Commit Graph

72 Commits

Author SHA1 Message Date
Andrew Hughes
d1d3afa07f Update to shenandoah-jdk8u362-b01 (EA)
Update release notes for shenandoah-8u362-b01.
Switch to EA mode for 8u362 pre-release builds.
Drop JDK-8195607/PR3776/RH1760437 now this is upstream

Related: rhbz#2150196
2023-01-10 03:14:55 +00:00
Andrew Hughes
11b43b8213 Update to shenandoah-jdk8u352-b08 (GA)
Update release notes for shenandoah-8u352-b08.
Switch to GA mode for final release.
Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
Add test to ensure timezones can be translated

Resolves: rhbz#2133695
2022-11-08 18:57:55 +00:00
Andrew Hughes
20b95ff808 Update to shenandoah-jdk8u352-b07 (EA)
Update release notes for shenandoah-8u352-b07.
Switch to EA mode for 8u352 pre-release builds.
Rebase FIPS patch against 8u352-b07

Resolves: rhbz#2130623
2022-10-13 01:41:47 +01:00
Andrew Hughes
64ee130bde Allow the default keystore to be configured using security.systemCACerts
Use of the property can now be disabled using -Dsecurity.systemCACerts=
Move cacerts replacement to install section and retain original of this and tzdb.dat

Resolves: rhbz#2077006
2022-08-30 04:59:12 +01:00
Andrew Hughes
b53bb40201 Switch to static builds, reducing system dependencies and making build more portable
Resolves: rhbz#2121273
2022-08-30 04:02:04 +01:00
Andrew Hughes
d9d44a0f3a Disable copy-jdk-configs and bootstrapping for Flatpak builds
There does not appear to be any value in having copy-jdk-config in
Flatpak builds (where a given Flatpak bundles one specific JDK, so no
need for a "Utility script to transfer JDKs configuration files
between updates or for archiving.")

And at least when trying to do a LibreOffice Flatpak build from Fedora
34 RPM specs (which includes java-11-openjdk among its components),
the #!/usr/bin/lua shebang in copy_jdk_configs.lua would have caused a
requirement on /usr/bin/lua, but which a lua RPM bundled in the
Flatpak would not provide (as it would provide /app/bin/lua instead).
And the easiest way to work around that issue is to just disable the
unnecessary copy-jdk-configs.

...after "Temporarily move x86 to use Zero in order to get a working build":

When building the

>       if ${run_bootstrap} ; then

branch for suffix='' and loop='-main', the second

>           buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}

uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line.  But installjdk does

>       rm ${imagepath}/lib/tzdb.dat
>       ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat

which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat
in a flatpak build (rather than the usual
/usr/share/javazi-1.8/tzdb.dat in a non-flatpak build) which is not
present at build-time (but will be present at runtime in at least the
LibreOffice flatpak, which bundles tzdata-java built for the flatpak
/app prefix).  So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.

(This was not an issue prior to the recent change, as installjdk's
modification of lib/tzdb.dat used to be done only for the "Final setup
on the main image" at the very end of the build, not during the build
for JDKs that are themselves used later during the build.)

The easiest workaround for this issue appears to be to just not
bootstrap_build in the flatpak case, avoiding the situation that a JDK
whose lib/tzdb.dat has been modified through installjdk is used during
the build.

Resolves: rhbz#2102727
2022-08-29 01:49:41 +01:00
Andrew Hughes
c2b26f5173 Update to shenandoah-jdk8u345-b01 (GA)
Update release notes for 8u345-b01.

Resolves: rhbz#2112405
2022-08-03 17:09:22 +01:00
Andrew Hughes
e6b27081c4 Update to shenandoah-jdk8u342-b07 (GA)
Update release notes for 8u342-b07.
Switch to GA mode for final release.

Resolves: rhbz#2106509
2022-07-24 04:28:42 +01:00
Andrew Hughes
ececafd95c Update to shenandoah-jdk8u342-b06 (EA)
Update release notes for shenandoah-8u342-b06.
Switch to EA mode for 8u342 pre-release builds.
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Use "git apply" with patches in the tarball script to allow binary diffs
Remove redundant "REPOS" variable from tarball script
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350

Resolves: rhbz#2083322
2022-07-18 01:33:05 +01:00
Andrew Hughes
6602a7ecb8 Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together

Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Explicitly require crypto-policies during build and runtime for system security properties

Resolves: rhbz#2099801
Resolves: rhbz#2100678
2022-07-17 22:01:25 +01:00
Francisco Ferrari Bihurriet
5b6071b392 RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html#ATTRS

Resolves: rhbz#2102435
2022-07-08 17:59:46 +01:00
Andrew Hughes
c88220bce4 Update to shenandoah-jdk8u332-b09 (GA)
Update release notes for 8u332-b09.
Switch to GA mode for final release.

Resolves: rhbz#2074650
2022-04-24 21:54:03 +01:00
Andrew Hughes
5a98735e11 Update to shenandoah-jdk8u332-b06 (EA)
Update release notes for shenandoah-8u332-b06.

Resolves: rhbz#2050457
2022-04-18 03:25:34 +01:00
Andrew Hughes
0d89ca8ecd Update to shenandoah-jdk8u332-b01 (EA)
Update release notes for 8u332-b01.
Switch to EA mode.

Related: rhbz#2050457
2022-04-17 23:54:22 +01:00
Jiri Vanek
a15ebafb7f Removed for ever missing idm-ci.brew-build.tier1.functional
Resolves: rhbz#2058487
2022-03-01 14:42:35 +01:00
Andrew Hughes
336d63d112 Remove 'java --version' test as this is not supported on java-1.8.0-openjdk
Resolves: rhbz#2058487
2022-02-28 07:57:42 +00:00
Andrew Hughes
52c15259b0 Add JDK-8275535 patch to fix LDAP authentication issue.
Resolves: rhbz#2053525
2022-02-28 06:35:30 +00:00
Andrew Hughes
3bd296bf8b Detect NSS at runtime for FIPS detection
Turn off build-time NSS linking and go back to an explicit Requires on NSS

Resolves: rhbz#2052833
2022-02-28 05:58:15 +00:00
Andrew Hughes
eb9a49f69c Storing and restoring alternatives during update manually
* Family extracted to globals
* Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
 - The move of alternatives creation to posttrans to fix:
 - Bug 1200302 - dnf reinstall breaks alternatives
 - Had caused the alternatives to be removed, and then created again,
 - instead of being added, and then removing the old, and thus persisting
 - the selection in family
 - Thus this fix, is storing the family of manually selected master, and if
 - stored, then it is restoring the family of the master

* Resolves: rhbz#2008202
2022-02-28 02:01:21 +00:00
Andrew Hughes
3cc08b65a2 Introduce tests/tests.yml, based on the one in RHEL 8
Resolves: rhbz#2058487
2022-02-27 03:14:27 +00:00
Andrew Hughes
5368472a23 Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
Resolves: rhbz#2052821
2022-02-23 18:00:32 +00:00
Andrew Hughes
01b1de5ea3 Fix FIPS issues in native code and with initialisation of java.security.Security
Resolves: rhbz#2023387
2022-02-22 04:27:44 +00:00
Andrew Hughes
cd6346ac8e Refactor build functions so we can build just HotSpot without any attempt at installation.
Introduce architecture restriction logic for the gdb test. (RH2041970)
Replace GCC 11 patch to remove use of the register keyword with correct fix to ADLC build (JDK-8281098)
Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds

Related: rhbz#2022823
2022-02-21 15:29:05 +00:00
Andrew Hughes
bdb7928b49 Update to aarch64-shenandoah-jdk8u322-b06 (GA)
Update release notes for 8u322-b06.
Switch to GA mode for final release.

Resolves: rhbz#2039398
2022-02-18 01:59:09 +00:00
Andrew Hughes
63981d93e9 Update to aarch64-shenandoah-jdk8u322-b05 (EA)
Update release notes for 8u322-b05.
Switch to EA mode.
Require tzdata 2021c as of JDK-8274407.
Require tzdata 2021e as of JDK-8275766.
Update tarball generation script to use git following shenandoah-jdk8u's move to github

Resolves: rhbz#2022823
2022-02-16 01:29:37 +00:00
Andrew Hughes
9fd7b086e5 Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
Related: rhbz#2022823
2022-02-11 11:37:38 +00:00
Andrew Hughes
f459bf7287 Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy secmod.db file as part
of the nss package. Explicitly tell OpenJDK to use sqlite-based sec
mode.

Resolves: rhbz#2023533
2021-12-06 01:03:47 +00:00
Andrew Hughes
9df29c5890 Update to aarch64-shenandoah-jdk8u312-b07 (GA)
Update release notes for 8u312-b07.
Switch to GA mode for final release.

Resolves: rhbz#2013844
2021-11-10 18:20:43 +00:00
Jiri Vanek
ac6e9295df alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
2021-11-09 14:51:24 +01:00
Andrew Hughes
a3c023b715 Add FIPS patch to allow plain key import.
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false

Resolves: rhbz#1994676
2021-10-10 22:37:12 +01:00
Andrew Hughes
e1f737745d Update to aarch64-shenandoah-jdk8u312-b05 (EA)
Update release notes for 8u312-b05.

Resolves: rhbz#1999939
2021-10-04 03:29:31 +01:00
Andrew Hughes
d3bca21948 Update to aarch64-shenandoah-jdk8u312-b04 (EA)
Update release notes for 8u312-b04.

Related: rhbz#1999939
2021-09-27 15:10:15 +01:00
Andrew Hughes
1acd5bbdff Update to aarch64-shenandoah-jdk8u312-b03 (EA)
Update release notes for 8u312-b03.

Related: rhbz#1999939
2021-09-24 17:34:10 +01:00
Andrew Hughes
21c598bfa9 Reduce disk footprint by removing build artifacts by default.
Related: rhbz#1999939
2021-09-21 22:56:29 +01:00
Andrew Hughes
30f2a04008 Update to aarch64-shenandoah-jdk8u312-b02 (EA)
Update release notes for 8u312-b02.

Related: rhbz#1999939
2021-09-19 13:10:41 +01:00
Andrew Hughes
d3fceb0152 Update to aarch64-shenandoah-jdk8u312-b01 (EA)
Update release notes for 8u312-b01.
Switch to EA mode.
Remove "-clean" suffix as no 8u312 builds are unclean.

Related: rhbz#1999939
2021-09-13 23:46:02 +01:00
Andrew Hughes
f830fdccdc Add patch to login to the NSS software token when in FIPS mode.
Resolves: rhbz#1997363
2021-08-27 23:42:57 +01:00
Andrew Hughes
3034306917 Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Port FIPS system detection support to OpenJDK 8u
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.

Resolves: rhbz#1971696
2021-08-27 18:23:26 +01:00
Florian Weimer
19e706d505 Rebuild for libffi transition (#1891914)
Related: #1891914
2021-08-25 09:41:32 +02:00
Mohan Boddu
198dc34251 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 21:03:57 +00:00
Andrew Hughes
eb98e068b7 Update to aarch64-shenandoah-jdk8u302-b08 (GA)
Update release notes for 8u302-b08.
Switch to GA mode for final release.
Remove non-Free test and demo files from source tarball.

Resolves: rhbz#1967813
2021-08-08 07:22:07 +01:00
Andrew Hughes
6f55767b15 Update to aarch64-shenandoah-jdk8u302-b07 (EA)
Update release notes for 8u302-b07.
Switch to EA mode.
Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.

Resolves: rhbz#1967813
2021-07-20 05:37:28 +01:00
Andrew Hughes
da15b5d337 Support the FIPS mode crypto policy.
Backport FIPS mode patch to java-1.8.0-openjdk, simplifying provider removal.
nss.fips.cfg needs to be moved to %%{etcjavadir} and symlinked into the JDK, like nss.cfg
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Add JDK-8195607/PR3776 to support NSS SQLite databases.
Use appropriate keystore types when in FIPS mode (RH1760838)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when using the NSS-FIPS provider (RH1860986)
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1906862)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode

Resolves: rhbz#1971696
2021-07-08 05:11:48 +01:00
Andrew Hughes
546ea4a501 Remove OpenJFX support as OpenJFX is not in RHEL.
Resolves: rhbz#1973522
2021-07-06 04:40:43 +01:00
Jiri
2e15fb4a88 removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction
Resolves: rhbz#1967813
2021-06-22 12:05:42 +02:00
Jiri
45e148ece1 adapted to newst cjc to fix issue with rpm 4.17
Resolves: rhbz#1967813
2021-06-22 12:05:26 +02:00
Andrew Hughes
39ba964aee Update to aarch64-shenandoah-jdk8u292-b10 (GA)
Update release notes for 8u292-b10.
Hardcode /usr/sbin/alternatives for Flatpak builds
Update tarball generation script to use PR3822 which handles JDK-8233228 & JDK-8035166 changes
Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes.
Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch.
Extend s390 patch to fix issue caused by JDK-8252660 backport and lack of JDK-8188813 in 8u.
Revise JDK-8252660 s390 failure to make _soft_max_size a jlong so pointer types are accurate.
Require tzdata 2020f due to JDK-8259048
Require tzdata 2021a due to JDK-8260356

Resolves: rhbz#1967813
2021-06-17 15:53:41 +01:00
Andrew Hughes
f9ea8b08a8 Removal of atk accessibility bridge bindings:
Removed libatk-wrapper[.]so.* from global _privatelibs
Removed files_accessibility and java_accessibility_rpo macros
Removed patch1 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch and
  patch3 rh1648644-java_access_bridge_privileged_security.patch
Removal of accessibility{,-slowdebug,-fastdebug} subpackages
No longer creating symlinks of %%{_libdir}/java-atk-wrapper/libatk-wrapper.so.0 to
  libatk-wrapper.so and %%{_libdir}/java-atk-wrapper/java-atk-wrapper.jar to java-atk-wrapper.jar
No longer creating %%{_jvmdir}/%{jredir -- $suffix}/lib/accessibility.properties
  with content of "assistive_technologies=org.GNOME.Accessibility.AtkWrapper"
Removal of accessibility{,-slowdebug,-fastdebug} subpackages files sections
Fix upgrade path after removal of accessibility subpackage.  As main accessibility was
 requiring main package, main package no have to obsolete
 java-1.8.0-openjdk-accessibility-{release, slowdebug, fastdebug} < 1:1.8.0.282.b08-5
 otherwise update fails

Resolves: rhbz#1971728
2021-06-17 08:24:21 +01:00
Lukas Zachar
f4e1f24a15 Add gating.yaml from RHEL 2021-06-02 12:58:55 +02:00
Mohan Boddu
c84c3dfc29 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 00:43:32 +00:00