diff options
author | Ricardo Wurmus <rekado@elephly.net> | 2016-07-08 11:28:59 +0200 |
---|---|---|
committer | Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> | 2016-07-22 17:10:25 +0200 |
commit | f21403e2b6f5a9491937a0cc9f31fc113998ce5e (patch) | |
tree | 69a38cd411ee8c3493ab689ef8a1f5d3fbbef8fb | |
parent | 9bc84dfea9560c497c91863e7b5021860bd3c254 (diff) | |
download | guix-f21403e2b6f5a9491937a0cc9f31fc113998ce5e.tar guix-f21403e2b6f5a9491937a0cc9f31fc113998ce5e.tar.gz |
gnu: icedtea-6: Generate keystore.
* gnu/packages/java.scm (icedtea-6)[arguments]: Add phase
"install-keystore".
[native-inputs]: Add nss-certs.
-rw-r--r-- | gnu/packages/java.scm | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index faa6e5bc1c..2d50ad84fa 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -30,6 +30,7 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages bash) + #:use-module (gnu packages certs) #:use-module (gnu packages cpio) #:use-module (gnu packages cups) #:use-module (gnu packages compression) @@ -262,7 +263,8 @@ build process and its dependencies, whereas Make uses Makefile format.") #:modules ((guix build utils) (guix build gnu-build-system) (ice-9 popen) - (ice-9 rdelim)) + (ice-9 rdelim) + (srfi srfi-19)) #:configure-flags (let* ((gcjdir (assoc-ref %build-inputs "gcj")) @@ -521,7 +523,47 @@ build process and its dependencies, whereas Make uses Makefile format.") (jdk (assoc-ref outputs "jdk"))) (copy-recursively "openjdk.build/docs" doc) (copy-recursively "openjdk.build/j2re-image" jre) - (copy-recursively "openjdk.build/j2sdk-image" jdk))))))) + (copy-recursively "openjdk.build/j2sdk-image" jdk)))) + ;; By default IcedTea only generates an empty keystore. In order to + ;; be able to use certificates in Java programs we need to generate a + ;; keystore from a set of certificates. For convenience we use the + ;; certificates from the nss-certs package. + (add-after 'install 'install-keystore + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((keystore "cacerts") + (certs-dir (string-append (assoc-ref inputs "nss-certs") + "/etc/ssl/certs")) + (keytool (string-append (assoc-ref outputs "jdk") + "/bin/keytool"))) + (define (import-cert cert) + (format #t "Importing certificate ~a\n" (basename cert)) + (let* ((port (open-pipe* OPEN_WRITE keytool + "-import" + "-alias" (basename cert) + "-keystore" keystore + "-storepass" "changeit" + "-file" cert))) + (display "yes\n" port) + (when (not (zero? (status:exit-val (close-pipe port)))) + (error "failed to import" cert)))) + + ;; This is necessary because the certificate directory contains + ;; files with non-ASCII characters in their names. + (setlocale LC_ALL "en_US.utf8") + (setenv "LC_ALL" "en_US.utf8") + + (for-each import-cert (find-files certs-dir "\\.pem$")) + (mkdir-p (string-append (assoc-ref outputs "out") + "/lib/security")) + (mkdir-p (string-append (assoc-ref outputs "jdk") + "/jre/lib/security")) + (install-file keystore + (string-append (assoc-ref outputs "out") + "/lib/security")) + (install-file keystore + (string-append (assoc-ref outputs "jdk") + "/jre/lib/security")) + #t)))))) (native-inputs `(("ant" ,ant) ("alsa-lib" ,alsa-lib) @@ -544,6 +586,7 @@ build process and its dependencies, whereas Make uses Makefile format.") ("libxslt" ,libxslt) ;for xsltproc ("mit-krb5" ,mit-krb5) ("nss" ,nss) + ("nss-certs" ,nss-certs) ("libx11" ,libx11) ("libxcomposite" ,libxcomposite) ("libxt" ,libxt) @@ -789,6 +832,9 @@ build process and its dependencies, whereas Make uses Makefile format.") (delete 'patch-paths) (delete 'set-additional-paths) (delete 'patch-patches) + ;; FIXME: This phase is needed but fails with this version of + ;; IcedTea. + (delete 'install-keystore) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((doc (string-append (assoc-ref outputs "doc") |