Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.

From:	Ricardo Wurmus
Subject:	Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.
Date:	Sat, 23 Jul 2016 23:33:12 +0200
User-agent:	mu4e 0.9.16; emacs 24.5.1

Ricardo Wurmus <address@hidden> writes:

> Andreas Enge <address@hidden> writes:
>
>> Hello, Ricardo!
>>
>> address@hidden in master now fails to build in the install-keystore phase.
>>    http://hydra.gnu.org:3000/build/1309224
>>    http://hydra.gnu.org:3000/build/1308950
>> Could you have a look, please?

[…]

> The keytool from address@hidden doesn’t like this certificate.  My hunch is
> that we may need to remove comments from the certificate files, only
> leaving the certificate block.
>
> I’ll fix this as soon as I can.

Attached is an untested patch to fix this.  I’m now building address@hidden
again with this patch (on a remote machine).  Not sure when I can check
on the result as I’ll be out for the most part of tomorrow.

You’re welcome to give it a try yourself!  (Who knows, maybe this change
would also allow us to reinstate the phase in the latest icedtea
version?)

~~ Ricardo

>From 04cafa35d7e226843cdccaf5a3ea5a82d9dc5d3e Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <address@hidden>
Date: Sat, 23 Jul 2016 23:25:11 +0200
Subject: [PATCH] gnu: icedtea-6: Narrow file to certificate block.

* gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate
  blocks from pem files before importing.
---
 gnu/packages/java.scm | 39 ++++++++++++++++++++++++++++++---------
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 2d50ad8..78e2143 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
                                               "/etc/ssl/certs"))
                     (keytool   (string-append (assoc-ref outputs "jdk")
                                               "/bin/keytool")))
+               (define (extract-cert file target)
+                 (call-with-input-file file
+                   (lambda (in)
+                     (call-with-output-file target
+                       (lambda (out)
+                         (let loop ((line (read-line in 'concat))
+                                    (copying? #f))
+                           (cond
+                            ((eof-object? line) #t)
+                            ((string-prefix? "-----BEGIN" line)
+                             (display line out)
+                             (loop (read-line in 'concat) #t))
+                            ((string-prefix? "-----END" line)
+                             (display line out)
+                             #t)
+                            (else
+                             (when copying? (display line out))
+                             (loop (read-line in 'concat) copying?)))))))))
                (define (import-cert cert)
                  (format #t "Importing certificate ~a\n" (basename cert))
-                 (let* ((port (open-pipe* OPEN_WRITE keytool
-                                          "-import"
-                                          "-alias" (basename cert)
-                                          "-keystore" keystore
-                                          "-storepass" "changeit"
-                                          "-file" cert)))
-                   (display "yes\n" port)
-                   (when (not (zero? (status:exit-val (close-pipe port))))
-                     (error "failed to import" cert))))
+                 (let ((temp (tmpfile)))
+                   (extract-cert cert temp)
+                   (let ((port (open-pipe* OPEN_WRITE keytool
+                                           "-import"
+                                           "-alias" (basename cert)
+                                           "-keystore" keystore
+                                           "-storepass" "changeit"
+                                           "-file" temp)))
+                     (display "yes\n" port)
+                     (when (not (zero? (status:exit-val (close-pipe port))))
+                       (error "failed to import" cert)))
+                   (delete-file temp)))
 
                ;; This is necessary because the certificate directory contains
                ;; files with non-ASCII characters in their names.
-- 
2.9.0

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 1/3] gnu: nss-certs: Stop inheriting from nss package., (continued)
- [PATCH 2/3] gnu: icedtea-6: Use modify-phases syntax., Ricardo Wurmus, 2016/07/18
  - Re: [PATCH 2/3] gnu: icedtea-6: Use modify-phases syntax., Ludovic Courtès, 2016/07/19
- [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/18
  - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ludovic Courtès, 2016/07/19
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/19
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/22
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Andreas Enge, 2016/07/23
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/23
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus <=
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Andreas Enge, 2016/07/23
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Ricardo Wurmus, 2016/07/24
    - Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore., Andreas Enge, 2016/07/24
- Re: [PATCH 0/3] icedtea: Generate keystore., Roel Janssen, 2016/07/18

Prev by Date: Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.
Next by Date: Re: [PATCH 1/7] gnu: Add usbredir.
Previous by thread: Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.
Next by thread: Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.
Index(es):
- Date
- Thread