Gottox · December 17, 2014 19:57
diff --git a/openjdk.diff b/openjdk.diff
 diff --git a/srcpkgs/openjdk/files/mkcacerts b/srcpkgs/openjdk/files/mkcacerts
 new file mode 100644
 index 0000000..2db5a77
 --- /dev/null
 +++ b/srcpkgs/openjdk/files/mkcacerts
 @@ -0,0 +1,214 @@
 +#!/bin/sh
 +# Script provided by http://www.linuxfromscratch.org/blfs/view/svn/general/openjdk.html#ojdk-certs
 +# EB 20141217: removed bashisms
 +# Simple script to extract x509 certificates and create a JRE cacerts file.
 +
 +get_args()
 +    {
 +        if test -z "${1}" ; then
 +            showhelp
 +            exit 1
 +        fi
 +
 +        while test -n "${1}" ; do
 +            case "${1}" in
 +                -f | --cafile)
 +                    check_arg $1 $2
 +                    CAFILE="${2}"
 +                    shift 2
 +                    ;;
 +                -d | --cadir)
 +                    check_arg $1 $2
 +                    CADIR="${2}"
 +                    shift 2
 +                    ;;
 +                -o | --outfile)
 +                    check_arg $1 $2
 +                    OUTFILE="${2}"
 +                    shift 2
 +                    ;;
 +                -k | --keytool)
 +                    check_arg $1 $2
 +                    KEYTOOL="${2}"
 +                    shift 2
 +                    ;;
 +                -s | --openssl)
 +                    check_arg $1 $2
 +                    OPENSSL="${2}"
 +                    shift 2
 +                    ;;
 +                -h | --help)
 +                    showhelp
 +                    exit 0
 +                    ;;
 +                *)
 +                    showhelp
 +                    exit 1
 +                    ;;
 +            esac
 +        done
 +    }
 +
 +check_arg()
 +    {
 +        echo "${2}" | grep -v "^-" > /dev/null
 +        if [ -z "$?" -o ! -n "$2" ]; then
 +            echo "Error:  $1 requires a valid argument."
 +            exit 1
 +        fi
 +    }
 +
 +# The date binary is not reliable on 32bit systems for dates after 2038
 +mydate()
 +    {
 +        local y=$( echo $1 | cut -d" " -f4 )
 +        local M=$( echo $1 | cut -d" " -f1 )
 +        local d=$( echo $1 | cut -d" " -f2 )
 +        local m
 +
 +        if [ ${d} -lt 10 ]; then d="0${d}"; fi
 +
 +        case $M in
 +            Jan) m="01";;
 +            Feb) m="02";;
 +            Mar) m="03";;
 +            Apr) m="04";;
 +            May) m="05";;
 +            Jun) m="06";;
 +            Jul) m="07";;
 +            Aug) m="08";;
 +            Sep) m="09";;
 +            Oct) m="10";;
 +            Nov) m="11";;
 +            Dec) m="12";;
 +        esac
 +
 +        certdate="${y}${m}${d}"
 +    }
 +
 +showhelp()
 +    {
 +        echo "`basename ${0}` creates a valid cacerts file for use with IcedTea."
 +        echo ""
 +        echo "        -f  --cafile     The path to a file containing PEM"
 +        echo "                         formated CA certificates. May not be"
 +        echo "                         used with -d/--cadir."
 +        echo ""
 +        echo "        -d  --cadir      The path to a directory of PEM formatted"
 +        echo "                         CA certificates. May not be used with"
 +        echo "                         -f/--cafile."
 +        echo ""
 +        echo "        -o  --outfile    The path to the output file."
 +        echo ""
 +        echo "        -k  --keytool    The path to the java keytool utility."
 +        echo ""
 +        echo "        -s  --openssl    The path to the openssl utility."
 +        echo ""
 +        echo "        -h  --help       Show this help message and exit."
 +        echo ""
 +        echo ""
 +    }
 +
 +# Initialize empty variables so that the shell does not pollute the script
 +CAFILE=""
 +CADIR=""
 +OUTFILE=""
 +OPENSSL=""
 +KEYTOOL=""
 +certdate=""
 +date=""
 +today=$( date +%Y%m%d )
 +
 +# Process command line arguments
 +get_args ${@}
 +
 +# Handle common errors
 +if test "${CAFILE}x" = "x" -a "${CADIR}x" = "x" ; then
 +    echo "ERROR!  You must provide an x509 certificate store!"
 +    echo "\'$(basename ${0}) --help\' for more info."
 +    echo ""
 +    exit 1
 +fi
 +
 +if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then
 +    echo "ERROR!  You cannot provide two x509 certificate stores!"
 +    echo "\'$(basename ${0}) --help\' for more info."
 +    echo ""
 +    exit 1
 +fi
 +
 +if test "${KEYTOOL}x" = "x" ; then
 +    echo "ERROR!  You must provide a valid keytool program!"
 +    echo "\'$(basename ${0}) --help\' for more info."
 +    echo ""
 +    exit 1
 +fi
 +
 +if test "${OPENSSL}x" = "x" ; then
 +    echo "ERROR!  You must provide a valid path to openssl!"
 +    echo "\'$(basename ${0}) --help\' for more info."
 +    echo ""
 +    exit 1
 +fi
 +
 +if test "${OUTFILE}x" = "x" ; then
 +    echo "ERROR!  You must provide a valid output file!"
 +    echo "\'$(basename ${0}) --help\' for more info."
 +    echo ""
 +    exit 1
 +fi
 +
 +# Get on with the work
 +
 +# If using a CAFILE, split it into individual files in a temp directory
 +if test "${CAFILE}x" != "x" ; then
 +    TEMPDIR=`mktemp -d`
 +    CADIR="${TEMPDIR}"
 +
 +    # Get a list of staring lines for each cert
 +    CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" | cut -d ":" -f 1`
 +
 +    # Get a list of ending lines for each cert
 +    ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" | cut -d ":" -f 1`
 +
 +    # Start a loop
 +    for certbegin in ${CERTLIST} ; do
 +        for certend in ${ENDCERTLIST} ; do
 +            if test "${certend}" -gt "${certbegin}"; then
 +                break
 +            fi
 +        done
 +        sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}.pem"
 +        keyhash=`${OPENSSL} x509 -noout -in "${CADIR}/${certbegin}.pem" -hash`
 +        echo "Generated PEM file with hash:  ${keyhash}."
 +    done
 +fi
 +
 +# Write the output file
 +for cert in `find "${CADIR}" -type f -name "*.pem" -o -name "*.crt"`
 +do
 +
 +    # Make sure the certificate date is valid...
 +    date=$( ${OPENSSL} x509 -enddate -in "${cert}" -noout | sed 's/^notAfter=//' )
 +    mydate "${date}"
 +    if test "${certdate}" -lt "${today}" ; then
 +        echo "${cert} expired on ${certdate}! Skipping..."
 +        unset date certdate
 +        continue
 +    fi
 +    unset date certdate
 +    ls "${cert}"
 +    tempfile=`mktemp`
 +    sed -n "/^-----BEGIN/,/^-----END/p" "${cert}" > "${tempfile}"
 +    echo yes | env LC_ALL=C "${KEYTOOL}" -import                     \
 +                                         -alias `basename "${cert}"` \
 +                                         -keystore "${OUTFILE}"      \
 +                                         -storepass 'changeit'       \
 +                                         -file "${tempfile}"
 +    rm "${tempfile}"
 +done
 +
 +if test "${TEMPDIR}x" != "x" ; then
 +    rm -rf "${TEMPDIR}"
 +fi
 +exit 0
 diff --git a/srcpkgs/openjdk/template b/srcpkgs/openjdk/template
 index b0a4550..56e49bc 100644
 --- a/srcpkgs/openjdk/template
 +++ b/srcpkgs/openjdk/template
 @@ -12,7 +12,7 @@ _openjdk_version="openjdk-1.8.0_${_jdk_update}"
 # Template file for 'openjdk'
 pkgname=openjdk
 version=${_java_ver}u${_jdk_update}
 -revision=1
 +revision=2
 nocross=yes
 wrksrc=jdk8u-jdk8u${_jdk_update}-b${_jdk_build}/
 build_style=gnu-configure
 @@ -26,7 +26,7 @@ configure_args="
  $(vopt_if oracle_bootstrap --with-boot-jdk=/usr/lib/jvm/oracle-jdk \
 			    --with-boot-jdk=/usr/lib/jvm/openjdk)"
 make_build_args="DEBUG_BINARIES=true docs all"
 -hostmakedepends="pkg-config cpio unzip zip"
 +hostmakedepends="pkg-config cpio unzip zip ca-certificates libressl-openssl"
 case "$XBPS_MACHINE" in
 	arm*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk-arm openjdk)";;
 	*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk openjdk)";;
 @@ -86,6 +86,13 @@ post_extract() {
 
 post_install() {
 	rm -rf ${DESTDIR}/usr/lib/bin
 +	vinstall ${FILESDIR}/mkcacerts 755 usr/lib/jvm/$_openjdk_version/jre/bin
 +	vmkdir usr/lib/jvm/$_openjdk_version/jre/lib/security
 +	sh ${FILESDIR}/mkcacerts \
 +		-d "/usr/share/ca-certificates/" \
 +		-s "/usr/bin/openssl"  \
 +		-k "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/bin/keytool" \
 +		-o "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/lib/security/cacerts"
 	vlicense ASSEMBLY_EXCEPTION
 	vlicense LICENSE
 	vlicense THIRD_PARTY_README
	diff --git a/srcpkgs/openjdk/files/mkcacerts b/srcpkgs/openjdk/files/mkcacerts
	new file mode 100644
	index 0000000..2db5a77
	--- /dev/null
	+++ b/srcpkgs/openjdk/files/mkcacerts
	@@ -0,0 +1,214 @@
	+#!/bin/sh
	+# Script provided by http://www.linuxfromscratch.org/blfs/view/svn/general/openjdk.html#ojdk-certs
	+# EB 20141217: removed bashisms
	+# Simple script to extract x509 certificates and create a JRE cacerts file.
	+
	+get_args()
	+ {
	+ if test -z "${1}" ; then
	+ showhelp
	+ exit 1
	+ fi
	+
	+ while test -n "${1}" ; do
	+ case "${1}" in
	+ -f \| --cafile)
	+ check_arg $1 $2
	+ CAFILE="${2}"
	+ shift 2
	+ ;;
	+ -d \| --cadir)
	+ check_arg $1 $2
	+ CADIR="${2}"
	+ shift 2
	+ ;;
	+ -o \| --outfile)
	+ check_arg $1 $2
	+ OUTFILE="${2}"
	+ shift 2
	+ ;;
	+ -k \| --keytool)
	+ check_arg $1 $2
	+ KEYTOOL="${2}"
	+ shift 2
	+ ;;
	+ -s \| --openssl)
	+ check_arg $1 $2
	+ OPENSSL="${2}"
	+ shift 2
	+ ;;
	+ -h \| --help)
	+ showhelp
	+ exit 0
	+ ;;
	+ *)
	+ showhelp
	+ exit 1
	+ ;;
	+ esac
	+ done
	+ }
	+
	+check_arg()
	+ {
	+ echo "${2}" \| grep -v "^-" > /dev/null
	+ if [ -z "$?" -o ! -n "$2" ]; then
	+ echo "Error: $1 requires a valid argument."
	+ exit 1
	+ fi
	+ }
	+
	+# The date binary is not reliable on 32bit systems for dates after 2038
	+mydate()
	+ {
	+ local y=$( echo $1 \| cut -d" " -f4 )
	+ local M=$( echo $1 \| cut -d" " -f1 )
	+ local d=$( echo $1 \| cut -d" " -f2 )
	+ local m
	+
	+ if [ ${d} -lt 10 ]; then d="0${d}"; fi
	+
	+ case $M in
	+ Jan) m="01";;
	+ Feb) m="02";;
	+ Mar) m="03";;
	+ Apr) m="04";;
	+ May) m="05";;
	+ Jun) m="06";;
	+ Jul) m="07";;
	+ Aug) m="08";;
	+ Sep) m="09";;
	+ Oct) m="10";;
	+ Nov) m="11";;
	+ Dec) m="12";;
	+ esac
	+
	+ certdate="${y}${m}${d}"
	+ }
	+
	+showhelp()
	+ {
	+ echo "`basename ${0}` creates a valid cacerts file for use with IcedTea."
	+ echo ""
	+ echo " -f --cafile The path to a file containing PEM"
	+ echo " formated CA certificates. May not be"
	+ echo " used with -d/--cadir."
	+ echo ""
	+ echo " -d --cadir The path to a directory of PEM formatted"
	+ echo " CA certificates. May not be used with"
	+ echo " -f/--cafile."
	+ echo ""
	+ echo " -o --outfile The path to the output file."
	+ echo ""
	+ echo " -k --keytool The path to the java keytool utility."
	+ echo ""
	+ echo " -s --openssl The path to the openssl utility."
	+ echo ""
	+ echo " -h --help Show this help message and exit."
	+ echo ""
	+ echo ""
	+ }
	+
	+# Initialize empty variables so that the shell does not pollute the script
	+CAFILE=""
	+CADIR=""
	+OUTFILE=""
	+OPENSSL=""
	+KEYTOOL=""
	+certdate=""
	+date=""
	+today=$( date +%Y%m%d )
	+
	+# Process command line arguments
	+get_args ${@}
	+
	+# Handle common errors
	+if test "${CAFILE}x" = "x" -a "${CADIR}x" = "x" ; then
	+ echo "ERROR! You must provide an x509 certificate store!"
	+ echo "\'$(basename ${0}) --help\' for more info."
	+ echo ""
	+ exit 1
	+fi
	+
	+if test "${CAFILE}x" != "x" -a "${CADIR}x" != "x" ; then
	+ echo "ERROR! You cannot provide two x509 certificate stores!"
	+ echo "\'$(basename ${0}) --help\' for more info."
	+ echo ""
	+ exit 1
	+fi
	+
	+if test "${KEYTOOL}x" = "x" ; then
	+ echo "ERROR! You must provide a valid keytool program!"
	+ echo "\'$(basename ${0}) --help\' for more info."
	+ echo ""
	+ exit 1
	+fi
	+
	+if test "${OPENSSL}x" = "x" ; then
	+ echo "ERROR! You must provide a valid path to openssl!"
	+ echo "\'$(basename ${0}) --help\' for more info."
	+ echo ""
	+ exit 1
	+fi
	+
	+if test "${OUTFILE}x" = "x" ; then
	+ echo "ERROR! You must provide a valid output file!"
	+ echo "\'$(basename ${0}) --help\' for more info."
	+ echo ""
	+ exit 1
	+fi
	+
	+# Get on with the work
	+
	+# If using a CAFILE, split it into individual files in a temp directory
	+if test "${CAFILE}x" != "x" ; then
	+ TEMPDIR=`mktemp -d`
	+ CADIR="${TEMPDIR}"
	+
	+ # Get a list of staring lines for each cert
	+ CERTLIST=`grep -n "^-----BEGIN" "${CAFILE}" \| cut -d ":" -f 1`
	+
	+ # Get a list of ending lines for each cert
	+ ENDCERTLIST=`grep -n "^-----END" "${CAFILE}" \| cut -d ":" -f 1`
	+
	+ # Start a loop
	+ for certbegin in ${CERTLIST} ; do
	+ for certend in ${ENDCERTLIST} ; do
	+ if test "${certend}" -gt "${certbegin}"; then
	+ break
	+ fi
	+ done
	+ sed -n "${certbegin},${certend}p" "${CAFILE}" > "${CADIR}/${certbegin}.pem"
	+ keyhash=`${OPENSSL} x509 -noout -in "${CADIR}/${certbegin}.pem" -hash`
	+ echo "Generated PEM file with hash: ${keyhash}."
	+ done
	+fi
	+
	+# Write the output file
	+for cert in `find "${CADIR}" -type f -name ".pem" -o -name ".crt"`
	+do
	+
	+ # Make sure the certificate date is valid...
	+ date=$( ${OPENSSL} x509 -enddate -in "${cert}" -noout \| sed 's/^notAfter=//' )
	+ mydate "${date}"
	+ if test "${certdate}" -lt "${today}" ; then
	+ echo "${cert} expired on ${certdate}! Skipping..."
	+ unset date certdate
	+ continue
	+ fi
	+ unset date certdate
	+ ls "${cert}"
	+ tempfile=`mktemp`
	+ sed -n "/^-----BEGIN/,/^-----END/p" "${cert}" > "${tempfile}"
	+ echo yes \| env LC_ALL=C "${KEYTOOL}" -import \
	+ -alias `basename "${cert}"` \
	+ -keystore "${OUTFILE}" \
	+ -storepass 'changeit' \
	+ -file "${tempfile}"
	+ rm "${tempfile}"
	+done
	+
	+if test "${TEMPDIR}x" != "x" ; then
	+ rm -rf "${TEMPDIR}"
	+fi
	+exit 0
	diff --git a/srcpkgs/openjdk/template b/srcpkgs/openjdk/template
	index b0a4550..56e49bc 100644
	--- a/srcpkgs/openjdk/template
	+++ b/srcpkgs/openjdk/template
	@@ -12,7 +12,7 @@ _openjdk_version="openjdk-1.8.0_${_jdk_update}"
	# Template file for 'openjdk'
	pkgname=openjdk
	version=${_java_ver}u${_jdk_update}
	-revision=1
	+revision=2
	nocross=yes
	wrksrc=jdk8u-jdk8u${_jdk_update}-b${_jdk_build}/
	build_style=gnu-configure
	@@ -26,7 +26,7 @@ configure_args="
	$(vopt_if oracle_bootstrap --with-boot-jdk=/usr/lib/jvm/oracle-jdk \
	--with-boot-jdk=/usr/lib/jvm/openjdk)"
	make_build_args="DEBUG_BINARIES=true docs all"
	-hostmakedepends="pkg-config cpio unzip zip"
	+hostmakedepends="pkg-config cpio unzip zip ca-certificates libressl-openssl"
	case "$XBPS_MACHINE" in
	arm*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk-arm openjdk)";;
	*) hostmakedepends+=" $(vopt_if oracle_bootstrap oracle-jdk openjdk)";;
	@@ -86,6 +86,13 @@ post_extract() {

	post_install() {
	rm -rf ${DESTDIR}/usr/lib/bin
	+ vinstall ${FILESDIR}/mkcacerts 755 usr/lib/jvm/$_openjdk_version/jre/bin
	+ vmkdir usr/lib/jvm/$_openjdk_version/jre/lib/security
	+ sh ${FILESDIR}/mkcacerts \
	+ -d "/usr/share/ca-certificates/" \
	+ -s "/usr/bin/openssl" \
	+ -k "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/bin/keytool" \
	+ -o "${DESTDIR}/usr/lib/jvm/$_openjdk_version/jre/lib/security/cacerts"
	vlicense ASSEMBLY_EXCEPTION
	vlicense LICENSE
	vlicense THIRD_PARTY_README