canonicalize-jars-hook: add

A build hook to run functions previously only implemented privately in
`pkgs/build-support/release/functions.sh`.
This commit is contained in:
bb010g 2019-04-18 20:50:47 -07:00 committed by Doron Behar
parent 77382d5ebf
commit 29fedf210f
4 changed files with 61 additions and 0 deletions

View file

@ -0,0 +1,9 @@
{ substituteAll, unzip, zip }:
substituteAll {
name = "canonicalize-jar";
src = ./canonicalize-jar.sh;
unzip = "${unzip}/bin/unzip";
zip = "${zip}/bin/zip";
}

View file

@ -0,0 +1,29 @@
# Canonicalize the manifest & repack with deterministic timestamps.
canonicalizeJar() {
local input='' outer=''
input="$(realpath -sm -- "$1")"
outer="$(pwd)"
# -qq: even quieter
@unzip@ -qq "$input" -d "$input-tmp"
canonicalizeJarManifest "$input-tmp/META-INF/MANIFEST.MF"
# Sets all timestamps to Jan 1 1980, the earliest mtime zips support.
find -- "$input-tmp" -exec touch -t 198001010000.00 {} +
rm "$input"
pushd "$input-tmp" 2>/dev/null
# -q|--quiet, -r|--recurse-paths
# -o|--latest-time: canonicalizes overall archive mtime
# -X|--no-extra: don't store platform-specific extra file attribute fields
@zip@ -qroX "$outer/tmp-out.jar" . 2> /dev/null
popd 2>/dev/null
rm -rf "$input-tmp"
mv "$outer/tmp-out.jar" "$input"
}
# See also the Java specification's JAR requirements:
# https://docs.oracle.com/javase/8/docs/technotes/guides/jar/jar.html#Notes_on_Manifest_and_Signature_Files
canonicalizeJarManifest() {
local input=''
input="$(realpath -sm -- "$1")"
(head -n 1 "$input" && tail -n +2 "$input" | sort | grep -v '^\s*$') > "$input-tmp"
mv "$input-tmp" "$input"
}

View file

@ -0,0 +1,17 @@
# This setup hook causes the fixup phase to repack all JAR files in a
# canonical & deterministic fashion, e.g. resetting mtimes (like with normal
# store files) and avoiding impure metadata.
fixupOutputHooks+=('if [ -z "$dontCanonicalizeJars" -a -e "$prefix" ]; then canonicalizeJarsIn "$prefix"; fi')
canonicalizeJarsIn() {
local dir="$1"
header "canonicalizing jars in $dir"
dir="$(realpath -sm -- "$dir")"
while IFS= read -rd '' f; do
canonicalizeJar "$f"
done < <(find -- "$dir" -type f -name '*.jar' -print0)
stopNest
}
source @canonicalize_jar@

View file

@ -153,6 +153,12 @@ with pkgs;
appindicator-sharp = callPackage ../development/libraries/appindicator-sharp { };
canonicalize-jar = callPackage ../build-support/java/canonicalize-jar.nix { };
canonicalize-jars-hook = makeSetupHook {
name = "canonicalize-jars-hook";
substitutions = { canonicalize_jar = canonicalize-jar; };
} ../build-support/setup-hooks/canonicalize-jars.sh;
ensureNewerSourcesHook = { year }: makeSetupHook {}
(writeScript "ensure-newer-sources-hook.sh" ''
postUnpackHooks+=(_ensureNewerSources)