From owner-freebsd-java@FreeBSD.ORG Tue Feb 22 21:17:36 2005 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 67CE016A4CE for ; Tue, 22 Feb 2005 21:17:36 +0000 (GMT) Received: from misty.eyesbeyond.com (glewis.dsl.xmission.com [166.70.56.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id C010243D31 for ; Tue, 22 Feb 2005 21:17:34 +0000 (GMT) (envelope-from glewis@eyesbeyond.com) Received: from misty.eyesbeyond.com (localhost.eyesbeyond.com [127.0.0.1]) by misty.eyesbeyond.com (8.13.3/8.13.3) with ESMTP id j1MLHO5Q010569; Tue, 22 Feb 2005 14:17:24 -0700 (MST) (envelope-from glewis@eyesbeyond.com) Received: (from glewis@localhost) by misty.eyesbeyond.com (8.13.3/8.13.3/Submit) id j1MLHIoA010568; Tue, 22 Feb 2005 14:17:18 -0700 (MST) (envelope-from glewis@eyesbeyond.com) X-Authentication-Warning: misty.eyesbeyond.com: glewis set sender to glewis@eyesbeyond.com using -f Date: Tue, 22 Feb 2005 14:17:18 -0700 From: Greg Lewis To: Jonathan Chen Message-ID: <20050222211718.GA10535@misty.eyesbeyond.com> References: <20050219123658.F63417@fw.reifenberger.com> <20050219115556.GA20517@phantom.cris.net> <20050219140045.G63696@fw.reifenberger.com> <20050219132212.GA21028@phantom.cris.net> <20050219192254.GA30667@osiris.chen.org.nz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050219192254.GA30667@osiris.chen.org.nz> User-Agent: Mutt/1.4.2.1i cc: java@freebsd.org cc: Michael Reifenberger cc: Alexey Zelkin Subject: Re: Adding cacerts to jdk15 X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 22 Feb 2005 21:17:36 -0000 On Sun, Feb 20, 2005 at 08:22:54AM +1300, Jonathan Chen wrote: > On Sat, Feb 19, 2005 at 03:22:12PM +0200, Alexey Zelkin wrote: > > [...] > > We are not adding cacerts for jdk1[34], but *replacing* it (because > > of security problems). JDK 1.5.0 was released *after* this problem > > was found and fixed, so jdk15 is distributing with valid cacerts > > file and there's no reason to do any manual interventions. > > I have to agree with Micheal. The installed port on i386 comes back > with an empty cacerts file as well: > > 8:19am> ls -l /usr/local/jdk1.5.0/jre/lib/security/cacerts > -rw-r--r-- 1 root wheel 32 Jan 25 22:53 /usr/local/jdk1.5.0/jre/lib/security/cacerts I suspect this has something to do with patchset 1 not building javaws: > ls -l deploy/src/javaws/share/config/cacerts j2se/src/share/lib/security/cacerts -rw-r--r-- 1 glewis staff 7910 Nov 8 15:28 deploy/src/javaws/share/config/cacerts -rw-r--r-- 1 glewis staff 32 Nov 8 15:28 j2se/src/share/lib/security/cacerts So, I don't think we need to add a separate file to the port, just install the correct cacerts file for now, e.g. add something like the following to the do-install target (untested): ${INSTALL_DATA} ${WRKDIR}/deploy/src/javaws/share/config/cacerts \ ${PREFIX}/jdk${JDK_VERSION}/jre/lib/security then once we support javaws (patchset 2 hopefully) this can be removed as the install process itself will DTRT at that point. -- Greg Lewis Email : glewis@eyesbeyond.com Eyes Beyond Web : http://www.eyesbeyond.com Information Technology FreeBSD : glewis@FreeBSD.org