[Bug 596177] New: generate java cacerts at runtime
http://bugzilla.novell.com/show_bug.cgi?id=596177 http://bugzilla.novell.com/show_bug.cgi?id=596177#c0 Summary: generate java cacerts at runtime Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Java AssignedTo: bnc-team-java@forge.provo.novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de CC: mvyskocil@novell.com Found By: --- Blocker: --- It's now possible to generate bundle files for CA certificates at run time. See man update-ca-certificates. Java currently generates it's file at build time, therefore it's not easy for administrators to add custom certificates. A script that calls keytool on each pem file is way too slow so some java code could could be used to speed this up. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c1
--- Comment #1 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c2
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c3
--- Comment #3 from Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c4
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c5
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c6
--- Comment #6 from Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c7
--- Comment #7 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c8
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c9
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c10
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c11
--- Comment #11 from Michal Vyskocil
It's ok except for the openssl-certs provides. That's intentionally provided by ca-certificates-mozilla instead as ca-certificates itself doesn't contain any certificates.
OK
Also, that ls -1 stuff looks weird. What about hardcoding /usr/bin/{java,gij} instead?
Yes, it looks. Well, for /usr/bin/java we will need to check if it is not a gcj. So the diff against your current version looks like: --- ../../java.run 2010-05-19 12:03:53.000000000 +0200 +++ java.run 2010-05-21 11:18:38.864872316 +0200 @@ -38,7 +38,11 @@ java=`which java` fi -if [ ! -e "$libexecdir"/keystore.jar -a ! -x "$libexecdir"/keystore ]; then +if [[ $(readlink -f "${java}") =~ gij ]]; then + java="" +fi + +if [ ! -e "$libexecdir"/keystore.jar ]; then # nothing to do exit 0 fi @@ -50,9 +54,6 @@ if [ -e "$libexecdir"/keystore.jar -a "$cadir" -nt "$cafile" ]; then mustrun=1 fi -if [ -e "$libexecdir"/keystore -a "$cadir" -nt "$cafile_gcj" ]; then - mustrun=1 -fi [ -n "$mustrun" ] || exit 0 @@ -76,9 +77,9 @@ echo "creating $cafile ..." $java -jar $libexecdir/keystore.jar -keystore "$cafile" -cadir "$cadir" "$@" fi -if [ -x "$libexecdir"/keystore ]; then +if [ -x "/usr/bin/gij" ]; then echo "creating $cafile_gcj ..." - $libexecdir/keystore -keystore "$cafile_gcj" -cadir "$cadir" "$@" + /usr/bin/gij -jar $libexecdir/keystore.jar -keystore "$cafile_gcj" -cadir "$cadir" "$@" fi # vim: syntax=sh We normally try to fill $java, but then I'll test if it is not a gij, if so, variable is removed. Then gcj part is triggered by existence of executable /usr/bin/gij -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c12
--- Comment #12 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c13
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c14
Michal Vyskocil
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c15
Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=596177
https://bugzilla.novell.com/show_bug.cgi?id=596177#c16
Michal Vyskocil
https://bugzilla.novell.com/show_bug.cgi?id=596177
https://bugzilla.novell.com/show_bug.cgi?id=596177#c17
--- Comment #17 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=596177
https://bugzilla.novell.com/show_bug.cgi?id=596177#c18
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=596177
http://bugzilla.novell.com/show_bug.cgi?id=596177#c19
--- Comment #19 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com