Turn on system security properties as part of the build's install section
Move cacerts replacement to install section and retain original of this and tzdb.dat Run tests on the installed image, rather than the build image Introduce variables to refer to the static library installation directories Use relative symlinks so they work within the image Run debug symbols check during build stage, before the install strips them Related: rhbz#2100677
This commit is contained in:
parent
fb297243dc
commit
dca2f55ea3
@ -336,7 +336,7 @@
|
|||||||
%global top_level_dir_name %{origin}
|
%global top_level_dir_name %{origin}
|
||||||
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
%global top_level_dir_name_backup %{top_level_dir_name}-backup
|
||||||
%global buildver 7
|
%global buildver 7
|
||||||
%global rpmrelease 4
|
%global rpmrelease 5
|
||||||
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
|
||||||
%if %is_system_jdk
|
%if %is_system_jdk
|
||||||
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
|
||||||
@ -400,6 +400,10 @@
|
|||||||
# images directories from upstream build
|
# images directories from upstream build
|
||||||
%global jdkimage jdk
|
%global jdkimage jdk
|
||||||
%global static_libs_image static-libs
|
%global static_libs_image static-libs
|
||||||
|
# installation directory for static libraries
|
||||||
|
%global static_libs_root lib/static
|
||||||
|
%global static_libs_arch_dir %{static_libs_root}/linux-%{archinstall}
|
||||||
|
%global static_libs_install_dir %{static_libs_arch_dir}/glibc
|
||||||
# output dir stub
|
# output dir stub
|
||||||
%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
|
%define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}}
|
||||||
# we can copy the javadoc to not arched dir, or make it not noarch
|
# we can copy the javadoc to not arched dir, or make it not noarch
|
||||||
@ -806,6 +810,7 @@ exit 0
|
|||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfont.properties.ja
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfont.properties.ja
|
||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfontj2d.properties
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/psfontj2d.properties
|
||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat
|
||||||
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/tzdb.dat.upstream
|
||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libjli.so
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libjli.so
|
||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jvm.cfg
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/jvm.cfg
|
||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libattach.so
|
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libattach.so
|
||||||
@ -864,6 +869,7 @@ exit 0
|
|||||||
%dir %{etcjavadir -- %{?1}}/lib
|
%dir %{etcjavadir -- %{?1}}/lib
|
||||||
%dir %{etcjavadir -- %{?1}}/lib/security
|
%dir %{etcjavadir -- %{?1}}/lib/security
|
||||||
%{etcjavadir -- %{?1}}/lib/security/cacerts
|
%{etcjavadir -- %{?1}}/lib/security/cacerts
|
||||||
|
%{etcjavadir -- %{?1}}/lib/security/cacerts.upstream
|
||||||
%dir %{etcjavadir -- %{?1}}/conf
|
%dir %{etcjavadir -- %{?1}}/conf
|
||||||
%dir %{etcjavadir -- %{?1}}/conf/sdp
|
%dir %{etcjavadir -- %{?1}}/conf/sdp
|
||||||
%dir %{etcjavadir -- %{?1}}/conf/management
|
%dir %{etcjavadir -- %{?1}}/conf/management
|
||||||
@ -1034,10 +1040,10 @@ exit 0
|
|||||||
}
|
}
|
||||||
|
|
||||||
%define files_static_libs() %{expand:
|
%define files_static_libs() %{expand:
|
||||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static
|
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_root}
|
||||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}
|
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_arch_dir}
|
||||||
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}/glibc
|
%dir %{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_install_dir}
|
||||||
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/static/linux-%{archinstall}/glibc/lib*.a
|
%{_jvmdir}/%{sdkdir -- %{?1}}/%{static_libs_install_dir}/lib*.a
|
||||||
}
|
}
|
||||||
|
|
||||||
%define files_javadoc() %{expand:
|
%define files_javadoc() %{expand:
|
||||||
@ -1812,6 +1818,7 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
|
|||||||
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
|
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
# How many CPU's do we have?
|
# How many CPU's do we have?
|
||||||
export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
|
export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :)
|
||||||
export NUM_PROC=${NUM_PROC:-1}
|
export NUM_PROC=${NUM_PROC:-1}
|
||||||
@ -1952,9 +1959,18 @@ function installjdk() {
|
|||||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||||
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
||||||
|
|
||||||
|
# Turn on system security properties
|
||||||
|
sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
|
||||||
|
${imagepath}/conf/security/java.security
|
||||||
|
|
||||||
# Use system-wide tzdata
|
# Use system-wide tzdata
|
||||||
rm ${imagepath}/lib/tzdb.dat
|
mv ${imagepath}/lib/tzdb.dat{,.upstream}
|
||||||
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
|
ln -sv %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
|
||||||
|
|
||||||
|
# Rename OpenJDK cacerts database
|
||||||
|
mv ${imagepath}/lib/security/cacerts{,.upstream}
|
||||||
|
# Install cacerts symlink needed by some apps which hard-code the path
|
||||||
|
ln -sv /etc/pki/java/cacerts ${imagepath}/lib/security
|
||||||
|
|
||||||
# Create fake alt-java as a placeholder for future alt-java
|
# Create fake alt-java as a placeholder for future alt-java
|
||||||
pushd ${imagepath}
|
pushd ${imagepath}
|
||||||
@ -1965,6 +1981,82 @@ function installjdk() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Checks on debuginfo must be performed before the files are stripped
|
||||||
|
# by the RPM installation stage
|
||||||
|
function debugcheckjdk() {
|
||||||
|
local imagepath=${1}
|
||||||
|
|
||||||
|
if [ -d ${imagepath} ] ; then
|
||||||
|
|
||||||
|
so_suffix="so"
|
||||||
|
# Check debug symbols are present and can identify code
|
||||||
|
find "${imagepath}" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
|
||||||
|
do
|
||||||
|
if [ -f "$lib" ] ; then
|
||||||
|
echo "Testing $lib for debug symbols"
|
||||||
|
# All these tests rely on RPM failing the build if the exit code of any set
|
||||||
|
# of piped commands is non-zero.
|
||||||
|
|
||||||
|
# Test for .debug_* sections in the shared object. This is the main test
|
||||||
|
# Stripped objects will not contain these
|
||||||
|
eu-readelf -S "$lib" | grep "] .debug_"
|
||||||
|
test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
|
||||||
|
|
||||||
|
# Test FILE symbols. These will most likely be removed by anything that
|
||||||
|
# manipulates symbol tables because it's generally useless. So a nice test
|
||||||
|
# that nothing has messed with symbols
|
||||||
|
old_IFS="$IFS"
|
||||||
|
IFS=$'\n'
|
||||||
|
for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
|
||||||
|
do
|
||||||
|
# We expect to see .cpp files, except for architectures like aarch64 and
|
||||||
|
# s390 where we expect .o and .oS files
|
||||||
|
echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
|
||||||
|
done
|
||||||
|
IFS="$old_IFS"
|
||||||
|
|
||||||
|
# If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
|
||||||
|
if [ "`basename $lib`" = "libjvm.so" ]; then
|
||||||
|
eu-readelf -s "$lib" | \
|
||||||
|
grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Test that there are no .gnu_debuglink sections pointing to another
|
||||||
|
# debuginfo file. There shouldn't be any debuginfo files, so the link makes
|
||||||
|
# no sense either
|
||||||
|
eu-readelf -S "$lib" | grep 'gnu'
|
||||||
|
if eu-readelf -S "$lib" | grep "\] .gnu_debuglink" | grep PROGBITS; then
|
||||||
|
echo "bad .gnu_debuglink section."
|
||||||
|
eu-readelf -x .gnu_debuglink "$lib"
|
||||||
|
false
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Make sure gdb can do a backtrace based on line numbers on libjvm.so
|
||||||
|
# javaCalls.cpp:58 should map to:
|
||||||
|
# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58
|
||||||
|
# Using line number 1 might cause build problems. See:
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1539664
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1538767
|
||||||
|
gdb -q "${imagepath}/bin/java" <<EOF | tee gdb.out
|
||||||
|
handle SIGSEGV pass nostop noprint
|
||||||
|
handle SIGILL pass nostop noprint
|
||||||
|
set breakpoint pending on
|
||||||
|
break javaCalls.cpp:58
|
||||||
|
commands 1
|
||||||
|
backtrace
|
||||||
|
quit
|
||||||
|
end
|
||||||
|
run -version
|
||||||
|
EOF
|
||||||
|
%ifarch %{gdb_arches}
|
||||||
|
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
|
||||||
|
%endif
|
||||||
|
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
%if %{build_hotspot_first}
|
%if %{build_hotspot_first}
|
||||||
# Build a fresh libjvm.so first and use it to bootstrap
|
# Build a fresh libjvm.so first and use it to bootstrap
|
||||||
cp -LR --preserve=mode,timestamps %{bootjdk} newboot
|
cp -LR --preserve=mode,timestamps %{bootjdk} newboot
|
||||||
@ -2031,6 +2123,8 @@ for suffix in %{build_loop} ; do
|
|||||||
# Final setup on the main image
|
# Final setup on the main image
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
||||||
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
|
# Check debug symbols were built into the dynamic libraries
|
||||||
|
debugcheckjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
|
|
||||||
# build cycles
|
# build cycles
|
||||||
done # end of release / debug cycle loop
|
done # end of release / debug cycle loop
|
||||||
@ -2040,22 +2134,11 @@ done # end of release / debug cycle loop
|
|||||||
# We test debug first as it will give better diagnostics on a crash
|
# We test debug first as it will give better diagnostics on a crash
|
||||||
for suffix in %{build_loop} ; do
|
for suffix in %{build_loop} ; do
|
||||||
|
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
export JAVA_HOME=${RPM_BUILD_ROOT}%{_jvmdir}/%{sdkdir -- $suffix}
|
||||||
%if %{include_staticlibs}
|
|
||||||
top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticlibs_loop}}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
|
||||||
|
|
||||||
# Pre-test setup
|
|
||||||
|
|
||||||
# Turn on system security properties
|
|
||||||
sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
|
|
||||||
${JAVA_HOME}/conf/security/java.security
|
|
||||||
|
|
||||||
#check Shenandoah is enabled
|
#check Shenandoah is enabled
|
||||||
%if %{use_shenandoah_hotspot}
|
%if %{use_shenandoah_hotspot}
|
||||||
$JAVA_HOME//bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -version
|
$JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -version
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Check unlimited policy has been used
|
# Check unlimited policy has been used
|
||||||
@ -2087,76 +2170,9 @@ if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; els
|
|||||||
|
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
# Check debug symbols in static libraries (smoke test)
|
# Check debug symbols in static libraries (smoke test)
|
||||||
export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}
|
export STATIC_LIBS_HOME=${JAVA_HOME}/%{static_libs_install_dir}
|
||||||
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
|
readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c
|
||||||
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
|
readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c
|
||||||
%endif
|
|
||||||
|
|
||||||
so_suffix="so"
|
|
||||||
# Check debug symbols are present and can identify code
|
|
||||||
find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
|
|
||||||
do
|
|
||||||
if [ -f "$lib" ] ; then
|
|
||||||
echo "Testing $lib for debug symbols"
|
|
||||||
# All these tests rely on RPM failing the build if the exit code of any set
|
|
||||||
# of piped commands is non-zero.
|
|
||||||
|
|
||||||
# Test for .debug_* sections in the shared object. This is the main test
|
|
||||||
# Stripped objects will not contain these
|
|
||||||
eu-readelf -S "$lib" | grep "] .debug_"
|
|
||||||
test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2
|
|
||||||
|
|
||||||
# Test FILE symbols. These will most likely be removed by anything that
|
|
||||||
# manipulates symbol tables because it's generally useless. So a nice test
|
|
||||||
# that nothing has messed with symbols
|
|
||||||
old_IFS="$IFS"
|
|
||||||
IFS=$'\n'
|
|
||||||
for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT")
|
|
||||||
do
|
|
||||||
# We expect to see .cpp files, except for architectures like aarch64 and
|
|
||||||
# s390 where we expect .o and .oS files
|
|
||||||
echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$"
|
|
||||||
done
|
|
||||||
IFS="$old_IFS"
|
|
||||||
|
|
||||||
# If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking
|
|
||||||
if [ "`basename $lib`" = "libjvm.so" ]; then
|
|
||||||
eu-readelf -s "$lib" | \
|
|
||||||
grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Test that there are no .gnu_debuglink sections pointing to another
|
|
||||||
# debuginfo file. There shouldn't be any debuginfo files, so the link makes
|
|
||||||
# no sense either
|
|
||||||
eu-readelf -S "$lib" | grep 'gnu'
|
|
||||||
if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then
|
|
||||||
echo "bad .gnu_debuglink section."
|
|
||||||
eu-readelf -x .gnu_debuglink "$lib"
|
|
||||||
false
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Make sure gdb can do a backtrace based on line numbers on libjvm.so
|
|
||||||
# javaCalls.cpp:58 should map to:
|
|
||||||
# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58
|
|
||||||
# Using line number 1 might cause build problems. See:
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1539664
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1538767
|
|
||||||
gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
|
|
||||||
handle SIGSEGV pass nostop noprint
|
|
||||||
handle SIGILL pass nostop noprint
|
|
||||||
set breakpoint pending on
|
|
||||||
break javaCalls.cpp:58
|
|
||||||
commands 1
|
|
||||||
backtrace
|
|
||||||
quit
|
|
||||||
end
|
|
||||||
run -version
|
|
||||||
EOF
|
|
||||||
|
|
||||||
%ifarch %{gdb_arches}
|
|
||||||
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
|
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Check src.zip has all sources. See RHBZ#1130490
|
# Check src.zip has all sources. See RHBZ#1130490
|
||||||
@ -2203,17 +2219,10 @@ pushd ${jdk_image}
|
|||||||
install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
|
install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
|
||||||
for name in $tapsetFiles ; do
|
for name in $tapsetFiles ; do
|
||||||
targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
|
targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
|
||||||
ln -sf %{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
|
ln -srvf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
|
||||||
done
|
done
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Remove empty cacerts database
|
|
||||||
rm -f $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security/cacerts
|
|
||||||
# Install cacerts symlink needed by some apps which hard-code the path
|
|
||||||
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/security
|
|
||||||
ln -sf /etc/pki/java/cacerts .
|
|
||||||
popd
|
|
||||||
|
|
||||||
# Install version-ed symlinks
|
# Install version-ed symlinks
|
||||||
pushd $RPM_BUILD_ROOT%{_jvmdir}
|
pushd $RPM_BUILD_ROOT%{_jvmdir}
|
||||||
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
|
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
|
||||||
@ -2233,11 +2242,12 @@ pushd ${jdk_image}
|
|||||||
rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
|
rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
|
||||||
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
# Install static libs artefacts
|
# Install static libs artefacts
|
||||||
%if %{include_staticlibs}
|
%if %{include_staticlibs}
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc
|
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
|
||||||
cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
|
cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
|
||||||
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/lib/static/linux-%{archinstall}/glibc
|
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
if ! echo $suffix | grep -q "debug" ; then
|
if ! echo $suffix | grep -q "debug" ; then
|
||||||
@ -2282,10 +2292,10 @@ mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
|
|||||||
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/ $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
|
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/ $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
|
||||||
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
|
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
|
||||||
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
|
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
|
||||||
ln -s %{etcjavadir -- $suffix}/conf ./conf
|
ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/conf ./conf
|
||||||
popd
|
popd
|
||||||
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
|
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
|
||||||
ln -s %{etcjavadir -- $suffix}/lib/security ./security
|
ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/lib/security ./security
|
||||||
popd
|
popd
|
||||||
# end moving files to /etc
|
# end moving files to /etc
|
||||||
|
|
||||||
@ -2541,6 +2551,15 @@ cjc.mainProgram(args)
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 08 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.3.0.7-5
|
||||||
|
- Turn on system security properties as part of the build's install section
|
||||||
|
- Move cacerts replacement to install section and retain original of this and tzdb.dat
|
||||||
|
- Run tests on the installed image, rather than the build image
|
||||||
|
- Introduce variables to refer to the static library installation directories
|
||||||
|
- Use relative symlinks so they work within the image
|
||||||
|
- Run debug symbols check during build stage, before the install strips them
|
||||||
|
- Related: rhbz#2100677
|
||||||
|
|
||||||
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-4
|
* Thu Jun 30 2022 Francisco Ferrari Bihurriet <fferrari@redhat.com> - 1:17.0.3.0.7-4
|
||||||
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
|
- RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
|
||||||
- Resolves: rhbz#2102433
|
- Resolves: rhbz#2102433
|
||||||
|
Loading…
Reference in New Issue
Block a user