On Mon, 5 Sep 2022 09:29:49 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
> This patch enables SignTwice test to complete faster on Windows machines.
>
> The test starts `keytool` and `jarsigner` a number of times, passing
> `-J-Djava.security.egd=file:/dev/./urandom` to the started process,
> presumably to avoid blocking on VMs with insufficient entropy. This works
> fine on machines where `/dev/./urandom` is actually present. On Windows it
> makes the JVM use `ThreadedSeedGenerator`, which is very slow compared to the
> other options.
>
> The fix removes `java.security.egd` setting on Windows machines.
>
> Alternatively we could change the egd to use `file:/dev/urandom` (without the
> `/./` part); this also fixes the Windows problem. Is the `/./` part still
> needed? If I understand correctly, it was a workaround for some JDK7 bug.
test/jdk/sun/security/tools/jarsigner/compatibility/Compatibility.java line
1044:
> 1042: } else {
> 1043: cmd = new String[args.length + 4];
> 1044: cmd[3] = "-J-Djava.security.egd=file:/dev/./urandom";
IIRC, this is a workaround for an old issue which no longer applies after
JDK-6425477. By default NativePRNG generates from /dev/urandom, only grabbing
seed data from /dev/random.
I believe the egd workaround can be completely removed unless there's something
that asks for NativePRNGBlocking.
-------------
PR: https://git.openjdk.org/jdk/pull/10160
