Hi Emmanuel,

Good point! I'm attaching a new patch adding a switch to enable or
disable this feature. The default is disabled, so the script will work
as before unless explicitly stated.

Please, tell me if I need to do something else to get this merged.

Cheers!
Francesc

On 28 January 2015 at 00:07, Emmanuel Bourg <ebo...@apache.org> wrote:
> Hi Francesc,
>
> Thank you for the patch, this is an interesting suggestion. I wonder if
> we should really go that far with the system integration of the
> generated package though. I can imagine that someone may want to install
> a stock Oracle JRE with no Debian interferences. So maybe this
> integration could be enabled optionally with a
> --with-system-certificates parameter on the command line.
>
> Emmanuel Bourg
>
From de83ea689caf8bc072155d3da57ed06f78127a40 Mon Sep 17 00:00:00 2001
From: Francesc Zacarias <franc...@spotify.com>
Date: Tue, 27 Jan 2015 17:07:43 +0100
Subject: [PATCH] Add option to integrate with the system's keystore

---
 lib/javase.sh | 10 +++++++++-
 lib/jdk.sh    |  3 +++
 lib/jre.sh    |  5 ++++-
 make-jpkg     | 17 ++++++++++-------
 make-jpkg.1   |  5 +++++
 5 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/lib/javase.sh b/lib/javase.sh
index 3e539b3..9bfd3ec 100644
--- a/lib/javase.sh
+++ b/lib/javase.sh
@@ -126,8 +126,16 @@ if [ "\$1" = configure ]; then
           update-alternatives --install "\$link_path/\$link_name" "\$plugin_name" "\$plugin" $j2se_priority
         fi
     }
-
 EOF
+    if [ "$create_cert_softlinks" == "true" ];then
+        cat >> "$debian_dir/postinst" << EOF
+    for subdir in lib/security jre/lib/security;do
+        if [ -f $jvm_base$j2se_name/\$subdir/cacerts ]; then
+            ln -sf /etc/ssl/certs/java/cacerts $jvm_base$j2se_name/\$subdir/cacerts
+        fi
+    done
+EOF
+    fi
     eval "$j2se_install" >> "$debian_dir/postinst"
 
     cat >> "$debian_dir/postinst" << EOF
diff --git a/lib/jdk.sh b/lib/jdk.sh
index 1c75876..46dec6f 100644
--- a/lib/jdk.sh
+++ b/lib/jdk.sh
@@ -13,6 +13,9 @@ j2sdk_control() {
         # No browser on ARM yet
         java_browser_plugin=""
     fi
+    if [ "$create_cert_softlinks" == "true" ]; then
+        depends="$depends, ca-certificates-java"
+    fi
     for i in `seq 5 ${j2se_release}`;
     do
         provides_runtime="${provides_runtime} java${i}-runtime,"
diff --git a/lib/jre.sh b/lib/jre.sh
index 93aed8b..7b339d8 100644
--- a/lib/jre.sh
+++ b/lib/jre.sh
@@ -1,6 +1,9 @@
 
 j2re_control() {
     j2se_control
+    if [ "$create_cert_softlinks" == "true" ]; then
+        depends="ca-certificates-java"
+    fi
     for i in `seq 5 ${j2se_release}`;
     do
         provides_runtime="${provides_runtime} java${i}-runtime,"
@@ -9,7 +12,7 @@ j2re_control() {
     cat << EOF
 Package: $j2se_package
 Architecture: any
-Depends: \${misc:Depends}, \${shlibs:Depends}
+Depends: \${misc:Depends}, \${shlibs:Depends}, $depends
 Recommends: netbase
 Provides: java-virtual-machine, java-runtime, java2-runtime, $provides_runtime java-runtime-headless, java2-runtime-headless, $provides_headless java-browser-plugin
 Description: $j2se_title
diff --git a/make-jpkg b/make-jpkg
index a90c26e..6e53003 100755
--- a/make-jpkg
+++ b/make-jpkg
@@ -79,14 +79,15 @@ Supported java binary distributions currently include:
 
 The following options are recognized:
 
-  --full-name NAME   full name used in the maintainer field of the package
-  --email EMAIL      email address used in the maintainer field of the package
-  --changes          create a .changes file
-  --revision         add debian revision
-  --source           build a source package instead of a binary deb package
+  --full-name NAME     full name used in the maintainer field of the package
+  --email EMAIL        email address used in the maintainer field of the package
+  --changes            create a .changes file
+  --revision           add debian revision
+  --source             build a source package instead of a binary deb package
+  --with-system-certs  integrate with the system's keystore
 
-  --help             display this help and exit
-  --version          output version information and exit
+  --help               display this help and exit
+  --version            output version information and exit
 
 EOF
 }
@@ -131,6 +132,8 @@ while [[ $# -gt 0 && "x$1" == x--* ]]; do
     genchanges="true"
     elif [[ "x$1" == x--source ]]; then
     build_source="true"
+    elif [[ "x$1" == x--with-system-certs ]]; then
+    create_cert_softlinks="true"
     else
     unrecognized_option "$1"
     fi
diff --git a/make-jpkg.1 b/make-jpkg.1
index bceec92..ba1d000 100644
--- a/make-jpkg.1
+++ b/make-jpkg.1
@@ -52,6 +52,11 @@ add debian revision
 .B --source
 build a source package instead of a binary deb package
 .TP
+.B --with-system-certs
+Replace the JVMs keystore with a softlink to the system's keystore,
+(/etc/ssl/certs/java/cacerts) which is managed automatically by the
+ca-certificates and ca-certificates-java packages.
+.TP
 .B --help
 display help text and exit
 .TP
-- 
2.1.4

Reply via email to