gnu: icedtea-8: Build "out" reproducibly.
Partially fixes <https://bugs.gnu.org/30730>. * gnu/packages/java.scm (icedtea-8)[arguments]: Add phases "patch-keystore" and "strip-jar-timestamps". [source]: Also patch DIST_ID in "configure" script.
This commit is contained in:
parent
387428def1
commit
f2785bd657
1 changed files with 86 additions and 60 deletions
|
@ -1591,7 +1591,8 @@ IcedTea build harness.")
|
||||||
(modules '((guix build utils)))
|
(modules '((guix build utils)))
|
||||||
(snippet
|
(snippet
|
||||||
'(begin
|
'(begin
|
||||||
(substitute* "acinclude.m4"
|
(substitute* '("configure"
|
||||||
|
"acinclude.m4")
|
||||||
;; Do not embed build time
|
;; Do not embed build time
|
||||||
(("(DIST_ID=\"Custom build).*$" _ prefix)
|
(("(DIST_ID=\"Custom build).*$" _ prefix)
|
||||||
(string-append prefix "\"\n"))
|
(string-append prefix "\"\n"))
|
||||||
|
@ -1600,65 +1601,90 @@ IcedTea build harness.")
|
||||||
"DIST_NAME=\"guix\""))
|
"DIST_NAME=\"guix\""))
|
||||||
#t))))
|
#t))))
|
||||||
(arguments
|
(arguments
|
||||||
(substitute-keyword-arguments (package-arguments icedtea-7)
|
`(#:imported-modules
|
||||||
((#:configure-flags flags)
|
((guix build ant-build-system)
|
||||||
`(let ((jdk (assoc-ref %build-inputs "jdk")))
|
(guix build syscalls)
|
||||||
`(;;"--disable-bootstrap"
|
,@%gnu-build-system-modules)
|
||||||
"--enable-bootstrap"
|
,@(substitute-keyword-arguments (package-arguments icedtea-7)
|
||||||
"--enable-nss"
|
((#:modules modules)
|
||||||
"--disable-downloading"
|
`((guix build utils)
|
||||||
"--disable-system-pcsc"
|
(guix build gnu-build-system)
|
||||||
"--disable-system-sctp"
|
((guix build ant-build-system) #:prefix ant:)
|
||||||
"--disable-tests" ;they are run in the check phase instead
|
(ice-9 match)
|
||||||
"--with-openjdk-src-dir=./openjdk.src"
|
(ice-9 popen)
|
||||||
,(string-append "--with-jdk-home=" jdk))))
|
(srfi srfi-19)
|
||||||
((#:phases phases)
|
(srfi srfi-26)))
|
||||||
`(modify-phases ,phases
|
((#:configure-flags flags)
|
||||||
(delete 'fix-x11-extension-include-path)
|
`(let ((jdk (assoc-ref %build-inputs "jdk")))
|
||||||
(delete 'patch-paths)
|
`( ;;"--disable-bootstrap"
|
||||||
(delete 'set-additional-paths)
|
"--enable-bootstrap"
|
||||||
(delete 'patch-patches)
|
"--enable-nss"
|
||||||
(add-after 'unpack 'patch-jni-libs
|
"--disable-downloading"
|
||||||
;; Hardcode dynamically loaded libraries.
|
"--disable-system-pcsc"
|
||||||
(lambda _
|
"--disable-system-sctp"
|
||||||
(let* ((library-path (search-path-as-string->list
|
"--disable-tests" ;they are run in the check phase instead
|
||||||
(getenv "LIBRARY_PATH")))
|
"--with-openjdk-src-dir=./openjdk.src"
|
||||||
(find-library (lambda (name)
|
,(string-append "--with-jdk-home=" jdk))))
|
||||||
(search-path
|
((#:phases phases)
|
||||||
library-path
|
`(modify-phases ,phases
|
||||||
(string-append "lib" name ".so")))))
|
(delete 'fix-x11-extension-include-path)
|
||||||
(for-each
|
(delete 'patch-paths)
|
||||||
(lambda (file)
|
(delete 'set-additional-paths)
|
||||||
(catch 'decoding-error
|
(delete 'patch-patches)
|
||||||
(lambda ()
|
;; Prevent the keytool from recording the current time when
|
||||||
(substitute* file
|
;; adding certificates at build time.
|
||||||
(("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)"
|
(add-after 'unpack 'patch-keystore
|
||||||
_ name version)
|
(lambda _
|
||||||
(format #f "\"~a\"" (find-library name)))
|
(substitute* "openjdk.src/jdk/src/share/classes/sun/security/provider/JavaKeyStore.java"
|
||||||
(("JNI_LIB_NAME\\(\"(.*)\"\\)" _ name)
|
(("date = new Date\\(\\);")
|
||||||
(format #f "\"~a\"" (find-library name)))))
|
"\
|
||||||
(lambda _
|
date = (System.getenv(\"SOURCE_DATE_EPOCH\") != null) ?\
|
||||||
;; Those are safe to skip.
|
new Date(Long.parseLong(System.getenv(\"SOURCE_DATE_EPOCH\"))) :\
|
||||||
(format (current-error-port)
|
new Date();"))
|
||||||
"warning: failed to substitute: ~a~%"
|
#t))
|
||||||
file))))
|
(add-after 'unpack 'patch-jni-libs
|
||||||
(find-files "openjdk.src/jdk/src/solaris/native"
|
;; Hardcode dynamically loaded libraries.
|
||||||
"\\.c|\\.h"))
|
(lambda _
|
||||||
#t)))
|
(let* ((library-path (search-path-as-string->list
|
||||||
(replace 'install
|
(getenv "LIBRARY_PATH")))
|
||||||
(lambda* (#:key outputs #:allow-other-keys)
|
(find-library (lambda (name)
|
||||||
(let ((doc (string-append (assoc-ref outputs "doc")
|
(search-path
|
||||||
"/share/doc/icedtea"))
|
library-path
|
||||||
(jre (assoc-ref outputs "out"))
|
(string-append "lib" name ".so")))))
|
||||||
(jdk (assoc-ref outputs "jdk")))
|
(for-each
|
||||||
(copy-recursively "openjdk.build/docs" doc)
|
(lambda (file)
|
||||||
(copy-recursively "openjdk.build/images/j2re-image" jre)
|
(catch 'decoding-error
|
||||||
(copy-recursively "openjdk.build/images/j2sdk-image" jdk)
|
(lambda ()
|
||||||
;; Install the nss.cfg file to JRE to enable SSL/TLS
|
(substitute* file
|
||||||
;; support via NSS.
|
(("VERSIONED_JNI_LIB_NAME\\(\"(.*)\", \"(.*)\"\\)"
|
||||||
(copy-file (string-append jdk "/jre/lib/security/nss.cfg")
|
_ name version)
|
||||||
(string-append jre "/lib/security/nss.cfg"))
|
(format #f "\"~a\"" (find-library name)))
|
||||||
#t)))))))
|
(("JNI_LIB_NAME\\(\"(.*)\"\\)" _ name)
|
||||||
|
(format #f "\"~a\"" (find-library name)))))
|
||||||
|
(lambda _
|
||||||
|
;; Those are safe to skip.
|
||||||
|
(format (current-error-port)
|
||||||
|
"warning: failed to substitute: ~a~%"
|
||||||
|
file))))
|
||||||
|
(find-files "openjdk.src/jdk/src/solaris/native"
|
||||||
|
"\\.c|\\.h"))
|
||||||
|
#t)))
|
||||||
|
(replace 'install
|
||||||
|
(lambda* (#:key outputs #:allow-other-keys)
|
||||||
|
(let ((doc (string-append (assoc-ref outputs "doc")
|
||||||
|
"/share/doc/icedtea"))
|
||||||
|
(jre (assoc-ref outputs "out"))
|
||||||
|
(jdk (assoc-ref outputs "jdk")))
|
||||||
|
(copy-recursively "openjdk.build/docs" doc)
|
||||||
|
(copy-recursively "openjdk.build/images/j2re-image" jre)
|
||||||
|
(copy-recursively "openjdk.build/images/j2sdk-image" jdk)
|
||||||
|
;; Install the nss.cfg file to JRE to enable SSL/TLS
|
||||||
|
;; support via NSS.
|
||||||
|
(copy-file (string-append jdk "/jre/lib/security/nss.cfg")
|
||||||
|
(string-append jre "/lib/security/nss.cfg"))
|
||||||
|
#t)))
|
||||||
|
(add-after 'install 'strip-jar-timestamps
|
||||||
|
(assoc-ref ant:%standard-phases 'strip-jar-timestamps)))))))
|
||||||
(native-inputs
|
(native-inputs
|
||||||
`(("jdk" ,icedtea-7 "jdk")
|
`(("jdk" ,icedtea-7 "jdk")
|
||||||
("openjdk-src"
|
("openjdk-src"
|
||||||
|
|
Reference in a new issue