Commit Graph

245 Commits

Author SHA1 Message Date
Jiri Vanek
c8ee6b1f0a Make use of the vendor version string to store our version & release rather than an upstream release date
Include a test in the RPM to check the build has the correct vendor information.
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the
shell.
2022-07-14 15:58:53 +02:00
Andrew Hughes
3d21de4f85 Rebase FIPS patches from fips branch and simplify by using a single patch from that repository
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together

Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
2022-07-07 02:28:45 +01:00
Francisco Ferrari Bihurriet
189cbcedc4 RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9__PKCS11-ATTRIBUTES-CONFIGURATION
2022-06-30 15:01:15 -03:00
Andrew Hughes
7d3e9dc3aa Update to jdk-11.0.15.0+10
Update release notes to 11.0.15.0+10
Switch to GA mode for release
2022-04-24 22:24:43 +01:00
Andrew Hughes
a86ee22a30 Update to jdk-11.0.15.0+8
Update release notes to 11.0.15.0+8
Rebase RH1996182 FIPS patch after JDK-8254410
2022-04-13 03:25:15 +01:00
Andrew Hughes
9f01982008 Update to jdk-11.0.15.0+1
Update release notes to 11.0.15.0+1
Switch to EA mode for 11.0.15 pre-release builds.
2022-04-12 18:04:53 +01:00
Andrew Hughes
021b8f123b Detect NSS at runtime for FIPS detection
Turn off build-time NSS linking and go back to an explicit Requires on NSS
2022-04-12 02:23:12 +01:00
Stephan Bergmann
1ac4052b44 Fix flatpak builds
...after 19065a8b01 "Temporarily move x86 to use
Zero in order to get a working build":

When building the

>       if ${run_bootstrap} ; then

branch for suffix='' and loop='-main', the second

>           buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}

uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line.  But installjdk does

> 	rm ${imagepath}/lib/tzdb.dat
> 	ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat

which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat in a
flatpak build (rather than the usual /usr/share/javazi-1.8/tzdb.dat in a non-
flatpak build) which is not present at build-time (but will be present at
runtime in at least the LibreOffice flatpak, which bundles tzdata-java built for
the flatpak /app prefix).  So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.

(This was not an issue prior to 19065a8b01, as
installjdk's modification of lib/tzdb.dat used to be done only for the "Final
setup on the main image" at the very end of the build, not during the build for
JDKs that are themselves used later during the build.)

The easiest workaround for this issue appears to be to just not bootstrap_build
in the flatpak case, avoiding the situation that a JDK whose lib/tzdb.dat has
been modified through installjdk is used during the build.
2022-04-08 03:54:57 +01:00
Andrew Hughes
bdab54d339 Sync cleanups from release branch. 2022-02-17 17:38:23 +00:00
Andrew Hughes
5049a18bea Reinstate JIT builds on x86_32. 2022-02-16 21:38:12 +00:00
Jiri
ee1af94d18 Bumped release 2022-02-16 14:31:38 +01:00
jiri vanek
d19f97cf90 Merge #148 Correct previous commit 2022-02-15 14:39:52 +00:00
Andrew Hughes
be92f5a29f Correct previous commit 2022-02-14 21:13:05 +00:00
Andrew Hughes
a0dbb38602 Correct previous commit 2022-02-14 21:08:58 +00:00
Jiri
5f2da117f7 Require tzdata 2021e as of JDK-8275766. 2022-02-12 17:04:14 +01:00
Andrew Hughes
7e66e0d62c Update to jdk-11.0.14.1+1
Update release notes to 11.0.14.1+1
2022-02-11 14:05:11 +00:00
Jiri Vanek
d693929c83 Storing and restoring alterntives during update manually
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE

The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family

Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
2022-02-11 10:04:52 +01:00
Jiri Vanek
567234139c family extracted to globals 2022-02-11 10:04:45 +01:00
Jiri Vanek
ac37f1de3e Providing proper provides for javadoc-zip subpk
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
2022-02-11 10:04:39 +01:00
Andrew Hughes
125df0aed5 Re-enable gdb backtrace check. 2022-02-08 15:42:09 +00:00
Jiri
4666ebb41f Moved to stop being system JDK 2022-02-04 20:02:34 +01:00
Andrew Hughes
19065a8b01 Temporarily move x86 to use Zero in order to get a working build
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Refactor build functions so we can build just HotSpot without any attempt at installation.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
2022-02-04 17:14:21 +00:00
Andrew Hughes
6c8bcf1a23 Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent 2022-01-24 19:03:43 +00:00
Andrew Hughes
93129901f7 Update to jdk-11.0.14.0+9
Update release notes to 11.0.14.0+9
Switch to GA mode for final release.
2022-01-24 02:13:58 +00:00
Fedora Release Engineering
11fc7fb37b - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 13:39:53 +00:00
Andrew Hughes
006245df65 Improve architecture restrictions for the gdb test.
Disable only on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
2022-01-19 01:21:47 +00:00
Andrew Hughes
9a3935f9ea Fix FIPS issues in native code and with initialisation of java.security.Security 2022-01-18 02:21:22 +00:00
Andrew Hughes
75de074e84 Sync gdb test with java-1.8.0-openjdk and disable for now until gdb is fixed. 2022-01-17 00:41:46 +00:00
Andrew Hughes
97bfebb41c Update to jdk-11.0.14.0+8
Update release notes to 11.0.14.0+8
2022-01-16 04:02:28 +00:00
Andrew Hughes
2652be95f2 Update to jdk-11.0.14.0+1
Update release notes to 11.0.14.0+1
Switch to EA mode for 11.0.14 pre-release builds.
Rename blacklisted.certs to blocked.certs following JDK-8253866
Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034
2021-12-13 05:18:54 +00:00
Andrew Hughes
3aa600bac9 Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. 2021-11-08 00:49:48 +00:00
Severin Gehwolf
633d5f0b03 Use 'sql:' prefix in nss.fips.cfg
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.

Resolves: RHBZ#2019555
2021-11-05 14:42:59 +01:00
Jiri Vanek
13b0ed6aba Added missing endif/if so javadoc is not tied with javadoc-zip 2021-11-04 20:52:16 +01:00
Jiri Vanek
2bfd45717e Fixed comment of for slowdebug to correct any debug 2021-11-04 20:51:03 +01:00
Jiri Vanek
a838289066 Replaced hardcoded 11 by featurever where apporpriate 2021-11-04 20:50:22 +01:00
Andrew Hughes
b6f1dacc01 Reduce disk footprint by removing build artifacts by default. 2021-10-26 16:43:24 +01:00
Andrew Hughes
71fb59352f Update to jdk-11.0.12.0+8
Update release notes to 11.0.12.0+8
Switch to GA mode for final release.
2021-10-20 01:19:40 +01:00
Andrew Hughes
afd7cc8846 Update to jdk-11.0.13.0+7
Update release notes to 11.0.13.0+7
2021-10-12 01:56:51 +01:00
Andrew Hughes
020aa81de3 Update to jdk-11.0.13.0+1
Update release notes to 11.0.13.0+1
Update tarball generation script to use git following OpenJDK 11u's move to github
Switch to EA mode for 11.0.13 pre-release builds.
Remove "-clean" suffix as no 11.0.13 builds are unclean.
Drop JDK-8269668 patch which is now applied upstream.
2021-10-12 00:18:06 +01:00
Andrew Hughes
ca39249070 Add patch to allow plain key import
Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
2021-10-09 22:53:28 +01:00
Andrew Hughes
ad715cbd7d Restructure the build so a minimal initial build is then used for the final build (with docs)
This reduces pressure on the system JDK and ensures the JDK being built can do a full build
2021-10-04 17:57:15 +01:00
Andrew Hughes
83375279df Add patch to login to the NSS software token when in FIPS mode.
Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc.
2021-09-06 01:02:37 +01:00
Jiri Vanek
e782dfa8d3 added posttrans hook which persist sanity of dir->symlink
in case of udpate from ancient versions
2021-09-02 17:59:00 +02:00
Jiri Vanek
a7de280fe0 minor cosmetic improvements to make spec more comparable between variants 2021-09-02 17:44:53 +02:00
Jiri Vanek
5854bfce04 Fixed date 2021-08-31 17:42:49 +02:00
Jiri Vanek
1d49cce8be Bumped release to have set of two packages with posts change 2021-08-31 16:50:08 +02:00
Jiri Vanek
f2d7186c1f alternatives creation moved to posttrans
Thus fixing the old reisntall issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1200302
https://bugzilla.redhat.com/show_bug.cgi?id=1976053
2021-08-30 16:21:11 +02:00
Andrew Hughes
5184e9134e Remove non-Free test from source tarball. 2021-08-09 02:15:00 +01:00
Severin Gehwolf
e2848ca819 Fix java.library.path issue on aarch64 (JDK-8269668)
Resolves: rhbz#1977671
2021-07-28 19:22:14 +01:00
Fedora Release Engineering
c40dc6eb2e - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 08:56:53 +00:00