Re: Safe to install Oracle Java 1.8?
Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. -- Vladimir
Re: Safe to install Oracle Java 1.8?
On 31/01/15 03:44, Vladimir Mosgalin wrote: Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. On a related note, from what I can tell the update to 1.8 has disabled some SSL connect methods. Sadly, this has locked me out of any Dell DRAC5 remote console interfaces... I'm hunting for a way to re-enable the disabled SSL methods, but I'm not quite sure how to do so... I'm on Fedora 21 on my desktop - but I believe its the same with any upgrade to 1.8 - even the Oracle JRE disables these SSL methods :( -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 signature.asc Description: OpenPGP digital signature
Re: Safe to install Oracle Java 1.8?
On 31/01/15 13:30, Steven Haigh wrote: On 31/01/15 03:44, Vladimir Mosgalin wrote: Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. On a related note, from what I can tell the update to 1.8 has disabled some SSL connect methods. Sadly, this has locked me out of any Dell DRAC5 remote console interfaces... I'm hunting for a way to re-enable the disabled SSL methods, but I'm not quite sure how to do so... I'm on Fedora 21 on my desktop - but I believe its the same with any upgrade to 1.8 - even the Oracle JRE disables these SSL methods :( Whoops - forgot to paste in my reference for this: https://rhn.redhat.com/errata/RHSA-2015-0069.html Although, further research that turned up the above URL also shows: A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. Further digging on that shows up: Users who need to re-enable SSL 3.0 protocol support in OpenJDK or Oracle JDK can do so using one of the following ways: * Change the master security properties file to not include SSLv3 in the list of disabled algorithms. The java.security files for each JDK can be found at the following path: /usr/lib/jvm/*/jre/lib/security/java.security The sub-directory under /usr/lib/jvm contains package name (such as java-1.7.0-openjdk or java-1.7.0-oracle) possibly followed by package version or architecture (depending on the JDK and its version). Note that the change to the file will affect all applications using given JDK. Local changes to the file will also cause new java.security versions to be installed as java.security.rpmnew if future updates change packaged version, requiring manual merge of changes. * Re-enable SSLv3 support only for specific application or applications that require it. Create a new security properties file that will override the default jdk.tls.disabledAlgorithms setting from the master java.security, and use the java.security.properties system property to make Java read the file in addition to the master security properties file. Example: $ cat enable-ssl3.security jdk.tls.disabledAlgorithms= $ java -Djava.security.properties=/path/to/enable-ssl3.security ... Note that this only works if the master security properties file sets the security.overridePropertiesFile security property to true. That is the default setting in all OpenJDK and Oracle JDK packages shipped in Red Hat Enterprise Linux. -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 signature.asc Description: OpenPGP digital signature
Re: Safe to install Oracle Java 1.8?
On 30 January 2015 at 19:30, Steven Haigh net...@crc.id.au wrote: On 31/01/15 03:44, Vladimir Mosgalin wrote: Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. On a related note, from what I can tell the update to 1.8 has disabled some SSL connect methods. Sadly, this has locked me out of any Dell DRAC5 remote console interfaces... The method is to have an old version of Java around if you can not update the DRAC. I had to do this last weekend for even older hardware that only worked after I got Windows XP and Java 1.6 U7 because various things were turned off in U12 and above. [And the remote management wouldn't talk with Java from Linux because it downloads a 32 bit jar inside of a dll ... wh] I'm hunting for a way to re-enable the disabled SSL methods, but I'm not quite sure how to do so... I'm on Fedora 21 on my desktop - but I believe its the same with any upgrade to 1.8 - even the Oracle JRE disables these SSL methods :( -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 -- Stephen J Smoogen.
Re: Safe to install Oracle Java 1.8?
On Thu, Jan 29, 2015 at 11:10 PM, Nico Kadel-Garcia nka...@gmail.com wrote: Name 2. Why two? If one critical application doesn't work without Oracle Java, then I'm going to install Oracle Java to get it working. For me that application is WebEx meetings. Feel free to try for yourself though. I'd love to be proven wrong: http://www.webex.com/test-meeting.html (I was never able to get all the features working with OpenJDK, particularly desktop sharing) Seriously: I've heard this again and again since Java 1.4? I've not actually encountered any instance except where someone hardoced something, deliberately, to *insist* on it. And ever since Java 1.5.0, as soon as I or a colleague broke that lock, the alternative OpenJDK worked just fine. You're one of the lucky ones I guess.