bisq/package/linux/prepare-system.sh

#!/usr/bin/env bash
cd $(dirname $0)

echo Update OS

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

if [ ! -f "$JAVA_HOME/jre/lib/security/local_policy.jar" ]
then
echo "Enable strong crypto support for Java"

wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip

checksum=f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 # see https://github.com/jonathancross/jc-docs/blob/master/java-strong-crypto-test/README.md

if ! echo "$checksum jce_policy-8.zip" | sha256sum -c -;
then
    echo "Checksum failed" >&2
    exit 1
fi

unzip jce_policy-8.zip
sudo cp UnlimitedJCEPolicyJDK8/{US_export_policy.jar,local_policy.jar} $JAVA_HOME/jre/lib/security/
sudo chmod 664 $JAVA_HOME/jre/lib/security/{US_export_policy.jar,local_policy.jar}
sudo rm -rf UnlimitedJCEPolicyJDK8 jce_policy-8.zip
else
echo "Strong Crypto support for Java already available"
fi

bouncyCastleJar=bcprov-jdk15on-1.56.jar

if [ ! -f "$JAVA_HOME/jre/lib/ext/$bouncyCastleJar" ]
then
echo Configure Bouncy Castle

wget "http://central.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.56/$bouncyCastleJar"
if ! echo "963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349  ${bouncyCastleJar}" | sha256sum -c -;
then
    echo "Bad checksum for ${bouncyCastleJar}." >&2
    exit 1
fi
sudo mv $bouncyCastleJar $JAVA_HOME/jre/lib/ext/
sudo chmod 777 "$JAVA_HOME/jre/lib/ext/$bouncyCastleJar"
else
echo Bouncy Castle already configured
fi
Add script to update and re-configure OS for release 2018-08-21 12:41:28 +02:00			`#!/usr/bin/env bash`
			`cd $(dirname $0)`

			`echo Update OS`

			`sudo apt-get update`
			`sudo apt-get upgrade`
			`sudo apt-get dist-upgrade`

			`if [ ! -f "$JAVA_HOME/jre/lib/security/local_policy.jar" ]`
			`then`
			`echo "Enable strong crypto support for Java"`

			`wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip`

			`checksum=f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59 # see https://github.com/jonathancross/jc-docs/blob/master/java-strong-crypto-test/README.md`

			`if ! echo "$checksum jce_policy-8.zip" \| sha256sum -c -;`
			`then`
			`echo "Checksum failed" >&2`
			`exit 1`
			`fi`

			`unzip jce_policy-8.zip`
			`sudo cp UnlimitedJCEPolicyJDK8/{US_export_policy.jar,local_policy.jar} $JAVA_HOME/jre/lib/security/`
			`sudo chmod 664 $JAVA_HOME/jre/lib/security/{US_export_policy.jar,local_policy.jar}`
			`sudo rm -rf UnlimitedJCEPolicyJDK8 jce_policy-8.zip`
			`else`
			`echo "Strong Crypto support for Java already available"`
			`fi`

			`bouncyCastleJar=bcprov-jdk15on-1.56.jar`

			`if [ ! -f "$JAVA_HOME/jre/lib/ext/$bouncyCastleJar" ]`
			`then`
			`echo Configure Bouncy Castle`

			`wget "http://central.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.56/$bouncyCastleJar"`
Also verify checksum for bouncy castle .jar in prepare-system.sh We do this for the jce_policy-8.zip file, but we also fetch the BC .jar over http and it could be trivially MitM'ed by a network adversary before this patch. 2018-08-21 14:47:31 +02:00			`if ! echo "963e1ee14f808ffb99897d848ddcdb28fa91ddda867eb18d303e82728f878349 ${bouncyCastleJar}" \| sha256sum -c -;`
			`then`
			`echo "Bad checksum for ${bouncyCastleJar}." >&2`
			`exit 1`
			`fi`
Add script to update and re-configure OS for release 2018-08-21 12:41:28 +02:00			`sudo mv $bouncyCastleJar $JAVA_HOME/jre/lib/ext/`
			`sudo chmod 777 "$JAVA_HOME/jre/lib/ext/$bouncyCastleJar"`
			`else`
			`echo Bouncy Castle already configured`
			`fi`