Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8278080

Add --with-cacerts-src='user cacerts folder' to enable deterministic cacerts generation

    XMLWordPrintable

Details

    • b27

    Backports

      Description

        Currently if an OpenJDK developer wants to generate a build with their own cacerts, they need to generate a "cacerts file" externally using keytool, and then pass it to configure using --with-cacerts-file="cacerts file". Unfortunately keytool does not produce a deterministic output, thus the OpenJDK built jdk cacerts is not reproducible.

        The OpenJDK internal build of the builtin cacerts resolves this problem with its own build tool "GenerateCacerts", whose output is deterministic.

        Developers could easily leverage this tool with the addition of a new configure option --with-cacerts-src="user cacerts folder", which generates the keystore using GenerateCacerts from this folder rather than the builtin cacerts folder.

        Attachments

          Issue Links

            Activity

              People

                aleonard Andrew Leonard
                aleonard Andrew Leonard
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: