openjdk: use trust (p11-kit tool) to generate the Java certificate store

1 files changed, 4 insertions, 16 deletions

diff --git a/openjdk/build/openjdk.SlackBuild b/openjdk/build/openjdk.SlackBuild
index aae5f2b0..daaddd2e 100755
--- a/openjdk/build/openjdk.SlackBuild
+++ b/openjdk/build/openjdk.SlackBuild
@@ -221,22 +221,10 @@ fi
 
 # Generate a cacerts file from the certificates installed through our
 # ca-certificates package - the "cacerts" in the OpenJDK sources is empty.
-# This will only work if we already have a proper JDK/JRE installed:
-if which keytool 1>/dev/null 2>&1 ; then
-  mkdir certgen
-  ( cd certgen
-    cp $CWD/scripts/generate-cacerts.pl .
-    for cert in /usr/share/ca-certificates/*/*.crt; do
-      openssl x509 -text -in "${cert}" >> all.crt
-    done
-    perl generate-cacerts.pl keytool all.crt
-    install -p -m0644 cacerts $PKG1/usr/lib${LIBDIRSUFFIX}/java/jre/lib/security
-    install -p -m0644 cacerts $PKG2/usr/lib${LIBDIRSUFFIX}/java/jre/lib/security
-  )
-else
-  echo "** Not installing a proper cacerts file !"
-  echo "** Missing keytool program (do you really have a Java installed?)"
-fi
+# This requires 'trust' program from p11-kit:
+rm -f $PKG/usr/lib${LIBDIRSUFFIX}/java/lib/security/cacerts 
+trust extract --format=java-cacerts --filter=ca-anchors --purpose=server-auth \
+  $PKG/usr/lib${LIBDIRSUFFIX}/java/lib/security/cacerts
 
 # Symlinks are present in Slackware historically:
 ( cd $PKG1/usr/lib${LIBDIRSUFFIX}