Re: RFR: JDK-8225392: Comparison builds are failing due to cacerts file

Mon, 10 Jun 2019 19:11:06 -0700 

Hi Max,

On 11/06/2019 11:05 am, Weijun Wang wrote:

keytool -keystore .. -storepass changeit -list -rfc | grep -v "Creation date"

would exclude the date (which has its own line).


I don't see any "Creation Date" entry when I run the tool:
> ./build/linux-x64-debug/images/jdk/bin/keytool -list -keystore build/linux-x64-debug/support/interim-image/lib/security/cacerts -storepass changeit | grep Creat 
>

It only appears with the -rfc option which Erik hasn't used.

David
-----


--Max


On Jun 11, 2019, at 8:39 AM, Weijun Wang <weijun.w...@oracle.com> wrote:

The "keytool -list" output contains a creation data (I know it's useless now), 
so if THIS_FILE and THAT_FILE happen to be created on different dates then you will see 
difference.

--Max


On Jun 11, 2019, at 7:37 AM, Erik Joelsson <erik.joels...@oracle.com> wrote:


On 2019-06-10 16:23, David Holmes wrote:

Hi Erik,

On 11/06/2019 5:37 am, Erik Joelsson wrote:

Since JDK-8193255, when we started generating the cacerts file in the build, the build 
compare baseline builds have started failing. It seems the cacerts binary file has some 
non determinism built in so it doesn't get generated exactly the same given the same 
input. This patch adds special handling when comparing that file by comparing the output 
of "keytool -list" on the files instead.


Seems a reasonable approach.


Bug: https://bugs.openjdk.java.net/browse/JDK-8225392

Webrev: http://cr.openjdk.java.net/~erikj/8225392/webrev.01/


Code changes seem fine.

Thanks!

I'm assuming this formulation doesn't run into the:

Warning: use -cacerts option to access cacerts keystore

that you get if you actually point keytool to the cacerts files in the JDK 
image:


./build/linux-x64-debug/images/jdk/bin/keytool -list -keystore 
build/linux-x64-debug/images/jdk/lib/security/cacerts -storepass changeit > 
certs.1

Warning: use -cacerts option to access cacerts keystore


I did not see that. I would guess it's because I'm not running keytool from the 
images/jdk/bin dir, but in most cases from the jdk/bin dir (the exploded 
image), or in the cross compilation case, it's running from the buildjdk. I 
just tried it manually, and it seems the warning is only printed if trying to 
list the cacerts file from the same image.

/Erik


Thanks,
David
-----


/Erik

Reply via email to