diff options
author | Ricardo Wurmus <rekado@elephly.net> | 2018-03-10 18:35:31 +0100 |
---|---|---|
committer | Ricardo Wurmus <rekado@elephly.net> | 2018-03-11 11:53:39 +0100 |
commit | f2785bd657c55cd36f436b1f6ee1af5d72683162 (patch) | |
tree | 9dc11416d8d35727a240a64dc91496def5b10b44 | |
parent | 387428def11c59867eb528bcf622f3144617033a (diff) | |
download | patches-f2785bd657c55cd36f436b1f6ee1af5d72683162.tar patches-f2785bd657c55cd36f436b1f6ee1af5d72683162.tar.gz |
gnu: icedtea-8: Build "out" reproducibly.
Partially fixes <https://bugs.gnu.org/30730>.
* gnu/packages/java.scm (icedtea-8)[arguments]: Add phases
"patch-keystore" and "strip-jar-timestamps".
[source]: Also patch DIST_ID in "configure" script.
-rw-r--r-- | gnu/packages/java.scm | 146 |
1 files changed, 86 insertions, 60 deletions
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 5cc4a56f81..bb20b1d464 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -1591,7 +1591,8 @@ IcedTea build harness.") (modules '((guix build utils))) (snippet '(begin - (substitute* "acinclude.m4" + (substitute* '("configure" + "acinclude.m4") ;; Do not embed build time (("(DIST_ID=\"Custom build).*$" _ prefix) (string-append prefix "\"\n")) @@ -1600,65 +1601,90 @@ IcedTea build harness.") "DIST_NAME=\"guix\"")) #t)))) (arguments - (substitute-keyword-arguments (package-arguments icedtea-7) - ((#:configure-flags flags) - `(let ((jdk (assoc-ref %build-inputs "jdk"))) - `(;;"--disable-bootstrap" - "--enable-bootstrap" - "--enable-nss" - "--disable-downloading" - "--disable-system-pcsc" - "--disable-system-sctp" - "--disable-tests" ;they are run in the check phase instead - "--with-openjdk-src-dir=./openjdk.src" - ,(string-append "--with-jdk-home=" jdk)))) - ((#:phases phases) - `(modify-phases ,phases - (delete 'fix-x11-extension-include-path) - (delete 'patch-paths) - (delete 'set-additional-paths) - (delete 'patch-patches) - (add-after 'unpack 'patch-jni-libs - ;; Hardcode dynamically loaded libraries. - (lambda _ - (let* ((library-path (search-path-as-string->list - (getenv "LIBRARY_PATH"))) - (find-library (lambda (name) - (search-path - library-path - (string-append "lib" name ".so"))))) - (for-each - (lambda (file) - (catch 'decoding-error - (lambda () - (substitute* file - (("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)" - _ name version) - (format #f "\"~a\"" (find-library name))) - (("JNI_LIB_NAME\\(\"(.*)\"\\)" _ name) - (format #f "\"~a\"" (find-library name))))) - (lambda _ - ;; Those are safe to skip. - (format (current-error-port) - "warning: failed to substitute: ~a~%" - file)))) - (find-files "openjdk.src/jdk/src/solaris/native" - "\\.c|\\.h")) - #t))) - (replace 'install - (lambda* (#:key outputs #:allow-other-keys) - (let ((doc (string-append (assoc-ref outputs "doc") - "/share/doc/icedtea")) - (jre (assoc-ref outputs "out")) - (jdk (assoc-ref outputs "jdk"))) - (copy-recursively "openjdk.build/docs" doc) - (copy-recursively "openjdk.build/images/j2re-image" jre) - (copy-recursively "openjdk.build/images/j2sdk-image" jdk) - ;; Install the nss.cfg file to JRE to enable SSL/TLS - ;; support via NSS. - (copy-file (string-append jdk "/jre/lib/security/nss.cfg") - (string-append jre "/lib/security/nss.cfg")) - #t))))))) + `(#:imported-modules + ((guix build ant-build-system) + (guix build syscalls) + ,@%gnu-build-system-modules) + ,@(substitute-keyword-arguments (package-arguments icedtea-7) + ((#:modules modules) + `((guix build utils) + (guix build gnu-build-system) + ((guix build ant-build-system) #:prefix ant:) + (ice-9 match) + (ice-9 popen) + (srfi srfi-19) + (srfi srfi-26))) + ((#:configure-flags flags) + `(let ((jdk (assoc-ref %build-inputs "jdk"))) + `( ;;"--disable-bootstrap" + "--enable-bootstrap" + "--enable-nss" + "--disable-downloading" + "--disable-system-pcsc" + "--disable-system-sctp" + "--disable-tests" ;they are run in the check phase instead + "--with-openjdk-src-dir=./openjdk.src" + ,(string-append "--with-jdk-home=" jdk)))) + ((#:phases phases) + `(modify-phases ,phases + (delete 'fix-x11-extension-include-path) + (delete 'patch-paths) + (delete 'set-additional-paths) + (delete 'patch-patches) + ;; Prevent the keytool from recording the current time when + ;; adding certificates at build time. + (add-after 'unpack 'patch-keystore + (lambda _ + (substitute* "openjdk.src/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java" + (("date = new Date\\(\\);") + "\ +date = (System.getenv(\"SOURCE_DATE_EPOCH\") != null) ?\ +new Date(Long.parseLong(System.getenv(\"SOURCE_DATE_EPOCH\"))) :\ +new Date();")) + #t)) + (add-after 'unpack 'patch-jni-libs + ;; Hardcode dynamically loaded libraries. + (lambda _ + (let* ((library-path (search-path-as-string->list + (getenv "LIBRARY_PATH"))) + (find-library (lambda (name) + (search-path + library-path + (string-append "lib" name ".so"))))) + (for-each + (lambda (file) + (catch 'decoding-error + (lambda () + (substitute* file + (("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)" + _ name version) + (format #f "\"~a\"" (find-library name))) + (("JNI_LIB_NAME\\(\"(.*)\"\\)" _ name) + (format #f "\"~a\"" (find-library name))))) + (lambda _ + ;; Those are safe to skip. + (format (current-error-port) + "warning: failed to substitute: ~a~%" + file)))) + (find-files "openjdk.src/jdk/src/solaris/native" + "\\.c|\\.h")) + #t))) + (replace 'install + (lambda* (#:key outputs #:allow-other-keys) + (let ((doc (string-append (assoc-ref outputs "doc") + "/share/doc/icedtea")) + (jre (assoc-ref outputs "out")) + (jdk (assoc-ref outputs "jdk"))) + (copy-recursively "openjdk.build/docs" doc) + (copy-recursively "openjdk.build/images/j2re-image" jre) + (copy-recursively "openjdk.build/images/j2sdk-image" jdk) + ;; Install the nss.cfg file to JRE to enable SSL/TLS + ;; support via NSS. + (copy-file (string-append jdk "/jre/lib/security/nss.cfg") + (string-append jre "/lib/security/nss.cfg")) + #t))) + (add-after 'install 'strip-jar-timestamps + (assoc-ref ant:%standard-phases 'strip-jar-timestamps))))))) (native-inputs `(("jdk" ,icedtea-7 "jdk") ("openjdk-src" |