From 47364723269d641dae1fa5543595e28b5d41b7c7 Mon Sep 17 00:00:00 2001 From: Francesc Zacarias Date: Thu, 5 Mar 2015 00:43:30 +0100 Subject: [PATCH] New --with-system-certs option to use the system keystore (Closes: #776395) --- debian/changelog | 4 ++++ lib/javase.sh | 10 +++++++++- lib/jdk.sh | 3 +++ lib/jre.sh | 5 ++++- make-jpkg | 17 ++++++++++------- make-jpkg.1 | 5 +++++ 6 files changed, 35 insertions(+), 9 deletions(-) diff --git a/debian/changelog b/debian/changelog index 4cf54fb..175372b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,9 @@ java-package (0.58) UNRELEASED; urgency=medium + [ Francesc Zacarias ] + * New --with-system-certs option to use the system keystore (Closes: #776395) + + [ Emmanuel Bourg ] * Removed the generated package mistakenly included in the source package (Closes: #779727) diff --git a/lib/javase.sh b/lib/javase.sh index 3e539b3..9bfd3ec 100644 --- a/lib/javase.sh +++ b/lib/javase.sh @@ -126,8 +126,16 @@ if [ "\$1" = configure ]; then update-alternatives --install "\$link_path/\$link_name" "\$plugin_name" "\$plugin" $j2se_priority fi } - EOF + if [ "$create_cert_softlinks" == "true" ];then + cat >> "$debian_dir/postinst" << EOF + for subdir in lib/security jre/lib/security;do + if [ -f $jvm_base$j2se_name/\$subdir/cacerts ]; then + ln -sf /etc/ssl/certs/java/cacerts $jvm_base$j2se_name/\$subdir/cacerts + fi + done +EOF + fi eval "$j2se_install" >> "$debian_dir/postinst" cat >> "$debian_dir/postinst" << EOF diff --git a/lib/jdk.sh b/lib/jdk.sh index 1c75876..46dec6f 100644 --- a/lib/jdk.sh +++ b/lib/jdk.sh @@ -13,6 +13,9 @@ j2sdk_control() { # No browser on ARM yet java_browser_plugin="" fi + if [ "$create_cert_softlinks" == "true" ]; then + depends="$depends, ca-certificates-java" + fi for i in `seq 5 ${j2se_release}`; do provides_runtime="${provides_runtime} java${i}-runtime," diff --git a/lib/jre.sh b/lib/jre.sh index 93aed8b..7b339d8 100644 --- a/lib/jre.sh +++ b/lib/jre.sh @@ -1,6 +1,9 @@ j2re_control() { j2se_control + if [ "$create_cert_softlinks" == "true" ]; then + depends="ca-certificates-java" + fi for i in `seq 5 ${j2se_release}`; do provides_runtime="${provides_runtime} java${i}-runtime," @@ -9,7 +12,7 @@ j2re_control() { cat << EOF Package: $j2se_package Architecture: any -Depends: \${misc:Depends}, \${shlibs:Depends} +Depends: \${misc:Depends}, \${shlibs:Depends}, $depends Recommends: netbase Provides: java-virtual-machine, java-runtime, java2-runtime, $provides_runtime java-runtime-headless, java2-runtime-headless, $provides_headless java-browser-plugin Description: $j2se_title diff --git a/make-jpkg b/make-jpkg index a90c26e..6e53003 100755 --- a/make-jpkg +++ b/make-jpkg @@ -79,14 +79,15 @@ Supported java binary distributions currently include: The following options are recognized: - --full-name NAME full name used in the maintainer field of the package - --email EMAIL email address used in the maintainer field of the package - --changes create a .changes file - --revision add debian revision - --source build a source package instead of a binary deb package + --full-name NAME full name used in the maintainer field of the package + --email EMAIL email address used in the maintainer field of the package + --changes create a .changes file + --revision add debian revision + --source build a source package instead of a binary deb package + --with-system-certs integrate with the system's keystore - --help display this help and exit - --version output version information and exit + --help display this help and exit + --version output version information and exit EOF } @@ -131,6 +132,8 @@ while [[ $# -gt 0 && "x$1" == x--* ]]; do genchanges="true" elif [[ "x$1" == x--source ]]; then build_source="true" + elif [[ "x$1" == x--with-system-certs ]]; then + create_cert_softlinks="true" else unrecognized_option "$1" fi diff --git a/make-jpkg.1 b/make-jpkg.1 index bceec92..ba1d000 100644 --- a/make-jpkg.1 +++ b/make-jpkg.1 @@ -52,6 +52,11 @@ add debian revision .B --source build a source package instead of a binary deb package .TP +.B --with-system-certs +Replace the JVMs keystore with a softlink to the system's keystore, +(/etc/ssl/certs/java/cacerts) which is managed automatically by the +ca-certificates and ca-certificates-java packages. +.TP .B --help display help text and exit .TP -- 2.39.5