From: Ricardo Wurmus <rekado@elephly.net>
To: Andreas Enge <andreas@enge.fr>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore.
Date: Sat, 23 Jul 2016 23:33:12 +0200 [thread overview]
Message-ID: <87shv0ca5j.fsf@elephly.net> (raw)
In-Reply-To: <87twfgcasj.fsf@elephly.net>
[-- Attachment #1: Type: text/plain, Size: 908 bytes --]
Ricardo Wurmus <rekado@elephly.net> writes:
> Andreas Enge <andreas@enge.fr> writes:
>
>> Hello, Ricardo!
>>
>> Icedtea@1 in master now fails to build in the install-keystore phase.
>> http://hydra.gnu.org:3000/build/1309224
>> http://hydra.gnu.org:3000/build/1308950
>> Could you have a look, please?
[…]
> The keytool from icedtea@1 doesn’t like this certificate. My hunch is
> that we may need to remove comments from the certificate files, only
> leaving the certificate block.
>
> I’ll fix this as soon as I can.
Attached is an untested patch to fix this. I’m now building icedtea@1
again with this patch (on a remote machine). Not sure when I can check
on the result as I’ll be out for the most part of tomorrow.
You’re welcome to give it a try yourself! (Who knows, maybe this change
would also allow us to reinstate the phase in the latest icedtea
version?)
~~ Ricardo
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-icedtea-6-Narrow-file-to-certificate-block.patch --]
[-- Type: text/x-patch, Size: 3337 bytes --]
From 04cafa35d7e226843cdccaf5a3ea5a82d9dc5d3e Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rekado@elephly.net>
Date: Sat, 23 Jul 2016 23:25:11 +0200
Subject: [PATCH] gnu: icedtea-6: Narrow file to certificate block.
* gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate
blocks from pem files before importing.
---
gnu/packages/java.scm | 39 ++++++++++++++++++++++++++++++---------
1 file changed, 30 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 2d50ad8..78e2143 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses Makefile format.")
"/etc/ssl/certs"))
(keytool (string-append (assoc-ref outputs "jdk")
"/bin/keytool")))
+ (define (extract-cert file target)
+ (call-with-input-file file
+ (lambda (in)
+ (call-with-output-file target
+ (lambda (out)
+ (let loop ((line (read-line in 'concat))
+ (copying? #f))
+ (cond
+ ((eof-object? line) #t)
+ ((string-prefix? "-----BEGIN" line)
+ (display line out)
+ (loop (read-line in 'concat) #t))
+ ((string-prefix? "-----END" line)
+ (display line out)
+ #t)
+ (else
+ (when copying? (display line out))
+ (loop (read-line in 'concat) copying?)))))))))
(define (import-cert cert)
(format #t "Importing certificate ~a\n" (basename cert))
- (let* ((port (open-pipe* OPEN_WRITE keytool
- "-import"
- "-alias" (basename cert)
- "-keystore" keystore
- "-storepass" "changeit"
- "-file" cert)))
- (display "yes\n" port)
- (when (not (zero? (status:exit-val (close-pipe port))))
- (error "failed to import" cert))))
+ (let ((temp (tmpfile)))
+ (extract-cert cert temp)
+ (let ((port (open-pipe* OPEN_WRITE keytool
+ "-import"
+ "-alias" (basename cert)
+ "-keystore" keystore
+ "-storepass" "changeit"
+ "-file" temp)))
+ (display "yes\n" port)
+ (when (not (zero? (status:exit-val (close-pipe port))))
+ (error "failed to import" cert)))
+ (delete-file temp)))
;; This is necessary because the certificate directory contains
;; files with non-ASCII characters in their names.
--
2.9.0
next prev parent reply other threads:[~2016-07-23 21:33 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-18 11:59 [PATCH 0/3] icedtea: Generate keystore Ricardo Wurmus
2016-07-18 11:59 ` [PATCH 1/3] gnu: nss-certs: Stop inheriting from nss package Ricardo Wurmus
2016-07-18 16:39 ` Leo Famulari
2016-07-18 19:34 ` Ricardo Wurmus
2016-07-18 19:39 ` Leo Famulari
2016-07-19 12:44 ` Ludovic Courtès
2016-07-18 11:59 ` [PATCH 2/3] gnu: icedtea-6: Use modify-phases syntax Ricardo Wurmus
2016-07-19 12:45 ` Ludovic Courtès
2016-07-18 11:59 ` [PATCH 3/3] gnu: icedtea-6: Generate keystore Ricardo Wurmus
2016-07-19 12:51 ` Ludovic Courtès
2016-07-19 13:03 ` Ricardo Wurmus
2016-07-22 19:14 ` Ricardo Wurmus
2016-07-23 18:32 ` Andreas Enge
2016-07-23 21:19 ` Ricardo Wurmus
2016-07-23 21:33 ` Ricardo Wurmus [this message]
2016-07-23 23:27 ` Andreas Enge
2016-07-24 7:43 ` Ricardo Wurmus
2016-07-24 8:07 ` Andreas Enge
2016-07-18 17:51 ` [PATCH 0/3] icedtea: " Roel Janssen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87shv0ca5j.fsf@elephly.net \
--to=rekado@elephly.net \
--cc=andreas@enge.fr \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).