From mboxrd@z Thu Jan 1 00:00:00 1970 From: Roel Janssen Subject: Re: [PATCH 0/3] icedtea: Generate keystore. Date: Mon, 18 Jul 2016 19:51:15 +0200 Message-ID: <87d1masulo.fsf@gnu.org> References: <20160718115941.17707-1-ricardo.wurmus@mdc-berlin.de> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58643) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bPCh3-0003O7-H2 for guix-devel@gnu.org; Mon, 18 Jul 2016 13:51:02 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bPCgy-0002ID-GW for guix-devel@gnu.org; Mon, 18 Jul 2016 13:51:00 -0400 In-reply-to: <20160718115941.17707-1-ricardo.wurmus@mdc-berlin.de> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ricardo Wurmus Cc: guix-devel@gnu.org Ricardo Wurmus writes: > Hi Guix, > > our current IcedTea packages don't have TLS/SSL support as they don't come > with a certificate store. In the Java world we need to import certificates > into a keystore. (This is, unfortunately, not reproducible.) > > These there patches add a build phase to icedtea-6 to generate a keystore from > the certificates in the nss-certs package. I've tested this with the Java > bindings for git and an HTTPS URL of a repository. > > For some reason generating a keystore fails with icedtea-8, so I'm explicitly > deleting the build phase there. I'm not sure why this happens. > > Overall I think this is an improvement, but more work is needed here. > > What do you think? I haven't looked at the patches, but I would like to say that I have run into the missing certificates with Java. I haven't looked at whether this resolves the problem either, but I would like to thank you for your work in this area. I really appreciate your work on IcedTea and Java packages. Thanks, Roel