feedback on --enable-java-home

Fri Oct 31 02:20:00 GMT 2008

Mark Wielaard schrieb:
> On Thu, 2008年10月30日 at 13:39 +0000, Andrew Haley wrote:
>> Mark Wielaard wrote:
>>> Hi,
>>>>>> On Wed, 2008年10月29日 at 19:44 +0100, Matthias Klose wrote:
>>>> Andrew Haley schrieb:
>>>>> Matthias Klose wrote:
>>>>>> l) Should a cacerts file created by default? At least java-gcj-compat
>>>>>> did include a generate-cacerts.pl script.
>>>>> I'm not certain about this; perhaps not.
>>>> I did see that some apps which were using openjdk and couldn't find the file did
>>>> give an error. iirc mjw did track this down to direct access to this file.
>>> I wasn't the person that tracked it down (that was Tom F.) but the
>>> conclusion is correct. Originally in IcedTea we included an enhanced
>>> default KeyStore that directly provided the distro installed openssl CA
>>> certificates through the provider written by Casey. But applications
>>> wanted to open, read and modify the cacerts file directly (e.g.
>>> glassfish, eclipse, etc.). See also:
>>> http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=150#c5
>> Can you write a patch for this?
>> For what precisely? The referenced bug is closed. As Matthias said there
> is a generate-cacerts.pl script already in java-gcj-compat (and another
> one in classpath/scripts/import-cacerts.sh) that can be used if you
> want.

Has java-gcj-compat has to provide this file on it's own. I didn't check
recently if PR32864 is still present in 4.4, but then having the gcj keytool
generating a cacerts which is incompatible with the openjdk one would be bad. If
these are compatible, then a symlink to the cacerts distributed by the distro
would be fine.
 Matthias