commit 0e0e4c2c813d348d027de47145cf8681f4cf2eac · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

buildMavenPackage: use generate-cacerts.pl to populate trust store (#437528)

authored by philiptaron.tngl.sh and committed by GitHub 4 months ago 0e0e4c2c 917bf5b4

+13 -8

4 changed files

expand all

unified split

pkgs

by-name

jre-generate-cacerts

generate-cacerts.pl

package.nix

maven

build-maven-package.nix

development

compilers

openjdk

generic.nix

pkgs/by-name/jr/jre-generate-cacerts/package.nix

···

··· 1 + { 2 + writers, 3 + }: 4 + 5 + writers.writePerl "jre-generate-cacerts" { } ./generate-cacerts.pl

+6 -4

pkgs/by-name/ma/maven/build-maven-package.nix

··· 2 lib, 3 stdenv, 4 jdk, 5 maven, 6 writers, 7 }: 8 ··· 60 61 # handle cacert by populating a trust store on the fly 62 if [[ -n "''${NIX_SSL_CERT_FILE-}" ]] && [[ "''${NIX_SSL_CERT_FILE-}" != "/no-cert-file.crt" ]];then 63 - keyStoreFile="$(mktemp -d)/keystore" 64 - keyStorePwd="$(head -c10 /dev/random | base32)" 65 - echo y | ${jdk}/bin/keytool -importcert -file "$NIX_SSL_CERT_FILE" -alias alias -keystore "$keyStoreFile" -storepass "$keyStorePwd" 66 - MAVEN_EXTRA_ARGS="$MAVEN_EXTRA_ARGS -Djavax.net.ssl.trustStore=$keyStoreFile -Djavax.net.ssl.trustStorePassword=$keyStorePwd" 67 fi 68 '' 69 + lib.optionalString buildOffline ''

··· 2 lib, 3 stdenv, 4 jdk, 5 + jre-generate-cacerts, 6 maven, 7 + perl, 8 writers, 9 }: 10 ··· 62 63 # handle cacert by populating a trust store on the fly 64 if [[ -n "''${NIX_SSL_CERT_FILE-}" ]] && [[ "''${NIX_SSL_CERT_FILE-}" != "/no-cert-file.crt" ]];then 65 + echo "using ''${NIX_SSL_CERT_FILE-} as trust store" 66 + ${jre-generate-cacerts} ${jdk}/lib/openjdk/bin/keytool $NIX_SSL_CERT_FILE 67 + 68 + MAVEN_EXTRA_ARGS="$MAVEN_EXTRA_ARGS -Djavax.net.ssl.trustStore=cacerts -Djavax.net.ssl.trustStorePassword=changeit" 69 fi 70 '' 71 + lib.optionalString buildOffline ''

pkgs/development/compilers/openjdk/8/generate-cacerts.pl pkgs/by-name/jr/jre-generate-cacerts/generate-cacerts.pl

+2 -4

pkgs/development/compilers/openjdk/generic.nix

··· 20 file, 21 which, 22 zip, 23 - perl, 24 zlib, 25 cups, 26 freetype, ··· 48 49 liberation_ttf, 50 cacert, 51 52 nixpkgs-openjdk-updater, 53 ··· 255 ] 256 ++ lib.optionals (!atLeast11) [ 257 lndir 258 - # Certificates generated using perl in `installPhase` 259 - perl 260 ] 261 ++ lib.optionals (!atLeast11 && !stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ 262 # Certificates generated using keytool in `installPhase` ··· 555 + '' 556 cd $jre/lib/openjdk/jre/lib/security 557 rm cacerts 558 - perl ${./8/generate-cacerts.pl} ${ 559 if stdenv.buildPlatform.canExecute stdenv.hostPlatform then 560 "$jre/lib/openjdk/jre/bin/keytool" 561 else

··· 20 file, 21 which, 22 zip, 23 zlib, 24 cups, 25 freetype, ··· 47 48 liberation_ttf, 49 cacert, 50 + jre-generate-cacerts, 51 52 nixpkgs-openjdk-updater, 53 ··· 255 ] 256 ++ lib.optionals (!atLeast11) [ 257 lndir 258 ] 259 ++ lib.optionals (!atLeast11 && !stdenv.buildPlatform.canExecute stdenv.hostPlatform) [ 260 # Certificates generated using keytool in `installPhase` ··· 553 + '' 554 cd $jre/lib/openjdk/jre/lib/security 555 rm cacerts 556 + ${jre-generate-cacerts} ${ 557 if stdenv.buildPlatform.canExecute stdenv.hostPlatform then 558 "$jre/lib/openjdk/jre/bin/keytool" 559 else