--------------------------------------------------------------------
-Fri May 4 11:55:14 UTC 2012 - lnussel@suse.de
-
-- give hint about SSL_CTX_set_default_verify_paths in cert bundle
-
--------------------------------------------------------------------
-Mon Oct 24 11:57:53 UTC 2011 - coolo@suse.com
-
-- require coreutils for %post script
-
--------------------------------------------------------------------
-Mon Jun 20 12:49:52 UTC 2011 - lnussel@suse.de
-
-- fix spurious rpm warning if no java exists (bnc#634793)
-- move java.run to java-ca-certificates
-
--------------------------------------------------------------------
-Mon Sep 27 14:58:03 UTC 2010 - lnussel@suse.de
-
-- catch FileNotFoundException (bnc#623365)
-
--------------------------------------------------------------------
-Fri May 21 12:46:55 UTC 2010 - mvyskocil@suse.cz
-
-* Use the gcc-java and fastjar for build to avoid dependency problems
-* build keystore.class only to allow noarch package
-
--------------------------------------------------------------------
-Wed May 19 09:57:41 UTC 2010 - lnussel@suse.de
-
-- create java bundles
-
--------------------------------------------------------------------
-Tue Apr 27 14:17:24 UTC 2010 - lnussel@suse.de
-
-- also use hooks from /usr/lib/ca-certificates/update.d
-- replace bundle file with symlink to file in /var as it's auto
- generated
-
--------------------------------------------------------------------
-Wed Apr 21 13:20:07 UTC 2010 - lnussel@suse.de
-
-- force rebuilding all certificate stores in %post
- This also makes sure we update the hash links in /etc/ssl/certs
- as openssl changed the hash format between 0.9.8 and 1.0
-
--------------------------------------------------------------------
-Thu Apr 8 13:16:43 UTC 2010 - lnussel@suse.de
-
-- actually install certbundle.run (bnc#594501)
-
--------------------------------------------------------------------
-Thu Apr 8 09:15:28 UTC 2010 - lnussel@suse.de
-
-- it's ca-bundle.pem rather than cert.pem
-
--------------------------------------------------------------------
-Thu Apr 8 07:51:25 UTC 2010 - lnussel@suse.de
-
-- obsolete openssl-certs (bnc#594434)
-- update manpage (bnc#594501)
-
--------------------------------------------------------------------
-Thu Apr 1 13:00:37 UTC 2010 - lnussel@suse.de
-
-- include /etc/ca-certificates.conf as %ghost
-
--------------------------------------------------------------------
-Fri Mar 26 15:26:01 UTC 2010 - lnussel@suse.de
-
-- generate ca-bundle with hook script
-- don't use trusted certificates in ca-bundle file for compatibility
- with gnutls
-
--------------------------------------------------------------------
-Wed Mar 24 10:31:47 UTC 2010 - lnussel@suse.de
-
-- new package
+* Sun Apr 14 2013 Anas Nashif <anas.nashif@intel.com> accepted/trunk/20130325.212152@f8cd682
+- add packaging
-%bcond_with java
-
BuildRequires: openssl
-%if %{with java}
-BuildRequires: gcc-java
-BuildRequires: fastjar
-%endif
-
Name: ca-certificates
%define ssletcdir %{_sysconfdir}/ssl
%define etccadir %{ssletcdir}/certs
License: GPL-2.0+
Group: Productivity/Networking/Security
Version: 1
-Release: 12
+Release: 0
Summary: Utilities for system wide CA certificate installation
Source0: update-ca-certificates
Source1: update-ca-certificates.8
Source2: GPL-2.0.txt
Source3: certbundle.run
-Source4: keystore.java
-Source5: java.run
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
Url: http://gitorious.org/opensuse/ca-certificates
-#
Requires: openssl
-# needed for %post
-Requires: coreutils
+Requires(post): /usr/bin/rm
+Requires(post): openssl-misc
Recommends: ca-certificates-mozilla
-# we need to obsolete openssl-certs to make sure it's files are
-# gone when a package providing actual certificates gets
-# installed (bnc#594434).
-Obsoletes: openssl-certs < 0.9.9
BuildArch: noarch
-%if %{with java}
-
-%package -n java-ca-certificates
-License: GPL-2.0+
-Group: Productivity/Networking/Security
-Summary: Utilities CA certificate import to gcj
-Requires(post): ca-certificates
-Supplements: packageand(gcj-compat:ca-certificates)
-Supplements: packageand(java-1_6_0-openjdk:ca-certificates)
-Supplements: packageand(java-1_6_0-sun:ca-certificates)
-%endif
%description
Utilities for system wide CA certificate installation
-%if %{with java}
-
-%description -n java-ca-certificates
-Utilities for CA certificate installation for gcj and openjdk Java
-%endif
-
%prep
%setup -qcT
install -m 755 %{SOURCE0} .
install -m 644 %{SOURCE2} COPYING
%build
-%if %{with java}
-gcj -C %SOURCE4 -d .
-# emulate -e option of jar for fastjar
-cat <<EOF > MANIFEST.MF
-Manifest-Version: 1.0
-Created-By: 0.98
-Main-Class: keystore
-EOF
-fastjar cfm keystore.jar MANIFEST.MF keystore*.class
-%endif
%install
mkdir -p %{buildroot}/%{etccadir}
install -D -m 644 /dev/null %{buildroot}/%{cabundle}
install -m 644 /dev/null %{buildroot}/etc/ca-certificates.conf
install -m 755 %{SOURCE3} %{buildroot}%{_prefix}/lib/ca-certificates/update.d
-%if %{with java}
-install -m 755 %{SOURCE5} %{buildroot}%{_prefix}/lib/ca-certificates/update.d
-%endif
ln -s %{cabundle} %{buildroot}%{ssletcdir}/ca-bundle.pem
install -m 755 update-ca-certificates %{buildroot}/%{_sbindir}
install -m 644 update-ca-certificates.8 %{buildroot}/%{_mandir}/man8
install -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/ca-bundle.pem
-%if %{with java}
-mkdir -p %{buildroot}%{_prefix}/lib/ca-certificates/java
-install -m 644 keystore.jar %{buildroot}%{_prefix}/lib/ca-certificates/java
-install -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/java-cacerts
-install -m 644 /dev/null %{buildroot}/var/lib/ca-certificates/gcj-cacerts
-%endif
%post
# this is just needed for those updating Factory,
# as openssl changed the hash format between 0.9.8 and 1.0
update-ca-certificates -f || true
-%if %{with java}
-
-%post -n java-ca-certificates
-update-ca-certificates || true
-%endif
-
-%clean
-rm -rf %{buildroot}
%files
%defattr(-, root, root)
%dir %{usrcadir}
%dir %{etccadir}
-%doc COPYING
+%license COPYING
%ghost %config(noreplace) /etc/ca-certificates.conf
%{ssletcdir}/ca-bundle.pem
%ghost %{cabundle}
%{_mandir}/man8/update-ca-certificates.8*
%ghost /var/lib/ca-certificates/ca-bundle.pem
-%if %{with java}
-
-%files -n java-ca-certificates
-%defattr(-, root, root)
-%dir %{_prefix}/lib/ca-certificates/java
-%{_prefix}/lib/ca-certificates/update.d/java.run
-%{_prefix}/lib/ca-certificates/java/keystore.jar
-%ghost /var/lib/ca-certificates/java-cacerts
-%ghost /var/lib/ca-certificates/gcj-cacerts
-%endif
%changelog
+++ /dev/null
-#!/bin/bash
-
-unset ${!LC_*} ${!RC_LC_*} LANGUAGE RC_LANG
-export LANG=en_US
-
-set -e
-
-libexecdir="/usr/lib/ca-certificates/java/"
-cafile="/var/lib/ca-certificates/java-cacerts"
-cafile_gcj="/var/lib/ca-certificates/gcj-cacerts"
-cadir="/etc/ssl/certs"
-
-tmppem="$cafile.tmp"
-
-cleanup()
-{
- rm -rf "$tmppem"
-}
-trap cleanup EXIT
-
-for i in "$@"; do
- if [ "$i" = "-f" ]; then
- fresh=1
- elif [ "$i" = "-v" ]; then
- verbose=1
- fi
-done
-
-umask 0022
-
-if [ -z "$JAVA_HOME" -a -r /etc/profile.d/alljava.sh ]; then
- . /etc/profile.d/alljava.sh
-fi
-
-if [ -n "$JAVA_HOME" ]; then
- java="$JAVA_HOME/bin/java"
-else
- java=`type -P java`
- if [ -n "$java" -a -L "$java" ]; then
- java=`readlink -f "$java"`
- if [ "${java//gij}" != "$java" ]; then
- java=
- fi
- fi
-fi
-
-if [ ! -e "$libexecdir"/keystore.jar ]; then
- # nothing to do
- exit 0
-fi
-
-mustrun=
-if [ -n "$fresh" ]; then
- mustrun=1
-fi
-if [ -e "$libexecdir"/keystore.jar -a "$cadir" -nt "$cafile" ]; then
- mustrun=1
-fi
-
-[ -n "$mustrun" ] || exit 0
-
-mkdir -p ${cafile%/*}
-mkdir -p "$tmppem"
-for i in "$cadir"/*.pem; do
- # only include certificates trusted for server auth
- if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then
- trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
- case "$trust" in
- *serverAuth*) ;;
- *) [ -z "$verbose" ] || echo "skipping $i" >&2; continue ;;
- esac
- openssl x509 -in "$i" -out "$tmppem/${i##*/}"
- else
- ln -s "$i" "$tmppem"
- fi
-done
-
-if [ -n "$java" -a -x "$java" ]; then
- echo "creating $cafile ..."
- $java -jar $libexecdir/keystore.jar -keystore "$cafile" -cadir "$cadir" "$@"
-fi
-if [ -x "/usr/bin/gij" ]; then
- echo "creating $cafile_gcj ..."
- /usr/bin/gij -jar $libexecdir/keystore.jar -keystore "$cafile_gcj" -cadir "$cadir" "$@"
-fi
-
-# vim: syntax=sh
+++ /dev/null
-/*
- * Import system SSL certificates to java keystore
- * Copyright (C) 2010 SUSE LINUX Products GmbH
- *
- * Author: Ludwig Nussel
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License
- * version 2 as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
- *
- */
-
-import java.security.KeyStore;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.BufferedInputStream;
-import java.io.FilenameFilter;
-import java.util.HashSet;
-import java.util.Enumeration;
-import java.util.Iterator;
-
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-
-public class keystore
-{
- static HashSet<String> blacklist;
-
- public static void usage() {
- System.err.println("Usage: java keystore -keystore <keystore_file> -cadir <directory> [-storepass <password>|-f|-v]");
- System.err.println("");
- System.err.println(" -keystore <keystore_file>\tname of final keystore (required)");
- System.err.println(" -cadir <directory>\t\tdirectory contains certificates (required)");
- System.err.println(" -storepass <password>\tthe password");
- System.err.println(" -f\t\t\t\tfresh existing keystore");
- System.err.println(" -v\t\t\t\tbe verbose");
- System.err.println(" -h/--help\t\t\tshow this help");
- }
-
- public static void main(String[] args)
- throws java.security.KeyStoreException,
- java.security.NoSuchAlgorithmException,
- java.security.cert.CertificateException,
- java.io.IOException
- {
- char[] password = null;
- String ksfilename = null;
- String cadirname = null;
- boolean verbose = false;
- boolean fresh = false;
-
- if (args.length == 0) {
- usage();
- System.exit(1);
- }
-
-
- if (!System.getProperty("java.vendor").equals("Free Software Foundation, Inc.")) {
- password = "changeit".toCharArray();
- }
-
- for (int i = 0; i < args.length; ++i) {
- if (args[i].equals("-keystore")) {
- ksfilename = args[++i];
- } else if (args[i].equals("-cadir")) {
- cadirname = args[++i];
- } else if (args[i].equals("-storepass")) {
- password = args[++i].toCharArray();
- } else if (args[i].equals("-v")) {
- verbose = true;
- } else if (args[i].equals("-f")) {
- fresh = true;
- } else if (args[i].equals("-h") || args[i].equals("--help")) {
- usage();
- System.exit(1);
- } else {
- System.err.println("invalid argument: " + args[i]);
- System.err.println("type -h/--help for help");
- System.exit(1);
- }
- }
-
- if (ksfilename == null) {
- System.err.println("must specify -keystore");
- return;
- }
-
- if (cadirname == null) {
- System.err.println("must specify -cadir");
- return;
- }
-
- File cadir = new File(cadirname);
- if (!cadir.isDirectory()) {
- System.err.println("cadir is not a directory");
- return;
- }
-
- blacklist = new HashSet<String>();
- // XXX: make a file
-// blacklist.add("foo");
-
- String certs[] = cadir.list(new FilenameFilter(){
- public boolean accept(File dir, String name)
- {
- if (!name.endsWith(".pem")) {
- return false;
- }
- if (blacklist.contains(name)) {
- return false;
- }
- return true;
- }
- });
-
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
-
- FileInputStream storein = null;
- try {
- File f = new File(ksfilename);
- if (!fresh && f.exists()) {
- storein = new FileInputStream(ksfilename);
- }
- ks.load(storein, password);
- } finally {
- if (storein != null) {
- storein.close();
- }
- }
-
- HashSet<String> known = new HashSet<String>();
- for (Enumeration<String> a = ks.aliases(); a.hasMoreElements();) {
- known.add(a.nextElement());
- }
-
- CertificateFactory cf = CertificateFactory.getInstance("X509");
- int added = 0;
- int removed = 0;
-
- for (int i = 0; i < certs.length; ++i) {
- BufferedInputStream f;
- try {
- f = new BufferedInputStream(new FileInputStream(cadirname+"/"+certs[i]));
- } catch (java.io.FileNotFoundException ex) {
- System.err.println("skipping " + certs[i] + ": file not found");
- continue;
- }
- String marker = "-----BEGIN CERTIFICATE-----";
- boolean found = false;
-
- f.mark(80);
- String line;
- String alias = null;
- // we need to parse and skip the "header"
- while((line = readline(f)) != null) {
- if (line.equals(marker)) {
- f.reset();
- found = true;
- break;
- } else if (line.startsWith("# alias=")) {
- // FIXME: somehow UTF-8 encoding must be enforced here
- alias = line.substring(8);
- }
- f.mark(80);
- }
- if (found) {
- if (alias == null) {
- alias = certs[i].substring(0, certs[i].length()-4); // without .pem
- }
- alias = alias.toLowerCase();
- try {
- X509Certificate cert = (X509Certificate)cf.generateCertificate(f);
- if (known.contains(alias)) {
- if (verbose)
- System.out.println("already known: " + alias);
- known.remove(alias);
- } else {
- if (verbose)
- System.out.println("adding " + alias);
- ks.setCertificateEntry(alias, cert);
- ++added;
- }
- } catch (java.security.cert.CertificateException ex) {
- System.err.println("imporing " + certs[i] + " failed: " + ex.getCause());
- }
- } else {
- System.out.println("skipping file with unrecognized format: " + certs[i]);
- }
- }
-
- if (!known.isEmpty()) {
- for (Iterator<String> it = known.iterator(); it.hasNext();) {
- String alias = it.next();
- if (verbose)
- System.out.println("removing " + alias);
- ks.deleteEntry(alias);
- ++removed;
- }
- }
-
- if (added != 0 || removed != 0) {
- FileOutputStream storeout = new FileOutputStream(ksfilename);
- ks.store(storeout, password);
- storeout.close();
- }
-
- System.out.println(added + " added, " + removed + " removed.");
- }
-
- public static String readline(BufferedInputStream in)
- throws java.io.IOException
- {
- StringBuffer buf = new StringBuffer(80);
- int c = in.read();
- while(c != -1 && c != '\n' && c != '\r') {
- buf.append((char)c);
- c = in.read();
- }
- if (c == '\r') {
- in.mark(1);
- c = in.read();
- if (c != '\n')
- in.reset();
- }
- if (buf.length() == 0)
- return null;
-
- return buf.toString();
- }
-}