Ricardo Wurmus <rek...@elephly.net> writes:
> Andreas Enge <andr...@enge.fr> writes:
>
>> Hello, Ricardo!
>>
>> Icedtea@1 in master now fails to build in the install-keystore phase.
>> http://hydra.gnu.org:3000/build/1309224
>> http://hydra.gnu.org:3000/build/1308950
>> Could you have a look, please?
[…]
> The keytool from icedtea@1 doesn’t like this certificate. My hunch is
> that we may need to remove comments from the certificate files, only
> leaving the certificate block.
>
> I’ll fix this as soon as I can.
Attached is an untested patch to fix this. I’m now building icedtea@1
again with this patch (on a remote machine). Not sure when I can check
on the result as I’ll be out for the most part of tomorrow.
You’re welcome to give it a try yourself! (Who knows, maybe this change
would also allow us to reinstate the phase in the latest icedtea
version?)
~~ Ricardo
>From 04cafa35d7e226843cdccaf5a3ea5a82d9dc5d3e Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rek...@elephly.net>
Date: Sat, 23 Jul 2016 23:25:11 +0200
Subject: [PATCH] gnu: icedtea-6: Narrow file to certificate block.
* gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate
blocks from pem files before importing.
---
gnu/packages/java.scm | 39 ++++++++++++++++++++++++++++++---------
1 file changed, 30 insertions(+), 9 deletions(-)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 2d50ad8..78e2143 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses Makefile format.")
"/etc/ssl/certs"))
(keytool (string-append (assoc-ref outputs "jdk")
"/bin/keytool")))
+ (define (extract-cert file target)
+ (call-with-input-file file
+ (lambda (in)
+ (call-with-output-file target
+ (lambda (out)
+ (let loop ((line (read-line in 'concat))
+ (copying? #f))
+ (cond
+ ((eof-object? line) #t)
+ ((string-prefix? "-----BEGIN" line)
+ (display line out)
+ (loop (read-line in 'concat) #t))
+ ((string-prefix? "-----END" line)
+ (display line out)
+ #t)
+ (else
+ (when copying? (display line out))
+ (loop (read-line in 'concat) copying?)))))))))
(define (import-cert cert)
(format #t "Importing certificate ~a\n" (basename cert))
- (let* ((port (open-pipe* OPEN_WRITE keytool
- "-import"
- "-alias" (basename cert)
- "-keystore" keystore
- "-storepass" "changeit"
- "-file" cert)))
- (display "yes\n" port)
- (when (not (zero? (status:exit-val (close-pipe port))))
- (error "failed to import" cert))))
+ (let ((temp (tmpfile)))
+ (extract-cert cert temp)
+ (let ((port (open-pipe* OPEN_WRITE keytool
+ "-import"
+ "-alias" (basename cert)
+ "-keystore" keystore
+ "-storepass" "changeit"
+ "-file" temp)))
+ (display "yes\n" port)
+ (when (not (zero? (status:exit-val (close-pipe port))))
+ (error "failed to import" cert)))
+ (delete-file temp)))
;; This is necessary because the certificate directory contains
;; files with non-ASCII characters in their names.
--
2.9.0
