RFR: 8352689: Allow for hash sum overrides when linking from the run-time image [v2]

[Severin Gehwolf]

On Wed, 26 Mar 2025 08:53:21 GMT, Alan Bateman <alanb at openjdk.org> wrote:

> > @AlanBateman Would we need a CSR for this? This isn't any option that shows up anywhere user-visible, so I'm thinking not. Please let me know. Thanks!
> 
> There isn't any change to a supported interface so probably not.

Thanks.

> That said, I don't think we should integrate this change without further discussion and enumeration of the issues.

Sure.

> In the case of cacerts (mentioned in the JBS issue) then this requires more information to understand if it's "use system" or something is updating the cacerts in the JDK run-time image. I think TZ updates should be looked at too

The cacerts issue mentioned in the JBS issue relates to an RPM installation of the JDK where the cacerts file is a symlink to the distro provided one. So I think that's "use system" issue.

TZ updates would potentially break this too. If an external tool updates `tzdb.dat` then the hash sum computed at JDK build-time will no longer match. I believe this could also be solved with a sha-override (e.g. by coming from a file `@${java.home}/sha-override.txt`) which would get the update along with `tzdb.dat`.

-------------

PR Comment: https://git.openjdk.org/jdk/pull/24190#issuecomment-2753812607