Author: pierre
Date: Wed Jun 25 12:46:52 2014
New Revision: 2920
Log:
Regenerate cacerts patch for icedtea
Added:
trunk/icedtea/icedtea-2.5.0-add_cacerts-1.patch
Added: trunk/icedtea/icedtea-2.5.0-add_cacerts-1.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/icedtea/icedtea-2.5.0-add_cacerts-1.patch Wed Jun 25 12:46:52
2014 (r2920)
@@ -0,0 +1,557 @@
+Submitted By: Fernando de Oliveira <famobr at yahoo dot com dot br>
+Date: 2013-07-13
+Initial Package Version: 2.4.1
+Update: Modify instruction creating certificates to use LC_ALL=C
+ 2013-07-20
+ Regenerate for version 2.5.0 (P. Labastie, 2014-06-25)
+Upstream Status: Not Submitted
+Origin: DJ Lucas <dj AT linuxfromscratch DOT org>, Bruce Dubbs (mydate
function)
+Description: Allows the build to generate a valid JDK cacerts file using the
+ system installed CA certificates.
+
+diff -Naur icedtea-2.5.0/acinclude.m4 icedtea-2.5.0.new/acinclude.m4
+--- icedtea-2.5.0/acinclude.m4 2014-06-14 02:08:14.982041984 +0200
++++ icedtea-2.5.0.new/acinclude.m4 2014-06-24 21:31:27.837026211 +0200
+@@ -322,6 +322,178 @@
+ AM_CONDITIONAL(OPENJDK_SRC_DIR_HARDLINKABLE, test
"x${openjdk_src_dir_hardlinkable}" = "xyes")
+ ])
+
++AC_DEFUN([IT_WITH_CACERTS],
++[
++ AC_MSG_CHECKING([whether a cacerts file is provided for distribution])
++ AC_ARG_WITH([cacerts],
++ [AS_HELP_STRING(--with-cacerts=FILE,specify the location of a
pre-generated cacerts file for distribution)],
++ [
++ if test -f "${withval}"; then
++ CACERTS_FILE="${withval}"
++ cacerts_file_set=yes
++ else
++ CACERTS_FILE=
++ fi
++ ],
++ [
++ CACERTS_FILE=
++ ])
++ if test x"${CACERTS_FILE}" = "x"; then
++ cacerts_file_set=no
++ CACERTS_FILE="no"
++ fi
++ AC_MSG_RESULT(${CACERTS_FILE})
++ AC_SUBST(CACERTS_FILE)
++ AM_CONDITIONAL([CACERTS_FILE_SET], test x"${cacerts_file_set}" = "xyes")
++])
++
++AC_DEFUN([IT_GENERATE_CACERTS],
++[
++ AC_REQUIRE([IT_WITH_CACERTS])
++ AC_MSG_CHECKING([whether to generate a cacerts file for distribution])
++ AC_ARG_ENABLE([cacerts-generation],
++ [AS_HELP_STRING(--enable-cacerts-generation, generate a cacerts
file for distribution [[default=auto]])],
++ [
++ case "${enableval}" in
++ no)
++ generate_cacerts=no
++ ;;
++ *)
++ generate_cacerts=yes
++ ;;
++ esac
++ ],
++ [
++ if test x"${cacerts_file_set}" = "xno"; then
++ generate_cacerts=forced
++ else
++ if test x"${cacerts_file_set}" = "xyes"; then
++ generate_cacerts=no
++ else
++ generate_cacerts=yes
++ fi
++ fi
++ ])
++ AC_MSG_RESULT([$generate_cacerts])
++ AM_CONDITIONAL([GENERATE_CACERTS], test x"${generate_cacerts}" = "xyes" -o
x"${generate_cacerts}" = "xforced")
++])
++
++AC_DEFUN([IT_GET_LOCAL_CACERTS],
++[
++ AC_MSG_CHECKING([for a local x509 certificate directory])
++ AC_ARG_WITH([ca-dir],
++ [AS_HELP_STRING(--with-ca-dir=DIR, specify a top-level local
x509 certificate directory for cacerts generation)],
++ [
++ if test -d "${withval}"; then
++ CADIR="${withval}"
++ else
++ if test x"${withval}" = "xno"; then
++ CADIR=no
++ else
++ CADIR=
++ fi
++ fi
++ ],
++ [
++ CADIR=
++ ])
++ if test x"${CADIR}" = "x"; then
++ for dir in /etc/pki/tls/certs \
++ /usr/share/ca-certificates \
++ /etc/ssl/certs \
++ /etc/certs ; do
++ if test -d "${dir}"; then
++ CADIR="${dir}"
++ break
++ fi
++ done
++ if test x"${CADIR}" = "x"; then
++ CADIR=no
++ fi
++ fi
++ AC_MSG_RESULT(${CADIR})
++ AC_SUBST(CADIR)
++
++ AC_MSG_CHECKING([for a local x509 certificate file])
++ AC_ARG_WITH([ca-file],
++ [AS_HELP_STRING(--with-ca-file=FILE, specify a local x509
certificate file for cacerts generation)],
++ [
++ if test -f "${withval}"; then
++ CAFILE="${withval}"
++ else
++ if test x"${withval}" = "xno"; then
++ CAFILE=no
++ else
++ CAFILE=
++ fi
++ fi
++ ],
++ [
++ CAFILE=
++ ])
++ if test x"${CAFILE}" = "x"; then
++ for file in /etc/pki/tls/certs/ca-bundle.crt \
++ /etc/ssl/certs/ca-bundle.crt \
++ /etc/ssl/ca-bundle.crt \
++ /etc/ca-bundle.crt ; do
++ if test -e "${file}"; then
++ CAFILE=$file
++ break
++ fi
++ done
++ if test x"${CAFILE}" = "x"; then
++ CAFILE=no
++ fi
++ fi
++ AC_MSG_RESULT(${CAFILE})
++ AC_SUBST(CAFILE)
++ if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then
++ AC_MSG_ERROR([You must supply a cacerts file or a list of CA certificates
to generate one.])
++ fi
++])
++
++AC_DEFUN([IT_FIND_OPENSSL],
++[
++ AC_MSG_CHECKING([for openssl])
++ AC_ARG_WITH([openssl],
++ [AS_HELP_STRING(--with-openssl=PATH, specify the path of the
openssl utility)],
++ [
++ if test -x "${withval}" -a -f "${withval}"; then
++ OPENSSL="${withval}"
++ else
++ if test x"${withval}" = "xno"; then
++ OPENSSL="no"
++ else
++ OPENSSL=
++ fi
++ fi
++ ],
++ [
++ OPENSSL=
++ ])
++ if test x"${OPENSSL}" = "x"; then
++
++ OPENSSL=$(
++ IFS=":"
++ for dir in ${withval}:${PATH}; do
++ if test -x "${dir}/openssl" -a -f "${dir}/openssl"; then
++ FOUNDSSL="${dir}/openssl"
++ break
++ fi
++ done
++ echo "${FOUNDSSL}"
++ )
++ if test x"${OPENSSL}" = "x"; then
++ OPENSSL=no
++ fi
++ fi
++ AC_MSG_RESULT(${OPENSSL})
++ AC_SUBST(OPENSSL)
++ if test x"${OPENSSL}" = "xno"; then
++ AC_MSG_ERROR([You must supply a cacerts file or have openssl available to
generate one.])
++ fi
++])
++
+ AC_DEFUN_ONCE([IT_CAN_HARDLINK_TO_SOURCE_TREE],
+ [
+ AC_CACHE_CHECK([if we can hard link rather than copy from
${abs_top_srcdir}], it_cv_hardlink_src, [
+diff -Naur icedtea-2.5.0/configure.ac icedtea-2.5.0.new/configure.ac
+--- icedtea-2.5.0/configure.ac 2014-06-14 02:08:14.982041984 +0200
++++ icedtea-2.5.0.new/configure.ac 2014-06-24 21:33:33.413029093 +0200
+@@ -67,6 +67,15 @@
+ AM_CONDITIONAL([ENABLE_DOCS], [test x$ENABLE_DOCS = xyes])
+ AC_MSG_RESULT(${ENABLE_DOCS})
+
++IT_GENERATE_CACERTS
++
++if test x"${generate_cacerts}" = "xyes" -o x"${generate_cacerts}" = "xforced";
++then
++ IT_GET_LOCAL_CACERTS
++ IT_FIND_OPENSSL
++fi
++
++
+ IT_GET_PKGVERSION
+ IT_GET_LSB_DATA
+
+diff -Naur icedtea-2.5.0/Makefile.am icedtea-2.5.0.new/Makefile.am
+--- icedtea-2.5.0/Makefile.am 2014-06-14 02:08:14.966041752 +0200
++++ icedtea-2.5.0.new/Makefile.am 2014-06-24 21:53:07.452056043 +0200
+@@ -786,7 +786,8 @@
+ clean-icedtea-debug-stage2 clean-icedtea-stage1 clean-add-zero
clean-add-zero-debug \
+ clean-add-cacao clean-add-cacao-debug clean-rt clean-rewrite-rhino
clean-rewriter \
+ clean-add-systemtap clean-add-systemtap-debug clean-add-nss
clean-add-tzdata-support \
+- clean-add-tzdata-support-debug clean-cryptocheck
++ clean-add-tzdata-support-debug clean-cryptocheck \
++ clean-cacerts clean-cacerts-debug
+ if [ -e bootstrap ]; then \
+ rmdir bootstrap ; \
+ fi
+@@ -822,7 +823,8 @@
+ clean-add-tzdata-support-boot \
+ clean-check-crypto clean-check-crypto-debug clean-check-crypto-boot \
+ clean-add-archive clean-add-archive-debug clean-add-archive-boot
clean-cryptocheck \
+- clean-download-hotspot
++ clean-download-hotspot \
++ clean-cacerts clean-cacerts-debug
+
+ env:
+ @echo 'unset JAVA_HOME'
+@@ -1706,6 +1708,14 @@
+ if ENABLE_JAMVM
+ printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_JRE_ARCH_DIR)/jvm.cfg
+ endif
++if GENERATE_CACERTS
++ $(ARCH_PREFIX) $(MAKE) add-cacerts
++else
++if CACERTS_FILE_SET
++ $(ARCH_PREFIX) $(MAKE) add-cacerts
++endif
++endif
++
+ @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR)
+ mkdir -p stamps
+ touch $@
+@@ -1816,6 +1826,14 @@
+ if ENABLE_JAMVM
+ printf -- '-jamvm ALIASED_TO -server\n' >>
$(BUILD_DEBUG_JRE_ARCH_DIR)/jvm.cfg
+ endif
++if GENERATE_CACERTS
++ $(ARCH_PREFIX) $(MAKE) add-cacerts-debug
++else
++if CACERTS_FILE_SET
++ $(ARCH_PREFIX) $(MAKE) add-cacerts-debug
++endif
++endif
++
+ @echo "IcedTea (debug build) is served:" \
+ $(DEBUG_BUILD_OUTPUT_DIR)
+ mkdir -p stamps
+@@ -2059,6 +2077,69 @@
+ @echo "HotSpot is served:" $(BUILD_OUTPUT_DIR)/j2sdk-image
+ endif
+
++# CA Certs
++stamps/generate-cacerts.stamp:
++if GENERATE_CACERTS
++ if test -n "${CADIR}"; then \
++ sh scripts/mkcacerts.sh -d "${CADIR}" \
++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -s $(OPENSSL) \
++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ else \
++ sh scripts/mkcacerts.sh -f "${CAFILE}" \
++ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -s $(OPENSSL) \
++ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ fi
++endif
++ touch stamps/generate-cacerts.stamp
++
++stamps/add-cacerts.stamp: stamps/generate-cacerts.stamp
++if CACERTS_FILE_SET
++ cp $(CACERTS_FILE) $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
++endif
++ cp $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \
++ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts
++ touch stamps/add-cacerts.stamp
++
++clean-cacerts:
++ rm -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
++ rm -f $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts
++ rm -f stamps/add-cacerts.stamp
++ rm -f stamps/generate-cacerts.stamp
++
++stamps/generate-cacerts-debug.stamp:
++if GENERATE_CACERTS
++ if test -n "${CADIR}"; then \
++ sh scripts/mkcacerts.sh -d "${CADIR}" \
++ -k $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -s $(OPENSSL) \
++ -o $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ else \
++ sh scripts/mkcacerts.sh -f "${CAFILE}" \
++ -k $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
++ -s $(OPENSSL) \
++ -o $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
++ fi
++endif
++ touch stamps/generate-cacerts-debug.stamp
++
++stamps/add-cacerts-debug.stamp: stamps/generate-cacerts-debug.stamp
++if CACERTS_FILE_SET
++ cp $(CACERTS_FILE)
$(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
++endif
++ cp $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \
++ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts
++ touch stamps/add-cacerts-debug.stamp
++
++clean-cacerts-debug:
++ rm -f $(DEBUG_BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
++ rm -f $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts
++ rm -f stamps/add-cacerts-debug.stamp
++ rm -f stamps/generate-cacerts-debug.stamp
++
++# end of CA Certs
++
+ # Rhino support
+
+ stamps/rewriter.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP)
+@@ -2557,6 +2638,10 @@
+
+ add-tzdata-support-debug: stamps/add-tzdata-support-debug.stamp
+
++add-cacerts: stamps/add-cacerts.stamp
++
++add-cacerts-debug: stamps/add-cacerts-debug.stamp
++
+ add-zero: stamps/add-zero.stamp
+
+ add-zero-debug: stamps/add-zero-debug.stamp
+diff -Naur icedtea-2.5.0/scripts/mkcacerts.sh
icedtea-2.5.0.new/scripts/mkcacerts.sh
+--- icedtea-2.5.0/scripts/mkcacerts.sh 1970-01-01 01:00:00.000000000 +0100
++++ icedtea-2.5.0.new/scripts/mkcacerts.sh 2014-06-25 08:01:16.031893645
+0200
+@@ -0,0 +1,207 @@
++#!/bin/sh
++# Simple script to extract x509 certificates and create a JRE cacerts file.
++
++function get_args()
++ {
++ if test -z "${1}" ; then
++ showhelp
++ exit 1
++ fi
++
++ while test -n "${1}" ; do
++ case "${1}" in
++ -f | --cafile)
++ check_arg $1 $2
++ CAFILE="${2}"
++ shift 2
++ ;;
++ -d | --cadir)
++ check_arg $1 $2
++ CADIR="${2}"
++ shift 2
++ ;;
++ -o | --outfile)
++ check_arg $1 $2
++ OUTFILE="${2}"
++ shift 2
++ ;;
++ -k | --keytool)
++ check_arg $1 $2
++ KEYTOOL="${2}"
++ shift 2
++ ;;
++ -s | --openssl)
++ check_arg $1 $2
++ OPENSSL="${2}"
++ shift 2
++ ;;
++ -h | --help)
++ showhelp
++ exit 0
++ ;;
++ *)
++ showhelp
++ exit 1
++ ;;
++ esac
++ done
++ }
++
++function check_arg()
++ {
++ echo "${2}" | grep -v "^-" > /dev/null
++ if [ -z "$?" -o ! -n "$2" ]; then
++ echo "Error: $1 requires a valid argument."
++ exit 1
++ fi
++ }
++
++# The date binary is not reliable on 32bit systems for dates after 2038
++function mydate()
++ {
++ local y=$( echo $1 | cut -d" " -f4 )
++ local M=$( echo $1 | cut -d" " -f1 )
++ local d=$( echo $1 | cut -d" " -f2 )
++ local m
++
++ if [ ${d} -lt 10 ]; then d="0${d}"; fi
++
++ case $M in
++ Jan) m="01";;
++ Feb) m="02";;
++ Mar) m="03";;
++ Apr) m="04";;
++ May) m="05";;
++ Jun) m="06";;
++ Jul) m="07";;
++ Aug) m="08";;
++ Sep) m="09";;
++ Oct) m="10";;
++ Nov) m="11";;
++ Dec) m="12";;
++ esac
++
++ certdate="${y}${m}${d}"
++ }
++
++function showhelp()
++ {
++ echo "\`basename ${0}\` creates a valid cacerts file for use with
IcedTea."
++ echo ""
++ echo " -f --cafile The path to a file containing PEM
formated CA"
++ echo " certificates. May not be used with
-d/--cadir."
++ echo " -d --cadir The path to a diectory of PEM
formatted CA"
++ echo " certificates. May not be used with
-f/--cafile."
++ echo " -o --outfile The path to the output file."
++ echo ""
++ echo " -k --keytool The path to the java keytool
utility."
++ echo ""
++ echo " -s --openssl The path to the openssl utility."
++ echo ""
++ echo " -h --help Show this help message and exit."
++ echo ""
++ echo ""
++ }
++
++# Initialize empty variables so that the shell does not pollute the script
++CAFILE=""
++CADIR=""
++OUTFILE=""
++OPENSSL=""
++KEYTOOL=""
++certdate=""
++date=""
++today=$( date +%Y%m%d )
++
++# Process command line arguments
++get_args ${@}
++
++# Handle common errors
++if test "${CAFILE}x" == "x" -a "${CADIR}x" == "x" ; then
++ echo "ERROR! You must provide an x509 certificate store!"
++ echo "\\'$(basename ${0}) --help\\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then
++ echo "ERROR! You cannot provide two x509 certificate stores!"
++ echo "\\'$(basename ${0}) --help\\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${KEYTOOL}x" == "x" ; then
++ echo "ERROR! You must provide a valid keytool program!"
++ echo "\\'$(basename ${0}) --help\\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${OPENSSL}x" == "x" ; then
++ echo "ERROR! You must provide a valid path to openssl!"
++ echo "\\'$(basename ${0}) --help\\' for more info."
++ echo ""
++ exit 1
++fi
++
++if test "${OUTFILE}x" == "x" ; then
++ echo "ERROR! You must provide a valid output file!"
++ echo "\\'$(basename ${0}) --help\\' for more info."
++ echo ""
++ exit 1
++fi
++
++# Get on with the work
++
++# If using a CAFILE, split it into individual files in a temp directory
++if test "${CAFILE}x" != "x" ; then
++ TEMPDIR=\`mktemp -d\`
++ CADIR="${TEMPDIR}"
++
++ # Get a list of staring lines for each cert
++ CERTLIST=\`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1\`
++
++ # Get a list of ending lines for each cert
++ ENDCERTLIST=\`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1\`
++
++ # Start a loop
++ for certbegin in \`echo "${CERTLIST}"\` ; do
++ for certend in \`echo "${ENDCERTLIST}"\` ; do
++ if test "${certend}" -gt "${certbegin}"; then
++ break
++ fi
++ done
++ sed -n "${certbegin},${certend}p" "${CAFILE}" >
"${CADIR}/${certbegin}.pem"
++ keyhash=\`${OPENSSL} x509 -noout -in "${CADIR}/${certbegin}.pem"
-hash\`
++ echo "Generated PEM file with hash: ${keyhash}."
++ done
++fi
++
++# Write the output file
++for cert in \`find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"\`
++do
++
++ # Make sure the certificate date is valid...
++ date=$( ${OPENSSL} x509 -enddate -in "${cert}" -noout | sed
's/^notAfter=//' )
++ mydate "${date}"
++ if test "${certdate}" -lt "${today}" ; then
++ echo "${cert} expired on ${certdate}! Skipping..."
++ unset date certdate
++ continue
++ fi
++ unset date certdate
++ ls "${cert}"
++ tempfile=\`mktemp\`
++ certbegin=\`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1\`
++ certend=\`grep -n "^-----END" "${cert}" | cut -d ":" -f 1\`
++ sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}"
++ echo yes | env LC_ALL=C "${KEYTOOL}" -import -alias \`basename
"${cert}"\` -keystore \\
++ "${OUTFILE}" -storepass 'changeit' -file "${tempfile}"
++ rm "${tempfile}"
++done
++
++if test "${TEMPDIR}x" != "x" ; then
++ rm -rf "${TEMPDIR}"
++fi
++exit 0
--
http://lists.linuxfromscratch.org/listinfo/patches
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
