Java

From NixOS Wiki
Revision as of 15:17, 11 December 2019 by imported>Makefu (add overriding chapter for certificate store)

This article is about Java, the programming language.

JDK options

Your default choice should probably be to install jdk11, which is an alias for openjdk11. If you're in a server environment, go for jdk11_headless. Java 11 is the currently-maintained LTS version of OpenJDK as of Oct 2019.

As you might expect, though, many flavors of Java are available in NixOS.

  • OpenJDK, by far the most popular non-Oracle JVM implementation
    • openjdk8[_headless] for a legacy Java 8 VM required by some older apps
    • openjdk11[_headless], the currently-supported LTS version of OpenJDK
    • openjdk12[_headless], the current version of OpenJDK
  • AdoptOpenJDK, prebuilt binaries for OpenJDK
    • adoptopenjdk-bin points to the latest version of AdoptOpenJDK, which is version 11 at the time of writing.
    • adoptopenjdk-jre-bin is available if you want to avoid downloading the compiler and only require the runtime environment.
  • JetBrains JDK (jetbrains.jdk), a fork of OpenJDK with modifications made by JetBrains
  • Oracle's JDK (oraclejdk), only version 8 is available.

Using Oracle JDK instead of Open JDK

Almost all Java packages in nixpkgs use Open JDK in form of a jre dependency. If you use Oracle JDK and also want other applications to use it, you can simply tweak your .nixpkgs/config.nix so that your desired application uses Oracles JDK or JRE.

Example with UMLet with JRE

{
  allowUnfree = true;
  packageOverrides = pkgs: rec {
    umlet = pkgs.umlet.override {
      jre = pkgs.oraclejre8;
    };
  };
}

To install the Oracle JRE system-wide, you need to explicitly accept the license in addition to allowing unfree modules:

# /etc/nixos/configuration.nix
{
  nixpkgs.config = {
    allowUnfree = true;
    oraclejdk.accept_license = true;
  };
  environment.systemPackages = with pkgs; [
    oraclejre8
  ];
}

Better font rendering

By default java does not enable antialiasing for font rendering. By exporting environment variables, this can be fixed:

$ export _JAVA_OPTIONS='-Dawt.useSystemAAFontSettings=lcd'

More options can be found in the archlinux wiki

Overriding java jks Certificate Store

Overriding the java certificate store may be required for adding your own Root certificates in case your company uses an internal PKI or the company utilizes an intercepting proxy.

jdk8

Overriding the jdk8 certificate store is possible by overriding the cacert parameter of the package:

{ pkgs, ... }:
let 
  myjdk = pkgs.jdk8.override {
    cacert = pkgs.runCommand "mycacert" {} ''
      mkdir -p $out/etc/ssl/certs
      cat ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt \
        ${./my-company-root-certificate.crt} > $out/etc/ssl/certs/ca-bundle.crt
    '';
  };
in {
  programs.java = {
    enable = true;
    package = myjdk
  };
}

the java package build will use the ca-bundle to run keytool and transform it into jks format.

you could also use

{
  nixpkgs.overlays = [(self: super: {jdk = super.jdk8.override { };} )];
}

to override the default jdk so all packages use the patched java version.

jdk11

JDK11 does not provide the cacert overridable and therefore it is not possible to use the same technique to override the truststore.