From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 23594 invoked by alias); 26 Apr 2009 13:21:36 -0000 Received: (qmail 23583 invoked by uid 22791); 26 Apr 2009 13:21:34 -0000 X-SWARE-Spam-Status: No, hits=-1.1 required=5.0 tests=AWL,BAYES_00,J_CHICKENPOX_43,J_CHICKENPOX_44,J_CHICKENPOX_46,J_CHICKENPOX_47,J_CHICKENPOX_84,J_CHICKENPOX_92,RCVD_IN_DNSWL_LOW X-Spam-Check-By: sourceware.org Received: from adelie.canonical.com (HELO adelie.canonical.com) (91.189.90.139) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Sun, 26 Apr 2009 13:21:28 +0000 Received: from hutte.canonical.com ([91.189.90.181]) by adelie.canonical.com with esmtp (Exim 4.69 #1 (Debian)) id 1Ly4IP-0007zj-7g for ; Sun, 26 Apr 2009 14:21:25 +0100 Received: from dslb-088-073-105-247.pools.arcor-ip.net ([88.73.105.247] helo=[192.168.42.17]) by hutte.canonical.com with esmtpsa (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.69) (envelope-from ) id 1Ly4IO-0005T5-Vn for java-patches@gcc.gnu.org; Sun, 26 Apr 2009 14:21:25 +0100 Message-ID: <49F45FC6.9040606@ubuntu.com> Date: Sun, 26 Apr 2009 13:21:00 -0000 From: Matthias Klose User-Agent: Thunderbird 2.0.0.21 (X11/20090409) MIME-Version: 1.0 To: GCJ-patches Subject: Re: [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script References: <49F2D6C4.80509@ubuntu.com> In-Reply-To: <49F2D6C4.80509@ubuntu.com> Content-Type: multipart/mixed; boundary="------------030202090805010600010409" X-IsSubscribed: yes Mailing-List: contact java-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: java-patches-owner@gcc.gnu.org X-SW-Source: 2009-q2/txt/msg00046.txt.bz2 This is a multi-part message in MIME format. --------------030202090805010600010409 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Content-length: 676 Matthias Klose schrieb: > This patch updates contrib/ to java-gcj-compat 1.0.80, improving diagnostics, > and adds the generate-cacerts.pl script (which everybody includes for packaging > anyway). Changes to generate-cacerts.pl compared to java-gcj-compat are: > > - Allow passing a file name as parameter > - Use the name of the installed keytool > - Change the copyright header to the one found in the other contrib files. > This has to be approved by the former copyright holder. > > Attached is the patch, and the diff for generate-cacerts.pl. Ok for the trunk > (and then for the branch)? made the warning more verbose, suggested by Andrew Haley Matthias --------------030202090805010600010409 Content-Type: text/plain; name="aot.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="aot.diff" Content-length: 5685 2009-04-26 Matthias Klose * contrib/aot-compile.in: Print diagnostics for malformed or invalid class files. * contrib/generate-cacerts.pl.in: New. * configure.ac (AC_CONFIG_FILES): Add generate-cacerts.pl. Index: configure.ac =================================================================== --- configure.ac (revision 146797) +++ configure.ac (working copy) @@ -1923,6 +1923,7 @@ contrib/aotcompile.py contrib/aot-compile contrib/aot-compile-rpm +contrib/generate-cacerts.pl contrib/rebuild-gcj-db ]) Index: contrib/aotcompile.py.in =================================================================== --- contrib/aotcompile.py.in (revision 146797) +++ contrib/aotcompile.py.in (working copy) @@ -177,11 +177,14 @@ def __init__(self, path): self.path, self.classes, self.blocks = path, {}, None + self.classnames = {} - def addClass(self, bytes): + def addClass(self, bytes, name): """Subclasses call this from their __init__ method for every class they find.""" - self.classes[md5.new(bytes).digest()] = bytes + digest = md5.new(bytes).digest() + self.classes[digest] = bytes + self.classnames[digest] = name def __makeBlocks(self): """Split self.classes into chunks that can be compiled to @@ -200,7 +203,12 @@ if the job is subsetted.""" names = {} for hash, bytes in self.classes.items(): - name = classname(bytes) + try: + name = classname(bytes) + except: + warn("job %s: class %s malformed or not a valid class file" \ + % (self.path, self.classnames[hash])) + raise if not names.has_key(name): names[name] = [] names[name].append(hash) @@ -302,7 +310,7 @@ if bytes.startswith(ZIPMAGIC): self._walk(zipfile.ZipFile(StringIO.StringIO(bytes))) elif bytes.startswith(CLASSMAGIC): - self.addClass(bytes) + self.addClass(bytes, name) class DirJob(Job): """A Job whose origin was a directory of classfiles.""" @@ -319,7 +327,7 @@ fp = open(path, "r") magic = fp.read(4) if magic == CLASSMAGIC: - self.addClass(magic + fp.read()) + self.addClass(magic + fp.read(), name) def weed_jobs(jobs): """Remove any jarfiles that are completely contained within Index: contrib/generate-cacerts.pl.in =================================================================== --- contrib/generate-cacerts.pl.in (revision 0) +++ contrib/generate-cacerts.pl.in (revision 0) @@ -0,0 +1,106 @@ +#!/usr/bin/perl + +# Copyright (C) 2007, 2009 Free Software Foundation +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# generate-cacerts.pl generates a gkeytool keystore named 'cacerts' +# from OpenSSL's certificate bundle. + +# First extract each of OpenSSL's bundled certificates into its own +# aliased filename. +chomp($file=@ARGV[0]); +$file = "/etc/pki/tls/cert.pem" unless $file ne ""; +open(CERTS, $file); +@certs = ; +close(CERTS); + +$pem_file_number = 0; +$writing_cert = 0; +foreach $cert (@certs) +{ + if ($cert eq "-----BEGIN CERTIFICATE-----\n") + { + if ($writing_cert != 0) + { + die "$file is malformed."; + } + $pem_file_number++; + # Numbering each file guarantees that cert aliases will be + # unique. + $pem_file_name = "$pem_file_number$cert_alias.pem"; + $writing_cert = 1; + open(PEM, ">$pem_file_name"); + print PEM $cert; + } + elsif ($cert eq "-----END CERTIFICATE-----\n") + { + $writing_cert = 0; + print PEM $cert; + close(PEM); + } + elsif ($cert =~ /Issuer: /) + { + # Generate an alias using the OU and CN attributes of the + # Issuer field if both are present, otherwise use only the CN + # attribute. The Issuer field must have either the OU or the + # CN attribute. + $_ = $cert; + if ($cert =~ /OU=/) + { + s/Issuer:.*?OU=//; + # Remove other occurrences of OU=. + s/OU=.*CN=//; + # Remove CN= if there were not other occurrences of OU=. + s/CN=//; + } + elsif ($cert =~ /CN=/) + { + s/Issuer:.*CN=//; + } + s/\W//g; + tr/A-Z/a-z/; + $cert_alias = $_ + } + else + { + if ($writing_cert == 1) + { + print PEM $cert; + } + } +} + +# Check that the correct number of .pem files were produced. +@pem_files = <*.pem>; +if (@pem_files != $pem_file_number) +{ + die "Number of .pem files produced does not match". + " number of certs read from $file."; +} + +# Now store each cert in the 'cacerts' file using gkeytool. +$certs_written_count = 0; +foreach $pem_file (@pem_files) +{ + system "yes | gkeytool@gcc_suffix@ -import -alias `basename $pem_file .pem`". + " -keystore cacerts -storepass '' -file $pem_file". + " 2>&1 >/dev/null"; + unlink($pem_file); + $certs_written_count++; +} + +# Check that the correct number of certs were added to the keystore. +if ($certs_written_count != $pem_file_number) +{ + die "Number of certs added to keystore does not match". + " number of certs read from $file."; +} --------------030202090805010600010409--