From f21403e2b6f5a9491937a0cc9f31fc113998ce5e Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Fri, 8 Jul 2016 11:28:59 +0200 Subject: [PATCH] gnu: icedtea-6: Generate keystore. * gnu/packages/java.scm (icedtea-6)[arguments]: Add phase "install-keystore". [native-inputs]: Add nss-certs. --- gnu/packages/java.scm | 50 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index faa6e5bc1c..2d50ad84fa 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -30,6 +30,7 @@ #:use-module (gnu packages autotools) #:use-module (gnu packages base) #:use-module (gnu packages bash) + #:use-module (gnu packages certs) #:use-module (gnu packages cpio) #:use-module (gnu packages cups) #:use-module (gnu packages compression) @@ -262,7 +263,8 @@ build process and its dependencies, whereas Make uses Makefile format.") #:modules ((guix build utils) (guix build gnu-build-system) (ice-9 popen) - (ice-9 rdelim)) + (ice-9 rdelim) + (srfi srfi-19)) #:configure-flags (let* ((gcjdir (assoc-ref %build-inputs "gcj")) @@ -521,7 +523,47 @@ build process and its dependencies, whereas Make uses Makefile format.") (jdk (assoc-ref outputs "jdk"))) (copy-recursively "openjdk.build/docs" doc) (copy-recursively "openjdk.build/j2re-image" jre) - (copy-recursively "openjdk.build/j2sdk-image" jdk))))))) + (copy-recursively "openjdk.build/j2sdk-image" jdk)))) + ;; By default IcedTea only generates an empty keystore. In order to + ;; be able to use certificates in Java programs we need to generate a + ;; keystore from a set of certificates. For convenience we use the + ;; certificates from the nss-certs package. + (add-after 'install 'install-keystore + (lambda* (#:key inputs outputs #:allow-other-keys) + (let* ((keystore "cacerts") + (certs-dir (string-append (assoc-ref inputs "nss-certs") + "/etc/ssl/certs")) + (keytool (string-append (assoc-ref outputs "jdk") + "/bin/keytool"))) + (define (import-cert cert) + (format #t "Importing certificate ~a\n" (basename cert)) + (let* ((port (open-pipe* OPEN_WRITE keytool + "-import" + "-alias" (basename cert) + "-keystore" keystore + "-storepass" "changeit" + "-file" cert))) + (display "yes\n" port) + (when (not (zero? (status:exit-val (close-pipe port)))) + (error "failed to import" cert)))) + + ;; This is necessary because the certificate directory contains + ;; files with non-ASCII characters in their names. + (setlocale LC_ALL "en_US.utf8") + (setenv "LC_ALL" "en_US.utf8") + + (for-each import-cert (find-files certs-dir "\\.pem$")) + (mkdir-p (string-append (assoc-ref outputs "out") + "/lib/security")) + (mkdir-p (string-append (assoc-ref outputs "jdk") + "/jre/lib/security")) + (install-file keystore + (string-append (assoc-ref outputs "out") + "/lib/security")) + (install-file keystore + (string-append (assoc-ref outputs "jdk") + "/jre/lib/security")) + #t)))))) (native-inputs `(("ant" ,ant) ("alsa-lib" ,alsa-lib) @@ -544,6 +586,7 @@ build process and its dependencies, whereas Make uses Makefile format.") ("libxslt" ,libxslt) ;for xsltproc ("mit-krb5" ,mit-krb5) ("nss" ,nss) + ("nss-certs" ,nss-certs) ("libx11" ,libx11) ("libxcomposite" ,libxcomposite) ("libxt" ,libxt) @@ -789,6 +832,9 @@ build process and its dependencies, whereas Make uses Makefile format.") (delete 'patch-paths) (delete 'set-additional-paths) (delete 'patch-patches) + ;; FIXME: This phase is needed but fails with this version of + ;; IcedTea. + (delete 'install-keystore) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((doc (string-append (assoc-ref outputs "doc")