openjdk18: Persist cacerts file

ScoopInstaller / Java

📦 A bucket for Scoop, for Oracle Java, OpenJDK, Eclipse Temurin, IBM Semeru, Zulu, ojdkbuild, Amazon Corretto, BellSoft Liberica, SapMachine and Microsoft JDK.

https://scoop.sh

The Unlicense

258 stars 88 forks source link

openjdk18: Persist cacerts file #426

Closed val1984 closed 1 year ago

val1984 commented 2 years ago

When you add certificates to your trust store, they are lost after update because the cacerts file is not persisted. This PR adds a persist section in openjdk18 manifest so that cacerts are kept between updates.

se35710 commented 2 years ago

I am not sure about this change, mostly because I am unaware on how expired or removed certificates are handled.

Another workaround would be to set a different location manually with javax.net.ssl.trustStore and javax.net.ssl.keyStore

val1984 commented 2 years ago

There are new major Java releases every 6 months, which have different package identifiers, so I think the risk of keeping forever a stale cacerts file is limited, no?