Cacerts generation in IcedTea6 - please review changes in build scripts
Dr Andrew John Hughes
ahughes at redhat.com
Tue Aug 10 03:13:58 PDT 2010
On 11 May 2010 17:08, Pavel Tisnovsky <ptisnovs at redhat.com> wrote:
> Hi,
>
> I changed IcedTea6 build scripts namely configure.ac and Makefile.am to
> generate proper (i.e. not empty) cacerts file for J2SDK and also JRE images.
> Cacerts generation could be enabled by configuration flag
> --enable-openssh-cacerts. Cacerts generator (i.e. the script named
> "generate-cacerts.sh") is written in Bash and uses keytool from compiled
> J2SDK so this also does basic check whether J2SDK is built correctly.
>
> Can you please check whether it is possible to push the changes to the
> IcedTea repository?
>
> TODO:
> - allow specification of directory containing OpenSSH certificates (new
> configuration flag)
> - allow certificates downloading during build (from Mozilla project - is it
> possible?)
>
> Cheers
> Pavel
>
> --- configure.ac 2010-05-11 17:51:45.000000000 +0200
> +++ /jck/2/configure.ac 2010-05-11 15:57:48.000000000 +0200
> @@ -159,6 +159,14 @@
> AC_MSG_RESULT([disabled by default (edit java.security to enable)])
> fi
>
> +AC_MSG_CHECKING([whether to generate cacerts file using OpenSSH
> certificates])
> +AC_ARG_ENABLE([openssh-cacerts],
> + [AS_HELP_STRING([--enable-openssh-cacerts],
> + [Enable cacerts generation using OpenSSH
> certificates])],
> + [enable_openssh_cacerts="${enableval}"],
> [enable-openssh-cacerts="no"])
> +AM_CONDITIONAL(GENERATE_CACERTS, test "x${enable_openssh_cacerts}" =
> "xyes")
> +AC_MSG_RESULT(${enable_openssh_cacerts})
> +
> IT_GET_PKGVERSION
> IT_GET_LSB_DATA
>
>
> --- Makefile.am 2010-05-11 17:51:45.000000000 +0200
> +++ /jck/2/Makefile.am 2010-05-11 17:39:31.000000000 +0200
> @@ -1314,6 +1314,14 @@
> cp $(abs_top_builddir)/tz.properties \
> $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib;
> endif
> +if GENERATE_CACERTS
> + rm -rf pems
> + rm -f $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
> + rm -f $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts
> + mkdir -p pems
> + sh scripts/generate-cacerts.sh
> $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/keytool /etc/pki/tls/certs/ca-bundle.crt
> pems $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
> + cp $(BUILD_OUTPUT_DIR)/j2re-image/lib/security/cacerts
> $(BUILD_OUTPUT_DIR)/j2sdk-image/jre/lib/security/cacerts
> +endif
> @echo "IcedTea is served:" $(BUILD_OUTPUT_DIR)
> mkdir -p stamps
> touch stamps/icedtea.stamp
> @@ -1404,6 +1412,14 @@
> cp $(abs_top_builddir)/tz.properties \
> $(BUILD_OUTPUT_DIR)-debug/j2sdk-image/jre/lib;
> endif
> +if GENERATE_CACERTS
> + rm -rf pems
> + rm -f $(BUILD_OUTPUT_DIR)-debug/j2re-image/lib/security/cacerts
> + rm -f $(BUILD_OUTPUT_DIR)-debug/j2sdk-image/jre/lib/security/cacerts
> + mkdir -p pems
> + sh scripts/generate-cacerts.sh
> $(BUILD_OUTPUT_DIR)-debug/j2sdk-image/bin/keytool
> /etc/pki/tls/certs/ca-bundle.crt pems
> $(BUILD_OUTPUT_DIR)-debug/j2re-image/lib/security/cacerts
> + cp $(BUILD_OUTPUT_DIR)-debug/j2re-image/lib/security/cacerts
> $(BUILD_OUTPUT_DIR)-debug/j2sdk-image/jre/lib/security/cacerts
> +endif
> @echo "IcedTea (debug build) is served:" \
> $(BUILD_OUTPUT_DIR)-debug
> mkdir -p stamps
>
>
Has there been any further progress on this?
--
Andrew :-)
Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)
Support Free Java!
Contribute to GNU Classpath and the OpenJDK
http://www.gnu.org/software/classpath
http://openjdk.java.net
PGP Key: 94EFD9D8 (http://subkeys.pgp.net)
Fingerprint: F8EF F1EA 401E 2E60 15FA 7927 142C 2591 94EF D9D8
More information about the distro-pkg-dev
mailing list