From: Leo Famulari <leo@famulari.name>
To: 52690@debbugs.gnu.org
Subject: [bug#52690] [PATCH] gnu: IcedTea: Prohibit references to nss-certs.
Date: Sun, 26 Dec 2021 16:32:33 -0500 [thread overview]
Message-ID: <6fca92dfa3101c383f62c2569d87ff4e48e63764.1640554102.git.leo@famulari.name> (raw)
In-Reply-To: <YcEhjz3Fm6ekOXhs@jasmine.lan>
I checked, and neither of these packages keep references to nss-certs.
So, although this change will cause rebuilds, it shouldn't cause any
functional changes.
However, my understanding is that the IcedTea packages actually copy the
NSS certificate store, so there wouldn't be a reference anyways, but we
would have the problem of "software that expires".
Built packages should not refer to nss-certs, to prevent errant hard-coding of a
certificate store version.
* gnu/packages/java.scm (icedtea-7, icedtea-8)[arguments]: Add nss-certs
to #:disallowed-references.
---
gnu/packages/java.scm | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 0a757b2391..91a16bb53d 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -812,6 +812,8 @@ (define-public icedtea-7
;; gremlin) doesn't support it yet, so skip this phase.
#:validate-runpath? #f
+ #:disallowed-references (,nss-certs)
+
#:modules ((guix build utils)
(guix build gnu-build-system)
(ice-9 match)
@@ -1376,7 +1378,8 @@ (define-public icedtea-8
(guix build syscalls)
,@%gnu-build-system-modules)
- #:disallowed-references ,(list (gexp-input icedtea-7 "jdk"))
+ #:disallowed-references ,(list (gexp-input icedtea-7 "jdk")
+ nss-certs)
,@(substitute-keyword-arguments (package-arguments icedtea-7)
((#:modules modules)
--
2.34.0
prev parent reply other threads:[~2021-12-26 21:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-21 0:36 [bug#52690] Remove direct dependencies on the nss-certs certificate store Leo Famulari
2021-12-21 0:37 ` [bug#52690] [PATCH] gnu: ldns: Do not depend directly on nss-certs Leo Famulari
2021-12-21 2:48 ` [bug#52690] [PATCH] gnu: pypy3: Prohibit references to nss-certs Leo Famulari
2021-12-26 17:37 ` [bug#52690] Remove direct dependencies on the nss-certs certificate store Mathieu Othacehe
2021-12-26 20:55 ` Leo Famulari
2021-12-26 21:32 ` Leo Famulari [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6fca92dfa3101c383f62c2569d87ff4e48e63764.1640554102.git.leo@famulari.name \
--to=leo@famulari.name \
--cc=52690@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.