guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: icedtea-6: Narrow file to certificate block.

From: Ricardo Wurmus
Subject: 01/01: gnu: icedtea-6: Narrow file to certificate block.
Date: Sun, 24 Jul 2016 07:42:11 +0000 (UTC) 
rekado pushed a commit to branch master
in repository guix.

commit 6af691723ed6c70fc468768e1e07b19b27c6f4d8
Author: Ricardo Wurmus <address@hidden>
Date:   Sat Jul 23 23:25:11 2016 +0200

    gnu: icedtea-6: Narrow file to certificate block.
    
    * gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate
      blocks from pem files before importing.
---
 gnu/packages/java.scm |   39 ++++++++++++++++++++++++++++++---------
 1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 2d50ad8..83ffba4 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -535,17 +535,38 @@ build process and its dependencies, whereas Make uses 
Makefile format.")
                                               "/etc/ssl/certs"))
                     (keytool   (string-append (assoc-ref outputs "jdk")
                                               "/bin/keytool")))
+               (define (extract-cert file target)
+                 (call-with-input-file file
+                   (lambda (in)
+                     (call-with-output-file target
+                       (lambda (out)
+                         (let loop ((line (read-line in 'concat))
+                                    (copying? #f))
+                           (cond
+                            ((eof-object? line) #t)
+                            ((string-prefix? "-----BEGIN" line)
+                             (display line out)
+                             (loop (read-line in 'concat) #t))
+                            ((string-prefix? "-----END" line)
+                             (display line out)
+                             #t)
+                            (else
+                             (when copying? (display line out))
+                             (loop (read-line in 'concat) copying?)))))))))
                (define (import-cert cert)
                  (format #t "Importing certificate ~a\n" (basename cert))
-                 (let* ((port (open-pipe* OPEN_WRITE keytool
-                                          "-import"
-                                          "-alias" (basename cert)
-                                          "-keystore" keystore
-                                          "-storepass" "changeit"
-                                          "-file" cert)))
-                   (display "yes\n" port)
-                   (when (not (zero? (status:exit-val (close-pipe port))))
-                     (error "failed to import" cert))))
+                 (let ((temp "tmpcert"))
+                   (extract-cert cert temp)
+                   (let ((port (open-pipe* OPEN_WRITE keytool
+                                           "-import"
+                                           "-alias" (basename cert)
+                                           "-keystore" keystore
+                                           "-storepass" "changeit"
+                                           "-file" temp)))
+                     (display "yes\n" port)
+                     (when (not (zero? (status:exit-val (close-pipe port))))
+                       (error "failed to import" cert)))
+                   (delete-file temp)))
 
                ;; This is necessary because the certificate directory contains
                ;; files with non-ASCII characters in their names.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]