+popd
+
+pushd ${RPM_BUILD_ROOT}%{libdir}
+    # symlink JSP and servlet API jars
+    %{__ln_s} ../../java/tomcat-jsp-%{jspspec}-api.jar .
+    %{__ln_s} ../../java/tomcat-servlet-%{servletspec}-api.jar .
+    %{__ln_s} ../../java/tomcat-el-%{elspec}-api.jar .
+popd
+
+# symlink to the FHS locations where we've installed things
+pushd ${RPM_BUILD_ROOT}%{homedir}
+    %{__ln_s} %{appdir} webapps
+    %{__ln_s} %{confdir} conf
+    %{__ln_s} %{libdir} lib
+    %{__ln_s} %{logdir} logs
+    %{__ln_s} %{tempdir} temp
+    %{__ln_s} %{workdir} work
+popd
+
+# Install the maven metadata
+pushd res/maven
+    for pom in *.pom; do
+        # fix-up version in all pom files
+        sed -i 's/@MAVEN.DEPLOY.VERSION@/%{version}/g' $pom
+    done
+popd
+
+%mvn_artifact res/maven/tomcat-servlet-api.pom output/build/lib/servlet-api.jar
+%mvn_install
+
+%pre
+# add the tomcat user and group
+%{_sbindir}/groupadd -g %{tcuid} -r tomcat 2>/dev/null || :
+%{_sbindir}/useradd -c "Apache Tomcat" -u %{tcuid} -g tomcat \
+    -s /sbin/nologin -r -d %{homedir} tomcat 2>/dev/null || :
+
+%post
+# install but don't activate
+%systemd_post tomcat.service
+
+# Collapse all of the alternatives installations into one
+%{_sbindir}/update-alternatives --install %{_javadir}/jsp.jar jsp \
+    %{_javadir}/tomcat-jsp-%{jspspec}-api.jar 20200
+%{_sbindir}/update-alternatives --install %{_javadir}/servlet.jar servlet \
+    %{_javadir}/tomcat-servlet-%{servletspec}-api.jar 30000
+%{_sbindir}/update-alternatives --install %{_javadir}/elspec.jar elspec \
+   %{_javadir}/tomcat-el-%{elspec}-api.jar 20300
+
+%preun
+# clean tempdir and workdir on removal or upgrade
+%{__rm} -rf %{workdir}/* %{tempdir}/*
+%systemd_preun tomcat.service
+
+%postun
+%systemd_postun_with_restart tomcat.service
+
+# Collapse all of the alternatives removals into one
+if [ "$1" = "0" ]; then
+    %{_sbindir}/update-alternatives --remove jsp \
+        %{_javadir}/tomcat-jsp-%{jspspec}-api.jar
+    %{_sbindir}/update-alternatives --remove servlet \
+        %{_javadir}/tomcat-servlet-%{servletspec}-api.jar
+    %{_sbindir}/update-alternatives --remove elspec \
+        %{_javadir}/tomcat-el-%{elspec}-api.jar
+fi
+
+%files
+%defattr(0664,root,tomcat,0755)
+%doc {LICENSE,NOTICE,RELEASE*}
+%attr(0755,root,root) %{_bindir}/tomcat-digest
+%attr(0755,root,root) %{_bindir}/tomcat-tool-wrapper
+%attr(0755,root,root) %{_sbindir}/tomcat
+%attr(0644,root,root) %{_unitdir}/tomcat.service
+%attr(0644,root,root) %{_unitdir}/tomcat@.service
+%attr(0755,root,root) %dir %{_libexecdir}/tomcat
+%attr(0755,root,root) %dir %{_localstatedir}/lib/tomcats
+%attr(0644,root,root) %{_libexecdir}/tomcat/functions
+%attr(0755,root,root) %{_libexecdir}/tomcat/preamble
+%attr(0755,root,root) %{_libexecdir}/tomcat/server
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/sysconfig/tomcat
+%attr(0755,root,tomcat) %dir %{basedir}
+%attr(0755,root,tomcat) %dir %{confdir}
+
+%defattr(0664,tomcat,root,0770)
+%attr(0770,tomcat,root) %dir %{logdir}
+
+%defattr(0664,root,tomcat,0770)
+%attr(0770,root,tomcat) %dir %{cachedir}
+%attr(0770,root,tomcat) %dir %{tempdir}
+%attr(0770,root,tomcat) %dir %{workdir}
+
+%defattr(0644,root,tomcat,0775)
+%attr(0775,root,tomcat) %dir %{appdir}
+%attr(0775,root,tomcat) %dir %{confdir}/Catalina
+%attr(0775,root,tomcat) %dir %{confdir}/Catalina/localhost
+%attr(0755,root,tomcat) %dir %{confdir}/conf.d
+%{confdir}/conf.d/README
+%config(noreplace) %{confdir}/tomcat.conf
+%config(noreplace) %{confdir}/*.policy
+%config(noreplace) %{confdir}/*.properties
+%config(noreplace) %{confdir}/context.xml
+%config(noreplace) %{confdir}/server.xml
+%attr(0640,root,tomcat) %config(noreplace) %{confdir}/tomcat-users.xml
+%attr(0664,root,tomcat) %{confdir}/tomcat-users.xsd
+%attr(0664,root,tomcat) %config(noreplace) %{confdir}/jaspic-providers.xml
+%attr(0664,root,tomcat) %{confdir}/jaspic-providers.xsd
+%config(noreplace) %{confdir}/web.xml
+%dir %{homedir}
+%{bindir}/bootstrap.jar
+%{bindir}/catalina-tasks.xml
+%{homedir}/lib
+%{homedir}/temp
+%{homedir}/webapps
+%{homedir}/work
+%{homedir}/logs
+%{homedir}/conf
+
+%defattr(-,root,root,-)
+%dir %{libdir}
+%{libdir}/*.jar
+%{_javadir}/*.jar
+%{bindir}/tomcat-juli.jar
+%exclude %{_javadir}/tomcat-servlet-%{servletspec}*.jar
+
+%files -n pki-servlet-%{servletspec}-api -f .mfiles-tomcat-servlet-api
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_javadir}/tomcat-servlet-%{servletspec}*.jar
+
+%changelog
+* Thu Feb 24 2022 Chris Kelley <ckelley@redhat.com> - 1:9.0.50-1
+- Update to JWS 5.6.1
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:9.0.43-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Tue Jul 13 2021 Coty Sutherland <csutherl@redhat.com> - 1:9.0.43-3
+- Add back ant runtime dependency to allow compilation of JSPs at runtime (no ECJ support)
+
+* Fri Jul 09 2021 Coty Sutherland <csutherl@redhat.com> - 1:9.0.43-2
+- Related: rhbz#1977948 Cleanup unused tomcat-juli.jar copy now that the maven artifacts have been removed
+
+* Thu Jul 08 2021 Coty Sutherland <csutherl@redhat.com> - 1:9.0.43-1
+- Update to JWS 5.5, and drop jakarta-saaj dependency
+- Updates to javapackages-local removed %%add_maven_depmap which broke the build,
+  so I removed most of the maven artifacts as they aren't very useful anyway
+- Cleaned up a few unnecessary patches
+
+* Tue Jun 08 2021 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-3
+- Resolves: rhbz#1963851 CA instance installation fails with error message
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1:9.0.30-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Feb 03 2021 Alexander Scheel <ascheel@redhat.com> - 1:9.0.30-2
+- Rebuild for RHEL 9
+
+* Thu Apr 23 2020 Coty Sutherland <csutherl@redhat.com> - 1:9.0.30-1
+- Resolves: rhbz#1721684 Rebase pki-servlet-engine to 9.0.30
+- Update to JWS 5.3.0 distribution
+- Remove new dependencies that PKI doesn't need (and are not provided by RHEL 8)
+
+* Fri May 31 2019 Endi S. Dewata <edewata@redhat.com> - 1:9.0.7-16
+- Obsoleted pki-servlet-container
+
+* Tue Apr 23 2019 Endi S. Dewata <edewata@redhat.com> - 1:9.0.7-15
+- Rename pki-servlet-container into pki-servlet-engine
+
+* Mon Mar 04 2019 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-14
+- Update to JWS 5.0.2 distribution
+- Resolves: rhbz#1658846 CVE-2018-8034 pki-servlet-container: tomcat: host name verification missing in WebSocket client
+- Resolves: rhbz#1579614 CVE-2018-8014 pki-servlet-container: tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins
+- Resolves: rhbz#1619232 - CVE-2018-8037 pki-servlet-container: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up
+- Resolves: rhbz#1641874 - CVE-2018-11784 pki-servlet-container: tomcat: Open redirect in default servlet
+
+* Fri Aug 03 2018 Fraser Tweedale <ftweedal@redhat.com> - 1:9.0.7-13
+- Reinstate Maven artifacts and fix maven-metadata JAR path
+
+* Fri Jul 20 2018 Jean-Frederic Clere <jclere@redhat.com> - 1:9.0.7-12
+- Add missing BuildRequires: systemd-units
+
+* Fri Jun 22 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-11
+- Resolves: rhbz#1594139 Cleanup Provides and Requires
+
+* Thu Jun 07 2018 Coty Sutherland <csutherl@redhat.com> - 1:9.0.7-10
+- Create packages for FreeIPA that wrap the JWS distribution of Tomcat

sources

@@ -0,0 +1 @@
+SHA512 (tomcat-9.0.50.redhat-00006-src.zip) = 15492c8102a4e21e413e92264e05939cd38e4832a84ad842459e4f3d0b0abb3a9e9eeb3b39fcaff3ebac9098eb882692f8fa3ea20f2471c65d90040ff277dfe9

tests/roles/Test_Setup/files/ca.cfg

@@ -0,0 +1,25 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[CA]
+pki_admin_email=caadmin@example.com
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
+pki_admin_password=Secret.123
+pki_admin_uid=caadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
+pki_ds_database=ca
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+
+pki_ca_signing_nickname=ca_signing
+pki_ocsp_signing_nickname=ca_ocsp_signing
+pki_audit_signing_nickname=ca_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/files/ds-create.sh

@@ -0,0 +1,24 @@
+#!/bin/bash -ex
+
+# This command needs to be executed as it pulls the machine name
+# dynamically.
+dscreate create-template /tmp/test_dir/ds.inf
+
+sed -i \
+    -e "s/;instance_name = .*/instance_name = localhost/g" \
+    -e "s/;root_password = .*/root_password = Secret.123/g" \
+    -e "s/;suffix = .*/suffix = dc=example,dc=com/g" \
+    -e "s/;self_sign_cert = .*/self_sign_cert = False/g" \
+    /tmp/test_dir/ds.inf
+
+dscreate from-file /tmp/test_dir/ds.inf
+
+ldapadd -h $HOSTNAME -x -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: dc=example,dc=com
+objectClass: domain
+dc: example
+
+dn: dc=pki,dc=example,dc=com
+objectClass: domain
+dc: pki
+EOF

tests/roles/Test_Setup/files/kra.cfg

@@ -0,0 +1,27 @@
+[DEFAULT]
+pki_server_database_password=Secret.123
+
+[KRA]
+pki_admin_email=kraadmin@example.com
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_password=Secret.123
+pki_admin_uid=kraadmin
+
+pki_client_database_password=Secret.123
+pki_client_database_purge=False
+pki_client_pkcs12_password=Secret.123
+
+pki_ds_base_dn=dc=kra,dc=pki,dc=example,dc=com
+pki_ds_database=kra
+pki_ds_password=Secret.123
+
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_security_domain_password=Secret.123
+
+pki_storage_nickname=kra_storage
+pki_transport_nickname=kra_transport
+pki_audit_signing_nickname=kra_audit_signing
+pki_sslserver_nickname=sslserver
+pki_subsystem_nickname=subsystem

tests/roles/Test_Setup/tasks/main.yml

@@ -0,0 +1,26 @@
+---
+
+- name: Install resteasy packages
+  dnf:
+    name: >
+      pki-resteasy-client, pki-resteasy-core, pki-resteasy-jackson2-provider, pki-resteasy-jaxb-provider
+
+- name: Install required packages
+  dnf:
+    name: >
+      389-ds-base, pki-ca, pki-kra
+
+- name: Creates directory
+  file: path=/tmp/test_files state=directory
+
+- name: Copying templates to /tmp folder
+  copy : src=.  dest=/tmp/test_dir
+
+- name: Setup DS Service
+  shell: sh /tmp/test_dir/ds-create.sh
+
+- name: Install CA subsystem
+  shell: pkispawn -f /tmp/test_dir/ca.cfg -s CA -v
+
+- name: Install KRA subsystem
+  shell: pkispawn -f /tmp/test_dir/kra.cfg -s KRA -v

tests/tests.yml

@@ -0,0 +1,29 @@
+- hosts: localhost
+  remote_user: root
+  tags:
+    - classic
+  roles:
+  - role: Test_Setup
+  - role: standard-test-basic
+    tests:
+    - verify_spawn_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus | grep '<Status>running</Status>'"
+    - verify_spawn_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep '<Status>running</Status>'"
+    - destroy_kra:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s KRA && sleep 5"
+    - verify_destroy_kra:
+        dir: .
+        run: "curl http://localhost:8080/kra/admin/kra/getStatus | grep 'HTTP Status 404'"
+    - destroy_ca:
+        dir: .
+        run: "pkidestroy -i pki-tomcat -s CA"
+    - verify_destroy_ca:
+        dir: .
+        run: "curl http://localhost:8080/ca/admin/ca/getStatus  &> testfile.log || true && grep 'Connection refused' testfile.log"
+    required_packages:
+    - pki-ca
+    - pki-kra

tomcat-9.0-bootstrap-MANIFEST.MF.patch

@@ -0,0 +1,9 @@
+--- res/META-INF/bootstrap.jar.manifest.orig	2010-04-06 10:11:09.000000000 -0600
++++ res/META-INF/bootstrap.jar.manifest	2010-04-06 10:45:56.000000000 -0600
+@@ -1,6 +1,5 @@
+ Manifest-Version: 1.0
+ Main-Class: org.apache.catalina.startup.Bootstrap
+-Class-Path: commons-daemon.jar
+ Specification-Title: Apache Tomcat Bootstrap
+ Specification-Version: @VERSION_MAJOR_MINOR@
+ Specification-Vendor: Apache Software Foundation

tomcat-9.0-catalina-policy.patch

@@ -0,0 +1,40 @@
+diff -up ./conf/catalina.policy.orig ./conf/catalina.policy
+--- ./conf/catalina.policy.orig	2022-03-04 08:49:08.246538215 -0500
++++ ./conf/catalina.policy	2022-03-04 08:50:31.842356329 -0500
+@@ -56,6 +56,36 @@ grant codeBase "file:${java.home}/lib/ex
+ //        permission java.security.AllPermission;
+ //};
+ 
++// This permission is required when using javac to compile JSPs on Java 9
++// onwards
++grant codeBase "jrt:/jdk.compiler" {
++        permission java.security.AllPermission;
++};
++
++// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
++
++// Allowing everything in /usr/share/java allows too many unknowns to be permitted
++// Specifying the individual jars that tomcat needs to function with the security manager
++// is the safest way forward.
++grant codeBase "file:/usr/share/java/tomcat-servlet-4.0-api.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/share/java/tomcat-jsp-2.3-api.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/share/java/tomcat-el-3.0-api.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/share/java/ant.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/share/java/ant-launcher.jar" {
++        permission java.security.AllPermission;
++};
++grant codeBase "file:/usr/lib/jvm/java/lib/tools.jar" {
++        permission java.security.AllPermission;
++};
++
+ 
+ // ========== CATALINA CODE PERMISSIONS =======================================
+ 

tomcat-9.0-digest.script

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# tomcat-digest script
+# JPackage Project <http://www.jpackage.org/>
+
+# Source functions library
+if [ -f /usr/share/java-utils/java-functions ] ; then
+  . /usr/share/java-utils/java-functions
+else
+  echo "Can't find functions library, aborting"
+  exit 1
+fi
+
+# Get the tomcat config (use this for environment specific settings)
+if [ -z "${TOMCAT_CFG}" ]; then
+    TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+fi
+
+if [ -r "$TOMCAT_CFG" ]; then
+    . $TOMCAT_CFG
+fi
+
+set_javacmd
+
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-api.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util-scan.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-coyote.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/catalina.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/servlet-api.jar"
+export CLASSPATH
+
+# Configuration
+MAIN_CLASS="org.apache.catalina.startup.Tool"
+BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
+BASE_OPTIONS=""
+#BASE_JARS="tomcat/tomcat-util tomcat/tomcat-util-scan"
+#BASE_JARS="${BASE_JARS} tomcat/tomcat-coyote tomcat/catalina"
+#BASE_JARS="${BASE_JARS} tomcat/servlet-api"
+
+# Set parameters
+#set_classpath $BASE_JARS
+set_flags $BASE_FLAGS
+set_options $BASE_OPTIONS
+
+# Let's start
+run -server org.apache.catalina.realm.RealmBase "$@"

tomcat-9.0-log4j.properties

@@ -0,0 +1,11 @@
+log4j.rootLogger=debug, R 
+log4j.appender.R=org.apache.log4j.RollingFileAppender 
+log4j.appender.R.File=${catalina.base}/logs/tomcat.log 
+log4j.appender.R.MaxFileSize=10MB 
+log4j.appender.R.MaxBackupIndex=10 
+log4j.appender.R.layout=org.apache.log4j.PatternLayout 
+log4j.appender.R.layout.ConversionPattern=%p %t %c - %m%n 
+log4j.logger.org.apache.catalina=DEBUG, R
+log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG, R
+log4j.logger.org.apache.catalina.core=DEBUG, R
+log4j.logger.org.apache.catalina.session=DEBUG, R

tomcat-9.0-tomcat-users-webapp.patch

@@ -0,0 +1,17 @@
+--- conf/tomcat-users.xml~	2008-01-28 17:41:06.000000000 -0500
++++ conf/tomcat-users.xml	2008-03-07 19:40:07.000000000 -0500
+@@ -23,4 +23,14 @@
+   <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
+   <user username="role1" password="<must-be-changed>" roles="role1"/>
+ -->
++
++<!-- <role rolename="admin"/> -->
++<!-- <role rolename="admin-gui"/> -->
++<!-- <role rolename="admin-script"/> -->
++<!-- <role rolename="manager"/> -->
++<!-- <role rolename="manager-gui"/> -->
++<!-- <role rolename="manager-script"/> -->
++<!-- <role rolename="manager-jmx"/> -->
++<!-- <role rolename="manager-status"/> -->
++<!-- <user name="admin" password="<must-be-changed>" roles="admin,manager,admin-gui,admin-script,manager-gui,manager-script,manager-jmx,manager-status" /> -->
+ </tomcat-users>

tomcat-9.0-tool-wrapper.script

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# tomcat-digest script
+# JPackage Project <http://www.jpackage.org/>
+
+# Source functions library
+if [ -f /usr/share/java-utils/java-functions ] ; then
+  . /usr/share/java-utils/java-functions
+else
+  echo "Can't find functions library, aborting"
+  exit 1
+fi
+
+# Get the tomcat config (use this for environment specific settings)
+if [ -z "${TOMCAT_CFG}" ]; then
+    TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+fi
+
+if [ -r "$TOMCAT_CFG" ]; then
+    . $TOMCAT_CFG
+fi
+
+set_javacmd
+
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-api.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-util-scan.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/tomcat-coyote.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/catalina.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib/servlet-api.jar"
+export CLASSPATH
+
+# Configuration
+MAIN_CLASS="org.apache.catalina.startup.Tool"
+BASE_OPTIONS=""
+BASE_FLAGS="-Dcatalina.home=\"$CATALINA_HOME\""
+#BASE_JARS="tomcat/tomcat-util tomcat/tomcat-util-scan"
+#BASE_JARS="${BASE_JARS} tomcat/tomcat-coyote tomcat/catalina"
+#BASE_JARS="${BASE_JARS} tomcat/servlet-api"
+
+# Set parameters
+#set_classpath $BASE_JARS
+set_flags $BASE_FLAGS
+set_options $BASE_OPTIONS
+
+# Let's start
+run "$@"

tomcat-9.0.conf

@@ -0,0 +1,61 @@
+# This will be loaded by systemd as an environment file,
+# so please keep the syntax. For shell expansion support
+# place your custom files as /etc/tomcat/conf.d/*.conf.
+#
+# There are 2 "classes" of startup behavior in this package.
+# The old one, the default service named tomcat.service.
+# The new named instances are called tomcat@instance.service.
+#
+# Use this file to change default values for all services.
+# Change the service specific ones to affect only one service.
+# For tomcat.service it's /etc/sysconfig/tomcat, for
+# tomcat@instance it's /etc/sysconfig/tomcat@instance.
+
+# This variable is used to figure out if config is loaded or not.
+TOMCAT_CFG_LOADED="1"
+
+# Where your java installation lives
+#JAVA_HOME="/usr/lib/jvm/java"
+
+# Where your tomcat installation lives
+CATALINA_BASE="@@@TCHOME@@@"
+CATALINA_HOME="@@@TCHOME@@@"
+CATALINA_TMPDIR="@@@TCTEMP@@@"
+
+# You can pass some parameters to java here if you wish to
+#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
+
+# You can change your tomcat locale here
+#LANG="en_US"
+
+# Run tomcat under the Java Security Manager
+SECURITY_MANAGER="false"
+
+# DEPRECATED VARIABLES
+# 
+# TOMCAT_USER has been deprecated. To update the tomcat process owner,
+# please see User in tomcat.service.
+#
+# TOMCAT_GROUP has been deprecated. To update the tomcat process group,
+# please see Group in tomcat.service.
+#
+# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
+# TimeoutStopSec in tomcat.service.
+#
+# SHUTDOWN_VERBOSE has been deprecated. There is no replacement for this behavior.
+#
+# CATALINA_PID has been deprecated. A replacement for this behavior is to set
+# PIDFile in tomcat.service.
+#
+# CONNECTOR_PORT has been deprecated. There is no replacement for this behavior.
+# Set init script output file
+#
+# TOMCAT_LOG has been deprecated. Output from start/stop/status operations are
+# logged to the system's journal.
+#
+# LOGGING_CONFIG has been deprecated. To update the logging properties in use, use:
+# LOGGING_PROPERTIES="${CATALINA_HOME}/lib/log4j.properties"
+
+# If you wish to further customize your tomcat environment,
+# put your own definitions here
+# (i.e. LD_LIBRARY_PATH for some jdbc drivers)

tomcat-9.0.service

@@ -0,0 +1,21 @@
+# Systemd unit file for default tomcat
+# 
+# To create clones of this service:
+# DO NOTHING, use tomcat@.service instead.
+
+[Unit]
+Description=Apache Tomcat Web Application Container
+After=syslog.target network.target
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/tomcat/tomcat.conf
+Environment="NAME="
+EnvironmentFile=-/etc/sysconfig/tomcat
+ExecStart=/usr/libexec/tomcat/server start
+SuccessExitStatus=143
+User=tomcat
+UMask=027
+
+[Install]
+WantedBy=multi-user.target

tomcat-9.0.sysconfig

@@ -0,0 +1,11 @@
+# Service-specific configuration file for tomcat. This will be sourced by
+# systemd for the default service (tomcat.service)
+# If you want to customize named instance, make a similar file
+# and name it tomcat@instancename.
+
+# You will not need to set this, usually. For default service it equals
+# CATALINA_HOME. For named service, it equals ${TOMCATS_BASE}${NAME}
+#CATALINA_BASE="@@@TCHOME@@@"
+
+# Please take a look at /etc/tomcat/tomcat.conf to have an idea
+# what you can override.

tomcat-9.0.wrapper

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+if [ "$1" = "version" ]; then
+  . /usr/libexec/tomcat/preamble
+  exec ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
+    org.apache.catalina.util.ServerInfo
+fi
+
+SRV="tomcat"
+if [ -n "$2" ]; then
+  SRV="tomcat@$2"
+fi
+
+if [ "$1" = "start" ]; then
+  systemctl start ${SRV}.service
+elif [ "$1" = "stop" ]; then
+  systemctl stop ${SRV}.service
+elif [ "$1" = "version" ]; then
+  ${JAVACMD} -classpath ${CATALINA_HOME}/lib/catalina.jar \
+    org.apache.catalina.util.ServerInfo
+else
+  echo "Usage: $0 {start|stop|version} [server-id]"
+  exit 1
+fi

tomcat-functions

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ -r /usr/share/java-utils/java-functions ]; then
+  . /usr/share/java-utils/java-functions
+else
+  echo "Can't read Java functions library, aborting"
+  exit 1
+fi
+
+_save_function() {
+    local ORIG_FUNC=$(declare -f $1)
+    local NEWNAME_FUNC="$2${ORIG_FUNC#$1}"
+    eval "$NEWNAME_FUNC"
+}
+
+_save_function run run_java
+
+run() {
+   if [ "${USE_JSVC}" = "true" ] ; then
+    echo "JSVC support is not available with this Tomcat package."
+    exit 1
+   else
+	run_java $@
+   fi
+}
+

tomcat-named.service

@@ -0,0 +1,26 @@
+# Systemd unit file for tomcat instances.
+# 
+# To create clones of this service:
+# 0. systemctl enable tomcat@name.service
+# 1. create catalina.base directory structure in
+#    /var/lib/tomcats/name
+# 2. profit.
+
+[Unit]
+Description=Apache Tomcat Web Application Container
+After=syslog.target network.target
+
+[Service]
+Type=simple
+EnvironmentFile=/etc/tomcat/tomcat.conf
+Environment="NAME=%I"
+EnvironmentFile=-/etc/sysconfig/tomcat@%I
+ExecStart=/usr/libexec/tomcat/server start
+ExecStop=/usr/libexec/tomcat/server stop
+SuccessExitStatus=143
+User=tomcat
+UMask=027
+
+[Install]
+WantedBy=multi-user.target
+

tomcat-preamble

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+. /usr/libexec/tomcat/functions
+
+# Get the tomcat config (use this for environment specific settings)
+
+if [ -z "${TOMCAT_CFG_LOADED}" ]; then
+  if [ -z "${TOMCAT_CFG}" ]; then
+    TOMCAT_CFG="/etc/tomcat/tomcat.conf"
+  fi
+  . $TOMCAT_CFG
+fi
+
+if [ -d "${TOMCAT_CONFD=/etc/tomcat/conf.d}" ]; then
+  for file in ${TOMCAT_CONFD}/*.conf ; do
+    if [ -f "$file" ] ; then
+      . "$file"
+    fi
+  done
+fi
+
+if [ -z "$CATALINA_BASE" ]; then
+  if [ -n "$NAME" ]; then
+    if [ -z "$TOMCATS_BASE" ]; then
+      TOMCATS_BASE="/var/lib/tomcats/"
+    fi
+    CATALINA_BASE="${TOMCATS_BASE}${NAME}"
+  else
+    CATALINA_BASE="${CATALINA_HOME}"
+  fi
+fi
+VERBOSE=1
+set_javacmd
+cd ${CATALINA_HOME}
+# CLASSPATH munging
+if [ ! -z "$CLASSPATH" ] ; then
+  CLASSPATH="$CLASSPATH":
+fi
+
+if [ -n "$JSSE_HOME" ]; then
+  CLASSPATH="${CLASSPATH}$(build-classpath jcert jnet jsse 2>/dev/null):"
+fi
+CLASSPATH="${CLASSPATH}${CATALINA_HOME}/bin/bootstrap.jar"
+CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/tomcat-juli.jar"
+
+# Since ECJ is no longer available, add ant, ant-launcher, and tools jars to the
+# classpath so that runtime compilation of JSPs still works.
+CLASSPATH="${CLASSPATH}:/usr/share/java/ant.jar:/usr/share/java/ant-launcher.jar"
+CLASSPATH="${CLASSPATH}:/usr/lib/jvm/java/lib/tools.jar"
+
+if [ -z "$LOGGING_PROPERTIES" ] ; then
+  LOGGING_PROPERTIES="${CATALINA_BASE}/conf/logging.properties"
+  if [ ! -f "${LOGGING_PROPERTIES}" ] ; then
+    LOGGING_PROPERTIES="${CATALINA_HOME}/conf/logging.properties"
+  fi
+fi

tomcat-server

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+. /usr/libexec/tomcat/preamble
+
+MAIN_CLASS=org.apache.catalina.startup.Bootstrap
+
+FLAGS="$JAVA_OPTS"
+OPTIONS="-Dcatalina.base=$CATALINA_BASE \
+-Dcatalina.home=$CATALINA_HOME \
+-Djava.endorsed.dirs=$JAVA_ENDORSED_DIRS \
+-Djava.io.tmpdir=$CATALINA_TMPDIR \
+-Djava.util.logging.config.file=${LOGGING_PROPERTIES} \
+-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager"
+
+if [ "$1" = "start" ] ; then
+  FLAGS="${FLAGS} $CATALINA_OPTS"
+  if [ "${SECURITY_MANAGER}" = "true" ] ; then
+    OPTIONS="${OPTIONS} \
+    -Djava.security.manager \
+    -Djava.security.policy==${CATALINA_BASE}/conf/catalina.policy"
+  fi
+  run start
+elif [ "$1" = "stop" ] ; then
+  run stop
+fi