source: general/prog/ojdk-conf.xml@ 0b50bdd1

12.1 ken/TL2024 lazarus plabs/newcss rahul/power-profiles-daemon trunk xry111/llvm18
Last change on this file since 0b50bdd1 was c751775, checked in by Douglas R. Reno <renodr@…>, 3 months ago

Update to OpenJDK-21.0.2 (Security Update)
  • Property mode set to 100644
File size: 4.6 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ojdk-conf" xreflabel="Configuring the Java environment">
9 <?dbhtml filename="ojdk-conf.html"?>
10
11
12 <title>Configuring the Java environment</title>
13
14 <sect2 id="java-profile">
15 <title>Setting up the environment</title>
16
17 <para>
18 After the package installation is complete, the next step is to make sure
19 that the system can properly find the files. If you set up your login
20 scripts as recommended in <xref linkend='postlfs-config-profile'/>, update
21 the environment by creating the <filename>openjdk.sh</filename> script,
22 as the <systemitem class="username">root</systemitem> user:
23 </para>
24
25<screen role="root"><userinput>cat &gt; /etc/profile.d/openjdk.sh &lt;&lt; "EOF"
26<literal># Begin /etc/profile.d/openjdk.sh
27
28# Set JAVA_HOME directory
29JAVA_HOME=/opt/jdk
30
31# Adjust PATH
32pathappend $JAVA_HOME/bin
33
34# Add to MANPATH
35pathappend $JAVA_HOME/man MANPATH
36
37# Auto Java CLASSPATH: Copy jar files to, or create symlinks in, the
38# /usr/share/java directory.
39
40AUTO_CLASSPATH_DIR=/usr/share/java
41
42pathprepend . CLASSPATH
43
44for dir in `find ${AUTO_CLASSPATH_DIR} -type d 2>/dev/null`; do
45 pathappend $dir CLASSPATH
46done
47
48for jar in `find ${AUTO_CLASSPATH_DIR} -name "*.jar" 2>/dev/null`; do
49 pathappend $jar CLASSPATH
50done
51
52export JAVA_HOME
53
54# By default, Java creates several files in a directory named
55# /tmp/hsperfdata_[username]. This directory contains files that are used for
56# performance monitoring and profiling, but aren't normally needed on a BLFS
57# system. This environment variable disables that feature.
58_JAVA_OPTIONS="-XX:-UsePerfData"
59
60export _JAVA_OPTIONS
61
62unset AUTO_CLASSPATH_DIR dir jar _JAVA_OPTIONS
63
64# End /etc/profile.d/openjdk.sh</literal>
65EOF</userinput></screen>
66
67 <para>
68 If <xref linkend="sudo"/> is installed, the super user should have
69 access to the above variables. Execute the following commands as the
70 <systemitem class="username">root</systemitem> user:
71 </para>
72
73<screen role="root"><userinput>cat &gt; /etc/sudoers.d/java &lt;&lt; "EOF"
74<literal>Defaults env_keep += JAVA_HOME
75Defaults env_keep += CLASSPATH
76Defaults env_keep += _JAVA_OPTIONS</literal>
77EOF</userinput></screen>
78
79 <para>
80 To use <command>mandb</command> to include the OpenJDK man pages
81 in its database, issue, as the <systemitem class="username">root
82 </systemitem> user:
83 </para>
84
85<screen role="root"><userinput>cat &gt;&gt; /etc/man_db.conf &lt;&lt; "EOF" &amp;&amp;
86<literal># Begin Java addition
87MANDATORY_MANPATH /opt/jdk/man
88MANPATH_MAP /opt/jdk/bin /opt/jdk/man
89MANDB_MAP /opt/jdk/man /var/cache/man/jdk
90# End Java addition</literal>
91EOF
92
93mkdir -p /var/cache/man &amp;&amp;
94mandb -c /opt/jdk/man</userinput></screen>
95
96 </sect2>
97
98 <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates">
99
100 <title>Setting up the Certificate Authority Certificates for Java</title>
101
102 <para>
103 <application>OpenJDK</application> uses its own format for the
104 CA certificates. The Java security modules use
105 <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
106 default. In order to keep all the certificates in one place, we use
107 <filename>/etc/ssl/java/cacerts</filename>. The instructions
108 on the <xref linkend="make-ca"/> page previously created the file
109 located in <filename class="directory">/etc/ssl/java</filename>.
110 Set up a symlink in the default location as the
111 <systemitem class="username">root</systemitem> user:
112 </para>
113
114<screen role="root"><userinput>ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
115
116 <para>
117 Use the following command to check if the <filename>cacerts</filename>
118 file has been successfully installed:
119 </para>
120
121<screen role="root"><userinput>/opt/jdk/bin/keytool -list -cacerts</userinput></screen>
122
123 <para>
124 At the prompt <computeroutput>Enter keystore password:</computeroutput>,
125 enter <userinput>changeit</userinput> (the default) or just press the
126 <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
127 installed correctly, you will see a list of the certificates with
128 related information for each one. If not, you need to reinstall them.
129 </para>
130
131 <para>
132 If you later install a new JVM, you just have to create the symlink in
133 the default location to be able to use the cacerts.
134 </para>
135
136 </sect2>
137
138</sect1>
Note: See TracBrowser for help on using the repository browser.