mirror of
https://github.com/archlinuxarm/PKGBUILDs.git
synced 2024-11-18 22:54:00 +00:00
74 lines
2 KiB
Bash
Executable file
74 lines
2 KiB
Bash
Executable file
#!/bin/bash
|
|
for jvm in /usr/lib/jvm/java-1.6.0-openjdk /opt/java/jre; do
|
|
if [ -x $jvm/bin/keytool ]; then
|
|
break
|
|
fi
|
|
done
|
|
if [ ! -x $jvm/bin/keytool ]; then
|
|
echo "No supported JRE installed"
|
|
exit 1
|
|
fi
|
|
export JAVA_HOME=$jvm
|
|
PATH=$JAVA_HOME/bin:$PATH
|
|
|
|
KEYSTORE=/etc/ssl/certs/java/cacerts
|
|
storepass='changeit'
|
|
if [ -f /etc/default/cacerts ]; then
|
|
. /etc/default/cacerts
|
|
fi
|
|
|
|
echo "creating $KEYSTORE..."
|
|
cp /usr/share/ca-certificates-java/cacerts $KEYSTORE
|
|
cacertdir=/usr/share/ca-certificates
|
|
pregenerated=$(mktemp)
|
|
LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
|
|
| awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
|
|
| sort > $pregenerated
|
|
|
|
grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
|
|
errors=0
|
|
log=$(mktemp)
|
|
while read line; do
|
|
pem=${line#!*}
|
|
alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
|
|
alias=${alias%*_}
|
|
case "$line" in
|
|
!*)
|
|
if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
|
|
-storepass "$storepass" -alias "$alias" > /dev/null
|
|
then
|
|
echo " removed untrusted certificate $pem"
|
|
fi
|
|
;;
|
|
|
|
*)
|
|
if [ ! -f "$cacertdir/$pem" ]; then
|
|
echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
|
|
echo >&2 "warning: but $cacertdir/$pem does not exist."
|
|
continue
|
|
fi
|
|
if ! grep -q "^${alias}$" $pregenerated; then
|
|
if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
|
|
-noprompt -storepass "$storepass" \
|
|
-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
|
|
then
|
|
echo " added certificate $pem $alias"
|
|
elif grep -q 'Signature not available' $log; then
|
|
echo " ignored import, signature not available: ${line#+*}"
|
|
cat $log
|
|
else
|
|
echo >&2 " error adding ${line#+*}"
|
|
errors=$(expr $errors + 1)
|
|
fi
|
|
fi
|
|
esac
|
|
done
|
|
rm -f $log
|
|
|
|
rm -f $pregenerated
|
|
if [ $errors -gt 0 ]; then
|
|
echo >&2 "failed."
|
|
exit 1
|
|
fi
|
|
echo "done."
|
|
)
|