linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-01-24 23:32:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
715add111b
glfs/general/prog/ojdk-conf.xml
Douglas R. Reno c751775dd9 Update to OpenJDK-21.0.2 (Security Update)
2024-01-20 13:00:09 -06:00

139 lines
4.6 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
<sect1 id="ojdk-conf" xreflabel="Configuring the Java environment">
<?dbhtml filename="ojdk-conf.html"?>
<title>Configuring the Java environment</title>
<sect2 id="java-profile">
<title>Setting up the environment</title>
<para>
After the package installation is complete, the next step is to make sure
that the system can properly find the files. If you set up your login
scripts as recommended in <xref linkend='postlfs-config-profile'/>, update
the environment by creating the <filename>openjdk.sh</filename> script,
as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt; /etc/profile.d/openjdk.sh &lt;&lt; "EOF"
<literal># Begin /etc/profile.d/openjdk.sh
# Set JAVA_HOME directory
JAVA_HOME=/opt/jdk
# Adjust PATH
pathappend $JAVA_HOME/bin
# Add to MANPATH
pathappend $JAVA_HOME/man MANPATH
# Auto Java CLASSPATH: Copy jar files to, or create symlinks in, the
# /usr/share/java directory.
AUTO_CLASSPATH_DIR=/usr/share/java
pathprepend . CLASSPATH
for dir in `find ${AUTO_CLASSPATH_DIR} -type d 2>/dev/null`; do
pathappend $dir CLASSPATH
done
for jar in `find ${AUTO_CLASSPATH_DIR} -name "*.jar" 2>/dev/null`; do
pathappend $jar CLASSPATH
done
export JAVA_HOME
# By default, Java creates several files in a directory named
# /tmp/hsperfdata_[username]. This directory contains files that are used for
# performance monitoring and profiling, but aren't normally needed on a BLFS
# system. This environment variable disables that feature.
_JAVA_OPTIONS="-XX:-UsePerfData"
export _JAVA_OPTIONS
unset AUTO_CLASSPATH_DIR dir jar _JAVA_OPTIONS
# End /etc/profile.d/openjdk.sh</literal>
EOF</userinput></screen>
<para>
If <xref linkend="sudo"/> is installed, the super user should have
access to the above variables. Execute the following commands as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt; /etc/sudoers.d/java &lt;&lt; "EOF"
<literal>Defaults env_keep += JAVA_HOME
Defaults env_keep += CLASSPATH
Defaults env_keep += _JAVA_OPTIONS</literal>
EOF</userinput></screen>
<para>
To use <command>mandb</command> to include the OpenJDK man pages
in its database, issue, as the <systemitem class="username">root
</systemitem> user:
</para>
<screen role="root"><userinput>cat &gt;&gt; /etc/man_db.conf &lt;&lt; "EOF" &amp;&amp;
<literal># Begin Java addition
MANDATORY_MANPATH /opt/jdk/man
MANPATH_MAP /opt/jdk/bin /opt/jdk/man
MANDB_MAP /opt/jdk/man /var/cache/man/jdk
# End Java addition</literal>
EOF
mkdir -p /var/cache/man &amp;&amp;
mandb -c /opt/jdk/man</userinput></screen>
</sect2>
<sect2 id="ojdk-certs" xreflabel="installing the JVM Certificate Authority Certificates">
<title>Setting up the Certificate Authority Certificates for Java</title>
<para>
<application>OpenJDK</application> uses its own format for the
CA certificates. The Java security modules use
<envar>$JAVA_HOME</envar><filename>/lib/security/cacerts</filename> by
default. In order to keep all the certificates in one place, we use
<filename>/etc/ssl/java/cacerts</filename>. The instructions
on the <xref linkend="make-ca"/> page previously created the file
located in <filename class="directory">/etc/ssl/java</filename>.
Set up a symlink in the default location as the
<systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts</userinput></screen>
<para>
Use the following command to check if the <filename>cacerts</filename>
file has been successfully installed:
</para>
<screen role="root"><userinput>/opt/jdk/bin/keytool -list -cacerts</userinput></screen>
<para>
At the prompt <computeroutput>Enter keystore password:</computeroutput>,
enter <userinput>changeit</userinput> (the default) or just press the
<quote>Enter</quote> key. If the <filename>cacerts</filename> file was
installed correctly, you will see a list of the certificates with
related information for each one. If not, you need to reinstall them.
</para>
<para>
If you later install a new JVM, you just have to create the symlink in
the default location to be able to use the cacerts.
</para>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink