diff options
author | Eric Hameleers <alien@slackware.com> | 2022-11-28 22:37:07 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2022-11-28 22:37:07 +0000 |
commit | 8109196b5e5db791f43314632a242b2a9e2ddf63 (patch) | |
tree | 0f9c12d1d9c2616ea235c521da3fb5c3f992ccbe /openjdk | |
parent | bf95cc5daac9320f4ed176964d70b2002094898e (diff) | |
download | asb-8109196b5e5db791f43314632a242b2a9e2ddf63.tar.gz asb-8109196b5e5db791f43314632a242b2a9e2ddf63.tar.xz |
openjdk: use trust (p11-kit tool) to generate the Java certificate store
Diffstat (limited to 'openjdk')
-rwxr-xr-x | openjdk/build/openjdk.SlackBuild | 20 |
1 files changed, 4 insertions, 16 deletions
diff --git a/openjdk/build/openjdk.SlackBuild b/openjdk/build/openjdk.SlackBuild index aae5f2b0..daaddd2e 100755 --- a/openjdk/build/openjdk.SlackBuild +++ b/openjdk/build/openjdk.SlackBuild @@ -221,22 +221,10 @@ fi # Generate a cacerts file from the certificates installed through our # ca-certificates package - the "cacerts" in the OpenJDK sources is empty. -# This will only work if we already have a proper JDK/JRE installed: -if which keytool 1>/dev/null 2>&1 ; then - mkdir certgen - ( cd certgen - cp $CWD/scripts/generate-cacerts.pl . - for cert in /usr/share/ca-certificates/*/*.crt; do - openssl x509 -text -in "${cert}" >> all.crt - done - perl generate-cacerts.pl keytool all.crt - install -p -m0644 cacerts $PKG1/usr/lib${LIBDIRSUFFIX}/java/jre/lib/security - install -p -m0644 cacerts $PKG2/usr/lib${LIBDIRSUFFIX}/java/jre/lib/security - ) -else - echo "** Not installing a proper cacerts file !" - echo "** Missing keytool program (do you really have a Java installed?)" -fi +# This requires 'trust' program from p11-kit: +rm -f $PKG/usr/lib${LIBDIRSUFFIX}/java/lib/security/cacerts +trust extract --format=java-cacerts --filter=ca-anchors --purpose=server-auth \ + $PKG/usr/lib${LIBDIRSUFFIX}/java/lib/security/cacerts # Symlinks are present in Slackware historically: ( cd $PKG1/usr/lib${LIBDIRSUFFIX} |