Re: Safe to install Oracle Java 1.8?
On Sat, Jan 31, 2015 at 12:25 PM, Denice deatr...@triumf.ca wrote: On Sat, 31 Jan 2015, Taylor Braun-Jones wrote: On Fri, Jan 30, 2015 at 2:55 PM, hansel han...@mnstate.edu wrote: Appreciate the feedback. However, my searching (14 registered repositories, RHEL and SL documents, RHEL/SL 6 releases of java 1.8 and security updates) finds no SL 7 supported rpm for java 1.8. This is basically a licensing problem. Oracle does not publish RHEL specific releases of their jdk or jre RPM packages, and without the source, it's difficult to publish a distribution specific packages. Use the non-specific RPM if you need to go there. Also note: whoever wrote this stuff for Sun in the first place called the non-developer package jre and the developer package with the javac compiler jdk, intead of splitting as java-[majorversion] and java-[majorversion-devel like a sane person would. Most Linux Java developers don't bother with the jre package, they just get the jdk. But if you're strapped for system resources and don't want a compiler lying around, the jre is potentially much safer mucah as openjdk is safer without the java-[majorversion]-openjdk-devel package. I just downloaded the jdk-8u31-linux-x64.rpm package from the Oracle website: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133 151.html An instructive exercise is to compare the number of lines in the post-install portion of an RPM from old UNIX companies (like Sun or Oracle): $ rpm -qp jdk-8u31-linux-x64.rpm --scripts |wc -l 2704 and compare that to RPM scriptlets from folk with strong Linux roots, like the RPM that Jaroslaw Polok was talking about .. $ for i in java-1.8.0-oracle-* ; do echo -n $i: ; rpm -qp $i --scripts 2/dev/null |wc -l; done java-1.8.0-oracle-1.8.0.25-3.0.el6.x86_64.rpm: 6 java-1.8.0-oracle-devel-1.8.0.25-3.0.el6.x86_64.rpm: 92 java-1.8.0-oracle-headless-1.8.0.25-3.0.el6.x86_64.rpm: 61 java-1.8.0-oracle-javafx-1.8.0.25-3.0.el6.x86_64.rpm: 0 java-1.8.0-oracle-plugin-1.8.0.25-3.0.el6.x86_64.rpm: 38 java-1.8.0-oracle-src-1.8.0.25-3.0.el6.x86_64.rpm: 0 You will get some idea why some of us avoid the Oracle-provided package like the plague. cheers, etc. It's also fascinating scripting. A %post operation that does compare_java_by_weight to decide wheter and where to put things is clearly trying to outsmart the rest of the installation environment.
Re: Safe to install Oracle Java 1.8?
Hi hansel! On 2015.01.30 at 14:55:52 -0500, hansel wrote next: Appreciate the feedback. However, my searching (14 registered repositories, RHEL and SL documents, RHEL/SL 6 releases of java 1.8 and security updates) finds no SL 7 supported rpm for java 1.8. So, does RHEL/SL 6 java 1.8 release work on SL 7 or has it been packaged for RHEL/SL 7? If for 7, it seems not to be in an SL or RHEL repository? You can't use RHEL's java 1.8 because they don't provide src.rpms for rebuilding IIRC (they can't by license; they could provide nosrc.rpm but I guess they don't see a point). But you can just rebuild jpackage-provided src.rpm (tweaked for SL6) on SL7 system, I don't think there would be any problems. JPackage does proper java packages, at least. You can get srpm here, for example: http://ftp.riken.jp/Linux/cern/slc6X/x86_64/updates/SRPMS/java-1.8.0-oracle-1.8.0.25-3.0.slc6.src.rpm update java tarball to latest version from oracle and rebuild it and here you go. -- Vladimir
Re: Safe to install Oracle Java 1.8?
Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. -- Vladimir
Re: Safe to install Oracle Java 1.8?
On 31/01/15 03:44, Vladimir Mosgalin wrote: Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. On a related note, from what I can tell the update to 1.8 has disabled some SSL connect methods. Sadly, this has locked me out of any Dell DRAC5 remote console interfaces... I'm hunting for a way to re-enable the disabled SSL methods, but I'm not quite sure how to do so... I'm on Fedora 21 on my desktop - but I believe its the same with any upgrade to 1.8 - even the Oracle JRE disables these SSL methods :( -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 signature.asc Description: OpenPGP digital signature
Re: Safe to install Oracle Java 1.8?
On 31/01/15 13:30, Steven Haigh wrote: On 31/01/15 03:44, Vladimir Mosgalin wrote: Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. On a related note, from what I can tell the update to 1.8 has disabled some SSL connect methods. Sadly, this has locked me out of any Dell DRAC5 remote console interfaces... I'm hunting for a way to re-enable the disabled SSL methods, but I'm not quite sure how to do so... I'm on Fedora 21 on my desktop - but I believe its the same with any upgrade to 1.8 - even the Oracle JRE disables these SSL methods :( Whoops - forgot to paste in my reference for this: https://rhn.redhat.com/errata/RHSA-2015-0069.html Although, further research that turned up the above URL also shows: A flaw was found in the way the SSL 3.0 protocol handled padding bytes when decrypting messages that were encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw could possibly allow a man-in-the-middle (MITM) attacker to decrypt portions of the cipher text using a padding oracle attack. (CVE-2014-3566) Note: This update disables SSL 3.0 by default to address this issue. The jdk.tls.disabledAlgorithms security property can be used to re-enable SSL 3.0 support if needed. For additional information, refer to the Red Hat Bugzilla bug linked to in the References section. Further digging on that shows up: Users who need to re-enable SSL 3.0 protocol support in OpenJDK or Oracle JDK can do so using one of the following ways: * Change the master security properties file to not include SSLv3 in the list of disabled algorithms. The java.security files for each JDK can be found at the following path: /usr/lib/jvm/*/jre/lib/security/java.security The sub-directory under /usr/lib/jvm contains package name (such as java-1.7.0-openjdk or java-1.7.0-oracle) possibly followed by package version or architecture (depending on the JDK and its version). Note that the change to the file will affect all applications using given JDK. Local changes to the file will also cause new java.security versions to be installed as java.security.rpmnew if future updates change packaged version, requiring manual merge of changes. * Re-enable SSLv3 support only for specific application or applications that require it. Create a new security properties file that will override the default jdk.tls.disabledAlgorithms setting from the master java.security, and use the java.security.properties system property to make Java read the file in addition to the master security properties file. Example: $ cat enable-ssl3.security jdk.tls.disabledAlgorithms= $ java -Djava.security.properties=/path/to/enable-ssl3.security ... Note that this only works if the master security properties file sets the security.overridePropertiesFile security property to true. That is the default setting in all OpenJDK and Oracle JDK packages shipped in Red Hat Enterprise Linux. -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 signature.asc Description: OpenPGP digital signature
Re: Safe to install Oracle Java 1.8?
On 30 January 2015 at 19:30, Steven Haigh net...@crc.id.au wrote: On 31/01/15 03:44, Vladimir Mosgalin wrote: Hi hansel! On 2015.01.29 at 19:30:33 -0500, hansel wrote next: If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) You don't have to remove OpenJDK 1.7 if there is some dependency installed. alternatives system allows multiple java versions to be installed at the same time. The warnings mostly apply to the way Oracle JDK is packaged, if you correct the packaging there is no problem with having it on the system, and no need to remove openjdk (if something depends on it) too. For example, one of the Oracle JDK packaging problems is inability to install both 32-bit and 64-bit JDK from rpm (official workaround: install from .bin bundle into distinct directories). Another problem is manual steps required for activating browser plugin. OpenJDK doesn't suffer from these and other problems. RHEL offers Oracle JDK 1.7 and 1.8 packages, for example, properly repackaged and ready to install. So there is definitely no inherent incompatibility. On a related note, from what I can tell the update to 1.8 has disabled some SSL connect methods. Sadly, this has locked me out of any Dell DRAC5 remote console interfaces... The method is to have an old version of Java around if you can not update the DRAC. I had to do this last weekend for even older hardware that only worked after I got Windows XP and Java 1.6 U7 because various things were turned off in U12 and above. [And the remote management wouldn't talk with Java from Linux because it downloads a 32 bit jar inside of a dll ... wh] I'm hunting for a way to re-enable the disabled SSL methods, but I'm not quite sure how to do so... I'm on Fedora 21 on my desktop - but I believe its the same with any upgrade to 1.8 - even the Oracle JRE disables these SSL methods :( -- Steven Haigh Email: net...@crc.id.au Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 -- Stephen J Smoogen.
Re: Safe to install Oracle Java 1.8?
On Thu, Jan 29, 2015 at 11:10 PM, Nico Kadel-Garcia nka...@gmail.com wrote: Name 2. Why two? If one critical application doesn't work without Oracle Java, then I'm going to install Oracle Java to get it working. For me that application is WebEx meetings. Feel free to try for yourself though. I'd love to be proven wrong: http://www.webex.com/test-meeting.html (I was never able to get all the features working with OpenJDK, particularly desktop sharing) Seriously: I've heard this again and again since Java 1.4? I've not actually encountered any instance except where someone hardoced something, deliberately, to *insist* on it. And ever since Java 1.5.0, as soon as I or a colleague broke that lock, the alternative OpenJDK worked just fine. You're one of the lucky ones I guess.
Safe to install Oracle Java 1.8?
Hi, If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) Thank you. Mark Hansel Emeritus Professor of Sociology and Criminal Justice Minnesota State University Moorhead han...@mnstate.edu han...@hanselshire.org
Re: Safe to install Oracle Java 1.8?
On Thu, Jan 29, 2015 at 7:30 PM, hansel han...@mnstate.edu wrote: Hi, If I download the Oracle rpm for 1.8, do the necessary links in /etc/alternatives, remove Open JDK 1.7 and make sure the enviroment variables are correct, do I avoid crashes (or silent errors) -- to the best of more experienced SL users' knowledge, of course? Some of what I do depends on Java version 1.8 andI need to do something. (On other distos, I would just do it (and did with Ubuntu), but SL7 docs carry strong warnings about introducting conflicts.) Thank you. Mark Hansel Emeritus Professor of Sociology and Criminal Justice Minnesota State University Moorhead han...@mnstate.edu han...@hanselshire.org Why would you want to? openjdk-1.8.0 is available directly as part of RHEL and Scientific Linux, with source code, Installing either jdk-1.8.0 or opndk-1.8.0 can be done along with openjdk-1.7.0, And it does *not* replace /usr/bin/java, so you can activate it on an application by application basis by using the symlinks in /usr/lib/jvm/jre-1.8.0, or /usr/lib/jvm/java-1.8.0 for javac.