Changeset 55bcdd7


Ignore:
Timestamp:
03/15/2018 05:42:49 PM (4 years ago)
Author:
Pierre Labastie <pieere@…>
Branches:
10.0, 10.1, 11.0, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, ken/refactor-virt, lazarus, perl-modules, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
ce005d8d
Parents:
0dc1b7b
Message:

Move the instructions to install the JAVA CA certificates to "Configuring the
JAVA environment" and host jtreg on anduin.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19953 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
3 edited

Legend:

Unmodified
Added
Removed
  • general/prog/ojdk-conf.xml

    r0dc1b7b r55bcdd7  
    1515
    1616  <title>Configuring the JAVA environment</title>
     17
     18  <sect2 id="java-profile">
     19    <title>Setting up the environment</title>
    1720
    1821    <para>
     
    7578mandb -c /opt/jdk/man</userinput></screen>
    7679
     80  </sect2>
     81
     82  <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates">
     83
     84    <title>Setting up the Certificate Authority Certificates for Java</title>
     85
    7786    <para>
    78       The installation of the JRE certificate authority bundle
    79       is described in the <xref linkend="ojdk-certs"/> section.
     87      <application>OpenJDK</application> uses its own format for the
     88      CA certificates. The Java security modules use
     89      <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
     90      default. In order to keep all the certificates in one place, we use
     91      <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
     92      generated using the system PKI trust store. The instructions
     93      on the <xref linkend="make-ca"/> page should be used to update the file
     94      located in <filename class="directory">/etc/ssl/java</filename>.
     95      Run the conversion and setup a symlink in the default location as the
     96      <systemitem class="username">root</systemitem> user:
    8097    </para>
    8198
     99<screen role="root"><userinput>/usr/sbin/make-ca -g --force &amp;&amp;
     100ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
     101
     102    <para>
     103      Use the following commands to check if the <filename>cacerts</filename>
     104      file has been successfully installed:
     105    </para>
     106
     107<screen role="root"><userinput>cd /opt/jdk
     108bin/keytool -list -cacerts</userinput></screen>
     109
     110    <para>
     111      At the prompt <computeroutput>Enter keystore password:</computeroutput>,
     112      enter <userinput>changeit</userinput> (the default) or just press the
     113      <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
     114      installed correctly, you will see a list of the certificates with
     115      related information for each one. If not, you need to reinstall them.
     116    </para>
     117
     118    <para>
     119      If you later install a new JVM, you just have to create the symlink in
     120      the default location to be able to use the cacerts.
     121    </para>
     122
     123  </sect2>
     124
    82125</sect1>
  • general/prog/openjdk.xml

    r0dc1b7b r55bcdd7  
    2323  <!ENTITY total-download-size       "83 MB">
    2424
    25   <!ENTITY jtreg-version             "4.2-b12">
    26   <!ENTITY jtreg-download            "https://ci.adoptopenjdk.net/view/all/job/jtreg/lastSuccessfulBuild/artifact/jtreg-&jtreg-version;.tar.gz">
    27   <!ENTITY jtreg-md5sum              "d9869a852006397df454e904ef1f3ea2">
     25  <!ENTITY jtreg-version             "4.2-b12-293">
     26  <!ENTITY jtreg-download            "&anduin-download;/jtreg-&jtreg-version;.tar.gz">
     27  <!ENTITY jtreg-md5sum              "806213d907d737ab49034344cd3df2cf">
    2828  <!ENTITY jtreg-size                "7.3 MB">
    2929
     
    320320      <para>
    321321        If you only wish to install the Java Runtime Environment, you can
    322         substitue <filename>build/*/images/jre</filename> in the above
     322        substitute <filename>build/*/images/jre</filename> in the above
    323323        <command>cp</command> command.
    324324      </para>
     
    493493    </sect3>
    494494
    495     <sect3 id='ojdk-certs' xreflabel='JRE Certificate Authority Certificates'>
    496       <title>Install or update the JRE Certificate Authority Certificates
    497       (cacerts) file</title>
    498 
    499       <para>
    500         <application>OpenJDK</application> uses its own format for the
    501         CA certificates. Those certificates are located in a file named
    502         <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
    503         generated using the system PKI trust store. The instructions
    504         on the <xref linkend="make-ca"/> page should be used to update the file
    505         located in <filename>/etc/ssl/java</filename>. Run the conversion and
    506         setup a symlink in the default location as the <systemitem
    507         class="username">root</systemitem> user:
    508       </para>
    509 
    510 <screen role="root"><userinput>/usr/sbin/make-ca --force &amp;&amp;
    511 ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
    512 
    513       <para>
    514         Use the following commands to check if the <filename>cacerts</filename>
    515         file has been successfully installed:
     495    <sect3>
     496      <title>
     497        Settting up the JRE Certificate Authority Certificates (cacerts) file
     498      </title>
     499
     500      <para>
     501        If you have run the instructions for <xref linkend="ojdk-certs"/>,
     502        you only need to create a symlink in the default location for
     503        those certificates. As user <systemitem
     504        class="username">root</systemitem>:
     505      </para>
     506
     507<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
     508
     509      <para>
     510        To check the installatiion, as when <xref linkend="ojdk-certs"/>, issue:
    516511      </para>
    517512
    518513<screen role="root"><userinput>cd /opt/jdk
    519 bin/keytool -list -keystore /etc/ssl/java/cacerts</userinput></screen>
    520 
    521       <para>
    522         At the prompt "Enter keystore password:", enter "changeit" (the
    523         default). If the <filename>cacerts</filename> file was installed
    524         correctly, you will see a list of the certificates with related
    525         information for each one. If not, you need to reinstall them.
    526       </para>
     514bin/keytool -list -cacerts</userinput></screen>
    527515
    528516    </sect3>
  • introduction/welcome/changelog.xml

    r0dc1b7b r55bcdd7  
    4646      <itemizedlist>
    4747        <listitem>
     48          <para>[pierre] - Move the instructions to install the CA certificates
     49          for Java to "Configuring the Java environment", so that a "cacerts"
     50          file can be passed to OpenJDK's configure. Also host the jtreg
     51          bundle on anduin.</para>
     52        </listitem>
     53        <listitem>
    4854          <para>[thomas] - Upgrade to json-c-0.13.1. Fixes
    4955          <ulink url="&blfs-ticket-root;10471">#10471</ulink>.</para>
     
    5561          disregard the mitigation because of issues with the previous (now
    5662          withdrawn) version.  That will hopefully be fixed in a few days,
    57           but wil then require a kernel upgrade. Fixes
     63          but will then require a kernel upgrade. Fixes
    5864          <ulink url="&blfs-ticket-root;10300">#10300</ulink>.</para>
    5965        </listitem>
Note: See TracChangeset for help on using the changeset viewer.