On 13/03/2018 05:25, DJ Lucas wrote: > > > On 03/12/2018 04:30 PM, Pierre Labastie wrote: >> On 12/03/2018 22:19, Pierre Labastie wrote: >>> Hi, >>> >>> In order to move to the Maven build system, I tried to rebuild an OpenJDK >>> JVM >>> in a fresh LFS sytem (in a VM). There are a few problems: >>> - The jtreg file is updated every few days on the ci.adoptjk.net site. >>> Result: >>> the MD5sum in the book is obsolete. I suggest removing the MD5sum, there >>> is >>> no real security threat in a testsuite, is there? > > I was not aware of that. There can be a security threat in any code. Bruce > also had a suggestion that we host it. I'm good either way, but lean toward > his suggestion.
That's what we were doing before. Each version is 7MB. anduin can cope with it, I guess... > >>> - We pass "--with-cacerts-file=/etc/ssl/java/cacerts.jks" to configure, but >>> if >>> this is the first build of OpenJDK, it is perfectly possible that this >>> file >>> does not exist, and then the build fails. I would suggest to build it >>> just >>> after the Java binary installation. > > It shouldn't be possible. The expected environment contains the file as it is > part of configuring the binary install. However, I admit that the instructions > being split across multiple pages is confusing. Your next suggestion works > well. Sledgehammer to drive a tack, but I'm good with it. :-) Not sure I understand: /etc/ssl/java/cacerts.jks only exists if created by make-ca, but make-ca does not create it if keytool is not available. Now, the java binary on anduin contains a real cacerts file (not a link) into /opt/<jdk-bin>/lib/security. We could pass that as well. Since the switch is used during the testsuite, we shouldn't remove it. So let's use the "sledgehammer". > >>> - When running /usr/sbin/make-ca --force at the end, there is no reason that >>> the certdata.txt file be in the current directory. I would suggest to add >>> the -g option to the command. Not useful anymore if created as part of the java binary configuration. > > >>> - Not tried yet but the last instructions should be >>> "bin/keytool -list -keystore /opt/jdk/lib/security/cacerts" (in order to >>> check that the JVM install is OK). And if we want to test the one in >>> /etc, >>> it should be "bin/keytool -list -keystore /etc/ssl/java/cacerts.jks" >>> (.jks >>> added at the end). > > Ugh, my bad. I missed it when I flipped it. > >> >> Actually, the real test is "bin/keytool -list -cacerts" > That's what we need to test. Will do that. Thanks Pierre -- http://lists.linuxfromscratch.org/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
