From 21d69e6cbe1730a5cf95500153eba543eefd61f7 Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Wed, 17 Dec 2014 19:17:15 +0100 Subject: [PATCH] openjdk: add cacerts file to openjdk-jre --- srcpkgs/openjdk/files/mkcacerts | 214 ++++++++++++++++++++++++++++++++ srcpkgs/openjdk/template | 11 +- 2 files changed, 223 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/openjdk/files/mkcacerts diff --git a/srcpkgs/openjdk/files/mkcacerts b/srcpkgs/openjdk/files/mkcacerts new file mode 100644 index 00000000000..2db5a77bb05 --- /dev/null +++ b/srcpkgs/openjdk/files/mkcacerts @@ -0,0 +1,214 @@ +#!/bin/sh +# Script provided by http://www.linuxfromscratch.org/blfs/view/svn/general/openjdk.html#ojdk-certs +# EB 20141217: removed bashisms +# Simple script to extract x509 certificates and create a JRE cacerts file. + +get_args() + { + if test -z "${1}" ; then + showhelp + exit 1 + fi + + while test -n "${1}" ; do + case "${1}" in + -f | --cafile) + check_arg $1 $2 + CAFILE="${2}" + shift 2 + ;; + -d | --cadir) + check_arg $1 $2 + CADIR="${2}" + shift 2 + ;; + -o | --outfile) + check_arg $1 $2 + OUTFILE="${2}" + shift 2 + ;; + -k | --keytool) + check_arg $1 $2 + KEYTOOL="${2}" + shift 2 + ;; + -s | --openssl) + check_arg $1 $2 + OPENSSL="${2}" + shift 2 + ;; + -h | --help) + showhelp + exit 0 + ;; + *) + showhelp + exit 1 + ;; + esac + done + } + +check_arg() + { + echo "${2}" | grep -v "^-" > /dev/null + if [ -z "$?" -o ! -n "$2" ]; then + echo "Error: $1 requires a valid argument." + exit 1 + fi + } + +# The date binary is not reliable on 32bit systems for dates after 2038 +mydate() + { + local y=$( echo $1 | cut -d" " -f4 ) + local M=$( echo $1 | cut -d" " -f1 ) + local d=$( echo $1 | cut -d" " -f2 ) + local m + + if [ ${d} -lt 10 ]; then d="0${d}"; fi + + case $M in + Jan) m="01";; + Feb) m="02";; + Mar) m="03";; + Apr) m="04";; + May) m="05";; + Jun) m="06";; + Jul) m="07";; + Aug) m="08";; + Sep) m="09";; + Oct) m="10";; + Nov) m="11";; + Dec) m="12";; + esac + + certdate="${y}${m}${d}" + } + +showhelp() + { + echo "`basename ${0}` creates a valid cacerts file for use with IcedTea." + echo "" + echo " -f --cafile The path to a file containing PEM" + echo " formated CA certificates. May not be" + echo " used with -d/--cadir." + echo "" + echo " -d --cadir The path to a directory of PEM formatted" + echo " CA certificates. May not be used with" + echo " -f/--cafile." + echo "" + echo " -o --outfile The path to the output file." + echo "" + echo " -k --keytool The path to the java keytool utility." + echo "" + echo " -s --openssl The path to the openssl utility." + echo "" + echo " -h --help Show this help message and exit." + echo "" + echo "" + } + +# Initialize empty variables so that the shell does not pollute the script +CAFILE="" +CADIR="" +OUTFILE="" +OPENSSL="" +KEYTOOL="" +certdate="" +date="" +today=$( date +%Y%m%d ) + +# Process command line arguments +get_args ${@} + +# Handle common errors +if test "${CAFILE}x" = "x" -a "${CADIR}x" = "x" ; then + echo "ERROR! You must provide an x509 certificate store!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then + echo "ERROR! You cannot provide two x509 certificate stores!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${KEYTOOL}x" = "x" ; then + echo "ERROR! You must provide a valid keytool program!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${OPENSSL}x" = "x" ; then + echo "ERROR! You must provide a valid path to openssl!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +if test "${OUTFILE}x" = "x" ; then + echo "ERROR! You must provide a valid output file!" + echo "\'$(basename ${0}) --help\' for more info." + echo "" + exit 1 +fi + +# Get on with the work + +# If using a CAFILE, split it into individual files in a temp directory +if test "${CAFILE}x" != "x" ; then + TEMPDIR=`mktemp -d` + CADIR="${TEMPDIR}" + + # Get a list of staring lines for each cert + CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1` + + # Get a list of ending lines for each cert + ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1` + + # Start a loop + for certbegin in ${CERTLIST} ; do + for certend in ${ENDCERTLIST} ; do + if test "${certend}" -gt "${certbegin}"; then + break + fi + done + sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}.pem" + keyhash=`${OPENSSL} x509 -noout -in "${CADIR}/${certbegin}.pem" -hash` + echo "Generated PEM file with hash: ${keyhash}." + done +fi + +# Write the output file +for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"` +do + + # Make sure the certificate date is valid... + date=$( ${OPENSSL} x509 -enddate -in "${cert}" -noout | sed 's/^notAfter=//' ) + mydate "${date}" + if test "${certdate}" -lt "${today}" ; then + echo "${cert} expired on ${certdate}! Skipping..." + unset date certdate + continue + fi + unset date certdate + ls "${cert}" + tempfile=`mktemp` + sed -n "/^-----BEGIN/,/^-----END/p" "${cert}" > "${tempfile}" + echo yes | env LC_ALL=C "${KEYTOOL}" -import \ + -alias `basename "${cert}"` \ + -keystore "${OUTFILE}" \ + -storepass 'changeit' \ + -file "${tempfile}" + rm "${tempfile}" +done + +if test "${TEMPDIR}x" != "x" ; then + rm -rf "${TEMPDIR}" +fi +exit 0 diff --git a/srcpkgs/openjdk/template b/srcpkgs/openjdk/template index b0a4550f335..56e49bc84f9 100644 --- a/srcpkgs/openjdk/template +++ b/srcpkgs/openjdk/template @@ -12,7 +12,7 @@ _openjdk_version="openjdk-1.8.0_${_jdk_update}" # Template file for 'openjdk' pkgname=openjdk version=${_java_ver}u${_jdk_update} -revision=1 +revision=2 nocross=yes wrksrc=jdk8u-jdk8u${_jdk_update}-b${_jdk_build}/ build_style=gnu-configure @@ -26,7 +26,7 @@ configure_args=" $(vopt_if oracle_bootstrap --with-boot-jdk=/usr/lib/jvm/oracle-jdk \ --with-boot-jdk=/usr/lib/jvm/openjdk)" make_build_args="DEBUG_BINARIES=true docs all" -hostmakedepends="pkg-config cpio unzip zip" +hostmakedepends="pkg-config cpio unzip zip ca-certificates libressl-openssl" case "$XBPS_MACHINE" in arm*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk-arm openjdk)";; *) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk openjdk)";; @@ -86,6 +86,13 @@ post_extract() { post_install() { rm -rf ${DESTDIR}/usr/lib/bin + vinstall ${FILESDIR}/mkcacerts 755 usr/lib/jvm/$_openjdk_version/jre/bin + vmkdir usr/lib/jvm/$_openjdk_version/jre/lib/security + sh ${FILESDIR}/mkcacerts \ + -d "/usr/share/ca-certificates/" \ + -s "/usr/bin/openssl" \ + -k "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/bin/keytool" \ + -o "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/lib/security/cacerts" vlicense ASSEMBLY_EXCEPTION vlicense LICENSE vlicense THIRD_PARTY_README