Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Tomcat 10 #4551

Open
edewata opened this issue Aug 24, 2023 · 5 comments
Open

Add support for Tomcat 10 #4551

edewata opened this issue Aug 24, 2023 · 5 comments

Comments

@edewata
Copy link
Contributor

edewata commented Aug 24, 2023

Currently PKI only supports Tomcat 9. Tomcat 10 will eventually replace Tomcat 9 and the API might change. To simplify the transition there should be a separate module for Tomcat 10 (i.e. base/tomcat-10.0). The upstream CI should build and test PKI against both Tomcat 9 and 10, but the RPM spec will only need to support one Tomcat version (depending on availability).
@ckelleyRH
Copy link
Contributor

This relates to dogtagpki/tomcatjss#68

@tjaalton
Copy link
Contributor

Any news here? Dogtag is getting removed from Ubuntu 24.04 (due to release next month) because of this.

@tjaalton
Copy link
Contributor

rawhide has tomcat 10.1 now:
https://bodhi.fedoraproject.org/updates/FEDORA-2024-341e4c19d6

@csutherl
Copy link
Contributor

csutherl commented Jun 3, 2024
edited
Loading

I guess this a better place to keep the comments from the Fedora update linked above as they are more applicable to the PKI project :) Tomcat 10.1 is current incompatible with this application. I dug into the automated testing which are failing and found a few things to get you started on updates.

  1. The catalina.properties file needs to add a few more jars to the exclusion list so that scanning them won't fail. Failures look like:
May 31 10:20:20 ipa002.test.openqa.fedoraproject.org server[4859]: WARNING: Failed to scan [file:/usr/share/java/tomcat-jakartaee-migration/bcel-6.8.1.jar] from classloader hierarchy
May 31 10:20:20 ipa002.test.openqa.fedoraproject.org server[4859]: java.nio.file.NoSuchFileException: /usr/share/java/tomcat-jakartaee-migration/bcel-6.8.1.jar
May 31 10:20:20 ipa002.test.openqa.fedoraproject.org server[4859]:         at java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)
....

and can be fixed with a patch such as:

--- conf/catalina.properties.orig   2024-05-31 19:45:43.846548383 -0400
+++ conf/catalina.properties    2024-05-31 19:46:22.194548383 -0400
@@ -139,7 +139,7 @@ junit.jar,junit-*.jar,hamcrest-*.jar,eas
 objenesis-*.jar,ant-launcher.jar,\
 cobertura-*.jar,asm-*.jar,dom4j-*.jar,icu4j-*.jar,jaxen-*.jar,jdom-*.jar,\
 jetty-*.jar,oro-*.jar,servlet-api-*.jar,tagsoup-*.jar,xmlParserAPIs-*.jar,\
-xom-*.jar
+xom-*.jar,bcel*.jar,commons-compress*.jar,jakartaee-migration-*.jar

 \# Default list of JAR files that should be scanned that overrides the default
 \# jarsToSkip list above. This is typically used to include a specific JAR that

Note: this is not a complete list and will probably need others.

  1. Tomcat 10.1 supports jakartaee instead of javaee, so there's failures such as:
May 31 10:20:22 ipa002.test.openqa.fedoraproject.org server[4859]: SEVERE: Begin event threw exception
May 31 10:20:22 ipa002.test.openqa.fedoraproject.org server[4859]: java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletResponse
May 31 10:20:22 ipa002.test.openqa.fedoraproject.org server[4859]:         at java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
....
  1. The last item that I noticed are issues with tomcatjss and the API changes in tomcat 10:
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]: SEVERE: Error reading request, ignored
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]: java.lang.AbstractMethodError: Receiver class org.dogtagpki.jss.tomcat.JSSImplementation does not define or inherit an implementation of the resolved method 'abstract org.apache.tomcat.util.net.SSLSupport getSSLSupport(javax.net.ssl.SSLSession, java.util.Map)' of abstract class org.apache.tomcat.util.net.SSLImplementation.
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]:         at org.dogtagpki.jss.tomcat.JSSSecureNioChannel.getSSLSupport(JSSSecureNioChannel.java:327)
....
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]:         at java.base/java.lang.Thread.run(Thread.java:1583)
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]: SEVERE: Error running socket processor
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]: java.lang.NullPointerException: Cannot invoke "java.nio.ByteBuffer.limit(int)" because "this.byteBuffer" is null
May 31 10:20:23 ipa002.test.openqa.fedoraproject.org server[4859]:         at org.apache.coyote.http11.Http11InputBuffer.recycle(Http11InputBuffer.java:262)
....

@abbra
Copy link
Contributor

abbra commented Jul 3, 2024

This needs bumping a priority because it does fail in Fedora 40 after an upgrade, so this is not just a rawhide problem anymore.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@abbra @csutherl @tjaalton @edewata @ckelleyRH