From 6341d93ac1d95b5e20359d661d5e8a707a9f8584 Mon Sep 17 00:00:00 2001 From: David Morgan Date: Tue, 13 Aug 2024 12:23:44 +0100 Subject: Add zscaler cert to jdk keystore on darwin --- nix-conf/home/includes/clojure.nix | 1 - nix-conf/home/includes/darwin.nix | 48 ++++++++++++++++++++++++++++++++++++-- 2 files changed, 46 insertions(+), 3 deletions(-) (limited to 'nix-conf') diff --git a/nix-conf/home/includes/clojure.nix b/nix-conf/home/includes/clojure.nix index d6d4347..f3534c6 100644 --- a/nix-conf/home/includes/clojure.nix +++ b/nix-conf/home/includes/clojure.nix @@ -12,7 +12,6 @@ in maven neil ] - ++ optionals stdenv.isDarwin [ (leiningen.override { jdk = jdk8; }) ] ++ optionals stdenv.isLinux [ leiningen ]; } diff --git a/nix-conf/home/includes/darwin.nix b/nix-conf/home/includes/darwin.nix index 562f6eb..56596d4 100644 --- a/nix-conf/home/includes/darwin.nix +++ b/nix-conf/home/includes/darwin.nix @@ -20,7 +20,49 @@ let makeWrapper ${pkgs.mopidy}/bin/mopidy $out/bin/mopidy \ --prefix PYTHONPATH : $out/${pkgs.mopidyPackages.python.sitePackages} ''; - }; + }; + + zscaler-cert = '' +-----BEGIN CERTIFICATE----- +MIIE0zCCA7ugAwIBAgIJANu+mC2Jt3uTMA0GCSqGSIb3DQEBCwUAMIGhMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2Ux +FTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMMWnNjYWxlciBJbmMuMRgw +FgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG9w0BCQEWE3N1cHBvcnRA +enNjYWxlci5jb20wHhcNMTQxMjE5MDAyNzU1WhcNNDIwNTA2MDAyNzU1WjCBoTEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBK +b3NlMRUwEwYDVQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5j +LjEYMBYGA1UEAxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBw +b3J0QHpzY2FsZXIuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qT7STSxZRTgEFFf6doHajSc1vk5jmzmM6BWuOo044EsaTc9eVEV/HjH/1DWzZtcr +fTj+ni205apMTlKBW3UYR+lyLHQ9FoZiDXYXK8poKSV5+Tm0Vls/5Kb8mkhVVqv7 +LgYEmvEY7HPY+i1nEGZCa46ZXCOohJ0mBEtB9JVlpDIO+nN0hUMAYYdZ1KZWCMNf +5J/aTZiShsorN2A38iSOhdd+mcRM4iNL3gsLu99XhKnRqKoHeH83lVdfu1XBeoQz +z5V6gA3kbRvhDwoIlTBeMa5l4yRdJAfdpkbFzqiwSgNdhbxTHnYYorDzKfr2rEFM +dsMU0DHdeAZf711+1CunuQIDAQABo4IBCjCCAQYwHQYDVR0OBBYEFLm33UrNww4M +hp1d3+wcBGnFTpjfMIHWBgNVHSMEgc4wgcuAFLm33UrNww4Mhp1d3+wcBGnFTpjf +oYGnpIGkMIGhMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G +A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFpzY2FsZXIgSW5jLjEVMBMGA1UECxMM +WnNjYWxlciBJbmMuMRgwFgYDVQQDEw9ac2NhbGVyIFJvb3QgQ0ExIjAgBgkqhkiG +9w0BCQEWE3N1cHBvcnRAenNjYWxlci5jb22CCQDbvpgtibd7kzAMBgNVHRMEBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAw0NdJh8w3NsJu4KHuVZUrmZgIohnTm0j+ +RTmYQ9IKA/pvxAcA6K1i/LO+Bt+tCX+C0yxqB8qzuo+4vAzoY5JEBhyhBhf1uK+P +/WVWFZN/+hTgpSbZgzUEnWQG2gOVd24msex+0Sr7hyr9vn6OueH+jj+vCMiAm5+u +kd7lLvJsBu3AO3jGWVLyPkS3i6Gf+rwAp1OsRrv3WnbkYcFf9xjuaf4z0hRCrLN2 +xFNjavxrHmsH8jPHVvgc1VD0Opja0l/BRVauTrUaoW6tE+wFG5rEcPGS80jjHK4S +pB5iDj2mUZH1T8lzYtuZy0ZPirxmtsk3135+CKNa2OCAhhFjE0xd +-----END CERTIFICATE----- + ''; + zscaler-jdk = pkgs.jdk.overrideAttrs (old: { + # passthru.home must be set to ensure JAVA_HOME is set correctly + # See https://github.com/nix-community/home-manager/blob/086f619dd991a4d355c07837448244029fc2d9ab/modules/programs/java.nix#L39-L41 + # and https://github.com/NixOS/nixpkgs/blob/4877ea239f4d02410c3516101faf35a81af0c30e/pkgs/development/compilers/openjdk/jre.nix#L32 + passthru.home = "${zscaler-jdk}"; # make sure JAVA_HOME is set + installPhase = old.installPhase + '' + $out/bin/keytool -import -noprompt -trustcacerts -alias zscalerrootca -keystore $out/lib/security/cacerts <<< "${zscaler-cert}" + ''; + }); + + zscaler-lein = pkgs.leiningen.override { jdk = zscaler-jdk; }; in { imports = [ @@ -58,6 +100,8 @@ in sqls #vimpc wget + + zscaler-lein ]; nix.settings = { @@ -68,7 +112,7 @@ in programs.java = { enable = true; - #package = (pkgs.jdk8.overrideAttrs (_: { postPatch = "ln -nsf ../zulu-8.jdk/Contents/Home/man man"; })); + package = zscaler-jdk; }; } -- cgit 1.4.1-2-gfad0