On Tue, 5 May 2026 17:07:07 GMT, Sean Mullan <[email protected]> wrote:
>> So far the proposal to support includes seems a reasonable compromise: >> >> >> --security-properties >> props=<filename>:include=/etc/crypto-policies/back-ends/java.config > > I've been thinking more about this. The `include` option as specified above > always adds the `include` statement as the last line of the `java.security` > file. An equivalent way to support this would to be allow the `include` > statement to be specified in the property file of the `props` option, but > always add it at the end of the `java.security` file, thus making the > `include` option unnecessary. This would simplify the syntax and > implementation. Thoughts? @seanjmullan one problem would be with the order of the property file passed as the `props` option. For example, with `jlink --security-properties props.security`: `props.security` contents: include /path/to/other.properties # Stricter keystore checking keystore.type.compat=false `/path/to/other.properties` might define `keystore.type.compat`, but its value is overriden. However, the linked image would have the following `java.security`: # [...] other properties from the runtime's java.security keystore.type.compat=false # [...] other properties from the runtime's java.security include=/path/to/other.properties `/path/to/other.properties` might define (and now override) `keystore.type.compat`. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/30635#discussion_r3190653416
