Update release notes for shenandoah-8u342-b06.
Switch to EA mode for 8u342 pre-release builds.
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Use "git apply" with patches in the tarball script to allow binary diffs
Remove redundant "REPOS" variable from tarball script
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
* RH2051605: Detect NSS at Runtime for FIPS detection
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together
Turn off build-time NSS linking and go back to an explicit Requires on NSS
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
There does not appear to be any value in having copy-jdk-config in Flatpak
builds (where a given Flatpak bundles one specific JDK, so no need for a
"Utility script to transfer JDKs configuration files between updates or for
archiving.")
And at least when trying to do a LibreOffice Flatpak build from Fedora 34 RPM
specs (which includes java-11-openjdk among its components), the #!/usr/bin/lua
shebang in copy_jdk_configs.lua would have caused a requirement on
/usr/bin/lua, but which a lua RPM bundled in the Flatpak would not provide (as
it would provide /app/bin/lua instead). And the easiest way to work around that
issue is to just disable the unnecessary copy-jdk-configs.
...after "Temporarily move x86 to use Zero in order to get a working build":
When building the
> if ${run_bootstrap} ; then
branch for suffix='' and loop='-main', the second
> buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line. But installjdk does
> rm ${imagepath}/lib/tzdb.dat
> ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat in a
flatpak build (rather than the usual /usr/share/javazi-1.8/tzdb.dat in a non-
flatpak build) which is not present at build-time (but will be present at
runtime in at least the LibreOffice flatpak, which bundles tzdata-java built for
the flatpak /app prefix). So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.
(This was not an issue prior to the recent change, as installjdk's
modification of lib/tzdb.dat used to be done only for the "Final setup
on the main image" at the very end of the build, not during the build
for JDKs that are themselves used later during the build.)
The easiest workaround for this issue appears to be to just not bootstrap_build
in the flatpak case, avoiding the situation that a JDK whose lib/tzdb.dat has
been modified through installjdk is used during the build.
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
Update release notes for 8u322-b05.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github
Introduce architecture restriction logic for the gdb test.
Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
Refactor build functions so we can build just HotSpot without any attempt at installation.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
Resolves: rhbz#2045726
Related: rhbz#2051302
Related: rhbz#2041970
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
Port FIPS system detection support to OpenJDK 8u
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
