gnu: icedtea-6: Narrow file to certificate block.

* gnu/packages/java.scm (icedtea-6)[arguments]: Extract certificate blocks from pem files before importing.
2024-11-07 07:26:13 -05:00 · 2016-07-23 23:25:11 +02:00 · 2016-07-23 23:25:11 +02:00 · 6af691723e
commit 6af691723e
parent 578aeea6cd
1 changed files with 30 additions and 9 deletions
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@ -535,17 +535,38 @@ (define-public icedtea-6
                                              "/etc/ssl/certs"))
                    (keytool   (string-append (assoc-ref outputs "jdk")
                                              "/bin/keytool")))
+               (define (extract-cert file target)
+                 (call-with-input-file file
+                   (lambda (in)
+                     (call-with-output-file target
+                       (lambda (out)
+                         (let loop ((line (read-line in 'concat))
+                                    (copying? #f))
+                           (cond
+                            ((eof-object? line) #t)
+                            ((string-prefix? "-----BEGIN" line)
+                             (display line out)
+                             (loop (read-line in 'concat) #t))
+                            ((string-prefix? "-----END" line)
+                             (display line out)
+                             #t)
+                            (else
+                             (when copying? (display line out))
+                             (loop (read-line in 'concat) copying?)))))))))
               (define (import-cert cert)
                 (format #t "Importing certificate ~a\n" (basename cert))
-                 (let* ((port (open-pipe* OPEN_WRITE keytool
-                                          "-import"
-                                          "-alias" (basename cert)
-                                          "-keystore" keystore
-                                          "-storepass" "changeit"
-                                          "-file" cert)))
-                   (display "yes\n" port)
-                   (when (not (zero? (status:exit-val (close-pipe port))))
-                     (error "failed to import" cert))))
+                 (let ((temp "tmpcert"))
+                   (extract-cert cert temp)
+                   (let ((port (open-pipe* OPEN_WRITE keytool
+                                           "-import"
+                                           "-alias" (basename cert)
+                                           "-keystore" keystore
+                                           "-storepass" "changeit"
+                                           "-file" temp)))
+                     (display "yes\n" port)
+                     (when (not (zero? (status:exit-val (close-pipe port))))
+                       (error "failed to import" cert)))
+                   (delete-file temp)))

               ;; This is necessary because the certificate directory contains
               ;; files with non-ASCII characters in their names.