* [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script
@ 2009-04-25 9:24 Matthias Klose
2009-04-26 13:21 ` Matthias Klose
0 siblings, 1 reply; 3+ messages in thread
From: Matthias Klose @ 2009-04-25 9:24 UTC (permalink / raw)
To: GCJ-patches
[-- Attachment #1: Type: text/plain, Size: 573 bytes --]
This patch updates contrib/ to java-gcj-compat 1.0.80, improving diagnostics,
and adds the generate-cacerts.pl script (which everybody includes for packaging
anyway). Changes to generate-cacerts.pl compared to java-gcj-compat are:
- Allow passing a file name as parameter
- Use the name of the installed keytool
- Change the copyright header to the one found in the other contrib files.
This has to be approved by the former copyright holder.
Attached is the patch, and the diff for generate-cacerts.pl. Ok for the trunk
(and then for the branch)?
Matthias
[-- Attachment #2: aot.diff --]
[-- Type: text/plain, Size: 5599 bytes --]
2009-04-25 Matthias Klose <doko@ubuntu.com>
* contrib/aot-compile.in: Print diagnostics for dodgy classes.
* contrib/generate-cacerts.pl.in: New.
* configure.ac (AC_CONFIG_FILES): Add generate-cacerts.pl.
Index: configure.ac
===================================================================
--- configure.ac (revision 146759)
+++ configure.ac (working copy)
@@ -1923,6 +1923,7 @@
contrib/aotcompile.py
contrib/aot-compile
contrib/aot-compile-rpm
+contrib/generate-cacerts.pl
contrib/rebuild-gcj-db
])
Index: contrib/aotcompile.py.in
===================================================================
--- contrib/aotcompile.py.in (revision 146758)
+++ contrib/aotcompile.py.in (working copy)
@@ -177,11 +177,14 @@
def __init__(self, path):
self.path, self.classes, self.blocks = path, {}, None
+ self.classnames = {}
- def addClass(self, bytes):
+ def addClass(self, bytes, name):
"""Subclasses call this from their __init__ method for
every class they find."""
- self.classes[md5.new(bytes).digest()] = bytes
+ digest = md5.new(bytes).digest()
+ self.classes[digest] = bytes
+ self.classnames[digest] = name
def __makeBlocks(self):
"""Split self.classes into chunks that can be compiled to
@@ -200,7 +203,11 @@
if the job is subsetted."""
names = {}
for hash, bytes in self.classes.items():
- name = classname(bytes)
+ try:
+ name = classname(bytes)
+ except:
+ warn("job %s: %s" % (self.path, self.classnames[hash]))
+ raise
if not names.has_key(name):
names[name] = []
names[name].append(hash)
@@ -302,7 +309,7 @@
if bytes.startswith(ZIPMAGIC):
self._walk(zipfile.ZipFile(StringIO.StringIO(bytes)))
elif bytes.startswith(CLASSMAGIC):
- self.addClass(bytes)
+ self.addClass(bytes, name)
class DirJob(Job):
"""A Job whose origin was a directory of classfiles."""
@@ -319,7 +326,7 @@
fp = open(path, "r")
magic = fp.read(4)
if magic == CLASSMAGIC:
- self.addClass(magic + fp.read())
+ self.addClass(magic + fp.read(), name)
def weed_jobs(jobs):
"""Remove any jarfiles that are completely contained within
Index: contrib/generate-cacerts.pl.in
===================================================================
--- contrib/generate-cacerts.pl.in (revision 0)
+++ contrib/generate-cacerts.pl.in (revision 0)
@@ -0,0 +1,106 @@
+#!/usr/bin/perl
+
+# Copyright (C) 2007, 2009 Free Software Foundation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# generate-cacerts.pl generates a gkeytool keystore named 'cacerts'
+# from OpenSSL's certificate bundle.
+
+# First extract each of OpenSSL's bundled certificates into its own
+# aliased filename.
+chomp($file=@ARGV[0]);
+$file = "/etc/pki/tls/cert.pem" unless $file ne "";
+open(CERTS, $file);
+@certs = <CERTS>;
+close(CERTS);
+
+$pem_file_number = 0;
+$writing_cert = 0;
+foreach $cert (@certs)
+{
+ if ($cert eq "-----BEGIN CERTIFICATE-----\n")
+ {
+ if ($writing_cert != 0)
+ {
+ die "$file is malformed.";
+ }
+ $pem_file_number++;
+ # Numbering each file guarantees that cert aliases will be
+ # unique.
+ $pem_file_name = "$pem_file_number$cert_alias.pem";
+ $writing_cert = 1;
+ open(PEM, ">$pem_file_name");
+ print PEM $cert;
+ }
+ elsif ($cert eq "-----END CERTIFICATE-----\n")
+ {
+ $writing_cert = 0;
+ print PEM $cert;
+ close(PEM);
+ }
+ elsif ($cert =~ /Issuer: /)
+ {
+ # Generate an alias using the OU and CN attributes of the
+ # Issuer field if both are present, otherwise use only the CN
+ # attribute. The Issuer field must have either the OU or the
+ # CN attribute.
+ $_ = $cert;
+ if ($cert =~ /OU=/)
+ {
+ s/Issuer:.*?OU=//;
+ # Remove other occurrences of OU=.
+ s/OU=.*CN=//;
+ # Remove CN= if there were not other occurrences of OU=.
+ s/CN=//;
+ }
+ elsif ($cert =~ /CN=/)
+ {
+ s/Issuer:.*CN=//;
+ }
+ s/\W//g;
+ tr/A-Z/a-z/;
+ $cert_alias = $_
+ }
+ else
+ {
+ if ($writing_cert == 1)
+ {
+ print PEM $cert;
+ }
+ }
+}
+
+# Check that the correct number of .pem files were produced.
+@pem_files = <*.pem>;
+if (@pem_files != $pem_file_number)
+{
+ die "Number of .pem files produced does not match".
+ " number of certs read from $file.";
+}
+
+# Now store each cert in the 'cacerts' file using gkeytool.
+$certs_written_count = 0;
+foreach $pem_file (@pem_files)
+{
+ system "yes | gkeytool@gcc_suffix@ -import -alias `basename $pem_file .pem`".
+ " -keystore cacerts -storepass '' -file $pem_file".
+ " 2>&1 >/dev/null";
+ unlink($pem_file);
+ $certs_written_count++;
+}
+
+# Check that the correct number of certs were added to the keystore.
+if ($certs_written_count != $pem_file_number)
+{
+ die "Number of certs added to keystore does not match".
+ " number of certs read from $file.";
+}
[-- Attachment #3: generate-cacerts.diff --]
[-- Type: text/plain, Size: 1041 bytes --]
--- ../../java-gcj-compat-1.0.80/generate-cacerts.pl 2007-07-04 23:01:44.000000000 +0200
+++ contrib/generate-cacerts.pl.in 2009-04-25 11:05:14.000000000 +0200
@@ -1,6 +1,6 @@
#!/usr/bin/perl
-# Copyright (C) 2007 Red Hat, Inc.
+# Copyright (C) 2007, 2009 Free Software Foundation
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -17,7 +17,8 @@
# First extract each of OpenSSL's bundled certificates into its own
# aliased filename.
-$file = "/etc/pki/tls/cert.pem";
+chomp($file=@ARGV[0]);
+$file = "/etc/pki/tls/cert.pem" unless $file ne "";
open(CERTS, $file);
@certs = <CERTS>;
close(CERTS);
@@ -90,7 +91,7 @@
$certs_written_count = 0;
foreach $pem_file (@pem_files)
{
- system "yes | gkeytool -import -alias `basename $pem_file .pem`".
+ system "yes | gkeytool@gcc_suffix@ -import -alias `basename $pem_file .pem`".
" -keystore cacerts -storepass '' -file $pem_file".
" 2>&1 >/dev/null";
unlink($pem_file);
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script
2009-04-25 9:24 [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script Matthias Klose
@ 2009-04-26 13:21 ` Matthias Klose
2009-04-26 13:56 ` Andrew Haley
0 siblings, 1 reply; 3+ messages in thread
From: Matthias Klose @ 2009-04-26 13:21 UTC (permalink / raw)
To: GCJ-patches
[-- Attachment #1: Type: text/plain, Size: 676 bytes --]
Matthias Klose schrieb:
> This patch updates contrib/ to java-gcj-compat 1.0.80, improving diagnostics,
> and adds the generate-cacerts.pl script (which everybody includes for packaging
> anyway). Changes to generate-cacerts.pl compared to java-gcj-compat are:
>
> - Allow passing a file name as parameter
> - Use the name of the installed keytool
> - Change the copyright header to the one found in the other contrib files.
> This has to be approved by the former copyright holder.
>
> Attached is the patch, and the diff for generate-cacerts.pl. Ok for the trunk
> (and then for the branch)?
made the warning more verbose, suggested by Andrew Haley
Matthias
[-- Attachment #2: aot.diff --]
[-- Type: text/plain, Size: 5685 bytes --]
2009-04-26 Matthias Klose <doko@ubuntu.com>
* contrib/aot-compile.in: Print diagnostics for malformed or invalid
class files.
* contrib/generate-cacerts.pl.in: New.
* configure.ac (AC_CONFIG_FILES): Add generate-cacerts.pl.
Index: configure.ac
===================================================================
--- configure.ac (revision 146797)
+++ configure.ac (working copy)
@@ -1923,6 +1923,7 @@
contrib/aotcompile.py
contrib/aot-compile
contrib/aot-compile-rpm
+contrib/generate-cacerts.pl
contrib/rebuild-gcj-db
])
Index: contrib/aotcompile.py.in
===================================================================
--- contrib/aotcompile.py.in (revision 146797)
+++ contrib/aotcompile.py.in (working copy)
@@ -177,11 +177,14 @@
def __init__(self, path):
self.path, self.classes, self.blocks = path, {}, None
+ self.classnames = {}
- def addClass(self, bytes):
+ def addClass(self, bytes, name):
"""Subclasses call this from their __init__ method for
every class they find."""
- self.classes[md5.new(bytes).digest()] = bytes
+ digest = md5.new(bytes).digest()
+ self.classes[digest] = bytes
+ self.classnames[digest] = name
def __makeBlocks(self):
"""Split self.classes into chunks that can be compiled to
@@ -200,7 +203,12 @@
if the job is subsetted."""
names = {}
for hash, bytes in self.classes.items():
- name = classname(bytes)
+ try:
+ name = classname(bytes)
+ except:
+ warn("job %s: class %s malformed or not a valid class file" \
+ % (self.path, self.classnames[hash]))
+ raise
if not names.has_key(name):
names[name] = []
names[name].append(hash)
@@ -302,7 +310,7 @@
if bytes.startswith(ZIPMAGIC):
self._walk(zipfile.ZipFile(StringIO.StringIO(bytes)))
elif bytes.startswith(CLASSMAGIC):
- self.addClass(bytes)
+ self.addClass(bytes, name)
class DirJob(Job):
"""A Job whose origin was a directory of classfiles."""
@@ -319,7 +327,7 @@
fp = open(path, "r")
magic = fp.read(4)
if magic == CLASSMAGIC:
- self.addClass(magic + fp.read())
+ self.addClass(magic + fp.read(), name)
def weed_jobs(jobs):
"""Remove any jarfiles that are completely contained within
Index: contrib/generate-cacerts.pl.in
===================================================================
--- contrib/generate-cacerts.pl.in (revision 0)
+++ contrib/generate-cacerts.pl.in (revision 0)
@@ -0,0 +1,106 @@
+#!/usr/bin/perl
+
+# Copyright (C) 2007, 2009 Free Software Foundation
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# generate-cacerts.pl generates a gkeytool keystore named 'cacerts'
+# from OpenSSL's certificate bundle.
+
+# First extract each of OpenSSL's bundled certificates into its own
+# aliased filename.
+chomp($file=@ARGV[0]);
+$file = "/etc/pki/tls/cert.pem" unless $file ne "";
+open(CERTS, $file);
+@certs = <CERTS>;
+close(CERTS);
+
+$pem_file_number = 0;
+$writing_cert = 0;
+foreach $cert (@certs)
+{
+ if ($cert eq "-----BEGIN CERTIFICATE-----\n")
+ {
+ if ($writing_cert != 0)
+ {
+ die "$file is malformed.";
+ }
+ $pem_file_number++;
+ # Numbering each file guarantees that cert aliases will be
+ # unique.
+ $pem_file_name = "$pem_file_number$cert_alias.pem";
+ $writing_cert = 1;
+ open(PEM, ">$pem_file_name");
+ print PEM $cert;
+ }
+ elsif ($cert eq "-----END CERTIFICATE-----\n")
+ {
+ $writing_cert = 0;
+ print PEM $cert;
+ close(PEM);
+ }
+ elsif ($cert =~ /Issuer: /)
+ {
+ # Generate an alias using the OU and CN attributes of the
+ # Issuer field if both are present, otherwise use only the CN
+ # attribute. The Issuer field must have either the OU or the
+ # CN attribute.
+ $_ = $cert;
+ if ($cert =~ /OU=/)
+ {
+ s/Issuer:.*?OU=//;
+ # Remove other occurrences of OU=.
+ s/OU=.*CN=//;
+ # Remove CN= if there were not other occurrences of OU=.
+ s/CN=//;
+ }
+ elsif ($cert =~ /CN=/)
+ {
+ s/Issuer:.*CN=//;
+ }
+ s/\W//g;
+ tr/A-Z/a-z/;
+ $cert_alias = $_
+ }
+ else
+ {
+ if ($writing_cert == 1)
+ {
+ print PEM $cert;
+ }
+ }
+}
+
+# Check that the correct number of .pem files were produced.
+@pem_files = <*.pem>;
+if (@pem_files != $pem_file_number)
+{
+ die "Number of .pem files produced does not match".
+ " number of certs read from $file.";
+}
+
+# Now store each cert in the 'cacerts' file using gkeytool.
+$certs_written_count = 0;
+foreach $pem_file (@pem_files)
+{
+ system "yes | gkeytool@gcc_suffix@ -import -alias `basename $pem_file .pem`".
+ " -keystore cacerts -storepass '' -file $pem_file".
+ " 2>&1 >/dev/null";
+ unlink($pem_file);
+ $certs_written_count++;
+}
+
+# Check that the correct number of certs were added to the keystore.
+if ($certs_written_count != $pem_file_number)
+{
+ die "Number of certs added to keystore does not match".
+ " number of certs read from $file.";
+}
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script
2009-04-26 13:21 ` Matthias Klose
@ 2009-04-26 13:56 ` Andrew Haley
0 siblings, 0 replies; 3+ messages in thread
From: Andrew Haley @ 2009-04-26 13:56 UTC (permalink / raw)
To: Matthias Klose; +Cc: GCJ-patches
Matthias Klose wrote:
> Matthias Klose schrieb:
>> This patch updates contrib/ to java-gcj-compat 1.0.80, improving diagnostics,
>> and adds the generate-cacerts.pl script (which everybody includes for packaging
>> anyway). Changes to generate-cacerts.pl compared to java-gcj-compat are:
>>
>> - Allow passing a file name as parameter
>> - Use the name of the installed keytool
>> - Change the copyright header to the one found in the other contrib files.
>> This has to be approved by the former copyright holder.
>>
>> Attached is the patch, and the diff for generate-cacerts.pl. Ok for the trunk
>> (and then for the branch)?
>
> made the warning more verbose, suggested by Andrew Haley
OK. Thanks for this. I was unaware that the upstream package was still alive
and had updates we needed.
Andrew.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-04-26 13:56 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-04-25 9:24 [patch] update contrib/ to java-gcj-compat 1.0.80, add generate-cacerts script Matthias Klose
2009-04-26 13:21 ` Matthias Klose
2009-04-26 13:56 ` Andrew Haley
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).