* Set JVM/JDK to version 17

* Tomcat 9 deployed from tar file
* Now starts up correctly
* Need to set a symlink top the log directory.

camera-recordings-service/src/requirements.txt

@@ -1,3 +1,3 @@
-pyftpdlib==1.5.7
+pyftpdlib==1.5.9
 pytz==2022.1
 resettabletimer==1.0.0

xtrn-scripts-and-config/apache-tomcat-9/tomcat9.service

@@ -0,0 +1,21 @@
+[Unit]
+
+Description=Apache Tomcat Web Application Container
+After=network.target
+[Service]
+Type=forking
+User=tomcat
+Group=tomcat
+Environment="JAVA_HOME=/usr/lib/jvm/java-1.17.0-openjdk-arm64"
+Environment="CATALINA_HOME=/opt/tomcat9"
+Environment="CATALINA_PID=/opt/tomcat9/temp/tomcat.pid"
+Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
+ReadWritePaths=/var/log/security-cam/
+ReadWritePaths=/etc/security-cam/
+ReadWritePaths=/var/security-cam/
+ReadWritePaths=/opt/tomcat9/webapps/
+
+ExecStart=/opt/tomcat9/bin/startup.sh
+ExecStop=/opt/tomcat9/bin/shutdown.sh
+[Install]
+WantedBy=multi-user.target

xtrn-scripts-and-config/deb-file-creation/create-deb.sh

@@ -47,35 +47,34 @@ mkdir -p security-cam_"${VERSION}"_arm64/var/log/fmp4-ws-media-service
 
 mkdir -p security-cam_"${VERSION}"_arm64/var/log/motion
 mkdir -p security-cam_"${VERSION}"_arm64/var/log/wifimgr
-mkdir -p security-cam_"${VERSION}"_arm64/var/lib/tomcat
+mkdir -p security-cam_"${VERSION}"_arm64/opt/tomcat9
 
 mkdir -p security-cam_"${VERSION}"_arm64/tmp
 
 mkdir -p security-cam_"${VERSION}"_arm64/lib/systemd/system/
 
 cp -r ../motion/motion.conf ../nginx.conf ../chrony.conf security-cam_"${VERSION}"_arm64/tmp
-cp ../apache-tomcat-9.0.46/conf/server.xml ../apache-tomcat-9.0.46/conf/tomcat-users.xml security-cam_"${VERSION}"_arm64/tmp
+cp ../apache-tomcat-9/conf/server.xml ../apache-tomcat-9/conf/tomcat-users.xml security-cam_"${VERSION}"_arm64/tmp
+tar -xzf ../apache-tomcat-9/apache-tomcat-9.0.89.tar.gz -C security-cam_"${VERSION}"_arm64/opt/tomcat9 --strip-components=1
 cp ../tomcat9 security-cam_"${VERSION}"_arm64/tmp
 cp ../../server/build/libs/server-7.3.war security-cam_"${VERSION}"_arm64/tmp
 cp ../../initialAdmin/dist/cua.war  security-cam_"${VERSION}"_arm64/tmp
-
+cp ../apache-tomcat-9/tomcat9.service security-cam_"${VERSION}"_arm64/lib/systemd/system/
 cat << EOF > security-cam_"${VERSION}"_arm64/DEBIAN/control
 Package: security-cam
 Version: $VERSION
 Architecture: arm64
 Maintainer: Richard Austin <richard.david.austin@gmail.com>
 Description: A security camera system accessed through a secure web based interface.
-Depends: openjdk-19-jre-headless (>=19.0.2), openjdk-19-jre-headless (<< 19.9.9),
- motion (>=4.5.1-2), motion(<<5.0.0-0),
- curl (>=8.2.1), curl(<=8.3),
+Depends: openjdk-17-jre-headless (>=17.0.0), openjdk-17-jre-headless (<< 17.9.9),
+ motion (>=4.6), motion(<<5.0.0-0),
+ curl (>=8.5.0), curl(<=8.9),
  nginx (>=1.24.0), nginx(<=1.24.9),
- tomcat9 (>=9.0.43-1), tomcat9 (<= 10.0.0),
- tomcat9-admin (>=9.0.70-1), tomcat9-admin (<= 10.0.0),
  libraspberrypi-bin, chrony,
- network-manager (>= 1.42.4), network-manager (<< 2.0.0),
+ network-manager (>= 1.46.0), network-manager (<< 2.0.0),
  wireless-tools (>=30~pre9-13), wireless-tools (<< 40),
  moreutils,
- python3-pip, python3.11-venv
+ python3-pip, python3.12-venv
 EOF
 
 dpkg-deb --build --root-owner-group security-cam_"${VERSION}"_arm64

xtrn-scripts-and-config/deb-file-creation/postinst

@@ -3,37 +3,38 @@
 cp /tmp/motion.conf /etc/motion
 mv /tmp/nginx.conf /etc/nginx
 mv /tmp/chrony.conf /etc/chrony
-mv /tmp/server.xml /etc/tomcat9/
-mv /tmp/tomcat9 /etc/default/  # Updated tomcat9 default file to enable use of Java 17
-mv /tmp/tomcat-users.xml /etc/tomcat9
-mv /tmp/server-7.3.war /var/lib/tomcat9/webapps/ROOT.war
-mv /tmp/cua.war /var/lib/tomcat9/webapps/cua.war
+mv /tmp/server.xml /opt/tomcat9/conf
+#### mv /tmp/tomcat9 /etc/default/  # Updated tomcat9 default file to enable use of Java 17
+mv /tmp/tomcat-users.xml /opt/tomcat9/conf
+mv /tmp/server-7.3.war /opt/tomcat9/webapps/ROOT.war
+mv /tmp/cua.war /opt/tomcat9/webapps/cua.war
 mkdir -p /usr/local/bin
 
 wget -O /usr/local/bin/ffmpeg https://github.com/richard-austin/ffmpeg-4.4.4/releases/download/1.0.0/ffmpeg
 chmod +x /usr/local/bin/ffmpeg
 
-rm -rf /var/lib/tomcat9/webapps/ROOT
-rm -rf /var/lib/tomcat9/webapps/cua
+rm -rf /opt/tomcat9/webapps/ROOT
+rm -rf /opt/tomcat9/webapps/cua
 
 rm -r /tmp/motion.conf
 deb-systemd-invoke stop tomcat9.service  # Stop tomcat before making changes
 deb-systemd-invoke stop motion  # And motion
 sleep 2
 
+useradd tomcat
 useradd sec-cam
 groupadd security-cam
 usermod -a -G video tomcat
 usermod -a -G security-cam tomcat
 usermod -a -G security-cam sec-cam
 usermod -a -G security-cam www-data
-
+q
 chown -R tomcat:security-cam /etc/security-cam
 chown -R tomcat:security-cam /var/security-cam
 
 chown tomcat:security-cam /var/log/security-cam/security-cam.log*  # To prevent access denied errors on first starting tomcat
-chown tomcat:tomcat /var/lib/tomcat9/webapps/ROOT.war
-chown tomcat:tomcat /var/lib/tomcat9/webapps/cua.war
+chown -R tomcat:tomcat /opt/tomcat9
+
 
 # Create the client keystore for connection to the Cloud server via ActiveMQ
 MQ_CREDS_FILE=/var/security-cam/cloud-creds.json
@@ -55,10 +56,10 @@ EOF
   chown tomcat:root $MQ_CREDS_FILE
 fi
 
-chmod 640 /etc/tomcat9/tomcat-users.xml
-chown root:tomcat /etc/tomcat9/tomcat-users.xml
-chmod 640 /etc/tomcat9/server.xml
-chown root:tomcat /etc/tomcat9/server.xml
+chmod 640 /opt/tomcat9/conf/tomcat-users.xml
+chown root:tomcat /opt/tomcat9/conf/tomcat-users.xml
+chmod 640 /opt/tomcat9/conf/server.xml
+chown root:tomcat /opt/tomcat9/conf/server.xml
 chown root:root /etc/security-cam/wifi-setup-service/*.py
 chown tomcat:tomcat -R /etc/fmp4-ws-media-server
 
@@ -75,7 +76,6 @@ chown sec-cam:security-cam /var/log/motion
 chown tomcat:security-cam /var/log/security-cam
 chown tomcat:security-cam /var/log/camera-recordings-service
 chown tomcat:security-cam /var/log/fmp4-ws-media-service
-chown tomcat:security-cam /var/lib/tomcat
 
 # Make the following scripts executable
 chmod +x /etc/security-cam/install-cert.sh
@@ -100,28 +100,17 @@ sed -i 's/User=motion/User=tomcat/' /lib/systemd/system/motion.service
 # AddToTomcatUnitFileIfNotPresent: Add ReadWriteFilePaths to the tomcat unit file to enable access to /etc/security-cam
 #                                  and /var/log/security-cam.
 #
-AddToTomcatUnitFileIfNotPresent() {
-  lineToWrite=$1
-  lineToWriteUnder=$2
-  unitFile=$3
-  # Enter lineToWrite after lineToWriteUnder if not already present
-  if ! grep "$lineToWrite" "$unitFile"; then
-    # Add the line after lineToWriteUnder escaping all '/' as the regex is within / delimiters.
-    result=$(awk '/'"${lineToWriteUnder//\//\\/}"'/ { print; print '\""${lineToWrite}"\"'; next }1' "$unitFile")
-    echo "$result" >"$unitFile"
-  fi
-}
-
-# Give tomcat permission to write to some additional directories
-lineToWrite="ReadWritePaths=/var/log/security-cam/"
-lineToWrite2="ReadWritePaths=/etc/security-cam/"
-lineToWrite3="ReadWritePaths=/var/security-cam/"
-lineToWriteUnder="ReadWritePaths=/var/lib/tomcat9/webapps/"
-unitFile="/usr/lib/systemd/system/tomcat9.service"
-
-AddToTomcatUnitFileIfNotPresent $lineToWrite $lineToWriteUnder $unitFile
-AddToTomcatUnitFileIfNotPresent $lineToWrite2 $lineToWriteUnder $unitFile
-AddToTomcatUnitFileIfNotPresent $lineToWrite3 $lineToWriteUnder $unitFile
+#AddToTomcatUnitFileIfNotPresent() {
+#  lineToWrite=$1
+#  lineToWriteUnder=$2
+#  unitFile=$3
+#  # Enter lineToWrite after lineToWriteUnder if not already present
+#  if ! grep "$lineToWrite" "$unitFile"; then
+#    # Add the line after lineToWriteUnder escaping all '/' as the regex is within / delimiters.
+#    result=$(awk '/'"${lineToWriteUnder//\//\\/}"'/ { print; print '\""${lineToWrite}"\"'; next }1' "$unitFile")
+#    echo "$result" >"$unitFile"
+#  fi
+#}
 
 systemctl daemon-reload  # Register the motion service file change