Hi Alexey, Alexey Abramov skribis: > Ludovic Courtès writes: [...] >>> + (let* ((module (string-append (getcwd) "/modules/web")) >>> + (classes (string-append module "/build/classes/java/main")) >>> + (web-generated-headers (string-append module "/build/generated-src/headers")) >>> + (web-generated-classes '("com.sun.webkit.ContextMenu" >>> + "com.sun.webkit.ContextMenuItem" >>> + "com.sun.webkit.CursorManager" >> >> Perhaps add a comment explaining how you obtained this list of classes >> so that our future selves know how to update it. >> >> Since this is a Web thing, could you check whether it contains pre-built >> (“minified”) JavaScript? If it does, that’s a problem because we >> generally provide only software built from source. > > We build not only a web component here, but webkit as well. Webkit requires some extra 3rd party libraries icu, libxml, libxslt and sqlite which are already in openjfx source bundle. We also build them now. Oh sorry, I had overlooked that and it’s problematic. The policy in Guix is to not use bundled software: it’s a waste of resources (especially for large pieces of software like WebKit), but more importantly it’s a security issue (nobody will notice if ‘java-openjfx-web’ includes an outdated, vulnerable version of WebKit). So the solution is to: 1. Pass the relevant flags to tell the build system to use the “system” copies of these libraries. If there’s no such flag, patch the build system to not try to build these things. 2. Add a snippet to remove bundled copies of these libraries, to make sure they’re not picked up by mistake. Sometimes it’s just a build flag, and sometimes it’s harder. If it turns out to be difficult, let us know, and perhaps we can find an interim solution. Could you take a look? Let me know what you think! Thanks, Ludo’.