gnu: icedtea-6: Narrow file to certificate block.

* gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate
  blocks from pem files before importing.
This commit is contained in:
Ricardo Wurmus 2016-07-23 23:25:11 +02:00
parent 578aeea6cd
commit 6af691723e
No known key found for this signature in database
GPG Key ID: 197A5888235FACAC
1 changed files with 30 additions and 9 deletions

View File

@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses Makefile format.")
"/etc/ssl/certs")) "/etc/ssl/certs"))
(keytool (string-append (assoc-ref outputs "jdk") (keytool (string-append (assoc-ref outputs "jdk")
"/bin/keytool"))) "/bin/keytool")))
(define (extract-cert file target)
(call-with-input-file file
(lambda (in)
(call-with-output-file target
(lambda (out)
(let loop ((line (read-line in 'concat))
(copying? #f))
(cond
((eof-object? line) #t)
((string-prefix? "-----BEGIN" line)
(display line out)
(loop (read-line in 'concat) #t))
((string-prefix? "-----END" line)
(display line out)
#t)
(else
(when copying? (display line out))
(loop (read-line in 'concat) copying?)))))))))
(define (import-cert cert) (define (import-cert cert)
(format #t "Importing certificate ~a\n" (basename cert)) (format #t "Importing certificate ~a\n" (basename cert))
(let* ((port (open-pipe* OPEN_WRITE keytool (let ((temp "tmpcert"))
"-import" (extract-cert cert temp)
"-alias" (basename cert) (let ((port (open-pipe* OPEN_WRITE keytool
"-keystore" keystore "-import"
"-storepass" "changeit" "-alias" (basename cert)
"-file" cert))) "-keystore" keystore
(display "yes\n" port) "-storepass" "changeit"
(when (not (zero? (status:exit-val (close-pipe port)))) "-file" temp)))
(error "failed to import" cert)))) (display "yes\n" port)
(when (not (zero? (status:exit-val (close-pipe port))))
(error "failed to import" cert)))
(delete-file temp)))
;; This is necessary because the certificate directory contains ;; This is necessary because the certificate directory contains
;; files with non-ASCII characters in their names. ;; files with non-ASCII characters in their names.