[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 3/3] gnu: icedtea-6: Generate keystore.
From: |
Ricardo Wurmus |
Subject: |
[PATCH 3/3] gnu: icedtea-6: Generate keystore. |
Date: |
Mon, 18 Jul 2016 13:59:41 +0200 |
From: Ricardo Wurmus <address@hidden>
* gnu/packages/java.scm (icedtea-6)[arguments]: Add phase
"install-keystore".
[native-inputs]: Add nss-certs and openssl.
---
gnu/packages/java.scm | 63 +++++++++++++++++++++++++++++++++++++++++++++++++--
1 file changed, 61 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index faa6e5b..95e273e 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -30,6 +30,7 @@
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
+ #:use-module (gnu packages certs)
#:use-module (gnu packages cpio)
#:use-module (gnu packages cups)
#:use-module (gnu packages compression)
@@ -47,6 +48,7 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages perl)
#:use-module (gnu packages mit-krb5)
+ #:use-module (gnu packages tls)
#:use-module (gnu packages xml)
#:use-module (gnu packages xorg)
#:use-module (gnu packages zip)
@@ -262,7 +264,8 @@ build process and its dependencies, whereas Make uses
Makefile format.")
#:modules ((guix build utils)
(guix build gnu-build-system)
(ice-9 popen)
- (ice-9 rdelim))
+ (ice-9 rdelim)
+ (srfi srfi-19))
#:configure-flags
(let* ((gcjdir (assoc-ref %build-inputs "gcj"))
@@ -521,7 +524,58 @@ build process and its dependencies, whereas Make uses
Makefile format.")
(jdk (assoc-ref outputs "jdk")))
(copy-recursively "openjdk.build/docs" doc)
(copy-recursively "openjdk.build/j2re-image" jre)
- (copy-recursively "openjdk.build/j2sdk-image" jdk)))))))
+ (copy-recursively "openjdk.build/j2sdk-image" jdk))))
+ (add-after 'install 'install-keystore
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((keystore "cacerts")
+ (certs-dir (string-append (assoc-ref inputs "nss-certs")
+ "/etc/ssl/certs"))
+ (keytool (string-append (assoc-ref outputs "jdk")
+ "/bin/keytool"))
+ (openssl (which "openssl"))
+ (recent (date->time-utc (string->date "2016-1-1"
+ "~Y-~m-~d"))))
+ (define (valid? cert)
+ (let* ((port (open-pipe* OPEN_READ openssl
+ "x509" "-enddate" "-in" cert
"-noout"))
+ (str (read-line port))
+ (end (begin (close-pipe port)
+ ;; TODO: use match?
+ (cadr (string-split str #\=)))))
+ (time>? (date->time-utc
+ (string->date end "~b ~d ~H:~M:~S ~Y")) recent)))
+
+ (define (import-cert cert)
+ (format #t "Importing certificate ~a\n" (basename cert))
+ (let* ((port (open-pipe* OPEN_WRITE keytool
+ "-import"
+ "-alias" (basename cert)
+ "-keystore" keystore
+ "-storepass" "changeit"
+ "-file" cert)))
+ (display "yes\n" port)
+ (when (not (eqv? 0 (status:exit-val (close-pipe port))))
+ (format (current-error-port)
+ "Failed to import certificate.\n"))))
+
+ ;; This is necessary because the certificate directory contains
+ ;; files with non-ASCII characters in their names.
+ (setlocale LC_ALL "en_US.utf8")
+ (setenv "LC_ALL" "en_US.utf8")
+
+ (for-each import-cert
+ (filter valid? (find-files certs-dir "\\.pem$")))
+ (mkdir-p (string-append (assoc-ref outputs "out")
+ "/lib/security"))
+ (mkdir-p (string-append (assoc-ref outputs "jdk")
+ "/jre/lib/security"))
+ (install-file keystore
+ (string-append (assoc-ref outputs "out")
+ "/lib/security"))
+ (install-file keystore
+ (string-append (assoc-ref outputs "jdk")
+ "/jre/lib/security"))
+ #t))))))
(native-inputs
`(("ant" ,ant)
("alsa-lib" ,alsa-lib)
@@ -544,6 +598,7 @@ build process and its dependencies, whereas Make uses
Makefile format.")
("libxslt" ,libxslt) ;for xsltproc
("mit-krb5" ,mit-krb5)
("nss" ,nss)
+ ("nss-certs" ,nss-certs)
("libx11" ,libx11)
("libxcomposite" ,libxcomposite)
("libxt" ,libxt)
@@ -554,6 +609,7 @@ build process and its dependencies, whereas Make uses
Makefile format.")
("libjpeg" ,libjpeg)
("libpng" ,libpng)
("giflib" ,giflib)
+ ("openssl" ,openssl)
("perl" ,perl)
("procps" ,procps) ;for "free", even though I'm not sure we should use
it
("openjdk6-src"
@@ -789,6 +845,9 @@ build process and its dependencies, whereas Make uses
Makefile format.")
(delete 'patch-paths)
(delete 'set-additional-paths)
(delete 'patch-patches)
+ ;; FIXME: This phase is needed but fails with this version of
+ ;; IcedTea.
+ (delete 'install-keystore)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((doc (string-append (assoc-ref outputs "doc")
--
2.9.0
- [PATCH 0/3] icedtea: Generate keystore., Ricardo Wurmus, 2016/07/18
- [PATCH 2/3] gnu: icedtea-6: Use modify-phases syntax., Ricardo Wurmus, 2016/07/18
- [PATCH 3/3] gnu: icedtea-6: Generate keystore.,
Ricardo Wurmus <=
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ludovic Courtès, 2016/07/19
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/19
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/22
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Andreas Enge, 2016/07/23
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/23
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/23
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Andreas Enge, 2016/07/23
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/24
- Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Andreas Enge, 2016/07/24
Re: [PATCH 0/3] icedtea: Generate keystore., Roel Janssen, 2016/07/18