openjdk: add cacerts file to openjdk-jre

This commit is contained in:
Enno Boland 2014-12-17 19:17:15 +01:00
parent b5c4425d5f
commit 21d69e6cbe
2 changed files with 223 additions and 2 deletions

View File

@ -0,0 +1,214 @@
#!/bin/sh
# Script provided by http://www.linuxfromscratch.org/blfs/view/svn/general/openjdk.html#ojdk-certs
# EB 20141217: removed bashisms
# Simple script to extract x509 certificates and create a JRE cacerts file.
get_args()
{
if test -z "${1}" ; then
showhelp
exit 1
fi
while test -n "${1}" ; do
case "${1}" in
-f | --cafile)
check_arg $1 $2
CAFILE="${2}"
shift 2
;;
-d | --cadir)
check_arg $1 $2
CADIR="${2}"
shift 2
;;
-o | --outfile)
check_arg $1 $2
OUTFILE="${2}"
shift 2
;;
-k | --keytool)
check_arg $1 $2
KEYTOOL="${2}"
shift 2
;;
-s | --openssl)
check_arg $1 $2
OPENSSL="${2}"
shift 2
;;
-h | --help)
showhelp
exit 0
;;
*)
showhelp
exit 1
;;
esac
done
}
check_arg()
{
echo "${2}" | grep -v "^-" > /dev/null
if [ -z "$?" -o ! -n "$2" ]; then
echo "Error: $1 requires a valid argument."
exit 1
fi
}
# The date binary is not reliable on 32bit systems for dates after 2038
mydate()
{
local y=$( echo $1 | cut -d" " -f4 )
local M=$( echo $1 | cut -d" " -f1 )
local d=$( echo $1 | cut -d" " -f2 )
local m
if [ ${d} -lt 10 ]; then d="0${d}"; fi
case $M in
Jan) m="01";;
Feb) m="02";;
Mar) m="03";;
Apr) m="04";;
May) m="05";;
Jun) m="06";;
Jul) m="07";;
Aug) m="08";;
Sep) m="09";;
Oct) m="10";;
Nov) m="11";;
Dec) m="12";;
esac
certdate="${y}${m}${d}"
}
showhelp()
{
echo "`basename ${0}` creates a valid cacerts file for use with IcedTea."
echo ""
echo " -f --cafile The path to a file containing PEM"
echo " formated CA certificates. May not be"
echo " used with -d/--cadir."
echo ""
echo " -d --cadir The path to a directory of PEM formatted"
echo " CA certificates. May not be used with"
echo " -f/--cafile."
echo ""
echo " -o --outfile The path to the output file."
echo ""
echo " -k --keytool The path to the java keytool utility."
echo ""
echo " -s --openssl The path to the openssl utility."
echo ""
echo " -h --help Show this help message and exit."
echo ""
echo ""
}
# Initialize empty variables so that the shell does not pollute the script
CAFILE=""
CADIR=""
OUTFILE=""
OPENSSL=""
KEYTOOL=""
certdate=""
date=""
today=$( date +%Y%m%d )
# Process command line arguments
get_args ${@}
# Handle common errors
if test "${CAFILE}x" = "x" -a "${CADIR}x" = "x" ; then
echo "ERROR! You must provide an x509 certificate store!"
echo "\'$(basename ${0}) --help\' for more info."
echo ""
exit 1
fi
if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then
echo "ERROR! You cannot provide two x509 certificate stores!"
echo "\'$(basename ${0}) --help\' for more info."
echo ""
exit 1
fi
if test "${KEYTOOL}x" = "x" ; then
echo "ERROR! You must provide a valid keytool program!"
echo "\'$(basename ${0}) --help\' for more info."
echo ""
exit 1
fi
if test "${OPENSSL}x" = "x" ; then
echo "ERROR! You must provide a valid path to openssl!"
echo "\'$(basename ${0}) --help\' for more info."
echo ""
exit 1
fi
if test "${OUTFILE}x" = "x" ; then
echo "ERROR! You must provide a valid output file!"
echo "\'$(basename ${0}) --help\' for more info."
echo ""
exit 1
fi
# Get on with the work
# If using a CAFILE, split it into individual files in a temp directory
if test "${CAFILE}x" != "x" ; then
TEMPDIR=`mktemp -d`
CADIR="${TEMPDIR}"
# Get a list of staring lines for each cert
CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1`
# Get a list of ending lines for each cert
ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1`
# Start a loop
for certbegin in ${CERTLIST} ; do
for certend in ${ENDCERTLIST} ; do
if test "${certend}" -gt "${certbegin}"; then
break
fi
done
sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}.pem"
keyhash=`${OPENSSL} x509 -noout -in "${CADIR}/${certbegin}.pem" -hash`
echo "Generated PEM file with hash: ${keyhash}."
done
fi
# Write the output file
for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"`
do
# Make sure the certificate date is valid...
date=$( ${OPENSSL} x509 -enddate -in "${cert}" -noout | sed 's/^notAfter=//' )
mydate "${date}"
if test "${certdate}" -lt "${today}" ; then
echo "${cert} expired on ${certdate}! Skipping..."
unset date certdate
continue
fi
unset date certdate
ls "${cert}"
tempfile=`mktemp`
sed -n "/^-----BEGIN/,/^-----END/p" "${cert}" > "${tempfile}"
echo yes | env LC_ALL=C "${KEYTOOL}" -import \
-alias `basename "${cert}"` \
-keystore "${OUTFILE}" \
-storepass 'changeit' \
-file "${tempfile}"
rm "${tempfile}"
done
if test "${TEMPDIR}x" != "x" ; then
rm -rf "${TEMPDIR}"
fi
exit 0

View File

@ -12,7 +12,7 @@ _openjdk_version="openjdk-1.8.0_${_jdk_update}"
# Template file for 'openjdk' # Template file for 'openjdk'
pkgname=openjdk pkgname=openjdk
version=${_java_ver}u${_jdk_update} version=${_java_ver}u${_jdk_update}
revision=1 revision=2
nocross=yes nocross=yes
wrksrc=jdk8u-jdk8u${_jdk_update}-b${_jdk_build}/ wrksrc=jdk8u-jdk8u${_jdk_update}-b${_jdk_build}/
build_style=gnu-configure build_style=gnu-configure
@ -26,7 +26,7 @@ configure_args="
$(vopt_if oracle_bootstrap --with-boot-jdk=/usr/lib/jvm/oracle-jdk \ $(vopt_if oracle_bootstrap --with-boot-jdk=/usr/lib/jvm/oracle-jdk \
--with-boot-jdk=/usr/lib/jvm/openjdk)" --with-boot-jdk=/usr/lib/jvm/openjdk)"
make_build_args="DEBUG_BINARIES=true docs all" make_build_args="DEBUG_BINARIES=true docs all"
hostmakedepends="pkg-config cpio unzip zip" hostmakedepends="pkg-config cpio unzip zip ca-certificates libressl-openssl"
case "$XBPS_MACHINE" in case "$XBPS_MACHINE" in
arm*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk-arm openjdk)";; arm*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk-arm openjdk)";;
*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk openjdk)";; *) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk openjdk)";;
@ -86,6 +86,13 @@ post_extract() {
post_install() { post_install() {
rm -rf ${DESTDIR}/usr/lib/bin rm -rf ${DESTDIR}/usr/lib/bin
vinstall ${FILESDIR}/mkcacerts 755 usr/lib/jvm/$_openjdk_version/jre/bin
vmkdir usr/lib/jvm/$_openjdk_version/jre/lib/security
sh ${FILESDIR}/mkcacerts \
-d "/usr/share/ca-certificates/" \
-s "/usr/bin/openssl" \
-k "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/bin/keytool" \
-o "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/lib/security/cacerts"
vlicense ASSEMBLY_EXCEPTION vlicense ASSEMBLY_EXCEPTION
vlicense LICENSE vlicense LICENSE
vlicense THIRD_PARTY_README vlicense THIRD_PARTY_README