Hi Emmanuel, Good point! I'm attaching a new patch adding a switch to enable or disable this feature. The default is disabled, so the script will work as before unless explicitly stated.
Please, tell me if I need to do something else to get this merged. Cheers! Francesc On 28 January 2015 at 00:07, Emmanuel Bourg <ebo...@apache.org> wrote: > Hi Francesc, > > Thank you for the patch, this is an interesting suggestion. I wonder if > we should really go that far with the system integration of the > generated package though. I can imagine that someone may want to install > a stock Oracle JRE with no Debian interferences. So maybe this > integration could be enabled optionally with a > --with-system-certificates parameter on the command line. > > Emmanuel Bourg >
From de83ea689caf8bc072155d3da57ed06f78127a40 Mon Sep 17 00:00:00 2001 From: Francesc Zacarias <franc...@spotify.com> Date: Tue, 27 Jan 2015 17:07:43 +0100 Subject: [PATCH] Add option to integrate with the system's keystore --- lib/javase.sh | 10 +++++++++- lib/jdk.sh | 3 +++ lib/jre.sh | 5 ++++- make-jpkg | 17 ++++++++++------- make-jpkg.1 | 5 +++++ 5 files changed, 31 insertions(+), 9 deletions(-) diff --git a/lib/javase.sh b/lib/javase.sh index 3e539b3..9bfd3ec 100644 --- a/lib/javase.sh +++ b/lib/javase.sh @@ -126,8 +126,16 @@ if [ "\$1" = configure ]; then update-alternatives --install "\$link_path/\$link_name" "\$plugin_name" "\$plugin" $j2se_priority fi } - EOF + if [ "$create_cert_softlinks" == "true" ];then + cat >> "$debian_dir/postinst" << EOF + for subdir in lib/security jre/lib/security;do + if [ -f $jvm_base$j2se_name/\$subdir/cacerts ]; then + ln -sf /etc/ssl/certs/java/cacerts $jvm_base$j2se_name/\$subdir/cacerts + fi + done +EOF + fi eval "$j2se_install" >> "$debian_dir/postinst" cat >> "$debian_dir/postinst" << EOF diff --git a/lib/jdk.sh b/lib/jdk.sh index 1c75876..46dec6f 100644 --- a/lib/jdk.sh +++ b/lib/jdk.sh @@ -13,6 +13,9 @@ j2sdk_control() { # No browser on ARM yet java_browser_plugin="" fi + if [ "$create_cert_softlinks" == "true" ]; then + depends="$depends, ca-certificates-java" + fi for i in `seq 5 ${j2se_release}`; do provides_runtime="${provides_runtime} java${i}-runtime," diff --git a/lib/jre.sh b/lib/jre.sh index 93aed8b..7b339d8 100644 --- a/lib/jre.sh +++ b/lib/jre.sh @@ -1,6 +1,9 @@ j2re_control() { j2se_control + if [ "$create_cert_softlinks" == "true" ]; then + depends="ca-certificates-java" + fi for i in `seq 5 ${j2se_release}`; do provides_runtime="${provides_runtime} java${i}-runtime," @@ -9,7 +12,7 @@ j2re_control() { cat << EOF Package: $j2se_package Architecture: any -Depends: \${misc:Depends}, \${shlibs:Depends} +Depends: \${misc:Depends}, \${shlibs:Depends}, $depends Recommends: netbase Provides: java-virtual-machine, java-runtime, java2-runtime, $provides_runtime java-runtime-headless, java2-runtime-headless, $provides_headless java-browser-plugin Description: $j2se_title diff --git a/make-jpkg b/make-jpkg index a90c26e..6e53003 100755 --- a/make-jpkg +++ b/make-jpkg @@ -79,14 +79,15 @@ Supported java binary distributions currently include: The following options are recognized: - --full-name NAME full name used in the maintainer field of the package - --email EMAIL email address used in the maintainer field of the package - --changes create a .changes file - --revision add debian revision - --source build a source package instead of a binary deb package + --full-name NAME full name used in the maintainer field of the package + --email EMAIL email address used in the maintainer field of the package + --changes create a .changes file + --revision add debian revision + --source build a source package instead of a binary deb package + --with-system-certs integrate with the system's keystore - --help display this help and exit - --version output version information and exit + --help display this help and exit + --version output version information and exit EOF } @@ -131,6 +132,8 @@ while [[ $# -gt 0 && "x$1" == x--* ]]; do genchanges="true" elif [[ "x$1" == x--source ]]; then build_source="true" + elif [[ "x$1" == x--with-system-certs ]]; then + create_cert_softlinks="true" else unrecognized_option "$1" fi diff --git a/make-jpkg.1 b/make-jpkg.1 index bceec92..ba1d000 100644 --- a/make-jpkg.1 +++ b/make-jpkg.1 @@ -52,6 +52,11 @@ add debian revision .B --source build a source package instead of a binary deb package .TP +.B --with-system-certs +Replace the JVMs keystore with a softlink to the system's keystore, +(/etc/ssl/certs/java/cacerts) which is managed automatically by the +ca-certificates and ca-certificates-java packages. +.TP .B --help display help text and exit .TP -- 2.1.4