On Oct 4, 2009, at 3:42 AM, [email protected] wrote:
Author: peter_firmstone
Date: Sun Oct 4 07:42:32 2009
New Revision: 821473
URL: http://svn.apache.org/viewvc?rev=821473&view=rev
Log:
Setup build process for jtreg tests.
I've altered the jtreg command and added targets to move the
required jar files ( into a temporary directory instead of have to
install into the jre extensions directory.
That's a great improvement!
I've granted AllPermission to jsk-lib.jar, jsk-plaform.jar,
jsk.policy.jar, jsk-resources.jar and phoenix-init.jar in all the
test policy files.
I'm not sure that I would have added each of those grants individually
in each test policy file, rather than just a single grant to the whole
temp directory containing these JAR files (or if you're worried about
possibly wanting to use this temp directory for other purposes too, a
subdirectory specifically for JAR files to be granted AllPermission).
My reasoning would be just in case the set of JAR files to get this
treatment (i.e. assumption of AllPermission grant) needs to be
modified in the future for all of these tests (which did happen over
time as these tests and their infrastructure evolved)-- it would be
nice to not have to update each of these test security policy files
again.
I suppose that your approach allows each test to individually control
the set of JAR files to get this treatment, but that hasn't emerged as
a requirement for these tests before (evidenced by the fact that the
existing grant was always to a whole directory, the JRE extensions
directory).
In order for these files to get proper AllPermission for full access
these jar files will need to be signed in the build process, since
they are no longer being accessed from the jre/lib/ext/ directory.
Jonathan could you set up the signing certificates for me please?
I don't understand this-- the AllPermission grants are just to a code
source, not limited to any particular signers, so they shouldn't need
to be signed.
-- Peter
