nix/pkgs/javaws-env: patch JRE to enable RC4/SSLv3
This commit is contained in:
parent
161ed2af50
commit
f6428191cf
1 changed files with 49 additions and 1 deletions
|
@ -3,11 +3,59 @@
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
# SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
let
|
||||||
|
jdk = pkgs.jdk8;
|
||||||
|
cookedJDK = pkgs.stdenvNoCC.mkDerivation {
|
||||||
|
inherit (jdk) version;
|
||||||
|
pname = jdk.pname + "-cooked";
|
||||||
|
|
||||||
|
outputs = [ "out" "jre" ];
|
||||||
|
|
||||||
|
src = jdk;
|
||||||
|
unpackPhase = "";
|
||||||
|
installPhase = ''
|
||||||
|
cp -R $src $out
|
||||||
|
chmod -R u+rw $out
|
||||||
|
|
||||||
|
cp -R ${jdk.jre} $jre
|
||||||
|
chmod -R u+rw $jre
|
||||||
|
|
||||||
|
for symlink in $(find $out -lname '*jre*'); do
|
||||||
|
original_target="$(readlink -f "$symlink")"
|
||||||
|
new_target="$(echo "$original_target" | sed "s,${jdk.jre},$jre,g")"
|
||||||
|
rm "$symlink"
|
||||||
|
ln -s "$new_target" "$symlink"
|
||||||
|
done
|
||||||
|
|
||||||
|
# Reenable RC4 and SSLv3 :(
|
||||||
|
sed -Ei \
|
||||||
|
-e 's/jdk.tls.disabledAlgorithms=/disabled.\0/' \
|
||||||
|
-e 's/jdk.jar.disabledAlgorithms=/disabled.\0/' \
|
||||||
|
-e 's/jdk.certpath.disabledAlgorithms=/disabled.\0/' \
|
||||||
|
$jre/lib/openjdk/jre/lib/security/java.security
|
||||||
|
cat <<EOF >>"$jre/lib/openjdk/jre/lib/security/java.security"
|
||||||
|
jdk.tls.disabledAlgorithms=
|
||||||
|
jdk.jar.disabledAlgorithms=
|
||||||
|
jdk.certpath.disabledAlgorithms=
|
||||||
|
EOF
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = jdk.meta;
|
||||||
|
passthru = jdk.passthru // {
|
||||||
|
home = "${cookedJDK}/lib/openjdk";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
icedtea = pkgs.adoptopenjdk-icedtea-web.override {
|
||||||
|
jdk = cookedJDK;
|
||||||
|
};
|
||||||
|
in
|
||||||
pkgs.buildFHSUserEnv {
|
pkgs.buildFHSUserEnv {
|
||||||
name = "javaws-env";
|
name = "javaws-env";
|
||||||
targetPkgs = pkgs: (with pkgs;
|
targetPkgs = pkgs: (with pkgs;
|
||||||
[
|
[
|
||||||
adoptopenjdk-icedtea-web
|
icedtea
|
||||||
]);
|
]);
|
||||||
runScript = "javaws";
|
runScript = "javaws";
|
||||||
|
passthru.jdk = cookedJDK;
|
||||||
|
passthru.icedtea = icedtea;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue