nix/pkgs/javaws-env: patch JRE to enable RC4/SSLv3

This commit is contained in:
Luke Granger-Brown 2020-12-26 23:36:15 +00:00
parent 161ed2af50
commit f6428191cf

View file

@ -3,11 +3,59 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
{ pkgs, ... }: { pkgs, ... }:
let
jdk = pkgs.jdk8;
cookedJDK = pkgs.stdenvNoCC.mkDerivation {
inherit (jdk) version;
pname = jdk.pname + "-cooked";
outputs = [ "out" "jre" ];
src = jdk;
unpackPhase = "";
installPhase = ''
cp -R $src $out
chmod -R u+rw $out
cp -R ${jdk.jre} $jre
chmod -R u+rw $jre
for symlink in $(find $out -lname '*jre*'); do
original_target="$(readlink -f "$symlink")"
new_target="$(echo "$original_target" | sed "s,${jdk.jre},$jre,g")"
rm "$symlink"
ln -s "$new_target" "$symlink"
done
# Reenable RC4 and SSLv3 :(
sed -Ei \
-e 's/jdk.tls.disabledAlgorithms=/disabled.\0/' \
-e 's/jdk.jar.disabledAlgorithms=/disabled.\0/' \
-e 's/jdk.certpath.disabledAlgorithms=/disabled.\0/' \
$jre/lib/openjdk/jre/lib/security/java.security
cat <<EOF >>"$jre/lib/openjdk/jre/lib/security/java.security"
jdk.tls.disabledAlgorithms=
jdk.jar.disabledAlgorithms=
jdk.certpath.disabledAlgorithms=
EOF
'';
meta = jdk.meta;
passthru = jdk.passthru // {
home = "${cookedJDK}/lib/openjdk";
};
};
icedtea = pkgs.adoptopenjdk-icedtea-web.override {
jdk = cookedJDK;
};
in
pkgs.buildFHSUserEnv { pkgs.buildFHSUserEnv {
name = "javaws-env"; name = "javaws-env";
targetPkgs = pkgs: (with pkgs; targetPkgs = pkgs: (with pkgs;
[ [
adoptopenjdk-icedtea-web icedtea
]); ]);
runScript = "javaws"; runScript = "javaws";
passthru.jdk = cookedJDK;
passthru.icedtea = icedtea;
} }