Fix java requirements (#2398212)

With java-latest now being 25, but only java-25 providing the
generic 'java' and 'java-headless' etc., we get file conflicts
if a transaction includes both things that want 'java-25' or
'java-25-headless' and things that want 'java' or 'java-headless'.
This is because dnf prefers java-latest as a provider of the
java-25-* provides (it's versioned higher than the java-25
packages), but only the java-25 packages provide the generic
requirements.

To avoid this making FreeIPA uninstallable, let's get rid of the
generic 'java-headless' requirement. I think f7115aee was meant
to do this already, but missed it.

Also get rid of the now-useless version bounds on requirements
where the java version is included in the requirement name.

.packit.yaml

@@ -14,7 +14,7 @@ jobs:
 - job: pull_from_upstream
   trigger: release
   dist_git_branches:
-    - fedora-all
+    - fedora-branched
 
 # https://packit.dev/docs/configuration/downstream/koji_build
 - job: koji_build

gating.yaml

@@ -1,16 +1,20 @@
 --- !Policy
 product_versions:
   - fedora-rawhide
-decision_context: bodhi_update_push_stable
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
 subject_type: koji_build
 rules:
   - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpmdeplint.functional}
-  - !PassingTestCaseRule { test_case_name: fedora-ci.koji-build./plans/smoke.functional }
---- !Policy
 product_versions:
   - fedora-*
-decision_context: bodhi_update_push_stable
+decision_contexts:
+  - bodhi_update_push_stable
+  - bodhi_update_push_testing
 subject_type: koji_build
 rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
   - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.installability.functional}
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.rpminspect.static-analysis}
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/javapackages.functional}
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build./plans/smoke.functional}

java-9-start-up-parameters.conf

@@ -1,7 +0,0 @@
-# Add the JAVA 9 specific start-up parameters required by Tomcat
-JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.lang=ALL-UNNAMED"
-JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.io=ALL-UNNAMED"
-JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.util=ALL-UNNAMED"
-JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
-JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
-export JDK_JAVA_OPTIONS

module-start-up-parameters.conf

@@ -0,0 +1,8 @@
+# Add the module start-up parameters required by Tomcat
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
+JAVA_OPTS="$JAVA_OPTS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
+export JAVA_OPTS
+

rhbz-1857043.patch

@@ -1,6 +1,6 @@
---- build.xml.orig	2024-08-03 00:24:59.000000000 +0300
-+++ build.xml	2024-08-06 13:42:04.710875124 +0300
-@@ -1110,7 +1110,7 @@
+--- build.xml.orig	2024-08-02 18:14:43.000000000 +0300
++++ build.xml	2024-08-19 13:56:38.991730088 +0300
+@@ -1121,7 +1121,7 @@
        filesDir="${tomcat.classes}"
        filesId="files.annotations-api"
        manifest="${tomcat.manifests}/annotations-api.jar.manifest"
@@ -9,7 +9,7 @@
  
      <!-- Servlet Implementation JAR File -->
      <jarIt jarfile="${servlet-api.jar}"
-@@ -1119,41 +1119,41 @@
+@@ -1130,48 +1130,48 @@
        manifest="${tomcat.manifests}/servlet-api.jar.manifest"
        notice="${tomcat.manifests}/servlet-api.jar.notice"
        license="${tomcat.manifests}/servlet-api.jar.license"
@@ -38,6 +38,14 @@
        filesId="files.websocket-api"
        manifest="${tomcat.manifests}/websocket-api.jar.manifest"
 -      addOSGi="true" />
++      addOSGi="false" />
+ 
+     <!-- WebSocket Client API JAR File -->
+     <jarIt jarfile="${websocket-client-api.jar}"
+       filesDir="${tomcat.classes}"
+       filesId="files.websocket-client-api"
+       manifest="${tomcat.manifests}/websocket-client-api.jar.manifest"
+-      addOSGi="true" />
 +      addOSGi="false" />
  
      <!-- JASPIC API JAR File -->
@@ -57,7 +65,7 @@
  
      <!-- Bootstrap JAR File -->
      <jarIt jarfile="${bootstrap.jar}"
-@@ -1165,68 +1165,68 @@
+@@ -1183,68 +1183,68 @@
      <jarIt jarfile="${tomcat-util.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.tomcat-util"
@@ -137,7 +145,7 @@
  
      <!-- Catalina Ant Tasks JAR File -->
      <jarIt jarfile="${catalina-ant.jar}"
-@@ -1237,27 +1237,27 @@
+@@ -1255,27 +1255,27 @@
      <jarIt jarfile="${catalina-storeconfig.jar}"
        filesDir="${tomcat.classes}"
        filesId="files.catalina-storeconfig"
@@ -169,7 +177,7 @@
  
      <!-- i18n JARs -->
      <jar jarfile="${tomcat.build}/lib/tomcat-i18n-cs.jar"
-@@ -1719,7 +1719,7 @@
+@@ -1748,7 +1748,7 @@
             filesId="files.tomcat-embed-core"
             notice="${tomcat.manifests}/servlet-api.jar.notice"
             license="${tomcat.manifests}/servlet-api.jar.license"
@@ -178,7 +186,7 @@
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-core"
             graalFiles="res/graal/tomcat-embed-core/native-image"
-@@ -1727,7 +1727,7 @@
+@@ -1756,7 +1756,7 @@
      <jarIt jarfile="${tomcat-embed-el.jar}"
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-el"
@@ -187,7 +195,7 @@
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-el"
             graalFiles="res/graal/tomcat-embed-el/native-image"
-@@ -1736,7 +1736,7 @@
+@@ -1765,7 +1765,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-jasper"
             meta-inf="${tomcat.manifests}/jasper.jar"
@@ -196,7 +204,7 @@
             addGraal="true"
             graalPrefix="org.apache.tomcat.embed/tomcat-embed-jasper"
             graalFiles="res/graal/tomcat-embed-jasper/native-image"
-@@ -1745,7 +1745,7 @@
+@@ -1774,7 +1774,7 @@
             filesDir="${tomcat.classes}"
             filesId="files.tomcat-embed-websocket"
             meta-inf="${tomcat.manifests}/tomcat-websocket.jar"

sources

@@ -1 +1 @@
-SHA512 (apache-tomcat-9.0.109-src.tar.gz) = 5ff1fdc882ffd3e3bd05be17b6dc45f914fb2b6553f2438ef30f929f2255cde49b1bac3e39f1a1b1440664b5477e64bde6c408a477e7eab097aa8cee01b82850
+SHA512 (apache-tomcat-10.1.46-src.tar.gz) = 4abb5a5fad013135c4107508e4530673e4af623658b6aff5c4fc18fd557dfca37b58a9c5c0479e52e240b53d469ad91a34225a80b718aa2f91b8d385d16d9682

tomcat-10.1-JDTCompiler.patch

@@ -0,0 +1,30 @@
+--- java/org/apache/jasper/compiler/JDTCompiler.java.orig	2024-12-05 18:01:16.000000000 +0200
++++ java/org/apache/jasper/compiler/JDTCompiler.java	2025-01-07 16:30:34.996302312 +0200
+@@ -302,9 +302,9 @@ public class JDTCompiler extends org.apa
+             } else if (opt.equals("17")) {
+                 settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_17);
+             } else if (opt.equals("18")) {
+-                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_18);
++                settings.put(CompilerOptions.OPTION_Source, "18");
+             } else if (opt.equals("19")) {
+-                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_19);
++                settings.put(CompilerOptions.OPTION_Source, "19");
+             } else if (opt.equals("20")) {
+                 // Constant not available in latest ECJ version that runs on
+                 // Java 11.
+@@ -392,11 +392,11 @@ public class JDTCompiler extends org.apa
+                 settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_17);
+                 settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_17);
+             } else if (opt.equals("18")) {
+-                settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_18);
+-                settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_18);
++                settings.put(CompilerOptions.OPTION_TargetPlatform, "18");
++                settings.put(CompilerOptions.OPTION_Compliance, "18");
+             } else if (opt.equals("19")) {
+-                settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_19);
+-                settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_19);
++                settings.put(CompilerOptions.OPTION_TargetPlatform, "19");
++                settings.put(CompilerOptions.OPTION_Compliance, "19");
+             } else if (opt.equals("20")) {
+                 // Constant not available in latest ECJ version that runs on
+                 // Java 11.

tomcat-10.1-catalina-policy.patch

@@ -0,0 +1,16 @@
+--- conf/catalina.policy.orig	2024-05-22 16:12:23.809886452 +0300
++++ conf/catalina.policy	2024-05-22 16:14:38.913939654 +0300
+@@ -55,6 +55,14 @@
+         permission java.security.AllPermission;
+ };
+
++// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
++
++// Allowing everything in /usr/share/java allows too many unknowns to be permitted
++// Specifying the individual jars that tomcat needs to function with the security manager
++// is the safest way forward.
++grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
++	permission java.security.AllPermission;
++};
+
+ // ========== CATALINA CODE PERMISSIONS =======================================

tomcat-10.1.conf

@@ -28,24 +28,15 @@ CATALINA_HOME="@@@TCHOME@@@"
 # System-wide tmp
 CATALINA_TMPDIR="/var/cache/tomcat/temp"
 
-# You can pass some parameters to java here if you wish to
-#JAVA_OPTS="-Xminf0.1 -Xmaxf0.3"
-
-# Use JAVA_OPTS to set java.library.path for libtcnative.so
-#JAVA_OPTS="-Djava.library.path=/usr/lib"
-
-# Set default javax.sql.DataSource factory to apache commons one. See rhbz#1214381
-JAVA_OPTS="-Djavax.sql.DataSource.Factory=org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory"
-
 # You can change your tomcat locale here
 #LANG="en_US"
 
 # Run tomcat under the Java Security Manager
 SECURITY_MANAGER="false"
 
-# SHUTDOWN_WAIT has been deprecated. To change the shutdown wait time, set
-# TimeoutStopSec in tomcat.service.
-
 # If you wish to further customize your tomcat environment,
 # put your own definitions here
 # (i.e. LD_LIBRARY_PATH for some jdbc drivers)
+
+# You can also pass parameters to Java here by defining JAVA_OPTS variable
+# (e.g. JAVA_OPTS="-Xminf0.1 -Xmaxf0.3")

tomcat-9.0-JDTCompiler.patch

@@ -1,24 +0,0 @@
-diff -up ./java/org/apache/jasper/compiler/JDTCompiler.java ./java/org/apache/jasper/compiler/JDTCompiler.java
-index 2e361f2..277d8f4 100644
---- java/org/apache/jasper/compiler/JDTCompiler.java
-+++ java/org/apache/jasper/compiler/JDTCompiler.java
-@@ -310,7 +310,7 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
-             } else if(opt.equals("15")) {
-                 settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_15);
-             } else if(opt.equals("16")) {
--                settings.put(CompilerOptions.OPTION_Source, CompilerOptions.VERSION_16);
-+                settings.put(CompilerOptions.OPTION_Source, "16");
-             } else if(opt.equals("17")) {
-                 // Constant not available in latest ECJ version that runs on
-                 // Java 8.
-@@ -377,8 +377,8 @@ public class JDTCompiler extends org.apache.jasper.compiler.Compiler {
-                 settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_15);
-                 settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_15);
-             } else if(opt.equals("16")) {
--                settings.put(CompilerOptions.OPTION_TargetPlatform, CompilerOptions.VERSION_16);
--                settings.put(CompilerOptions.OPTION_Compliance, CompilerOptions.VERSION_16);
-+                settings.put(CompilerOptions.OPTION_TargetPlatform, "16");
-+                settings.put(CompilerOptions.OPTION_Compliance, "16");
-             } else if(opt.equals("17")) {
-                 // Constant not available in latest ECJ version that runs on
-                 // Java 8.

tomcat-9.0-catalina-policy.patch

@@ -1,25 +0,0 @@
---- conf/catalina.policy.orig	2022-11-04 16:17:41.227506990 +0800
-+++ conf/catalina.policy	2022-11-04 16:21:51.393351415 +0800
-@@ -56,6 +56,15 @@ grant codeBase "file:${java.home}/lib/ex
- //        permission java.security.AllPermission;
- //};
- 
-+// ========== RHEL SPECIFIC CODE PERMISSIONS =======================================
-+
-+
-+// Allowing everything in /usr/share/java allows too many unknowns to be permitted
-+// Specifying the individual jars that tomcat needs to function with the security manager
-+// is the safest way forward.
-+grant codeBase "file:/usr/share/java/ecj/ecj.jar" {
-+        permission java.security.AllPermission;
-+};
- 
- // ========== CATALINA CODE PERMISSIONS =======================================
- 
-@@ -261,4 +270,4 @@ grant codeBase "file:${catalina.home}/we
- //
- // The permissions granted to a specific JAR
- // grant codeBase "war:file:${catalina.base}/webapps/examples.war*/WEB-INF/lib/foo.jar" {
--// };
-\ No newline at end of file
-+// };

tomcat-9.0-log4j.properties

@@ -1,11 +0,0 @@
-log4j.rootLogger=debug, R 
-log4j.appender.R=org.apache.log4j.RollingFileAppender 
-log4j.appender.R.File=${catalina.base}/logs/tomcat.log 
-log4j.appender.R.MaxFileSize=10MB 
-log4j.appender.R.MaxBackupIndex=10 
-log4j.appender.R.layout=org.apache.log4j.PatternLayout 
-log4j.appender.R.layout.ConversionPattern=%p %t %c - %m%n 
-log4j.logger.org.apache.catalina=DEBUG, R
-log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG, R
-log4j.logger.org.apache.catalina.core=DEBUG, R
-log4j.logger.org.apache.catalina.session=DEBUG, R

tomcat-functions

@@ -13,30 +13,9 @@ _save_function() {
     eval "$NEWNAME_FUNC"
 }
 
-run_jsvc(){
-    if [ -x /usr/bin/jsvc ]; then
-        TOMCAT_USER="${TOMCAT_USER:-tomcat}"
-        JSVC="/usr/bin/jsvc"
-
-        JSVC_OPTS="-nodetach -pidfile /var/run/jsvc-tomcat${NAME}.pid -user ${TOMCAT_USER} -outfile ${CATALINA_BASE}/logs/catalina.out -errfile ${CATALINA_BASE}/logs/catalina.out"
-        if [ "$1" = "stop" ]; then
-            JSVC_OPTS="${JSVC_OPTS} -stop"
-    	fi
-
-        exec "${JSVC}" ${JSVC_OPTS} ${FLAGS} -classpath "${CLASSPATH}" ${OPTIONS} "${MAIN_CLASS}" "${@}"
-    else
-       	echo "Can't find /usr/bin/jsvc executable"
-    fi
-
-}
-
 _save_function run run_java
 
 run() {
-   if [ "${USE_JSVC}" = "true" ] ; then
-	run_jsvc $@
-   else
 	run_java $@
-   fi
 }
 

tomcat.spec

@@ -28,19 +28,19 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 #
 
-%global jspspec 2.3
-%global major_version 9
-%global minor_version 0
-%global micro_version 109
+%global jspspec 3.1
+%global major_version 10
+%global minor_version 1
+%global micro_version 46
 %global packdname apache-tomcat-%{version}-src
-%global servletspec 4.0
-%global elspec 3.0
+%global servletspec 6.0
+%global elspec 5.0
 %global tcuid 53
 # Recommended version is specified in java/org/apache/catalina/core/AprLifecycleListener.java
-%global native_version 1.2.21
+%global native_version 2.0.8
 
 
-# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
+# FHS 3.0 compliant tree structure - http://refspecs.linuxfoundation.org/FHS_3.0/fhs/index.html
 %global basedir %{_var}/lib/%{name}
 %global appdir %{basedir}/webapps
 %global homedir %{_datadir}/%{name}
@@ -51,7 +51,6 @@
 %global cachedir %{_var}/cache/%{name}
 %global tempdir %{cachedir}/temp
 %global workdir %{cachedir}/work
-%global _systemddir /lib/systemd/system
 
 Name:          tomcat
 Epoch:         1
@@ -64,44 +63,45 @@ License:       Apache-2.0
 URL:           http://tomcat.apache.org/
 Source0:       http://www.apache.org/dist/tomcat/tomcat-%{major_version}/v%{version}/src/%{packdname}.tar.gz
 Source1:       %{name}-%{major_version}.%{minor_version}.conf
-Source3:       %{name}-%{major_version}.%{minor_version}.sysconfig
-Source4:       %{name}-%{major_version}.%{minor_version}.wrapper
-Source5:       %{name}-%{major_version}.%{minor_version}.logrotate
-Source6:       %{name}-%{major_version}.%{minor_version}-digest.script
-Source7:       %{name}-%{major_version}.%{minor_version}-tool-wrapper.script
-Source11:      %{name}-%{major_version}.%{minor_version}.service
-Source21:      tomcat-functions
-Source30:      tomcat-preamble
-Source31:      tomcat-server
-Source32:      tomcat-named.service
-Source33:      java-9-start-up-parameters.conf
+Source2:       %{name}-%{major_version}.%{minor_version}.sysconfig
+Source3:       %{name}-%{major_version}.%{minor_version}.wrapper
+Source4:       %{name}-%{major_version}.%{minor_version}.logrotate
+Source5:       %{name}-%{major_version}.%{minor_version}-digest.script
+Source6:       %{name}-%{major_version}.%{minor_version}-tool-wrapper.script
+Source7:       %{name}-%{major_version}.%{minor_version}.service
+Source8:       %{name}-functions
+Source9:       %{name}-preamble
+Source10:      %{name}-server
+Source11:      %{name}-named.service
+Source12:      module-start-up-parameters.conf
 
 Patch0:        %{name}-%{major_version}.%{minor_version}-bootstrap-MANIFEST.MF.patch
 Patch1:        %{name}-%{major_version}.%{minor_version}-tomcat-users-webapp.patch
 Patch2:        %{name}-build.patch
 Patch3:        %{name}-%{major_version}.%{minor_version}-catalina-policy.patch
-Patch4:        rhbz-1857043.patch
-Patch6:        %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
+Patch4:        %{name}-%{major_version}.%{minor_version}-bnd-annotation.patch
+Patch5:        %{name}-%{major_version}.%{minor_version}-JDTCompiler.patch
+Patch6:        rhbz-1857043.patch
 
 BuildArch:     noarch
 ExclusiveArch:  %{java_arches} noarch
 
-BuildRequires: ant
-BuildRequires: ecj >= 1:4.10
+BuildRequires: ant-openjdk25  >= 1.10.2
+BuildRequires: ecj >= 4.20
 BuildRequires: findutils
-BuildRequires: java-devel >= 1:1.8.0
-BuildRequires: javapackages-local
+BuildRequires: java-25-devel
+BuildRequires: javapackages-local-openjdk25
 BuildRequires: aqute-bnd
 BuildRequires: aqute-bndlib
 BuildRequires: systemd
+BuildRequires: tomcat-jakartaee-migration
 
-Requires:      (java-headless >= 1:1.8 or java-1.8.0-headless or java-11-headless or java-17-headless or java-21-headless or java >= 1:1.8)
+Requires:      (java-25-headless or java-25)
 Requires:      javapackages-tools
 Requires:      %{name}-lib = %{epoch}:%{version}-%{release}
 %if 0%{?fedora} || 0%{?rhel} > 7
 Recommends:    tomcat-native >= %{native_version}
 %endif
-Requires(pre):    shadow-utils
 Requires(post):   systemd
 Requires(preun):  systemd
 Requires(postun): systemd
@@ -136,9 +136,11 @@ The docs web application for Apache Tomcat.
 %package jsp-%{jspspec}-api
 Summary: Apache Tomcat JavaServer Pages v%{jspspec} API Implementation Classes
 Provides: jsp = %{jspspec}
-Obsoletes: %{name}-jsp-2.2-api
 Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
 Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
+Obsoletes: %{name}-jsp-2.3-api < 1:9.1
+Provides:  %{name}-jsp-2.3-api = %{?epoch:%{epoch}:}%{version}-%{release}
+
 
 %description jsp-%{jspspec}-api
 Apache Tomcat JSP API Implementation Classes.
@@ -148,7 +150,8 @@ Summary: Libraries needed to run the Tomcat Web container
 Requires: %{name}-jsp-%{jspspec}-api = %{epoch}:%{version}-%{release}
 Requires: %{name}-servlet-%{servletspec}-api = %{epoch}:%{version}-%{release}
 Requires: %{name}-el-%{elspec}-api = %{epoch}:%{version}-%{release}
-Requires: ecj >= 1:4.10
+Requires: ecj >= 4.20
+Recommends: tomcat-jakartaee-migration
 Requires(preun): coreutils
 
 %description lib
@@ -157,9 +160,8 @@ Libraries needed to run the Tomcat Web container.
 %package servlet-%{servletspec}-api
 Summary: Apache Tomcat Java Servlet v%{servletspec} API Implementation Classes
 Provides: servlet = %{servletspec}
-Provides: servlet6
-Provides: servlet3
-Obsoletes: %{name}-servlet-3.1-api
+Obsoletes: %{name}-servlet-4.0-api < 1:9.1
+Provides:  %{name}-servlet-4.0-api = %{?epoch:%{epoch}:}%{version}-%{release}
 
 %description servlet-%{servletspec}-api
 Apache Tomcat Servlet API Implementation Classes.
@@ -167,7 +169,8 @@ Apache Tomcat Servlet API Implementation Classes.
 %package el-%{elspec}-api
 Summary: Apache Tomcat Expression Language v%{elspec} API Implementation Classes
 Provides: el_api = %{elspec}
-Obsoletes: %{name}-el-2.2-api
+Obsoletes: %{name}-el-3.0-api < 1:9.1
+Provides:  %{name}-el-3.0-api = %{?epoch:%{epoch}:}%{version}-%{release}
 
 %description el-%{elspec}-api
 Apache Tomcat EL API Implementation Classes.
@@ -190,6 +193,7 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 %patch 2 -p0
 %patch 3 -p0
 %patch 4 -p0
+%patch 5 -p0
 %patch 6 -p0
 
 # Remove webservices naming resources as it's generally unused
@@ -197,16 +201,19 @@ find . -type f \( -name "*.bat" -o -name "*.class" -o -name Thumbs.db -o -name "
 
 # Configure maven files
 %mvn_package ":tomcat-el-api" tomcat-el-api
-%mvn_alias "org.apache.tomcat:tomcat-el-api" "org.eclipse.jetty.orbit:javax.el"
+%mvn_alias "org.apache.tomcat:tomcat-el-api" "jakarta.servlet:jakarta.servlet-api"
 %mvn_package ":tomcat-jsp-api" tomcat-jsp-api
-%mvn_alias "org.apache.tomcat:tomcat-jsp-api" "org.eclipse.jetty.orbit:javax.servlet.jsp"
+%mvn_alias "org.apache.tomcat:tomcat-jsp-api" "jakarta.servlet:jakarta.servlet.jsp"
 %mvn_package ":tomcat-servlet-api" tomcat-servlet-api
 
+# Create a sysusers.d config file
+cat >tomcat.sysusers.conf <<EOF
+u tomcat %{tcuid} 'Apache Tomcat' %{homedir} -
+EOF
+
 
 %build
-export OPT_JAR_LIST="xalan-j2-serializer"
-# we don't care about the tarballs and we're going to replace
-# tomcat-dbcp.jar with apache-commons-{collections,dbcp,pool}-tomcat5.jar
+# we don't care about the tarballs and we're going to replace jars
 # so just create a dummy file for later removal
 touch HACK
 
@@ -226,12 +233,13 @@ touch HACK
   -Dbnd-annotation.jar="$(build-classpath aqute-bnd/biz.aQute.bnd.annotation)" \
   -Dversion="%{version}" \
   -Dversion.build="%{micro_version}" \
+  -Dmigration-lib.jar="$(build-classpath tomcat-jakartaee-migration/jakartaee-migration.jar)" \
   deploy
 
 # remove some jars that we'll replace with symlinks later
-%{__rm} output/build/bin/commons-daemon.jar output/build/lib/ecj.jar
+%{__rm} output/build/bin/commons-daemon.jar output/build/lib/ecj.jar output/build/lib/jakartaee-migration.jar
 # Remove the example webapps per Apache Tomcat Security Considerations
-# see https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html
+# see https://tomcat.apache.org/tomcat-10.1-doc/security-howto.html
 %{__rm} -rf output/build/webapps/examples
 
 
@@ -239,7 +247,6 @@ touch HACK
 # build initial path structure
 %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
 %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sbindir}
-%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_systemddir}
 %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
 %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
 %{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{appdir}
@@ -272,33 +279,33 @@ popd
     > ${RPM_BUILD_ROOT}%{confdir}/%{name}.conf
 %{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
    -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
-   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE3} \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE2} \
     > ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}
-%{__install} -m 0644 %{SOURCE4} \
+%{__install} -m 0755 %{SOURCE3} \
     ${RPM_BUILD_ROOT}%{_sbindir}/%{name}
-%{__install} -m 0644 %{SOURCE11} \
+%{__install} -m 0644 %{SOURCE7} \
     ${RPM_BUILD_ROOT}%{_unitdir}/%{name}.service
-%{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE5} \
+%{__sed} -e "s|\@\@\@TCLOG\@\@\@|%{logdir}|g" %{SOURCE4} \
     > ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d/%{name}.disabled
 %{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
    -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
-   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE6} \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE5} \
     > ${RPM_BUILD_ROOT}%{_bindir}/%{name}-digest
 %{__sed} -e "s|\@\@\@TCHOME\@\@\@|%{homedir}|g" \
    -e "s|\@\@\@TCTEMP\@\@\@|%{tempdir}|g" \
-   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE7} \
+   -e "s|\@\@\@LIBDIR\@\@\@|%{_libdir}|g" %{SOURCE6} \
     > ${RPM_BUILD_ROOT}%{_bindir}/%{name}-tool-wrapper
 
-%{__install} -m 0644 %{SOURCE21} \
+%{__install} -m 0644 %{SOURCE8} \
     ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/functions
-%{__install} -m 0755 %{SOURCE30} \
+%{__install} -m 0755 %{SOURCE9} \
     ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/preamble
-%{__install} -m 0755 %{SOURCE31} \
+%{__install} -m 0755 %{SOURCE10} \
     ${RPM_BUILD_ROOT}%{_libexecdir}/%{name}/server
-%{__install} -m 0644 %{SOURCE32} \
+%{__install} -m 0644 %{SOURCE11} \
     ${RPM_BUILD_ROOT}%{_unitdir}/%{name}@.service
 
-%{__install} -m 0644 %{SOURCE33} ${RPM_BUILD_ROOT}%{confdir}/conf.d/
+%{__install} -m 0644 %{SOURCE12} ${RPM_BUILD_ROOT}%{confdir}/conf.d/
 
 # Substitute libnames in catalina-tasks.xml
 sed -i \
@@ -319,6 +326,7 @@ popd
 
 pushd output/build
     %{_bindir}/build-jar-repository lib ecj 2>&1
+    %{_bindir}/build-jar-repository lib tomcat-jakartaee-migration 2>&1
 popd
 
 pushd ${RPM_BUILD_ROOT}%{libdir}
@@ -327,6 +335,7 @@ pushd ${RPM_BUILD_ROOT}%{libdir}
     %{__ln_s} ../../java/%{name}-servlet-%{servletspec}-api.jar .
     %{__ln_s} ../../java/%{name}-el-%{elspec}-api.jar .
     %{__ln_s} $(build-classpath ecj/ecj) jasper-jdt.jar
+    %{__ln_s} $(build-classpath tomcat-jakartaee-migration/jakartaee-migration) jakartaee-migration.jar
     
     cp ../../%{name}/bin/tomcat-juli.jar .
 popd
@@ -395,62 +404,24 @@ popd
 %mvn_file org.apache.tomcat:tomcat-websocket-api tomcat/websocket-api
 %mvn_artifact res/maven/tomcat-websocket-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-api.jar
 %mvn_artifact res/maven/tomcat-websocket.pom ${RPM_BUILD_ROOT}%{libdir}/tomcat-websocket.jar
+%mvn_artifact res/maven/tomcat-websocket-client-api.pom ${RPM_BUILD_ROOT}%{libdir}/websocket-client-api.jar
 %mvn_artifact res/maven/tomcat.pom
 
 %mvn_install
 
-%pre
-# add the tomcat user and group
-getent group tomcat >/dev/null || %{_sbindir}/groupadd -f -g %{tcuid} -r tomcat
-if ! getent passwd tomcat >/dev/null ; then
-    if ! getent passwd %{tcuid} >/dev/null ; then
-        %{_sbindir}/useradd -r -u %{tcuid} -g tomcat -d %{homedir} -s /sbin/nologin -c "Apache Tomcat" tomcat
-        # Tomcat uses a reserved ID, so there should never be an else
-    fi
-fi
-exit 0
+install -m0644 -D tomcat.sysusers.conf %{buildroot}%{_sysusersdir}/tomcat.conf
 
 %post
 # install but don't activate
 %systemd_post %{name}.service
 
-%post jsp-%{jspspec}-api
-%{_sbindir}/update-alternatives --install %{_javadir}/jsp.jar jsp \
-    %{_javadir}/%{name}-jsp-%{jspspec}-api.jar 20200
-
-%post servlet-%{servletspec}-api
-%{_sbindir}/update-alternatives --install %{_javadir}/servlet.jar servlet \
-    %{_javadir}/%{name}-servlet-%{servletspec}-api.jar 30000
-
-%post el-%{elspec}-api
-%{_sbindir}/update-alternatives --install %{_javadir}/elspec.jar elspec \
-   %{_javadir}/%{name}-el-%{elspec}-api.jar 20300
-
 %preun
 # clean tempdir and workdir on removal or upgrade
 %{__rm} -rf %{workdir}/* %{tempdir}/*
 %systemd_preun %{name}.service
 
 %postun
-%systemd_postun_with_restart %{name}.service 
-
-%postun jsp-%{jspspec}-api
-if [ "$1" = "0" ]; then
-    %{_sbindir}/update-alternatives --remove jsp \
-        %{_javadir}/%{name}-jsp-%{jspspec}-api.jar
-fi
-
-%postun servlet-%{servletspec}-api
-if [ "$1" = "0" ]; then
-    %{_sbindir}/update-alternatives --remove servlet \
-        %{_javadir}/%{name}-servlet-%{servletspec}-api.jar
-fi
-
-%postun el-%{elspec}-api
-if [ "$1" = "0" ]; then
-    %{_sbindir}/update-alternatives --remove elspec \
-        %{_javadir}/%{name}-el-%{elspec}-api.jar
-fi
+%systemd_postun_with_restart %{name}.service
 
 %files 
 %defattr(0664,root,tomcat,0755)
@@ -484,7 +455,7 @@ fi
 %attr(0775,root,tomcat) %dir %{confdir}/Catalina/localhost
 %attr(0755,root,tomcat) %dir %{confdir}/conf.d
 %{confdir}/conf.d/README
-%{confdir}/conf.d/java-9-start-up-parameters.conf
+%{confdir}/conf.d/module-start-up-parameters.conf
 %config(noreplace) %{confdir}/%{name}.conf
 %config(noreplace) %{confdir}/*.policy
 %config(noreplace) %{confdir}/*.properties
@@ -504,6 +475,7 @@ fi
 %{homedir}/work
 %{homedir}/logs
 %{homedir}/conf
+%{_sysusersdir}/tomcat.conf
 
 %files admin-webapps
 %defattr(0664,root,tomcat,0755)
@@ -551,39 +523,24 @@ fi
 %{appdir}/ROOT
 
 %changelog
-* Wed Sep 10 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:9.0.109-1
-- Update to version 9.0.109
+* Thu Sep 25 2025 Adam Williamson <awilliam@redhat.com> - 1:10.1.46-2
+- Drop now-unnecessary version bounds in java requirements
+- Specify java-25-headless, not java-headless (#2398212)
 
-* Wed Aug 06 2025 Packit <hello@packit.dev> - 1:9.0.108-1
-- Update to version 9.0.108
-- Resolves: rhbz#2385832
+* Fri Sep 12 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:10.1.46-1
+- Update to version 10.1.46
 
-* Fri Jul 04 2025 Packit <hello@packit.dev> - 1:9.0.107-1
-- Update to version 9.0.107
-- Resolves: rhbz#2376445
+* Tue Aug 19 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:10.1.43-7
+- Add virtual provides to resolve installability issues
 
-* Tue Jun 10 2025 Packit <hello@packit.dev> - 1:9.0.106-1
-- Update to version 9.0.106
-- Resolves: rhbz#2371376
+* Thu Aug 14 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:10.1.43-6
+- Rebuilt for the side tag f43-build-side-116701
 
-* Wed May 21 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:9.0.105-1
-- Update to version 9.0.105
+* Tue Jul 29 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:10.1.43-5
+- Rebuilt for the side tag f43-build-side-114811
 
-* Wed Apr 09 2025 Packit <hello@packit.dev> - 1:9.0.104-1
-- Update to version 9.0.104
-- Resolves: rhbz#2358742
-
-* Thu Mar 06 2025 Packit <hello@packit.dev> - 1:9.0.102-1
-- Update to version 9.0.102
-- Resolves: rhbz#2350305
-
-* Mon Feb 17 2025 Packit <hello@packit.dev> - 1:9.0.100-1
-- Update to version 9.0.100
-- Resolves: rhbz#2346089
-
-* Mon Feb 10 2025 Packit <hello@packit.dev> - 1:9.0.99-1
-- Update to version 9.0.99
-- Resolves: rhbz#2344641
+* Fri Jan 10 2025 Dimitris Soumis <dsoumis@redhat.com> - 1:10.1.34-1
+- Update to version 10.1.34
 
 * Mon Dec 09 2024 Packit <hello@packit.dev> - 1:9.0.98-1
 - Update to version 9.0.98
@@ -591,7 +548,7 @@ fi
 
 * Mon Dec 02 2024 Dimitris Soumis <dsoumis@redhat.com> - 1:9.0.97-1
 - Update to version 9.0.97
-- Resolves: rhbz#2327090 
+- Resolves: rhbz#2327090
 
 * Tue Oct 08 2024 Packit <hello@packit.dev> - 1:9.0.96-1
 - Update to version 9.0.96