guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certif


From: Carlo Zancanaro
Subject: Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates.
Date: Thu, 02 Mar 2017 08:23:19 +1100
User-agent: mu4e 0.9.18; emacs 25.1.1

On Mon, Feb 27 2017, Roel Janssen wrote
> Unfortunately, I don't seem to be able to apply your patch. [ ... ]

Hmm. That's strange. I generated a new patch which hopefully will work.
I tried applying it to master on my machine and it seemed to work fine.

I'm not sure what to do with this in light of Ricardo's comments, but
I'm hopeful that it can be pushed. (The advantage not having the ability
to push is that I don't have to make any real decisions. Hooray!)

Carlo

From 8d499d361cb89c29902ef21c46b3899c2f6799f7 Mon Sep 17 00:00:00 2001
From: Carlo Zancanaro <address@hidden>
Date: Sun, 26 Feb 2017 11:34:44 +1100
Subject: [PATCH] gnu: icedtea-6: Modify certificate import to not fail for
 icedtea-8.

* gnu/packages/java.scm (icedtea-6)[arguments]: Fix install-keystore phase to
  not fail the build when attempting to import unsupported certificate
  types (which occur with icedtea-8, which inherits from icedtea-6). Also
  ensure that the keystore is able to be written to before copying it.
---
 gnu/packages/java.scm | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index e7479e1b0..1abdf607f 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -1,7 +1,8 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <address@hidden>
 ;;; Copyright © 2016 Leo Famulari <address@hidden>
-;;; Copyright © 2016 Roel Janssen <address@hidden>
+;;; Copyright © 2016, 2017 Roel Janssen <address@hidden>
+;;; Copyright © 2017 Carlo Zancanaro <address@hidden>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -706,7 +707,7 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
                                            "-file" temp)))
                      (display "yes\n" port)
                      (when (not (zero? (status:exit-val (close-pipe port))))
-                       (error "failed to import" cert)))
+                       (format #t "failed to import ~a\n" cert)))
                    (delete-file temp)))
 
                ;; This is necessary because the certificate directory contains
@@ -719,6 +720,15 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
                                        "/lib/security"))
                (mkdir-p (string-append (assoc-ref outputs "jdk")
                                        "/jre/lib/security"))
+
+               ;; The cacerts files we are going to overwrite are chmod'ed as
+               ;; read-only (444) in icedtea-8 (which derives from this
+               ;; package).  We have to change this so we can overwrite them.
+               (chmod (string-append (assoc-ref outputs "out")
+                                     "/lib/security/" keystore) #o644)
+               (chmod (string-append (assoc-ref outputs "jdk")
+                                     "/jre/lib/security/" keystore) #o644)
+
                (install-file keystore
                              (string-append (assoc-ref outputs "out")
                                             "/lib/security"))
@@ -1023,9 +1033,6 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
                     (find-files "openjdk.src/jdk/src/solaris/native"
                                 "\\.c|\\.h"))
                    #t)))
-             ;; FIXME: This phase is needed but fails with this version of
-             ;; IcedTea.
-             (delete 'install-keystore)
              (replace 'install
                (lambda* (#:key outputs #:allow-other-keys)
                  (let ((doc (string-append (assoc-ref outputs "doc")
-- 
2.11.1

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]