Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 22 Feb 2005 14:17:18 -0700
From:      Greg Lewis <glewis@eyesbeyond.com>
To:        Jonathan Chen <jonc@chen.org.nz>
Cc:        Alexey Zelkin <phantom@FreeBSD.org.ua>
Subject:   Re: Adding cacerts to jdk15
Message-ID:  <20050222211718.GA10535@misty.eyesbeyond.com>
In-Reply-To: <20050219192254.GA30667@osiris.chen.org.nz>
References:  <20050219123658.F63417@fw.reifenberger.com> <20050219115556.GA20517@phantom.cris.net> <20050219140045.G63696@fw.reifenberger.com> <20050219132212.GA21028@phantom.cris.net> <20050219192254.GA30667@osiris.chen.org.nz>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Feb 20, 2005 at 08:22:54AM +1300, Jonathan Chen wrote:
> On Sat, Feb 19, 2005 at 03:22:12PM +0200, Alexey Zelkin wrote:
> 
> [...]
> > We are not adding cacerts for jdk1[34], but *replacing* it (because
> > of security problems).  JDK 1.5.0 was released *after* this problem
> > was found and fixed, so jdk15 is distributing with valid cacerts
> > file and there's no reason to do any manual interventions.
> 
> I have to agree with Micheal. The installed port on i386 comes back
> with an empty cacerts file as well:
> 
> 8:19am> ls -l /usr/local/jdk1.5.0/jre/lib/security/cacerts 
> -rw-r--r--  1 root  wheel  32 Jan 25 22:53 /usr/local/jdk1.5.0/jre/lib/security/cacerts

I suspect this has something to do with patchset 1 not building javaws:

> ls -l deploy/src/javaws/share/config/cacerts j2se/src/share/lib/security/cacerts
-rw-r--r--  1 glewis  staff  7910 Nov  8 15:28 deploy/src/javaws/share/config/cacerts
-rw-r--r--  1 glewis  staff    32 Nov  8 15:28 j2se/src/share/lib/security/cacerts

So, I don't think we need to add a separate file to the port, just install
the correct cacerts file for now, e.g. add something like the following
to the do-install target (untested):

	${INSTALL_DATA} ${WRKDIR}/deploy/src/javaws/share/config/cacerts \
		${PREFIX}/jdk${JDK_VERSION}/jre/lib/security

then once we support javaws (patchset 2 hopefully) this can be removed as
the install process itself will DTRT at that point.

-- 
Greg Lewis                          Email   : glewis@eyesbeyond.com
Eyes Beyond                         Web     : http://www.eyesbeyond.com
Information Technology              FreeBSD : glewis@FreeBSD.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050222211718.GA10535>