Changeset 55bcdd7
- Timestamp:
- 03/15/2018 05:42:49 PM (6 years ago)
- Branches:
- 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
- Children:
- ce005d8d
- Parents:
- 0dc1b7b
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
general/prog/ojdk-conf.xml
r0dc1b7b r55bcdd7 15 15 16 16 <title>Configuring the JAVA environment</title> 17 18 <sect2 id="java-profile"> 19 <title>Setting up the environment</title> 17 20 18 21 <para> … … 75 78 mandb -c /opt/jdk/man</userinput></screen> 76 79 80 </sect2> 81 82 <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates"> 83 84 <title>Setting up the Certificate Authority Certificates for Java</title> 85 77 86 <para> 78 The installation of the JRE certificate authority bundle 79 is described in the <xref linkend="ojdk-certs"/> section. 87 <application>OpenJDK</application> uses its own format for the 88 CA certificates. The Java security modules use 89 <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by 90 default. In order to keep all the certificates in one place, we use 91 <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be 92 generated using the system PKI trust store. The instructions 93 on the <xref linkend="make-ca"/> page should be used to update the file 94 located in <filename class="directory">/etc/ssl/java</filename>. 95 Run the conversion and setup a symlink in the default location as the 96 <systemitem class="username">root</systemitem> user: 80 97 </para> 81 98 99 <screen role="root"><userinput>/usr/sbin/make-ca -g --force && 100 ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen> 101 102 <para> 103 Use the following commands to check if the <filename>cacerts</filename> 104 file has been successfully installed: 105 </para> 106 107 <screen role="root"><userinput>cd /opt/jdk 108 bin/keytool -list -cacerts</userinput></screen> 109 110 <para> 111 At the prompt <computeroutput>Enter keystore password:</computeroutput>, 112 enter <userinput>changeit</userinput> (the default) or just press the 113 <quote>Enter</quote> key. If the <filename>cacerts</filename> file was 114 installed correctly, you will see a list of the certificates with 115 related information for each one. If not, you need to reinstall them. 116 </para> 117 118 <para> 119 If you later install a new JVM, you just have to create the symlink in 120 the default location to be able to use the cacerts. 121 </para> 122 123 </sect2> 124 82 125 </sect1> -
general/prog/openjdk.xml
r0dc1b7b r55bcdd7 23 23 <!ENTITY total-download-size "83 MB"> 24 24 25 <!ENTITY jtreg-version "4.2-b12 ">26 <!ENTITY jtreg-download " https://ci.adoptopenjdk.net/view/all/job/jtreg/lastSuccessfulBuild/artifact/jtreg-&jtreg-version;.tar.gz">27 <!ENTITY jtreg-md5sum " d9869a852006397df454e904ef1f3ea2">25 <!ENTITY jtreg-version "4.2-b12-293"> 26 <!ENTITY jtreg-download "&anduin-download;/jtreg-&jtreg-version;.tar.gz"> 27 <!ENTITY jtreg-md5sum "806213d907d737ab49034344cd3df2cf"> 28 28 <!ENTITY jtreg-size "7.3 MB"> 29 29 … … 320 320 <para> 321 321 If you only wish to install the Java Runtime Environment, you can 322 substitu e <filename>build/*/images/jre</filename> in the above322 substitute <filename>build/*/images/jre</filename> in the above 323 323 <command>cp</command> command. 324 324 </para> … … 493 493 </sect3> 494 494 495 <sect3 id='ojdk-certs' xreflabel='JRE Certificate Authority Certificates'> 496 <title>Install or update the JRE Certificate Authority Certificates 497 (cacerts) file</title> 498 499 <para> 500 <application>OpenJDK</application> uses its own format for the 501 CA certificates. Those certificates are located in a file named 502 <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be 503 generated using the system PKI trust store. The instructions 504 on the <xref linkend="make-ca"/> page should be used to update the file 505 located in <filename>/etc/ssl/java</filename>. Run the conversion and 506 setup a symlink in the default location as the <systemitem 507 class="username">root</systemitem> user: 508 </para> 509 510 <screen role="root"><userinput>/usr/sbin/make-ca --force && 511 ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen> 512 513 <para> 514 Use the following commands to check if the <filename>cacerts</filename> 515 file has been successfully installed: 495 <sect3> 496 <title> 497 Settting up the JRE Certificate Authority Certificates (cacerts) file 498 </title> 499 500 <para> 501 If you have run the instructions for <xref linkend="ojdk-certs"/>, 502 you only need to create a symlink in the default location for 503 those certificates. As user <systemitem 504 class="username">root</systemitem>: 505 </para> 506 507 <screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks /opt/jdk/lib/security/cacerts</userinput></screen> 508 509 <para> 510 To check the installatiion, as when <xref linkend="ojdk-certs"/>, issue: 516 511 </para> 517 512 518 513 <screen role="root"><userinput>cd /opt/jdk 519 bin/keytool -list -keystore /etc/ssl/java/cacerts</userinput></screen> 520 521 <para> 522 At the prompt "Enter keystore password:", enter "changeit" (the 523 default). If the <filename>cacerts</filename> file was installed 524 correctly, you will see a list of the certificates with related 525 information for each one. If not, you need to reinstall them. 526 </para> 514 bin/keytool -list -cacerts</userinput></screen> 527 515 528 516 </sect3> -
introduction/welcome/changelog.xml
r0dc1b7b r55bcdd7 46 46 <itemizedlist> 47 47 <listitem> 48 <para>[pierre] - Move the instructions to install the CA certificates 49 for Java to "Configuring the Java environment", so that a "cacerts" 50 file can be passed to OpenJDK's configure. Also host the jtreg 51 bundle on anduin.</para> 52 </listitem> 53 <listitem> 48 54 <para>[thomas] - Upgrade to json-c-0.13.1. Fixes 49 55 <ulink url="&blfs-ticket-root;10471">#10471</ulink>.</para> … … 55 61 disregard the mitigation because of issues with the previous (now 56 62 withdrawn) version. That will hopefully be fixed in a few days, 57 but wil then require a kernel upgrade. Fixes63 but will then require a kernel upgrade. Fixes 58 64 <ulink url="&blfs-ticket-root;10300">#10300</ulink>.</para> 59 65 </listitem>
Note:
See TracChangeset
for help on using the changeset viewer.