[arch-commits] Commit in ca-certificates-java/trunk (5 files)
Pierre Schmitz
pierre at archlinux.org
Tue Apr 26 21:44:46 UTC 2011
Date: Tuesday, April 26, 2011 @ 17:44:45
Author: pierre
Revision: 120865
upstream update; make use of UpdateCertificates
Added:
ca-certificates-java/trunk/jks-keystore.hook
Modified:
ca-certificates-java/trunk/PKGBUILD
ca-certificates-java/trunk/ca-certificates-java.install
ca-certificates-java/trunk/init-jks-keystore
Deleted:
ca-certificates-java/trunk/jks-keystore.hook.patch
------------------------------+
PKGBUILD | 48 +++++--------------------
ca-certificates-java.install | 8 ++--
init-jks-keystore | 76 +++--------------------------------------
jks-keystore.hook | 16 ++++++++
jks-keystore.hook.patch | 51 ---------------------------
5 files changed, 37 insertions(+), 162 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-04-26 21:44:03 UTC (rev 120864)
+++ PKGBUILD 2011-04-26 21:44:45 UTC (rev 120865)
@@ -2,59 +2,33 @@
# Maintainer: Jan de Groot <jgc at archlinux.org>
pkgname=ca-certificates-java
-pkgver=20110421~nmu1
+pkgver=20110426
pkgrel=1
pkgdesc='Common CA certificates (JKS keystore)'
arch=('any')
url='http://packages.qa.debian.org/c/ca-certificates-java.html'
license=('GPL')
-depends=('ca-certificates' 'nss')
+depends=('ca-certificates')
makedepends=('openjdk6')
install='ca-certificates-java.install'
+backup=('etc/default/cacerts')
source=("http://ftp.debian.org/debian/pool/main/c/${pkgname}/${pkgname}_${pkgver}.tar.gz"
- 'jks-keystore.hook.patch' 'init-jks-keystore')
-md5sums=('34078ed264e401ffb5b176d3b98ec214'
- '26303bb23b9eb7d7a7cdd6eca78e257e'
- '8fca365914fc1fd9c44e26587424dc23')
+ 'init-jks-keystore' 'jks-keystore.hook')
+md5sums=('8ecea60210dd89f9cf73caabf1cf6955'
+ 'ee50d8416e03b764c5fd15dea5f582e2'
+ '84fe0a111e9fe5afadaad8573430a9d1')
build() {
- cd ${srcdir}
-
- patch -p0 -i ${srcdir}/jks-keystore.hook.patch ${pkgname}-${pkgver}/debian/jks-keystore.hook
-
- mkdir build
- cd build
-
- for crt in $(find /usr/share/ca-certificates -name '*.crt' -printf '%P '); do
- alias=$(basename $crt .crt | tr A-Z a-z | tr -cs a-z0-9 _)
- alias=${alias%*_}
- echo "IMPORT: $crt, alias=$alias"
- if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore cacerts \
- -storepass 'changeit' -noprompt \
- -alias "$alias" -file "/usr/share/ca-certificates/$crt" > keytool.log 2>&1; then
- cat keytool.log
- elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore cacerts \
- -providerClass sun.security.pkcs11.SunPKCS11 \
- -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
- -storepass 'changeit' -noprompt \
- -alias "$alias" -file "/usr/share/ca-certificates/$crt" > keytool.log 2>&1; then
- cat keytool.log
- elif grep -q 'Signature not available' keytool.log; then
- echo "IGNORED IMPORT: $crt, alias=$alias"
- cat keytool.log
- else
- cat keytool.log
- false
- fi
- done
+ cd ${srcdir}/${pkgname}-${pkgver}
+ javac UpdateCertificates.java
}
package() {
cd ${srcdir}/${pkgname}-${pkgver}
install -d -m755 ${pkgdir}/etc/ssl/certs/java
- install -D -m755 debian/jks-keystore.hook ${pkgdir}/etc/ca-certificates/update.d/jks-keystore
- install -D -m644 ${srcdir}/build/cacerts ${pkgdir}/usr/share/ca-certificates-java/cacerts
install -D -m600 debian/default ${pkgdir}/etc/default/cacerts
+ install -D -m755 UpdateCertificates.class ${pkgdir}/usr/share/ca-certificates-java/UpdateCertificates.class
install -D -m755 ${srcdir}/init-jks-keystore ${pkgdir}/usr/sbin/init-jks-keystore
+ install -D -m755 ${srcdir}/jks-keystore.hook ${pkgdir}/etc/ca-certificates/update.d/jks-keystore
}
Modified: ca-certificates-java.install
===================================================================
--- ca-certificates-java.install 2011-04-26 21:44:03 UTC (rev 120864)
+++ ca-certificates-java.install 2011-04-26 21:44:45 UTC (rev 120865)
@@ -1,7 +1,7 @@
post_install() {
- if [ ! -f /etc/ssl/certs/java/cacerts ]; then
- if [ -x /usr/lib/jvm/java-6-openjdk/bin/keytool ]; then
- /usr/sbin/init-jks-keystore
+ if [ ! -f etc/ssl/certs/java/cacerts ]; then
+ if which java >/dev/null 2>&1; then
+ usr/sbin/init-jks-keystore
fi
fi
}
@@ -11,5 +11,5 @@
}
post_remove() {
- rm -rf /etc/ssl/certs/java
+ rm -rf etc/ssl/certs/java
}
Modified: init-jks-keystore
===================================================================
--- init-jks-keystore 2011-04-26 21:44:03 UTC (rev 120864)
+++ init-jks-keystore 2011-04-26 21:44:45 UTC (rev 120865)
@@ -1,75 +1,11 @@
-#!/bin/bash
+#!/bin/sh
-KEYSTORE=/etc/ssl/certs/java/cacerts
-
storepass='changeit'
-if [ -f /etc/default/cacerts ]; then
- . /etc/default/cacerts
-fi
+. /etc/default/cacerts
-cacertdir=/usr/share/ca-certificates
-log=$(mktemp)
+CLASSPATH=/usr/share/ca-certificates-java
+export CLASSPATH
-# aliases of pregenerated files
-pregenerated=$(mktemp)
-LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE -storepass "$storepass" \
- | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
- | sort > $pregenerated
-
-grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
-errors=0
-while read line; do
- pem=${line#!*}
- alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
- alias=${alias%*_}
- case "$line" in
- !*)
- # remove untrusted certificate
- if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
- -storepass "$storepass" -alias "$alias" >/dev/null
- then
- echo " removed untrusted certificate $pem"
- else
- # not (anymore) in keystore
- :
- fi;;
- *)
- # add certificate not yet in keystore
- if [ ! -f "$cacertdir/$pem" ]; then
- echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
- echo >&2 "warning: but $cacertdir/$pem does not exist."
- continue
- fi
- if ! grep -q "^${alias}$" $pregenerated; then
- if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
- -noprompt -storepass "$storepass" \
- -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
- then
- echo " added certificate $pem"
- elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
- -providerClass sun.security.pkcs11.SunPKCS11 \
- -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
- -noprompt -storepass "$storepass" \
- -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
- then
- echo " added certificate $pem (using NSS provider)"
- elif grep -q 'Signature not available' $log; then
- echo " ignored import, signature not available: ${line#+*}"
- sed -e 's/^/ -> /' $log
- else
- echo >&2 " error adding ${line#+*}"
- errors=$(expr $errors + 1)
- fi
- fi
- esac
-done
-rm -f $log
-rm -f $pregenerated
-if [ $errors -gt 0 ]; then
- echo >&2 "failed (VM used: $jvm)."
- exit 1
-fi
+find /etc/ssl/certs -name '*.pem' -printf "+%p\n" | \
+ java UpdateCertificates -storepass "${storepass}"
echo "done."
-)
-
-exit 0
Added: jks-keystore.hook
===================================================================
--- jks-keystore.hook (rev 0)
+++ jks-keystore.hook 2011-04-26 21:44:45 UTC (rev 120865)
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+storepass='changeit'
+. /etc/default/cacerts
+
+echo ""
+if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
+ echo "updates of cacerts keystore disabled."
+ exit 0
+fi
+
+CLASSPATH=/usr/share/ca-certificates-java
+export CLASSPATH
+
+java UpdateCertificates -storepass "$storepass"
+echo "done."
Deleted: jks-keystore.hook.patch
===================================================================
--- jks-keystore.hook.patch 2011-04-26 21:44:03 UTC (rev 120864)
+++ jks-keystore.hook.patch 2011-04-26 21:44:45 UTC (rev 120865)
@@ -1,51 +0,0 @@
---- jks-keystore.hook 2010-04-11 20:47:48.000000000 +0200
-+++ jks-keystore.hook 2010-12-17 06:43:45.570350448 +0100
-@@ -28,20 +28,12 @@
- export JAVA_HOME=/usr/lib/jvm/$jvm
- PATH=$JAVA_HOME/bin:$PATH
-
--temp_jvm_cfg=
--if [ ! -f /etc/$jvm/jvm.cfg ]; then
-- # the jre is not yet configured, but jvm.cfg is needed to run it
-- temp_jvm_cfg=/etc/$jvm/jvm.cfg
-- mkdir -p /etc/$jvm
-- printf -- "-server KNOWN\n" > $temp_jvm_cfg
--fi
--
- # read lines of the form: [+-]/etc/ssl/certs/*.pem
-
- echo "updating keystore $KEYSTORE..."
-
- errors=0
--log=$(tempfile)
-+log=$(mktemp)
- while read line; do
- pem=${line#[+-]*}
- alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
-@@ -62,7 +54,7 @@
- elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts \
- -keystore $KEYSTORE -noprompt -storepass "$storepass" \
- -providerClass sun.security.pkcs11.SunPKCS11 \
-- -providerArg '${java.home}/lib/security/nss.cfg' \
-+ -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
- -alias "$alias" -file "$pem" > $log 2>&1
- then
- echo " added: ${line#+*} (using NSS provider)"
-@@ -85,7 +77,7 @@
- elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
- -noprompt -storepass "$storepass" \
- -providerClass sun.security.pkcs11.SunPKCS11 \
-- -providerArg '${java.home}/lib/security/nss.cfg' \
-+ -providerArg '/usr/lib/jvm/java-6-openjdk/jre/lib/security/nss.cfg' \
- -alias "$alias"
- then
- echo " removed ${line#-*} (using NSS provider)"
-@@ -103,8 +95,6 @@
- done
- rm -f $log
-
--[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
--
- if [ $errors -gt 0 ]; then
- echo >&2 "failed (VM used: $jvm)."
- exit 1
More information about the arch-commits
mailing list