Hi,
I have attached the JCE policy script that is used by the Virtual
Appliance to restore the JCE policy files.
Note: Only use this script if you manually installed Djigzo on Ubuntu
8.04. You can stop reading if you are using the Virtual Appliance or
are using CentOS/RedHat.
You can use this script if you want Djigzo to restore the installed JCE
policy files after a restart (1) and do not want to manually install the
JCE policy files.
Instructions on using the script:
$ sudo cp djigzo-appliance /etc/init.d/
$ sudo chmod +x /etc/init.d/djigzo-appliance
$ sudo chown root:root /etc/init.d/djigzo-appliance
$ sudo update-rc.d djigzo-appliance defaults 10 30
I will add these instructions to the installation guides.
Kind regards,
Martijn
(1) a restart will start the restore script before restarting Djigzo.
Martijn Brinkers wrote:
···
Hi,
Today Ubuntu issued an update for OpenJDK (Java). If OpenJDK is updated
it seems that the Ubuntu OpenJDK installer overwrites the JCE unlimited
strength policy files. The Virtual Appliance will restore the JCE
unlimited strength policy after a restart (from a backup copy) but this
is not the case when Djigzo is manually installed using the .deb files
on Ubuntu 8.04.
Newer releases of Ubuntu (and RedHat/CentOS) use an updated version of
OpenJDK which no longer require the JCE unlimited strength policy files
to be installed.
You can check whether the JCE unlimited strength policy is still in
place after upgrading Java by opening Djigzo Web. If there is no warning
about missing "JCE unlimited strength policy" then the policy is still
in place. If not reinstall jce_policy-6.zip (like you did before).
In sum:
if using Ubuntu >= 9.04 or CentOS/RedHat 5.3/5.4 then you do NOT need to
install "JCE unlimited strength policy files"
if using Djigzo Virtual Appliance a restart after upgrade of Java
()openJDK) will automatically reinstall the "JCE unlimited strength
policy files"
if using Ubuntu 8.04 the "JCE unlimited strength policy files" should be
reinstalled after upgrading Java.
Newer releases of Ubuntu use an OpenJDK which no longer require the "JCE
unlimited strength policy files". Once the new Long Term Release (LTS)
of Ubuntu is released Djigzo will use by default the new LTS version.
Kind regards,
Martijn Brinkers
--
Djigzo open source email encryption
#!/bin/sh -e
# Copies the Java policy files from backup to the Java lib/security directory
#
# Martijn Brinkers
. /lib/lsb/init-functions
# Include djigzo defaults if available
if [ -f /etc/default/djigzo ] ; then
. /etc/default/djigzo
fi
if [ ! "$DJIGZO_HOME" ]; then
DJIGZO_HOME=/usr/share/djigzo
fi
POLICY_BACKUP_DIR="$DJIGZO_HOME"/lib/jcepolicy
copy_policy()
{
SOURCE=$1
TARGET=$2
if [ -f "$SOURCE" ]; then
# only copy if source and target are different
if ! cmp "$SOURCE" "$TARGET"; then
# make sure the policy is not world writable and owned by root
if [ $(stat -c %G/%U/%a "$SOURCE" )=="root/root/644" ]; then
log_action_msg "copying $SOURCE to $TARGET"
cp "$SOURCE" "$TARGET"
fi
fi
fi
}
case "$1" in
start)
LOCAL_POLICY_NAME="local_policy.jar"
US_EXPORT_POLICY_NAME="US_export_policy.jar"
JAVA_SECURITY_DIR=$(dirname $(realpath $(which java)))/../lib/security
log_action_msg "Using Java security dir "$JAVA_SECURITY_DIR
copy_policy "$POLICY_BACKUP_DIR"/"$LOCAL_POLICY_NAME" "$JAVA_SECURITY_DIR"/"$LOCAL_POLICY_NAME"
copy_policy "$POLICY_BACKUP_DIR"/"$US_EXPORT_POLICY_NAME" "$JAVA_SECURITY_DIR"/"$US_EXPORT_POLICY_NAME"
;;
stop)
;;
restart)
$0 stop
$0 start
;;
*)
log_action_msg "Usage: djigzo-appliance {start|stop}"
exit 1
;;
esac
exit 0