[Triumf-linux-managers] More unsigned java rpms

Konstantin Olchanski olchansk at triumf.ca
Fri Aug 1 13:28:44 PDT 2008 

Another round of unsigned java packages arrived through the SL updates.

Usually SL are very good at signing all updated RPM files, with java packages
being a very special case. Please refer to the discussion on the SL mailing
lists for details on why the java RPM files have no GPG signatures.

(Obligatiry reminder of why GPG signatures are important and why automatic
updates have to reject packages with bad signatures and with no signatures:
it is the only defence against evil hackers putting doctored RPM files
on mirror.triumf.ca (or any intermediate server from which mirror is mirrored
from) and instantly owning every Linux machine at TRIUMF. Persumably these
evil hackers do not have access to RH/SL/EPEL/TRIUMF GPG private keys
and cannot fake GPG signatures).

>From discussion with Kelvin Raywood of TRUIMF CS, I understand the java
situation with newly installed machines is as follows: the TRIUMF Kickstart
CD removes the (unsigned) java RPMs provided by SUN/SL and installs so
called "Jpackage java RPMs" instead. Available are 32-bit packages
for Java 1.5 and 1.6 (ask Kelvin for details). 64-bit java is not available.
A companion triumf-java package enables the java plugin for firefox.

The attached script fixes the problem with unsigned java packages by
converting the java installation to same as for newly installed machines.
(The same script works for both SL4 and SL5 - new java packages are
the same in both cases).

cat /triumfcs/trshare/olchansk/linux/triumf-update/fix-SL4-java.sh

#
# - java packages from SL are removed
# - only 32-bit "jpackage" java packages are installed
# - the symlink for the firefox java plugin is created
#

echo
echo This script will replace SL java packages
echo with Jpackage java ackages echo and enable
echo the firefox java plugin, as recommended by TRIUMF CS
echo and done by the TRIUMF kickstart SL installation CD.
echo

cd /triumfcs/mirror/triumf/4/i386/RPMS

echo
echo Removing the SL java packages...
echo

yum erase jdk java-1.5.0-sun-compat

echo
echo Installing jpackage java packages
echo

rpm -vh --install java-1.5*
rpm -vh --install triumf-java-1.5*
rpm -vh --install --nodeps triumf-java-1.5*

echo
echo Done.
echo

#end

-- 
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada

More information about the Triumf-linux-managers mailing list