Java: Difference between revisions
imported>Nornagon Add instructions for installing Oracle JDK system-wide. |
imported>Makefu add overriding chapter for certificate store |
||
| Line 57: | Line 57: | ||
More options can be found in the [https://wiki.archlinux.org/index.php/Java_Runtime_Environment_fonts archlinux wiki] | More options can be found in the [https://wiki.archlinux.org/index.php/Java_Runtime_Environment_fonts archlinux wiki] | ||
== Overriding java jks Certificate Store == | |||
Overriding the java certificate store may be required for adding your own Root certificates in case your company uses an internal PKI or the company utilizes an intercepting proxy. | |||
=== jdk8 === | |||
Overriding the jdk8 certificate store is possible by overriding the '''cacert''' parameter of the package: | |||
<syntaxHighlight lang=nix> | |||
{ pkgs, ... }: | |||
let | |||
myjdk = pkgs.jdk8.override { | |||
cacert = pkgs.runCommand "mycacert" {} '' | |||
mkdir -p $out/etc/ssl/certs | |||
cat ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt \ | |||
${./my-company-root-certificate.crt} > $out/etc/ssl/certs/ca-bundle.crt | |||
''; | |||
}; | |||
in { | |||
programs.java = { | |||
enable = true; | |||
package = myjdk | |||
}; | |||
} | |||
</syntaxHighlight> | |||
the java package build will use the '''ca-bundle''' to run keytool and transform it into '''jks''' format. | |||
you could also use <syntaxHighlight lang=nix> | |||
{ | |||
nixpkgs.overlays = [(self: super: {jdk = super.jdk8.override { };} )]; | |||
} | |||
</syntaxHighlight> to override the default jdk so all packages use the patched java version. | |||
=== jdk11 === | |||
JDK11 does not provide the cacert overridable and therefore it is not possible to use the same technique to override the truststore. | |||