On Wed, 15 Apr 2026 13:12:11 GMT, Alan Bateman <[email protected]> wrote:
>> Sean Mullan has updated the pull request incrementally with one additional >> commit since the last revision: >> >> Don't override getType(). > > src/jdk.jlink/share/classes/jdk/tools/jlink/resources/plugins.properties line > 67: > >> 65: \ with the certificates of the specified >> aliases\n\ >> 66: \ only. <alias> is the name of an alias in >> the\n\ >> 67: \ cacerts keystore. > > I'm wondering about "cacerts keystore". Do you mean this in the abstract > sense or the file in lib/security. JEP 220 is clear that files in lib > directory "must be treated as private implementation details of the run-time > system" and maybe we missed some areas of the docs when moving to the new > run-time image structure. I note that the keytool man page refers to the > cacerts file in lib/security and we should probably re-visit that wording. > > I'm just wondering if the usage and man page should reference to the JDK's > trustcode for CA certificates or something more abstract rather than > "cacerts". I can try to make this more abstract I suppose, but it will make it a bit more unuser-friendly, because I would need to ask for the pathname to the keystore so as not to assume it is the cacerts keystore, right? I have to minimally assume it is a keystore though, since there is no other standard API to get the root certificates. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/29700#discussion_r3087207390
