source: general/prog/ojdk-conf.xml@ cc338e5

10.0 10.1 11.0 11.1 11.2 11.3 12.0 12.1 8.4 9.0 9.1 bdubbs/svn kea ken/TL2024 ken/inkscape-core-mods ken/tuningfonts lazarus lxqt plabs/newcss plabs/python-mods python3.11 qt5new rahul/power-profiles-daemon renodr/vulkan-addition trunk upgradedb xry111/intltool xry111/llvm18 xry111/soup3 xry111/test-20220226 xry111/xf86-video-removal
Last change on this file since cc338e5 was cc338e5, checked in by DJ Lucas <dj@…>, 5 years ago

Fix location of Java cacerts.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@20863 af4574ff-66df-0310-9fd7-8a98e5e911e0
  • Property mode set to 100644
File size: 4.6 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ojdk-conf" xreflabel="Configuring the JAVA environment">
9 <?dbhtml filename="ojdk-conf.html"?>
10
11 <sect1info>
12 <othername>$LastChangedBy$</othername>
13 <date>$Date$</date>
14 </sect1info>
15
16 <title>Configuring the JAVA environment</title>
17
18 <sect2 id="java-profile">
19 <title>Setting up the environment</title>
20
21 <para>
22 After the package installation is complete, the next step is to make sure
23 that the system can properly find the files. If you set up your login
24 scripts as recommended in <xref linkend='postlfs-config-profile'/>, update
25 the environment by creating the <filename>openjdk.sh</filename> script,
26 as the <systemitem class="username">root</systemitem> user:
27 </para>
28
29<screen role="root"><userinput>cat &gt; /etc/profile.d/openjdk.sh &lt;&lt; "EOF"
30<literal># Begin /etc/profile.d/openjdk.sh
31
32# Set JAVA_HOME directory
33JAVA_HOME=/opt/jdk
34
35# Adjust PATH
36pathappend $JAVA_HOME/bin
37
38# Add to MANPATH
39pathappend $JAVA_HOME/man MANPATH
40
41# Auto Java CLASSPATH: Copy jar files to, or create symlinks in, the
42# /usr/share/java directory. Note that having gcj jars with OpenJDK 8
43# may lead to errors.
44
45AUTO_CLASSPATH_DIR=/usr/share/java
46
47pathprepend . CLASSPATH
48
49for dir in `find ${AUTO_CLASSPATH_DIR} -type d 2>/dev/null`; do
50 pathappend $dir CLASSPATH
51done
52
53for jar in `find ${AUTO_CLASSPATH_DIR} -name "*.jar" 2>/dev/null`; do
54 pathappend $jar CLASSPATH
55done
56
57export JAVA_HOME
58unset AUTO_CLASSPATH_DIR dir jar
59
60# End /etc/profile.d/openjdk.sh</literal>
61EOF</userinput></screen>
62
63 <para>
64 If <xref linkend="sudo"/> is installed, the super user should have
65 access to the above variables. Execute the following commands as the
66 <systemitem class="username">root</systemitem> user:
67 </para>
68
69<screen role="root"><userinput>cat &gt; /etc/sudoers.d/java &lt;&lt; "EOF"
70<literal>Defaults env_keep += JAVA_HOME
71Defaults env_keep += CLASSPATH</literal>
72EOF</userinput></screen>
73
74 <para>
75 For allowing <command>mandb</command> to include the OpenJDK man pages
76 in its database, issue, as the <systemitem class="username">root
77 </systemitem> user:
78 </para>
79
80<screen role="root"><userinput>cat &gt;&gt; /etc/man_db.conf &lt;&lt; "EOF" &amp;&amp;
81<literal># Begin Java addition
82MANDATORY_MANPATH /opt/jdk/man
83MANPATH_MAP /opt/jdk/bin /opt/jdk/man
84MANDB_MAP /opt/jdk/man /var/cache/man/jdk
85# End Java addition</literal>
86EOF
87
88mkdir -p /var/cache/man &amp;&amp;
89mandb -c /opt/jdk/man</userinput></screen>
90
91 </sect2>
92
93 <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates">
94
95 <title>Setting up the Certificate Authority Certificates for Java</title>
96
97 <para>
98 <application>OpenJDK</application> uses its own format for the
99 CA certificates. The Java security modules use
100 <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
101 default. In order to keep all the certificates in one place, we use
102 <filename>/etc/ssl/java/cacerts</filename>. That file should be
103 generated using the system PKI trust store. The instructions
104 on the <xref linkend="make-ca"/> page should be used to update the file
105 located in <filename class="directory">/etc/ssl/java</filename>.
106 Run the conversion and setup a symlink in the default location as the
107 <systemitem class="username">root</systemitem> user:
108 </para>
109
110<screen role="root"><userinput>/usr/sbin/make-ca -g --force &amp;&amp;
111ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
112
113 <para>
114 Use the following commands to check if the <filename>cacerts</filename>
115 file has been successfully installed:
116 </para>
117
118<screen role="root"><userinput>cd /opt/jdk
119bin/keytool -list -cacerts</userinput></screen>
120
121 <para>
122 At the prompt <computeroutput>Enter keystore password:</computeroutput>,
123 enter <userinput>changeit</userinput> (the default) or just press the
124 <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
125 installed correctly, you will see a list of the certificates with
126 related information for each one. If not, you need to reinstall them.
127 </para>
128
129 <para>
130 If you later install a new JVM, you just have to create the symlink in
131 the default location to be able to use the cacerts.
132 </para>
133
134 </sect2>
135
136</sect1>
Note: See TracBrowser for help on using the repository browser.