X-Git-Url: https://git.distorted.org.uk/~mdw/termux-packages/blobdiff_plain/14e7b6ecfea408aaf0138ee6b1da08e781b5c52d..90a97327275e381950f0f706d6219b6055e68dc6:/packages/ca-certificates/build.sh?ds=sidebyside

diff --git a/packages/ca-certificates/build.sh b/packages/ca-certificates/build.sh
index e09d5989..30792079 100644
--- a/packages/ca-certificates/build.sh
+++ b/packages/ca-certificates/build.sh
@@ -1,17 +1,35 @@
-TERMUX_PKG_HOMEPAGE=http://curl.haxx.se/docs/caextract.html
+TERMUX_PKG_HOMEPAGE=https://curl.haxx.se/docs/caextract.html
 TERMUX_PKG_DESCRIPTION="Common CA certificates"
-TERMUX_PKG_VERSION=20151028
-TERMUX_PKG_BUILD_REVISION=1
+TERMUX_PKG_VERSION=20170920
+TERMUX_PKG_PLATFORM_INDEPENDENT=yes
 
 termux_step_make_install () {
-	CERTFILE=$TERMUX_PKG_TMPDIR/cert.pem
-	curl -o $CERTFILE https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt
-	if grep -q 'SHA1: 6d7d2f0a4fae587e7431be191a081ac1257d300a' $CERTFILE; then
-		CERT_DIR=$TERMUX_PREFIX/etc/tls
-		mkdir -p $CERT_DIR
-		mv $CERTFILE $CERT_DIR/cert.pem
-	else
-		echo "Have https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt been updated?"
-		exit 1
-	fi
+	local CERTDIR=$TERMUX_PREFIX/etc/tls
+	local CERTFILE=$CERTDIR/cert.pem
+	# If the checksum has changed, it may be time to update the package version.
+	local CERTFILE_SHA256=435ac8e816f5c10eaaf228d618445811c16a5e842e461cb087642b6265a36856
+
+	mkdir -p $CERTDIR
+
+	termux_download https://curl.haxx.se/ca/cacert.pem \
+		$CERTFILE \
+		$CERTFILE_SHA256
+	touch $CERTFILE
+
+	# Build java keystore which is split out into a ca-certificates-java subpackage:
+	local KEYUTIL_JAR=$TERMUX_PKG_CACHEDIR/keyutil-0.4.0.jar
+	termux_download \
+		https://github.com/use-sparingly/keyutil/releases/download/0.4.0/keyutil-0.4.0.jar \
+		$KEYUTIL_JAR \
+		18f1d2c82839d84949b1ad015343c509e81ef678c24db6112acc6c0761314610
+
+	local JAVA_KEYSTORE_DIR=$PREFIX/lib/jvm/openjdk-9/lib/security
+	mkdir -p $JAVA_KEYSTORE_DIR
+
+	java -jar $KEYUTIL_JAR \
+		--import \
+		--new-keystore $JAVA_KEYSTORE_DIR/jssecacerts \
+		--password changeit \
+		--force-new-overwrite \
+		--import-pem-file $CERTFILE
 }