[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certif
|
From: |
Carlo Zancanaro |
|
Subject: |
Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates. |
|
Date: |
Mon, 27 Feb 2017 23:45:22 +1100 |
|
User-agent: |
mu4e 0.9.18; emacs 25.1.1 |
On Sun, Feb 26 2017, Roel Janssen wrote
> Great idea. This is also a more durable solution for when certificates
> change in nss-certs.
Yeah, that was my thinking. I had tried to do it earlier, but hadn't
noticed the incorrect permissions later on in the build (which had
caused my attempts to fail).
> I think we should add ourselves to the copyright notice.
> Other than that, I think this patch is good to be pushed.
I've added both of us to the copyright notice (I hope that isn't too
presumptuous). Patch is attached.
Thanks!
Carlo
From 1fb1116475506495f8f026c9b53cf955dec29742 Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <address@hidden>
Date: Sun, 26 Feb 2017 11:34:44 +1100
Subject: [PATCH] gnu: icedtea-6: Modify certificate import to not fail for
icedtea-8.
* gnu/packages/java.scm (icedtea-6)[arguments]: Fix install-keystore phase to
not fail the build when attempting to import unsupported certificate
types (which occur with icedtea-8, which inherits from icedtea-6). Also
ensure that the keystore is able to be written to before copying it.
---
gnu/packages/java.scm | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index e7479e1b0..1abdf607f 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1,7 +1,8 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015, 2016 Ricardo Wurmus <address@hidden>
;;; Copyright © 2016 Leo Famulari <address@hidden>
-;;; Copyright © 2016 Roel Janssen <address@hidden>
+;;; Copyright © 2016, 2017 Roel Janssen <address@hidden>
+;;; Copyright © 2017 Carlo Zancanaro <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -706,7 +707,7 @@ build process and its dependencies, whereas Make uses
Makefile format.")
"-file" temp)))
(display "yes\n" port)
(when (not (zero? (status:exit-val (close-pipe port))))
- (error "failed to import" cert)))
+ (format #t "failed to import ~a\n" cert)))
(delete-file temp)))
;; This is necessary because the certificate directory contains
@@ -719,6 +720,15 @@ build process and its dependencies, whereas Make uses
Makefile format.")
"/lib/security"))
(mkdir-p (string-append (assoc-ref outputs "jdk")
"/jre/lib/security"))
+
+ ;; The cacerts files we are going to overwrite are chmod'ed as
+ ;; read-only (444) in icedtea-8 (which derives from this
+ ;; package). We have to change this so we can overwrite them.
+ (chmod (string-append (assoc-ref outputs "out")
+ "/lib/security/" keystore) #o644)
+ (chmod (string-append (assoc-ref outputs "jdk")
+ "/jre/lib/security/" keystore) #o644)
+
(install-file keystore
(string-append (assoc-ref outputs "out")
"/lib/security"))
@@ -1023,9 +1033,6 @@ build process and its dependencies, whereas Make uses
Makefile format.")
(find-files "openjdk.src/jdk/src/solaris/native"
"\\.c|\\.h"))
#t)))
- ;; FIXME: This phase is needed but fails with this version of
- ;; IcedTea.
- (delete 'install-keystore)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((doc (string-append (assoc-ref outputs "doc")
--
2.11.1
signature.asc
Description: PGP signature