On Thu, 16 Apr 2026 14:03:16 GMT, Sean Mullan <[email protected]> wrote:
>> This is a new `jlink` plugin which allows the user to specify the CA
>> certificates it wants to include in the `cacerts` keystore in a custom
>> runtime image. This can be very useful for creating runtimes that only
>> contain the CA certificates that are necessary.
>>
>> The command-line syntax takes one or more `cacert` keystore aliases as an
>> option, separated by a comma.
>>
>> For example:
>>
>> `jlink --cacerts "letsencryptisrgx1 [jdk]"`
>>
>> or
>>
>> `jlink --cacerts "letsencryptisrgx1 [jdk],digicertglobalrootca [jdk]"`
>
> Sean Mullan has updated the pull request incrementally with one additional
> commit since the last revision:
>
> Make test be able to run with jmod-less image.
src/jdk.jlink/share/classes/jdk/tools/jlink/internal/plugins/CACertsPlugin.java
line 109:
> 107: return baos.toByteArray();
> 108: } catch (Exception ex) {
> 109: throw new PluginException(ex);
PluginException is thrown if the alias is not found so I think you'll end up
with PluginException and a PluginException as the cause. You can catch the
PluginException and rethrow it to avoid this.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29700#discussion_r3094427323
