[yocto] [meta-java][PATCH 3/3] openjdk-8: use ca-certificates-java
André Draszik
git at andred.net
Fri Mar 30 01:40:19 PDT 2018
From: André Draszik <andre.draszik at jci.com>
The OpenJDK-8 package currently comes with a trustStore
that was generated at OpenJDK-8-native build time from
*all* certificates available in the system, not just from
those that are marked as trusted.
This isn't right...
openjdk-8 and openjre-8 now RDEPENDS on (and use) the CA
certificates as provided by the ca-certificates-java
package just added.
This makes sure that Java now uses the same trusted CA
certificates as the rest of the system.
Signed-off-by: André Draszik <andre.draszik at jci.com>
---
recipes-core/openjdk/openjdk-8-common.inc | 2 ++
recipes-core/openjdk/openjdk-8-cross.inc | 12 +++++++++++-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/recipes-core/openjdk/openjdk-8-common.inc b/recipes-core/openjdk/openjdk-8-common.inc
index b2020c3..c8d157e 100644
--- a/recipes-core/openjdk/openjdk-8-common.inc
+++ b/recipes-core/openjdk/openjdk-8-common.inc
@@ -254,3 +254,5 @@ def version_specific_cflags(d):
CFLAGS_append = " ${@version_specific_cflags(d)}"
CXXFLAGS_append = " ${@version_specific_cflags(d)}"
CXX_append = " -std=gnu++98"
+
+RDEPENDS_${PN} = "ca-certificates-java"
diff --git a/recipes-core/openjdk/openjdk-8-cross.inc b/recipes-core/openjdk/openjdk-8-cross.inc
index d70c946..6795c92 100644
--- a/recipes-core/openjdk/openjdk-8-cross.inc
+++ b/recipes-core/openjdk/openjdk-8-cross.inc
@@ -57,7 +57,6 @@ EXTRA_OECONF_append = "\
--with-sys-root=${STAGING_DIR_HOST} \
--with-tools-dir=${STAGING_DIR_NATIVE} \
--with-boot-jdk=${STAGING_LIBDIR_NATIVE}/jvm/openjdk-8-native \
- --with-cacerts-file=${STAGING_LIBDIR_NATIVE}/jvm/openjdk-8-native/jre/lib/security/cacerts \
\
--disable-precompiled-headers \
--disable-zip-debug-info \
@@ -88,6 +87,17 @@ do_install_append() {
pack200 --repack --effort=9 --segment-limit=-1 --modification-time=latest --strip-debug "$0"'
fi
fi
+
+ if [ -d ${D}${JDK_HOME} ] ; then
+ rm ${D}${JDK_HOME}/jre/lib/security/cacerts
+ ln -s ${@os.path.relpath("${sysconfdir}/ssl/certs/java/cacerts", "${JDK_HOME}/jre/lib/security/cacerts")} \
+ ${D}${JDK_HOME}/jre/lib/security/cacerts
+ fi
+ if [ -d ${D}${JRE_HOME} ] ; then
+ rm ${D}${JRE_HOME}/lib/security/cacerts
+ ln -s ${@os.path.relpath("${sysconfdir}/ssl/certs/java/cacerts", "${JRE_HOME}/lib/security/cacerts")} \
+ ${D}${JRE_HOME}/lib/security/cacerts
+ fi
}
export MAKE_VERBOSE = "y"
--
2.16.2
More information about the yocto
mailing list