river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Jones <...@roundroom.net>
Subject Re: svn commit: r821473 - in /incubator/river/jtsk/trunk/qa/jtreg: com/sun/jini/action/catchSecurityException/ java/rmi/server/RMIClassLoader/loadProxyClasses/ net/jini/activation/Activatable/activateExceptionTest/ net/jini/activation/Activatable/activateF...
Date Mon, 05 Oct 2009 01:51:23 GMT

On Oct 4, 2009, at 3:42 AM, peter_firmstone@apache.org wrote:

> Author: peter_firmstone
> Date: Sun Oct  4 07:42:32 2009
> New Revision: 821473
>
> URL: http://svn.apache.org/viewvc?rev=821473&view=rev
> Log:
> Setup build process for jtreg tests.
>
> I've altered the jtreg command and added targets to move the  
> required jar files ( into a temporary directory instead of have to  
> install into the jre extensions directory.

That's a great improvement!

> I've granted AllPermission to jsk-lib.jar, jsk-plaform.jar,  
> jsk.policy.jar, jsk-resources.jar and phoenix-init.jar in all the  
> test policy files.

I'm not sure that I would have added each of those grants individually  
in each test policy file, rather than just a single grant to the whole  
temp directory containing these JAR files (or if you're worried about  
possibly wanting to use this temp directory for other purposes too, a  
subdirectory specifically for JAR files to be granted AllPermission).   
My reasoning would be just in case the set of JAR files to get this  
treatment (i.e. assumption of AllPermission grant) needs to be  
modified in the future for all of these tests (which did happen over  
time as these tests and their infrastructure evolved)-- it would be  
nice to not have to update each of these test security policy files  
again.

I suppose that your approach allows each test to individually control  
the set of JAR files to get this treatment, but that hasn't emerged as  
a requirement for these tests before (evidenced by the fact that the  
existing grant was always to a whole directory, the JRE extensions  
directory).

> In order for these files to get proper AllPermission for full access  
> these jar files will need to be signed in the build process, since  
> they are no longer being accessed from the jre/lib/ext/ directory.
>
> Jonathan could you set up the signing certificates for me please?

I don't understand this-- the AllPermission grants are just to a code  
source, not limited to any particular signers, so they shouldn't need  
to be signed.

-- Peter


Mime
View raw message