[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WIP Java certificates
From: |
Ricardo Wurmus |
Subject: |
Re: WIP Java certificates |
Date: |
Thu, 16 Jun 2016 09:12:08 +0200 |
User-agent: |
mu4e 0.9.16; emacs 24.5.1 |
Ricardo Wurmus <address@hidden> writes:
> I noticed that IcedTea/OpenJDK does not actually generate a certificate
> store at build time — the store at “$out/lib/security/cacerts” is
> empty. As a result, accessing websites via HTTPS fails.
With some modifications to the patch (and by moving it from java.scm to
certs.scm) I managed to build a keystore from nss-certs. I confirmed
that it works by starting a Java application with these additional
options:
-Djavax.net.debug=ssl
-Djavax.net.ssl.trustStore=/gnu/store/62j3i7666wa3hwrlsgzjnx766fs4j06g-java-nss-certs-keystore-3.23/lib/security/cacerts
(Unfortunately, it is not deterministic yet.)
To make this available without the trustStore option I would need to
convert my package into a build phase for the icedtea packages.
However, I cannot do this as using the “certs” module in the “java”
module breaks Guix.
> As soon as I add
>
> #:use-module (gnu packages certs)
>
> to the module definition of “(gnu packages java)” Guix complains with
> errors that are usually indicative of a module loop. Attached is a
> patch to master.
>
> Here are the errors I get when trying to build the package:
>
> ~~~~~~~~~~~~~~~~~~~~~~~
> ./pre-inst-env guix build java-nss-certs-keystore
> guix build: warning: failed to load '(gnu packages abiword)':
> ERROR: In procedure module-lookup: Unbound variable: nss
> guix build: warning: failed to load '(gnu packages avr)':
> ERROR: In procedure module-lookup: Unbound variable: gnu-make
> guix build: warning: failed to load '(gnu packages bioinformatics)':
> ERROR: In procedure module-lookup: Unbound variable: perl-libwww
> guix build: warning: failed to load '(gnu packages make-bootstrap)':
> ERROR: no binding `%final-inputs' in module (gnu packages commencement)
> guix build: warning: failed to load '(gnu packages mate)':
> ERROR: In procedure module-lookup: Unbound variable: gtk+
> guix build: warning: failed to load '(gnu packages unrtf)':
> ERROR: In procedure module-lookup: Unbound variable: coreutils
> guix build: error: java-nss-certs-keystore: unknown package
> ~~~~~~~~~~~~~~~~~~~~~~~
Any hints as to how I can debug this?
~~ Ricardo