nix/pkgs/javaws-env: patch JRE to enable RC4/SSLv3

2020-12-26 23:36:15 +00:00 · 2020-12-26 23:36:15 +00:00 · f6428191cf
commit f6428191cf
parent 161ed2af50
1 changed files with 49 additions and 1 deletions
--- a/nix/pkgs/javaws-env.nix
+++ b/nix/pkgs/javaws-env.nix
@ -3,11 +3,59 @@
 # SPDX-License-Identifier: Apache-2.0

 { pkgs, ... }:
+let
+  jdk = pkgs.jdk8;
+  cookedJDK = pkgs.stdenvNoCC.mkDerivation {
+    inherit (jdk) version;
+    pname = jdk.pname + "-cooked";
+
+    outputs = [ "out" "jre" ];
+
+    src = jdk;
+    unpackPhase = "";
+    installPhase = ''
+      cp -R $src $out
+      chmod -R u+rw $out
+
+      cp -R ${jdk.jre} $jre
+      chmod -R u+rw $jre
+
+      for symlink in $(find $out -lname '*jre*'); do
+        original_target="$(readlink -f "$symlink")"
+        new_target="$(echo "$original_target" | sed "s,${jdk.jre},$jre,g")"
+        rm "$symlink"
+        ln -s "$new_target" "$symlink"
+      done
+
+      # Reenable RC4 and SSLv3 :(
+      sed -Ei \
+        -e 's/jdk.tls.disabledAlgorithms=/disabled.\0/' \
+        -e 's/jdk.jar.disabledAlgorithms=/disabled.\0/' \
+        -e 's/jdk.certpath.disabledAlgorithms=/disabled.\0/' \
+        $jre/lib/openjdk/jre/lib/security/java.security
+      cat <<EOF >>"$jre/lib/openjdk/jre/lib/security/java.security"
+      jdk.tls.disabledAlgorithms=
+      jdk.jar.disabledAlgorithms=
+      jdk.certpath.disabledAlgorithms=
+      EOF
+    '';
+
+    meta = jdk.meta;
+    passthru = jdk.passthru // {
+      home = "${cookedJDK}/lib/openjdk";
+    };
+  };
+  icedtea = pkgs.adoptopenjdk-icedtea-web.override {
+    jdk = cookedJDK;
+  };
+in
 pkgs.buildFHSUserEnv {
  name = "javaws-env";
  targetPkgs = pkgs: (with pkgs;
    [
-      adoptopenjdk-icedtea-web
+      icedtea
    ]);
  runScript = "javaws";
+  passthru.jdk = cookedJDK;
+  passthru.icedtea = icedtea;
 }