aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRicardo Wurmus <rekado@elephly.net>2016-07-08 11:28:59 +0200
committerRicardo Wurmus <ricardo.wurmus@mdc-berlin.de>2016-07-22 17:10:25 +0200
commitf21403e2b6f5a9491937a0cc9f31fc113998ce5e (patch)
tree69a38cd411ee8c3493ab689ef8a1f5d3fbbef8fb
parent9bc84dfea9560c497c91863e7b5021860bd3c254 (diff)
downloadguix-f21403e2b6f5a9491937a0cc9f31fc113998ce5e.tar
guix-f21403e2b6f5a9491937a0cc9f31fc113998ce5e.tar.gz
gnu: icedtea-6: Generate keystore.
* gnu/packages/java.scm (icedtea-6)[arguments]: Add phase "install-keystore". [native-inputs]: Add nss-certs.
-rw-r--r--gnu/packages/java.scm50
1 files changed, 48 insertions, 2 deletions
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index faa6e5bc1c..2d50ad84fa 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -30,6 +30,7 @@
#:use-module (gnu packages autotools)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
+ #:use-module (gnu packages certs)
#:use-module (gnu packages cpio)
#:use-module (gnu packages cups)
#:use-module (gnu packages compression)
@@ -262,7 +263,8 @@ build process and its dependencies, whereas Make uses Makefile format.")
#:modules ((guix build utils)
(guix build gnu-build-system)
(ice-9 popen)
- (ice-9 rdelim))
+ (ice-9 rdelim)
+ (srfi srfi-19))
#:configure-flags
(let* ((gcjdir (assoc-ref %build-inputs "gcj"))
@@ -521,7 +523,47 @@ build process and its dependencies, whereas Make uses Makefile format.")
(jdk (assoc-ref outputs "jdk")))
(copy-recursively "openjdk.build/docs" doc)
(copy-recursively "openjdk.build/j2re-image" jre)
- (copy-recursively "openjdk.build/j2sdk-image" jdk)))))))
+ (copy-recursively "openjdk.build/j2sdk-image" jdk))))
+ ;; By default IcedTea only generates an empty keystore. In order to
+ ;; be able to use certificates in Java programs we need to generate a
+ ;; keystore from a set of certificates. For convenience we use the
+ ;; certificates from the nss-certs package.
+ (add-after 'install 'install-keystore
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (let* ((keystore "cacerts")
+ (certs-dir (string-append (assoc-ref inputs "nss-certs")
+ "/etc/ssl/certs"))
+ (keytool (string-append (assoc-ref outputs "jdk")
+ "/bin/keytool")))
+ (define (import-cert cert)
+ (format #t "Importing certificate ~a\n" (basename cert))
+ (let* ((port (open-pipe* OPEN_WRITE keytool
+ "-import"
+ "-alias" (basename cert)
+ "-keystore" keystore
+ "-storepass" "changeit"
+ "-file" cert)))
+ (display "yes\n" port)
+ (when (not (zero? (status:exit-val (close-pipe port))))
+ (error "failed to import" cert))))
+
+ ;; This is necessary because the certificate directory contains
+ ;; files with non-ASCII characters in their names.
+ (setlocale LC_ALL "en_US.utf8")
+ (setenv "LC_ALL" "en_US.utf8")
+
+ (for-each import-cert (find-files certs-dir "\\.pem$"))
+ (mkdir-p (string-append (assoc-ref outputs "out")
+ "/lib/security"))
+ (mkdir-p (string-append (assoc-ref outputs "jdk")
+ "/jre/lib/security"))
+ (install-file keystore
+ (string-append (assoc-ref outputs "out")
+ "/lib/security"))
+ (install-file keystore
+ (string-append (assoc-ref outputs "jdk")
+ "/jre/lib/security"))
+ #t))))))
(native-inputs
`(("ant" ,ant)
("alsa-lib" ,alsa-lib)
@@ -544,6 +586,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
("libxslt" ,libxslt) ;for xsltproc
("mit-krb5" ,mit-krb5)
("nss" ,nss)
+ ("nss-certs" ,nss-certs)
("libx11" ,libx11)
("libxcomposite" ,libxcomposite)
("libxt" ,libxt)
@@ -789,6 +832,9 @@ build process and its dependencies, whereas Make uses Makefile format.")
(delete 'patch-paths)
(delete 'set-additional-paths)
(delete 'patch-patches)
+ ;; FIXME: This phase is needed but fails with this version of
+ ;; IcedTea.
+ (delete 'install-keystore)
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((doc (string-append (assoc-ref outputs "doc")