From 6af691723ed6c70fc468768e1e07b19b27c6f4d8 Mon Sep 17 00:00:00 2001 From: Ricardo Wurmus Date: Sat, 23 Jul 2016 23:25:11 +0200 Subject: gnu: icedtea-6: Narrow file to certificate block. * gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate blocks from pem files before importing. --- gnu/packages/java.scm | 39 ++++++++++++++++++++++++++++++--------- 1 file changed, 30 insertions(+), 9 deletions(-) (limited to 'gnu/packages') diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm index 2d50ad84fa..83ffba4f4c 100644 --- a/gnu/packages/java.scm +++ b/gnu/packages/java.scm @@ -535,17 +535,38 @@ (define-public icedtea-6 "/etc/ssl/certs")) (keytool (string-append (assoc-ref outputs "jdk") "/bin/keytool"))) + (define (extract-cert file target) + (call-with-input-file file + (lambda (in) + (call-with-output-file target + (lambda (out) + (let loop ((line (read-line in 'concat)) + (copying? #f)) + (cond + ((eof-object? line) #t) + ((string-prefix? "-----BEGIN" line) + (display line out) + (loop (read-line in 'concat) #t)) + ((string-prefix? "-----END" line) + (display line out) + #t) + (else + (when copying? (display line out)) + (loop (read-line in 'concat) copying?))))))))) (define (import-cert cert) (format #t "Importing certificate ~a\n" (basename cert)) - (let* ((port (open-pipe* OPEN_WRITE keytool - "-import" - "-alias" (basename cert) - "-keystore" keystore - "-storepass" "changeit" - "-file" cert))) - (display "yes\n" port) - (when (not (zero? (status:exit-val (close-pipe port)))) - (error "failed to import" cert)))) + (let ((temp "tmpcert")) + (extract-cert cert temp) + (let ((port (open-pipe* OPEN_WRITE keytool + "-import" + "-alias" (basename cert) + "-keystore" keystore + "-storepass" "changeit" + "-file" temp))) + (display "yes\n" port) + (when (not (zero? (status:exit-val (close-pipe port)))) + (error "failed to import" cert))) + (delete-file temp))) ;; This is necessary because the certificate directory contains ;; files with non-ASCII characters in their names. -- cgit v1.2.3