From 8bb532a6f785d696d5ae3375e7d27fb97bcb2851 Mon Sep 17 00:00:00 2001
From: "build@metaventis.com" <build@metaventis.com>
Date: Tue, 28 Nov 2023 03:18:06 +0000
Subject: [PATCH 1/2] Bump SDK

---
 .../compose/src/main/scripts/.env.sample      | 15 ++++++--
 .../src/main/build/assets/entrypoint.sh       | 35 ++++++++++++-------
 .../src/main/compose/1_repository-common.yml  |  3 ++
 .../src/main/chart/templates/statefulset.yaml |  3 --
 .../src/main/build/assets/entrypoint.sh       |  3 +-
 5 files changed, 40 insertions(+), 19 deletions(-)

diff --git a/deploy/docker/compose/src/main/scripts/.env.sample b/deploy/docker/compose/src/main/scripts/.env.sample
index a585319b..9e53283c 100644
--- a/deploy/docker/compose/src/main/scripts/.env.sample
+++ b/deploy/docker/compose/src/main/scripts/.env.sample
@@ -114,15 +114,24 @@
 # --- relative login path from external authentication service
 # REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGIN=/shibboleth
 
-# --- relative logout path from external authentication service
-# REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGOUT=/logout
-
 # --- absolut path from external authentication provider
 # REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL=
 
 # --- relative logout path from external authentication target provider
 # REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL=
 
+# --- relative logout path from external authentication service
+# REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGOUT=/Shibboleth.sso/Logout
+
+# --- should edu-sharing destroy it's session or does this the idp for us
+# REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION=false
+
+# --- should edu-sharing redirected us to a page after the logout?
+# REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT=false
+
+# --- the url to redirect to if redirect is true
+# REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL=
+
 # --- guest user name
 # REPOSITORY_SERVICE_GUEST_USER=
 
diff --git a/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh b/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh
index f63f2799..7a03a794 100755
--- a/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh
+++ b/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh
@@ -26,7 +26,12 @@ my_home_appid="${REPOSITORY_SERVICE_HOME_APPID:-local}"
 my_home_auth="${REPOSITORY_SERVICE_HOME_AUTH:-}"
 my_home_auth_external="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL:-false}"
 my_home_auth_external_login="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN:-$my_path_external/shibboleth}"
-my_home_auth_external_logout="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT:-}"
+
+my_home_auth_external_logout="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT:-/Shibboleth.sso/Logout}"
+my_home_auth_external_logout_destroy_session="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION:-"false"}"
+my_home_auth_external_logout_redirect="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT:-"false"}"
+my_home_auth_external_logout_redirect_url="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL:-$my_base_external}"
+
 my_home_auth_external_login_providers_url="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL:-}"
 my_home_auth_external_login_provider_target_url="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL:-}"
 my_home_provider="${REPOSITORY_SERVICE_HOME_PROVIDER:-}"
@@ -453,19 +458,25 @@ xmlstarlet ed -L \
           -s '/config/values' -t elem -n 'loginProviderTargetUrl' -v '' \
           -d '/config/values/loginProviderTargetUrl[position() != 1]' \
     			-u '/config/values/loginProviderTargetUrl' -v "${my_home_auth_external_login_provider_target_url}" \
+    			-s '/config/values' -t elem -n 'logout' -v '' \
+          -d '/config/values/logout[position() != 1]' \
+          -s '/config/values/logout' -t elem -n 'url' -v '' \
+          -d '/config/values/logout/url[position() != 1]' \
+          -u '/config/values/logout/url' -v "${my_home_auth_external_logout}" \
+          -s '/config/values/logout' -t elem -n 'destroySession' -v '' \
+          -d '/config/values/logout/destroySession[position() != 1]' \
+          -u '/config/values/logout/destroySession' -v "${my_home_auth_external_logout_destroy_session}" \
           ${eduCConf}
 
-          if [[ -n "${my_home_auth_external_logout}" ]] ; then
-             xmlstarlet ed -L \
-                  -s '/config/values' -t elem -n 'logout' -v '' \
-                  -d '/config/values/logout[position() != 1]' \
-                  -s '/config/values/logout' -t elem -n 'url' -v '' \
-                  -d '/config/values/logout/url[position() != 1]' \
-                  -u '/config/values/logout/url' -v "${my_home_auth_external_logout}" \
-                  -s '/config/values/logout' -t elem -n 'destroySession' -v '' \
-                  -d '/config/values/logout/destroySession[position() != 1]' \
-                  -u '/config/values/logout/destroySession' -v 'false' \
-                  ${eduCConf}
+          if [[ "${my_home_auth_external_logout_redirect}" == "true" ]] ; then
+            xmlstarlet ed -L \
+              -s '/config/values/logout' -t elem -n 'ajax' -v '' \
+              -d '/config/values/logout/ajax[position() != 1]' \
+              -u '/config/values/logout/ajax' -v 'true' \
+              -s '/config/values/logout' -t elem -n 'next' -v '' \
+              -d '/config/values/logout/next[position() != 1]' \
+              -u '/config/values/logout/next' -v "${my_home_auth_external_logout_redirect_url}" \
+              ${eduCConf}
           fi
   else
 		sed -i -r 's|<!--\s*SAML||g' tomcat/webapps/edu-sharing/WEB-INF/web.xml
diff --git a/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml b/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml
index 7dd100b8..e172c67b 100644
--- a/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml
+++ b/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml
@@ -82,6 +82,9 @@ services:
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL: "${REPOSITORY_SERVICE_AUTH_EXTERNAL:-false}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN: "${REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGIN:-}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT: "${REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGOUT:-}"
+      REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION:-false}"
+      REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT:-}"
+      REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL:-}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL:-}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL:-}"
       REPOSITORY_SERVICE_HOME_PROVIDER: "${REPOSITORY_SERVICE_PROVIDER:-}"
diff --git a/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml b/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml
index 732e3abf..177e1fa7 100644
--- a/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml
+++ b/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml
@@ -232,9 +232,6 @@ spec:
       - name: {{ include "edusharing_repository_search_solr4.name" $ }}
         image: {{ include "edusharing_repository_search_solr4.image" $ }}{{ $.Values.image.prefix }}-deploy-docker-repository-build-search-solr4:{{ $.Values.image.tag }}
         imagePullPolicy: {{ $.Values.global.image.pullPolicy }}
-        {{- if default $.Values.global.debug $.Values.debug }}
-        args: [ "catalina.sh", "jpda", "run" ]
-        {{- end }}
         env:
         - name: REPOSITORY_SEARCH_SOLR4_CONFIG
           value: | {{ .spec.config.override.application.common | nindent 12 }}
diff --git a/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh b/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh
index e992e221..adb3eb2a 100755
--- a/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh
+++ b/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh
@@ -4,7 +4,8 @@ set -eu
 
 ########################################################################################################################
 
-$(chmod -R g+w "$RS_CACHE/config" "$RS_CACHE/data") || echo "set group permission for shared volumes skipped."
+$(chmod -R g+w "$RS_CACHE/config") || echo "set group permission for $RS_CACHE/config."
+$(chmod    g+w "$RS_CACHE/data"  ) || echo "set group permission for $RS_CACHE/data."
 
 ########################################################################################################################
 

From b8c039b726bc4715a7db647eaf288c774eba44ef Mon Sep 17 00:00:00 2001
From: Sebastian Wollner <wollner@edu-sharing.net>
Date: Tue, 28 Nov 2023 18:03:47 +0000
Subject: [PATCH 2/2] Update SDK to 8.1.0

---
 .../compose/src/main/scripts/.env.sample      | 15 ++------
 .../src/main/build/assets/entrypoint.sh       | 35 +++++++------------
 .../src/main/compose/1_repository-common.yml  |  3 --
 .../src/main/chart/templates/statefulset.yaml |  3 ++
 .../src/main/build/assets/entrypoint.sh       |  3 +-
 5 files changed, 19 insertions(+), 40 deletions(-)

diff --git a/deploy/docker/compose/src/main/scripts/.env.sample b/deploy/docker/compose/src/main/scripts/.env.sample
index 9e53283c..a585319b 100644
--- a/deploy/docker/compose/src/main/scripts/.env.sample
+++ b/deploy/docker/compose/src/main/scripts/.env.sample
@@ -114,24 +114,15 @@
 # --- relative login path from external authentication service
 # REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGIN=/shibboleth
 
+# --- relative logout path from external authentication service
+# REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGOUT=/logout
+
 # --- absolut path from external authentication provider
 # REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL=
 
 # --- relative logout path from external authentication target provider
 # REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL=
 
-# --- relative logout path from external authentication service
-# REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGOUT=/Shibboleth.sso/Logout
-
-# --- should edu-sharing destroy it's session or does this the idp for us
-# REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION=false
-
-# --- should edu-sharing redirected us to a page after the logout?
-# REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT=false
-
-# --- the url to redirect to if redirect is true
-# REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL=
-
 # --- guest user name
 # REPOSITORY_SERVICE_GUEST_USER=
 
diff --git a/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh b/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh
index 7a03a794..f63f2799 100755
--- a/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh
+++ b/deploy/docker/repository/build/service/src/main/build/assets/entrypoint.sh
@@ -26,12 +26,7 @@ my_home_appid="${REPOSITORY_SERVICE_HOME_APPID:-local}"
 my_home_auth="${REPOSITORY_SERVICE_HOME_AUTH:-}"
 my_home_auth_external="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL:-false}"
 my_home_auth_external_login="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN:-$my_path_external/shibboleth}"
-
-my_home_auth_external_logout="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT:-/Shibboleth.sso/Logout}"
-my_home_auth_external_logout_destroy_session="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION:-"false"}"
-my_home_auth_external_logout_redirect="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT:-"false"}"
-my_home_auth_external_logout_redirect_url="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL:-$my_base_external}"
-
+my_home_auth_external_logout="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT:-}"
 my_home_auth_external_login_providers_url="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL:-}"
 my_home_auth_external_login_provider_target_url="${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL:-}"
 my_home_provider="${REPOSITORY_SERVICE_HOME_PROVIDER:-}"
@@ -458,25 +453,19 @@ xmlstarlet ed -L \
           -s '/config/values' -t elem -n 'loginProviderTargetUrl' -v '' \
           -d '/config/values/loginProviderTargetUrl[position() != 1]' \
     			-u '/config/values/loginProviderTargetUrl' -v "${my_home_auth_external_login_provider_target_url}" \
-    			-s '/config/values' -t elem -n 'logout' -v '' \
-          -d '/config/values/logout[position() != 1]' \
-          -s '/config/values/logout' -t elem -n 'url' -v '' \
-          -d '/config/values/logout/url[position() != 1]' \
-          -u '/config/values/logout/url' -v "${my_home_auth_external_logout}" \
-          -s '/config/values/logout' -t elem -n 'destroySession' -v '' \
-          -d '/config/values/logout/destroySession[position() != 1]' \
-          -u '/config/values/logout/destroySession' -v "${my_home_auth_external_logout_destroy_session}" \
           ${eduCConf}
 
-          if [[ "${my_home_auth_external_logout_redirect}" == "true" ]] ; then
-            xmlstarlet ed -L \
-              -s '/config/values/logout' -t elem -n 'ajax' -v '' \
-              -d '/config/values/logout/ajax[position() != 1]' \
-              -u '/config/values/logout/ajax' -v 'true' \
-              -s '/config/values/logout' -t elem -n 'next' -v '' \
-              -d '/config/values/logout/next[position() != 1]' \
-              -u '/config/values/logout/next' -v "${my_home_auth_external_logout_redirect_url}" \
-              ${eduCConf}
+          if [[ -n "${my_home_auth_external_logout}" ]] ; then
+             xmlstarlet ed -L \
+                  -s '/config/values' -t elem -n 'logout' -v '' \
+                  -d '/config/values/logout[position() != 1]' \
+                  -s '/config/values/logout' -t elem -n 'url' -v '' \
+                  -d '/config/values/logout/url[position() != 1]' \
+                  -u '/config/values/logout/url' -v "${my_home_auth_external_logout}" \
+                  -s '/config/values/logout' -t elem -n 'destroySession' -v '' \
+                  -d '/config/values/logout/destroySession[position() != 1]' \
+                  -u '/config/values/logout/destroySession' -v 'false' \
+                  ${eduCConf}
           fi
   else
 		sed -i -r 's|<!--\s*SAML||g' tomcat/webapps/edu-sharing/WEB-INF/web.xml
diff --git a/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml b/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml
index e172c67b..7dd100b8 100644
--- a/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml
+++ b/deploy/docker/repository/compose/src/main/compose/1_repository-common.yml
@@ -82,9 +82,6 @@ services:
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL: "${REPOSITORY_SERVICE_AUTH_EXTERNAL:-false}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN: "${REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGIN:-}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT: "${REPOSITORY_SERVICE_AUTH_EXTERNAL_LOGOUT:-}"
-      REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_DESTROY_SESSION:-false}"
-      REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT:-}"
-      REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGOUT_REDIRECT_URL:-}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDERS_URL:-}"
       REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL: "${REPOSITORY_SERVICE_HOME_AUTH_EXTERNAL_LOGIN_PROVIDER_TARGET_URL:-}"
       REPOSITORY_SERVICE_HOME_PROVIDER: "${REPOSITORY_SERVICE_PROVIDER:-}"
diff --git a/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml b/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml
index 177e1fa7..732e3abf 100644
--- a/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml
+++ b/deploy/docker/repository/helm/solr4/src/main/chart/templates/statefulset.yaml
@@ -232,6 +232,9 @@ spec:
       - name: {{ include "edusharing_repository_search_solr4.name" $ }}
         image: {{ include "edusharing_repository_search_solr4.image" $ }}{{ $.Values.image.prefix }}-deploy-docker-repository-build-search-solr4:{{ $.Values.image.tag }}
         imagePullPolicy: {{ $.Values.global.image.pullPolicy }}
+        {{- if default $.Values.global.debug $.Values.debug }}
+        args: [ "catalina.sh", "jpda", "run" ]
+        {{- end }}
         env:
         - name: REPOSITORY_SEARCH_SOLR4_CONFIG
           value: | {{ .spec.config.override.application.common | nindent 12 }}
diff --git a/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh b/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh
index adb3eb2a..e992e221 100755
--- a/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh
+++ b/deploy/docker/services/rendering/build/service/src/main/build/assets/entrypoint.sh
@@ -4,8 +4,7 @@ set -eu
 
 ########################################################################################################################
 
-$(chmod -R g+w "$RS_CACHE/config") || echo "set group permission for $RS_CACHE/config."
-$(chmod    g+w "$RS_CACHE/data"  ) || echo "set group permission for $RS_CACHE/data."
+$(chmod -R g+w "$RS_CACHE/config" "$RS_CACHE/data") || echo "set group permission for shared volumes skipped."
 
 ########################################################################################################################