From: Ricardo Wurmus <rekado@elephly.net>
To: guix-devel@gnu.org
Subject: Re: WIP Java certificates
Date: Thu, 16 Jun 2016 09:12:08 +0200 [thread overview]
Message-ID: <874m8ty5dj.fsf@elephly.net> (raw)
In-Reply-To: <87eg7yy34f.fsf@mdc-berlin.de>
Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de> writes:
> I noticed that IcedTea/OpenJDK does not actually generate a certificate
> store at build time — the store at “$out/lib/security/cacerts” is
> empty. As a result, accessing websites via HTTPS fails.
With some modifications to the patch (and by moving it from java.scm to
certs.scm) I managed to build a keystore from nss-certs. I confirmed
that it works by starting a Java application with these additional
options:
-Djavax.net.debug=ssl
-Djavax.net.ssl.trustStore=/gnu/store/62j3i7666wa3hwrlsgzjnx766fs4j06g-java-nss-certs-keystore-3.23/lib/security/cacerts
(Unfortunately, it is not deterministic yet.)
To make this available without the trustStore option I would need to
convert my package into a build phase for the icedtea packages.
However, I cannot do this as using the “certs” module in the “java”
module breaks Guix.
> As soon as I add
>
> #:use-module (gnu packages certs)
>
> to the module definition of “(gnu packages java)” Guix complains with
> errors that are usually indicative of a module loop. Attached is a
> patch to master.
>
> Here are the errors I get when trying to build the package:
>
> ~~~~~~~~~~~~~~~~~~~~~~~
> ./pre-inst-env guix build java-nss-certs-keystore
> guix build: warning: failed to load '(gnu packages abiword)':
> ERROR: In procedure module-lookup: Unbound variable: nss
> guix build: warning: failed to load '(gnu packages avr)':
> ERROR: In procedure module-lookup: Unbound variable: gnu-make
> guix build: warning: failed to load '(gnu packages bioinformatics)':
> ERROR: In procedure module-lookup: Unbound variable: perl-libwww
> guix build: warning: failed to load '(gnu packages make-bootstrap)':
> ERROR: no binding `%final-inputs' in module (gnu packages commencement)
> guix build: warning: failed to load '(gnu packages mate)':
> ERROR: In procedure module-lookup: Unbound variable: gtk+
> guix build: warning: failed to load '(gnu packages unrtf)':
> ERROR: In procedure module-lookup: Unbound variable: coreutils
> guix build: error: java-nss-certs-keystore: unknown package
> ~~~~~~~~~~~~~~~~~~~~~~~
Any hints as to how I can debug this?
~~ Ricardo
next prev parent reply other threads:[~2016-06-16 7:12 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-15 13:48 WIP Java certificates Ricardo Wurmus
2016-06-16 7:12 ` Ricardo Wurmus [this message]
2016-06-16 11:21 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=874m8ty5dj.fsf@elephly.net \
--to=rekado@elephly.net \
--cc=guix-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.