diff options
author | William Pitcock <nenolod@dereferenced.org> | 2011-11-19 12:01:21 -0600 |
---|---|---|
committer | William Pitcock <nenolod@dereferenced.org> | 2011-11-19 12:02:48 -0600 |
commit | 243643b43828fc7be9cb93d64dfe0dcff0967755 (patch) | |
tree | 46b4236d990fbf1adf3c8fbdeff1df4bc8f95145 /main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch | |
parent | 4f73d2d7b4f2ba743c47e8be0248da03661af1d7 (diff) | |
download | aports-243643b43828fc7be9cb93d64dfe0dcff0967755.tar.bz2 aports-243643b43828fc7be9cb93d64dfe0dcff0967755.tar.xz |
main/openjdk6: build java security certificates store from alpine ca-certificates package
Diffstat (limited to 'main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch')
-rw-r--r-- | main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch | 341 |
1 files changed, 341 insertions, 0 deletions
diff --git a/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch b/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch new file mode 100644 index 0000000000..97b6ce522c --- /dev/null +++ b/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch @@ -0,0 +1,341 @@ +--- icedtea6-1.10.4/Makefile.am ++++ icedtea6-1.10.4.mod/Makefile.am +@@ -1376,6 +1376,19 @@ + if ENABLE_JAMVM + printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_JRE_ARCH_DIR)/jvm.cfg + endif ++if GENERATE_CACERTS ++ if test -n "${CADIR}"; then \ ++ sh scripts/mkcacerts.sh -d "${CADIR}" \ ++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ ++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ ++ else \ ++ sh scripts/mkcacerts.sh -f "${CAFILE}" \ ++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ ++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ ++ fi; \ ++ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ ++ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; ++endif + @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR) + mkdir -p stamps + touch stamps/icedtea.stamp +@@ -1407,6 +1420,19 @@ + if ENABLE_JAMVM + printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_DEBUG_JRE_ARCH_DIR)/jvm.cfg + endif ++if GENERATE_CACERTS ++ if test -n "${CADIR}"; then \ ++ sh scripts/mkcacerts.sh -d "${CADIR}" \ ++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ ++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ ++ else \ ++ sh scripts/mkcacerts.sh -f "${CAFILE}" \ ++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ ++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ ++ fi; \ ++ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ ++ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; ++endif + @echo "IcedTea (debug build) is served:" \ + $(DEBUG_BUILD_OUTPUT_DIR) + mkdir -p stamps +@@ -1457,7 +1483,7 @@ + $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ + fi + cp $(abs_top_builddir)/tapset/jstack.stp \ +- $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp ++ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; + endif + touch stamps/add-systemtap.stamp + +@@ -1483,7 +1509,7 @@ + $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ + fi + cp $(abs_top_builddir)/tapset/jstack.stp \ +- $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp ++ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; + endif + touch stamps/add-systemtap-debug.stamp + +--- icedtea6-1.10.4/Makefile.in ++++ icedtea6-1.10.4.mod/Makefile.in +@@ -175,6 +175,8 @@ + BUILD_ARCH_DIR = @BUILD_ARCH_DIR@ + BUILD_OS_DIR = @BUILD_OS_DIR@ + CACAO_IMPORT_PATH = @CACAO_IMPORT_PATH@ ++CADIR = @CADIR@ ++CAFILE = @CAFILE@ + CC = @CC@ + CCDEPMODE = @CCDEPMODE@ + CFLAGS = @CFLAGS@ +--- icedtea6-1.10.4/acinclude.m4 ++++ icedtea6-1.10.4.mod/acinclude.m4 +@@ -1677,3 +1677,94 @@ + AM_CONDITIONAL([CP40188_JAVAH], test x"${it_cv_cp40188_javah}" = "xyes") + AC_PROVIDE([$0])dnl + ]) ++ ++--- acinclude.m4 2011-01-22 21:34:29.000000000 -0600 +++++ acinclude.m4 2011-01-22 21:34:58.000000000 -0600 ++@@ -316,6 +316,91 @@ ++ AM_CONDITIONAL([SRC_DIR_HARDLINKABLE], test x"${it_cv_hardlink_src}" = "xyes") ++ ]) ++ ++AC_DEFUN([IT_GENERATE_CACERTS], ++[ ++ AC_MSG_CHECKING([whether to generate a cacerts file for distribution]) ++ AC_ARG_ENABLE([cacerts], ++ [AS_HELP_STRING(--enable-cacerts, generate a cacerts file for distribution [[default=no]])], ++ [ ++ case "${enableval}" in ++ no) ++ generate_cacerts=no ++ ;; ++ *) ++ generate_cacerts=yes ++ ;; ++ esac ++ ], ++ [ ++ generate_cacerts=no ++ ]) ++ AC_MSG_RESULT([$generate_cacerts]) ++ AM_CONDITIONAL([GENERATE_CACERTS], test x"${generate_cacerts}" = "xyes") ++]) ++ ++AC_DEFUN([IT_GET_LOCAL_CACERTS], ++[ ++ AC_MSG_CHECKING([for a local x509 certificate directory]) ++ AC_ARG_WITH([ca-dir], ++ [AS_HELP_STRING(--with-ca-dir=DIR, specify a top-level local x509 certificate directory)], ++ [ ++ if test -d "${withval}"; then ++ CADIR="${withval}" ++ fi ++ ], ++ [ ++ CADIR= ++ ]) ++ if test -z "${CADIR}"; then ++ for dir in /etc/pki/tls/certs \ ++ /usr/share/ca-certificates \ ++ /etc/ssl/certs \ ++ /etc/certs ; do ++ if test -d "${dir}"; then ++ CADIR="${dir}" ++ break ++ fi ++ done ++ if test -z "${CADIR}"; then ++ CADIR=no ++ fi ++ fi ++ AC_MSG_RESULT(${CADIR}) ++ AC_SUBST(CADIR) ++ ++ AC_MSG_CHECKING([for a local x509 certificate file]) ++ AC_ARG_WITH([ca-file], ++ [AS_HELP_STRING(--with-ca-file=FILE, specify a local x509 certificate file)], ++ [ ++ if test -f "${withval}"; then ++ CAFILE="${withval}" ++ fi ++ ], ++ [ ++ CAFILE= ++ ]) ++ if test -z "${CAFILE}"; then ++ for file in /etc/pki/tls/certs/ca-bundle.crt \ ++ /etc/ssl/certs/ca-bundle.crt \ ++ /etc/ssl/ca-bundle.crt \ ++ /etc/ca-bundle.crt ; do ++ if test -e "${file}"; then ++ CAFILE=$file ++ break ++ fi ++ done ++ if test -z "${CAFILE}"; then ++ CAFILE=no ++ fi ++ fi ++ AC_MSG_RESULT(${CAFILE}) ++ AC_SUBST(CAFILE) ++ if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then ++ AC_MSG_WARN([Could not find a suitable x509 certificate store.]) ++ AC_MSG_ERROR([Supply a valid location using --with-ca-dir or --with-ca-file, or remove the --enable-cacerts switch.]) ++ fi ++]) +--- icedtea6-1.10.4/configure.ac ++++ icedtea6-1.10.4.mod/configure.ac +@@ -138,6 +138,13 @@ + AC_MSG_RESULT([disabled by default (edit java.security to enable)]) + fi + ++IT_GENERATE_CACERTS ++ ++if test "x${generate_cacerts}" = "xyes" ++then ++ IT_GET_LOCAL_CACERTS ++fi ++ + IT_GET_PKGVERSION + IT_GET_LSB_DATA + +--- /dev/null ++++ icedtea6-1.10.4.mod/scripts/mkcacerts.sh +@@ -0,0 +1,154 @@ ++#!/bin/sh ++# Simple script to extract x509 certificates and create a JRE cacerts file. ++ ++function get_args() ++ { ++ if test -z "${1}" ; then ++ showhelp ++ exit 1 ++ fi ++ ++ while test -n "${1}" ; do ++ case "${1}" in ++ -f | --cafile) ++ check_arg $1 $2 ++ CAFILE="${2}" ++ shift 2 ++ ;; ++ -d | --cadir) ++ check_arg $1 $2 ++ CADIR="${2}" ++ shift 2 ++ ;; ++ -o | --outfile) ++ check_arg $1 $2 ++ OUTFILE="${2}" ++ shift 2 ++ ;; ++ -k | --keytool) ++ check_arg $1 $2 ++ KEYTOOL="${2}" ++ shift 2 ++ ;; ++ -h | --help) ++ showhelp ++ exit 0 ++ ;; ++ *) ++ showhelp ++ exit 1 ++ ;; ++ esac ++ done ++ } ++ ++function check_arg() ++ { ++ echo "${2}" | grep -v "^-" > /dev/null ++ if [ -z "$?" -o ! -n "$2" ]; then ++ echo "Error: $1 requires a valid argument." ++ exit 1 ++ fi ++ } ++ ++ ++function showhelp() ++ { ++ echo "`basename ${0}` creates a valid cacerts file for use with IcedTea." ++ echo "" ++ echo " -f --cafile The path to a file containing PEM formated CA" ++ echo " certificates. May not be used with -d/--cadir." ++ echo " -d --cadir The path to a diectory of PEM formatted CA" ++ echo " certificates. May not be used with -f/--cafile." ++ echo " -o --outfile The path to the output file." ++ echo "" ++ echo " -k --keytool The path to the java keytool utility." ++ echo "" ++ echo " -h --help Show this help message and exit." ++ echo "" ++ echo "" ++ } ++ ++# Initialize empty variables so that the shell does not polute the script ++CAFILE="" ++CADIR="" ++OUTFILE="" ++KEYTOOL="" ++ ++# Process command line arguments ++get_args ${@} ++ ++# Handle common errors ++if test "${CAFILE}x" == "x" -a "${CADIR}x" == "x" ; then ++ echo "ERROR! You must provide an x509 certificate store!" ++ echo "\'$(basename ${0}) --help\' for more info." ++ echo "" ++ exit 1 ++fi ++ ++if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then ++ echo "ERROR! You cannot provide two x509 certificate stores!" ++ echo "\'$(basename ${0}) --help\' for more info." ++ echo "" ++ exit 1 ++fi ++ ++if test "${KEYTOOL}x" == "x" ; then ++ echo "ERROR! You must provide a valid keytool program!" ++ echo "\'$(basename ${0}) --help\' for more info." ++ echo "" ++ exit 1 ++fi ++ ++if test "${OUTFILE}x" == "x" ; then ++ echo "ERROR! You must provide a valid output file!" ++ echo "\'$(basename ${0}) --help\' for more info." ++ echo "" ++ exit 1 ++fi ++ ++# Get on with the work ++ ++# If using a CAFILE, split it into individual files in a temp directory ++if test "${CAFILE}x" != "x" ; then ++ TEMPDIR=`mktemp -d` ++ CADIR="${TEMPDIR}" ++ ++ # Get a list of staring lines for each cert ++ CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1` ++ ++ # Get a list of ending lines for each cert ++ ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1` ++ ++ # Start a loop ++ for certbegin in `echo "${CERTLIST}"` ; do ++ for certend in `echo "${ENDCERTLIST}"` ; do ++ if test "${certend}" -gt "${certbegin}"; then ++ break ++ fi ++ done ++ sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}" ++ keyhash=`openssl x509 -noout -in "${CADIR}/${certbegin}" -hash` ++ echo "Generated PEM file with hash: ${keyhash}." ++ mv "${CADIR}/${certbegin}" "${CADIR}/${keyhash}.pem" ++ done ++fi ++ ++# Write the output file ++for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"` ++do ++ ls "${cert}" ++ tempfile=`mktemp` ++ certbegin=`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1` ++ certend=`grep -n "^-----END" "${cert}" | cut -d ":" -f 1` ++ sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}" ++ echo yes | "${KEYTOOL}" -import -alias `basename "${cert}"` -keystore \ ++ "${OUTFILE}" -storepass 'changeit' -file "${tempfile}" ++ rm "${tempfile}" ++done ++ ++if test "${TEMPDIR}x" != "x" ; then ++ rm -rf "${TEMPDIR}" ++fi ++exit 0 ++ |