86 lines
1.6 KiB
Bash
86 lines
1.6 KiB
Bash
#!/bin/bash
|
|
|
|
unset ${!LC_*} ${!RC_LC_*} LANGUAGE RC_LANG
|
|
export LANG=en_US
|
|
|
|
set -e
|
|
|
|
libexecdir="/usr/lib/ca-certificates/java/"
|
|
cafile="/var/lib/ca-certificates/java-cacerts"
|
|
cafile_gcj="/var/lib/ca-certificates/gcj-cacerts"
|
|
cadir="/etc/ssl/certs"
|
|
|
|
tmppem="$cafile.tmp"
|
|
|
|
cleanup()
|
|
{
|
|
rm -rf "$tmppem"
|
|
}
|
|
trap cleanup EXIT
|
|
|
|
for i in "$@"; do
|
|
if [ "$i" = "-f" ]; then
|
|
fresh=1
|
|
elif [ "$i" = "-v" ]; then
|
|
verbose=1
|
|
fi
|
|
done
|
|
|
|
umask 0022
|
|
|
|
if [ -z "$JAVA_HOME" -a -r /etc/profile.d/alljava.sh ]; then
|
|
. /etc/profile.d/alljava.sh
|
|
fi
|
|
|
|
if [ -n "$JAVA_HOME" ]; then
|
|
java="$JAVA_HOME/bin/java"
|
|
else
|
|
java=`which java`
|
|
fi
|
|
|
|
if [[ $(readlink -f "${java}") =~ gij ]]; then
|
|
java=""
|
|
fi
|
|
|
|
if [ ! -e "$libexecdir"/keystore.jar ]; then
|
|
# nothing to do
|
|
exit 0
|
|
fi
|
|
|
|
mustrun=
|
|
if [ -n "$fresh" ]; then
|
|
mustrun=1
|
|
fi
|
|
if [ -e "$libexecdir"/keystore.jar -a "$cadir" -nt "$cafile" ]; then
|
|
mustrun=1
|
|
fi
|
|
|
|
[ -n "$mustrun" ] || exit 0
|
|
|
|
mkdir -p ${cafile%/*}
|
|
mkdir -p "$tmppem"
|
|
for i in "$cadir"/*.pem; do
|
|
# only include certificates trusted for server auth
|
|
if grep -q "BEGIN TRUSTED CERTIFICATE" "$i"; then
|
|
trust=`sed -n '/^# openssl-trust=/{s/^.*=//;p;q;}' "$i"`
|
|
case "$trust" in
|
|
*serverAuth*) ;;
|
|
*) [ -z "$verbose" ] || echo "skipping $i" >&2; continue ;;
|
|
esac
|
|
openssl x509 -in "$i" -out "$tmppem/${i##*/}"
|
|
else
|
|
ln -s "$i" "$tmppem"
|
|
fi
|
|
done
|
|
|
|
if [ -x "$java" ]; then
|
|
echo "creating $cafile ..."
|
|
$java -jar $libexecdir/keystore.jar -keystore "$cafile" -cadir "$cadir" "$@"
|
|
fi
|
|
if [ -x "/usr/bin/gij" ]; then
|
|
echo "creating $cafile_gcj ..."
|
|
/usr/bin/gij -jar $libexecdir/keystore.jar -keystore "$cafile_gcj" -cadir "$cadir" "$@"
|
|
fi
|
|
|
|
# vim: syntax=sh
|