From b3a24547ce9c0fa552712a5c34a348ecd96a3f1b Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Wed, 22 Jul 2015 18:24:50 +0200 Subject: [PATCH] library/roles/oracle-jdk: Install the extended security policy as a package. --- oracle-jdk/defaults/main.yml | 8 ++++-- oracle-jdk/files/jdk-7-US_export_policy.jar | Bin 2487 -> 0 bytes oracle-jdk/files/jdk-7-local_policy.jar | Bin 2500 -> 0 bytes oracle-jdk/files/jdk-8-US_export_policy.jar | Bin 3023 -> 0 bytes oracle-jdk/files/jdk-8-local_policy.jar | Bin 3035 -> 0 bytes oracle-jdk/tasks/main.yml | 30 +++++++++++--------- 6 files changed, 22 insertions(+), 16 deletions(-) delete mode 100644 oracle-jdk/files/jdk-7-US_export_policy.jar delete mode 100644 oracle-jdk/files/jdk-7-local_policy.jar delete mode 100644 oracle-jdk/files/jdk-8-US_export_policy.jar delete mode 100644 oracle-jdk/files/jdk-8-local_policy.jar diff --git a/oracle-jdk/defaults/main.yml b/oracle-jdk/defaults/main.yml index bb8d7bc6..ed327dec 100644 --- a/oracle-jdk/defaults/main.yml +++ b/oracle-jdk/defaults/main.yml @@ -6,8 +6,12 @@ jdk_version: - '{{ jdk_default }}' jdk_java_home: '/usr/lib/jvm/java-{{ jdk_default }}-oracle' jdk_pkg_state: installed -jdk_install_strong_encryption_policy: False +oracle_jdk_packages: + - 'oracle-java{{ jdk_default }}-installer' + - 'oracle-java{{ jdk_default }}-set-default' +jdk_install_strong_encryption_policy: True + # If we want a different oracle jdk set the following variables in the local playbook: +jdk_use_tarfile: False # jdk_java_home: /usr/lib/jvm/java-7-0-25 -# jdk_use_tarfile: True # jdk_tarfile: oracle-jdk-7.0.25.tar.gz diff --git a/oracle-jdk/files/jdk-7-US_export_policy.jar b/oracle-jdk/files/jdk-7-US_export_policy.jar deleted file mode 100644 index 717321301e92b00fef35cf920e7a15f9ff5dce0c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2487 zcma)82{hDe8^<)blcj7aF0#9ZFeF#X(s0LECNq>wGlq;vVJu%-5d)5$0k1Ua*PHHp}nu^ z)`kJYsKg;z!*#~Ma+8j@>hv|f$@4Cazq)9?cFDMuUy54`*BlR(*h!zV?y`dM?{o&c zht1$fU7o#p3IR85V#q@Ds>$<;5y~o4j`yWMPl6OzaFa_PYOeG(x~tP$qR4sN$6Z$j zladId7zFrF=j-e4S!2}RGD994C$L$zjX6nglM4ao;$9v!Y06>cU&?wA|KA^4S{WFb zL9wQ)NaNcbmhhKqqQPswKb|;kqW8zGmSNL|mvj&k-SY6o0PW%1kyXP)H`t@%?D2aF zjU!%6J@Mq@I1hbngWt381Tbv+VF~GE@#PSHZy6rn`jBu{Babg}Pjud)cUZtM%cUluE*0pzAbeOGhAz+BH}CMhA) z#XxWy7$(07F^i54ALYz&D;f@HH?u0@;T+|LMjuTZ(%?-?72)vw%7K?RmY0{u!*f8s zIgh+V!0r08F@g=lWFy<5`((o~oH!p&-r2=+IG~LJLZ>akz>#?H7gZ@w&2(sVMz1 zFO%|2?GtrT&(5M8b}H59`Vt`!Q15w#c?<$m6BtEh%-91*>KE-Y=XR9f;~RSEc{}V& z3%5u4CnS8osU

foVs>b6;5Ym#Dz}o8@UgzkrMp?pQ25 zHpsYnSL(tN0APD8I}RERopG675()o!dFQ8C!5EMVc{qPHlYV?u2Q_GRt`A)0XXMab(+t@%juX*{yxUPB!k7OqYny-pInqw~azn3V z<~vUFcCO$mKH_gDf#HUywAd(@Wsm?bfYjarAiHAkO%R;+m7<3L!7}kO{H9$cgX!h1 znV=+E^w?^_?ud=$mLnWb#SD&Osd`I=GrZLby%(!Qojbl@OPL8*uG(3w&RyiU)Z7#e zI`_%Xh*8c_p*;bC+|k|^a`AOdi)^|2d)XO;eJ>$hLeb76)F^aY+;aQ_^_LOhf>mb7L zVxruD+{X!>+Z~|I=XJUv#fpy77a0N_8nuX}!leMDioBR*W!tEZXJQ;1bE-Xsov4f|3<{sMtmXy1Ib0&# zP8h?4nvtId`sP#LfEDY#2_14HBs52T8>nKp?&auEQ$zny4oyb}-w~_R;!Lka#`kNG zSJ#<~14}FT6Xvt#+iRHG38y|gUefd~-Tf*ht1EtGSg4~;8r;q#;_V&Klv$rzBH{5m z5rg%y%uqEwKSkQ5jlIR(V3gNiREI*|NP--Hdyew*;+)RvkUYA`-me?+L z5Nq*iQPK9h9+>4ueknWUU!j?3xkmc%ydy0g6QrG@^=-SQuQalUFO^ahtVJ}K{%nv6 zXh@c{GLO90RIYjUTtM33UH!Znqt}D?68x*NUrEEhPVX&B?!FhkfkbvM{J~h&ucvzd z70LKi{Z=5MdTCMoq>8G-$>vwdXKAA~n;H#^Ju`i=V$zh&I$PmmVw8M|pxENDTP91p zdi2eKL7SE6UaC$|{+|Te=iKaX7FpRflM74Ic58lHSl*2+)hdc|f8Dws%W$~3)sub3 z6@YAP(_Du;t%c{07W)(1k%LbAt&NQh@I9E-f7v+pHWm)t3xDg!U{TiB8%}tfkDE8v z8i{qf>)}rDR`qaqb8+<3i&E!nQsaR#GN!Vnbo3QoMZanQ7AfA2vC<`=FWs-w?GCB@ zYqmDY(C*J`a rSyJy)?1_0ebWgm))!7s806DDC|0X2@4&>as31qF`SXtU~@4fvEf0+{G diff --git a/oracle-jdk/files/jdk-7-local_policy.jar b/oracle-jdk/files/jdk-7-local_policy.jar deleted file mode 100644 index c34d0362d33e269e3869806fbdec2b20084a95d5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2500 zcma)8c{J2*8^$z~U0EhkOt#2aG9;8Gjb4T^S;{)Ys9{7|GL_;LqOoKP4MS3)V@j4J zK6?!@gT^*7mdFyxQfNrNnfIKx_`dgi=ewWtd(QLxabM4UU)S$E*MmX;c1ZH@bB6Ne zdSjj~A<0?Wz#YsqERhykHfBgm3%I?5rj3Qvom#;tZApvOi23AFxWXa0PoDXoF@i7R zdmQu8bN*fmmM0m7B^Tw%%^%dGo8%~7Qqu7*fmtU5O`lP1k>!lNsHp3~hU!E`!|5X+ z?EcSV`Udf1h6Y{k2I?*z7b=$f8h!B327Kg`BaXe{Clk8jovU4D&b0b4#9if+m%@=u zk=SM4LQg>NS&e#{3HrdJ4}qC$ZidI|xOFPGSNYcAp4)@iKbNN_v}BePL_0-*lOC z1{=99SI$JgRcEP+4LHX!qFdT*UlZL;ue1Vl|8XSEjomwtiLEgMAS&Lzy{mM7G>%RN72jYcI zzWm`Mx@ScwjF(Fa(rx824C*Q5)WTxcc%_P== zQ7S7i>x6_D7KrRe8Mr~SwxbAxSp4t=p)973NY*_tU*HcuoQj2tiV6;qCrHSP3kE}J zrW1)04Fe=|XJ$0%M3m<~QBM``Q|1Q%yt`uE@4+C44`Lb*7b=aQ`b=e%sLD`rx2(d^ zY?9kujGMDtYL+Wyl$7aLSfym(r$ zX&D^Ih7*-Z>}#OJuOe4Jd}wWLZEIjLg@lWd1yqX|4afFF2iJ$|O6gB@nx$YJ%EGtGp;$48)}H*<>T3pH+W}1`Lo1E z-Rf~V5ni04;%wm z-~BL3JT}t5>^t-shsB-qaAPsOyO{ovRw}7$vXQycOiW3+b&EuVH$;d{t2>8VP&XmQ zvjBkeuKP*w1o%h%_$)YP{`7{x9f?Fih0NMlc>#UBrgBP8X$qc@K1k}?G-B{=d$_#H z8XVfT7Wz=Zx3BR$$QJ^Pgf4-~5*e0oq8gqJR|}nZqWp>te04RO&xEv%gPJr~?1VR;)6~(MNOZv0RTXO{OwkHfN zJlPyPW6SnJ;L6bbEKJ$)+2W5PuMRRys-(T?-!aeEQqDTLA{Qo2#B6m}q{ELcT{B-T z=d08ofx#~7uS?zJr2Ct7WGA+^XNHy5 zU=J?a^j0irN~0+|!%}K7w}z(F)|EfA7SP|3Zdt63IVt;jnwIes<1QF9Fq5X-t2{qq z;7=D^c~NI{^Qo$rg2}2lU8fc`TReNi-fO0U;*{}Ns|Ho&`)PSDNff-O`Krq5qTTHz zKEPDI2>DJbRXAI;g%Z40TDtB)uaM-zHeOS=Y>BHZ}Ax^V$s*ar8R|E#7^#_Q^duq=m0*GrhB4 zaC>YfY}OaiwIk=dT}3j-H~TI*736j%e;JUZ*C{}0YpFO7tXsiENNsA+gRiM*Oo%O6 z)9Tn*=4SiQd-S>0lH=ldnb?a3A!k3$$Xng}sIjEgge)~y#AEKnPIUr@1D^&f1HOM>GF0q zM3<&=-6P)|NA4T3W&8E^4#z0hNIBJ&R4x@Q*sOXz*GV42b}Bu+i=tK8=w8gdM5wiy z$PqRl@>nhuv@VfnLR+scUGg6b|3r*j+TCp&UiE0HAI~Z}Ky0_BT7I%dwVeY3r}0UrrM4heo?9aolDnzq{A<3>6>`&-l)* z7cDYyySobT?D*}jKihbC0DmQOu3sKL?!<}T)`h#UJ(+9G=g#9iL;Nmd{4RNU`e_DS z^22*wJD$)k(xkl$IR9)+FT&jvsVWkX$J;)j6u)n9z}(GT z>>oeJs{Qi1?7-wJtE6W$Vh>X&lxm5W-*0Pe&aN+31$ShcXg7p`R)JhD&c}cAO5_yV z@K-y$e3CrB-x^z8n%mI!_@|c#3b7qwtEFv680CQdLilB4_7?w%uvIIr_5F@zj!phI z0>=oqLi{c2-->ZX{T*n|5AX|uEAiG;uB2Pp*X=Jzvp*;&-**idH&~l;4nIRP5?7AGoaZf)c|m! zIH_kdh!t4g_%igO8Thg>6k=(mU63ZbT|Xr|6!~>UD!I2VF6jX z$GM}7FXJ9BPm2h}ojWt>yzYF*AENmL?3EQ|Wx57%(kk_(%)j)Cic4=M)t!R(J5+n{ z6$dc|v+dl`NQ~&BI0-uuCFC9Sltr~f2|@(eczH?8s;HjHm+~0Lipyi%ar)Y|xLM8d zgf5x~dtR1v-C-vN!j_A zBA~o%?BN|j-OQ?+M_GtCHZ)<>9(L9HX^LET3f(5v1J|pC_m~=Ion4DznxFKYNIyXtR_FP>=OeFUeypaYVAgaACTrFc1u(snGASKw~TE*&3zwyjZ;=B%rw!d*yxp^U4g=c3R-(0 zzeAyJuJ94(vP#zsK~%nR|C4jBlhXXoxrHTI+0!+$uahveIIxwCP0IEH z1HZCIOK!=UVlemj8S8zrPWcL92xK`^43Uj-g83eX6+a4M$7gWU2JF+iOF|_jCEZ~U zS#CUh5X3D<)?0`NvemL{jAa^=LbNCqiBG|Y z_4vd)CFD39@kP^_ILB0kqrGD?-hnuc!}>h-dB~i+$eq4!A_uc#?lYH_F_$y3M)jE+ zTQm2W_VZwY<)5^GVb8iLSfFxO_XxsaJ#n|<2S%9EbKkz%uT$@BJdz3X>p9{1^)q6Jupn2BLqZ z5q@b~zK_8ig2RWI7|TU238Q(?FJ5(y$g@oq>;VO&__z!e!h*mv#3xbOKVQW`TJ?xv z@y!8jbqe;+OQv7YcBz}2P{?aybT8X$Jr;WVd3HDcM=1|DEC<)o7GHWSVSyWH3&Hgk za1k~u7oA+3vB}F8oMEVcF7Rq7ue<>KQ!#O;7^d*m zV?64S?oVx0ft&#Z2#P0xSlI5V`~om7fEF??GU^>27=NB6qO^~i-?+c(!QkWH=;1!$w&I$ShnSgc-Z{Mf|?GzdYV3#ep@rAehfKf zFRXhQp;@->(khqcTuq>;MX{V=?{kPzmruDct8)`)oSFw2+MFrPmQAs-ZTwAbbO0y+ zXHy;LeC3c7tQa=g6!Zqqwc;Idlh)x%r{SGd2|O}1Z`gKZx3KfImwlNW3~?h5H8i+9 zE-WZF>l7G}Hu1+?`539adOMfSg%jYm6wzlkE6rl`^4T6&Kfj%h;5lG`H87 z_AZA?Ea)#uG&Fw5(Qrz=)qe31`@Evz#VR69d{E`|Thryz!6DsL#cqdrL`=481az=b z;7ormYyI5SB@>o?&Jgxgh5GgEumC)m1#07QO?{dPY32gA@ld_SXc42VoUhn?AztE) zcZ9CLvd)%Ahg!mNf`i|B-JbRsDAu@r)5l9PclP3#cc!X(!@i%K_x^TbkqfW@sAx7u z<1G>0`94~a=~r3Z$~PQUsUBWF83z#`2GZ{qt>`q&E&;s{#9!2!tiSOkXKcXj<{YP$ zi?E$NMv}R!w@PPyD{Iyd&Wl#OGwN~BkBC(5B4J0>i0+L#A#XPN{rc54e01TSV&%Tp z0nHS$7>D_^8T0uP66nTbHG6l06_O`_$VpR9=)h_?2dmQ=Am}oknS!a zKEViUO9b*3%0Dnz0p;)Gb^W#uTIqDFA{%5oYc^LzQ%|ZL)85QLl=h9c&NkaZ$BuuX)zs}6&dry{L*4SVuKuMd2Q0Yx7_F1tzMf*;`yCuh6s7YUc+ z^BFgXc;EA59pR$1UdR#5aL8(tefVH&OC7#F>+7ZAMi0W}vb|BgwM#jddX03tCya&! zlDB1Cy@7)UJed=kDDf=3KW1+_Oz^7{93w=p&+19}3fcno*Cw4Sl#aWqh+VH(6t~MW zv;fyDOo>HTv%vPK*33<`QG!0fc*BH?{COX=rxqC35)^2r z-QD}moPF9jJ7}oJT=31DX=phC$I0Q6xrftNh(6rP{{me?m0K~zvuqGbH4L_=RNQ9zTb16-}^jhBoD6`00aU7o;Z;# z06R*IJwA?bfNNQwu+%;dKVfZ&uy=qSx5V|rZDV0#ypz8Qu&}Ap596*oh>D8%{Y10# zO@f=G;lgjrRBm*Xt9_hD*8lm@uoKn5xUL=)H}p*StOlCTYqq-b(U67bwIa*d5{9~B zPWrT_Fll(th}gS7s#Bucd))HIKN!3g?T`+QrBV`WA8Cz6;P9Yh0#-xT8ORybFJPNy z{xO@^$~oGLK58ZJ;jmm7k_8=;lu!M=dRfqkKI^|PwdDY|ZUS*Cc`V}cl)mZas8$%& z!vE;Nmg;N!ymGosjHxdsT*Z{oP*?6>xU~_L@nLWZ+-z$qxP0e&;|w1f$q#Z&Y`{;k z2@v4|0MOqlYWXjUZ0+C{CV@qs=20OZeX}FNyV@B*Sp#*=Se!y6@Ba8PdM_66pxCt&ZocdEOb^Fh~TdTY4IL1 zjTUkB<>^&71*MP+y)IYjamSVlXtX^t8Y3gx!!$AiiUU-g?F{{i2eONoq1INhTaD#~ zb%s?LbBog0!1FS*(Z(7PZ~dtvX##EC*Bq9DT$tB~un%kXp@<8G4v{s{5@T9!7O-%# z9RPW&I?gbTJDT-L4OuRBQSh+M)f5=%JVq4MS=$OBEFrZ)Cn; zSpL-z2~7sY1E|+lL)})>#xbzh*4h!& zi|XrUAdN`6*SOU^BqUaY!w_k9fnf&MAa4&D80c_$==1PEUaKh%3wIp47z`GrO#^*+ ztgpz#Z6=9kguu!Xd|wfX%9O9+z~oQxWd*IAdEI;Dc&od0-C4;`s8cEWy|3twDlf$Q)SMRSo6^F-krJsxH z^Y)2piinU|YpF`eF=Na)Yj&?(n!2+HVfrG|bIUq|6Bbcb<9SXWOMZXXn=(3AIn~}1 z>e!MMl;?NGaXiX^b>d*(T4?=gqsJ7ol+->+qg5$`Fd2~fbi+ad^F1ulhW zC(Ad9L>Bz~5I?Y7(NrO6UsA_F+pw1KMBzF_R#jU3C^RwzK1IKK@yM~$6vPu49j?TD zo>iHV_01IZIq4LM$+SegpvQI#zkmtyI?sT;WNv3%6}9hQNwWLgWseO0lw>Ej(hM)o z%FatlFCjCfgwK+Xno9=XDWwD!IR}2a+?szb8NZS&ujM7WO!d=}MK6`mzmy=M8~Cw{ zx6OWOVGBeA5G1FRrY9&IZ}0~IRcKiRoCU%-1K_do=65qHZ3{3ukI*SgMJstyF6O=w zKJ8a=wJfQ}Q}(Q?d$}v^*BM^*r8SLSkwYgtWrA&Q#RTg1QkNUunFsGbsLY=1iILAe z^FenraOTtHMLZuNpaJha?!T(u|KWuJB(-eS1C!r$>y4oax^j{?fp_h2Zrvzu!dbzL z6?M351^YxZ^Y=&(kL7DAuH#h(YF5X^uvQ)5(S_h9l1@THhLL z#bzo7RgopgSB)Vrsp21eqt0=={ML3fdQq8*i?}&-a`}KF#|NNMO zoaVG!a8Ty>t-T6-z+Qxmv7BP?F_B9B27CTO&6oBMnvrxmU1l(GIUZ4#{SC4r zeR)E4uTQ_V5!@6D1(Tq4D>;!tRJfp}6W-luk{@>*i*~{vatGSQ>FXEhH2s{cEaDqw z7NBpkihpXDGN0n&zf!w?WK=J~x|K=rQOTRu9`(I($f$nPU(r<^=pz!|htL65TmL$IRm=E2wu*1y-hioed(m)%XFW7#jbi;S6C%=g z{BVe$?V@x@^5(07HhEo~tAcl^S(N1YiT9_&ADHL%Ik8mpzM@d2-)ysDyf+D3cjq7N zM?8$Swz@rd52}`zTjRY^P-#?yAI`m-vlhLYRxm9SLmrTu+wu>fnlarM^2D1<>?XK4 zw=MkWs}&7C0AQYfr@bAL+MNId0KD4?V5`)SNBV$B-yc-Zl*sKoXb{R zhA!#p?{}xKd6ef={5G8kIo*?Oh{_hQ7r({hZg*rBq2lLR`b~aZR-@=5nvS#_Jbb%lFUL*rb-ui4>;M>9vrmFITi#^Bc?6A-!2h;y6NfxOkp4Q1)c{rgG{9cpY@&VC=(Y`KO8w41`%ZPf_dDS3_sz zw&J-TRDlFr&&S%PB_54zW084QD%|bQBT971w}~MW*9kd7 zZ=P`p-C!nJrI^#KKiP;gmN)g*4TBS#LxPVV>FieE2!YTd_LPh5*M)z3HW#-TU^_|f z3{V^??5=;ym1yKP0w-wgOa!|T4zlO%pWlqV^xs-zCjv)*JNf14Z@cyg>{25d$p_?20@+U# Lo19~UoUi`@yDZ_Z diff --git a/oracle-jdk/tasks/main.yml b/oracle-jdk/tasks/main.yml index 127827c3..2ddc9648 100644 --- a/oracle-jdk/tasks/main.yml +++ b/oracle-jdk/tasks/main.yml @@ -15,33 +15,35 @@ tags: jdk - name: Install the latest version of Oracle JDK - apt: pkg=oracle-java{{ item }}-installer state={{ jdk_pkg_state }} force=yes + apt: pkg={{ item }} state={{ jdk_pkg_state }} force=yes + when: not jdk_use_tarfile + with_items: oracle_jdk_packages + tags: jdk + +- name: Install the extended security JCE Oracle JDK package + apt: pkg=oracle-java{{ item }}-unlimited-jce-policy state={{ jdk_pkg_state }} force=yes when: jdk_use_tarfile is not defined or not jdk_use_tarfile with_items: jdk_version + when: + - not jdk_use_tarfile + - jdk_install_strong_encryption_policy tags: jdk - name: Set the JDK default via update-alternatives apt: pkg=oracle-java{{ item }}-set-default state={{ jdk_pkg_state }} force=yes with_items: jdk_default - when: jdk_use_tarfile is not defined or not jdk_use_tarfile - notify: - Set the default Oracle JDK - when: jdk_default is defined + when: + - not jdk_use_tarfile + - jdk_default is defined + notify: Set the default Oracle JDK tags: jdk - name: Install a custom version of Oracle JDK from a tar file unarchive: src={{ jdk_tarfile }} dest={{ jdk_java_home_prefix }} - when: jdk_use_tarfile is defined and jdk_use_tarfile + when: jdk_use_tarfile tags: jdk - name: Set fact jdk_installed set_fact: jdk_installed=True - tags: [ 'jdk', 'jdk_security' ] + tags: jdk -- name: Install the strong encryption policy files - copy: src=jdk-{{ item.0 }}-{{ item.1 }} dest={{ jdk_java_home }}/jre/lib/security/{{ item.1}} mode=0444 owner=root group=root - with_nested: - - '{{ jdk_version }}' - - [ 'US_export_policy.jar', 'local_policy.jar' ] - when: jdk_install_strong_encryption_policy - tags: [ 'jdk', 'jdk_security' ]