From: Matthias Klose <doko@ubuntu.com>
To: GCJ-patches <java-patches@gcc.gnu.org>
Subject: Re: [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script
Date: Sun, 26 Apr 2009 13:21:00 -0000 [thread overview]
Message-ID: <49F45FC6.9040606@ubuntu.com> (raw)
In-Reply-To: <49F2D6C4.80509@ubuntu.com>
[-- Attachment #1: Type: text/plain, Size: 676 bytes --]
Matthias Klose schrieb:
> This patch updates contrib/ to java-gcj-compat 1.0.80, improving diagnostics,
> and adds the generate-cacerts.pl script (which everybody includes for packaging
> anyway). Changes to generate-cacerts.pl compared to java-gcj-compat are:
>
> - Allow passing a file name as parameter
> - Use the name of the installed keytool
> - Change the copyright header to the one found in the other contrib files.
> This has to be approved by the former copyright holder.
>
> Attached is the patch, and the diff for generate-cacerts.pl. Ok for the trunk
> (and then for the branch)?
made the warning more verbose, suggested by Andrew Haley
Matthias
[-- Attachment #2: aot.diff --]
[-- Type: text/plain, Size: 5685 bytes --]
2009-04-26 Matthias Klose <doko@ubuntu.com>
* contrib/aot-compile.in: Print diagnostics for malformed or invalid
class files.
* contrib/generate-cacerts.pl.in: New.
* configure.ac (AC_CONFIG_FILES): Add generate-cacerts.pl.
Index: configure.ac
===================================================================
--- configure.ac (revision 146797)
+++ configure.ac (working copy)
@@ -1923,6 +1923,7 @@
contrib/aotcompile.py
contrib/aot-compile
contrib/aot-compile-rpm
+contrib/generate-cacerts.pl
contrib/rebuild-gcj-db
])
Index: contrib/aotcompile.py.in
===================================================================
--- contrib/aotcompile.py.in (revision 146797)
+++ contrib/aotcompile.py.in (working copy)
@@ -177,11 +177,14 @@
def __init__(self, path):
self.path, self.classes, self.blocks = path, {}, None
+ self.classnames = {}
- def addClass(self, bytes):
+ def addClass(self, bytes, name):
"""Subclasses call this from their __init__ method for
every class they find."""
- self.classes[md5.new(bytes).digest()] = bytes
+ digest = md5.new(bytes).digest()
+ self.classes[digest] = bytes
+ self.classnames[digest] = name
def __makeBlocks(self):
"""Split self.classes into chunks that can be compiled to
@@ -200,7 +203,12 @@
if the job is subsetted."""
names = {}
for hash, bytes in self.classes.items():
- name = classname(bytes)
+ try:
+ name = classname(bytes)
+ except:
+ warn("job %s: class %s malformed or not a valid class file" \
+ % (self.path, self.classnames[hash]))
+ raise
if not names.has_key(name):
names[name] = []
names[name].append(hash)
@@ -302,7 +310,7 @@
if bytes.startswith(ZIPMAGIC):
self._walk(zipfile.ZipFile(StringIO.StringIO(bytes)))
elif bytes.startswith(CLASSMAGIC):
- self.addClass(bytes)
+ self.addClass(bytes, name)
class DirJob(Job):
"""A Job whose origin was a directory of classfiles."""
@@ -319,7 +327,7 @@
fp = open(path, "r")
magic = fp.read(4)
if magic == CLASSMAGIC:
- self.addClass(magic + fp.read())
+ self.addClass(magic + fp.read(), name)
def weed_jobs(jobs):
"""Remove any jarfiles that are completely contained within
Index: contrib/generate-cacerts.pl.in
===================================================================
--- contrib/generate-cacerts.pl.in (revision 0)
+++ contrib/generate-cacerts.pl.in (revision 0)
@@ -0,0 +1,106 @@
+#!/usr/bin/perl
+
+# Copyright (C) 2007, 2009 Free Software Foundation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# generate-cacerts.pl generates a gkeytool keystore named 'cacerts'
+# from OpenSSL's certificate bundle.
+
+# First extract each of OpenSSL's bundled certificates into its own
+# aliased filename.
+chomp($file=@ARGV[0]);
+$file = "/etc/pki/tls/cert.pem" unless $file ne "";
+open(CERTS, $file);
+@certs = <CERTS>;
+close(CERTS);
+
+$pem_file_number = 0;
+$writing_cert = 0;
+foreach $cert (@certs)
+{
+ if ($cert eq "-----BEGIN CERTIFICATE-----\n")
+ {
+ if ($writing_cert != 0)
+ {
+ die "$file is malformed.";
+ }
+ $pem_file_number++;
+ # Numbering each file guarantees that cert aliases will be
+ # unique.
+ $pem_file_name = "$pem_file_number$cert_alias.pem";
+ $writing_cert = 1;
+ open(PEM, ">$pem_file_name");
+ print PEM $cert;
+ }
+ elsif ($cert eq "-----END CERTIFICATE-----\n")
+ {
+ $writing_cert = 0;
+ print PEM $cert;
+ close(PEM);
+ }
+ elsif ($cert =~ /Issuer: /)
+ {
+ # Generate an alias using the OU and CN attributes of the
+ # Issuer field if both are present, otherwise use only the CN
+ # attribute. The Issuer field must have either the OU or the
+ # CN attribute.
+ $_ = $cert;
+ if ($cert =~ /OU=/)
+ {
+ s/Issuer:.*?OU=//;
+ # Remove other occurrences of OU=.
+ s/OU=.*CN=//;
+ # Remove CN= if there were not other occurrences of OU=.
+ s/CN=//;
+ }
+ elsif ($cert =~ /CN=/)
+ {
+ s/Issuer:.*CN=//;
+ }
+ s/\W//g;
+ tr/A-Z/a-z/;
+ $cert_alias = $_
+ }
+ else
+ {
+ if ($writing_cert == 1)
+ {
+ print PEM $cert;
+ }
+ }
+}
+
+# Check that the correct number of .pem files were produced.
+@pem_files = <*.pem>;
+if (@pem_files != $pem_file_number)
+{
+ die "Number of .pem files produced does not match".
+ " number of certs read from $file.";
+}
+
+# Now store each cert in the 'cacerts' file using gkeytool.
+$certs_written_count = 0;
+foreach $pem_file (@pem_files)
+{
+ system "yes | gkeytool@gcc_suffix@ -import -alias `basename $pem_file .pem`".
+ " -keystore cacerts -storepass '' -file $pem_file".
+ " 2>&1 >/dev/null";
+ unlink($pem_file);
+ $certs_written_count++;
+}
+
+# Check that the correct number of certs were added to the keystore.
+if ($certs_written_count != $pem_file_number)
+{
+ die "Number of certs added to keystore does not match".
+ " number of certs read from $file.";
+}
next prev parent reply other threads:[~2009-04-26 13:21 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-25 9:24 Matthias Klose
2009-04-26 13:21 ` Matthias Klose [this message]
2009-04-26 13:56 ` Andrew Haley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=49F45FC6.9040606@ubuntu.com \
--to=doko@ubuntu.com \
--cc=java-patches@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).