net/keycloak: update to 23.0.6

- Update to 23.0.6
- Add keycloak user and group
- Add pkg-message
- Add support for development(start-dev) and production (start) mode at rc script
- Export JAVA_HOME from rc script
- Add keycloak build function into rc script

PR:		275658 276859
Approved by:	maintainer timeout (2 weeks)

GIDs

@@ -272,7 +272,7 @@ galene:*:328:
 certspotter:*:329:
 orthanc:*:330:
 svxlink:*:331:
-# free: 332
+keycloak:*:332:
 # free: 333
 honeytrap:*:333:
 # free: 335

UIDs

@@ -277,7 +277,7 @@ galene:*:328:328::0:0:Galene Visioconference server:/nonexistent:/usr/sbin/nolog
 certspotter:*:329:329::0:0:Cert Spotter user:/nonexistent:/usr/sbin/nologin
 orthanc:*:330:330::0:0:Orthanc Daemon:/nonexistent:/usr/sbin/nologin
 svxlink:*:331:331::0:0:svxlink server:/nonexistent:/usr/sbin/nologin
-# free: 332
+keycloak:*:332:332::0:0:keycloak server:/nonexistent:/usr/sbin/nologin
 honeytrap:*:333:333::0:0:HoneyTrap Daemon:/nonexistent:/usr/sbin/nologin
 # free: 334
 # free: 335

net/keycloak/Makefile

@@ -1,5 +1,5 @@
 PORTNAME=	keycloak
-PORTVERSION=	23.0.5
+DISTVERSION=	23.0.6
 CATEGORIES=	net java
 MASTER_SITES=	https://github.com/${PORTNAME}/${PORTNAME}/releases/download/${PORTVERSION}/
 
@@ -28,8 +28,10 @@ JAVA_RUN=	yes
 
 USE_RC_SUBR=	keycloak
 
-USER=		www
+KEYCLOAK_USER=	${PORTNAME}
-GROUP=		www
+KEYCLOAK_GROUP=	${PORTNAME}
+USERS=		${KEYCLOAK_USER}
+GROUPS=		${USERS}
 
 VAR_DIR?=	/var
 LOG_DIR?=	${VAR_DIR}/log/${PORTNAME}
@@ -38,13 +40,18 @@ RUN_DIR?=	${VAR_DIR}/run/${PORTNAME}
 NO_ARCH=	yes
 NO_BUILD=	yes
 
-SUB_LIST+=	GROUP=${GROUP} \
+SUB_FILES+=	pkg-message
+SUB_LIST+=	GROUP=${KEYCLOAK_GROUP} \
 		JAVA=${JAVA} \
+		JAVA_HOME=${JAVA_HOME} \
 		LOG_DIR=${LOG_DIR} \
 		PORTNAME=${PORTNAME} \
 		RUN_DIR=${RUN_DIR} \
-		USER=${USER}
+		USER=${KEYCLOAK_USER} \
-PLIST_SUB=	VERSION=${DISTVERSION}
+		GROUP=${KEYCLOAK_GROUP}
+PLIST_SUB=	VERSION=${DISTVERSION} \
+		USER=${KEYCLOAK_USER} \
+		GROUP=${KEYCLOAK_GROUP}
 
 OPTIONS_DEFINE=	DOCS EXAMPLES
 

net/keycloak/distinfo

@@ -1,3 +1,3 @@
-TIMESTAMP = 1706519411
+TIMESTAMP = 1706915975
-SHA256 (keycloak-23.0.5.tar.gz) = 576990e486f1a3f0d4bce8f3c7c22fee5699d17e03794c8653cc5d36287adac1
+SHA256 (keycloak-23.0.6.tar.gz) = 0a335248f44ba4c9aa2460082b3d00237900e3f0f4f910daab79d3fd401d0cb6
-SIZE (keycloak-23.0.5.tar.gz) = 177864638
+SIZE (keycloak-23.0.6.tar.gz) = 177876996

net/keycloak/files/keycloak.in

@@ -14,6 +14,7 @@
 # %%PORTNAME%%_user (string):         User account to run with.
 #                                 Default: www
 # %%PORTNAME%%_flags (string):        Additional flags for the startup script.
+#                                 Default: start
 #
 
 . /etc/rc.subr
@@ -27,7 +28,8 @@ load_rc_config $name
 : ${%%PORTNAME%%_enable:=NO}
 : ${%%PORTNAME%%_user:=%%USER%%}
 : ${%%PORTNAME%%_group:=%%GROUP%%}
-: ${%%PORTNAME%%_flags:=""}
+: ${%%PORTNAME%%_flags="start"}
+: ${%%PORTNAME%%_java_home="%%JAVA_HOME%%"}
 
 pidfile=%%RUN_DIR%%/%%PORTNAME%%.pid
 command=/usr/sbin/daemon
@@ -35,6 +37,9 @@ command_args="-u ${%%PORTNAME%%_user} -o %%LOG_DIR%%/%%PORTNAME%%.out -t %%PORTN
 
 start_cmd="%%PORTNAME%%_start"
 stop_cmd="%%PORTNAME%%_stop"
+build_cmd="%%PORTNAME%%_build"
+
+export JAVA_HOME=${%%PORTNAME%%_java_home}
 
 %%PORTNAME%%_start()
 {
@@ -49,7 +54,7 @@ stop_cmd="%%PORTNAME%%_stop"
 
 	echo "Starting %%PORTNAME%%."
         ${command} ${command_args} \
-                %%JAVASHAREDIR%%/%%PORTNAME%%/bin/kc.sh start \
+                %%JAVASHAREDIR%%/%%PORTNAME%%/bin/kc.sh \
                 ${%%PORTNAME%%_flags}
 }
 
@@ -73,4 +78,10 @@ stop_cmd="%%PORTNAME%%_stop"
     wait_for_pids ${pid_daemon} ${pid_child}
 }
 
+%%PORTNAME%%_build()
+{
+    su -m keycloak -c "%%JAVASHAREDIR%%/%%PORTNAME%%/bin/kc.sh build"
+}
+
+extra_commands="build"
 run_rc_command "$1"

net/keycloak/files/pkg-message.in

@@ -0,0 +1,58 @@
+[
+{ type: install
+  message: <<EOM
+Keycloak was installed
+
+1) Configuration files are located at %%JAVASHAREDIR%%/%%PORTNAME%%/conf
+2) keycloak start in production mode by default. https is mandatory in this
+   mode. You must generate some certificate files.
+
+   # cd %%JAVASHAREDIR%%/%%PORTNAME%%/conf
+   # openssl req -newkey rsa:2048 -nodes -keyout server.key.pem -x509 \
+     -days 3650 -out server.crt.pem
+   # chmod 640 server.crt.pem server.key.pem
+   # chown %%USER%%:%%GROUP%% server.crt.pem server.key.pem
+
+   Do not forget set certificate paths into keycloak.conf
+
+3) If you want start keycloak on develpment mode (http), you can change
+   it the following way:
+
+   # sysrc keycloak_flags=start-dev
+
+4) Also you can use mysql or postgresql backend for store keycloak data. Take a
+   look at db, db-username, db-password and db-url options into keycloak.conf
+   file.
+
+5) Enable keycloak service
+
+   # service keycloak enable
+
+6) Sometimes you will need run a keycloak build when you change some settings
+   into config file or when you pass from development mode to production mode.
+   Try the following if you need it:
+
+   # service keycloak build
+
+7) Start keycloak service
+
+   # service keycloak start
+
+8) Development mode listen on 8080 port and production mode listen on 8443 port
+   by default. Depending of your own configuration, the administration console
+   can be accesing from a web browser from localhost first time:
+
+   http://localhost:8080
+
+   or if you are using production mode
+
+   https://ip_or_hostname:8443
+
+9) For more information about keycloak configuration, visit:
+
+   https://www.keycloak.org/documentation
+
+10) Enjoy it
+EOM
+}
+]

net/keycloak/pkg-plist

@@ -399,14 +399,16 @@ bin/kcreg
 %%JAVASHAREDIR%%/keycloak/lib/quarkus-run.jar
 %%JAVASHAREDIR%%/keycloak/providers/README.md
 %%JAVASHAREDIR%%/keycloak/themes/README.md
-@owner www
+@owner %%USER%%
-@group www
+@group %%GROUP%%
+@mode 640
 %%JAVASHAREDIR%%/keycloak/lib/quarkus/generated-bytecode.jar
 %%JAVASHAREDIR%%/keycloak/lib/quarkus/quarkus-application.dat
 %%JAVASHAREDIR%%/keycloak/lib/quarkus/transformed-bytecode.jar
 @sample %%JAVASHAREDIR%%/keycloak/conf/cache-ispn.xml.sample
 @sample %%JAVASHAREDIR%%/keycloak/conf/keycloak.conf.sample
 @sample %%JAVASHAREDIR%%/keycloak/lib/quarkus/build-system.properties.sample
+@mode 750
 @dir %%JAVASHAREDIR%%/keycloak/lib/quarkus
 @dir %%JAVASHAREDIR%%/keycloak/data
 @dir /var/log/keycloak