From f6428191cf6154faaf6f5ae75761d96770cf3466 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 26 Dec 2020 23:36:15 +0000 Subject: [PATCH] nix/pkgs/javaws-env: patch JRE to enable RC4/SSLv3 --- nix/pkgs/javaws-env.nix | 50 ++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/nix/pkgs/javaws-env.nix b/nix/pkgs/javaws-env.nix index 6df911f7e6..2caeb39752 100644 --- a/nix/pkgs/javaws-env.nix +++ b/nix/pkgs/javaws-env.nix @@ -3,11 +3,59 @@ # SPDX-License-Identifier: Apache-2.0 { pkgs, ... }: +let + jdk = pkgs.jdk8; + cookedJDK = pkgs.stdenvNoCC.mkDerivation { + inherit (jdk) version; + pname = jdk.pname + "-cooked"; + + outputs = [ "out" "jre" ]; + + src = jdk; + unpackPhase = ""; + installPhase = '' + cp -R $src $out + chmod -R u+rw $out + + cp -R ${jdk.jre} $jre + chmod -R u+rw $jre + + for symlink in $(find $out -lname '*jre*'); do + original_target="$(readlink -f "$symlink")" + new_target="$(echo "$original_target" | sed "s,${jdk.jre},$jre,g")" + rm "$symlink" + ln -s "$new_target" "$symlink" + done + + # Reenable RC4 and SSLv3 :( + sed -Ei \ + -e 's/jdk.tls.disabledAlgorithms=/disabled.\0/' \ + -e 's/jdk.jar.disabledAlgorithms=/disabled.\0/' \ + -e 's/jdk.certpath.disabledAlgorithms=/disabled.\0/' \ + $jre/lib/openjdk/jre/lib/security/java.security + cat <>"$jre/lib/openjdk/jre/lib/security/java.security" + jdk.tls.disabledAlgorithms= + jdk.jar.disabledAlgorithms= + jdk.certpath.disabledAlgorithms= + EOF + ''; + + meta = jdk.meta; + passthru = jdk.passthru // { + home = "${cookedJDK}/lib/openjdk"; + }; + }; + icedtea = pkgs.adoptopenjdk-icedtea-web.override { + jdk = cookedJDK; + }; +in pkgs.buildFHSUserEnv { name = "javaws-env"; targetPkgs = pkgs: (with pkgs; [ - adoptopenjdk-icedtea-web + icedtea ]); runScript = "javaws"; + passthru.jdk = cookedJDK; + passthru.icedtea = icedtea; }