diff --git a/pkgs/development/compilers/icedtea/cppflags-include-fix.patch b/pkgs/development/compilers/icedtea/cppflags-include-fix.patch new file mode 100644 index 000000000000..8931c122538f --- /dev/null +++ b/pkgs/development/compilers/icedtea/cppflags-include-fix.patch @@ -0,0 +1,16 @@ +diff -Naur openjdk-orig/jdk/make/sun/awt/mawt.gmk openjdk/jdk/make/sun/awt/mawt.gmk +--- openjdk-orig/jdk/make/sun/awt/mawt.gmk 2012-08-28 19:13:16.000000000 -0400 ++++ openjdk/jdk/make/sun/awt/mawt.gmk 2013-01-22 11:56:22.315418708 -0500 +@@ -234,12 +234,6 @@ + endif # !HEADLESS + endif # PLATFORM + +-ifeq ($(PLATFORM), linux) +- # Checking for the X11/extensions headers at the additional location +- CPPFLAGS += -I$(firstword $(wildcard $(OPENWIN_HOME)/include/X11/extensions) \ +- $(wildcard /usr/include/X11/extensions)) +-endif +- + ifeq ($(PLATFORM), macosx)) + CPPFLAGS += -I$(OPENWIN_HOME)/include/X11/extensions \ + -I$(OPENWIN_HOME)/include diff --git a/pkgs/development/compilers/icedtea/default.nix b/pkgs/development/compilers/icedtea/default.nix new file mode 100644 index 000000000000..42a719d64d35 --- /dev/null +++ b/pkgs/development/compilers/icedtea/default.nix @@ -0,0 +1,175 @@ +{ stdenv, fetchurl, jdk, jdkPath, ant, wget, zip, unzip, cpio, file, libxslt +, xorg, zlib, pkgconfig, libjpeg, libpng, giflib, lcms2, gtk2, krb5, attr +, alsaLib, procps, automake, autoconf, cups, which, perl, coreutils, binutils +, cacert, setJavaClassPath +}: + +let + + /** + * The JRE libraries are in directories that depend on the CPU. + */ + architecture = + if stdenv.system == "i686-linux" then + "i386" + else if stdenv.system == "x86_64-linux" then + "amd64" + else + throw "icedtea requires i686-linux or x86_64 linux"; + + srcInfo = (import ./sources.nix).icedtea7; + + pkgName = "icedtea7-${srcInfo.version}"; + + defSrc = name: + with (builtins.getAttr name srcInfo.bundles); fetchurl { + inherit url sha256; + name = "${pkgName}-${name}-${baseNameOf url}"; + }; + + bundleNames = builtins.attrNames srcInfo.bundles; + + sources = stdenv.lib.genAttrs bundleNames (name: defSrc name); + + bundleFun = name: "--with-${name}-src-zip=" + builtins.getAttr name sources; + bundleFlags = map bundleFun bundleNames; + +in + +with srcInfo; stdenv.mkDerivation { + name = pkgName; + + src = fetchurl { + inherit url sha256; + }; + + outputs = [ "out" "jre" ]; + + # TODO: Probably some more dependencies should be on this list but are being + # propagated instead + buildInputs = [ + jdk ant wget zip unzip cpio file libxslt pkgconfig procps automake + autoconf which perl coreutils xorg.lndir + zlib libjpeg libpng giflib lcms2 krb5 attr alsaLib cups + xorg.libX11 xorg.libXtst gtk2 + ]; + + configureFlags = bundleFlags ++ [ + "--disable-bootstrap" + "--disable-downloading" + + "--without-rhino" + # Uncomment this when paxctl lands in stdenv: "--with-pax=paxctl" + "--with-jdk-home=${jdkPath}" + ]; + + preConfigure = '' + unset JAVA_HOME JDK_HOME CLASSPATH JAVAC JAVACFLAGS + + substituteInPlace javac.in --replace '#!/usr/bin/perl' '#!${perl}/bin/perl' + substituteInPlace javah.in --replace '#!/usr/bin/perl' '#!${perl}/bin/perl' + + ./autogen.sh + ''; + + preBuild = '' + make stamps/extract.stamp + + substituteInPlace openjdk/jdk/make/common/shared/Defs-utils.gmk --replace '/bin/echo' '${coreutils}/bin/echo' + substituteInPlace openjdk/corba/make/common/shared/Defs-utils.gmk --replace '/bin/echo' '${coreutils}/bin/echo' + + patch -p0 < ${./cppflags-include-fix.patch} + patch -p0 < ${./fix-java-home.patch} + ''; + + NIX_NO_SELF_RPATH = true; + + makeFlags = [ + "ALSA_INCLUDE=${alsaLib}/include/alsa/version.h" + "ALT_UNIXCOMMAND_PATH=" + "ALT_USRBIN_PATH=" + "ALT_DEVTOOLS_PATH=" + "ALT_COMPILER_PATH=" + "ALT_CUPS_HEADERS_PATH=${cups}/include" + "ALT_OBJCOPY=${binutils}/bin/objcopy" + "SORT=${coreutils}/bin/sort" + "UNLIMITED_CRYPTO=1" + ]; + + installPhase = '' + mkdir -p $out/lib/icedtea $out/share $jre/lib/icedtea + + cp -av openjdk.build/j2sdk-image/* $out/lib/icedtea + + # Move some stuff to top-level. + mv $out/lib/icedtea/include $out/include + mv $out/lib/icedtea/man $out/share/man + + # jni.h expects jni_md.h to be in the header search path. + ln -s $out/include/linux/*_md.h $out/include/ + + # Remove some broken manpages. + rm -rf $out/share/man/ja* + + # Remove crap from the installation. + rm -rf $out/lib/icedtea/demo $out/lib/icedtea/sample + + # Move the JRE to a separate output. + mv $out/lib/icedtea/jre $jre/lib/icedtea/ + mkdir $out/lib/icedtea/jre + lndir $jre/lib/icedtea/jre $out/lib/icedtea/jre + + rm -rf $out/lib/icedtea/jre/bin + ln -s $out/lib/icedtea/bin $out/lib/icedtea/jre/bin + + # Remove duplicate binaries. + for i in $(cd $out/lib/icedtea/bin && echo *); do + if [ "$i" = java ]; then continue; fi + if cmp -s $out/lib/icedtea/bin/$i $jre/lib/icedtea/jre/bin/$i; then + ln -sfn $jre/lib/icedtea/jre/bin/$i $out/lib/icedtea/bin/$i + fi + done + + # Generate certificates. + pushd $jre/lib/icedtea/jre/lib/security + rm cacerts + perl ${./generate-cacerts.pl} $jre/lib/icedtea/jre/bin/keytool ${cacert}/etc/ca-bundle.crt + popd + + ln -s $out/lib/icedtea/bin $out/bin + ln -s $jre/lib/icedtea/jre/bin $jre/bin + ''; + + # FIXME: this is unnecessary once the multiple-outputs branch is merged. + preFixup = '' + prefix=$jre stripDirs "$stripDebugList" "''${stripDebugFlags:--S}" + patchELF $jre + propagatedNativeBuildInputs+=" $jre" + + # Propagate the setJavaClassPath setup hook from the JRE so that + # any package that depends on the JRE has $CLASSPATH set up + # properly. + mkdir -p $jre/nix-support + echo -n "${setJavaClassPath}" > $jre/nix-support/propagated-native-build-inputs + + # Set JAVA_HOME automatically. + mkdir -p $out/nix-support + cat < $out/nix-support/setup-hook + if [ -z "\$JAVA_HOME" ]; then export JAVA_HOME=$out/lib/icedtea; fi + EOF + ''; + + meta = { + description = "Free Java development kit based on OpenJDK 7.0 and the IcedTea project"; + longDescription = '' + Free Java environment based on OpenJDK 7.0 and the IcedTea project. + - Full Java runtime environment + - Needed for executing Java Webstart programs and the free Java web browser plugin. + ''; + homepage = http://icedtea.classpath.org; + maintainers = with stdenv.lib.maintainers; [ wizeman ]; + platforms = stdenv.lib.platforms.linux; + }; + + passthru = { inherit architecture; }; +} diff --git a/pkgs/development/compilers/icedtea/fix-java-home.patch b/pkgs/development/compilers/icedtea/fix-java-home.patch new file mode 100644 index 000000000000..5def344f1717 --- /dev/null +++ b/pkgs/development/compilers/icedtea/fix-java-home.patch @@ -0,0 +1,17 @@ +diff -ru -x '*~' openjdk-orig/hotspot/src/os/linux/vm/os_linux.cpp openjdk/hotspot/src/os/linux/vm/os_linux.cpp +--- openjdk-orig/hotspot/src/os/linux/vm/os_linux.cpp 2013-09-06 20:22:03.000000000 +0200 ++++ openjdk/hotspot/src/os/linux/vm/os_linux.cpp 2014-01-24 22:44:08.223857012 +0100 +@@ -2358,12 +2358,10 @@ + CAST_FROM_FN_PTR(address, os::jvm_path), + dli_fname, sizeof(dli_fname), NULL); + assert(ret, "cannot locate libjvm"); + char *rp = NULL; + if (ret && dli_fname[0] != '\0') { +- rp = realpath(dli_fname, buf); ++ snprintf(buf, buflen, "%s", dli_fname); + } +- if (rp == NULL) +- return; + + if (Arguments::created_by_gamma_launcher()) { + // Support for the gamma launcher. Typical value for buf is diff --git a/pkgs/development/compilers/icedtea/generate-cacerts.pl b/pkgs/development/compilers/icedtea/generate-cacerts.pl new file mode 100644 index 000000000000..3bdd42f7274f --- /dev/null +++ b/pkgs/development/compilers/icedtea/generate-cacerts.pl @@ -0,0 +1,366 @@ +#!/usr/bin/perl + +# Copyright (C) 2007, 2008 Red Hat, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# generate-cacerts.pl generates a JKS keystore named 'cacerts' from +# OpenSSL's certificate bundle using OpenJDK's keytool. + +# First extract each of OpenSSL's bundled certificates into its own +# aliased filename. + +# Downloaded from http://cvs.fedoraproject.org/viewvc/rpms/ca-certificates/F-12/generate-cacerts.pl?revision=1.2 +# Check and prevention of duplicate aliases added by Vlastimil Babka + +$file = $ARGV[1]; +open(CERTS, $file); +@certs = ; +close(CERTS); + +$pem_file_count = 0; +$in_cert_block = 0; +$write_current_cert = 1; +foreach $cert (@certs) +{ + if ($cert =~ /Issuer: /) + { + $_ = $cert; + if ($cert =~ /personal-freemail/) + { + $cert_alias = "thawtepersonalfreemailca"; + } + elsif ($cert =~ /personal-basic/) + { + $cert_alias = "thawtepersonalbasicca"; + } + elsif ($cert =~ /personal-premium/) + { + $cert_alias = "thawtepersonalpremiumca"; + } + elsif ($cert =~ /server-certs/) + { + $cert_alias = "thawteserverca"; + } + elsif ($cert =~ /premium-server/) + { + $cert_alias = "thawtepremiumserverca"; + } + elsif ($cert =~ /Class 1 Public Primary Certification Authority$/) + { + $cert_alias = "verisignclass1ca"; + } + elsif ($cert =~ /Class 1 Public Primary Certification Authority - G2/) + { + $cert_alias = "verisignclass1g2ca"; + } + elsif ($cert =~ + /VeriSign Class 1 Public Primary Certification Authority - G3/) + { + $cert_alias = "verisignclass1g3ca"; + } + elsif ($cert =~ /Class 2 Public Primary Certification Authority$/) + { + $cert_alias = "verisignclass2ca"; + } + elsif ($cert =~ /Class 2 Public Primary Certification Authority - G2/) + { + $cert_alias = "verisignclass2g2ca"; + } + elsif ($cert =~ + /VeriSign Class 2 Public Primary Certification Authority - G3/) + { + $cert_alias = "verisignclass2g3ca"; + } + elsif ($cert =~ /Class 3 Public Primary Certification Authority$/) + { + $cert_alias = "verisignclass3ca"; + } + # Version 1 of Class 3 Public Primary Certification Authority + # - G2 is added. Version 3 is excluded. See below. + elsif ($cert =~ + /VeriSign Class 3 Public Primary Certification Authority - G3/) + { + $cert_alias = "verisignclass3g3ca"; + } + elsif ($cert =~ + /RSA Data Security.*Secure Server Certification Authority/) + { + $cert_alias = "verisignserverca"; + } + elsif ($cert =~ /GTE CyberTrust Global Root/) + { + $cert_alias = "gtecybertrustglobalca"; + } + elsif ($cert =~ /Baltimore CyberTrust Root/) + { + $cert_alias = "baltimorecybertrustca"; + } + elsif ($cert =~ /www.entrust.net\/Client_CA_Info\/CPS/) + { + $cert_alias = "entrustclientca"; + } + elsif ($cert =~ /www.entrust.net\/GCCA_CPS/) + { + $cert_alias = "entrustglobalclientca"; + } + elsif ($cert =~ /www.entrust.net\/CPS_2048/) + { + $cert_alias = "entrust2048ca"; + } + elsif ($cert =~ /www.entrust.net\/CPS /) + { + $cert_alias = "entrustsslca"; + } + elsif ($cert =~ /www.entrust.net\/SSL_CPS/) + { + $cert_alias = "entrustgsslca"; + } + elsif ($cert =~ /The Go Daddy Group/) + { + $cert_alias = "godaddyclass2ca"; + } + elsif ($cert =~ /Starfield Class 2 Certification Authority/) + { + $cert_alias = "starfieldclass2ca"; + } + elsif ($cert =~ /ValiCert Class 2 Policy Validation Authority/) + { + $cert_alias = "valicertclass2ca"; + } + elsif ($cert =~ /GeoTrust Global CA$/) + { + $cert_alias = "geotrustglobalca"; + } + elsif ($cert =~ /Equifax Secure Certificate Authority/) + { + $cert_alias = "equifaxsecureca"; + } + elsif ($cert =~ /Equifax Secure eBusiness CA-1/) + { + $cert_alias = "equifaxsecureebusinessca1"; + } + elsif ($cert =~ /Equifax Secure eBusiness CA-2/) + { + $cert_alias = "equifaxsecureebusinessca2"; + } + elsif ($cert =~ /Equifax Secure Global eBusiness CA-1/) + { + $cert_alias = "equifaxsecureglobalebusinessca1"; + } + elsif ($cert =~ /Sonera Class1 CA/) + { + $cert_alias = "soneraclass1ca"; + } + elsif ($cert =~ /Sonera Class2 CA/) + { + $cert_alias = "soneraclass2ca"; + } + elsif ($cert =~ /AAA Certificate Services/) + { + $cert_alias = "comodoaaaca"; + } + elsif ($cert =~ /AddTrust Class 1 CA Root/) + { + $cert_alias = "addtrustclass1ca"; + } + elsif ($cert =~ /AddTrust External CA Root/) + { + $cert_alias = "addtrustexternalca"; + } + elsif ($cert =~ /AddTrust Qualified CA Root/) + { + $cert_alias = "addtrustqualifiedca"; + } + elsif ($cert =~ /UTN-USERFirst-Hardware/) + { + $cert_alias = "utnuserfirsthardwareca"; + } + elsif ($cert =~ /UTN-USERFirst-Client Authentication and Email/) + { + $cert_alias = "utnuserfirstclientauthemailca"; + } + elsif ($cert =~ /UTN - DATACorp SGC/) + { + $cert_alias = "utndatacorpsgcca"; + } + elsif ($cert =~ /UTN-USERFirst-Object/) + { + $cert_alias = "utnuserfirstobjectca"; + } + elsif ($cert =~ /America Online Root Certification Authority 1/) + { + $cert_alias = "aolrootca1"; + } + elsif ($cert =~ /DigiCert Assured ID Root CA/) + { + $cert_alias = "digicertassuredidrootca"; + } + elsif ($cert =~ /DigiCert Global Root CA/) + { + $cert_alias = "digicertglobalrootca"; + } + elsif ($cert =~ /DigiCert High Assurance EV Root CA/) + { + $cert_alias = "digicerthighassuranceevrootca"; + } + elsif ($cert =~ /GlobalSign Root CA$/) + { + $cert_alias = "globalsignca"; + } + elsif ($cert =~ /GlobalSign Root CA - R2/) + { + $cert_alias = "globalsignr2ca"; + } + elsif ($cert =~ /Elektronik.*Kas.*2005/) + { + $cert_alias = "extra-elektronikkas2005"; + } + elsif ($cert =~ /Elektronik/) + { + $cert_alias = "extra-elektronik2005"; + } + # Mozilla does not provide these certificates: + # baltimorecodesigningca + # gtecybertrust5ca + # trustcenterclass2caii + # trustcenterclass4caii + # trustcenteruniversalcai + else + { + # Generate an alias using the OU and CN attributes of the + # Issuer field if both are present, otherwise use only the + # CN attribute. The Issuer field must have either the OU + # or the CN attribute. + $_ = $cert; + if ($cert =~ /OU=/) + { + s/Issuer:.*?OU=//; + # Remove other occurrences of OU=. + s/OU=.*CN=//; + # Remove CN= if there were not other occurrences of OU=. + s/CN=//; + s/\/emailAddress.*//; + s/Certificate Authority/ca/g; + s/Certification Authority/ca/g; + } + elsif ($cert =~ /CN=/) + { + s/Issuer:.*CN=//; + s/\/emailAddress.*//; + s/Certificate Authority/ca/g; + s/Certification Authority/ca/g; + } + s/\W//g; + tr/A-Z/a-z/; + $cert_alias = "extra-$_"; + + } + while (-e "$cert_alias.pem") + { + $cert_alias = "$cert_alias" . "_"; + } + } + # When it attempts to parse: + # + # Class 3 Public Primary Certification Authority - G2, Version 3 + # + # keytool says: + # + # #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false + # Unparseable AuthorityInfoAccess extension due to + # java.io.IOException: Invalid encoding of URI + # + # If we do not exclude this file + # openjdk/jdk/test/lib/security/cacerts/VerifyCACerts.java fails + # on this cert, printing: + # + # Couldn't verify: java.security.SignatureException: Signature + # does not match. + # + elsif ($cert =~ + /A6:0F:34:C8:62:6C:81:F6:8B:F7:7D:A9:F6:67:58:8A:90:3F:7D:36/) + { + $write_current_cert = 0; + $pem_file_count--; + } + elsif ($cert eq "-----BEGIN CERTIFICATE-----\n") + { + $_ = $cert; + s/\W//g; + tr/A-Z/a-z/; + $cert_alias = "extra-$_"; + while (-e "$cert_alias.pem") + { + $cert_alias = "$cert_alias" . "_"; + } + if ($in_cert_block != 0) + { + die "$file is malformed."; + } + $in_cert_block = 1; + if ($write_current_cert == 1) + { + $pem_file_count++; + if (-e "$cert_alias.pem") + { + print "$cert_alias"; + die "already exists" + } + open(PEM, ">$cert_alias.pem"); + print PEM $cert; + } + } + elsif ($cert eq "-----END CERTIFICATE-----\n") + { + $in_cert_block = 0; + if ($write_current_cert == 1) + { + print PEM $cert; + close(PEM); + } + $write_current_cert = 1 + } + else + { + if ($in_cert_block == 1 && $write_current_cert == 1) + { + print PEM $cert; + } + } +} + +# Check that the correct number of .pem files were produced. +@pem_files = <*.pem>; +if (@pem_files != $pem_file_count) +{ + print "$pem_file_count"; + die "Number of .pem files produced does not match". + " number of certs read from $file."; +} + +# Now store each cert in the 'cacerts' file using keytool. +$certs_written_count = 0; +foreach $pem_file (@pem_files) +{ + system "$ARGV[0] -noprompt -import". + " -alias `basename $pem_file .pem`". + " -keystore cacerts -storepass 'changeit' -file $pem_file"; + unlink($pem_file); + $certs_written_count++; +} + +# Check that the correct number of certs were added to the keystore. +if ($certs_written_count != $pem_file_count) +{ + die "Number of certs added to keystore does not match". + " number of certs read from $file."; +} diff --git a/pkgs/development/compilers/icedtea/sources.nix b/pkgs/development/compilers/icedtea/sources.nix new file mode 100644 index 000000000000..95d6928b3ab4 --- /dev/null +++ b/pkgs/development/compilers/icedtea/sources.nix @@ -0,0 +1,56 @@ +# This file is autogenerated from update.py in the same directory. +{ + icedtea7 = rec { + branch = "2.4"; + version = "${branch}.5"; + + url = "http://icedtea.wildebeest.org/download/source/icedtea-${version}.tar.xz"; + sha256 = "0nrhbn2q7cm21hpq1f5ds0v0rnsznmdyiifi8w4l1ykyqw9n9yfk"; + + hg_url = "http://icedtea.classpath.org/hg/release/icedtea7-forest-${branch}"; + + bundles = { + openjdk = rec { + changeset = "410eb7fef869"; + url = "${hg_url}/archive/${changeset}.tar.gz"; + sha256 = "2de151c7275d91ef082e63fcc0957c5f9290404ec6e20ecfa1e752e16bfab707"; + }; + + corba = rec { + changeset = "3594dbde270d"; + url = "${hg_url}/corba/archive/${changeset}.tar.gz"; + sha256 = "d1f97e143fe94ae3a56b45bb5a90f8ab10ec2be4ff770a788f0a1ac677e27a7d"; + }; + + jaxp = rec { + changeset = "8fe156ad49e2"; + url = "${hg_url}/jaxp/archive/${changeset}.tar.gz"; + sha256 = "0a2a40186cedfbeb8f87b0bc86bea2830943943081d4289fc74f7a783b2e1af3"; + }; + + jaxws = rec { + changeset = "32ea8b1ed91a"; + url = "${hg_url}/jaxws/archive/${changeset}.tar.gz"; + sha256 = "08a169b6b02883759ec7a412aa91aa3e37480761cb50b95d092dbcdb2fc9a3d0"; + }; + + jdk = rec { + changeset = "9db88c18e114"; + url = "${hg_url}/jdk/archive/${changeset}.tar.gz"; + sha256 = "285e5b8ccbb29f3f9f9ea9ea7856d1ed97465c57d091fbcd9b2e55a1ffbb543e"; + }; + + langtools = rec { + changeset = "dabd37b7e295"; + url = "${hg_url}/langtools/archive/${changeset}.tar.gz"; + sha256 = "86cb370ce2084c4b699d8c002ebe6c026e86206ffa82a2f3d7906aadb94ed79f"; + }; + + hotspot = rec { + changeset = "2cb58882dac3"; + url = "${hg_url}/hotspot/archive/${changeset}.tar.gz"; + sha256 = "d8c1681ae76e660c1888065933cedbbc1309869c7a2fb98f07c424716d5ebaf9"; + }; + }; + }; +} diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4e912d63daf4..4e0b9b2218ac 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2784,6 +2784,15 @@ let gwt240 = callPackage ../development/compilers/gwt/2.4.0.nix { }; + icedtea7_jdk = callPackage ../development/compilers/icedtea rec { + jdk = openjdk; + jdkPath = "${openjdk}/lib/openjdk"; + } // { outputs = [ "out" ]; }; + + icedtea7_jre = (lib.setName "icedtea7-${lib.getVersion pkgs.icedtea7_jdk.jre}" (lib.addMetaAttrs + { description = "Free Java runtime environment based on OpenJDK 7.0 and the IcedTea project"; } + pkgs.icedtea7_jdk.jre)) // { outputs = [ "jre" ]; }; + ikarus = callPackage ../development/compilers/ikarus { }; hugs = callPackage ../development/compilers/hugs { };