Ignore:
Timestamp:
10/29/2016 09:56:12 AM (7 years ago)
Author:
DJ Lucas <dj@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
be1bcf9c
Parents:
7b8c7ec
Message:

Use mk-ca-bundle.pl from curl for CA Certificates generation.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@17919 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • general/prog/openjdk.xml

    r7b8c7ec r30b7db74  
    553553        <application>OpenJDK</application> uses its own format for the
    554554        CA certificates. Those certificates are located in a file named
    555         <filename>/opt/jdk/jre/lib/security/cacerts</filename>. That file
    556         may be generated from the one installed using the instructions on the
    557         <xref linkend="cacerts"/> page, with the following procedure.
    558         First, generate the <command>mkcacerts</command> script
     555        <filename>/etc/ssl/java/cacerts</filename>. That file should be
     556        generated using the system PKI trust store. The instructions
     557        on the <xref linkend="cacerts"/> page will be used to do the update
     558        by calling the following script. Install the
     559        <command>mkcacerts</command> script and setup a symlink in the java
    559560        as the <systemitem class="username">root</systemitem> user:
    560561      </para>
    561562
    562 <screen role="root"><userinput>cat &gt; /opt/jdk/bin/mkcacerts &lt;&lt; "EOF"
     563<screen role="root"><userinput>cat &gt; /opt/jdk/bin/mkcacerts &lt;&lt; "EOF" &amp;&amp;
    563564<literal>#!/bin/sh
    564565# Simple script to extract x509 certificates and create a JRE cacerts file.
     
    777778EOF
    778779
    779 chmod -c 0755 /opt/jdk/bin/mkcacerts</userinput></screen>
     780chmod -c 0755 /opt/jdk/bin/mkcacerts &amp;&amp;
     781ln -sfv /etc/ssl/java/cacerts /opt/jdk/jre/lib/security/cacerts</userinput></screen>
    780782
    781783  <note>
     
    791793    </para>
    792794
    793 <screen role="root"><userinput>if [ -f /opt/jdk/jre/lib/security/cacerts ]; then
    794   mv /opt/jdk/jre/lib/security/cacerts \
    795      /opt/jdk/jre/lib/security/cacerts.bak
     795<screen role="root"><userinput>if [ -f /etc/ssl/java/cacerts ]; then
     796  mv /etc/ssl/java/cacerts \
     797     /etc/ssl/java/cacerts.bak
    796798fi &amp;&amp;
    797799/opt/jdk/bin/mkcacerts                 \
     
    799801        -k "/opt/jdk/bin/keytool"      \
    800802        -s "/usr/bin/openssl"          \
    801         -o "/opt/jdk/jre/lib/security/cacerts"</userinput></screen>
     803        -o "/etc/ssl/java/cacerts"</userinput></screen>
    802804
    803805    <para>Use the following commands to check if the
     
    805807
    806808<screen role="root"><userinput>cd /opt/jdk
    807 bin/keytool -list -keystore jre/lib/security/cacerts</userinput></screen>
     809bin/keytool -list -keystore /etc/ssl/java/cacerts</userinput></screen>
    808810
    809811    <para>At the prompt "Enter keystore password:", press the "Enter" key if
Note: See TracChangeset for help on using the changeset viewer.