From mboxrd@z Thu Jan 1 00:00:00 1970 From: Carlo Zancanaro Subject: Re: [PATCH] gnu: icedtea-8: Build keystore without id-ecPublicKey certificates. Date: Thu, 02 Mar 2017 08:23:19 +1100 Message-ID: <87o9xkbsjc.fsf@zancanaro.id.au> References: <877f4d3hnt.fsf@zancanaro.id.au> <87fuj03my7.fsf@gnu.org> <87y3wr2465.fsf@zancanaro.id.au> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49271) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cjBic-0001yY-8b for guix-devel@gnu.org; Wed, 01 Mar 2017 16:23:31 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cjBiZ-0002Pr-2S for guix-devel@gnu.org; Wed, 01 Mar 2017 16:23:30 -0500 In-reply-to: List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Roel Janssen Cc: guix-devel@gnu.org --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain On Mon, Feb 27 2017, Roel Janssen wrote > Unfortunately, I don't seem to be able to apply your patch. [ ... ] Hmm. That's strange. I generated a new patch which hopefully will work. I tried applying it to master on my machine and it seemed to work fine. I'm not sure what to do with this in light of Ricardo's comments, but I'm hopeful that it can be pushed. (The advantage not having the ability to push is that I don't have to make any real decisions. Hooray!) Carlo --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-gnu-icedtea-6-Modify-certificate-import-to-not-fail-.patch Content-Transfer-Encoding: quoted-printable From=208d499d361cb89c29902ef21c46b3899c2f6799f7 Mon Sep 17 00:00:00 2001 From: Carlo Zancanaro Date: Sun, 26 Feb 2017 11:34:44 +1100 Subject: [PATCH] gnu: icedtea-6: Modify certificate import to not fail for icedtea-8. * gnu/packages/java.scm (icedtea-6)[arguments]: Fix install-keystore phase = to not fail the build when attempting to import unsupported certificate types (which occur with icedtea-8, which inherits from icedtea-6). Also ensure that the keystore is able to be written to before copying it. =2D-- gnu/packages/java.scm | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index e7479e1b0..1abdf607f 100644 =2D-- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -1,7 +1,8 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright =C2=A9 2015, 2016 Ricardo Wurmus ;;; Copyright =C2=A9 2016 Leo Famulari =2D;;; Copyright =C2=A9 2016 Roel Janssen +;;; Copyright =C2=A9 2016, 2017 Roel Janssen +;;; Copyright =C2=A9 2017 Carlo Zancanaro ;;; ;;; This file is part of GNU Guix. ;;; @@ -706,7 +707,7 @@ build process and its dependencies, whereas Make uses M= akefile format.") "-file" temp))) (display "yes\n" port) (when (not (zero? (status:exit-val (close-pipe port))= )) =2D (error "failed to import" cert))) + (format #t "failed to import ~a\n" cert))) (delete-file temp))) =20 ;; This is necessary because the certificate directory cont= ains @@ -719,6 +720,15 @@ build process and its dependencies, whereas Make uses = Makefile format.") "/lib/security")) (mkdir-p (string-append (assoc-ref outputs "jdk") "/jre/lib/security")) + + ;; The cacerts files we are going to overwrite are chmod'ed= as + ;; read-only (444) in icedtea-8 (which derives from this + ;; package). We have to change this so we can overwrite th= em. + (chmod (string-append (assoc-ref outputs "out") + "/lib/security/" keystore) #o644) + (chmod (string-append (assoc-ref outputs "jdk") + "/jre/lib/security/" keystore) #o644) + (install-file keystore (string-append (assoc-ref outputs "out") "/lib/security")) @@ -1023,9 +1033,6 @@ build process and its dependencies, whereas Make uses= Makefile format.") (find-files "openjdk.src/jdk/src/solaris/native" "\\.c|\\.h")) #t))) =2D ;; FIXME: This phase is needed but fails with this version = of =2D ;; IcedTea. =2D (delete 'install-keystore) (replace 'install (lambda* (#:key outputs #:allow-other-keys) (let ((doc (string-append (assoc-ref outputs "doc") =2D-=20 2.11.1 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEETnMK3I26XHaBYsl5wFUlyLtgbSsFAli3O8cACgkQwFUlyLtg bStKdwgAp+YXN2ti3AiyivUYQgZD/28CrT0leaToHPqvN78xHw4gLuI53MzM2ymM blEN9DgkXTx6UgjMCBjQzFcYjWuzfsvVMwuhIYnTBfdf+3cL4qIPw+BjBFdPdikM 0TiY5UtpNe+Zl91XDhojMeXdgveldF9NuwbNEO9eEUDz0OpVJlA4bu1yNzqPiDro KZWscj4U14F8ZARZm/hggNJI9IGcgiARjnbc+Mis/pDMHu0WH4AC8yMURu0dplX1 H9ewWSmEut3Y2KogqBjAnXdo8mMfnlJCLOnCMnkiD8D2EUhm95oVkvaKTchxK+zR RwC3jORtWjntQLkTYBBJoeHlIwjQqQ== =Mjtg -----END PGP SIGNATURE----- --==-=-=--