diff options
Diffstat (limited to 'main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch')
| -rw-r--r-- | main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch | 341 |
1 files changed, 0 insertions, 341 deletions
diff --git a/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch b/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch deleted file mode 100644 index 9f3074dff4..0000000000 --- a/main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch +++ /dev/null @@ -1,341 +0,0 @@ ---- icedtea6-1.10.4/Makefile.am -+++ icedtea6-1.10.4.mod/Makefile.am -@@ -1376,6 +1376,19 @@ - if ENABLE_JAMVM - printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_JRE_ARCH_DIR)/jvm.cfg - endif -+if GENERATE_CACERTS -+ if test -n "${CADIR}"; then \ -+ sh scripts/mkcacerts.sh -d "${CADIR}" \ -+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ -+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ -+ else \ -+ sh scripts/mkcacerts.sh -f "${CAFILE}" \ -+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ -+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ -+ fi; \ -+ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ -+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; -+endif - @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR) - mkdir -p stamps - touch stamps/icedtea.stamp -@@ -1407,6 +1420,19 @@ - if ENABLE_JAMVM - printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_DEBUG_JRE_ARCH_DIR)/jvm.cfg - endif -+if GENERATE_CACERTS -+ if test -n "${CADIR}"; then \ -+ sh scripts/mkcacerts.sh -d "${CADIR}" \ -+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ -+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ -+ else \ -+ sh scripts/mkcacerts.sh -f "${CAFILE}" \ -+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \ -+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \ -+ fi; \ -+ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \ -+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts; -+endif - @echo "IcedTea (debug build) is served:" \ - $(DEBUG_BUILD_OUTPUT_DIR) - mkdir -p stamps -@@ -1457,7 +1483,7 @@ - $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ - fi - cp $(abs_top_builddir)/tapset/jstack.stp \ -- $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp -+ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; - endif - touch stamps/add-systemtap.stamp - -@@ -1483,7 +1509,7 @@ - $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \ - fi - cp $(abs_top_builddir)/tapset/jstack.stp \ -- $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp -+ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp; - endif - touch stamps/add-systemtap-debug.stamp - ---- icedtea6-1.10.4/Makefile.in -+++ icedtea6-1.10.4.mod/Makefile.in -@@ -175,6 +175,8 @@ - BUILD_ARCH_DIR = @BUILD_ARCH_DIR@ - BUILD_OS_DIR = @BUILD_OS_DIR@ - CACAO_IMPORT_PATH = @CACAO_IMPORT_PATH@ -+CADIR = @CADIR@ -+CAFILE = @CAFILE@ - CC = @CC@ - CCDEPMODE = @CCDEPMODE@ - CFLAGS = @CFLAGS@ ---- icedtea6-1.10.4/acinclude.m4 -+++ icedtea6-1.10.4.mod/acinclude.m4 -@@ -1677,3 +1677,94 @@ - AM_CONDITIONAL([CP40188_JAVAH], test x"${it_cv_cp40188_javah}" = "xyes") - AC_PROVIDE([$0])dnl - ]) -+ -+--- acinclude.m4 2011-01-22 21:34:29.000000000 -0600 -++++ acinclude.m4 2011-01-22 21:34:58.000000000 -0600 -+@@ -316,6 +316,91 @@ -+ AM_CONDITIONAL([SRC_DIR_HARDLINKABLE], test x"${it_cv_hardlink_src}" = "xyes") -+ ]) -+ -+AC_DEFUN([IT_GENERATE_CACERTS], -+[ -+ AC_MSG_CHECKING([whether to generate a cacerts file for distribution]) -+ AC_ARG_ENABLE([cacerts], -+ [AS_HELP_STRING(--enable-cacerts, generate a cacerts file for distribution [[default=no]])], -+ [ -+ case "${enableval}" in -+ no) -+ generate_cacerts=no -+ ;; -+ *) -+ generate_cacerts=yes -+ ;; -+ esac -+ ], -+ [ -+ generate_cacerts=no -+ ]) -+ AC_MSG_RESULT([$generate_cacerts]) -+ AM_CONDITIONAL([GENERATE_CACERTS], test x"${generate_cacerts}" = "xyes") -+]) -+ -+AC_DEFUN([IT_GET_LOCAL_CACERTS], -+[ -+ AC_MSG_CHECKING([for a local x509 certificate directory]) -+ AC_ARG_WITH([ca-dir], -+ [AS_HELP_STRING(--with-ca-dir=DIR, specify a top-level local x509 certificate directory)], -+ [ -+ if test -d "${withval}"; then -+ CADIR="${withval}" -+ fi -+ ], -+ [ -+ CADIR= -+ ]) -+ if test -z "${CADIR}"; then -+ for dir in /etc/pki/tls/certs \ -+ /usr/share/ca-certificates \ -+ /etc/ssl/certs \ -+ /etc/certs ; do -+ if test -d "${dir}"; then -+ CADIR="${dir}" -+ break -+ fi -+ done -+ if test -z "${CADIR}"; then -+ CADIR=no -+ fi -+ fi -+ AC_MSG_RESULT(${CADIR}) -+ AC_SUBST(CADIR) -+ -+ AC_MSG_CHECKING([for a local x509 certificate file]) -+ AC_ARG_WITH([ca-file], -+ [AS_HELP_STRING(--with-ca-file=FILE, specify a local x509 certificate file)], -+ [ -+ if test -f "${withval}"; then -+ CAFILE="${withval}" -+ fi -+ ], -+ [ -+ CAFILE= -+ ]) -+ if test -z "${CAFILE}"; then -+ for file in /etc/pki/tls/certs/ca-bundle.crt \ -+ /etc/ssl/certs/ca-bundle.crt \ -+ /etc/ssl/ca-bundle.crt \ -+ /etc/ca-bundle.crt ; do -+ if test -e "${file}"; then -+ CAFILE=$file -+ break -+ fi -+ done -+ if test -z "${CAFILE}"; then -+ CAFILE=no -+ fi -+ fi -+ AC_MSG_RESULT(${CAFILE}) -+ AC_SUBST(CAFILE) -+ if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then -+ AC_MSG_WARN([Could not find a suitable x509 certificate store.]) -+ AC_MSG_ERROR([Supply a valid location using --with-ca-dir or --with-ca-file, or remove the --enable-cacerts switch.]) -+ fi -+]) ---- icedtea6-1.10.4/configure.ac -+++ icedtea6-1.10.4.mod/configure.ac -@@ -138,6 +138,13 @@ - AC_MSG_RESULT([disabled by default (edit java.security to enable)]) - fi - -+IT_GENERATE_CACERTS -+ -+if test "x${generate_cacerts}" = "xyes" -+then -+ IT_GET_LOCAL_CACERTS -+fi -+ - IT_GET_PKGVERSION - IT_GET_LSB_DATA - ---- /dev/null -+++ icedtea6-1.10.4.mod/scripts/mkcacerts.sh -@@ -0,0 +1,154 @@ -+#!/bin/sh -+# Simple script to extract x509 certificates and create a JRE cacerts file. -+ -+get_args() -+ { -+ if test -z "${1}" ; then -+ showhelp -+ exit 1 -+ fi -+ -+ while test -n "${1}" ; do -+ case "${1}" in -+ -f | --cafile) -+ check_arg $1 $2 -+ CAFILE="${2}" -+ shift 2 -+ ;; -+ -d | --cadir) -+ check_arg $1 $2 -+ CADIR="${2}" -+ shift 2 -+ ;; -+ -o | --outfile) -+ check_arg $1 $2 -+ OUTFILE="${2}" -+ shift 2 -+ ;; -+ -k | --keytool) -+ check_arg $1 $2 -+ KEYTOOL="${2}" -+ shift 2 -+ ;; -+ -h | --help) -+ showhelp -+ exit 0 -+ ;; -+ *) -+ showhelp -+ exit 1 -+ ;; -+ esac -+ done -+ } -+ -+check_arg() -+ { -+ echo "${2}" | grep -v "^-" > /dev/null -+ if [ -z "$?" -o ! -n "$2" ]; then -+ echo "Error: $1 requires a valid argument." -+ exit 1 -+ fi -+ } -+ -+ -+showhelp() -+ { -+ echo "`basename ${0}` creates a valid cacerts file for use with IcedTea." -+ echo "" -+ echo " -f --cafile The path to a file containing PEM formated CA" -+ echo " certificates. May not be used with -d/--cadir." -+ echo " -d --cadir The path to a diectory of PEM formatted CA" -+ echo " certificates. May not be used with -f/--cafile." -+ echo " -o --outfile The path to the output file." -+ echo "" -+ echo " -k --keytool The path to the java keytool utility." -+ echo "" -+ echo " -h --help Show this help message and exit." -+ echo "" -+ echo "" -+ } -+ -+# Initialize empty variables so that the shell does not polute the script -+CAFILE="" -+CADIR="" -+OUTFILE="" -+KEYTOOL="" -+ -+# Process command line arguments -+get_args ${@} -+ -+# Handle common errors -+if test "${CAFILE}x" == "x" -a "${CADIR}x" == "x" ; then -+ echo "ERROR! You must provide an x509 certificate store!" -+ echo "\'$(basename ${0}) --help\' for more info." -+ echo "" -+ exit 1 -+fi -+ -+if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then -+ echo "ERROR! You cannot provide two x509 certificate stores!" -+ echo "\'$(basename ${0}) --help\' for more info." -+ echo "" -+ exit 1 -+fi -+ -+if test "${KEYTOOL}x" == "x" ; then -+ echo "ERROR! You must provide a valid keytool program!" -+ echo "\'$(basename ${0}) --help\' for more info." -+ echo "" -+ exit 1 -+fi -+ -+if test "${OUTFILE}x" == "x" ; then -+ echo "ERROR! You must provide a valid output file!" -+ echo "\'$(basename ${0}) --help\' for more info." -+ echo "" -+ exit 1 -+fi -+ -+# Get on with the work -+ -+# If using a CAFILE, split it into individual files in a temp directory -+if test "${CAFILE}x" != "x" ; then -+ TEMPDIR=`mktemp -d` -+ CADIR="${TEMPDIR}" -+ -+ # Get a list of staring lines for each cert -+ CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1` -+ -+ # Get a list of ending lines for each cert -+ ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1` -+ -+ # Start a loop -+ for certbegin in `echo "${CERTLIST}"` ; do -+ for certend in `echo "${ENDCERTLIST}"` ; do -+ if test "${certend}" -gt "${certbegin}"; then -+ break -+ fi -+ done -+ sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}" -+ keyhash=`openssl x509 -noout -in "${CADIR}/${certbegin}" -hash` -+ echo "Generated PEM file with hash: ${keyhash}." -+ mv "${CADIR}/${certbegin}" "${CADIR}/${keyhash}.pem" -+ done -+fi -+ -+# Write the output file -+for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"` -+do -+ ls "${cert}" -+ tempfile=`mktemp` -+ certbegin=`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1` -+ certend=`grep -n "^-----END" "${cert}" | cut -d ":" -f 1` -+ sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}" -+ echo yes | "${KEYTOOL}" -import -alias `basename "${cert}"` -keystore \ -+ "${OUTFILE}" -storepass 'changeit' -file "${tempfile}" -+ rm "${tempfile}" -+done -+ -+if test "${TEMPDIR}x" != "x" ; then -+ rm -rf "${TEMPDIR}" -+fi -+exit 0 -+ |