From ea65a01789b86b40a830bba6ca5fecc9c44afbba Mon Sep 17 00:00:00 2001
From: Yannick Welsch <yannick@welsch.lu>
Date: Mon, 14 Nov 2016 13:21:32 +0100
Subject: [PATCH 1/2] Use pre-JDK9 style FilePermissions on JDK9

JDK9 removed pathname canonicalization when constructing FilePermission objects, which breaks some of the FilePermissions added by
Elasticsearch. This commit adds the system property jdk.io.permissionsUseCanonicalPath which makes JDK9 behave like JDK8 w.r.t. FilePermissions (see
https://github.com/elastic/elasticsearch/issues/21534).
---
 .../src/main/groovy/org/elasticsearch/gradle/BuildPlugin.groovy | 2 ++
 plugins/discovery-azure-classic/build.gradle                    | 2 +-
 plugins/discovery-gce/build.gradle                              | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/buildSrc/src/main/groovy/org/elasticsearch/gradle/BuildPlugin.groovy b/buildSrc/src/main/groovy/org/elasticsearch/gradle/BuildPlugin.groovy
index 65402290e01..628e59de1a6 100644
--- a/buildSrc/src/main/groovy/org/elasticsearch/gradle/BuildPlugin.groovy
+++ b/buildSrc/src/main/groovy/org/elasticsearch/gradle/BuildPlugin.groovy
@@ -495,6 +495,8 @@ class BuildPlugin implements Plugin<Project> {
             systemProperty 'tests.artifact', project.name
             systemProperty 'tests.task', path
             systemProperty 'tests.security.manager', 'true'
+            // Breaking change in JDK-9, revert to JDK-8 behavior for now, see https://github.com/elastic/elasticsearch/issues/21534
+            systemProperty 'jdk.io.permissionsUseCanonicalPath', 'true'
             systemProperty 'jna.nosys', 'true'
             // default test sysprop values
             systemProperty 'tests.ifNoTests', 'fail'
diff --git a/plugins/discovery-azure-classic/build.gradle b/plugins/discovery-azure-classic/build.gradle
index 88874968b21..c2d004bab4c 100644
--- a/plugins/discovery-azure-classic/build.gradle
+++ b/plugins/discovery-azure-classic/build.gradle
@@ -67,7 +67,7 @@ task createKey(type: LoggedExec) {
     project.delete(keystore.parentFile)
     keystore.parentFile.mkdirs()
   }
-  executable = 'keytool'
+  executable = new File(project.javaHome, 'bin/keytool')
   standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
   args '-genkey',
           '-alias', 'test-node',
diff --git a/plugins/discovery-gce/build.gradle b/plugins/discovery-gce/build.gradle
index bbd2221d8e0..ede168e1f9d 100644
--- a/plugins/discovery-gce/build.gradle
+++ b/plugins/discovery-gce/build.gradle
@@ -35,7 +35,7 @@ task createKey(type: LoggedExec) {
     project.delete(keystore.parentFile)
     keystore.parentFile.mkdirs()
   }
-  executable = 'keytool'
+  executable = new File(project.javaHome, 'bin/keytool')
   standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
   args '-genkey',
           '-alias', 'test-node',

From 6f69f54216ea78824eaa25db8e401e36bce878ab Mon Sep 17 00:00:00 2001
From: Yannick Welsch <yannick@welsch.lu>
Date: Mon, 14 Nov 2016 19:52:35 +0100
Subject: [PATCH 2/2] Use pre-JDK9 style FilePermissions on JDK9 when running
 from start scripts

---
 distribution/src/main/resources/config/jvm.options | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/distribution/src/main/resources/config/jvm.options b/distribution/src/main/resources/config/jvm.options
index 63245f172bf..37c4d5b3c93 100644
--- a/distribution/src/main/resources/config/jvm.options
+++ b/distribution/src/main/resources/config/jvm.options
@@ -59,6 +59,9 @@
 # use our provided JNA always versus the system one
 -Djna.nosys=true
 
+# use old-style file permissions on JDK9
+-Djdk.io.permissionsUseCanonicalPath=true
+
 # flags to keep Netty from being unsafe
 -Dio.netty.noUnsafe=true
 -Dio.netty.noKeySetOptimization=true