8193255: Root Certificates should be stored in text format and assembled at build time

Langer, Christoph christoph.langer at sap.com
Thu Nov 28 07:47:48 UTC 2019 

Hi Martin,

I guess you’re right, JDK11 should theoretically be bootstrapable with JDK10. Given that JDK10 is long out of support, though, I guess it just happens that hardly anybody is using it for 11 builds. Nevertheless, I think we should continue to support this configuration, so I’ll have a look and try to fix it. I also plan to bring this enhancement back to JDK8u, so I guess more changes are needed then…

Cheers
Christoph

From: Martin Buchholz <martinrb at google.com>
Sent: Donnerstag, 28. November 2019 06:13
To: Hohensee, Paul <hohensee at amazon.com>
Cc: Langer, Christoph <christoph.langer at sap.com>; jdk-updates-dev at openjdk.java.net
Subject: Re: 8193255: Root Certificates should be stored in text format and assembled at build time

I'm fiddling my build script to bootstrap 11u with 11u, but building.md still says

"The rule of thumb is that the boot JDK for building JDK major version *N*
should be a JDK of major version *N-1*"

          local -ir boot_major=$((major == 11 ? 11 : (major - 1) ))
          meta_configure --with-boot-jdk="$(jdk_home $boot_major)"

On Wed, Nov 27, 2019 at 1:24 PM Hohensee, Paul <hohensee at amazon.com<mailto:hohensee at amazon.com>> wrote:
You probably are. I use 11u to bootstrap 11u builds because 10 is an orphan.

Paul

From: Martin Buchholz <martinrb at google.com<mailto:martinrb at google.com>>
Date: Wednesday, November 27, 2019 at 10:04 AM
To: "Hohensee, Paul" <hohensee at amazon.com<mailto:hohensee at amazon.com>>
Cc: "Langer, Christoph" <christoph.langer at sap.com<mailto:christoph.langer at sap.com>>, "jdk-updates-dev at openjdk.java.net<mailto:jdk-updates-dev at openjdk.java.net>" <jdk-updates-dev at openjdk.java.net<mailto:jdk-updates-dev at openjdk.java.net>>
Subject: Re: 8193255: Root Certificates should be stored in text format and assembled at build time

This appears to have broken bootstrap with jdk10, because it uses jdk11 Path.of

(Am I the only one following the "bootstrap with jdk N-1" rule?)

GenerateCacerts.java:84: error: cannot find symbol
        List<String> entries = Files.list(Path.of(dir))
                                              ^
  symbol:   method of(String)
  location: interface Path

On Wed, Nov 20, 2019 at 9:06 AM Hohensee, Paul <hohensee at amazon.com<mailto:hohensee at amazon.com>> wrote:
Looks good.

Paul

On 11/20/19, 8:05 AM, "jdk-updates-dev on behalf of Langer, Christoph" <jdk-updates-dev-bounces at openjdk.java.net<mailto:jdk-updates-dev-bounces at openjdk.java.net> on behalf of christoph.langer at sap.com<mailto:christoph.langer at sap.com>> wrote:

    Hi,

    please review the 11u backport of the build facility to assemble the root certificate store (cacerts) at build time from certificates stored in text format. This is a prerequisite to enable easy and straightforward backports of certificate updates from head jdk. This fix will be backported together with JDK-8225392 as the latter one fixes a regression of 8193255.

    Bug: https://bugs.openjdk.java.net/browse/JDK-8193255
    Original Change: http://hg.openjdk.java.net/jdk/jdk/rev/29ab1f3bd353
    Webrev: http://cr.openjdk.java.net/~clanger/webrevs/8193255.11u/

    I had to resolve a copyright header diff in make/copy/Copy-java.base.gmk and a context diff in make/ToolsJdk.gmk.

    Patch runs successfully through SAP's regression test system.

    Thanks
    Christoph

More information about the jdk-updates-dev mailing list