Author: pierre
Date: Thu Mar 15 10:42:49 2018
New Revision: 19953

Log:
Move the instructions to install the JAVA CA certificates to "Configuring the
JAVA environment" and host jtreg on anduin.

Modified:
   trunk/BOOK/general/prog/ojdk-conf.xml
   trunk/BOOK/general/prog/openjdk.xml
   trunk/BOOK/introduction/welcome/changelog.xml

Modified: trunk/BOOK/general/prog/ojdk-conf.xml
==============================================================================
--- trunk/BOOK/general/prog/ojdk-conf.xml       Thu Mar 15 03:23:32 2018        
(r19952)
+++ trunk/BOOK/general/prog/ojdk-conf.xml       Thu Mar 15 10:42:49 2018        
(r19953)
@@ -15,6 +15,9 @@
 
   <title>Configuring the JAVA environment</title>
 
+  <sect2 id="java-profile">
+    <title>Setting up the environment</title>
+
     <para>
       After the package installation is complete, the next step is to make sure
       that the system can properly find the files.  If you set up your login
@@ -74,9 +77,49 @@
 mkdir -p /var/cache/man
 mandb -c /opt/jdk/man</userinput></screen>
 
+  </sect2>
+
+  <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority 
Certificates">
+
+    <title>Setting up the Certificate Authority Certificates for Java</title>
+
+    <para>
+      <application>OpenJDK</application> uses its own format for the
+      CA certificates. The Java security modules use
+      <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
+      default. In order to keep all the certificates in one place, we use
+      <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
+      generated using the system PKI trust store. The instructions
+      on the <xref linkend="make-ca"/> page should be used to update the file
+      located in <filename class="directory">/etc/ssl/java</filename>.
+      Run the conversion and setup a symlink in the default location as the
+      <systemitem class="username">root</systemitem> user:
+    </para>
+
+<screen role="root"><userinput>/usr/sbin/make-ca -g --force &amp;&amp;
+ln -sfv /etc/ssl/java/cacerts.jks 
/opt/jdk/lib/security/cacerts</userinput></screen>
+
     <para>
-      The installation of the JRE certificate authority bundle
-      is described in the <xref linkend="ojdk-certs"/> section.
+      Use the following commands to check if the <filename>cacerts</filename>
+      file has been successfully installed:
     </para>
 
+<screen role="root"><userinput>cd /opt/jdk
+bin/keytool -list -cacerts</userinput></screen>
+
+    <para>
+      At the prompt <computeroutput>Enter keystore password:</computeroutput>,
+      enter <userinput>changeit</userinput> (the default) or just press the
+      <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
+      installed correctly, you will see a list of the certificates with
+      related information for each one. If not, you need to reinstall them.
+    </para>
+
+    <para>
+      If you later install a new JVM, you just have to create the symlink in
+      the default location to be able to use the cacerts.
+    </para>
+
+  </sect2>
+
 </sect1>

Modified: trunk/BOOK/general/prog/openjdk.xml
==============================================================================
--- trunk/BOOK/general/prog/openjdk.xml Thu Mar 15 03:23:32 2018        (r19952)
+++ trunk/BOOK/general/prog/openjdk.xml Thu Mar 15 10:42:49 2018        (r19953)
@@ -22,9 +22,9 @@
   <!ENTITY nashorn-md5sum            "729d03b0cede2f697ad77170a9d89095">
   <!ENTITY total-download-size       "83 MB">
 
-  <!ENTITY jtreg-version             "4.2-b12">
-  <!ENTITY jtreg-download            
"https://ci.adoptopenjdk.net/view/all/job/jtreg/lastSuccessfulBuild/artifact/jtreg-&jtreg-version;.tar.gz";>
-  <!ENTITY jtreg-md5sum              "d9869a852006397df454e904ef1f3ea2">
+  <!ENTITY jtreg-version             "4.2-b12-293">
+  <!ENTITY jtreg-download            
"&anduin-download;/jtreg-&jtreg-version;.tar.gz">
+  <!ENTITY jtreg-md5sum              "806213d907d737ab49034344cd3df2cf">
   <!ENTITY jtreg-size                "7.3 MB">
 
   <!ENTITY ojdk-bdsize           "4.6 GB (additional 676 MB for tests)">
@@ -319,7 +319,7 @@
     <note>
       <para>
         If you only wish to install the Java Runtime Environment, you can
-        substitue <filename>build/*/images/jre</filename> in the above
+        substitute <filename>build/*/images/jre</filename> in the above
         <command>cp</command> command.
       </para>
     </note>
@@ -492,38 +492,26 @@
 
     </sect3>
 
-    <sect3 id='ojdk-certs' xreflabel='JRE Certificate Authority Certificates'>
-      <title>Install or update the JRE Certificate Authority Certificates
-      (cacerts) file</title>
+    <sect3>
+      <title>
+        Settting up the JRE Certificate Authority Certificates (cacerts) file
+      </title>
 
       <para>
-        <application>OpenJDK</application> uses its own format for the
-        CA certificates. Those certificates are located in a file named
-        <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
-        generated using the system PKI trust store. The instructions
-        on the <xref linkend="make-ca"/> page should be used to update the file
-        located in <filename>/etc/ssl/java</filename>. Run the conversion and
-        setup a symlink in the default location as the <systemitem
-        class="username">root</systemitem> user:
+        If you have run the instructions for <xref linkend="ojdk-certs"/>,
+        you only need to create a symlink in the default location for
+        those certificates. As user <systemitem
+        class="username">root</systemitem>:
       </para>
 
-<screen role="root"><userinput>/usr/sbin/make-ca --force &amp;&amp;
-ln -sfv /etc/ssl/java/cacerts.jks 
/opt/jdk/lib/security/cacerts</userinput></screen>
+<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks 
/opt/jdk/lib/security/cacerts</userinput></screen>
 
       <para>
-        Use the following commands to check if the <filename>cacerts</filename>
-        file has been successfully installed:
+        To check the installatiion, as when <xref linkend="ojdk-certs"/>, 
issue:
       </para>
 
 <screen role="root"><userinput>cd /opt/jdk
-bin/keytool -list -keystore /etc/ssl/java/cacerts</userinput></screen>
-
-      <para>
-        At the prompt "Enter keystore password:", enter "changeit" (the
-        default). If the <filename>cacerts</filename> file was installed
-        correctly, you will see a list of the certificates with related
-        information for each one. If not, you need to reinstall them.
-      </para>
+bin/keytool -list -cacerts</userinput></screen>
 
     </sect3>
 

Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml       Thu Mar 15 03:23:32 
2018        (r19952)
+++ trunk/BOOK/introduction/welcome/changelog.xml       Thu Mar 15 10:42:49 
2018        (r19953)
@@ -45,6 +45,12 @@
       <para>March 15th, 2018</para>
       <itemizedlist>
         <listitem>
+          <para>[pierre] - Move the instructions to install the CA certificates
+          for Java to "Configuring the Java environment", so that a "cacerts"
+          file can be passed to OpenJDK's configure. Also host the jtreg
+          bundle on anduin.</para>
+        </listitem>
+        <listitem>
           <para>[thomas] - Upgrade to json-c-0.13.1. Fixes
           <ulink url="&blfs-ticket-root;10471">#10471</ulink>.</para>
         </listitem>
@@ -54,7 +60,7 @@
           models, particularly Skylake, currently-available kernels may
           disregard the mitigation because of issues with the previous (now
           withdrawn) version.  That will hopefully be fixed in a few days,
-          but wil then require a kernel upgrade. Fixes
+          but will then require a kernel upgrade. Fixes
           <ulink url="&blfs-ticket-root;10300">#10300</ulink>.</para>
         </listitem>
         <listitem>
-- 
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to