aboutsummaryrefslogtreecommitdiffstats
path: root/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch
diff options
context:
space:
mode:
authorWilliam Pitcock <nenolod@dereferenced.org>2011-11-19 12:01:21 -0600
committerWilliam Pitcock <nenolod@dereferenced.org>2011-11-19 12:02:48 -0600
commit243643b43828fc7be9cb93d64dfe0dcff0967755 (patch)
tree46b4236d990fbf1adf3c8fbdeff1df4bc8f95145 /main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch
parent4f73d2d7b4f2ba743c47e8be0248da03661af1d7 (diff)
downloadaports-243643b43828fc7be9cb93d64dfe0dcff0967755.tar.bz2
aports-243643b43828fc7be9cb93d64dfe0dcff0967755.tar.xz
main/openjdk6: build java security certificates store from alpine ca-certificates package
Diffstat (limited to 'main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch')
-rw-r--r--main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch341
1 files changed, 341 insertions, 0 deletions
diff --git a/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch b/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch
new file mode 100644
index 0000000000..97b6ce522c
--- /dev/null
+++ b/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch
@@ -0,0 +1,341 @@
+--- icedtea6-1.10.4/Makefile.am
++++ icedtea6-1.10.4.mod/Makefile.am
+@@ -1376,6 +1376,19 @@
+ if ENABLE_JAMVM
+ printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_JRE_ARCH_DIR)/jvm.cfg
+ endif
++if GENERATE_CACERTS
++ if test -n "${CADIR}"; then \
++ sh scripts/mkcacerts.sh -d "${CADIR}" \
++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ else \
++ sh scripts/mkcacerts.sh -f "${CAFILE}" \
++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ fi; \
++ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \
++ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts;
++endif
+ @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR)
+ mkdir -p stamps
+ touch stamps/icedtea.stamp
+@@ -1407,6 +1420,19 @@
+ if ENABLE_JAMVM
+ printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_DEBUG_JRE_ARCH_DIR)/jvm.cfg
+ endif
++if GENERATE_CACERTS
++ if test -n "${CADIR}"; then \
++ sh scripts/mkcacerts.sh -d "${CADIR}" \
++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ else \
++ sh scripts/mkcacerts.sh -f "${CAFILE}" \
++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ fi; \
++ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \
++ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts;
++endif
+ @echo "IcedTea (debug build) is served:" \
+ $(DEBUG_BUILD_OUTPUT_DIR)
+ mkdir -p stamps
+@@ -1457,7 +1483,7 @@
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \
+ fi
+ cp $(abs_top_builddir)/tapset/jstack.stp \
+- $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp
++ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp;
+ endif
+ touch stamps/add-systemtap.stamp
+
+@@ -1483,7 +1509,7 @@
+ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \
+ fi
+ cp $(abs_top_builddir)/tapset/jstack.stp \
+- $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp
++ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp;
+ endif
+ touch stamps/add-systemtap-debug.stamp
+
+--- icedtea6-1.10.4/Makefile.in
++++ icedtea6-1.10.4.mod/Makefile.in
+@@ -175,6 +175,8 @@
+ BUILD_ARCH_DIR = @BUILD_ARCH_DIR@
+ BUILD_OS_DIR = @BUILD_OS_DIR@
+ CACAO_IMPORT_PATH = @CACAO_IMPORT_PATH@
++CADIR = @CADIR@
++CAFILE = @CAFILE@
+ CC = @CC@
+ CCDEPMODE = @CCDEPMODE@
+ CFLAGS = @CFLAGS@
+--- icedtea6-1.10.4/acinclude.m4
++++ icedtea6-1.10.4.mod/acinclude.m4
+@@ -1677,3 +1677,94 @@
+ AM_CONDITIONAL([CP40188_JAVAH], test x"${it_cv_cp40188_javah}" = "xyes")
+ AC_PROVIDE([$0])dnl
+ ])
++
++--- acinclude.m4 2011-01-22 21:34:29.000000000 -0600
+++++ acinclude.m4 2011-01-22 21:34:58.000000000 -0600
++@@ -316,6 +316,91 @@
++ AM_CONDITIONAL([SRC_DIR_HARDLINKABLE], test x"${it_cv_hardlink_src}" = "xyes")
++ ])
++
++AC_DEFUN([IT_GENERATE_CACERTS],
++[
++ AC_MSG_CHECKING([whether to generate a cacerts file for distribution])
++ AC_ARG_ENABLE([cacerts],
++ [AS_HELP_STRING(--enable-cacerts, generate a cacerts file for distribution [[default=no]])],
++ [
++ case "${enableval}" in
++ no)
++ generate_cacerts=no
++ ;;
++ *)
++ generate_cacerts=yes
++ ;;
++ esac
++ ],
++ [
++ generate_cacerts=no
++ ])
++ AC_MSG_RESULT([$generate_cacerts])
++ AM_CONDITIONAL([GENERATE_CACERTS], test x"${generate_cacerts}" = "xyes")
++])
++
++AC_DEFUN([IT_GET_LOCAL_CACERTS],
++[
++ AC_MSG_CHECKING([for a local x509 certificate directory])
++ AC_ARG_WITH([ca-dir],
++ [AS_HELP_STRING(--with-ca-dir=DIR, specify a top-level local x509 certificate directory)],
++ [
++ if test -d "${withval}"; then
++ CADIR="${withval}"
++ fi
++ ],
++ [
++ CADIR=
++ ])
++ if test -z "${CADIR}"; then
++ for dir in /etc/pki/tls/certs \
++ /usr/share/ca-certificates \
++ /etc/ssl/certs \
++ /etc/certs ; do
++ if test -d "${dir}"; then
++ CADIR="${dir}"
++ break
++ fi
++ done
++ if test -z "${CADIR}"; then
++ CADIR=no
++ fi
++ fi
++ AC_MSG_RESULT(${CADIR})
++ AC_SUBST(CADIR)
++
++ AC_MSG_CHECKING([for a local x509 certificate file])
++ AC_ARG_WITH([ca-file],
++ [AS_HELP_STRING(--with-ca-file=FILE, specify a local x509 certificate file)],
++ [
++ if test -f "${withval}"; then
++ CAFILE="${withval}"
++ fi
++ ],
++ [
++ CAFILE=
++ ])
++ if test -z "${CAFILE}"; then
++ for file in /etc/pki/tls/certs/ca-bundle.crt \
++ /etc/ssl/certs/ca-bundle.crt \
++ /etc/ssl/ca-bundle.crt \
++ /etc/ca-bundle.crt ; do
++ if test -e "${file}"; then
++ CAFILE=$file
++ break
++ fi
++ done
++ if test -z "${CAFILE}"; then
++ CAFILE=no
++ fi
++ fi
++ AC_MSG_RESULT(${CAFILE})
++ AC_SUBST(CAFILE)
++ if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then
++ AC_MSG_WARN([Could not find a suitable x509 certificate store.])
++ AC_MSG_ERROR([Supply a valid location using --with-ca-dir or --with-ca-file, or remove the --enable-cacerts switch.])
++ fi
++])
+--- icedtea6-1.10.4/configure.ac
++++ icedtea6-1.10.4.mod/configure.ac
+@@ -138,6 +138,13 @@
+ AC_MSG_RESULT([disabled by default (edit java.security to enable)])
+ fi
+
++IT_GENERATE_CACERTS
++
++if test "x${generate_cacerts}" = "xyes"
++then
++ IT_GET_LOCAL_CACERTS
++fi
++
+ IT_GET_PKGVERSION
+ IT_GET_LSB_DATA
+
+--- /dev/null
++++ icedtea6-1.10.4.mod/scripts/mkcacerts.sh
+@@ -0,0 +1,154 @@
++#!/bin/sh
++# Simple script to extract x509 certificates and create a JRE cacerts file.
++
++function get_args()
++ {
++ if test -z "${1}" ; then
++ showhelp
++ exit 1
++ fi
++
++ while test -n "${1}" ; do
++ case "${1}" in
++ -f | --cafile)
++ check_arg $1 $2
++ CAFILE="${2}"
++ shift 2
++ ;;
++ -d | --cadir)
++ check_arg $1 $2
++ CADIR="${2}"
++ shift 2
++ ;;
++ -o | --outfile)
++ check_arg $1 $2
++ OUTFILE="${2}"
++ shift 2
++ ;;
++ -k | --keytool)
++ check_arg $1 $2
++ KEYTOOL="${2}"
++ shift 2
++ ;;
++ -h | --help)
++ showhelp
++ exit 0
++ ;;
++ *)
++ showhelp
++ exit 1
++ ;;
++ esac
++ done
++ }
++
++function check_arg()
++ {
++ echo "${2}" | grep -v "^-" > /dev/null
++ if [ -z "$?" -o ! -n "$2" ]; then
++ echo "Error: $1 requires a valid argument."
++ exit 1
++ fi
++ }
++
++
++function showhelp()
++ {
++ echo "`basename ${0}` creates a valid cacerts file for use with IcedTea."
++ echo ""
++ echo " -f --cafile The path to a file containing PEM formated CA"
++ echo " certificates. May not be used with -d/--cadir."
++ echo " -d --cadir The path to a diectory of PEM formatted CA"
++ echo " certificates. May not be used with -f/--cafile."
++ echo " -o --outfile The path to the output file."
++ echo ""
++ echo " -k --keytool The path to the java keytool utility."
++ echo ""
++ echo " -h --help Show this help message and exit."
++ echo ""
++ echo ""
++ }
++
++# Initialize empty variables so that the shell does not polute the script
++CAFILE=""
++CADIR=""
++OUTFILE=""
++KEYTOOL=""
++
++# Process command line arguments
++get_args ${@}
++
++# Handle common errors
++if test "${CAFILE}x" == "x" -a "${CADIR}x" == "x" ; then
++ echo "ERROR! You must provide an x509 certificate store!"
++ echo "\'$(basename ${0}) --help\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then
++ echo "ERROR! You cannot provide two x509 certificate stores!"
++ echo "\'$(basename ${0}) --help\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${KEYTOOL}x" == "x" ; then
++ echo "ERROR! You must provide a valid keytool program!"
++ echo "\'$(basename ${0}) --help\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${OUTFILE}x" == "x" ; then
++ echo "ERROR! You must provide a valid output file!"
++ echo "\'$(basename ${0}) --help\' for more info."
++ echo ""
++ exit 1
++fi
++
++# Get on with the work
++
++# If using a CAFILE, split it into individual files in a temp directory
++if test "${CAFILE}x" != "x" ; then
++ TEMPDIR=`mktemp -d`
++ CADIR="${TEMPDIR}"
++
++ # Get a list of staring lines for each cert
++ CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1`
++
++ # Get a list of ending lines for each cert
++ ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1`
++
++ # Start a loop
++ for certbegin in `echo "${CERTLIST}"` ; do
++ for certend in `echo "${ENDCERTLIST}"` ; do
++ if test "${certend}" -gt "${certbegin}"; then
++ break
++ fi
++ done
++ sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}"
++ keyhash=`openssl x509 -noout -in "${CADIR}/${certbegin}" -hash`
++ echo "Generated PEM file with hash: ${keyhash}."
++ mv "${CADIR}/${certbegin}" "${CADIR}/${keyhash}.pem"
++ done
++fi
++
++# Write the output file
++for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"`
++do
++ ls "${cert}"
++ tempfile=`mktemp`
++ certbegin=`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1`
++ certend=`grep -n "^-----END" "${cert}" | cut -d ":" -f 1`
++ sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}"
++ echo yes | "${KEYTOOL}" -import -alias `basename "${cert}"` -keystore \
++ "${OUTFILE}" -storepass 'changeit' -file "${tempfile}"
++ rm "${tempfile}"
++done
++
++if test "${TEMPDIR}x" != "x" ; then
++ rm -rf "${TEMPDIR}"
++fi
++exit 0
++