From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
Subject: [PATCH 0/3] icedtea: Generate keystore.
Date: Mon, 18 Jul 2016 13:59:38 +0200
Message-ID: <20160718115941.17707-1-ricardo.wurmus@mdc-berlin.de>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35471)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1bP7E7-0000G3-Nc
	for guix-devel@gnu.org; Mon, 18 Jul 2016 08:00:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1bP7E4-0003ot-Hx
	for guix-devel@gnu.org; Mon, 18 Jul 2016 08:00:47 -0400
Received: from venus.bbbm.mdc-berlin.de ([141.80.25.30]:41448)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1bP7E4-0003o4-2N
	for guix-devel@gnu.org; Mon, 18 Jul 2016 08:00:44 -0400
Received: from localhost (localhost [127.0.0.1])
	by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP id 2E951380EE4
	for <guix-devel@gnu.org>; Mon, 18 Jul 2016 14:00:42 +0200 (CEST)
Received: from venus.bbbm.mdc-berlin.de ([127.0.0.1])
	by localhost (venus.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id KJf8q1TcmL0L for <guix-devel@gnu.org>;
	Mon, 18 Jul 2016 14:00:36 +0200 (CEST)
Received: from HTCATWO.mdc-berlin.net (puck.citx.mdc-berlin.de [141.80.36.101])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by venus.bbbm.mdc-berlin.de (Postfix) with ESMTPS
	for <guix-devel@gnu.org>; Mon, 18 Jul 2016 14:00:36 +0200 (CEST)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

Hi Guix,

our current IcedTea packages don't have TLS/SSL support as they don't come
with a certificate store.  In the Java world we need to import certificates
into a keystore.  (This is, unfortunately, not reproducible.)

These there patches add a build phase to icedtea-6 to generate a keystore from
the certificates in the nss-certs package.  I've tested this with the Java
bindings for git and an HTTPS URL of a repository.

For some reason generating a keystore fails with icedtea-8, so I'm explicitly
deleting the build phase there.  I'm not sure why this happens.

Overall I think this is an improvement, but more work is needed here.

What do you think?

~~ Ricardo


Ricardo Wurmus (3):
  gnu: nss-certs: Stop inheriting from nss package.
  gnu: icedtea-6: Use modify-phases syntax.
  gnu: icedtea-6: Generate keystore.

 gnu/packages/certs.scm |  22 ++-
 gnu/packages/java.scm  | 492 +++++++++++++++++++++++++++----------------------
 2 files changed, 289 insertions(+), 225 deletions(-)

-- 
2.9.0