[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certif
From: |
Carlo Zancanaro |
Subject: |
Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates. |
Date: |
Sun, 26 Feb 2017 11:44:06 +1100 |
User-agent: |
mu4e 0.9.18; emacs 25.1.1 |
On Fri, Feb 10 2017, Roel Janssen wrote
> [ ... ]
I was getting frustrated at not having certificates with java 8 (it's
surprisingly annoying to have to use one environment with java 7 to
download dependencies with maven, then a different environment with java
8 to actually run your program), so I downloaded and tried out your
patch. It seems to work!
But then I wondered, could we just change the generate-keystore phase of
the icedtea-6 package to log a failed certificate import without failing
the build? Then we could move the permissions change there, too, which
would give us a smaller patch that should accomplish a similar result
(attached).
From b1ed0d53a72f95fdc42fa3741ae16726782ad414 Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <address@hidden>
Date: Sun, 26 Feb 2017 11:34:44 +1100
Subject: [PATCH] gnu: icedtea-6: Modify certificate import to not fail for
icedtea-8.
* gnu/packages/java.scm (icedtea-6)[arguments]: Fix install-keystore phase to
not fail the build when attempting to import unsupported certificate
types (which occur with icedtea-8, which inherits from icedtea-6). Also
ensure that the keystore is able to be written to before copying it.
---
gnu/packages/java.scm | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index e7479e1b0..c7f9b9aad 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -706,7 +706,7 @@ build process and its dependencies, whereas Make uses
Makefile format.")
"-file" temp)))
(display "yes\n" port)
(when (not (zero? (status:exit-val (close-pipe port))))
- (error "failed to import" cert)))
+ (format #t "failed to import ~a\n" cert)))
(delete-file temp)))
;; This is necessary because the certificate directory contains
@@ -719,6 +719,15 @@ build process and its dependencies, whereas Make uses
Makefile format.")
"/lib/security"))
(mkdir-p (string-append (assoc-ref outputs "jdk")
"/jre/lib/security"))
+
+ ;; The cacerts files we are going to overwrite are chmod'ed as
+ ;; read-only (444) in icedtea-8 (which derives from this
+ ;; package). We have to change this so we can overwrite them.
+ (chmod (string-append (assoc-ref outputs "out")
+ "/lib/security/" keystore) #o644)
+ (chmod (string-append (assoc-ref outputs "jdk")
+ "/jre/lib/security/" keystore) #o644)
+
(install-file keystore
(string-append (assoc-ref outputs "out")
"/lib/security"))
@@ -1023,9 +1032,6 @@ build process and its dependencies, whereas Make uses
Makefile format.")
(find-files "openjdk.src/jdk/src/solaris/native"
"\\.c|\\.h"))
#t)))
- ;; FIXME: This phase is needed but fails with this version of
- ;; IcedTea.
- (delete 'install-keystore)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((doc (string-append (assoc-ref outputs "doc")
--
2.11.1
signature.asc
Description: PGP signature