mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2026-04-22 06:02:18 +02:00
main/openjdk6: build java security certificates store from alpine ca-certificates package
This commit is contained in:
William Pitcock
parent
4f73d2d7b4
commit
243643b438
@ -3,7 +3,7 @@
|
||||
pkgname=openjdk6
|
||||
pkgver=1.6.0_p22
|
||||
icedteaver=1.10.4
|
||||
pkgrel=2
|
||||
pkgrel=3
|
||||
pkgdesc="Sun OpenJDK 6 via IcedTea"
|
||||
url="http://icedtea.classpath.org/"
|
||||
arch="all"
|
||||
@ -13,7 +13,7 @@ makedepends="java-gcj-compat findutils tar zip paxctl gawk pkgconfig util-linux-
|
||||
autoconf automake nss-dev cups-dev jpeg-dev giflib-dev libpng-dev libxt-dev
|
||||
libxp-dev libxtst-dev libxinerama-dev libiconv-dev
|
||||
libxrender-dev alsa-lib-dev freetype-dev xulrunner-dev
|
||||
gtk+2.0-dev"
|
||||
gtk+2.0-dev ca-certificates"
|
||||
install=""
|
||||
subpackages="$pkgname-jre-lib:jrelib $pkgname-jre $pkgname-jre-base:jrebase
|
||||
$pkgname-doc:doc"
|
||||
@ -41,6 +41,7 @@ source="http://download.java.net/openjdk/jdk6/promoted/$OPENJDK_VERSION/openjdk-
|
||||
icedtea-jdk-iconv-uclibc.patch
|
||||
icedtea-jdk-execinfo.patch
|
||||
icedtea-jdk-no-lib-nsl.patch
|
||||
icedtea6-1.9.7-generate_cacerts-1.patch
|
||||
"
|
||||
|
||||
_builddir="$srcdir/icedtea6-$icedteaver"
|
||||
@ -69,6 +70,7 @@ prepare() {
|
||||
|
||||
cp ../icedtea-*.patch patches
|
||||
patch -p0 < ../build-paxctl.patch
|
||||
patch -p1 < ../icedtea6-1.9.7-generate_cacerts-1.patch
|
||||
}
|
||||
|
||||
build() {
|
||||
@ -84,12 +86,15 @@ build() {
|
||||
fi
|
||||
|
||||
cd "$_builddir"
|
||||
sh autogen.sh
|
||||
./configure --prefix=/usr \
|
||||
--sysconfdir=/etc \
|
||||
--mandir=/usr/share/man \
|
||||
--infodir=/usr/share/info \
|
||||
--localstatedir=/var \
|
||||
--disable-dependency-tracking \
|
||||
--enable-cacerts \
|
||||
--with-ca-dir=/etc/ssl/certs \
|
||||
--with-gcj $confjobs \
|
||||
--with-openjdk-src-zip=$srcdir/openjdk-6-src-$OPENJDK_VERSION-$OPENJDK_DATE.tar.gz \
|
||||
--with-jaxp-drop-zip=$srcdir/$JAXP_DROP_ZIP \
|
||||
@ -101,7 +106,7 @@ build() {
|
||||
--with-xalan2-serializer-jar=$srcdir/xalan-j_$XALAN2_VER/serializer.jar \
|
||||
--with-xerces2-jar=$srcdir/xerces-${XERCES_VER//./_}/xercesImpl.jar \
|
||||
--with-rhino=$srcdir/rhino$RHINO_VER/js.jar \
|
||||
--with-pkgversion=Alpine \
|
||||
--with-pkgversion="Alpine ${pkgver}-r${pkgrel}" \
|
||||
|| return 1
|
||||
|
||||
make || return 1
|
||||
@ -182,4 +187,5 @@ bc95c133620bd68c161cac9891592901 jdk6-jaf-b20.zip
|
||||
dc6a1e28a97d897d7a1057c11696727d icedtea-hotspot-uclibc-fixes.patch
|
||||
7c0814181e5adc0763c5c0a24b01d4cb icedtea-jdk-iconv-uclibc.patch
|
||||
dae2ba8b87e2106b53974ace07e4ca72 icedtea-jdk-execinfo.patch
|
||||
c4bb40d5b1ff690b27900c5cd06bc1e5 icedtea-jdk-no-lib-nsl.patch"
|
||||
c4bb40d5b1ff690b27900c5cd06bc1e5 icedtea-jdk-no-lib-nsl.patch
|
||||
01bdddb8adb0af0938bc9eeee79ba150 icedtea6-1.9.7-generate_cacerts-1.patch"
|
||||
|
||||
341
main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch
Normal file
341
main/openjdk6/icedtea6-1.9.7-generate_cacerts-1.patch
Normal file
@ -0,0 +1,341 @@
|
||||
--- icedtea6-1.10.4/Makefile.am
|
||||
+++ icedtea6-1.10.4.mod/Makefile.am
|
||||
@@ -1376,6 +1376,19 @@
|
||||
if ENABLE_JAMVM
|
||||
printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_JRE_ARCH_DIR)/jvm.cfg
|
||||
endif
|
||||
+if GENERATE_CACERTS
|
||||
+ if test -n "${CADIR}"; then \
|
||||
+ sh scripts/mkcacerts.sh -d "${CADIR}" \
|
||||
+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
|
||||
+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
|
||||
+ else \
|
||||
+ sh scripts/mkcacerts.sh -f "${CAFILE}" \
|
||||
+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
|
||||
+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
|
||||
+ fi; \
|
||||
+ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \
|
||||
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts;
|
||||
+endif
|
||||
@echo "IcedTea is served:" $(BUILD_OUTPUT_DIR)
|
||||
mkdir -p stamps
|
||||
touch stamps/icedtea.stamp
|
||||
@@ -1407,6 +1420,19 @@
|
||||
if ENABLE_JAMVM
|
||||
printf -- '-jamvm ALIASED_TO -server\n' >> $(BUILD_DEBUG_JRE_ARCH_DIR)/jvm.cfg
|
||||
endif
|
||||
+if GENERATE_CACERTS
|
||||
+ if test -n "${CADIR}"; then \
|
||||
+ sh scripts/mkcacerts.sh -d "${CADIR}" \
|
||||
+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
|
||||
+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
|
||||
+ else \
|
||||
+ sh scripts/mkcacerts.sh -f "${CAFILE}" \
|
||||
+ -k $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool \
|
||||
+ -o $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts; \
|
||||
+ fi; \
|
||||
+ cp -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts \
|
||||
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts;
|
||||
+endif
|
||||
@echo "IcedTea (debug build) is served:" \
|
||||
$(DEBUG_BUILD_OUTPUT_DIR)
|
||||
mkdir -p stamps
|
||||
@@ -1457,7 +1483,7 @@
|
||||
$(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \
|
||||
fi
|
||||
cp $(abs_top_builddir)/tapset/jstack.stp \
|
||||
- $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp
|
||||
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp;
|
||||
endif
|
||||
touch stamps/add-systemtap.stamp
|
||||
|
||||
@@ -1483,7 +1509,7 @@
|
||||
$(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/hotspot_jni.stp; \
|
||||
fi
|
||||
cp $(abs_top_builddir)/tapset/jstack.stp \
|
||||
- $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp
|
||||
+ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/tapset/jstack.stp;
|
||||
endif
|
||||
touch stamps/add-systemtap-debug.stamp
|
||||
|
||||
--- icedtea6-1.10.4/Makefile.in
|
||||
+++ icedtea6-1.10.4.mod/Makefile.in
|
||||
@@ -175,6 +175,8 @@
|
||||
BUILD_ARCH_DIR = @BUILD_ARCH_DIR@
|
||||
BUILD_OS_DIR = @BUILD_OS_DIR@
|
||||
CACAO_IMPORT_PATH = @CACAO_IMPORT_PATH@
|
||||
+CADIR = @CADIR@
|
||||
+CAFILE = @CAFILE@
|
||||
CC = @CC@
|
||||
CCDEPMODE = @CCDEPMODE@
|
||||
CFLAGS = @CFLAGS@
|
||||
--- icedtea6-1.10.4/acinclude.m4
|
||||
+++ icedtea6-1.10.4.mod/acinclude.m4
|
||||
@@ -1677,3 +1677,94 @@
|
||||
AM_CONDITIONAL([CP40188_JAVAH], test x"${it_cv_cp40188_javah}" = "xyes")
|
||||
AC_PROVIDE([$0])dnl
|
||||
])
|
||||
+
|
||||
+--- acinclude.m4 2011-01-22 21:34:29.000000000 -0600
|
||||
++++ acinclude.m4 2011-01-22 21:34:58.000000000 -0600
|
||||
+@@ -316,6 +316,91 @@
|
||||
+ AM_CONDITIONAL([SRC_DIR_HARDLINKABLE], test x"${it_cv_hardlink_src}" = "xyes")
|
||||
+ ])
|
||||
+
|
||||
+AC_DEFUN([IT_GENERATE_CACERTS],
|
||||
+[
|
||||
+ AC_MSG_CHECKING([whether to generate a cacerts file for distribution])
|
||||
+ AC_ARG_ENABLE([cacerts],
|
||||
+ [AS_HELP_STRING(--enable-cacerts, generate a cacerts file for distribution [[default=no]])],
|
||||
+ [
|
||||
+ case "${enableval}" in
|
||||
+ no)
|
||||
+ generate_cacerts=no
|
||||
+ ;;
|
||||
+ *)
|
||||
+ generate_cacerts=yes
|
||||
+ ;;
|
||||
+ esac
|
||||
+ ],
|
||||
+ [
|
||||
+ generate_cacerts=no
|
||||
+ ])
|
||||
+ AC_MSG_RESULT([$generate_cacerts])
|
||||
+ AM_CONDITIONAL([GENERATE_CACERTS], test x"${generate_cacerts}" = "xyes")
|
||||
+])
|
||||
+
|
||||
+AC_DEFUN([IT_GET_LOCAL_CACERTS],
|
||||
+[
|
||||
+ AC_MSG_CHECKING([for a local x509 certificate directory])
|
||||
+ AC_ARG_WITH([ca-dir],
|
||||
+ [AS_HELP_STRING(--with-ca-dir=DIR, specify a top-level local x509 certificate directory)],
|
||||
+ [
|
||||
+ if test -d "${withval}"; then
|
||||
+ CADIR="${withval}"
|
||||
+ fi
|
||||
+ ],
|
||||
+ [
|
||||
+ CADIR=
|
||||
+ ])
|
||||
+ if test -z "${CADIR}"; then
|
||||
+ for dir in /etc/pki/tls/certs \
|
||||
+ /usr/share/ca-certificates \
|
||||
+ /etc/ssl/certs \
|
||||
+ /etc/certs ; do
|
||||
+ if test -d "${dir}"; then
|
||||
+ CADIR="${dir}"
|
||||
+ break
|
||||
+ fi
|
||||
+ done
|
||||
+ if test -z "${CADIR}"; then
|
||||
+ CADIR=no
|
||||
+ fi
|
||||
+ fi
|
||||
+ AC_MSG_RESULT(${CADIR})
|
||||
+ AC_SUBST(CADIR)
|
||||
+
|
||||
+ AC_MSG_CHECKING([for a local x509 certificate file])
|
||||
+ AC_ARG_WITH([ca-file],
|
||||
+ [AS_HELP_STRING(--with-ca-file=FILE, specify a local x509 certificate file)],
|
||||
+ [
|
||||
+ if test -f "${withval}"; then
|
||||
+ CAFILE="${withval}"
|
||||
+ fi
|
||||
+ ],
|
||||
+ [
|
||||
+ CAFILE=
|
||||
+ ])
|
||||
+ if test -z "${CAFILE}"; then
|
||||
+ for file in /etc/pki/tls/certs/ca-bundle.crt \
|
||||
+ /etc/ssl/certs/ca-bundle.crt \
|
||||
+ /etc/ssl/ca-bundle.crt \
|
||||
+ /etc/ca-bundle.crt ; do
|
||||
+ if test -e "${file}"; then
|
||||
+ CAFILE=$file
|
||||
+ break
|
||||
+ fi
|
||||
+ done
|
||||
+ if test -z "${CAFILE}"; then
|
||||
+ CAFILE=no
|
||||
+ fi
|
||||
+ fi
|
||||
+ AC_MSG_RESULT(${CAFILE})
|
||||
+ AC_SUBST(CAFILE)
|
||||
+ if test "${CADIR}x" = "nox" -a "${CAFILE}x" = "nox"; then
|
||||
+ AC_MSG_WARN([Could not find a suitable x509 certificate store.])
|
||||
+ AC_MSG_ERROR([Supply a valid location using --with-ca-dir or --with-ca-file, or remove the --enable-cacerts switch.])
|
||||
+ fi
|
||||
+])
|
||||
--- icedtea6-1.10.4/configure.ac
|
||||
+++ icedtea6-1.10.4.mod/configure.ac
|
||||
@@ -138,6 +138,13 @@
|
||||
AC_MSG_RESULT([disabled by default (edit java.security to enable)])
|
||||
fi
|
||||
|
||||
+IT_GENERATE_CACERTS
|
||||
+
|
||||
+if test "x${generate_cacerts}" = "xyes"
|
||||
+then
|
||||
+ IT_GET_LOCAL_CACERTS
|
||||
+fi
|
||||
+
|
||||
IT_GET_PKGVERSION
|
||||
IT_GET_LSB_DATA
|
||||
|
||||
--- /dev/null
|
||||
+++ icedtea6-1.10.4.mod/scripts/mkcacerts.sh
|
||||
@@ -0,0 +1,154 @@
|
||||
+#!/bin/sh
|
||||
+# Simple script to extract x509 certificates and create a JRE cacerts file.
|
||||
+
|
||||
+function get_args()
|
||||
+ {
|
||||
+ if test -z "${1}" ; then
|
||||
+ showhelp
|
||||
+ exit 1
|
||||
+ fi
|
||||
+
|
||||
+ while test -n "${1}" ; do
|
||||
+ case "${1}" in
|
||||
+ -f | --cafile)
|
||||
+ check_arg $1 $2
|
||||
+ CAFILE="${2}"
|
||||
+ shift 2
|
||||
+ ;;
|
||||
+ -d | --cadir)
|
||||
+ check_arg $1 $2
|
||||
+ CADIR="${2}"
|
||||
+ shift 2
|
||||
+ ;;
|
||||
+ -o | --outfile)
|
||||
+ check_arg $1 $2
|
||||
+ OUTFILE="${2}"
|
||||
+ shift 2
|
||||
+ ;;
|
||||
+ -k | --keytool)
|
||||
+ check_arg $1 $2
|
||||
+ KEYTOOL="${2}"
|
||||
+ shift 2
|
||||
+ ;;
|
||||
+ -h | --help)
|
||||
+ showhelp
|
||||
+ exit 0
|
||||
+ ;;
|
||||
+ *)
|
||||
+ showhelp
|
||||
+ exit 1
|
||||
+ ;;
|
||||
+ esac
|
||||
+ done
|
||||
+ }
|
||||
+
|
||||
+function check_arg()
|
||||
+ {
|
||||
+ echo "${2}" | grep -v "^-" > /dev/null
|
||||
+ if [ -z "$?" -o ! -n "$2" ]; then
|
||||
+ echo "Error: $1 requires a valid argument."
|
||||
+ exit 1
|
||||
+ fi
|
||||
+ }
|
||||
+
|
||||
+
|
||||
+function showhelp()
|
||||
+ {
|
||||
+ echo "`basename ${0}` creates a valid cacerts file for use with IcedTea."
|
||||
+ echo ""
|
||||
+ echo " -f --cafile The path to a file containing PEM formated CA"
|
||||
+ echo " certificates. May not be used with -d/--cadir."
|
||||
+ echo " -d --cadir The path to a diectory of PEM formatted CA"
|
||||
+ echo " certificates. May not be used with -f/--cafile."
|
||||
+ echo " -o --outfile The path to the output file."
|
||||
+ echo ""
|
||||
+ echo " -k --keytool The path to the java keytool utility."
|
||||
+ echo ""
|
||||
+ echo " -h --help Show this help message and exit."
|
||||
+ echo ""
|
||||
+ echo ""
|
||||
+ }
|
||||
+
|
||||
+# Initialize empty variables so that the shell does not polute the script
|
||||
+CAFILE=""
|
||||
+CADIR=""
|
||||
+OUTFILE=""
|
||||
+KEYTOOL=""
|
||||
+
|
||||
+# Process command line arguments
|
||||
+get_args ${@}
|
||||
+
|
||||
+# Handle common errors
|
||||
+if test "${CAFILE}x" == "x" -a "${CADIR}x" == "x" ; then
|
||||
+ echo "ERROR! You must provide an x509 certificate store!"
|
||||
+ echo "\'$(basename ${0}) --help\' for more info."
|
||||
+ echo ""
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
+if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then
|
||||
+ echo "ERROR! You cannot provide two x509 certificate stores!"
|
||||
+ echo "\'$(basename ${0}) --help\' for more info."
|
||||
+ echo ""
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
+if test "${KEYTOOL}x" == "x" ; then
|
||||
+ echo "ERROR! You must provide a valid keytool program!"
|
||||
+ echo "\'$(basename ${0}) --help\' for more info."
|
||||
+ echo ""
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
+if test "${OUTFILE}x" == "x" ; then
|
||||
+ echo "ERROR! You must provide a valid output file!"
|
||||
+ echo "\'$(basename ${0}) --help\' for more info."
|
||||
+ echo ""
|
||||
+ exit 1
|
||||
+fi
|
||||
+
|
||||
+# Get on with the work
|
||||
+
|
||||
+# If using a CAFILE, split it into individual files in a temp directory
|
||||
+if test "${CAFILE}x" != "x" ; then
|
||||
+ TEMPDIR=`mktemp -d`
|
||||
+ CADIR="${TEMPDIR}"
|
||||
+
|
||||
+ # Get a list of staring lines for each cert
|
||||
+ CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1`
|
||||
+
|
||||
+ # Get a list of ending lines for each cert
|
||||
+ ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1`
|
||||
+
|
||||
+ # Start a loop
|
||||
+ for certbegin in `echo "${CERTLIST}"` ; do
|
||||
+ for certend in `echo "${ENDCERTLIST}"` ; do
|
||||
+ if test "${certend}" -gt "${certbegin}"; then
|
||||
+ break
|
||||
+ fi
|
||||
+ done
|
||||
+ sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}"
|
||||
+ keyhash=`openssl x509 -noout -in "${CADIR}/${certbegin}" -hash`
|
||||
+ echo "Generated PEM file with hash: ${keyhash}."
|
||||
+ mv "${CADIR}/${certbegin}" "${CADIR}/${keyhash}.pem"
|
||||
+ done
|
||||
+fi
|
||||
+
|
||||
+# Write the output file
|
||||
+for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"`
|
||||
+do
|
||||
+ ls "${cert}"
|
||||
+ tempfile=`mktemp`
|
||||
+ certbegin=`grep -n "^-----BEGIN" "${cert}" | cut -d ":" -f 1`
|
||||
+ certend=`grep -n "^-----END" "${cert}" | cut -d ":" -f 1`
|
||||
+ sed -n "${certbegin},${certend}p" "${cert}" > "${tempfile}"
|
||||
+ echo yes | "${KEYTOOL}" -import -alias `basename "${cert}"` -keystore \
|
||||
+ "${OUTFILE}" -storepass 'changeit' -file "${tempfile}"
|
||||
+ rm "${tempfile}"
|
||||
+done
|
||||
+
|
||||
+if test "${TEMPDIR}x" != "x" ; then
|
||||
+ rm -rf "${TEMPDIR}"
|
||||
+fi
|
||||
+exit 0
|
||||
+
|
||||
Loading…
x
Reference in New Issue
Block a user