commit 0e0e4c2c813d348d027de47145cf8681f4cf2eac · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

buildMavenPackage: use generate-cacerts.pl to populate trust store (#437528)

authored by philiptaron.tngl.sh and committed by GitHub 4 months ago 0e0e4c2c 917bf5b4

+13 -8

4 changed files

expand all

unified split

pkgs

by-name

jre-generate-cacerts

generate-cacerts.pl

package.nix

maven

build-maven-package.nix

development

compilers

openjdk

generic.nix

pkgs/by-name/jr/jre-generate-cacerts/package.nix

··· 1 + { 2 + writers, 3 + }: 4 + 5 + writers.writePerl "jre-generate-cacerts" { } ./generate-cacerts.pl

+6 -4

pkgs/by-name/ma/maven/build-maven-package.nix

··· 2 2 lib, 3 3 stdenv, 4 4 jdk, 5 + jre-generate-cacerts, 5 6 maven, 7 + perl, 6 8 writers, 7 9 }: 8 10 ··· 60 62 61 63 # handle cacert by populating a trust store on the fly 62 64 if [[ -n "''${NIX_SSL_CERT_FILE-}" ]] && [[ "''${NIX_SSL_CERT_FILE-}" != "/no-cert-file.crt" ]];then 63 - keyStoreFile="$(mktemp -d)/keystore" 64 - keyStorePwd="$(head -c10 /dev/random | base32)" 65 - echo y | ${jdk}/bin/keytool -importcert -file "$NIX_SSL_CERT_FILE" -alias alias -keystore "$keyStoreFile" -storepass "$keyStorePwd" 66 - MAVEN_EXTRA_ARGS="$MAVEN_EXTRA_ARGS -Djavax.net.ssl.trustStore=$keyStoreFile -Djavax.net.ssl.trustStorePassword=$keyStorePwd" 65 + echo "using ''${NIX_SSL_CERT_FILE-} as trust store" 66 + ${jre-generate-cacerts} ${jdk}/lib/openjdk/bin/keytool $NIX_SSL_CERT_FILE 67 + 68 + MAVEN_EXTRA_ARGS="$MAVEN_EXTRA_ARGS -Djavax.net.ssl.trustStore=cacerts -Djavax.net.ssl.trustStorePassword=changeit" 67 69 fi 68 70 '' 69 71 + lib.optionalString buildOffline ''

pkgs/development/compilers/openjdk/8/generate-cacerts.pl pkgs/by-name/jr/jre-generate-cacerts/generate-cacerts.pl

+2 -4

pkgs/development/compilers/openjdk/generic.nix

··· 20 20 file, 21 21 which, 22 22 zip, 23 - perl, 24 23 zlib, 25 24 cups, 26 25 freetype, ··· 48 47 49 48 liberation_ttf, 50 49 cacert, 50 + jre-generate-cacerts, 51 51 52 52 nixpkgs-openjdk-updater, 53 53 ··· 255 255 ] 256 256 ++ lib.optionals (!atLeast11) [ 257 257 lndir 258 - # Certificates generated using perl in `installPhase` 259 - perl 260 258 ] 261 259 ++ lib.optionals (!atLeast11 && !stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ 262 260 # Certificates generated using keytool in `installPhase` ··· 555 553 + '' 556 554 cd $jre/lib/openjdk/jre/lib/security 557 555 rm cacerts 558 - perl ${./8/generate-cacerts.pl} ${ 556 + ${jre-generate-cacerts} ${ 559 557 if stdenv.buildPlatform.canExecute stdenv.hostPlatform then 560 558 "$jre/lib/openjdk/jre/bin/keytool" 561 559 else