8278080: Add --with-cacerts-src='user cacerts folder' to enable deter…

…ministic cacerts generation Reviewed-by: erikj
openjdk · Dec 2, 2021 · dc2abc9 · dc2abc9 · openjdk-notifier · Dec 2, 2021
1 parent 8d9cb2e
commit dc2abc9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/make/autoconf/jdk-options.m4 b/make/autoconf/jdk-options.m4
@@ -169,6 +169,23 @@ AC_DEFUN_ONCE([JDKOPT_SETUP_JDK_OPTIONS],
   fi
   AC_SUBST(CACERTS_FILE)
 
+  # Choose cacerts source folder for user provided PEM files
+  AC_ARG_WITH(cacerts-src, [AS_HELP_STRING([--with-cacerts-src],
+      [specify alternative cacerts source folder containing certificates])])
+  CACERTS_SRC=""
+  AC_MSG_CHECKING([for cacerts source])
+  if test "x$with_cacerts_src" == x; then
+    AC_MSG_RESULT([default])
+  else
+    CACERTS_SRC=$with_cacerts_src
+    if test ! -d "$CACERTS_SRC"; then
+      AC_MSG_RESULT([fail])
+      AC_MSG_ERROR([Specified cacerts source folder "$CACERTS_SRC" does not exist])
+    fi
+    AC_MSG_RESULT([$CACERTS_SRC])
+  fi
+  AC_SUBST(CACERTS_SRC)
+
   # Enable or disable unlimited crypto
   UTIL_ARG_ENABLE(NAME: unlimited-crypto, DEFAULT: true, RESULT: UNLIMITED_CRYPTO,
       DESC: [enable unlimited crypto policy])

diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
@@ -416,6 +416,8 @@ GTEST_FRAMEWORK_SRC := @GTEST_FRAMEWORK_SRC@
 
 # Source file for cacerts
 CACERTS_FILE=@CACERTS_FILE@
+# Source folder for user provided cacerts PEM files 
+CACERTS_SRC=@CACERTS_SRC@
 
 # Enable unlimited crypto policy
 UNLIMITED_CRYPTO=@UNLIMITED_CRYPTO@

diff --git a/make/modules/java.base/Gendata.gmk b/make/modules/java.base/Gendata.gmk
@@ -71,6 +71,9 @@ $(GENDATA_CACERTS): $(BUILD_TOOLS_JDK) $(wildcard $(GENDATA_CACERTS_SRC)/*)
 ifeq ($(CACERTS_FILE), )
   TARGETS += $(GENDATA_CACERTS)
 endif
+ifneq ($(CACERTS_SRC), )
+  GENDATA_CACERTS_SRC := $(CACERTS_SRC)
+endif
 
 ################################################################################