fop: 2.8 -> 2.11

Using the suggestions made by @afh in #348116. I did not see a reason to not include `stripJavaArchivesHook`. The patch for CVE-2024-28168 has been part of Apache FOP since 2.10: d96ba9a117
2025-10-07 16:41:36 -05:00
parent ea839424d5
commit 8ed021a3e5
1 changed files with 16 additions and 34 deletions
--- a/pkgs/by-name/fo/fop/package.nix
+++ b/pkgs/by-name/fo/fop/package.nix
@@ -1,61 +1,43 @@
 {
  lib,
-  stdenv,
  fetchurl,
-  fetchpatch,
-  ant,
-  jdk,
+  maven,
  jre,
  makeWrapper,
  stripJavaArchivesHook,
 }:

-stdenv.mkDerivation (finalAttrs: {
+maven.buildMavenPackage rec {
  pname = "fop";
-  version = "2.8";
+  version = "2.11";

  src = fetchurl {
-    url = "mirror://apache/xmlgraphics/fop/fop-${finalAttrs.version}-src.tar.gz";
-    hash = "sha256-b7Av17wu6Ar/npKOiwYqzlvBFSIuXTpqTacM1sxtBvc=";
+    url = "https://dlcdn.apache.org/xmlgraphics/fop/source/fop-${version}-src.tar.gz";
+    hash = "sha256-uY6cUjmyuenfK3jAWvugsYa5qg8rbnvRZZ6qA/g2fZM=";
  };

-  patches = [
-    (fetchpatch {
-      name = "CVE-2024-28168.patch";
-      url = "https://github.com/apache/xmlgraphics-fop/commit/d96ba9a11710d02716b6f4f6107ebfa9ccec7134.patch";
-      hash = "sha256-zmUA1Tq6iZtvNECCiXebXodp6AikBn10NTZnVHpPMlw=";
-    })
-  ];
+  mvnHash = "sha256-EaOIAy0+YPrF+yGsFKKqcA4bt90bq1Z86V57P9rMatE=";
+
+  buildOffline = true;
+  doCheck = false;

  nativeBuildInputs = [
-    ant
-    jdk
    makeWrapper
    stripJavaArchivesHook
  ];

-  # Note: not sure if this is needed anymore
-  env.JAVA_TOOL_OPTIONS = "-Dfile.encoding=UTF8";
-
-  buildPhase = ''
-    runHook preBuild
-
-    # build only the "package" target, which generates the fop command.
-    ant -f fop/build.xml package
-
-    runHook postBuild
-  '';
-
  installPhase = ''
    runHook preInstall

-    mkdir -p $out/lib $out/share/doc/fop
-    cp fop/build/*.jar fop/lib/*.jar $out/lib/
-    cp -r README fop/examples/ $out/share/doc/fop/
+    install -Dm644 fop*/target/*.jar -t "$out/lib"
+    install -Dm644 fop*/lib/*.jar -t "$out/lib"
+
+    install -Dm644 README -t "$out/share/doc/fop"
+    cp -r fop/examples/ "$out/share/doc/fop"

    # There is a fop script in the source archive, but it has many impurities.
    # Instead of patching out 90 % of the script, we write our own.
-    makeWrapper ${jre}/bin/java $out/bin/fop \
+    makeWrapper ${lib.getExe jre} "$out/bin/fop" \
        --add-flags "-Djava.awt.headless=true" \
        --add-flags "-classpath $out/lib/\*" \
        --add-flags "org.apache.fop.cli.Main"
@@ -91,4 +73,4 @@ stdenv.mkDerivation (finalAttrs: {
      binaryBytecode # source bundles dependencies as jars
    ];
  };
-})
+}