Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY

This commit is contained in:
Andrew Hughes 2021-01-24 16:20:33 +00:00
parent 5bfb5658af
commit e5ff6faa6e
2 changed files with 19 additions and 1 deletions

View File

@ -289,7 +289,7 @@
%global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u})
# eg jdk8u60-b27 -> b27 # eg jdk8u60-b27 -> b27
%global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-})
%global rpmrelease 0 %global rpmrelease 1
# Define milestone (EA for pre-releases, GA ("fcs") for releases) # Define milestone (EA for pre-releases, GA ("fcs") for releases)
# Release will be (where N is usually a number starting at 1): # Release will be (where N is usually a number starting at 1):
# - 0.N%%{?extraver}%%{?dist} for EA releases, # - 0.N%%{?extraver}%%{?dist} for EA releases,
@ -1293,6 +1293,8 @@ Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
Patch3: rh1648644-java_access_bridge_privileged_security.patch Patch3: rh1648644-java_access_bridge_privileged_security.patch
# Turn on AssumeMP by default on RHEL systems # Turn on AssumeMP by default on RHEL systems
Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch
# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
Patch1003: rh1582504-rsa_default_for_keytool.patch
############################################# #############################################
# #
@ -1843,6 +1845,7 @@ sh %{SOURCE12}
%patch539 %patch539
%patch600 %patch600
%patch1000 %patch1000
%patch1003
# RHEL-only patches # RHEL-only patches
%if ! 0%{?fedora} && 0%{?rhel} <= 7 %if ! 0%{?fedora} && 0%{?rhel} <= 7
@ -2592,6 +2595,9 @@ require "copy_jdk_configs.lua"
%endif %endif
%changelog %changelog
* Sun Jan 24 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b08-1
- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
* Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b08-0 * Fri Jan 15 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:1.8.0.282.b08-0
- Update to aarch64-shenandoah-jdk8u282-b08 (GA) - Update to aarch64-shenandoah-jdk8u282-b08 (GA)
- Update release notes for 8u282-b08. - Update release notes for 8u282-b08.

View File

@ -0,0 +1,12 @@
diff --git openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
--- openjdk.orig/jdk/src/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/jdk/src/share/classes/sun/security/tools/keytool/Main.java
@@ -1004,7 +1004,7 @@
}
} else if (command == GENKEYPAIR) {
if (keyAlgName == null) {
- keyAlgName = "DSA";
+ keyAlgName = "RSA";
}
doGenKeyPair(alias, dname, keyAlgName, keysize, sigAlgName);
kssave = true;