Changeset 55bcdd7

Timestamp:

03/15/2018 05:42:49 PM (6 years ago)

Author:

Pierre Labastie <pieere@…>

Branches:

10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

ce005d8d

Parents:

0dc1b7b

Message:

Move the instructions to install the JAVA CA certificates to "Configuring the
JAVA environment" and host jtreg on anduin.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@19953 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general/prog/ojdk-conf.xml (modified) (2 diffs)
• general/prog/openjdk.xml (modified) (3 diffs)
• introduction/welcome/changelog.xml (modified) (2 diffs)

general/prog/ojdk-conf.xml

@@ -15 +15 @@
 
   <title>Configuring the JAVA environment</title>
+
+  <sect2 id="java-profile">
+    <title>Setting up the environment</title>
 
     <para>
@@ -75 +78 @@
 mandb -c /opt/jdk/man</userinput></screen>
 
+  </sect2>
+
+  <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates">
+
+    <title>Setting up the Certificate Authority Certificates for Java</title>
+
     <para>
-      The installation of the JRE certificate authority bundle
-      is described in the <xref linkend="ojdk-certs"/> section.
+      <application>OpenJDK</application> uses its own format for the
+      CA certificates. The Java security modules use
+      <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
+      default. In order to keep all the certificates in one place, we use
+      <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
+      generated using the system PKI trust store. The instructions
+      on the <xref linkend="make-ca"/> page should be used to update the file
+      located in <filename class="directory">/etc/ssl/java</filename>.
+      Run the conversion and setup a symlink in the default location as the
+      <systemitem class="username">root</systemitem> user:
     </para>
 
+<screen role="root"><userinput>/usr/sbin/make-ca -g --force &amp;&amp;
+ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
+
+    <para>
+      Use the following commands to check if the <filename>cacerts</filename>
+      file has been successfully installed:
+    </para>
+
+<screen role="root"><userinput>cd /opt/jdk
+bin/keytool -list -cacerts</userinput></screen>
+
+    <para>
+      At the prompt <computeroutput>Enter keystore password:</computeroutput>,
+      enter <userinput>changeit</userinput> (the default) or just press the
+      <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
+      installed correctly, you will see a list of the certificates with
+      related information for each one. If not, you need to reinstall them.
+    </para>
+
+    <para>
+      If you later install a new JVM, you just have to create the symlink in
+      the default location to be able to use the cacerts.
+    </para>
+
+  </sect2>
+
 </sect1>

general/prog/openjdk.xml

@@ -23 +23 @@
   <!ENTITY total-download-size       "83 MB">
 
-  <!ENTITY jtreg-version             "4.2-b12">
-  <!ENTITY jtreg-download            "https://ci.adoptopenjdk.net/view/all/job/jtreg/lastSuccessfulBuild/artifact/jtreg-&jtreg-version;.tar.gz">
-  <!ENTITY jtreg-md5sum              "d9869a852006397df454e904ef1f3ea2">
+  <!ENTITY jtreg-version             "4.2-b12-293">
+  <!ENTITY jtreg-download            "&anduin-download;/jtreg-&jtreg-version;.tar.gz">
+  <!ENTITY jtreg-md5sum              "806213d907d737ab49034344cd3df2cf">
   <!ENTITY jtreg-size                "7.3 MB">
 
@@ -320 +320 @@
       <para>
         If you only wish to install the Java Runtime Environment, you can
-        substitue <filename>build/*/images/jre</filename> in the above
+        substitute <filename>build/*/images/jre</filename> in the above
         <command>cp</command> command.
       </para>
@@ -493 +493 @@
     </sect3>
 
-    <sect3 id='ojdk-certs' xreflabel='JRE Certificate Authority Certificates'>
-      <title>Install or update the JRE Certificate Authority Certificates
-      (cacerts) file</title>
-
-      <para>
-        <application>OpenJDK</application> uses its own format for the
-        CA certificates. Those certificates are located in a file named
-        <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
-        generated using the system PKI trust store. The instructions
-        on the <xref linkend="make-ca"/> page should be used to update the file
-        located in <filename>/etc/ssl/java</filename>. Run the conversion and
-        setup a symlink in the default location as the <systemitem
-        class="username">root</systemitem> user:
-      </para>
-
-<screen role="root"><userinput>/usr/sbin/make-ca --force &amp;&amp;
-ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
-
-      <para>
-        Use the following commands to check if the <filename>cacerts</filename>
-        file has been successfully installed:
+    <sect3>
+      <title>
+        Settting up the JRE Certificate Authority Certificates (cacerts) file
+      </title>
+
+      <para>
+        If you have run the instructions for <xref linkend="ojdk-certs"/>,
+        you only need to create a symlink in the default location for
+        those certificates. As user <systemitem
+        class="username">root</systemitem>:
+      </para>
+
+<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen>
+
+      <para>
+        To check the installatiion, as when <xref linkend="ojdk-certs"/>, issue:
       </para>
 
 <screen role="root"><userinput>cd /opt/jdk
-bin/keytool -list -keystore /etc/ssl/java/cacerts</userinput></screen>
-
-      <para>
-        At the prompt "Enter keystore password:", enter "changeit" (the
-        default). If the <filename>cacerts</filename> file was installed
-        correctly, you will see a list of the certificates with related
-        information for each one. If not, you need to reinstall them.
-      </para>
+bin/keytool -list -cacerts</userinput></screen>
 
     </sect3>

introduction/welcome/changelog.xml

@@ -46 +46 @@
       <itemizedlist>
         <listitem>
+          <para>[pierre] - Move the instructions to install the CA certificates
+          for Java to "Configuring the Java environment", so that a "cacerts"
+          file can be passed to OpenJDK's configure. Also host the jtreg
+          bundle on anduin.</para>
+        </listitem>
+        <listitem>
           <para>[thomas] - Upgrade to json-c-0.13.1. Fixes
           <ulink url="&blfs-ticket-root;10471">#10471</ulink>.</para>
@@ -55 +61 @@
           disregard the mitigation because of issues with the previous (now
           withdrawn) version.  That will hopefully be fixed in a few days,
-          but wil then require a kernel upgrade. Fixes
+          but will then require a kernel upgrade. Fixes
           <ulink url="&blfs-ticket-root;10300">#10300</ulink>.</para>
         </listitem>