[arch-commits] Commit in (7 files)
Jan de Groot
jgc at archlinux.org
Sun May 10 20:25:56 UTC 2009
Date: Sunday, May 10, 2009 @ 16:25:56
Author: jgc
Revision: 38906
add global java keystore package
Added:
ca-certificates-java/
ca-certificates-java/repos/
ca-certificates-java/trunk/
ca-certificates-java/trunk/PKGBUILD
ca-certificates-java/trunk/default
ca-certificates-java/trunk/init-jks-keystore
ca-certificates-java/trunk/jks-keystore.hook
-------------------+
PKGBUILD | 37 +++++++++++++++++++++++
default | 10 ++++++
init-jks-keystore | 69 +++++++++++++++++++++++++++++++++++++++++++
jks-keystore.hook | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 198 insertions(+)
Added: ca-certificates-java/trunk/PKGBUILD
===================================================================
--- ca-certificates-java/trunk/PKGBUILD (rev 0)
+++ ca-certificates-java/trunk/PKGBUILD 2009-05-10 20:25:56 UTC (rev 38906)
@@ -0,0 +1,37 @@
+# $Id: $
+# Maintainer: Jan de Groot <jgc at archlinux.org>
+
+pkgname=ca-certificates-java
+pkgver=20081028
+pkgrel=1
+pkgdesc='Common CA certificates (JKS keystore)'
+arch=('i686' 'x86_64')
+url='http://packages.qa.debian.org/c/ca-certificates-java.html'
+license=('GPL')
+depends=('ca-certificates')
+makedepends=('java-runtime')
+install=ca-certificates-java.install
+source=(jks-keystore.hook init-jks-keystore default)
+md5sums=('fcf88086da2e4c31abec9faddb19c259'
+ '50edf13b04904011e492aab419d9254b'
+ '0ded97abeff69c2362939e2e881e214a')
+
+build() {
+ cd "${srcdir}"
+ install -d -m755 "${pkgdir}/etc/ca-certificates/update.d"
+ install -d -m755 "${pkgdir}/etc/ssl/certs/java"
+ install -d -m755 "${pkgdir}/etc/default"
+ install -d -m755 "${pkgdir}/usr/share/ca-certificates-java"
+ install -d -m755 "${pkgdir}/usr/sbin"
+
+ install -m755 jks-keystore.hook "${pkgdir}/etc/ca-certificates/update.d/jks-keystore" || return 1
+ install -m600 default "${pkgdir}/etc/default/cacerts" || return 1
+ install -m755 init-jks-keystore "${pkgdir}/usr/sbin/" || return 1
+
+ for crt in `find /usr/share/ca-certificates -name '*.crt' -printf '%P '`; do
+ alias=`basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _`
+ alias=${alias%*_}
+ echo "IMPORT: $crt, alias=$alias"
+ keytool -importcert -trustcacerts -keystore "${pkgdir}/usr/share/ca-certificates-java/cacerts" -storepass 'changeit' -noprompt -alias "$alias" -file "/usr/share/ca-certificates/$crt"
+ done
+}
Added: ca-certificates-java/trunk/default
===================================================================
--- ca-certificates-java/trunk/default (rev 0)
+++ ca-certificates-java/trunk/default 2009-05-10 20:25:56 UTC (rev 38906)
@@ -0,0 +1,10 @@
+# defaults for ca-certificates-java
+
+# The password which is used to protect the integrity of the keystore.
+# storepass must be at least 6 characters long. It must be provided to
+# all commands that access the keystore contents.
+# Only change this if adding private certificates.
+#storepass=''
+
+# enable/disable updates of the keystore /etc/ssl/certs/java/cacerts
+cacerts_updates=yes
Added: ca-certificates-java/trunk/init-jks-keystore
===================================================================
--- ca-certificates-java/trunk/init-jks-keystore (rev 0)
+++ ca-certificates-java/trunk/init-jks-keystore 2009-05-10 20:25:56 UTC (rev 38906)
@@ -0,0 +1,69 @@
+#!/bin/bash
+for jvm in /usr/lib/jvm/java-1.6.0-openjdk /opt/java/jre; do
+ if [ -x $jvm/bin/keytool ]; then
+ break
+ fi
+done
+if [ ! -x $jvm/bin/keytool ]; then
+ echo "No supported JRE installed"
+ exit 1
+fi
+export JAVA_HOME=$jvm
+PATH=$JAVA_HOME/bin:$PATH
+
+KEYSTORE=/etc/ssl/certs/java/cacerts
+storepass='changeit'
+if [ -f /etc/default/cacerts ]; then
+ . /etc/default/cacerts
+fi
+
+echo "creating $KEYSTORE..."
+cp /usr/share/ca-certificates-java/cacerts $KEYSTORE
+cacertdir=/usr/share/ca-certificates
+pregenerated=$(mktemp)
+LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
+ | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
+ | sort > $pregenerated
+
+grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
+errors=0
+while read line; do
+ pem=${line#!*}
+ alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
+ case "$line" in
+ !*)
+ if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+ -storepass "$storepass" -alias "$alias" > /dev/null
+ then
+ echo " removed untrusted certificate $pem"
+ fi
+ ;;
+
+ *)
+ if [ ! -f "$cacertdir/$pem" ]; then
+ echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
+ echo >&2 "warning: but $cacertdir/$pem does not exist."
+ continue
+ fi
+ if ! grep -q "^${alias}$" $pregenerated; then
+ if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+ -noprompt -storepass "$storepass" \
+ -alias "$alias" -file "$cacertdir/$pem"
+ then
+ echo " added certificate $pem $alias"
+ else
+ echo >&2 " error adding ${line#+*}"
+ errors=$(expr $errors + 1)
+ fi
+ fi
+ esac
+done
+
+rm -f $pregenerated
+if [ $errors -gt 0 ]; then
+ echo >&2 "failed."
+ exit 1
+fi
+echo "done."
+)
Property changes on: ca-certificates-java/trunk/init-jks-keystore
___________________________________________________________________
Added: svn:executable
+ *
Added: ca-certificates-java/trunk/jks-keystore.hook
===================================================================
--- ca-certificates-java/trunk/jks-keystore.hook (rev 0)
+++ ca-certificates-java/trunk/jks-keystore.hook 2009-05-10 20:25:56 UTC (rev 38906)
@@ -0,0 +1,82 @@
+#! /bin/sh
+
+set -e
+
+storepass='changeit'
+if [ -f /etc/default/cacerts ]; then
+ . /etc/default/cacerts
+fi
+
+KEYSTORE=/etc/ssl/certs/java/cacerts
+
+echo ""
+if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
+ echo "updates of cacerts keystore disabled."
+ exit 0
+fi
+
+for jvm in /usr/lib/jvm/java-1.6.0-openjdk /opt/java/jre; do
+ if [ -x $jvm/bin/keytool ]; then
+ break
+ fi
+done
+
+if [ ! -x $jvm/bin/keytool ]; then
+ exit 0
+fi
+
+export JAVA_HOME=$jvm
+PATH=$JAVA_HOME/bin:$PATH
+
+# read lines of the form: [+-]/etc/ssl/certs/*.pem
+echo "updating keystore $KEYSTORE..."
+
+errors=0
+while read line; do
+ pem=${line#[+-]*}
+ alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
+ LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE \
+ -storepass "$storepass" -alias "$alias" >/dev/null 2>&1 \
+ && exists=yes || exists=no
+ case "$line" in
+ +*)
+ if [ "$exists" = yes ]; then
+ echo " already exists: ${line#+*}"
+ else
+ if LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+ -keystore $KEYSTORE -noprompt -storepass "$storepass" \
+ -alias "$alias" -file "$pem"
+ then
+ echo " added: ${line#+*}"
+ else
+ echo >&2 " error adding ${line#+*}"
+ errors=$(expr $errors + 1)
+ fi
+ fi
+ ;;
+ -*)
+ if [ "$exists" = yes ]; then
+ if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+ -noprompt -storepass "$storepass" \
+ -alias "$alias"
+ then
+ echo " removed ${line#-*}"
+ else
+ echo >&2 " error removing ${line#+*}"
+ errors=$(expr $errors + 1)
+ fi
+ else
+ echo " does not exists: ${line#-*}"
+ fi
+ ;;
+ *)
+ echo >&2 " $0: Unknown line $line"
+ esac
+done
+
+if [ $errors -gt 0 ]; then
+ echo >&2 "failed."
+ exit 1
+fi
+echo "done."
More information about the arch-commits
mailing list