From c8ee6b1f0a73db9ed9a02f85317fb03552ae12ff Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Thu, 14 Jul 2022 15:58:53 +0200 Subject: [PATCH] Make use of the vendor version string to store our version & release rather than an upstream release date Include a test in the RPM to check the build has the correct vendor information. Fix issue where CheckVendor.java test erroneously passes when it should fail. Add proper quoting so '&' is not treated as a special character by the shell. --- CheckVendor.java | 18 +++++++++++++----- java-11-openjdk.spec | 25 ++++++++++++++----------- 2 files changed, 27 insertions(+), 16 deletions(-) diff --git a/CheckVendor.java b/CheckVendor.java index e2101cf..29b296b 100644 --- a/CheckVendor.java +++ b/CheckVendor.java @@ -21,8 +21,8 @@ along with this program. If not, see . public class CheckVendor { public static void main(String[] args) { - if (args.length < 3) { - System.err.println("CheckVendor "); + if (args.length < 4) { + System.err.println("CheckVendor "); System.exit(1); } @@ -32,6 +32,8 @@ public class CheckVendor { String expectedVendorURL = args[1]; String vendorBugURL = System.getProperty("java.vendor.url.bug"); String expectedVendorBugURL = args[2]; + String vendorVersionString = System.getProperty("java.vendor.version"); + String expectedVendorVersionString = args[3]; if (!expectedVendor.equals(vendor)) { System.err.printf("Invalid vendor %s, expected %s\n", @@ -46,12 +48,18 @@ public class CheckVendor { } if (!expectedVendorBugURL.equals(vendorBugURL)) { - System.err.printf("Invalid vendor bug URL%s, expected %s\n", + System.err.printf("Invalid vendor bug URL %s, expected %s\n", vendorBugURL, expectedVendorBugURL); System.exit(4); } - System.err.printf("Vendor information verified as %s, %s, %s\n", - vendor, vendorURL, vendorBugURL); + if (!expectedVendorVersionString.equals(vendorVersionString)) { + System.err.printf("Invalid vendor version string %s, expected %s\n", + vendorVersionString, expectedVendorVersionString); + System.exit(5); + } + + System.err.printf("Vendor information verified as %s, %s, %s, %s\n", + vendor, vendorURL, vendorBugURL, vendorVersionString); } } diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec index abb1e02..ef91824 100644 --- a/java-11-openjdk.spec +++ b/java-11-openjdk.spec @@ -319,12 +319,8 @@ # New Version-String scheme-style defines %global featurever 11 %global interimver 0 -%global updatever 15 +%global updatever 16 %global patchver 0 -# If you bump featurever, you must bump also vendor_version_string -# Used via new version scheme. JDK 11 was -# GA'ed in September 2018 => 18.9 -%global vendor_version_string 18.9 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, # and this it is better to change it here, on single place @@ -357,6 +353,7 @@ %endif %endif %endif +%global oj_vendor_version (Red_Hat-%{version}-%{release}) # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 @@ -369,7 +366,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 10 -%global rpmrelease 3 +%global rpmrelease 4 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -1750,6 +1747,8 @@ The %{origin_nice} %{featurever} API documentation compressed in a single archiv %prep +echo "Preparing %{oj_vendor_version}" + # Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-( %if 0%{?stapinstall:1} echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}" @@ -1925,7 +1924,7 @@ function buildjdk() { --with-version-build=%{buildver} \ --with-version-pre="%{ea_designator}" \ --with-version-opt=%{lts_designator} \ - --with-vendor-version-string="%{vendor_version_string}" \ + --with-vendor-version-string="%{oj_vendor_version}" \ --with-vendor-name="%{oj_vendor}" \ --with-vendor-url="%{oj_vendor_url}" \ --with-vendor-bug-url="%{oj_vendor_bug_url}" \ @@ -2126,10 +2125,6 @@ export SEC_DEBUG="-Djava.security.debug=properties" $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" - # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -2140,6 +2135,10 @@ nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}" + %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image} @@ -2617,6 +2616,10 @@ end %endif %changelog +* Thu Jul 14 2022 Andrew Hughes - 1:11.0.15.0.10-4 +- Make use of the vendor version string to store our version & release rather than an upstream release date +- Include a test in the RPM to check the build has the correct vendor information. + * Thu Jul 07 2022 Andrew Hughes - 1:11.0.15.0.10-3 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage