[bug#52690] [PATCH] gnu: IcedTea: Prohibit references to nss-certs.

[Leo Famulari]

I checked, and neither of these packages keep references to nss-certs.
So, although this change will cause rebuilds, it shouldn't cause any
functional changes.

However, my understanding is that the IcedTea packages actually copy the
NSS certificate store, so there wouldn't be a reference anyways, but we
would have the problem of "software that expires".

Built packages should not refer to nss-certs, to prevent errant hard-coding of a
certificate store version.

* gnu/packages/java.scm (icedtea-7, icedtea-8)[arguments]: Add nss-certs
to #:disallowed-references.
---
 gnu/packages/java.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 0a757b2391..91a16bb53d 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -812,6 +812,8 @@ (define-public icedtea-7
          ;; gremlin) doesn't support it yet, so skip this phase.
          #:validate-runpath? #f
 
+         #:disallowed-references (,nss-certs)
+
          #:modules ((guix build utils)
                     (guix build gnu-build-system)
                     (ice-9 match)
@@ -1376,7 +1378,8 @@ (define-public icedtea-8
           (guix build syscalls)
           ,@%gnu-build-system-modules)
 
-         #:disallowed-references ,(list (gexp-input icedtea-7 "jdk"))
+         #:disallowed-references ,(list (gexp-input icedtea-7 "jdk")
+                                         nss-certs)
 
          ,@(substitute-keyword-arguments (package-arguments icedtea-7)
              ((#:modules modules)
-- 
2.34.0