Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8278080

Add --with-cacerts-src='user cacerts folder' to enable deterministic cacerts generation

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b27

      Backports

        Description

        Currently if an OpenJDK developer wants to generate a build with their own cacerts, they need to generate a "cacerts file" externally using keytool, and then pass it to configure using --with-cacerts-file="cacerts file". Unfortunately keytool does not produce a deterministic output, thus the OpenJDK built jdk cacerts is not reproducible.

        The OpenJDK internal build of the builtin cacerts resolves this problem with its own build tool "GenerateCacerts", whose output is deterministic.

        Developers could easily leverage this tool with the addition of a new configure option --with-cacerts-src="user cacerts folder", which generates the keystore using GenerateCacerts from this folder rather than the builtin cacerts folder.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                aleonard Andrew Leonard
                Reporter:
                aleonard Andrew Leonard
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: