# HG changeset patch # User Andrew John Hughes # Date 1459471033 -3600 # Node ID 0637ff9bfd77ccc86e11240db85706120d521bf8 # Parent b1d858e368bbb69fddeab23e848b803db0b6e8e6 PR2541: Allow the user to specify the cacerts file to use 2016-03-31 Andrew John Hughes PR2541: Allow the user to specify the cacerts file to use * Makefile.am: (uninstall-local): Delete the cacerts file. 2015-07-16 Andrew John Hughes PR2541: Allow the user to specify the cacerts file to use * INSTALL: Document --with-cacerts-file. * Makefile.am: (JDK_CACERTS_FILE): Replace hardcoded value with @ALT_CACERTS_FILE@. (install-data-local): Install the cacerts file. * NEWS: Updated. * acinclude.m4: (IT_WITH_CACERTS_FILE): Allow a cacerts file to be specified, defaulting to ${SYSTEM_JDK_DIR}/jre/lib/security/cacerts * configure.ac: Invoke IT_WITH_CACERTS_FILE. diff -r b1d858e368bb -r 0637ff9bfd77 ChangeLog --- a/ChangeLog Fri Apr 01 00:54:40 2016 +0100 +++ b/ChangeLog Fri Apr 01 01:37:13 2016 +0100 @@ -1,3 +1,27 @@ +2016-03-31 Andrew John Hughes + + PR2541: Allow the user to specify the cacerts file + to use + * Makefile.am: + (uninstall-local): Delete the cacerts file. + +2015-07-16 Andrew John Hughes + + PR2541: Allow the user to specify the cacerts file + to use + * INSTALL: Document --with-cacerts-file. + * Makefile.am: + (JDK_CACERTS_FILE): Replace hardcoded value with + @ALT_CACERTS_FILE@. + (install-data-local): Install the cacerts file. + * NEWS: Updated. + * acinclude.m4: + (IT_WITH_CACERTS_FILE): Allow a cacerts file to + be specified, defaulting to + ${SYSTEM_JDK_DIR}/jre/lib/security/cacerts + * configure.ac: + Invoke IT_WITH_CACERTS_FILE. + 2015-07-13 Andrew John Hughes PR2523: Add executable stack markings diff -r b1d858e368bb -r 0637ff9bfd77 INSTALL --- a/INSTALL Fri Apr 01 00:54:40 2016 +0100 +++ b/INSTALL Fri Apr 01 01:37:13 2016 +0100 @@ -169,6 +169,8 @@ * --with-abs-install-dir: The final install location of the j2sdk-image, for use in the SystemTap tapset. * --with-llvm-config: Specify the location of the llvm-config binary. * --with-version-suffix: Appends the given text to the JDK version output. +* --with-cacerts-file: Specify the location of a cacerts file, defaulting to + ${SYSTEM_JDK_DIR}/jre/lib/security/cacerts Other options may be supplied which enable or disable new features. These are documented fully in the relevant section below. diff -r b1d858e368bb -r 0637ff9bfd77 Makefile.am --- a/Makefile.am Fri Apr 01 00:54:40 2016 +0100 +++ b/Makefile.am Fri Apr 01 01:37:13 2016 +0100 @@ -88,7 +88,7 @@ VERSION_SETTINGS_FILE_BACKUP = $$(basename $(VERSION_SETTINGS_FILE)).bak -JDK_CACERTS_FILE = $(SYSTEM_JDK_DIR)/jre/lib/security/cacerts +JDK_CACERTS_FILE = @ALT_CACERTS_FILE@ CACERTS_FILE = \ `if [ -h $(JDK_CACERTS_FILE) ] ; then $(READLINK) -e $(JDK_CACERTS_FILE) ; else echo $(JDK_CACERTS_FILE); fi` @@ -2659,6 +2659,8 @@ for files in $(BUILD_SDK_DIR)/jre/lib/management/*.template; do \ $(INSTALL_DATA) $${files} $(DESTDIR)${prefix}/jre/lib/management; \ done + $(INSTALL_DATA) $(BUILD_SDK_DIR)/jre/lib/security/cacerts \ + $(DESTDIR)${prefix}/jre/lib/security $(INSTALL_DATA) $(BUILD_SDK_DIR)/jre/lib/security/java.policy \ $(DESTDIR)${prefix}/jre/lib/security $(INSTALL_DATA) $(BUILD_SDK_DIR)/jre/lib/security/java.security \ @@ -2789,6 +2791,7 @@ for files in $(BUILD_SDK_DIR)/jre/lib/management/*.template; do \ rm -vf $(DESTDIR)${prefix}/jre/lib/management/$$(basename $${files}); \ done + rm -vf $(DESTDIR)${prefix}/jre/lib/security/cacerts rm -vf $(DESTDIR)${prefix}/jre/lib/security/java.policy rm -vf $(DESTDIR)${prefix}/jre/lib/security/java.security rm -vf $(DESTDIR)${prefix}/jre/lib/security/nss.cfg diff -r b1d858e368bb -r 0637ff9bfd77 NEWS --- a/NEWS Fri Apr 01 00:54:40 2016 +0100 +++ b/NEWS Fri Apr 01 01:37:13 2016 +0100 @@ -127,6 +127,7 @@ - PR2456: Installation path for hotspot_gc.stp is wrong, due to changed j2sdk-image location - PR2459: Policy JAR files should be timestamped with the date of the policy file they hold - PR2511: Reset success following calls in LayoutManager.cpp + - PR2541: Allow the user to specify the cacerts file to use - PR2631: jvm.cfg missing for ppc64le - PR2633: s390 builds still fail as BUILD_NUM_BITS is never set - PR2675: Update ppc64le autotools infrastructure following PR2237 diff -r b1d858e368bb -r 0637ff9bfd77 acinclude.m4 --- a/acinclude.m4 Fri Apr 01 00:54:40 2016 +0100 +++ b/acinclude.m4 Fri Apr 01 01:37:13 2016 +0100 @@ -2263,6 +2263,38 @@ AC_SUBST(ENABLE_HOTSPOT_CHECKSUM) ]) +AC_DEFUN_ONCE([IT_WITH_CACERTS_FILE], +[ + CACERTS_DEFAULT=${SYSTEM_JDK_DIR}/jre/lib/security/cacerts + AC_MSG_CHECKING([whether to copy a certificate authority certificates (cacerts) file]) + AC_ARG_WITH([cacerts-file], + [AS_HELP_STRING([--with-cacerts-file[[=PATH]]],specify the location of the cacerts file)], + [ + ALT_CACERTS_FILE=${withval} + ], + [ + ALT_CACERTS_FILE="yes" + ]) + AC_MSG_RESULT(${ALT_CACERTS_FILE}) + if test "x${ALT_CACERTS_FILE}" != "xno"; then + if test "x${ALT_CACERTS_FILE}" = "xyes"; then + AC_MSG_NOTICE([No cacerts file specified; using ${CACERTS_DEFAULT}]) + ALT_CACERTS_FILE=${CACERTS_DEFAULT} ; + fi + AC_MSG_CHECKING([if $ALT_CACERTS_FILE is a valid keystore file]) + if test -f "${ALT_CACERTS_FILE}" && \ + ${FILE} ${ALT_CACERTS_FILE} | ${GREP} 'Java KeyStore' >&AS_MESSAGE_LOG_FD 2>&1; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + AC_MSG_WARN([No valid cacerts file found; one won't be passed to the OpenJDK build]) + ALT_CACERTS_FILE="no" + fi + fi + AM_CONDITIONAL(USE_ALT_CACERTS_FILE, test "x${ALT_CACERTS_FILE}" != "xno") + AC_SUBST(ALT_CACERTS_FILE) +]) + AC_DEFUN_ONCE([IT_ENABLE_NASHORN_CHECKSUM], [ AC_REQUIRE([IT_WITH_NASHORN_SRC_ZIP]) diff -r b1d858e368bb -r 0637ff9bfd77 configure.ac --- a/configure.ac Fri Apr 01 00:54:40 2016 +0100 +++ b/configure.ac Fri Apr 01 01:37:13 2016 +0100 @@ -129,6 +129,7 @@ IT_WITH_VERSION_SUFFIX IT_ENABLE_HG +IT_WITH_CACERTS_FILE IT_WITH_PAX AC_CONFIG_FILES([pax-mark-vm], [chmod +x pax-mark-vm])