Kevan Miller wrote:
On Dec 7, 2007, at 2:44 PM, Joe Bohn wrote:
I was just looking into updating Tomcat for the Geronimo 2.1 release
with an eye toward getting a fix integrated for the Webdav servlet
security issue.
There are 3 possible approaches:
1) Apply the Webdav patch to the 6.0.13 image with the annotation
changes and one other minor change (basically our current
6.0.13_G543818 build plus the WebDav fix). Check this into our
private repository in trunk.
2) Checkout 6.0.14, apply the Webdav patch and annotation changes.
Check this into our private repository in trunk.
3) Checkout tomcat trunk (6.0.x) which already includes the Webdav
patch but not the annotation changes. Apply the annotation changes
for our private build and check it into our repository in trunk.
I personally think #2 is probably best although it might expose some
other issues in tomcat. We could always fall back to #1 if necessary.
There was an attempt made at a tomcat 6.0.15 a few weeks back but it
failed due to some context and tck issues ... hence my reservations
with 6.0.x since it probably has those same issues.
OK. Good, I think, to upgrade to 6.0.14. So, I like your plan # 2.
I just checked in this upgrade in
http://svn.apache.org/viewvc?rev=603398&view=rev
I hope it works (some quick testing looks promising).
After digging into this now for tomcat 6.0.14 I can safely say that we
really need to come up with a better way. IMO we need to get Tomcat to
integrate these annotation changes soon or revert back to using the
native Tomcat mechanisms to support annotations. At the moment Tomcat
still has the annotation changes sitting in their sandbox and the code
in their new trunk is drifting.
Here are steps that I followed to create the patch to save the manual
changes that were necessary so that we can recreate the tomcat image. I
checked these directions in as
repository/org/apache/tomcat/6.0.14-G602188.README.TXT
Private Build of Tomcat for Geronimo.
How to build Tomcat 6_0_14 with modifications for Geronimo:
Checkout tomcat 6.0.14
svn co
https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_14
tomcat_6_0_14
Apply the custom patch for Geronimo Annotation changes, Webdav fix, and
build fix.
cd tomcat_6_0_14
patch -p0 -u < tomcat_6_0_14-G602188.patch (checked in as a peer to
this file)
- Respond "y" to the 3 prompts "Reversed (or previously applied)
patch detected! Assume -R? [n]"
svn delete java/org/apache/jasper/runtime/AnnotationHelper.java --force
svn delete java/org/apache/AnnotationProcessor.java --force
svn delete
java/org/apache/catalina/util/DefaultAnnotationProcessor.java --force
Build tomcat
cd tomcat_6_0_14
Per tomcat build instructions install ant-1.6.5 or later and set
ANT_HOME as well as add ant/bin to PATH
You must run as the super user for the first build that downloads
more ant & eclipse artifacts
ant download - to setup build for tomcat
Exit super user
ant - to build tomcat artifacts
Copy to appropriate jars and rename into geronimo/repository
cd tomcat_6_0_14
cp /build/lib/catalina.jar
<geronimo-root>/repository/org/apache/tomcat/catalina/6.0.14-G602188/catalina-6.0.14-G602188.jar
cp /build/lib/jasper.jar
<geronimo-root>/repository/org/apache/tomcat/jasper/6.0.14-G602188/jasper-6.0.14-G602188.jar
How the patch was created:
Checkout tomcat 6.0.14
svn co
https://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_14
tomcat_6_0_14
Apply annotation changes from old tomcat trunk
cd tomcat_6_0_14
svn merge -r 542188:542189
https://svn.apache.org/repos/asf/tomcat/sandbox/gdev6x/ .
manually correct merge conflicts
Apply the Webdav security fix from the new tomcat trunk
svn merge -r 587081:587082
https://svn.apache.org/repos/asf/tomcat/trunk/ .
manually correct merge conflicts
Fix the tomcat build properties before attempting "ant download"
- Before you can build tomcat you need to make some manual changes to
build.properties.default
- replace jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.2.3.v_686_R32x.jar
with jdt.jar=${jdt.lib}/org.eclipse.jdt.core_3.3.1.v_780_R33x.jar
and
- replace
jdt.loc=http://sunsite.informatik.rwth-aachen.de/eclipse/downloads/drops/R-3.2.2-200702121330/eclipse-JDT-3.2.2.zip
with
jdt.loc=http://www.eclipse.org/downloads/download.php?file=/eclipse/downloads/drops/R-3.3.1-200709211145/eclipse-JDT-3.3.1.zip
The merge earlier keeps a history on added parts. As a result, the
added parts will not appear on patch created from this image. To correct
this we must revert the addition changes and manually add the parts
back. Perform the following commands:
svn revert java/org/apache/InstanceManager.java
svn add java/org/apache/InstanceManager.java
svn revert java/org/apache/jasper/runtime/InstanceManagerFactory.java
snv add java/org/apache/jasper/runtime/InstanceManagerFactory.java
svn revert java/org/apache/catalina/deploy/InjectionTarget.java
snv add java/org/apache/catalina/deploy/InjectionTarget.java
Create the patch:
svn diff > TOMCAT_6_0_14-G602188.patch
