From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ricardo Wurmus Subject: Re: [PATCH 3/3] gnu: icedtea-6: Generate keystore. Date: Sat, 23 Jul 2016 23:33:12 +0200 Message-ID: <87shv0ca5j.fsf@elephly.net> References: <20160718115941.17707-1-ricardo.wurmus@mdc-berlin.de> <20160718115941.17707-4-ricardo.wurmus@mdc-berlin.de> <87fur5lrje.fsf@gnu.org> <878twteb7w.fsf@mdc-berlin.de> <20160723183255.GA8067@solar> <87twfgcasj.fsf@elephly.net> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52637) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bR4Y3-0001OK-ET for guix-devel@gnu.org; Sat, 23 Jul 2016 17:33:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bR4Xz-0006EI-6k for guix-devel@gnu.org; Sat, 23 Jul 2016 17:33:26 -0400 Received: from sender163-mail.zoho.com ([74.201.84.163]:24161) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bR4Xy-0006EE-V9 for guix-devel@gnu.org; Sat, 23 Jul 2016 17:33:23 -0400 In-reply-to: <87twfgcasj.fsf@elephly.net> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Andreas Enge Cc: guix-devel@gnu.org --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Ricardo Wurmus writes: > Andreas Enge writes: > >> Hello, Ricardo! >> >> Icedtea@1 in master now fails to build in the install-keystore phase. >> http://hydra.gnu.org:3000/build/1309224 >> http://hydra.gnu.org:3000/build/1308950 >> Could you have a look, please? […] > The keytool from icedtea@1 doesn’t like this certificate. My hunch is > that we may need to remove comments from the certificate files, only > leaving the certificate block. > > I’ll fix this as soon as I can. Attached is an untested patch to fix this. I’m now building icedtea@1 again with this patch (on a remote machine). Not sure when I can check on the result as I’ll be out for the most part of tomorrow. You’re welcome to give it a try yourself! (Who knows, maybe this change would also allow us to reinstate the phase in the latest icedtea version?) ~~ Ricardo --=-=-= Content-Type: text/x-patch Content-Disposition: inline; filename=0001-gnu-icedtea-6-Narrow-file-to-certificate-block.patch >From 04cafa35d7e226843cdccaf5a3ea5a82d9dc5d3e Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sat, 23 Jul 2016 23:25:11 +0200 Subject: [PATCH] gnu: icedtea-6: Narrow file to certificate block. * gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate blocks from pem files before importing. --- gnu/packages/java.scm | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 2d50ad8..78e2143 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses Makefile format.") "/etc/ssl/certs")) (keytool (string-append (assoc-ref outputs "jdk") "/bin/keytool"))) + (define (extract-cert file target) + (call-with-input-file file + (lambda (in) + (call-with-output-file target + (lambda (out) + (let loop ((line (read-line in 'concat)) + (copying? #f)) + (cond + ((eof-object? line) #t) + ((string-prefix? "-----BEGIN" line) + (display line out) + (loop (read-line in 'concat) #t)) + ((string-prefix? "-----END" line) + (display line out) + #t) + (else + (when copying? (display line out)) + (loop (read-line in 'concat) copying?))))))))) (define (import-cert cert) (format #t "Importing certificate ~a\n" (basename cert)) - (let* ((port (open-pipe* OPEN_WRITE keytool - "-import" - "-alias" (basename cert) - "-keystore" keystore - "-storepass" "changeit" - "-file" cert))) - (display "yes\n" port) - (when (not (zero? (status:exit-val (close-pipe port)))) - (error "failed to import" cert)))) + (let ((temp (tmpfile))) + (extract-cert cert temp) + (let ((port (open-pipe* OPEN_WRITE keytool + "-import" + "-alias" (basename cert) + "-keystore" keystore + "-storepass" "changeit" + "-file" temp))) + (display "yes\n" port) + (when (not (zero? (status:exit-val (close-pipe port)))) + (error "failed to import" cert))) + (delete-file temp))) ;; This is necessary because the certificate directory contains ;; files with non-ASCII characters in their names. -- 2.9.0 --=-=-=--