The "keytool -list" output contains a creation data (I know it's useless now), so if THIS_FILE and THAT_FILE happen to be created on different dates then you will see difference.
--Max > On Jun 11, 2019, at 7:37 AM, Erik Joelsson <erik.joels...@oracle.com> wrote: > > > On 2019-06-10 16:23, David Holmes wrote: >> Hi Erik, >> >> On 11/06/2019 5:37 am, Erik Joelsson wrote: >>> Since JDK-8193255, when we started generating the cacerts file in the >>> build, the build compare baseline builds have started failing. It seems the >>> cacerts binary file has some non determinism built in so it doesn't get >>> generated exactly the same given the same input. This patch adds special >>> handling when comparing that file by comparing the output of "keytool >>> -list" on the files instead. >> >> Seems a reasonable approach. >> >>> Bug: https://bugs.openjdk.java.net/browse/JDK-8225392 >>> >>> Webrev: http://cr.openjdk.java.net/~erikj/8225392/webrev.01/ >> >> Code changes seem fine. > Thanks! >> I'm assuming this formulation doesn't run into the: >> >> Warning: use -cacerts option to access cacerts keystore >> >> that you get if you actually point keytool to the cacerts files in the JDK >> image: >> >> > ./build/linux-x64-debug/images/jdk/bin/keytool -list -keystore >> > build/linux-x64-debug/images/jdk/lib/security/cacerts -storepass changeit >> > > certs.1 >> Warning: use -cacerts option to access cacerts keystore >> > I did not see that. I would guess it's because I'm not running keytool from > the images/jdk/bin dir, but in most cases from the jdk/bin dir (the exploded > image), or in the cross compilation case, it's running from the buildjdk. I > just tried it manually, and it seems the warning is only printed if trying to > list the cacerts file from the same image. > > /Erik > >> Thanks, >> David >> ----- >> >>> /Erik >>>