03/03: gnu: icedtea-6: Generate keystore.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/03: gnu: icedtea-6: Generate keystore.

From:	Ricardo Wurmus
Subject:	03/03: gnu: icedtea-6: Generate keystore.
Date:	Fri, 22 Jul 2016 15:11:05 +0000 (UTC)

rekado pushed a commit to branch master
in repository guix.

commit f21403e2b6f5a9491937a0cc9f31fc113998ce5e
Author: Ricardo Wurmus <address@hidden>
Date:   Fri Jul 8 11:28:59 2016 +0200

    gnu: icedtea-6: Generate keystore.
    
    * gnu/packages/java.scm (icedtea-6)[arguments]: Add phase
    "install-keystore".
    [native-inputs]: Add nss-certs.
---
 gnu/packages/java.scm |   50 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index faa6e5b..2d50ad8 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -30,6 +30,7 @@
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages certs)
   #:use-module (gnu packages cpio)
   #:use-module (gnu packages cups)
   #:use-module (gnu packages compression)
@@ -262,7 +263,8 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
        #:modules ((guix build utils)
                   (guix build gnu-build-system)
                   (ice-9 popen)
-                  (ice-9 rdelim))
+                  (ice-9 rdelim)
+                  (srfi srfi-19))
 
        #:configure-flags
        (let* ((gcjdir (assoc-ref %build-inputs "gcj"))
@@ -521,7 +523,47 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
                    (jdk (assoc-ref outputs "jdk")))
                (copy-recursively "openjdk.build/docs" doc)
                (copy-recursively "openjdk.build/j2re-image" jre)
-               (copy-recursively "openjdk.build/j2sdk-image" jdk)))))))
+               (copy-recursively "openjdk.build/j2sdk-image" jdk))))
+         ;; By default IcedTea only generates an empty keystore.  In order to
+         ;; be able to use certificates in Java programs we need to generate a
+         ;; keystore from a set of certificates.  For convenience we use the
+         ;; certificates from the nss-certs package.
+         (add-after 'install 'install-keystore
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let* ((keystore  "cacerts")
+                    (certs-dir (string-append (assoc-ref inputs "nss-certs")
+                                              "/etc/ssl/certs"))
+                    (keytool   (string-append (assoc-ref outputs "jdk")
+                                              "/bin/keytool")))
+               (define (import-cert cert)
+                 (format #t "Importing certificate ~a\n" (basename cert))
+                 (let* ((port (open-pipe* OPEN_WRITE keytool
+                                          "-import"
+                                          "-alias" (basename cert)
+                                          "-keystore" keystore
+                                          "-storepass" "changeit"
+                                          "-file" cert)))
+                   (display "yes\n" port)
+                   (when (not (zero? (status:exit-val (close-pipe port))))
+                     (error "failed to import" cert))))
+
+               ;; This is necessary because the certificate directory contains
+               ;; files with non-ASCII characters in their names.
+               (setlocale LC_ALL "en_US.utf8")
+               (setenv "LC_ALL" "en_US.utf8")
+
+               (for-each import-cert (find-files certs-dir "\\.pem$"))
+               (mkdir-p (string-append (assoc-ref outputs "out")
+                                       "/lib/security"))
+               (mkdir-p (string-append (assoc-ref outputs "jdk")
+                                       "/jre/lib/security"))
+               (install-file keystore
+                             (string-append (assoc-ref outputs "out")
+                                            "/lib/security"))
+               (install-file keystore
+                             (string-append (assoc-ref outputs "jdk")
+                                            "/jre/lib/security"))
+               #t))))))
     (native-inputs
      `(("ant" ,ant)
        ("alsa-lib" ,alsa-lib)
@@ -544,6 +586,7 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
        ("libxslt" ,libxslt) ;for xsltproc
        ("mit-krb5" ,mit-krb5)
        ("nss" ,nss)
+       ("nss-certs" ,nss-certs)
        ("libx11" ,libx11)
        ("libxcomposite" ,libxcomposite)
        ("libxt" ,libxt)
@@ -789,6 +832,9 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
              (delete 'patch-paths)
              (delete 'set-additional-paths)
              (delete 'patch-patches)
+             ;; FIXME: This phase is needed but fails with this version of
+             ;; IcedTea.
+             (delete 'install-keystore)
              (replace 'install
                (lambda* (#:key outputs #:allow-other-keys)
                  (let ((doc (string-append (assoc-ref outputs "doc")

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (3c2d03a -> f21403e), Ricardo Wurmus, 2016/07/22
- 03/03: gnu: icedtea-6: Generate keystore., Ricardo Wurmus <=
- 01/03: gnu: nss-certs: Stop inheriting from nss package., Ricardo Wurmus, 2016/07/22
- 02/03: gnu: icedtea-6: Use modify-phases syntax., Ricardo Wurmus, 2016/07/22

Prev by Date: branch master updated (3c2d03a -> f21403e)
Next by Date: 01/03: gnu: nss-certs: Stop inheriting from nss package.
Previous by thread: branch master updated (3c2d03a -> f21403e)
Next by thread: 01/03: gnu: nss-certs: Stop inheriting from nss package.
Index(es):
- Date
- Thread