Andreas Enge <andr...@enge.fr> writes: > Hello, Ricardo! > > Icedtea@1 in master now fails to build in the install-keystore phase. > http://hydra.gnu.org:3000/build/1309224 > http://hydra.gnu.org:3000/build/1308950 > Could you have a look, please?
Hmm, that’s strange. I ran “guix build icedtea” after removing the validation filter and built out all three versions of icedtea before pushing this. I don’t have the very same version of the “keytool” binary on my machine right now (with the very same version of nss-certs as on hydra), but in principle this works without errors: ~~~~~~~~~~~~ /gnu/store/r63vag0814nz79xr9g2ph6fvhq5xp2f3-icedtea-2.6.6/bin/keytool \ -import \ -alias ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.pem \ -keystore /tmp/keystore \ -storepass changeit \ -file /gnu/store/lp7s9x1llgw1rc675yvslxsnpcyy05ld-nss-certs-3.23/etc/ssl/certs/ACCVRAIZ1:2.8.94.195.183.166.67.127.164.224.pem … Trust this certificate? [no]: yes Certificate was added to keystore ~~~~~~~~~~~~ The pem file looks like a valid X.509 certificate to me. I cannot build icedtea@1 on my machine right now as I’m traveling, but I just started a build remotely on my workstation in the office and it failed. I used to have an additional stripping phase that I removed at some point. As I continued to refine the new phase I must have used the cached build of icedtea@1 without ever rebuilding it. Sorry! The keytool from icedtea@1 doesn’t like this certificate. My hunch is that we may need to remove comments from the certificate files, only leaving the certificate block. I’ll fix this as soon as I can. ~~ Ricardo
