Date: Sunday, October 24, 2010 @ 09:34:03
Author: pierre
Revision: 96730
upstream update
Added:
ca-certificates-java/trunk/jks-keystore.hook.patch
Modified:
ca-certificates-java/trunk/PKGBUILD
ca-certificates-java/trunk/ca-certificates-java.install
ca-certificates-java/trunk/init-jks-keystore
------------------------------+
PKGBUILD | 73 ++++++++++++++++++---------
ca-certificates-java.install | 19 ++-----
init-jks-keystore | 107 ++++++++++++++++++++---------------------
jks-keystore.hook.patch | 44 ++++++++++++++++
4 files changed, 153 insertions(+), 90 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-10-24 12:38:03 UTC (rev 96729)
+++ PKGBUILD 2010-10-24 13:34:03 UTC (rev 96730)
@@ -2,36 +2,59 @@
# Maintainer: Jan de Groot <j...@archlinux.org>
pkgname=ca-certificates-java
-pkgver=20090629
-pkgrel=2
+pkgver=20100412
+pkgrel=1
pkgdesc='Common CA certificates (JKS keystore)'
-arch=(any)
+arch=('any')
url='http://packages.qa.debian.org/c/ca-certificates-java.html'
license=('GPL')
-depends=('ca-certificates')
-makedepends=('java-runtime')
-install=ca-certificates-java.install
-source=(jks-keystore.hook init-jks-keystore default)
-md5sums=('c7f271d9a2efbd5c2c00a1c0d66efa64'
- 'f253225bebcc9e9faa331d8e9fb39c1d'
- '0ded97abeff69c2362939e2e881e214a')
+depends=('ca-certificates' 'nss')
+makedepends=('openjdk6')
+install='ca-certificates-java.install'
+source=("http://ftp.debian.org/debian/pool/main/c/${pkgname}/${pkgname}_${pkgver}.tar.gz";
+ 'jks-keystore.hook.patch' 'init-jks-keystore')
+md5sums=('16a5d04148d17923a4d838214dd9b867'
+ 'e2009af18d0c61d067117ca982dee97f'
+ '82dcec93bb328ae68db33c8177fb3858')
build() {
- cd "${srcdir}"
- install -d -m755 "${pkgdir}/etc/ca-certificates/update.d"
- install -d -m755 "${pkgdir}/etc/ssl/certs/java"
- install -d -m755 "${pkgdir}/etc/default"
- install -d -m755 "${pkgdir}/usr/share/ca-certificates-java"
- install -d -m755 "${pkgdir}/usr/sbin"
+ cd ${srcdir}
- install -m755 jks-keystore.hook
"${pkgdir}/etc/ca-certificates/update.d/jks-keystore" || return 1
- install -m600 default "${pkgdir}/etc/default/cacerts" || return 1
- install -m755 init-jks-keystore "${pkgdir}/usr/sbin/" || return 1
+ patch -p0 -i ${srcdir}/jks-keystore.hook.patch
${pkgname}-${pkgver}/debian/jks-keystore.hook
- for crt in `find /usr/share/ca-certificates -name '*.crt' -printf '%P '`; do
- alias=`basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _`
- alias=${alias%*_}
- echo "IMPORT: $crt, alias=$alias"
- keytool -importcert -trustcacerts -keystore
"${pkgdir}/usr/share/ca-certificates-java/cacerts" -storepass 'changeit'
-noprompt -alias "$alias" -file "/usr/share/ca-certificates/$crt" || continue
- done
+ mkdir build
+ cd build
+
+ for crt in $(find /usr/share/ca-certificates -name '*.crt' -printf '%P
'); do
+ alias=$(basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
+ echo "IMPORT: $crt, alias=$alias"
+ if keytool -importcert -trustcacerts -keystore cacerts \
+ -storepass 'changeit' -noprompt \
+ -alias "$alias" -file "/usr/share/ca-certificates/$crt"
> keytool.log 2>&1; then
+ cat keytool.log
+ elif keytool -importcert -trustcacerts -keystore cacerts \
+ -providerClass sun.security.pkcs11.SunPKCS11 \
+ -providerArg
'/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+ -storepass 'changeit' -noprompt \
+ -alias "$alias" -file "/usr/share/ca-certificates/$crt"
> keytool.log 2>&1; then
+ cat keytool.log
+ elif grep -q 'Signature not available' keytool.log; then
+ echo "IGNORED IMPORT: $crt, alias=$alias"
+ cat keytool.log
+ else
+ cat keytool.log
+ false
+ fi
+ done
}
+
+package() {
+ cd ${srcdir}/${pkgname}-${pkgver}
+
+ install -d -m755 ${pkgdir}/etc/ssl/certs/java
+ install -D -m755 debian/jks-keystore.hook
${pkgdir}/etc/ca-certificates/update.d/jks-keystore
+ install -D -m644 ${srcdir}/build/cacerts
${pkgdir}/usr/share/ca-certificates-java/cacerts
+ install -D -m600 debian/default ${pkgdir}/etc/default/cacerts
+ install -D -m755 ${srcdir}/init-jks-keystore
${pkgdir}/usr/sbin/init-jks-keystore
+}
\ No newline at end of file
Modified: ca-certificates-java.install
===================================================================
--- ca-certificates-java.install 2010-10-24 12:38:03 UTC (rev 96729)
+++ ca-certificates-java.install 2010-10-24 13:34:03 UTC (rev 96730)
@@ -1,20 +1,15 @@
post_install() {
- if [ ! -f /etc/ssl/certs/java/cacerts ]; then
- for jvm in /usr/lib/jvm/java-6-openjdk /opt/java/jre; do
- if [ -x $jvm/bin/keytool ]; then
- break
- fi
- done
- if [ -x $jvm/bin/keytool ]; then
- /usr/sbin/init-jks-keystore
- fi
- fi
+ if [ ! -f /etc/ssl/certs/java/cacerts ]; then
+ if [ -x /usr/lib/jvm/java-6-openjdk/bin/keytool ]; then
+ /usr/sbin/init-jks-keystore
+ fi
+ fi
}
post_upgrade() {
- post_install
+ post_install
}
post_remove() {
- rm -rf /etc/ssl/certs/java
+ rm -rf /etc/ssl/certs/java
}
Modified: init-jks-keystore
===================================================================
--- init-jks-keystore 2010-10-24 12:38:03 UTC (rev 96729)
+++ init-jks-keystore 2010-10-24 13:34:03 UTC (rev 96730)
@@ -1,74 +1,75 @@
#!/bin/bash
-for jvm in /usr/lib/jvm/java-6-openjdk /opt/java/jre; do
- if [ -x $jvm/bin/keytool ]; then
- break
- fi
-done
-if [ ! -x $jvm/bin/keytool ]; then
- echo "No supported JRE installed"
- exit 1
-fi
-export JAVA_HOME=$jvm
-PATH=$JAVA_HOME/bin:$PATH
KEYSTORE=/etc/ssl/certs/java/cacerts
+
storepass='changeit'
if [ -f /etc/default/cacerts ]; then
- . /etc/default/cacerts
+ . /etc/default/cacerts
fi
-echo "creating $KEYSTORE..."
-cp /usr/share/ca-certificates-java/cacerts $KEYSTORE
cacertdir=/usr/share/ca-certificates
+log=$(mktemp)
+
+# aliases of pregenerated files
pregenerated=$(mktemp)
LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
- | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
- | sort > $pregenerated
+ | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
+ | sort > $pregenerated
grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
errors=0
-log=$(mktemp)
while read line; do
- pem=${line#!*}
- alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
- alias=${alias%*_}
- case "$line" in
- !*)
- if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
- -storepass "$storepass" -alias "$alias" > /dev/null
- then
- echo " removed untrusted certificate $pem"
- fi
- ;;
-
- *)
- if [ ! -f "$cacertdir/$pem" ]; then
- echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
- echo >&2 "warning: but $cacertdir/$pem does not exist."
- continue
- fi
- if ! grep -q "^${alias}$" $pregenerated; then
- if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore
$KEYSTORE \
- -noprompt -storepass "$storepass" \
- -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
- then
- echo " added certificate $pem $alias"
- elif grep -q 'Signature not available' $log; then
- echo " ignored import, signature not available: ${line#+*}"
- cat $log
- else
- echo >&2 " error adding ${line#+*}"
- errors=$(expr $errors + 1)
- fi
- fi
- esac
+ pem=${line#!*}
+ alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
+ case "$line" in
+ !*)
+ # remove untrusted certificate
+ if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+ -storepass "$storepass" -alias "$alias" >/dev/null
+ then
+ echo " removed untrusted certificate $pem"
+ else
+ # not (anymore) in keystore
+ :
+ fi;;
+ *)
+ # add certificate not yet in keystore
+ if [ ! -f "$cacertdir/$pem" ]; then
+ echo >&2 "warning: /etc/ca-certificates.conf lists
$pem,"
+ echo >&2 "warning: but $cacertdir/$pem does not
exist."
+ continue
+ fi
+ if ! grep -q "^${alias}$" $pregenerated; then
+ if LANG=C LC_ALL=C keytool -importcert -trustcacerts
-keystore $KEYSTORE \
+ -noprompt -storepass "$storepass" \
+ -alias "$alias" -file "$cacertdir/$pem" > $log
2>&1
+ then
+ echo " added certificate $pem"
+ elif LANG=C LC_ALL=C keytool -importcert -trustcacerts
-keystore $KEYSTORE \
+ -providerClass sun.security.pkcs11.SunPKCS11 \
+ -providerArg
'/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+ -noprompt -storepass "$storepass" \
+ -alias "$alias" -file "$cacertdir/$pem" > $log
2>&1
+ then
+ echo " added certificate $pem (using NSS
provider)"
+ elif grep -q 'Signature not available' $log; then
+ echo " ignored import, signature not
available: ${line#+*}"
+ sed -e 's/^/ -> /' $log
+ else
+ echo >&2 " error adding ${line#+*}"
+ errors=$(expr $errors + 1)
+ fi
+ fi
+ esac
done
rm -f $log
-
rm -f $pregenerated
if [ $errors -gt 0 ]; then
- echo >&2 "failed."
- exit 1
+ echo >&2 "failed (VM used: $jvm)."
+ exit 1
fi
echo "done."
)
+
+exit 0
Added: jks-keystore.hook.patch
===================================================================
--- jks-keystore.hook.patch (rev 0)
+++ jks-keystore.hook.patch 2010-10-24 13:34:03 UTC (rev 96730)
@@ -0,0 +1,44 @@
+--- jks-keystore.hook 2010-04-11 20:47:48.000000000 +0200
++++ jks-keystore.hook 2010-10-24 14:52:38.837234542 +0200
+@@ -28,14 +28,6 @@
+ export JAVA_HOME=/usr/lib/jvm/$jvm
+ PATH=$JAVA_HOME/bin:$PATH
+
+-temp_jvm_cfg=
+-if [ ! -f /etc/$jvm/jvm.cfg ]; then
+- # the jre is not yet configured, but jvm.cfg is needed to run it
+- temp_jvm_cfg=/etc/$jvm/jvm.cfg
+- mkdir -p /etc/$jvm
+- printf -- "-server KNOWN\n" > $temp_jvm_cfg
+-fi
+-
+ # read lines of the form: [+-]/etc/ssl/certs/*.pem
+
+ echo "updating keystore $KEYSTORE..."
+@@ -62,7 +54,7 @@
+ elif LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+ -keystore $KEYSTORE -noprompt -storepass "$storepass" \
+ -providerClass sun.security.pkcs11.SunPKCS11 \
+- -providerArg '${java.home}/lib/security/nss.cfg' \
++ -providerArg
'/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+ -alias "$alias" -file "$pem" > $log 2>&1
+ then
+ echo " added: ${line#+*} (using NSS provider)"
+@@ -85,7 +77,7 @@
+ elif LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+ -noprompt -storepass "$storepass" \
+ -providerClass sun.security.pkcs11.SunPKCS11 \
+- -providerArg '${java.home}/lib/security/nss.cfg' \
++ -providerArg
'/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+ -alias "$alias"
+ then
+ echo " removed ${line#-*} (using NSS provider)"
+@@ -103,8 +95,6 @@
+ done
+ rm -f $log
+
+-[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
+-
+ if [ $errors -gt 0 ]; then
+ echo >&2 "failed (VM used: $jvm)."
+ exit 1
