On Wed, 6 May 2026 16:20:48 GMT, Francisco Ferrari Bihurriet <[email protected]> wrote:
>>> @seanjmullan one problem would be with the order of the property file >>> passed as the `props` option. For example, with `jlink >>> --security-properties props.security`: >>> >>> `props.security` contents: >>> >>> ```ini >>> include /path/to/other.properties >>> >>> # Stricter keystore checking >>> keystore.type.compat=false >>> ``` >>> >>> `/path/to/other.properties` might define `keystore.type.compat`, but its >>> value is overriden. >>> >>> However, the linked image would have the following `java.security`: >>> >>> ```ini >>> # [...] other properties from the runtime's java.security >>> keystore.type.compat=false >>> # [...] other properties from the runtime's java.security >>> include=/path/to/other.properties >>> ``` >>> >>> `/path/to/other.properties` might define (and now override) >>> `keystore.type.compat`. >> >> Right, but we previously discussed this and the consensus was that adding a >> single `include` at the end of the `java.security` file was sufficient. >> >> What I was proposing was just a simpler way to support adding an `include` >> statement at the end of the `java.security` file w/o having an additional >> option. So, two assumptions could be made: >> >> - order of properties is not preserved (this is already an assumption) >> - `include` statement is always added at end of file regardless of where it >> resides in the props file. If more than one `include` statement appears then >> either throw an exception, or last one wins. >> >> I could be ok with the current proposal, but as you will see (when I post an >> updated PR) it is a bit more complicated just to support an additional >> option. > >> What I was proposing was just a simpler way to support adding an `include` >> statement at the end of the `java.security` file w/o having an additional >> option. So, two assumptions could be made: >> >> * order of properties is not preserved (this is already an assumption) >> * `include` statement is always added at end of file regardless of where it >> resides in the props file. If more than one `include` statement appears then >> either throw an exception, or last one wins. > > Oh I see, I don't have any objection with this if it makes things simpler on > your side. It would just require a clear mention in the > `--security-properties` parameter documentation. Since I already implemented the `include` option, I will push what I've done so far so you can see if this is sufficient and not too complicated. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30635#discussion_r3203332304
