> For JEP 493-enabled builds there are no JMODs. Certain files come from the > installed JDK image when a user creates a custom run-time from it. This is > problematic for example for files that often come from a different package > (e.g. `cacerts` file for Linux distro builds of OpenJDK packaged as RPMs), or > more generally when they get updated out-of-band of the JDK build itself like > the tzupdater tool. > > When that happens the hash sum recorded at JDK build time of those files no > longer match, causing `jlink` to fail. I propose to allow for those files to > get "upgraded" should this happen. The way this works is as follows: > > 1. The list of upgradeable files is configured by a resource file in > `jdk.jlink` on a per module basis. Right now, only two files from the > `java.base` module will be allowed to be upgraded with a link from the > current run-time image. > 2. For those files the hash sum checks are skipped. > > **Testing** > > - [x] GHA > - [x] `jdk/tools/jlink` jtreg tests (also on > [GHA](https://github.com/jerboaa/jdk/actions/runs/14308729271)) > - [x] Some manual tests with updated `tzdb.dat` and `cacerts` files. > > Thoughts?
Severin Gehwolf has updated the pull request incrementally with one additional commit since the last revision: Use *.conf for upgrade files ------------- Changes: - all: https://git.openjdk.org/jdk/pull/24388/files - new: https://git.openjdk.org/jdk/pull/24388/files/89d3886d..4434c78e Webrevs: - full: https://webrevs.openjdk.org/?repo=jdk&pr=24388&range=04 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=24388&range=03-04 Stats: 11 lines in 4 files changed: 6 ins; 3 del; 2 mod Patch: https://git.openjdk.org/jdk/pull/24388.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/24388/head:pull/24388 PR: https://git.openjdk.org/jdk/pull/24388
