Archived
1
0
Fork 0

gnu: icedtea-8: Build "out" reproducibly.

Partially fixes <https://bugs.gnu.org/30730>.

* gnu/packages/java.scm (icedtea-8)[arguments]: Add phases
"patch-keystore" and "strip-jar-timestamps".
[source]: Also patch DIST_ID in "configure" script.
This commit is contained in:
Ricardo Wurmus 2018-03-10 18:35:31 +01:00
parent 387428def1
commit f2785bd657
No known key found for this signature in database
GPG key ID: 197A5888235FACAC

View file

@ -1591,7 +1591,8 @@ IcedTea build harness.")
(modules '((guix build utils))) (modules '((guix build utils)))
(snippet (snippet
'(begin '(begin
(substitute* "acinclude.m4" (substitute* '("configure"
"acinclude.m4")
;; Do not embed build time ;; Do not embed build time
(("(DIST_ID=\"Custom build).*$" _ prefix) (("(DIST_ID=\"Custom build).*$" _ prefix)
(string-append prefix "\"\n")) (string-append prefix "\"\n"))
@ -1600,65 +1601,90 @@ IcedTea build harness.")
"DIST_NAME=\"guix\"")) "DIST_NAME=\"guix\""))
#t)))) #t))))
(arguments (arguments
(substitute-keyword-arguments (package-arguments icedtea-7) `(#:imported-modules
((#:configure-flags flags) ((guix build ant-build-system)
`(let ((jdk (assoc-ref %build-inputs "jdk"))) (guix build syscalls)
`(;;"--disable-bootstrap" ,@%gnu-build-system-modules)
"--enable-bootstrap" ,@(substitute-keyword-arguments (package-arguments icedtea-7)
"--enable-nss" ((#:modules modules)
"--disable-downloading" `((guix build utils)
"--disable-system-pcsc" (guix build gnu-build-system)
"--disable-system-sctp" ((guix build ant-build-system) #:prefix ant:)
"--disable-tests" ;they are run in the check phase instead (ice-9 match)
"--with-openjdk-src-dir=./openjdk.src" (ice-9 popen)
,(string-append "--with-jdk-home=" jdk)))) (srfi srfi-19)
((#:phases phases) (srfi srfi-26)))
`(modify-phases ,phases ((#:configure-flags flags)
(delete 'fix-x11-extension-include-path) `(let ((jdk (assoc-ref %build-inputs "jdk")))
(delete 'patch-paths) `( ;;"--disable-bootstrap"
(delete 'set-additional-paths) "--enable-bootstrap"
(delete 'patch-patches) "--enable-nss"
(add-after 'unpack 'patch-jni-libs "--disable-downloading"
;; Hardcode dynamically loaded libraries. "--disable-system-pcsc"
(lambda _ "--disable-system-sctp"
(let* ((library-path (search-path-as-string->list "--disable-tests" ;they are run in the check phase instead
(getenv "LIBRARY_PATH"))) "--with-openjdk-src-dir=./openjdk.src"
(find-library (lambda (name) ,(string-append "--with-jdk-home=" jdk))))
(search-path ((#:phases phases)
library-path `(modify-phases ,phases
(string-append "lib" name ".so"))))) (delete 'fix-x11-extension-include-path)
(for-each (delete 'patch-paths)
(lambda (file) (delete 'set-additional-paths)
(catch 'decoding-error (delete 'patch-patches)
(lambda () ;; Prevent the keytool from recording the current time when
(substitute* file ;; adding certificates at build time.
(("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)" (add-after 'unpack 'patch-keystore
_ name version) (lambda _
(format #f "\"~a\"" (find-library name))) (substitute* "openjdk.src/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java"
(("JNI_LIB_NAME\\(\"(.*)\"\\)" _ name) (("date = new Date\\(\\);")
(format #f "\"~a\"" (find-library name))))) "\
(lambda _ date = (System.getenv(\"SOURCE_DATE_EPOCH\") != null) ?\
;; Those are safe to skip. new Date(Long.parseLong(System.getenv(\"SOURCE_DATE_EPOCH\"))) :\
(format (current-error-port) new Date();"))
"warning: failed to substitute: ~a~%" #t))
file)))) (add-after 'unpack 'patch-jni-libs
(find-files "openjdk.src/jdk/src/solaris/native" ;; Hardcode dynamically loaded libraries.
"\\.c|\\.h")) (lambda _
#t))) (let* ((library-path (search-path-as-string->list
(replace 'install (getenv "LIBRARY_PATH")))
(lambda* (#:key outputs #:allow-other-keys) (find-library (lambda (name)
(let ((doc (string-append (assoc-ref outputs "doc") (search-path
"/share/doc/icedtea")) library-path
(jre (assoc-ref outputs "out")) (string-append "lib" name ".so")))))
(jdk (assoc-ref outputs "jdk"))) (for-each
(copy-recursively "openjdk.build/docs" doc) (lambda (file)
(copy-recursively "openjdk.build/images/j2re-image" jre) (catch 'decoding-error
(copy-recursively "openjdk.build/images/j2sdk-image" jdk) (lambda ()
;; Install the nss.cfg file to JRE to enable SSL/TLS (substitute* file
;; support via NSS. (("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)"
(copy-file (string-append jdk "/jre/lib/security/nss.cfg") _ name version)
(string-append jre "/lib/security/nss.cfg")) (format #f "\"~a\"" (find-library name)))
#t))))))) (("JNI_LIB_NAME\\(\"(.*)\"\\)" _ name)
(format #f "\"~a\"" (find-library name)))))
(lambda _
;; Those are safe to skip.
(format (current-error-port)
"warning: failed to substitute: ~a~%"
file))))
(find-files "openjdk.src/jdk/src/solaris/native"
"\\.c|\\.h"))
#t)))
(replace 'install
(lambda* (#:key outputs #:allow-other-keys)
(let ((doc (string-append (assoc-ref outputs "doc")
"/share/doc/icedtea"))
(jre (assoc-ref outputs "out"))
(jdk (assoc-ref outputs "jdk")))
(copy-recursively "openjdk.build/docs" doc)
(copy-recursively "openjdk.build/images/j2re-image" jre)
(copy-recursively "openjdk.build/images/j2sdk-image" jdk)
;; Install the nss.cfg file to JRE to enable SSL/TLS
;; support via NSS.
(copy-file (string-append jdk "/jre/lib/security/nss.cfg")
(string-append jre "/lib/security/nss.cfg"))
#t)))
(add-after 'install 'strip-jar-timestamps
(assoc-ref ant:%standard-phases 'strip-jar-timestamps)))))))
(native-inputs (native-inputs
`(("jdk" ,icedtea-7 "jdk") `(("jdk" ,icedtea-7 "jdk")
("openjdk-src" ("openjdk-src"