Commit Graph

232 Commits

Author SHA1 Message Date
Andrew Hughes
be92f5a29f Correct previous commit 2022-02-14 21:13:05 +00:00
Jiri
5f2da117f7 Require tzdata 2021e as of JDK-8275766. 2022-02-12 17:04:14 +01:00
Andrew Hughes
7e66e0d62c Update to jdk-11.0.14.1+1
Update release notes to 11.0.14.1+1
2022-02-11 14:05:11 +00:00
Jiri Vanek
d693929c83 Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE

The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family

Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
2022-02-11 10:04:52 +01:00
Jiri Vanek
567234139c family extracted to globals 2022-02-11 10:04:45 +01:00
Jiri Vanek
ac37f1de3e Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
2022-02-11 10:04:39 +01:00
Andrew Hughes
125df0aed5 Re-enable gdb backtrace check. 2022-02-08 15:42:09 +00:00
Jiri
4666ebb41f Moved to stop being system JDK 2022-02-04 20:02:34 +01:00
Andrew Hughes
19065a8b01 Temporarily move x86 to use Zero in order to get a working build
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Refactor build functions so we can build just HotSpot without any attempt at installation.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
2022-02-04 17:14:21 +00:00
Andrew Hughes
6c8bcf1a23 Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent 2022-01-24 19:03:43 +00:00
Andrew Hughes
93129901f7 Update to jdk-11.0.14.0+9
Update release notes to 11.0.14.0+9
Switch to GA mode for final release.
2022-01-24 02:13:58 +00:00
Fedora Release Engineering
11fc7fb37b - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 13:39:53 +00:00
Andrew Hughes
006245df65 Improve architecture restrictions for the gdb test.
Disable only on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
2022-01-19 01:21:47 +00:00
Andrew Hughes
9a3935f9ea Fix FIPS issues in native code and with initialisation of java.security.Security 2022-01-18 02:21:22 +00:00
Andrew Hughes
75de074e84 Sync gdb test with java-1.8.0-openjdk and disable for now until gdb is fixed. 2022-01-17 00:41:46 +00:00
Andrew Hughes
97bfebb41c Update to jdk-11.0.14.0+8
Update release notes to 11.0.14.0+8
2022-01-16 04:02:28 +00:00
Andrew Hughes
2652be95f2 Update to jdk-11.0.14.0+1
Update release notes to 11.0.14.0+1
Switch to EA mode for 11.0.14 pre-release builds.
Rename blacklisted.certs to blocked.certs following JDK-8253866
Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034
2021-12-13 05:18:54 +00:00
Andrew Hughes
3aa600bac9 Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. 2021-11-08 00:49:48 +00:00
Severin Gehwolf
633d5f0b03 Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.

Resolves: RHBZ#2019555
2021-11-05 14:42:59 +01:00
Jiri Vanek
13b0ed6aba Added missing endif/if so javadoc is not tied with javadoc-zip 2021-11-04 20:52:16 +01:00
Jiri Vanek
2bfd45717e Fixed comment of for slowdebug to correct any debug 2021-11-04 20:51:03 +01:00
Jiri Vanek
a838289066 Replaced hardcoded 11 by featurever where apporpriate 2021-11-04 20:50:22 +01:00
Andrew Hughes
b6f1dacc01 Reduce disk footprint by removing build artifacts by default. 2021-10-26 16:43:24 +01:00
Andrew Hughes
71fb59352f Update to jdk-11.0.12.0+8
Update release notes to 11.0.12.0+8
Switch to GA mode for final release.
2021-10-20 01:19:40 +01:00
Andrew Hughes
afd7cc8846 Update to jdk-11.0.13.0+7
Update release notes to 11.0.13.0+7
2021-10-12 01:56:51 +01:00
Andrew Hughes
020aa81de3 Update to jdk-11.0.13.0+1
Update release notes to 11.0.13.0+1
Update tarball generation script to use git following OpenJDK 11u's move to github
Switch to EA mode for 11.0.13 pre-release builds.
Remove "-clean" suffix as no 11.0.13 builds are unclean.
Drop JDK-8269668 patch which is now applied upstream.
2021-10-12 00:18:06 +01:00
Andrew Hughes
ca39249070 Add patch to allow plain key import
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
2021-10-09 22:53:28 +01:00
Andrew Hughes
ad715cbd7d Restructure the build so a minimal initial build is then used for the final build (with docs)
This reduces pressure on the system JDK and ensures the JDK being built can do a full build
2021-10-04 17:57:15 +01:00
Andrew Hughes
83375279df Add patch to login to the NSS software token when in FIPS mode.
Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc.
2021-09-06 01:02:37 +01:00
Jiri Vanek
e782dfa8d3 added posttrans hook which persist sanity of dir->symlink
in case of udpate from ancient versions
2021-09-02 17:59:00 +02:00
Jiri Vanek
a7de280fe0 minor cosmetic improvements to make spec more comparable between variants 2021-09-02 17:44:53 +02:00
Jiri Vanek
5854bfce04 Fixed date 2021-08-31 17:42:49 +02:00
Jiri Vanek
1d49cce8be Bumped release to have set of two packages with posts change 2021-08-31 16:50:08 +02:00
Jiri Vanek
f2d7186c1f alternatives creation moved to posttrans
Thus fixing the old reisntall issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1200302
https://bugzilla.redhat.com/show_bug.cgi?id=1976053
2021-08-30 16:21:11 +02:00
Andrew Hughes
5184e9134e Remove non-Free test from source tarball. 2021-08-09 02:15:00 +01:00
Severin Gehwolf
e2848ca819 Fix java.library.path issue on aarch64 (JDK-8269668)
Resolves: rhbz#1977671
2021-07-28 19:22:14 +01:00
Fedora Release Engineering
c40dc6eb2e - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 08:56:53 +00:00
Andrew Hughes
ca281c8fe6 Update to jdk-11.0.12.0+7
Update release notes to 11.0.12.0+7
Switch to GA mode for final release.
2021-07-21 05:57:34 +01:00
Andrew Hughes
f0bef6ebc0 Update to jdk-11.0.12.0+6
Update release notes to 11.0.12.0+6
Skip 11.0.12.0+5 as 11.0.12.0+6 only adds a test change
2021-07-09 04:24:11 +01:00
Andrew Hughes
f0e35f6c1a Update to jdk-11.0.12.0+4
Update release notes to 11.0.12.0+4
Correct bug ID JDK-8264846 to intended ID of JDK-8264848
2021-07-08 05:42:02 +01:00
Andrew Hughes
d13c101ca5 Update to jdk-11.0.12.0+3
Update release notes to 11.0.12.0+3
2021-07-07 06:47:21 +01:00
Andrew Hughes
bcc8874fb1 Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
2021-07-02 17:55:19 +01:00
Andrew Hughes
0ff03bc290 Update to jdk-11.0.12.0+2
Update release notes to 11.0.12.0+2
2021-07-02 17:45:38 +01:00
Andrew Hughes
c73f8f24aa Update to jdk-11.0.12.0+1
Update release notes to 11.0.12.0+1
Switch to EA mode for 11.0.12 pre-release builds.
Update ECC patch following JDK-8226374 (bug ID yet to be confirmed)
2021-06-30 05:19:00 +01:00
Andrew Hughes
bd1d801cc3 Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
2021-06-09 03:07:29 +01:00
Andrew Hughes
c96e1e74e2 Support the FIPS mode crypto policy (RH1655466)
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)

Resolves: rhbz#1830090
2021-06-02 17:54:48 +01:00
Jiri Vanek
0eeb4a6e13 removed cjc backward comaptiblity, to fix when both rpm 4.16 and 4.17 are in transaction 2021-05-07 14:52:46 +02:00
Severin Gehwolf
aca26b36f4 Fix bogus date in changelog 2021-04-30 17:42:55 +02:00
Severin Gehwolf
4b607408ff Remove -fcommon work-around
OpenJDK 11 code has been fixed with and no longer
needs the -fcommon workaround. Remove the option as
this could potentially mask code issues.
2021-04-30 17:41:18 +02:00
Jiri
2adbf848e0 Adapted to rpm 4.17 and cjc 4.0
As rpm 4.17 dropped arg from varaibale table, cjc now have to be sued as
module. cjc 4.0 was converted to module
2021-04-29 16:59:13 +02:00