Fixes for bugs # 174498, 175393, 176097, 176701, & 176796

(Portage version: 2.1.2.7)
author: William Thomson <wltjr@gentoo.org> 2007-05-15 04:37:21 +0000
committer: William Thomson <wltjr@gentoo.org> 2007-05-15 04:37:21 +0000
commit: 80031bd30166ed9976ac6612da509211e115ce5e (patch)
tree: 0e577fdb04e1216fc7ef5718488d3cd8f0e65f71 /www-servers/tomcat
parent: Stable for HPPA (bug #178359). (diff)
download: gentoo-2-80031bd30166ed9976ac6612da509211e115ce5e.tar.gz
gentoo-2-80031bd30166ed9976ac6612da509211e115ce5e.tar.bz2
gentoo-2-80031bd30166ed9976ac6612da509211e115ce5e.zip
11 files changed, 974 insertions, 20 deletions
diff --git a/www-servers/tomcat/ChangeLog b/www-servers/tomcat/ChangeLog
index f9bb2b376178..17eadf0a2bd0 100644
--- a/www-servers/tomcat/ChangeLog
+++ b/www-servers/tomcat/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for www-servers/tomcat
 # Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/ChangeLog,v 1.137 2007/04/29 13:06:31 betelgeuse Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/ChangeLog,v 1.138 2007/05/15 04:37:21 wltjr Exp $
+
+*tomcat-6.0.10-r5 (09 May 2007)
+*tomcat-5.5.23-r2 (09 May 2007)
+
+  09 May 2007; William L. Thomson Jr. <wltjr@gentoo.org>
+  +files/5.5/tomcat.init.2, files/6/tomcat.conf, +files/5.5/tomcat.conf.2,
+  files/6/tomcat.init, +tomcat-5.5.23-r2.ebuild, -tomcat-6.0.10-r4.ebuild,
+  +tomcat-6.0.10-r5.ebuild:
+  Fixes for bugs # 174498, 175393, 176097, 176701, & 176796
 
   29 Apr 2007; Petteri Räty <betelgeuse@gentoo.org>
   tomcat-5.5.23-r1.ebuild:
diff --git a/www-servers/tomcat/files/5.5/catalina.policy b/www-servers/tomcat/files/5.5/catalina.policy
new file mode 100644
index 000000000000..8392623ae4ab
--- /dev/null
+++ b/www-servers/tomcat/files/5.5/catalina.policy
@@ -0,0 +1,261 @@
+// ============================================================================
+// catalina.corepolicy - Security Policy Permissions for Tomcat 5
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option.  In addition
+// to the permissions granted here, the following additional permissions are
+// granted to the codebase specific to each web application:
+//
+// * Read access to the document root directory
+//
+// $Id: catalina.policy,v 1.1 2007/05/15 04:37:21 wltjr Exp $
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the launcher code
+grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the commons-logging API
+grant codeBase "file:${catalina.home}/bin/commons-logging-api.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to JULI
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "common" directory
+grant codeBase "file:${catalina.home}/common/-" {
+        permission java.security.AllPermission;
+};
+
+grant codeBase "file:${catalina.home}/-" {
+        permission java.security.AllPermission;
+};
+// symlinks must be written separately (?)
+grant codeBase "file:${catalina.home}/common/lib/ant-bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/ant.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/ant-launcher.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/commons-collections.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/commons-dbcp.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/commons-el.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/commons-pool.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/jasper-compiler.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/jasper-runtime.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/jsp-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/naming-factory.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/naming-resources.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/servlet-api.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the container's core code, plus any additional
+// libraries installed in the "server" directory
+grant codeBase "file:${catalina.home}/server/-" {
+        permission java.security.AllPermission;
+};
+// symlinks must be written separately (?)
+grant codeBase "file:${catalina.home}/server/lib/catalina-ant.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/catalina-ant-jmx.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/catalina-cluster.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/catalina.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/catalina-optional.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/catalina-storeconfig.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/commons-beanutils.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/commons-digester.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/commons-modeler.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/servlets-default.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/servlets-invoker.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/servlets-webdav.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/tomcat-ajp.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/tomcat-apr.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/tomcat-coyote.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/tomcat-http.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/tomcat-jkstatus-ant.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/server/lib/tomcat-util.jar" {
+        permission java.security.AllPermission;
+};
+
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant { 
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+	permission java.util.PropertyPermission "java.specification.version", "read";
+	permission java.util.PropertyPermission "java.specification.vendor", "read";
+	permission java.util.PropertyPermission "java.specification.name", "read";
+
+	permission java.util.PropertyPermission "java.vm.specification.version", "read";
+	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+	permission java.util.PropertyPermission "java.vm.specification.name", "read";
+	permission java.util.PropertyPermission "java.vm.version", "read";
+	permission java.util.PropertyPermission "java.vm.vendor", "read";
+	permission java.util.PropertyPermission "java.vm.name", "read";
+
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
+
+	// Allow read of JAXP compliant XML parser debug
+	permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // Precompiled JSPs need access to this package.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+    
+};
+
+
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server.  You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.home}/webapps/examples/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+
diff --git a/www-servers/tomcat/files/5.5/tomcat.conf.2 b/www-servers/tomcat/files/5.5/tomcat.conf.2
new file mode 100644
index 000000000000..b1cb95d3bc37
--- /dev/null
+++ b/www-servers/tomcat/files/5.5/tomcat.conf.2
@@ -0,0 +1,77 @@
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/files/5.5/tomcat.conf.2,v 1.1 2007/05/15 04:37:21 wltjr Exp $
+
+# JVM Runtime
+# Using the default setting, it will determine your JVM from the system-vm
+# set using java-config.
+# See java-config(1) manual page for assistance in determining this value.
+#
+# You can override this value with whatever path you wish.  
+# Example: JAVA_HOME=/opt/sun-jdk-1.4.2.05
+
+JAVA_HOME=`java-config --jre-home`
+
+# (Optional) Java runtime options used when the "start", "stop", or "run"
+# commands are executed.
+# Example to set library path for tomcat-native
+# JAVA_OPTS="-Djava.library.path=/usr/lib"
+# JAVA_OPTS=""
+
+# Where your web applications are located
+CATALINA_HOME=/usr/share/tomcat-5.5/
+CATALINA_BASE=/var/lib/tomcat-5.5/
+
+# Tomcat's User/Group
+# Change these at your own risk!!! These are not supported so if it 
+# breaks something, you are on your own.
+CATALINA_USER=tomcat
+CATALINA_GROUP=tomcat
+
+# Location of the Tomcat JARs and classes
+CATALINA_LIBDIR=/usr/share/tomcat-5.5/server/lib/
+
+# The CLASSPATH for Tomcat to use, plus any others you need.
+CLASSPATH=${CATALINA_LIBDIR}
+
+# (Optional) Directory path location of temporary directory the JVM should 
+# use (java.io.tmpdir).  Defaults to $CATALINA_BASE/temp.
+CATALINA_TMPDIR="/var/tmp/tomcat-5.5/"
+
+# TOMCAT STARTUP/SHUTDOWN
+# 	debug             Start Catalina in a debugger
+# 	-security debug   Debug Catalina with a security manager
+# 	jpda start        Start Catalina under JPDA debugger
+# 	start             Start Catalina in a separate window
+# 	-security start   Start in a separate window with security manager
+# 	stop              Stop Catalina"
+#
+# NOTE: -security requires JSSE (see below)
+# NOTE: jpda requires JPDA (see below)
+TOMCAT_START="start"
+TOMCAT_STOP="stop"
+
+# (Optional) Java runtime options used when the "start", "stop", or "run" 
+# commands are executed.
+# CATALINA_OPTS=""
+
+# Java Platform Debugger Architecture (JPDA)
+# http://java.sun.com/products/jpda/
+# Included with Java SDK 1.3 and later.  No need to specify location.
+#
+#   JPDA_TRANSPORT  (Optional) JPDA transport used when the "jpda start"
+#                   command is executed. The default is "dt_socket".
+#
+#   JPDA_ADDRESS    (Optional) Java runtime options used when the "jpda start"
+#                   command is executed. The default is 8000.
+#
+# JPDA_TRANSPORT="dt_socket"
+# JPDA_ADDRESS="8000"
+
+# Java Secure Socket Extension (JSSE)
+# http://java.sun.com/products/jsse/
+# Included with Java SDK 1.4 and later.
+#
+#   JSSE_HOME       (Optional) May point at your Java Secure Sockets Extension
+#                   (JSSE) installation, whose JAR files will be added to the
+#                   system class path used to start Tomcat.
+#
+# JSSE_HOME="/opt/sun-jdk-1.4.1.02/jre/lib/"
diff --git a/www-servers/tomcat/files/5.5/tomcat.init.2 b/www-servers/tomcat/files/5.5/tomcat.init.2
new file mode 100755
index 000000000000..ea883b8aa090
--- /dev/null
+++ b/www-servers/tomcat/files/5.5/tomcat.init.2
@@ -0,0 +1,94 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/files/5.5/tomcat.init.2,v 1.1 2007/05/15 04:37:21 wltjr Exp $
+
+init_env_vars() {
+	# Set some sane defaults
+	if [ -z "${CATALINA_TMPDIR}" ] ; then
+		CATALINA_TMPDIR="${CATALINA_BASE}"/temp
+	fi
+	JPDA_TRANSPORT=${JPDA_TRANSPORT:="dt_socket"}
+	JPDA_ADDRESS=${JPDA_ADDRESS:="8000"}
+	JPDA_OPTS=${JPDA_OPTS="-Xdebug -Xrunjdwp:transport=${JPDA_TRANSPORT},address=${JPDA_ADDRESS},server=y,suspend=n"}
+
+	# Activate Logging
+	if [ -r "${CATALINA_HOME}"/bin/tomcat-juli.jar ]; then
+		JAVA_OPTS="${JAVA_OPTS} -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
+			-Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties"
+	fi
+
+	# Populate the classpath
+	CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/server/lib:${JAVA_HOME}/lib/tools.jar"
+	if [ -n "${JSSE_HOME}" ]; then
+		CLASSPATH="${CLASSPATH}:${JSSE_HOME}/lib/jcert.jar:${JSSE_HOME}/lib/jnet.jar:${JSSE_HOME}/lib/jsse.jar"
+	fi
+	CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar:${CATALINA_HOME}/bin/commons-logging-api.jar"
+
+	OPTS_CP="${JAVA_OPTS} ${CATALINA_OPTS} \
+			 -Djava.endorsed.dirs=${CATALINA_HOME}/common/endorsed \
+			 -classpath ${CLASSPATH}"
+
+	CATALINA_ARGS="-Dcatalina.base=${CATALINA_BASE} \
+			-Dcatalina.home=${CATALINA_HOME} \
+			-Djava.io.tmpdir=${CATALINA_TMPDIR} \
+			org.apache.catalina.startup.Bootstrap "
+
+	if [ ! -f "${CATALINA_BASE}logs/catalina.out" ]; then
+		touch "${CATALINA_BASE}logs/catalina.out"
+		chown tomcat:tomcat "${CATALINA_BASE}logs/catalina.out"
+	fi
+}
+
+start_helper() {
+	local executor=${1}
+	shift
+	local arguments="--start --quiet --background \
+		--chdir "${CATALINA_TMPDIR}" \
+		--chuid ${CATALINA_USER}:${CATALINA_GROUP} \
+		--make-pidfile --pidfile /var/run/tomcat-5.5.pid"
+	start-stop-daemon ${arguments} --exec ${executor} -- ${OPTS_CP} "$@" \
+		${CATALINA_ARGS} ${TOMCAT_START} >> "${CATALINA_BASE}"/logs/catalina.out 2>&1
+	return $?
+}
+
+depend() {
+	use dns logger net
+}
+
+start()	{
+	ebegin "Starting Tomcat"
+	init_env_vars
+	# Figure out what arguments to pass start_helper based on TOMCAT_START
+	if [ "${TOMCAT_START}" == "debug" ] ; then
+		start_helper ${JAVA_HOME}/bin/jdb \
+			-sourcepath ${CATALINA_HOME}/../../jakarta-tomcat-catalina/catalina/src/share
+	elif [ "${TOMCAT_START}" == "-security debug" ] ; then
+		start_helper ${JAVA_HOME}/bin/jdb \
+			-sourcepath ${CATALINA_HOME}/../../jakarta-tomcat-catalina/catalina/src/share \
+			-Djava.security.manager \
+			-Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy
+	elif [ "${TOMCAT_START}" == "jpda start" ] ; then
+		start_helper ${JAVA_HOME}/bin/java ${JPDA_OPTS}
+	elif [ "${TOMCAT_START}" == "start" ] ; then
+		start_helper ${JAVA_HOME}/bin/java
+	elif [ "${TOMCAT_START}" == "-security start" ] ; then
+		start_helper ${JAVA_HOME}/bin/java \
+			-Djava.security.manager \
+			-Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy
+	else
+		eerror "Invalid TOMCAT_START variable value, or one is not set"
+		eerror "Please see /etc/conf.d/tomcat-5.5 for more information"
+		eend 1
+	fi
+	eend $?
+}
+
+stop()	{
+	ebegin "Stopping Tomcat"
+	init_env_vars
+	start-stop-daemon --stop --quiet \
+	       	--make-pidfile --pidfile /var/run/tomcat-5.5.pid \
+			--exec ${JAVA_HOME}/bin/java -- ${OPTS_CP} ${CATALINA_ARGS} ${STD_OUT} stop
+	eend $?
+}
diff --git a/www-servers/tomcat/files/6/catalina.policy b/www-servers/tomcat/files/6/catalina.policy
new file mode 100644
index 000000000000..57bf1b133a0a
--- /dev/null
+++ b/www-servers/tomcat/files/6/catalina.policy
@@ -0,0 +1,163 @@
+// ============================================================================
+// catalina.corepolicy - Security Policy Permissions for Tomcat 6
+//
+// This file contains a default set of security policies to be enforced (by the
+// JVM) when Catalina is executed with the "-security" option.  In addition
+// to the permissions granted here, the following additional permissions are
+// granted to the codebase specific to each web application:
+//
+// * Read access to the document root directory
+//
+// $Id: catalina.policy,v 1.1 2007/05/15 04:37:21 wltjr Exp $
+// ============================================================================
+
+
+// ========== SYSTEM CODE PERMISSIONS =========================================
+
+
+// These permissions apply to javac
+grant codeBase "file:${java.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions
+grant codeBase "file:${java.home}/jre/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/../lib/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to all shared system extensions when
+// ${java.home} points at $JAVA_HOME/jre
+grant codeBase "file:${java.home}/lib/ext/-" {
+        permission java.security.AllPermission;
+};
+
+
+// ========== CATALINA CODE PERMISSIONS =======================================
+
+
+// These permissions apply to the daemon code
+grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the logging API
+grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the server startup code
+grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
+        permission java.security.AllPermission;
+};
+
+// These permissions apply to the servlet API classes
+// and those that are shared across all class loaders
+// located in the "lib" directory
+grant codeBase "file:${catalina.home}/lib/-" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/jsp-api.jar" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/common/lib/servlet-api.jar" {
+        permission java.security.AllPermission;
+};
+
+
+// ========== WEB APPLICATION PERMISSIONS =====================================
+
+
+grant codeBase "file:${catalina.home}/webapps/host-manager/-" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.home}/webapps/manager/-" {
+        permission java.security.AllPermission;
+};
+grant codeBase "file:${catalina.base}/webapps/ROOT/-" {
+        permission java.security.AllPermission;
+};
+
+// These permissions are granted by default to all web applications
+// In addition, a web application will be given a read FilePermission
+// and JndiPermission for all files and directories in its document root.
+grant { 
+    // Required for JNDI lookup of named JDBC DataSource's and
+    // javamail named MimePart DataSource used to send mail
+    permission java.util.PropertyPermission "java.home", "read";
+    permission java.util.PropertyPermission "java.naming.*", "read";
+    permission java.util.PropertyPermission "javax.sql.*", "read";
+
+    // OS Specific properties to allow read access
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+
+    // JVM properties to allow read access
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+	permission java.util.PropertyPermission "java.specification.version", "read";
+	permission java.util.PropertyPermission "java.specification.vendor", "read";
+	permission java.util.PropertyPermission "java.specification.name", "read";
+
+	permission java.util.PropertyPermission "java.vm.specification.version", "read";
+	permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
+	permission java.util.PropertyPermission "java.vm.specification.name", "read";
+	permission java.util.PropertyPermission "java.vm.version", "read";
+	permission java.util.PropertyPermission "java.vm.vendor", "read";
+	permission java.util.PropertyPermission "java.vm.name", "read";
+
+    // Required for OpenJMX
+    permission java.lang.RuntimePermission "getAttribute";
+
+	// Allow read of JAXP compliant XML parser debug
+	permission java.util.PropertyPermission "jaxp.debug", "read";
+
+    // Precompiled JSPs need access to this package.
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.apache.jasper.runtime.*";
+    
+};
+
+
+// You can assign additional permissions to particular web applications by
+// adding additional "grant" entries here, based on the code base for that
+// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
+//
+// Different permissions can be granted to JSP pages, classes loaded from
+// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
+// directory, or even to individual jar files in the /WEB-INF/lib/ directory.
+//
+// For instance, assume that the standard "examples" application
+// included a JDBC driver that needed to establish a network connection to the
+// corresponding database and used the scrape taglib to get the weather from
+// the NOAA web server.  You might create a "grant" entries like this:
+//
+// The permissions granted to the context root directory apply to JSP pages.
+// grant codeBase "file:${catalina.home}/webapps/examples/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+//
+// The permissions granted to the context WEB-INF/classes directory
+// grant codeBase "file:${catalina.home}/webapps/examples/WEB-INF/classes/-" {
+// };
+//
+// The permission granted to your JDBC driver
+// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/-" {
+//      permission java.net.SocketPermission "dbhost.mycompany.com:5432", "connect";
+// };
+// The permission granted to the scrape taglib
+// grant codeBase "jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/-" {
+//      permission java.net.SocketPermission "*.noaa.gov:80", "connect";
+// };
+
diff --git a/www-servers/tomcat/files/6/tomcat.conf b/www-servers/tomcat/files/6/tomcat.conf
index 7a56fce515bf..b3648894ab4e 100644
--- a/www-servers/tomcat/files/6/tomcat.conf
+++ b/www-servers/tomcat/files/6/tomcat.conf
@@ -1,4 +1,4 @@
-# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/files/6/tomcat.conf,v 1.2 2007/04/19 16:35:22 wltjr Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/files/6/tomcat.conf,v 1.3 2007/05/15 04:37:21 wltjr Exp $
 
 # JVM Runtime
 # Using the default setting, it will determine your JVM from the system-vm
@@ -12,6 +12,8 @@
 
 # (Optional) Java runtime options used when the "start", "stop", or "run"
 # commands are executed.
+# Example to set library path for tomcat-native
+# JAVA_OPTS="-Djava.library.path=/usr/lib"
 # JAVA_OPTS=""
 
 # Where your web applications are located
@@ -36,10 +38,10 @@ CATALINA_TMPDIR="/var/tmp/tomcat-6/"
 
 # TOMCAT STARTUP/SHUTDOWN
 # 	debug             Start Catalina in a debugger
-# 	debug -security   Debug Catalina with a security manager
+# 	-security debug   Debug Catalina with a security manager
 # 	jpda start        Start Catalina under JPDA debugger
 # 	start             Start Catalina in a separate window
-# 	start -security   Start in a separate window with security manager
+# 	-security start   Start in a separate window with security manager
 # 	stop              Stop Catalina"
 #
 # NOTE: -security requires JSSE (see below)
diff --git a/www-servers/tomcat/files/6/tomcat.init b/www-servers/tomcat/files/6/tomcat.init
index be49a38999e5..9b7ae58a0c81 100755
--- a/www-servers/tomcat/files/6/tomcat.init
+++ b/www-servers/tomcat/files/6/tomcat.init
@@ -1,7 +1,7 @@
 #!/sbin/runscript
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/files/6/tomcat.init,v 1.5 2007/04/19 16:35:22 wltjr Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/files/6/tomcat.init,v 1.6 2007/05/15 04:37:21 wltjr Exp $
 
 init_env_vars() {
 	# Populate JAVA_HOME
@@ -16,14 +16,14 @@ init_env_vars() {
 	JPDA_OPTS=${JPDA_OPTS="-Xdebug -Xrunjdwp:transport=${JPDA_TRANSPORT},address=${JPDA_ADDRESS},server=y,suspend=n"}
 
 	# Activate Logging
-	if [[ -r "${CATALINA_HOME}"/bin/tomcat-juli.jar ]]; then
+	if [ -r "${CATALINA_HOME}"/bin/tomcat-juli.jar ]; then
 		JAVA_OPTS="${JAVA_OPTS} -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
 			-Djava.util.logging.config.file=${CATALINA_BASE}/conf/logging.properties"
 	fi
 
 	# Populate the classpath
 	CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/lib:${JAVA_HOME}/lib/tools.jar"
-	if [[ -n "${JSSE_HOME}" ]]; then
+	if [ -n "${JSSE_HOME}" ]; then
 		CLASSPATH="${CLASSPATH}:${JSSE_HOME}/lib/jcert.jar:${JSSE_HOME}/lib/jnet.jar:${JSSE_HOME}/lib/jsse.jar"
 	fi
 	CLASSPATH="${CLASSPATH}:${CATALINA_HOME}/bin/bootstrap.jar:${CATALINA_HOME}/bin/tomcat-juli.jar"
@@ -31,9 +31,9 @@ init_env_vars() {
 	OPTS_CP="${JAVA_OPTS} ${CATALINA_OPTS} -classpath ${CLASSPATH}"
 
 	CATALINA_ARGS="-Dcatalina.base=${CATALINA_BASE} \
-				   -Dcatalina.home=${CATALINA_HOME} \
-				   -Djava.io.tmpdir=${CATALINA_TMPDIR} \
-				   org.apache.catalina.startup.Bootstrap "
+			-Dcatalina.home=${CATALINA_HOME} \
+			-Djava.io.tmpdir=${CATALINA_TMPDIR} \
+			org.apache.catalina.startup.Bootstrap "
 
 	if [ ! -f "${CATALINA_BASE}logs/catalina.out" ]; then
 		touch "${CATALINA_BASE}logs/catalina.out"
@@ -44,9 +44,12 @@ init_env_vars() {
 start_helper() {
 	local executor=${1}
 	shift
-	local arguments="--start --quiet --background --chuid ${CATALINA_USER}:${CATALINA_GROUP} \
-		--make-pidfile --pidfile /var/run/tomcat.pid"
-	start-stop-daemon ${arguments} --exec ${executor} -- ${OPTS_CP} "$@" ${CATALINA_ARGS} ${TOMCAT_START} >> "$CATALINA_BASE"/logs/catalina.out 2>&1
+	local arguments="--start --quiet --background \
+		--chdir "${CATALINA_TMPDIR}" \
+		--chuid ${CATALINA_USER}:${CATALINA_GROUP} \
+		--make-pidfile --pidfile /var/run/tomcat-6.pid"
+	start-stop-daemon ${arguments} --exec ${executor} -- ${OPTS_CP} "$@" \
+		${CATALINA_ARGS} ${TOMCAT_START} >> "${CATALINA_BASE}"/logs/catalina.out 2>&1
 	return $?
 }
 
@@ -58,19 +61,19 @@ start()	{
 	ebegin "Starting Tomcat"
 	init_env_vars
 	# Figure out what arguments to pass start_helper based on TOMCAT_START
-	if [[ "${TOMCAT_START}" == "debug" ]] ; then
+	if [ "${TOMCAT_START}" == "debug" ] ; then
 		start_helper ${JAVA_HOME}/bin/jdb \
 			-sourcepath ${CATALINA_HOME}/../../jakarta-tomcat-catalina/catalina/src/share
-	elif [[ "${TOMCAT_START}" == "debug -security" ]] ; then
+	elif [ "${TOMCAT_START}" == "-security debug" ] ; then
 		start_helper ${JAVA_HOME}/bin/jdb \
 			-sourcepath ${CATALINA_HOME}/../../jakarta-tomcat-catalina/catalina/src/share \
 			-Djava.security.manager \
 			-Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy
-	elif [[ "${TOMCAT_START}" == "jpda start" ]] ; then
+	elif [ "${TOMCAT_START}" == "jpda start" ] ; then
 		start_helper ${JAVA_HOME}/bin/java ${JPDA_OPTS}
-	elif [[ "${TOMCAT_START}" == "start" ]] ; then
+	elif [ "${TOMCAT_START}" == "start" ] ; then
 		start_helper ${JAVA_HOME}/bin/java
-	elif [[ "${TOMCAT_START}" == "start -security" ]] ; then
+	elif [ "${TOMCAT_START}" == "-security start" ] ; then
 		start_helper ${JAVA_HOME}/bin/java \
 			-Djava.security.manager \
 			-Djava.security.policy=${CATALINA_BASE}/conf/catalina.policy
@@ -86,7 +89,7 @@ stop()	{
 	ebegin "Stopping Tomcat"
 	init_env_vars
 	start-stop-daemon --stop --quiet \
-	       	--make-pidfile --pidfile /var/run/tomcat.pid \
+	       	--make-pidfile --pidfile /var/run/tomcat-6.pid \
 			--exec ${JAVA_HOME}/bin/java -- ${OPTS_CP} ${CATALINA_ARGS} stop ${STD_OUT}
 	eend $?
 }
diff --git a/www-servers/tomcat/files/digest-tomcat-5.5.23-r2 b/www-servers/tomcat/files/digest-tomcat-5.5.23-r2
new file mode 100644
index 000000000000..e0e59f68fbb2
--- /dev/null
+++ b/www-servers/tomcat/files/digest-tomcat-5.5.23-r2
@@ -0,0 +1,3 @@
+MD5 362d1d8b15dc09882440dcab8c592dd7 apache-tomcat-5.5.23-src.tar.gz 4895919
+RMD160 fe669f6b864fd7dcf4ad74dad22a0256e5417005 apache-tomcat-5.5.23-src.tar.gz 4895919
+SHA256 e2f7ce250643349507b511a5ea96df7364030a061a8f4d5b71d8b5a099e2b6bd apache-tomcat-5.5.23-src.tar.gz 4895919
diff --git a/www-servers/tomcat/files/digest-tomcat-6.0.10-r4 b/www-servers/tomcat/files/digest-tomcat-6.0.10-r5
index 3dd91cc642dc..3dd91cc642dc 100644
--- a/www-servers/tomcat/files/digest-tomcat-6.0.10-r4
+++ b/www-servers/tomcat/files/digest-tomcat-6.0.10-r5
diff --git a/www-servers/tomcat/tomcat-5.5.23-r2.ebuild b/www-servers/tomcat/tomcat-5.5.23-r2.ebuild
new file mode 100644
index 000000000000..c26176961751
--- /dev/null
+++ b/www-servers/tomcat/tomcat-5.5.23-r2.ebuild
@@ -0,0 +1,336 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/tomcat-5.5.23-r2.ebuild,v 1.1 2007/05/15 04:37:21 wltjr Exp $
+
+#WANT_ANT_TASKS="ant-trax"
+
+inherit eutils java-pkg-2 java-ant-2
+
+DESCRIPTION="Tomcat Servlet-2.4/JSP-2.0 Container"
+
+MY_P="apache-${P}-src"
+SLOT="5.5"
+SRC_URI="mirror://apache/${PN}/${PN}-5/v${PV}/src/${MY_P}.tar.gz"
+HOMEPAGE="http://tomcat.apache.org/"
+KEYWORDS="~amd64 -ppc -ppc64 ~x86 ~x86-fbsd"
+LICENSE="Apache-2.0"
+
+IUSE="admin java5 doc examples source test"
+
+RDEPEND="=dev-java/eclipse-ecj-3.2*
+	=dev-java/commons-beanutils-1.7*
+	>=dev-java/commons-collections-3.1
+	>=dev-java/commons-daemon-1.0.1
+	>=dev-java/commons-dbcp-1.2.1
+	>=dev-java/commons-digester-1.7
+	>=dev-java/commons-fileupload-1.1
+	=dev-java/commons-httpclient-2.0*
+	>=dev-java/commons-io-1.1
+	>=dev-java/commons-el-1.0
+	>=dev-java/commons-launcher-0.9
+	>=dev-java/commons-logging-1.0.4
+	>=dev-java/commons-modeler-2.0
+	>=dev-java/commons-pool-1.2
+	>=dev-java/junit-3.8.1
+	>=dev-java/log4j-1.2.9
+	>=dev-java/saxpath-1.0
+	~dev-java/tomcat-servlet-api-${PV}
+	dev-java/ant-core
+	admin? ( =dev-java/struts-1.2* )
+	dev-java/sun-javamail
+	java5? ( >=virtual/jre-1.5 )
+	!java5? (
+		=virtual/jre-1.4*
+		dev-java/sun-jaf
+		=dev-java/mx4j-core-3*
+		>=dev-java/xerces-2.7.1
+	   	=dev-java/xml-commons-external-1.3*
+	   )"
+DEPEND="java5? ( >=virtual/jdk-1.5 )
+	!java5? ( =virtual/jdk-1.4* )
+	${RDEPEND}"
+
+S=${WORKDIR}/${MY_P}
+
+TOMCAT_NAME="${PN}-${SLOT}"
+WEBAPPS_DIR="/var/lib/${TOMCAT_NAME}/webapps"
+
+pkg_setup() {
+	java-pkg-2_pkg_setup
+	# new user for tomcat
+	enewgroup tomcat
+	enewuser tomcat -1 -1 /dev/null tomcat
+
+	java-pkg_filter-compiler ecj-3.1  ecj-3.2
+}
+
+src_unpack() {
+	unpack ${A}
+	cd ${S}
+
+	local PATCHES="
+		main_build_xml.patch
+		tomcat_build_xml.patch
+		catalina_build_xml.patch
+		jasper_build_xml.patch
+	"
+	for patch in ${PATCHES}; do
+		epatch "${FILESDIR}/${SLOT}/${patch}"
+	done
+	if use examples; then
+		epatch "${FILESDIR}/${SLOT}/jsr152_examples_build_xml.patch"
+		epatch "${FILESDIR}/${SLOT}/jsr154_examples_build_xml.patch"
+	fi
+
+	rm -v "${S}"/connectors/jk/jkstatus/build/classes/org/apache/jk/status/*.class || die
+	rm -v "${S}"/connectors/jk/jkstatus/dist/*.jar || die
+
+	# avoid packed jars :-)
+	mkdir -p ${S}/build/build/common
+	cd ${S}/build/build
+
+	mkdir ./bin && cd ./bin
+	java-pkg_jar-from commons-logging commons-logging-api.jar
+	java-pkg_jar-from commons-daemon
+	if ! use java5; then
+		java-pkg_jar-from mx4j-core-3.0 mx4j.jar jmx.jar
+		java-pkg_jar-from mx4j-core-3.0 mx4j-rjmx.jar jmx-remote.jar
+		mkdir ${S}/build/build/common/endorsed && cd ${S}/build/build/common/endorsed
+		java-pkg_jar-from xml-commons-external-1.3 xml-apis.jar
+		java-pkg_jar-from xerces-2 xercesImpl.jar
+	fi
+
+	mkdir ${S}/build/build/common/lib && cd ${S}/build/build/common/lib
+	java-pkg_jar-from ant-core
+	java-pkg_jar-from commons-collections
+	java-pkg_jar-from commons-dbcp
+	java-pkg_jar-from commons-el
+	java-pkg_jar-from commons-pool
+	java-pkg_jar-from tomcat-servlet-api-2.4
+
+	mkdir -p ${S}/build/build/server/lib && cd ${S}/build/build/server/lib
+	java-pkg_jar-from commons-beanutils-1.7 commons-beanutils.jar
+	java-pkg_jar-from commons-digester
+	java-pkg_jar-from commons-modeler
+
+}
+
+src_compile(){
+	local antflags="-Dbase.path=${T}"
+
+	antflags="${antflags} -Dservletapi.build.notrequired=true"
+	antflags="${antflags} -Djspapi.build.notrequired=true"
+	antflags="${antflags} -Dcommons-beanutils.jar=$(java-pkg_getjar commons-beanutils-1.7 commons-beanutils.jar)"
+	antflags="${antflags} -Dcommons-collections.jar=$(java-pkg_getjars commons-collections)"
+	antflags="${antflags} -Dcommons-daemon.jar=$(java-pkg_getjars commons-daemon)"
+	antflags="${antflags} -Dcommons-digester.jar=$(java-pkg_getjars commons-digester)"
+	antflags="${antflags} -Dcommons-dbcp.jar=$(java-pkg_getjars commons-dbcp)"
+	antflags="${antflags} -Dcommons-el.jar=$(java-pkg_getjars commons-el)"
+	antflags="${antflags} -Dcommons-fileupload.jar=$(java-pkg_getjars commons-fileupload)"
+	antflags="${antflags} -Dcommons-httpclient.jar=$(java-pkg_getjars commons-httpclient)"
+	antflags="${antflags} -Dcommons-launcher.jar=$(java-pkg_getjars commons-launcher)"
+	antflags="${antflags} -Dcommons-logging.jar=$(java-pkg_getjar commons-logging commons-logging.jar)"
+	antflags="${antflags} -Dcommons-logging-api.jar=$(java-pkg_getjar commons-logging commons-logging-api.jar)"
+	antflags="${antflags} -Dcommons-pool.jar=$(java-pkg_getjars commons-pool)"
+	antflags="${antflags} -Dcommons-modeler.jar=$(java-pkg_getjars commons-modeler)"
+	antflags="${antflags} -Djdt.jar=$(java-pkg_getjar eclipse-ecj-3.2 ecj.jar)"
+	antflags="${antflags} -Djsp-api.jar=$(java-pkg_getjar tomcat-servlet-api-2.4 jsp-api.jar)"
+	antflags="${antflags} -Djunit.jar=$(java-pkg_getjars junit)"
+	antflags="${antflags} -Dlog4j.jar=$(java-pkg_getjars log4j)"
+	antflags="${antflags} -Dmail.jar=$(java-pkg_getjar sun-javamail mail.jar)"
+	antflags="${antflags} -Dsaxpath.jar=$(java-pkg_getjar saxpath saxpath.jar)"
+	antflags="${antflags} -Dservlet-api.jar=$(java-pkg_getjar tomcat-servlet-api-2.4 servlet-api.jar)"
+	if use admin; then
+		antflags="${antflags} -Dstruts.jar=$(java-pkg_getjar struts-1.2 struts.jar)"
+		antflags="${antflags} -Dstruts.home=/usr/share/struts"
+	else
+		antflags="${antflags} -Dadmin.build.notrequired=true"
+		antflags="${antflags} -Dadmin.precompile.notrequired=true"
+	fi
+	if ! use examples; then
+		antflags="${antflags} -Dexamples.build.notrequired=true"
+		antflags="${antflags} -Dexamples.precompile.notrequired=true"
+	fi
+	antflags="${antflags} -Djasper.home=${S}/jasper"
+	if ! use java5; then
+		antflags="${antflags} -Dactivation.jar=$(java-pkg_getjars sun-jaf)"
+		antflags="${antflags} -Djmx.jar=$(java-pkg_getjar mx4j-core-3.0 mx4j.jar)"
+		antflags="${antflags} -Djmx-remote.jar=$(java-pkg_getjar mx4j-core-3.0 mx4j-rjmx.jar)"
+		antflags="${antflags} -DxercesImpl.jar=$(java-pkg_getjar xerces-2 xercesImpl.jar)"
+		antflags="${antflags} -Dxml-apis.jar=$(java-pkg_getjar xml-commons-external-1.3 xml-apis.jar)"
+	fi
+
+	# prevent classpath bloat with ant-1.7.0 which makes admin app fail
+	ANT_TASKS="ant-trax" eant ${antflags}
+}
+
+src_install() {
+	cd ${S}/build/build
+
+	# init.d, conf.d
+	newinitd ${FILESDIR}/${SLOT}/tomcat.init.2 ${TOMCAT_NAME}
+	newconfd ${FILESDIR}/${SLOT}/tomcat.conf.2 ${TOMCAT_NAME}
+
+	# create dir structure
+	diropts -m755 -o tomcat -g tomcat
+	dodir /usr/share/${TOMCAT_NAME}
+	keepdir /var/log/${TOMCAT_NAME}/
+	keepdir /var/tmp/${TOMCAT_NAME}/
+	keepdir /var/run/${TOMCAT_NAME}/
+
+	local CATALINA_BASE=/var/lib/${TOMCAT_NAME}/
+	dodir   ${CATALINA_BASE}
+	keepdir ${CATALINA_BASE}/shared/lib
+	keepdir ${CATALINA_BASE}/shared/classes
+
+	keepdir /usr/share/${TOMCAT_NAME}/common/lib
+
+	dodir   /etc/${TOMCAT_NAME}
+	fperms  750 /etc/${TOMCAT_NAME}
+
+	diropts -m0755
+
+	# we don't need dos scripts
+	rm -f bin/*.bat
+
+	# copy the manager and admin context's to the right position
+	mkdir -p conf/Catalina/localhost
+	if use admin; then
+		cp ${S}/container/webapps/admin/admin.xml \
+			conf/Catalina/localhost
+	fi
+	cp ${S}/container/webapps/manager/manager.xml \
+		conf/Catalina/localhost
+
+	# make the jars available via java-pkg_getjar and jar-from, etc
+	base=$(pwd)
+	libdirs="common/lib server/lib"
+	for dir in ${libdirs}
+	do
+		cd ${dir}
+
+		for jar in *.jar;
+		do
+			# replace the file with a symlink
+			if [ ! -L ${jar} ]; then
+				java-pkg_dojar ${jar}
+				rm -f ${jar}
+				ln -s ${DESTTREE}/share/${TOMCAT_NAME}/lib/${jar} ${jar}
+			fi
+		done
+
+		cd ${base}
+	done
+
+	# replace a packed struts.jar
+	if use admin; then
+		cd server/webapps/admin/WEB-INF/lib
+		rm -f struts.jar
+		java-pkg_jar-from struts-1.2 struts.jar
+		cd ${base}
+	else
+		rm -fR server/webapps/admin
+	fi
+
+	cd server/webapps/manager/WEB-INF/lib
+	java-pkg_jar-from commons-fileupload
+	java-pkg_jar-from commons-io-1
+	cd ${base}
+
+	# replace the default pw with a random one, see #92281
+	local randpw=$(echo ${RANDOM}|md5sum|cut -c 1-15)
+	sed -e s:SHUTDOWN:${randpw}: -i conf/{server,server-minimal}.xml
+
+	# copy over the directories
+	chown -R tomcat:tomcat webapps/* conf/*
+	cp -pR conf/* ${D}/etc/${TOMCAT_NAME} || die "failed to copy conf"
+	cp -HR bin common server ${D}/usr/share/${TOMCAT_NAME} || die "failed to copy"
+
+	# replace catalina.policy with gentoo specific one bug #176701
+	cp ${FILESDIR}/${SLOT}/catalina.policy ${D}/etc/${TOMCAT_NAME} || die "failed to replace catalina.policy"
+
+	keepdir               ${WEBAPPS_DIR}
+	set_webapps_perms     ${D}/${WEBAPPS_DIR}
+
+	# Copy over webapps, some controlled by use flags
+	cp -p ../RELEASE-NOTES webapps/ROOT/RELEASE-NOTES.txt
+	cp -pr webapps/ROOT ${D}${CATALINA_BASE}/webapps
+	if use doc; then
+		cp -pr webapps/tomcat-docs ${D}${CATALINA_BASE}/webapps
+	fi
+	if use examples; then
+		cp -pr webapps/{jsp-examples,servlets-examples,webdav} \
+			${D}${CATALINA_BASE}/webapps
+	fi
+
+	# symlink the directories to make CATALINA_BASE possible
+	dosym /etc/${TOMCAT_NAME} ${CATALINA_BASE}/conf
+	dosym /var/log/${TOMCAT_NAME} ${CATALINA_BASE}/logs
+	dosym /var/tmp/${TOMCAT_NAME} ${CATALINA_BASE}/temp
+	dosym /var/run/${TOMCAT_NAME} ${CATALINA_BASE}/work
+
+	dodoc  ${S}/build/{RELEASE-NOTES,RUNNING.txt}
+	fperms 640 /etc/${TOMCAT_NAME}/tomcat-users.xml
+}
+
+pkg_postinst() {
+	#due to previous ebuild bloopers, make sure everything is correct
+	chown root:root /etc/init.d/${TOMCAT_NAME}
+	chown root:root /etc/conf.d/${TOMCAT_NAME}
+
+	elog
+	elog " This ebuild implements a new filesystem layout for tomcat"
+	elog " please read http://www.gentoo.org/proj/en/java/tomcat-guide.xml"
+	elog " for more information!."
+	elog
+	ewarn "naming-factory-dbcp.jar is not built at this time. Please fetch"
+	ewarn "jar from upstream binary if you need it. Gentoo Bug # 144276"
+	elog
+	elog " Please file any bugs at http://bugs.gentoo.org/ or else it"
+	elog " may not get seen.  Thank you."
+	elog
+}
+
+#helpers
+set_webapps_perms() {
+	chown  tomcat:tomcat ${1} || die "Failed to change owner off ${1}."
+	chmod  750           ${1} || die "Failed to change permissions off ${1}."
+}
+
+pkg_config() {
+	# Better suggestions are welcome
+	local currentdir="$(getent passwd tomcat | gawk -F':' '{ print $6 }')"
+
+	elog "The default home directory for Tomcat is /dev/null."
+	elog "You need to change it if your applications needs it to"
+	elog "be an actual directory. Current home directory:"
+	elog "${currentdir}"
+	elog ""
+	elog "Do you want to change it [yes/no]?"
+
+	local answer
+	read answer
+
+	if [[ "${answer}" == "yes" ]]; then
+		elog ""
+		elog "Suggestions:"
+		elog "${WEBAPPS_DIR}"
+		elog ""
+		elog "If you want to suggest a directory, file a bug to"
+		elog "http://bugs.gentoo.org"
+		elog ""
+		elog "Enter home directory:"
+
+		local homedir
+		read homedir
+
+		elog ""
+		elog "Setting home directory to: ${homedir}"
+
+		/usr/sbin/usermod -d"${homedir}" tomcat
+
+		elog "You can run emerge --config =${PF}"
+		elog "again to change to homedir"
+		elog "at any time."
+	fi
+}
diff --git a/www-servers/tomcat/tomcat-6.0.10-r4.ebuild b/www-servers/tomcat/tomcat-6.0.10-r5.ebuild
index 8a75a202c345..61251ad93be2 100644
--- a/www-servers/tomcat/tomcat-6.0.10-r4.ebuild
+++ b/www-servers/tomcat/tomcat-6.0.10-r5.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/tomcat-6.0.10-r4.ebuild,v 1.1 2007/04/23 20:40:14 wltjr Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-servers/tomcat/tomcat-6.0.10-r5.ebuild,v 1.1 2007/05/15 04:37:21 wltjr Exp $
 
 WANT_ANT_TASKS="ant-trax"
 
@@ -118,6 +118,9 @@ src_install() {
 	cp -pR conf/* ${D}/etc/${TOMCAT_NAME} || die "failed to copy conf"
 	cp -pPR output/build/bin ${D}/usr/share/${TOMCAT_NAME} || die "failed to copy"
 
+	# replace catalina.policy with gentoo specific one bug #176701
+#	cp ${FILESDIR}/${SLOT}/catalina.policy ${D}/etc/${TOMCAT_NAME} || die "failed to replace catalina.policy"
+
 	cp ${T}/tomcat6-deps/jdt/jasper-jdt.jar ${D}/usr/share/${TOMCAT_NAME}/lib \
 		|| die "failed to copy"
 
@@ -161,6 +164,9 @@ src_install() {
 }
 
 pkg_postinst() {
+	# temp fix for bug #176097	
+	chown -fR tomcat:tomcat /etc/${TOMCAT_NAME}
+
 	elog
 	elog " This ebuild implements a FHS compliant layout for tomcat"
 	elog " Please read http://www.gentoo.org/proj/en/java/tomcat6-guide.xml"
author	William Thomson <wltjr@gentoo.org>	2007-05-15 04:37:21 +0000
committer	William Thomson <wltjr@gentoo.org>	2007-05-15 04:37:21 +0000
commit	80031bd30166ed9976ac6612da509211e115ce5e (patch)
tree	0e577fdb04e1216fc7ef5718488d3cd8f0e65f71 /www-servers/tomcat
parent	Stable for HPPA (bug #178359). (diff)
download	gentoo-2-80031bd30166ed9976ac6612da509211e115ce5e.tar.gz gentoo-2-80031bd30166ed9976ac6612da509211e115ce5e.tar.bz2 gentoo-2-80031bd30166ed9976ac6612da509211e115ce5e.zip