[yocto] [meta-java][PATCH 3/3] openjdk-8: use ca-certificates-java

Fri, 30 Mar 2018 01:44:36 -0700 

From: André Draszik <andre.dras...@jci.com>

The OpenJDK-8 package currently comes with a trustStore
that was generated at OpenJDK-8-native build time from
*all* certificates available in the system, not just from
those that are marked as trusted.

This isn't right...

openjdk-8 and openjre-8 now RDEPENDS on (and use) the CA
certificates as provided by the ca-certificates-java
package just added.

This makes sure that Java now uses the same trusted CA
certificates as the rest of the system.

Signed-off-by: André Draszik <andre.dras...@jci.com>
---
 recipes-core/openjdk/openjdk-8-common.inc |  2 ++
 recipes-core/openjdk/openjdk-8-cross.inc  | 12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/recipes-core/openjdk/openjdk-8-common.inc 
b/recipes-core/openjdk/openjdk-8-common.inc
index b2020c3..c8d157e 100644
--- a/recipes-core/openjdk/openjdk-8-common.inc
+++ b/recipes-core/openjdk/openjdk-8-common.inc
@@ -254,3 +254,5 @@ def version_specific_cflags(d):
 CFLAGS_append = " ${@version_specific_cflags(d)}"
 CXXFLAGS_append = " ${@version_specific_cflags(d)}"
 CXX_append = " -std=gnu++98"
+
+RDEPENDS_${PN} = "ca-certificates-java"
diff --git a/recipes-core/openjdk/openjdk-8-cross.inc 
b/recipes-core/openjdk/openjdk-8-cross.inc
index d70c946..6795c92 100644
--- a/recipes-core/openjdk/openjdk-8-cross.inc
+++ b/recipes-core/openjdk/openjdk-8-cross.inc
@@ -57,7 +57,6 @@ EXTRA_OECONF_append = "\
     --with-sys-root=${STAGING_DIR_HOST} \
     --with-tools-dir=${STAGING_DIR_NATIVE} \
     --with-boot-jdk=${STAGING_LIBDIR_NATIVE}/jvm/openjdk-8-native \
-    
--with-cacerts-file=${STAGING_LIBDIR_NATIVE}/jvm/openjdk-8-native/jre/lib/security/cacerts
 \
     \
     --disable-precompiled-headers \
     --disable-zip-debug-info \
@@ -88,6 +87,17 @@ do_install_append() {
               pack200 --repack --effort=9 --segment-limit=-1 
--modification-time=latest --strip-debug "$0"'
       fi
     fi
+
+    if [ -d ${D}${JDK_HOME} ] ; then
+      rm ${D}${JDK_HOME}/jre/lib/security/cacerts
+      ln -s ${@os.path.relpath("${sysconfdir}/ssl/certs/java/cacerts", 
"${JDK_HOME}/jre/lib/security/cacerts")} \
+            ${D}${JDK_HOME}/jre/lib/security/cacerts
+    fi
+    if [ -d ${D}${JRE_HOME} ] ; then
+      rm ${D}${JRE_HOME}/lib/security/cacerts
+      ln -s ${@os.path.relpath("${sysconfdir}/ssl/certs/java/cacerts", 
"${JRE_HOME}/lib/security/cacerts")} \
+            ${D}${JRE_HOME}/lib/security/cacerts
+    fi
 }
 
 export MAKE_VERBOSE = "y"
-- 
2.16.2

-- 
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto

Reply via email to