mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-30 17:41:12 +00:00
95fdc8cf29
This small patch makes it possible to control java's truststore path through the environment. This lets you add (system- or session-wide) CAs that should be allowed by Java. Java users can still use -Djavax.net.ssl.truststore to override the truststore set by JAVAX_NET_SSL_TRUSTSTORE. Something like this can be used to build the truststore (in this example just using the standard pkgs.cacert CA-bundle): { environment.variables.JAVAX_NET_SSL_TRUSTSTORE = "${ pkgs.runCommand "cacerts" {} '' ${pkgs.perl}/bin/perl \ ${pkgs.path}/pkgs/development/compilers/openjdk/generate-cacerts.pl \ ${pkgs.jre}/bin/keytool \ ${pkgs.cacert}/etc/ca-bundle.crt mv cacerts $out '' }"; } Ideally, the dependency on pkgs.cacert should also be removed from pkgs.openjdk to avoid rebuilding java each time the standard CA-bundle changes. Something along the example above must then be added to NixOS (however, it would be nice to not depend on ${pkgs.jre}/bin/keytool to generate that environment variable). |
||
---|---|---|
.. | ||
bootstrap.nix | ||
cppflags-include-fix.patch | ||
default.nix | ||
fix-java-home.patch | ||
generate-cacerts.pl | ||
make-bootstrap.nix | ||
paxctl.patch | ||
read-truststore-from-env.patch |