JDK-8041144 : AU should be easier to setup after a DS build
  • Type: Enhancement
  • Component: install
  • Sub-Component: auto_update
  • Affected Version: 8-pool,9
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: windows
  • Submitted: 2014-04-18
  • Updated: 2014-07-29
  • Resolved: 2014-05-27
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
8u20Fixed 9 b22Fixed
Currently, you need to do the following to get an AU to work with a DS build:

1. Install base JRE
2. Remove first mapping entry from map file (leave the mapping that points to the NEXTVER au descriptor)
3. Edit the map file to point to a https location for the au descriptor
4. Create the override registry key, be sure to make it start with https
5. click on JCP update tab "Update now"

Steps 2 and 3 should not be necessary.  The build should automatically put the https and only have one mapping entry.  Also, AU will currently not work unless the files are signed.  It should not be necessary for testing AU.  
This issue seems to be completely addressed with https://java.se.oracle.com/code/cru/CR-JDK8UDEV-12 . To make AU usable in unsigned builds, sign checks are disabled in unsigned builds. I don't see any security concern with this as long as we don't allow unsigned builds to public. Please let me know if this OK.

Any security measures should NOT have 'backdoors'. Perhaps a test version of the AU binary, one which is blatantly branded, "TESTING ONLY" should be built for signing check exemption.