Date: Tuesday, April 26, 2011 @ 17:44:45 Author: pierre Revision: 120865
upstream update; make use of UpdateCertificates Added: ca-certificates-java/trunk/jks-keystore.hook Modified: ca-certificates-java/trunk/PKGBUILD ca-certificates-java/trunk/ca-certificates-java.install ca-certificates-java/trunk/init-jks-keystore Deleted: ca-certificates-java/trunk/jks-keystore.hook.patch ------------------------------+ PKGBUILD | 48 +++++-------------------- ca-certificates-java.install | 8 ++-- init-jks-keystore | 76 +++-------------------------------------- jks-keystore.hook | 16 ++++++++ jks-keystore.hook.patch | 51 --------------------------- 5 files changed, 37 insertions(+), 162 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2011-04-26 21:44:03 UTC (rev 120864) +++ PKGBUILD 2011-04-26 21:44:45 UTC (rev 120865) @@ -2,59 +2,33 @@ # Maintainer: Jan de Groot <[email protected]> pkgname=ca-certificates-java -pkgver=20110421~nmu1 +pkgver=20110426 pkgrel=1 pkgdesc='Common CA certificates (JKS keystore)' arch=('any') url='http://packages.qa.debian.org/c/ca-certificates-java.html' license=('GPL') -depends=('ca-certificates' 'nss') +depends=('ca-certificates') makedepends=('openjdk6') install='ca-certificates-java.install' +backup=('etc/default/cacerts') source=("http://ftp.debian.org/debian/pool/main/c/${pkgname}/${pkgname}_${pkgver}.tar.gz"; - 'jks-keystore.hook.patch' 'init-jks-keystore') -md5sums=('34078ed264e401ffb5b176d3b98ec214' - '26303bb23b9eb7d7a7cdd6eca78e257e' - '8fca365914fc1fd9c44e26587424dc23') + 'init-jks-keystore' 'jks-keystore.hook') +md5sums=('8ecea60210dd89f9cf73caabf1cf6955' + 'ee50d8416e03b764c5fd15dea5f582e2' + '84fe0a111e9fe5afadaad8573430a9d1') build() { - cd ${srcdir} - - patch -p0 -i ${srcdir}/jks-keystore.hook.patch ${pkgname}-${pkgver}/debian/jks-keystore.hook - - mkdir build - cd build - - for crt in $(find /usr/share/ca-certificates -name '*.crt' -printf '%P '); do - alias=$(basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _) - alias=${alias%*_} - echo "IMPORT: $crt, alias=$alias" - if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore cacerts \ - -storepass 'changeit' -noprompt \ - -alias "$alias" -file "/usr/share/ca-certificates/$crt" > keytool.log 2>&1; then - cat keytool.log - elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore cacerts \ - -providerClass sun.security.pkcs11.SunPKCS11 \ - -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \ - -storepass 'changeit' -noprompt \ - -alias "$alias" -file "/usr/share/ca-certificates/$crt" > keytool.log 2>&1; then - cat keytool.log - elif grep -q 'Signature not available' keytool.log; then - echo "IGNORED IMPORT: $crt, alias=$alias" - cat keytool.log - else - cat keytool.log - false - fi - done + cd ${srcdir}/${pkgname}-${pkgver} + javac UpdateCertificates.java } package() { cd ${srcdir}/${pkgname}-${pkgver} install -d -m755 ${pkgdir}/etc/ssl/certs/java - install -D -m755 debian/jks-keystore.hook ${pkgdir}/etc/ca-certificates/update.d/jks-keystore - install -D -m644 ${srcdir}/build/cacerts ${pkgdir}/usr/share/ca-certificates-java/cacerts install -D -m600 debian/default ${pkgdir}/etc/default/cacerts + install -D -m755 UpdateCertificates.class ${pkgdir}/usr/share/ca-certificates-java/UpdateCertificates.class install -D -m755 ${srcdir}/init-jks-keystore ${pkgdir}/usr/sbin/init-jks-keystore + install -D -m755 ${srcdir}/jks-keystore.hook ${pkgdir}/etc/ca-certificates/update.d/jks-keystore } Modified: ca-certificates-java.install =================================================================== --- ca-certificates-java.install 2011-04-26 21:44:03 UTC (rev 120864) +++ ca-certificates-java.install 2011-04-26 21:44:45 UTC (rev 120865) @@ -1,7 +1,7 @@ post_install() { - if [ ! -f /etc/ssl/certs/java/cacerts ]; then - if [ -x /usr/lib/jvm/java-6-openjdk/bin/keytool ]; then - /usr/sbin/init-jks-keystore + if [ ! -f etc/ssl/certs/java/cacerts ]; then + if which java >/dev/null 2>&1; then + usr/sbin/init-jks-keystore fi fi } @@ -11,5 +11,5 @@ } post_remove() { - rm -rf /etc/ssl/certs/java + rm -rf etc/ssl/certs/java } Modified: init-jks-keystore =================================================================== --- init-jks-keystore 2011-04-26 21:44:03 UTC (rev 120864) +++ init-jks-keystore 2011-04-26 21:44:45 UTC (rev 120865) @@ -1,75 +1,11 @@ -#!/bin/bash +#!/bin/sh -KEYSTORE=/etc/ssl/certs/java/cacerts - storepass='changeit' -if [ -f /etc/default/cacerts ]; then - . /etc/default/cacerts -fi +. /etc/default/cacerts -cacertdir=/usr/share/ca-certificates -log=$(mktemp) +CLASSPATH=/usr/share/ca-certificates-java +export CLASSPATH -# aliases of pregenerated files -pregenerated=$(mktemp) -LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE -storepass "$storepass" \ - | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \ - | sort > $pregenerated - -grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \ -errors=0 -while read line; do - pem=${line#!*} - alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _) - alias=${alias%*_} - case "$line" in - !*) - # remove untrusted certificate - if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \ - -storepass "$storepass" -alias "$alias" >/dev/null - then - echo " removed untrusted certificate $pem" - else - # not (anymore) in keystore - : - fi;; - *) - # add certificate not yet in keystore - if [ ! -f "$cacertdir/$pem" ]; then - echo >&2 "warning: /etc/ca-certificates.conf lists $pem," - echo >&2 "warning: but $cacertdir/$pem does not exist." - continue - fi - if ! grep -q "^${alias}$" $pregenerated; then - if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \ - -noprompt -storepass "$storepass" \ - -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1 - then - echo " added certificate $pem" - elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \ - -providerClass sun.security.pkcs11.SunPKCS11 \ - -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \ - -noprompt -storepass "$storepass" \ - -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1 - then - echo " added certificate $pem (using NSS provider)" - elif grep -q 'Signature not available' $log; then - echo " ignored import, signature not available: ${line#+*}" - sed -e 's/^/ -> /' $log - else - echo >&2 " error adding ${line#+*}" - errors=$(expr $errors + 1) - fi - fi - esac -done -rm -f $log -rm -f $pregenerated -if [ $errors -gt 0 ]; then - echo >&2 "failed (VM used: $jvm)." - exit 1 -fi +find /etc/ssl/certs -name '*.pem' -printf "+%p\n" | \ + java UpdateCertificates -storepass "${storepass}" echo "done." -) - -exit 0 Added: jks-keystore.hook =================================================================== --- jks-keystore.hook (rev 0) +++ jks-keystore.hook 2011-04-26 21:44:45 UTC (rev 120865) @@ -0,0 +1,16 @@ +#! /bin/sh + +storepass='changeit' +. /etc/default/cacerts + +echo "" +if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then + echo "updates of cacerts keystore disabled." + exit 0 +fi + +CLASSPATH=/usr/share/ca-certificates-java +export CLASSPATH + +java UpdateCertificates -storepass "$storepass" +echo "done." Deleted: jks-keystore.hook.patch =================================================================== --- jks-keystore.hook.patch 2011-04-26 21:44:03 UTC (rev 120864) +++ jks-keystore.hook.patch 2011-04-26 21:44:45 UTC (rev 120865) @@ -1,51 +0,0 @@ ---- jks-keystore.hook 2010-04-11 20:47:48.000000000 +0200 -+++ jks-keystore.hook 2010-12-17 06:43:45.570350448 +0100 -@@ -28,20 +28,12 @@ - export JAVA_HOME=/usr/lib/jvm/$jvm - PATH=$JAVA_HOME/bin:$PATH - --temp_jvm_cfg= --if [ ! -f /etc/$jvm/jvm.cfg ]; then -- # the jre is not yet configured, but jvm.cfg is needed to run it -- temp_jvm_cfg=/etc/$jvm/jvm.cfg -- mkdir -p /etc/$jvm -- printf -- "-server KNOWN\n" > $temp_jvm_cfg --fi -- - # read lines of the form: [+-]/etc/ssl/certs/*.pem - - echo "updating keystore $KEYSTORE..." - - errors=0 --log=$(tempfile) -+log=$(mktemp) - while read line; do - pem=${line#[+-]*} - alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _) -@@ -62,7 +54,7 @@ - elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts \ - -keystore $KEYSTORE -noprompt -storepass "$storepass" \ - -providerClass sun.security.pkcs11.SunPKCS11 \ -- -providerArg '${java.home}/lib/security/nss.cfg' \ -+ -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \ - -alias "$alias" -file "$pem" > $log 2>&1 - then - echo " added: ${line#+*} (using NSS provider)" -@@ -85,7 +77,7 @@ - elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \ - -noprompt -storepass "$storepass" \ - -providerClass sun.security.pkcs11.SunPKCS11 \ -- -providerArg '${java.home}/lib/security/nss.cfg' \ -+ -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \ - -alias "$alias" - then - echo " removed ${line#-*} (using NSS provider)" -@@ -103,8 +95,6 @@ - done - rm -f $log - --[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg -- - if [ $errors -gt 0 ]; then - echo >&2 "failed (VM used: $jvm)." - exit 1
