From e5ff6faa6e954efe5e0c80d655715fbf68acae32 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Sun, 24 Jan 2021 16:20:33 +0000 Subject: [PATCH] Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY --- java-1.8.0-openjdk.spec | 8 +++++++- rh1582504-rsa_default_for_keytool.patch | 12 ++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 rh1582504-rsa_default_for_keytool.patch diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index 69ca4da..df59e6c 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -289,7 +289,7 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 0 +%global rpmrelease 1 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -1293,6 +1293,8 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch Patch3: rh1648644-java_access_bridge_privileged_security.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch +# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY +Patch1003: rh1582504-rsa_default_for_keytool.patch ############################################# # @@ -1843,6 +1845,7 @@ sh %{SOURCE12} %patch539 %patch600 %patch1000 +%patch1003 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 @@ -2592,6 +2595,9 @@ require "copy_jdk_configs.lua" %endif %changelog +* Sun Jan 24 2021 Andrew Hughes - 1:1.8.0.282.b08-1 +- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY + * Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b08-0 - Update to aarch64-shenandoah-jdk8u282-b08 (GA) - Update release notes for 8u282-b08. diff --git a/rh1582504-rsa_default_for_keytool.patch b/rh1582504-rsa_default_for_keytool.patch new file mode 100644 index 0000000..f59dbf5 --- /dev/null +++ b/rh1582504-rsa_default_for_keytool.patch @@ -0,0 +1,12 @@ +diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java ++++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java +@@ -1004,7 +1004,7 @@ + } + } else if (command == GENKEYPAIR) { + if (keyAlgName == null) { +- keyAlgName = "DSA"; ++ keyAlgName = "RSA"; + } + doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName); + kssave = true;