Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY

Adjust RH1842572 patch due to context change from JDK-8213400
2021-01-24 03:24:21 +00:00 · 2021-01-24 03:24:21 +00:00 · 214b0d1ac4
commit 214b0d1ac4
parent 4581efb916
2 changed files with 21 additions and 1 deletions
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@ -298,7 +298,7 @@
 %global origin_nice     OpenJDK
 %global top_level_dir_name   %{origin}
 %global buildver        8
-%global rpmrelease      2
+%global rpmrelease      3
 #%%global tagsuffix      ""
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@ -1163,6 +1163,9 @@ Patch1:    rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch
 # Restrict access to java-atk-wrapper classes
 Patch2:    rh1648644-java_access_bridge_privileged_security.patch

+# RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
+Patch1003: rh1842572-rsa_default_for_keytool.patch
+
 #############################################
 #
 # Shenandoah specific patches
@ -1552,6 +1555,7 @@ popd # openjdk

 %patch1000
 %patch600
+%patch1003

 # Extract systemtap tapsets
 %if %{with_systemtap}
@ -2187,6 +2191,10 @@ require "copy_jdk_configs.lua"
 %endif

 %changelog
+* Sun Jan 24 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.3.ea
+- Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY
+- Adjust RH1842572 patch due to context change from JDK-8213400
+
 * Sat Jan 23 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.10.0.8-0.2.ea
 - Need to support noarch for creating source RPMs for non-scratch builds.

--- a/rh1842572-rsa_default_for_keytool.patch
+++ b/rh1842572-rsa_default_for_keytool.patch
@ -0,0 +1,12 @@
+diff --git openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+--- openjdk.orig/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+++ openjdk/src/java.base/share/classes/sun/security/tools/keytool/Main.java
+@@ -1135,7 +1135,7 @@
+             }
+         } else if (command == GENKEYPAIR) {
+             if (keyAlgName == null) {
+-                keyAlgName = "DSA";
+                keyAlgName = "RSA";
+             }
+             doGenKeyPair(alias, dname, keyAlgName, keysize, groupName, sigAlgName);
+             kssave = true;