[arch-commits] Commit in ca-certificates-java/trunk (4 files)

Pierre Schmitz pierre at archlinux.org
Sun Oct 24 13:34:03 UTC 2010


    Date: Sunday, October 24, 2010 @ 09:34:03
  Author: pierre
Revision: 96730

upstream update

Added:
  ca-certificates-java/trunk/jks-keystore.hook.patch
Modified:
  ca-certificates-java/trunk/PKGBUILD
  ca-certificates-java/trunk/ca-certificates-java.install
  ca-certificates-java/trunk/init-jks-keystore

------------------------------+
 PKGBUILD                     |   73 ++++++++++++++++++---------
 ca-certificates-java.install |   19 ++-----
 init-jks-keystore            |  107 ++++++++++++++++++++---------------------
 jks-keystore.hook.patch      |   44 ++++++++++++++++
 4 files changed, 153 insertions(+), 90 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-10-24 12:38:03 UTC (rev 96729)
+++ PKGBUILD	2010-10-24 13:34:03 UTC (rev 96730)
@@ -2,36 +2,59 @@
 # Maintainer: Jan de Groot <jgc at archlinux.org>
 
 pkgname=ca-certificates-java
-pkgver=20090629
-pkgrel=2
+pkgver=20100412
+pkgrel=1
 pkgdesc='Common CA certificates (JKS keystore)'
-arch=(any)
+arch=('any')
 url='http://packages.qa.debian.org/c/ca-certificates-java.html'
 license=('GPL')
-depends=('ca-certificates')
-makedepends=('java-runtime')
-install=ca-certificates-java.install
-source=(jks-keystore.hook init-jks-keystore default)
-md5sums=('c7f271d9a2efbd5c2c00a1c0d66efa64'
-         'f253225bebcc9e9faa331d8e9fb39c1d'
-         '0ded97abeff69c2362939e2e881e214a')
+depends=('ca-certificates' 'nss')
+makedepends=('openjdk6')
+install='ca-certificates-java.install'
+source=("http://ftp.debian.org/debian/pool/main/c/${pkgname}/${pkgname}_${pkgver}.tar.gz"
+        'jks-keystore.hook.patch' 'init-jks-keystore')
+md5sums=('16a5d04148d17923a4d838214dd9b867'
+         'e2009af18d0c61d067117ca982dee97f'
+         '82dcec93bb328ae68db33c8177fb3858')
 
 build() {
-  cd "${srcdir}"
-  install -d -m755 "${pkgdir}/etc/ca-certificates/update.d"
-  install -d -m755 "${pkgdir}/etc/ssl/certs/java"
-  install -d -m755 "${pkgdir}/etc/default"
-  install -d -m755 "${pkgdir}/usr/share/ca-certificates-java"
-  install -d -m755 "${pkgdir}/usr/sbin"
+	cd ${srcdir}
 
-  install -m755 jks-keystore.hook "${pkgdir}/etc/ca-certificates/update.d/jks-keystore" || return 1
-  install -m600 default "${pkgdir}/etc/default/cacerts" || return 1
-  install -m755 init-jks-keystore "${pkgdir}/usr/sbin/" || return 1
+	patch -p0 -i ${srcdir}/jks-keystore.hook.patch ${pkgname}-${pkgver}/debian/jks-keystore.hook
 
-  for crt in `find /usr/share/ca-certificates -name '*.crt' -printf '%P '`; do
-    alias=`basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _`
-    alias=${alias%*_}
-    echo "IMPORT: $crt, alias=$alias"
-    keytool -importcert -trustcacerts -keystore "${pkgdir}/usr/share/ca-certificates-java/cacerts" -storepass 'changeit' -noprompt -alias "$alias" -file "/usr/share/ca-certificates/$crt" || continue
-  done
+	mkdir build
+	cd build
+
+	for crt in $(find /usr/share/ca-certificates -name '*.crt' -printf '%P '); do
+		alias=$(basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+		alias=${alias%*_}
+		echo "IMPORT: $crt, alias=$alias"
+		if keytool -importcert -trustcacerts -keystore cacerts \
+			-storepass 'changeit' -noprompt \
+			-alias "$alias" -file "/usr/share/ca-certificates/$crt" > keytool.log 2>&1; then
+				cat keytool.log
+		elif keytool -importcert -trustcacerts -keystore cacerts \
+			-providerClass sun.security.pkcs11.SunPKCS11 \
+			-providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+			-storepass 'changeit' -noprompt \
+			-alias "$alias" -file "/usr/share/ca-certificates/$crt" > keytool.log 2>&1; then
+				cat keytool.log
+		elif grep -q 'Signature not available' keytool.log; then
+				echo "IGNORED IMPORT: $crt, alias=$alias"
+				cat keytool.log
+		else
+				cat keytool.log
+				false
+		fi
+	done
 }
+
+package() {
+	cd ${srcdir}/${pkgname}-${pkgver}
+
+	install -d -m755 ${pkgdir}/etc/ssl/certs/java
+	install -D -m755 debian/jks-keystore.hook ${pkgdir}/etc/ca-certificates/update.d/jks-keystore
+	install -D -m644 ${srcdir}/build/cacerts ${pkgdir}/usr/share/ca-certificates-java/cacerts
+	install -D -m600 debian/default ${pkgdir}/etc/default/cacerts
+	install -D -m755 ${srcdir}/init-jks-keystore ${pkgdir}/usr/sbin/init-jks-keystore
+}
\ No newline at end of file

Modified: ca-certificates-java.install
===================================================================
--- ca-certificates-java.install	2010-10-24 12:38:03 UTC (rev 96729)
+++ ca-certificates-java.install	2010-10-24 13:34:03 UTC (rev 96730)
@@ -1,20 +1,15 @@
 post_install() {
-  if [ ! -f /etc/ssl/certs/java/cacerts ]; then
-    for jvm in /usr/lib/jvm/java-6-openjdk /opt/java/jre; do
-      if [ -x $jvm/bin/keytool ]; then
-        break
-      fi
-    done
-    if [ -x $jvm/bin/keytool ]; then
-      /usr/sbin/init-jks-keystore
-    fi
-  fi
+	if [ ! -f /etc/ssl/certs/java/cacerts ]; then
+		if [ -x /usr/lib/jvm/java-6-openjdk/bin/keytool ]; then
+			/usr/sbin/init-jks-keystore
+		fi
+	fi
 }
 
 post_upgrade() {
-  post_install
+	post_install
 }
 
 post_remove() {
-  rm -rf /etc/ssl/certs/java
+	rm -rf /etc/ssl/certs/java
 }

Modified: init-jks-keystore
===================================================================
--- init-jks-keystore	2010-10-24 12:38:03 UTC (rev 96729)
+++ init-jks-keystore	2010-10-24 13:34:03 UTC (rev 96730)
@@ -1,74 +1,75 @@
 #!/bin/bash
-for jvm in /usr/lib/jvm/java-6-openjdk /opt/java/jre; do
-  if [ -x $jvm/bin/keytool ]; then
-    break
-  fi
-done
-if [ ! -x $jvm/bin/keytool ]; then
-  echo "No supported JRE installed"
-  exit 1
-fi
-export JAVA_HOME=$jvm
-PATH=$JAVA_HOME/bin:$PATH
 
 KEYSTORE=/etc/ssl/certs/java/cacerts
+
 storepass='changeit'
 if [ -f /etc/default/cacerts ]; then
-  . /etc/default/cacerts
+	. /etc/default/cacerts
 fi
 
-echo "creating $KEYSTORE..."
-cp /usr/share/ca-certificates-java/cacerts $KEYSTORE
 cacertdir=/usr/share/ca-certificates
+log=$(mktemp)
+
+# aliases of pregenerated files
 pregenerated=$(mktemp)
 LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
-  | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
-  | sort > $pregenerated
+	| awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
+	| sort > $pregenerated
 
 grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
 errors=0
-log=$(mktemp)
 while read line; do
-  pem=${line#!*}
-  alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
-  alias=${alias%*_}
-  case "$line" in
-    !*)
-      if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
-          -storepass "$storepass" -alias "$alias" > /dev/null
-      then
-        echo "  removed untrusted certificate $pem"
-      fi
-      ;;
-
-    *)
-      if [ ! -f "$cacertdir/$pem" ]; then
-        echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
-        echo >&2 "warning:   but $cacertdir/$pem does not exist."
-        continue
-      fi
-      if ! grep -q "^${alias}$" $pregenerated; then
-        if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
-             -noprompt -storepass "$storepass" \
-             -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
-        then
-          echo "  added certificate $pem $alias"
-        elif grep -q 'Signature not available' $log; then
-          echo "  ignored import, signature not available: ${line#+*}"
-          cat $log
-        else
-          echo >&2 "  error adding ${line#+*}"
-          errors=$(expr $errors + 1)
-        fi
-      fi
-  esac
+	pem=${line#!*}
+	alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+	alias=${alias%*_}
+	case "$line" in
+	!*)
+		# remove untrusted certificate
+		if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+		-storepass "$storepass" -alias "$alias" >/dev/null
+		then
+			echo "  removed untrusted certificate $pem"
+		else
+		# not (anymore) in keystore
+		:
+		fi;;
+	*)
+		# add certificate not yet in keystore
+		if [ ! -f "$cacertdir/$pem" ]; then
+			echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
+			echo >&2 "warning:   but $cacertdir/$pem does not exist."
+			continue
+		fi
+		if ! grep -q "^${alias}$" $pregenerated; then
+			if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+				-noprompt -storepass "$storepass" \
+				-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
+			then
+				echo "  added certificate $pem"
+			elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
+				-providerClass sun.security.pkcs11.SunPKCS11 \
+				-providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+				-noprompt -storepass "$storepass" \
+				-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
+			then
+				echo "  added certificate $pem (using NSS provider)"
+			elif grep -q 'Signature not available' $log; then
+				echo "  ignored import, signature not available: ${line#+*}"
+				sed -e 's/^/   -> /' $log
+			else
+				echo >&2 "  error adding ${line#+*}"
+				errors=$(expr $errors + 1)
+			fi
+		fi
+	esac
 done
 rm -f $log
-
 rm -f $pregenerated
 if [ $errors -gt 0 ]; then
-  echo >&2 "failed."
-  exit 1
+	echo >&2 "failed (VM used: $jvm)."
+	exit 1
 fi
 echo "done."
 )
+
+exit 0

Added: jks-keystore.hook.patch
===================================================================
--- jks-keystore.hook.patch	                        (rev 0)
+++ jks-keystore.hook.patch	2010-10-24 13:34:03 UTC (rev 96730)
@@ -0,0 +1,44 @@
+--- jks-keystore.hook	2010-04-11 20:47:48.000000000 +0200
++++ jks-keystore.hook	2010-10-24 14:52:38.837234542 +0200
+@@ -28,14 +28,6 @@
+ export JAVA_HOME=/usr/lib/jvm/$jvm
+ PATH=$JAVA_HOME/bin:$PATH
+ 
+-temp_jvm_cfg=
+-if [ ! -f /etc/$jvm/jvm.cfg ]; then
+-    # the jre is not yet configured, but jvm.cfg is needed to run it
+-    temp_jvm_cfg=/etc/$jvm/jvm.cfg
+-    mkdir -p /etc/$jvm
+-    printf -- "-server KNOWN\n" > $temp_jvm_cfg
+-fi
+-
+ # read lines of the form: [+-]/etc/ssl/certs/*.pem
+ 
+ echo "updating keystore $KEYSTORE..."
+@@ -62,7 +54,7 @@
+ 	  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts \
+ 		-keystore $KEYSTORE -noprompt -storepass "$storepass" \
+ 	        -providerClass sun.security.pkcs11.SunPKCS11 \
+-	        -providerArg '${java.home}/lib/security/nss.cfg' \
++	        -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+ 		-alias "$alias" -file "$pem" > $log 2>&1
+ 	  then
+ 	      echo "  added: ${line#+*} (using NSS provider)"
+@@ -85,7 +77,7 @@
+ 	    elif LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
+ 		-noprompt -storepass "$storepass" \
+ 	        -providerClass sun.security.pkcs11.SunPKCS11 \
+-	        -providerArg '${java.home}/lib/security/nss.cfg' \
++	        -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
+ 		-alias "$alias"
+ 	    then
+ 		echo "  removed ${line#-*} (using NSS provider)"
+@@ -103,8 +95,6 @@
+ done
+ rm -f $log
+ 
+-[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
+-
+ if [ $errors -gt 0 ]; then
+     echo >&2 "failed (VM used: $jvm)."
+     exit 1




More information about the arch-commits mailing list