Code review request: 8011402: Move blacklisting certificate logic from hard code to data
Erik Joelsson
erik.joelsson at oracle.com
Fri Sep 6 14:39:46 UTC 2013
On 2013-09-06 16:25, Weijun Wang wrote:
>
>
> On 9/6/13 10:07 PM, Erik Joelsson wrote:
>> Hello Max,
>>
>> I couldn't find the link to the review but I'm guessing this is the one:
>> http://cr.openjdk.java.net/~weijun/8011402/webrev.00/
>
> Correct, sorry about that.
>
>>> 3. Most important: it only works if both $(BLACKLISTED_CERTS_SRC_OPEN)
>>> and $(BLACKLISTED_CERTS_SRC_CLOSED) already exists. Currently there is
>>> no closed blacklist, but I still have to create an empty file there.
>>> Otherwise, there will be
>>>
>>> make[2]: *** No rule to make target
>>> `/space/repos/jdk8/tl/jdk/src/closed/share/lib/security/blacklisted.certs',
>>>
>>> needed by
>>> `/space/repos/jdk8/tl/build/macosx-x86_64-normal-server-release/jdk/lib/security/blacklisted.certs'.
>>>
>>> Stop.
>>>
>>> Is there a way to make it work without adding that empty file?
>> Yes:
>> BLACKLISTED_CERTS_SRCS := /path/to/open/certs
>> ifndef OPENJDK
>> BLACKLISTED_CERTS_SRCS += /path/to/closed/certs
>> endif
>>
>> $(BLACKLISTED_CERTS_DEST): $(BLACKLISTED_CERTS_SRCS)
>> <do stuff>
>
> It's that there is no /path/to/closed/certs file at all now, and I
> don't want to just create an empty file to make the build work. What I
> am looking for is
>
> ifndef OPENJDK and exists(/path/to/closed/certs)
> BLACKLISTED_CERTS_SRCS += /path/to/closed/certs
> endif
>
Right, I forgot about that part. Do we expect to add one soon or is this
just a just-in-case? If we don't anticipate closed additions I would
skip this functionality in the build for now. But if we do, the wildcard
function can be handy here as it will return empty if it doesn't find
any files.
/Erik
More information about the security-dev
mailing list