Re: WIP Java certificates

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WIP Java certificates

From:	Ricardo Wurmus
Subject:	Re: WIP Java certificates
Date:	Thu, 16 Jun 2016 09:12:08 +0200
User-agent:	mu4e 0.9.16; emacs 24.5.1

Ricardo Wurmus <address@hidden> writes:

> I noticed that IcedTea/OpenJDK does not actually generate a certificate
> store at build time — the store at “$out/lib/security/cacerts” is
> empty.  As a result, accessing websites via HTTPS fails.

With some modifications to the patch (and by moving it from java.scm to
certs.scm) I managed to build a keystore from nss-certs.  I confirmed
that it works by starting a Java application with these additional
options:

    -Djavax.net.debug=ssl
    
-Djavax.net.ssl.trustStore=/gnu/store/62j3i7666wa3hwrlsgzjnx766fs4j06g-java-nss-certs-keystore-3.23/lib/security/cacerts

(Unfortunately, it is not deterministic yet.)

To make this available without the trustStore option I would need to
convert my package into a build phase for the icedtea packages.
However, I cannot do this as using the “certs” module in the “java”
module breaks Guix.

> As soon as I add
>
>      #:use-module (gnu packages certs)
>
> to the module definition of “(gnu packages java)” Guix complains with
> errors that are usually indicative of a module loop.  Attached is a
> patch to master.
>
> Here are the errors I get when trying to build the package:
>
> ~~~~~~~~~~~~~~~~~~~~~~~
> ./pre-inst-env guix build java-nss-certs-keystore
> guix build: warning: failed to load '(gnu packages abiword)':
> ERROR: In procedure module-lookup: Unbound variable: nss
> guix build: warning: failed to load '(gnu packages avr)':
> ERROR: In procedure module-lookup: Unbound variable: gnu-make
> guix build: warning: failed to load '(gnu packages bioinformatics)':
> ERROR: In procedure module-lookup: Unbound variable: perl-libwww
> guix build: warning: failed to load '(gnu packages make-bootstrap)':
> ERROR: no binding `%final-inputs' in module (gnu packages commencement)
> guix build: warning: failed to load '(gnu packages mate)':
> ERROR: In procedure module-lookup: Unbound variable: gtk+
> guix build: warning: failed to load '(gnu packages unrtf)':
> ERROR: In procedure module-lookup: Unbound variable: coreutils
> guix build: error: java-nss-certs-keystore: unknown package
> ~~~~~~~~~~~~~~~~~~~~~~~

Any hints as to how I can debug this?

~~ Ricardo

[Prev in Thread]

Current Thread

[Next in Thread]

WIP Java certificates, Ricardo Wurmus, 2016/06/15
- Re: WIP Java certificates, Ricardo Wurmus <=
- Re: WIP Java certificates, Ludovic Courtès, 2016/06/16

Prev by Date: Re: Trying to build latest Icedtea / Java 6 [security update]
Next by Date: Re: [WIP 0/8] GNOME Maps
Previous by thread: WIP Java certificates
Next by thread: Re: WIP Java certificates
Index(es):
- Date
- Thread