On Thu, 9 Apr 2026 18:12:19 GMT, Francisco Ferrari Bihurriet <[email protected]> wrote:
>> The main issue I see with supporting the `include` directive is that its >> position relative to other properties is important. This is described in the >> [CSR](https://bugs.openjdk.org/browse/JDK-8319333): >> >> >> The effect of each definition is to include a >> referred security properties file inline, adding all its properties. >> Security properties defined before an include statement may be overridden >> by properties in the included file, if their names match. Conversely, >> properties defined after an include statement may override properties in >> the included file. > > Hi @seanjmullan, sorry if you already discussed this, but have you considered > just appending the contents of `<filename>` at the end of `java.security`? Is > there any other downside, besides the increased size of the resource file? If > the most likely use-case doesn't override a bunch of properties, the size > waste could remain moderate. > > That approach would automatically address the properties overriding > (`<filename>` content goes after `java.security` content) and support > `include` directives, without the need to parse the properties files and > manually track the overrides. Do you mean the file in the `include` directive? The problem with that is that file may not exist on the system you are running the `jlink` command from. Or did you mean the file containing the properties you want to override? The latter would work, although it could be confusing to have more than one property with different values to someone reading the file manually. Perhaps it would be ok if I inserted a comment stating that properties below this line will override the above properties with the same name. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30635#discussion_r3059983982
