Author: pierre
Date: Thu Mar 15 10:42:49 2018
New Revision: 19953
Log:
Move the instructions to install the JAVA CA certificates to "Configuring the
JAVA environment" and host jtreg on anduin.
Modified:
trunk/BOOK/general/prog/ojdk-conf.xml
trunk/BOOK/general/prog/openjdk.xml
trunk/BOOK/introduction/welcome/changelog.xml
Modified: trunk/BOOK/general/prog/ojdk-conf.xml
==============================================================================
--- trunk/BOOK/general/prog/ojdk-conf.xml Thu Mar 15 03:23:32 2018
(r19952)
+++ trunk/BOOK/general/prog/ojdk-conf.xml Thu Mar 15 10:42:49 2018
(r19953)
@@ -15,6 +15,9 @@
<title>Configuring the JAVA environment</title>
+ <sect2 id="java-profile">
+ <title>Setting up the environment</title>
+
<para>
After the package installation is complete, the next step is to make sure
that the system can properly find the files. If you set up your login
@@ -74,9 +77,49 @@
mkdir -p /var/cache/man
mandb -c /opt/jdk/man</userinput></screen>
+ </sect2>
+
+ <sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority
Certificates">
+
+ <title>Setting up the Certificate Authority Certificates for Java</title>
+
+ <para>
+ <application>OpenJDK</application> uses its own format for the
+ CA certificates. The Java security modules use
+ <envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
+ default. In order to keep all the certificates in one place, we use
+ <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
+ generated using the system PKI trust store. The instructions
+ on the <xref linkend="make-ca"/> page should be used to update the file
+ located in <filename class="directory">/etc/ssl/java</filename>.
+ Run the conversion and setup a symlink in the default location as the
+ <systemitem class="username">root</systemitem> user:
+ </para>
+
+<screen role="root"><userinput>/usr/sbin/make-ca -g --force &&
+ln -sfv /etc/ssl/java/cacerts.jks
/opt/jdk/lib/security/cacerts</userinput></screen>
+
<para>
- The installation of the JRE certificate authority bundle
- is described in the <xref linkend="ojdk-certs"/> section.
+ Use the following commands to check if the <filename>cacerts</filename>
+ file has been successfully installed:
</para>
+<screen role="root"><userinput>cd /opt/jdk
+bin/keytool -list -cacerts</userinput></screen>
+
+ <para>
+ At the prompt <computeroutput>Enter keystore password:</computeroutput>,
+ enter <userinput>changeit</userinput> (the default) or just press the
+ <quote>Enter</quote> key. If the <filename>cacerts</filename> file was
+ installed correctly, you will see a list of the certificates with
+ related information for each one. If not, you need to reinstall them.
+ </para>
+
+ <para>
+ If you later install a new JVM, you just have to create the symlink in
+ the default location to be able to use the cacerts.
+ </para>
+
+ </sect2>
+
</sect1>
Modified: trunk/BOOK/general/prog/openjdk.xml
==============================================================================
--- trunk/BOOK/general/prog/openjdk.xml Thu Mar 15 03:23:32 2018 (r19952)
+++ trunk/BOOK/general/prog/openjdk.xml Thu Mar 15 10:42:49 2018 (r19953)
@@ -22,9 +22,9 @@
<!ENTITY nashorn-md5sum "729d03b0cede2f697ad77170a9d89095">
<!ENTITY total-download-size "83 MB">
- <!ENTITY jtreg-version "4.2-b12">
- <!ENTITY jtreg-download
"https://ci.adoptopenjdk.net/view/all/job/jtreg/lastSuccessfulBuild/artifact/jtreg-&jtreg-version;.tar.gz";>
- <!ENTITY jtreg-md5sum "d9869a852006397df454e904ef1f3ea2">
+ <!ENTITY jtreg-version "4.2-b12-293">
+ <!ENTITY jtreg-download
"&anduin-download;/jtreg-&jtreg-version;.tar.gz">
+ <!ENTITY jtreg-md5sum "806213d907d737ab49034344cd3df2cf">
<!ENTITY jtreg-size "7.3 MB">
<!ENTITY ojdk-bdsize "4.6 GB (additional 676 MB for tests)">
@@ -319,7 +319,7 @@
<note>
<para>
If you only wish to install the Java Runtime Environment, you can
- substitue <filename>build/*/images/jre</filename> in the above
+ substitute <filename>build/*/images/jre</filename> in the above
<command>cp</command> command.
</para>
</note>
@@ -492,38 +492,26 @@
</sect3>
- <sect3 id='ojdk-certs' xreflabel='JRE Certificate Authority Certificates'>
- <title>Install or update the JRE Certificate Authority Certificates
- (cacerts) file</title>
+ <sect3>
+ <title>
+ Settting up the JRE Certificate Authority Certificates (cacerts) file
+ </title>
<para>
- <application>OpenJDK</application> uses its own format for the
- CA certificates. Those certificates are located in a file named
- <filename>/etc/ssl/java/cacerts.jks</filename>. That file should be
- generated using the system PKI trust store. The instructions
- on the <xref linkend="make-ca"/> page should be used to update the file
- located in <filename>/etc/ssl/java</filename>. Run the conversion and
- setup a symlink in the default location as the <systemitem
- class="username">root</systemitem> user:
+ If you have run the instructions for <xref linkend="ojdk-certs"/>,
+ you only need to create a symlink in the default location for
+ those certificates. As user <systemitem
+ class="username">root</systemitem>:
</para>
-<screen role="root"><userinput>/usr/sbin/make-ca --force &&
-ln -sfv /etc/ssl/java/cacerts.jks
/opt/jdk/lib/security/cacerts</userinput></screen>
+<screen role="root"><userinput>ln -sfv /etc/ssl/java/cacerts.jks
/opt/jdk/lib/security/cacerts</userinput></screen>
<para>
- Use the following commands to check if the <filename>cacerts</filename>
- file has been successfully installed:
+ To check the installatiion, as when <xref linkend="ojdk-certs"/>,
issue:
</para>
<screen role="root"><userinput>cd /opt/jdk
-bin/keytool -list -keystore /etc/ssl/java/cacerts</userinput></screen>
-
- <para>
- At the prompt "Enter keystore password:", enter "changeit" (the
- default). If the <filename>cacerts</filename> file was installed
- correctly, you will see a list of the certificates with related
- information for each one. If not, you need to reinstall them.
- </para>
+bin/keytool -list -cacerts</userinput></screen>
</sect3>
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Thu Mar 15 03:23:32
2018 (r19952)
+++ trunk/BOOK/introduction/welcome/changelog.xml Thu Mar 15 10:42:49
2018 (r19953)
@@ -45,6 +45,12 @@
<para>March 15th, 2018</para>
<itemizedlist>
<listitem>
+ <para>[pierre] - Move the instructions to install the CA certificates
+ for Java to "Configuring the Java environment", so that a "cacerts"
+ file can be passed to OpenJDK's configure. Also host the jtreg
+ bundle on anduin.</para>
+ </listitem>
+ <listitem>
<para>[thomas] - Upgrade to json-c-0.13.1. Fixes
<ulink url="&blfs-ticket-root;10471">#10471</ulink>.</para>
</listitem>
@@ -54,7 +60,7 @@
models, particularly Skylake, currently-available kernels may
disregard the mitigation because of issues with the previous (now
withdrawn) version. That will hopefully be fixed in a few days,
- but wil then require a kernel upgrade. Fixes
+ but will then require a kernel upgrade. Fixes
<ulink url="&blfs-ticket-root;10300">#10300</ulink>.</para>
</listitem>
<listitem>
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
