import java-17-openjdk-17.0.2.0.8-5.el9

This commit is contained in:
CentOS Sources 2022-04-05 05:44:07 -04:00 committed by Stepan Oksanichenko
parent 7b88c01e98
commit e9627fdd85
3 changed files with 397 additions and 151 deletions

View File

@ -0,0 +1,28 @@
commit 4ac1a03b3ec73358988553fe9e200130847ea3b4
Author: Andrew Hughes <gnu.andrew@redhat.com>
Date: Mon Jan 10 20:19:40 2022 +0000
RH2021263: Make sure java.security.Security is initialised when retrieving JavaSecuritySystemConfiguratorAccess instance
diff --git openjdk.orig/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
index 5a2c9eb0c46..a1ee182d913 100644
--- openjdk.orig/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
+++ openjdk/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java
@@ -39,6 +39,7 @@ import java.io.FilePermission;
import java.io.ObjectInputStream;
import java.io.RandomAccessFile;
import java.security.ProtectionDomain;
+import java.security.Security;
import java.security.Signature;
/** A repository of "shared secrets", which are a mechanism for
@@ -449,6 +450,9 @@ public class SharedSecrets {
}
public static JavaSecuritySystemConfiguratorAccess getJavaSecuritySystemConfiguratorAccess() {
+ if (javaSecuritySystemConfiguratorAccess == null) {
+ ensureClassInitialized(Security.class);
+ }
return javaSecuritySystemConfiguratorAccess;
}
}

View File

@ -0,0 +1,24 @@
commit 8f6e35dc9e9289aed290b36e260beeda76986bb5
Author: Fridrich Strba <fstrba@suse.com>
Date: Mon Jan 10 19:32:01 2022 +0000
RH2021263: Return in C code after having generated Java exception
diff --git openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
index 38919d6bb0f..caf678a7dd6 100644
--- openjdk.orig/src/java.base/linux/native/libsystemconf/systemconf.c
+++ openjdk/src/java.base/linux/native/libsystemconf/systemconf.c
@@ -151,11 +151,13 @@ JNIEXPORT jboolean JNICALL Java_java_security_SystemConfigurator_getSystemFIPSEn
dbgPrint(env, "getSystemFIPSEnabled: reading " FIPS_ENABLED_PATH);
if ((fe = fopen(FIPS_ENABLED_PATH, "r")) == NULL) {
throwIOException(env, "Cannot open " FIPS_ENABLED_PATH);
+ return JNI_FALSE;
}
fips_enabled = fgetc(fe);
fclose(fe);
if (fips_enabled == EOF) {
throwIOException(env, "Cannot read " FIPS_ENABLED_PATH);
+ return JNI_FALSE;
}
msg_bytes = snprintf(msg, MSG_MAX_SIZE, "getSystemFIPSEnabled:" \
" read character is '%c'", fips_enabled);

View File

@ -12,10 +12,7 @@
# #
# Only produce a release build on x86_64: # Only produce a release build on x86_64:
# $ fedpkg mockbuild --without slowdebug --without fastdebug # $ fedpkg mockbuild --without slowdebug --without fastdebug
#
# Only produce a debug build on x86_64:
# $ fedpkg local --without release
#
# Enable fastdebug builds by default on relevant arches. # Enable fastdebug builds by default on relevant arches.
%bcond_without fastdebug %bcond_without fastdebug
# Enable slowdebug builds by default on relevant arches. # Enable slowdebug builds by default on relevant arches.
@ -24,6 +21,8 @@
%bcond_without release %bcond_without release
# Enable static library builds by default. # Enable static library builds by default.
%bcond_without staticlibs %bcond_without staticlibs
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
%bcond_without fresh_libjvm
# Workaround for stripping of debug symbols from static libraries # Workaround for stripping of debug symbols from static libraries
%if %{with staticlibs} %if %{with staticlibs}
@ -33,6 +32,13 @@
%global include_staticlibs 0 %global include_staticlibs 0
%endif %endif
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
%if %{with fresh_libjvm}
%global build_hotspot_first 1
%else
%global build_hotspot_first 0
%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs. # The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info. # This fixes detailed NMT and other tools which need minimal debug info.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
@ -59,11 +65,11 @@
%global staticlibs_suffix "%{staticlibs_suffix_unquoted}" %global staticlibs_suffix "%{staticlibs_suffix_unquoted}"
%global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. %global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP.
%global debug_on with full debugging on
%global fastdebug_on with minimal debugging on
%global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. %global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP.
%global for_fastdebug_on for packages with minimal debugging on %global debug_on unoptimised with full debugging on
%global for_debug for packages with debugging on %global fastdebug_on optimised with full debugging on
%global for_fastdebug for packages with debugging on and optimisation
%global for_debug for packages with debugging on and no optimisation
%if %{with release} %if %{with release}
%global include_normal_build 1 %global include_normal_build 1
@ -102,17 +108,20 @@
%global ppc64be ppc64 ppc64p7 %global ppc64be ppc64 ppc64p7
# Set of architectures which support multiple ABIs # Set of architectures which support multiple ABIs
%global multilib_arches %{power64} sparc64 x86_64 %global multilib_arches %{power64} sparc64 x86_64
# Set of architectures for which we build debug builds # Set of architectures for which we build slowdebug builds
%global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x %global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} s390x
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler # Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches} %{arm} %global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
%global zero_arches ppc s390
# Set of architectures which run a full bootstrap cycle # Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches} %global bootstrap_arches %{jit_arches}
# Set of architectures which support SystemTap tapsets # Set of architectures which support SystemTap tapsets
%global systemtap_arches %{jit_arches} %global systemtap_arches %{jit_arches}
# Set of architectures with a Ahead-Of-Time (AOT) compiler # Set of architectures with a Ahead-Of-Time (AOT) compiler
%global aot_arches x86_64 %{aarch64} %global aot_arches x86_64 %{aarch64}
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures which support the serviceability agent # Set of architectures which support the serviceability agent
%global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} %global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm}
# Set of architectures which support class data sharing # Set of architectures which support class data sharing
@ -127,6 +136,8 @@
%global ssbd_arches x86_64 %global ssbd_arches x86_64
# Set of architectures for which java has short vector math library (libjsvml.so) # Set of architectures for which java has short vector math library (libjsvml.so)
%global svml_arches x86_64 %global svml_arches x86_64
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a debug build during main build on JIT architectures # By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug} %if %{with slowdebug}
@ -169,9 +180,9 @@
%global fastdebug_build %{nil} %global fastdebug_build %{nil}
%endif %endif
# If you disable both builds, then the build fails # If you disable all builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics # Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} %global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
%if %{include_staticlibs} %if %{include_staticlibs}
%global staticlibs_loop %{staticlibs_suffix} %global staticlibs_loop %{staticlibs_suffix}
@ -180,27 +191,35 @@
%endif %endif
%ifarch %{bootstrap_arches} %ifarch %{bootstrap_arches}
%global bootstrap_build 1 %global bootstrap_build true
%else %else
%global bootstrap_build 1 %global bootstrap_build false
%endif %endif
%if %{bootstrap_build}
%global release_targets bootcycle-images docs-zip
%else
%global release_targets images docs-zip
%endif
# No docs nor bootcycle for debug builds
%global debug_targets images
%if %{include_staticlibs} %if %{include_staticlibs}
# Extra target for producing the static-libraries. Separate from # Extra target for producing the static-libraries. Separate from
# other targets since this target is configured to use in-tree # other targets since this target is configured to use in-tree
# AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib # AWT dependencies: lcms, libjpeg, libpng, libharfbuzz, giflib
# and possibly others # and possibly others
%global static_libs_target static-libs-image %global static_libs_target static-libs-image
%else
%global static_libs_target %{nil}
%endif %endif
# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM
%global debug_symbols internal
# unlike portables,the rpms have to use static_libs_target very dynamically
%global bootstrap_targets images
%global release_targets images docs-zip
# No docs nor bootcycle for debug builds
%global debug_targets images
# Target to use to just build HotSpot
%global hotspot_target hotspot
# JDK to use for bootstrapping
%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
# Filter out flags from the optflags macro that cause problems with the OpenJDK build # Filter out flags from the optflags macro that cause problems with the OpenJDK build
# We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2
@ -220,51 +239,63 @@
# In some cases, the arch used by the JDK does # In some cases, the arch used by the JDK does
# not match _arch. # not match _arch.
# Also, in some cases, the machine name used by SystemTap # Also, in some cases, the machine name used by SystemTap
# does not match that given by _build_cpu # does not match that given by _target_cpu
%ifarch x86_64 %ifarch x86_64
%global archinstall amd64 %global archinstall amd64
%global stapinstall x86_64
%endif %endif
%ifarch ppc %ifarch ppc
%global archinstall ppc %global archinstall ppc
%global stapinstall powerpc
%endif %endif
%ifarch %{ppc64be} %ifarch %{ppc64be}
%global archinstall ppc64 %global archinstall ppc64
%global stapinstall powerpc
%endif %endif
%ifarch %{ppc64le} %ifarch %{ppc64le}
%global archinstall ppc64le %global archinstall ppc64le
%global stapinstall powerpc
%endif %endif
%ifarch %{ix86} %ifarch %{ix86}
%global archinstall i686 %global archinstall i686
%global stapinstall i386
%endif %endif
%ifarch ia64 %ifarch ia64
%global archinstall ia64 %global archinstall ia64
%global stapinstall ia64
%endif %endif
%ifarch s390 %ifarch s390
%global archinstall s390 %global archinstall s390
%global stapinstall s390
%endif %endif
%ifarch s390x %ifarch s390x
%global archinstall s390x %global archinstall s390x
%global stapinstall s390
%endif %endif
%ifarch %{arm} %ifarch %{arm}
%global archinstall arm %global archinstall arm
%global stapinstall arm
%endif %endif
%ifarch %{aarch64} %ifarch %{aarch64}
%global archinstall aarch64 %global archinstall aarch64
%global stapinstall arm64
%endif %endif
# 32 bit sparc, optimized for v9 # 32 bit sparc, optimized for v9
%ifarch sparcv9 %ifarch sparcv9
%global archinstall sparc %global archinstall sparc
%global stapinstall %{_target_cpu}
%endif %endif
# 64 bit sparc # 64 bit sparc
%ifarch sparc64 %ifarch sparc64
%global archinstall sparcv9 %global archinstall sparcv9
%global stapinstall %{_target_cpu}
%endif %endif
%ifnarch %{jit_arches} # Need to support noarch for srpm build
%global archinstall %{_arch} %ifarch noarch
%global archinstall %{nil}
%global stapinstall %{nil}
%endif %endif
%ifarch %{systemtap_arches} %ifarch %{systemtap_arches}
%global with_systemtap 1 %global with_systemtap 1
%else %else
@ -303,7 +334,7 @@
%global top_level_dir_name %{origin} %global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 8 %global buildver 8
%global rpmrelease 2 %global rpmrelease 5
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -316,7 +347,7 @@
# for techpreview, using 1, so slowdebugs can have 0 # for techpreview, using 1, so slowdebugs can have 0
%global priority %( printf '%08d' 1 ) %global priority %( printf '%08d' 1 )
%endif %endif
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever} %global javaver %{featurever}
# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames # Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames
@ -421,10 +452,10 @@
# and 32 bit architectures we place the tapsets under the arch # and 32 bit architectures we place the tapsets under the arch
# specific dir (note that systemtap will only pickup the tapset # specific dir (note that systemtap will only pickup the tapset
# for the primary arch for now). Systemtap uses the machine name # for the primary arch for now). Systemtap uses the machine name
# aka build_cpu as architecture specific directory name. # aka target_cpu as architecture specific directory name.
%global tapsetroot /usr/share/systemtap %global tapsetroot /usr/share/systemtap
%global tapsetdirttapset %{tapsetroot}/tapset/ %global tapsetdirttapset %{tapsetroot}/tapset/
%global tapsetdir %{tapsetdirttapset}/%{_build_cpu} %global tapsetdir %{tapsetdirttapset}/%{stapinstall}
%endif %endif
# not-duplicated scriptlets for normal/debug packages # not-duplicated scriptlets for normal/debug packages
@ -520,7 +551,9 @@ alternatives \\
--slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\ --slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
--slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\ --slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
%ifarch %{sa_arches} %ifarch %{sa_arches}
%ifnarch %{zero_arches}
--slave %{_bindir}/jhsdb jhsdb %{sdkbindir -- %{?1}}/jhsdb \\ --slave %{_bindir}/jhsdb jhsdb %{sdkbindir -- %{?1}}/jhsdb \\
%endif
%endif %endif
--slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\ --slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\
--slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\ --slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\
@ -578,7 +611,7 @@ alternatives \\
--slave %{_mandir}/man1/jstatd.1$ext jstatd.1$ext \\ --slave %{_mandir}/man1/jstatd.1$ext jstatd.1$ext \\
%{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1$ext \\ %{_mandir}/man1/jstatd-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\ --slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\
%{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext %{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext \\
for X in %{origin} %{javaver} ; do for X in %{origin} %{javaver} ; do
alternatives \\ alternatives \\
@ -711,8 +744,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so
# Some architectures don't have the serviceability agent # Some architectures don't have the serviceability agent
%ifarch %{sa_arches} %ifarch %{sa_arches}
%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so
%endif %endif
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so
%ifarch %{svml_arches} %ifarch %{svml_arches}
@ -759,7 +794,7 @@ exit 0
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.fips.cfg %config(noreplace) %{etcjavadir -- %{?1}}/conf/security/nss.fips.cfg
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access %config(noreplace) %{etcjavadir -- %{?1}}/conf/management/jmxremote.access
# these are config templates, thus not config-noreplace # This is a config template, thus not config-noreplace
%config %{etcjavadir -- %{?1}}/conf/management/jmxremote.password.template %config %{etcjavadir -- %{?1}}/conf/management/jmxremote.password.template
%config %{etcjavadir -- %{?1}}/conf/sdp/sdp.conf.template %config %{etcjavadir -- %{?1}}/conf/sdp/sdp.conf.template
%config(noreplace) %{etcjavadir -- %{?1}}/conf/management/management.properties %config(noreplace) %{etcjavadir -- %{?1}}/conf/management/management.properties
@ -782,6 +817,10 @@ exit 0
%ghost %{_jvmdir}/jre-%{javaver}-%{origin} %ghost %{_jvmdir}/jre-%{javaver}-%{origin}
%endif %endif
%endif %endif
# https://bugzilla.redhat.com/show_bug.cgi?id=1820172
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Directory_Replacement/
%ghost %{_jvmdir}/%{sdkdir -- %{?1}}/conf.rpmmoved
%ghost %{_jvmdir}/%{sdkdir -- %{?1}}/lib/security.rpmmoved
} }
%define files_devel() %{expand: %define files_devel() %{expand:
@ -800,9 +839,11 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jimage %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jimage
# Some architectures don't have the serviceability agent # Some architectures don't have the serviceability agent
%ifarch %{sa_arches} %ifarch %{sa_arches}
%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb
%{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1.gz %{_mandir}/man1/jhsdb-%{uniquesuffix -- %{?1}}.1.gz
%endif %endif
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jlink %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jlink
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jmap %{_jvmdir}/%{sdkdir -- %{?1}}/bin/jmap
@ -941,7 +982,10 @@ Requires: libXcomposite%{?_isa}
Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} Requires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release} OrderWithRequires: %{name}-headless%{?1}%{?_isa} = %{epoch}:%{version}-%{release}
# for java-X-openjdk package's desktop binding # for java-X-openjdk package's desktop binding
# Where recommendations are available, recommend Gtk+ for the Swing look and feel
%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Recommends: gtk3%{?_isa} Recommends: gtk3%{?_isa}
%endif
Provides: java-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}%{?1} = %{epoch}:%{version}-%{release}
@ -980,8 +1024,11 @@ Requires: cups-libs
Requires(post): %{alternatives_requires} Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives # Postun requires alternatives to uninstall tool alternatives
Requires(postun): %{alternatives_requires} Requires(postun): %{alternatives_requires}
# for optional support of kernel stream control, card reader and printing bindings # Where suggestions are available, recommend the sctp and pcsc libraries
# for optional support of kernel stream control and card reader
%if 0%{?rhel} >= 8 || 0%{?fedora} > 0
Suggests: lksctp-tools%{?_isa}, pcsc-lite-libs%{?_isa} Suggests: lksctp-tools%{?_isa}, pcsc-lite-libs%{?_isa}
%endif
# Standard JPackage base provides # Standard JPackage base provides
Provides: jre-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release} Provides: jre-%{javaver}-%{origin}-headless%{?1} = %{epoch}:%{version}-%{release}
@ -1011,9 +1058,9 @@ Provides: java-sdk-%{javaver}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-devel%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-devel%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-devel%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-devel%{?1} = %{epoch}:%{version}-%{release}
%if %is_system_jdk %if %is_system_jdk
Provides: java-devel-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-sdk-%{origin}%{?1} = %{epoch}:%{version}-%{release} Provides: java-sdk-%{origin}%{?1} = %{epoch}:%{version}-%{release}
Provides: java-devel%{?1} = %{epoch}:%{version}-%{release} Provides: java-devel%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{origin}-devel%{?1} = %{epoch}:%{version}-%{release}
Provides: java-sdk%{?1} = %{epoch}:%{version}-%{release} Provides: java-sdk%{?1} = %{epoch}:%{version}-%{release}
%endif %endif
} }
@ -1056,10 +1103,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires} Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides # Standard JPackage javadoc provides
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release} Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk %if %is_system_jdk
Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release} Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif %endif
} }
@ -1093,6 +1140,10 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist}
Epoch: 1 Epoch: 1
Summary: %{origin_nice} %{featurever} Runtime Environment Summary: %{origin_nice} %{featurever} Runtime Environment
# Groups are only used up to RHEL 8 and on Fedora versions prior to F30
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
# HotSpot code is licensed under GPLv2 # HotSpot code is licensed under GPLv2
# JDK library code is licensed under GPLv2 with the Classpath exception # JDK library code is licensed under GPLv2 with the Classpath exception
@ -1154,7 +1205,7 @@ Source17: nss.fips.cfg.in
# NSS via SunPKCS11 Provider (disabled comment # NSS via SunPKCS11 Provider (disabled comment
# due to memory leak). # due to memory leak).
Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
# enable build of speculative store bypass hardened alt-java # RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639)
Patch600: rh1750419-redhat_alt_java.patch Patch600: rh1750419-redhat_alt_java.patch
# Ignore AWTError when assistive technologies are loaded # Ignore AWTError when assistive technologies are loaded
@ -1188,6 +1239,9 @@ Patch1010: rh1996182-login_to_nss_software_token.patch
Patch1012: rh1996182-extend_security_policy.patch Patch1012: rh1996182-extend_security_policy.patch
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false # RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
Patch1013: rh1991003-enable_fips_keys_import.patch Patch1013: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
############################################# #############################################
# #
@ -1234,7 +1288,7 @@ BuildRequires: zip
BuildRequires: javapackages-filesystem BuildRequires: javapackages-filesystem
BuildRequires: java-17-openjdk-devel BuildRequires: java-17-openjdk-devel
# Zero-assembler build requirement # Zero-assembler build requirement
%ifnarch %{jit_arches} %ifarch %{zero_arches}
BuildRequires: libffi-devel BuildRequires: libffi-devel
%endif %endif
BuildRequires: tzdata-java >= 2015d BuildRequires: tzdata-java >= 2015d
@ -1256,6 +1310,9 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_debug_build} %if %{include_debug_build}
%package slowdebug %package slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on} Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_rpo -- %{debug_suffix_unquoted}} %{java_rpo -- %{debug_suffix_unquoted}}
%description slowdebug %description slowdebug
@ -1266,7 +1323,9 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
%package fastdebug %package fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on} Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages Group: Development/Languages
%endif
%{java_rpo -- %{fastdebug_suffix_unquoted}} %{java_rpo -- %{fastdebug_suffix_unquoted}}
%description fastdebug %description fastdebug
@ -1277,6 +1336,9 @@ The %{origin_nice} %{featurever} runtime environment.
%if %{include_normal_build} %if %{include_normal_build}
%package headless %package headless
Summary: %{origin_nice} %{featurever} Headless Runtime Environment Summary: %{origin_nice} %{featurever} Headless Runtime Environment
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_headless_rpo %{nil}} %{java_headless_rpo %{nil}}
@ -1287,6 +1349,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_debug_build} %if %{include_debug_build}
%package headless-slowdebug %package headless-slowdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on} Summary: %{origin_nice} %{featurever} Runtime Environment %{debug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_headless_rpo -- %{debug_suffix_unquoted}} %{java_headless_rpo -- %{debug_suffix_unquoted}}
@ -1298,7 +1363,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
%package headless-fastdebug %package headless-fastdebug
Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on} Summary: %{origin_nice} %{featurever} Runtime Environment %{fastdebug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages Group: Development/Languages
%endif
%{java_headless_rpo -- %{fastdebug_suffix_unquoted}} %{java_headless_rpo -- %{fastdebug_suffix_unquoted}}
@ -1310,6 +1377,9 @@ The %{origin_nice} %{featurever} runtime environment without audio and video sup
%if %{include_normal_build} %if %{include_normal_build}
%package devel %package devel
Summary: %{origin_nice} %{featurever} Development Environment Summary: %{origin_nice} %{featurever} Development Environment
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_devel_rpo %{nil}} %{java_devel_rpo %{nil}}
@ -1320,6 +1390,9 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_debug_build} %if %{include_debug_build}
%package devel-slowdebug %package devel-slowdebug
Summary: %{origin_nice} %{featurever} Development Environment %{debug_on} Summary: %{origin_nice} %{featurever} Development Environment %{debug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_devel_rpo -- %{debug_suffix_unquoted}} %{java_devel_rpo -- %{debug_suffix_unquoted}}
@ -1331,7 +1404,9 @@ The %{origin_nice} %{featurever} development tools.
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
%package devel-fastdebug %package devel-fastdebug
Summary: %{origin_nice} %{featurever} Development Environment %{fastdebug_on} Summary: %{origin_nice} %{featurever} Development Environment %{fastdebug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools Group: Development/Tools
%endif
%{java_devel_rpo -- %{fastdebug_suffix_unquoted}} %{java_devel_rpo -- %{fastdebug_suffix_unquoted}}
@ -1380,6 +1455,9 @@ The %{origin_nice} %{featurever} libraries for static linking.
%if %{include_normal_build} %if %{include_normal_build}
%package jmods %package jmods
Summary: JMods for %{origin_nice} %{featurever} Summary: JMods for %{origin_nice} %{featurever}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_jmods_rpo %{nil}} %{java_jmods_rpo %{nil}}
@ -1390,6 +1468,9 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_debug_build} %if %{include_debug_build}
%package jmods-slowdebug %package jmods-slowdebug
Summary: JMods for %{origin_nice} %{featurever} %{debug_on} Summary: JMods for %{origin_nice} %{featurever} %{debug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_jmods_rpo -- %{debug_suffix_unquoted}} %{java_jmods_rpo -- %{debug_suffix_unquoted}}
@ -1401,7 +1482,9 @@ The JMods for %{origin_nice} %{featurever}.
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
%package jmods-fastdebug %package jmods-fastdebug
Summary: JMods for %{origin_nice} %{featurever} %{fastdebug_on} Summary: JMods for %{origin_nice} %{featurever} %{fastdebug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Tools Group: Development/Tools
%endif
%{java_jmods_rpo -- %{fastdebug_suffix_unquoted}} %{java_jmods_rpo -- %{fastdebug_suffix_unquoted}}
@ -1410,10 +1493,12 @@ The JMods for %{origin_nice} %{featurever}.
%{fastdebug_warning} %{fastdebug_warning}
%endif %endif
%if %{include_normal_build} %if %{include_normal_build}
%package demo %package demo
Summary: %{origin_nice} %{featurever} Demos Summary: %{origin_nice} %{featurever} Demos
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_demo_rpo %{nil}} %{java_demo_rpo %{nil}}
@ -1424,6 +1509,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_debug_build} %if %{include_debug_build}
%package demo-slowdebug %package demo-slowdebug
Summary: %{origin_nice} %{featurever} Demos %{debug_on} Summary: %{origin_nice} %{featurever} Demos %{debug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_demo_rpo -- %{debug_suffix_unquoted}} %{java_demo_rpo -- %{debug_suffix_unquoted}}
@ -1435,7 +1523,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
%package demo-fastdebug %package demo-fastdebug
Summary: %{origin_nice} %{featurever} Demos %{fastdebug_on} Summary: %{origin_nice} %{featurever} Demos %{fastdebug_on}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages Group: Development/Languages
%endif
%{java_demo_rpo -- %{fastdebug_suffix_unquoted}} %{java_demo_rpo -- %{fastdebug_suffix_unquoted}}
@ -1447,6 +1537,9 @@ The %{origin_nice} %{featurever} demos.
%if %{include_normal_build} %if %{include_normal_build}
%package src %package src
Summary: %{origin_nice} %{featurever} Source Bundle Summary: %{origin_nice} %{featurever} Source Bundle
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_src_rpo %{nil}} %{java_src_rpo %{nil}}
@ -1458,6 +1551,9 @@ class library source code for use by IDE indexers and debuggers.
%if %{include_debug_build} %if %{include_debug_build}
%package src-slowdebug %package src-slowdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug} Summary: %{origin_nice} %{featurever} Source Bundle %{for_debug}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages
%endif
%{java_src_rpo -- %{debug_suffix_unquoted}} %{java_src_rpo -- %{debug_suffix_unquoted}}
@ -1469,7 +1565,9 @@ The %{compatiblename}-src-slowdebug sub-package contains the complete %{origin_n
%if %{include_fastdebug_build} %if %{include_fastdebug_build}
%package src-fastdebug %package src-fastdebug
Summary: %{origin_nice} %{featurever} Source Bundle %{for_fastdebug} Summary: %{origin_nice} %{featurever} Source Bundle %{for_fastdebug}
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Development/Languages Group: Development/Languages
%endif
%{java_src_rpo -- %{fastdebug_suffix_unquoted}} %{java_src_rpo -- %{fastdebug_suffix_unquoted}}
@ -1478,14 +1576,16 @@ The %{compatiblename}-src-fastdebug sub-package contains the complete %{origin_n
class library source code for use by IDE indexers and debuggers, %{for_fastdebug}. class library source code for use by IDE indexers and debuggers, %{for_fastdebug}.
%endif %endif
%if %{include_normal_build} %if %{include_normal_build}
%package javadoc %package javadoc
Summary: %{origin_nice} %{featurever} API documentation Summary: %{origin_nice} %{featurever} API documentation
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem Requires: javapackages-filesystem
Obsoletes: javadoc-slowdebug < 1:13.0.0.33-1.rolling Obsoletes: javadoc-slowdebug < 1:13.0.0.33-1.rolling
%{java_javadoc_rpo %{nil}} %{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc %description javadoc
The %{origin_nice} %{featurever} API documentation. The %{origin_nice} %{featurever} API documentation.
@ -1494,16 +1594,28 @@ The %{origin_nice} %{featurever} API documentation.
%if %{include_normal_build} %if %{include_normal_build}
%package javadoc-zip %package javadoc-zip
Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive Summary: %{origin_nice} %{featurever} API documentation compressed in a single archive
%if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30)
Group: Documentation
%endif
Requires: javapackages-filesystem Requires: javapackages-filesystem
Obsoletes: javadoc-zip-slowdebug < 1:13.0.0.33-1.rolling Obsoletes: javadoc-zip-slowdebug < 1:13.0.0.33-1.rolling
%{java_javadoc_rpo %{nil}} %{java_javadoc_rpo -- %{nil} -zip}
%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip %description javadoc-zip
The %{origin_nice} %{featurever} API documentation compressed in a single archive. The %{origin_nice} %{featurever} API documentation compressed in a single archive.
%endif %endif
%prep %prep
# Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-(
%if 0%{?stapinstall:1}
echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}"
%else
%{error:Unrecognised architecture %{_target_cpu}}
%endif
if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then
echo "include_normal_build is %{include_normal_build}" echo "include_normal_build is %{include_normal_build}"
else else
@ -1560,6 +1672,8 @@ popd # openjdk
%patch1011 %patch1011
%patch1012 %patch1012
%patch1013 %patch1013
%patch1014
%patch1015
# Extract systemtap tapsets # Extract systemtap tapsets
%if %{with_systemtap} %if %{with_systemtap}
@ -1571,7 +1685,6 @@ cp -r tapset tapset%{debug_suffix}
cp -r tapset tapset%{fastdebug_suffix} cp -r tapset tapset%{fastdebug_suffix}
%endif %endif
for suffix in %{build_loop} ; do for suffix in %{build_loop} ; do
for file in "tapset"$suffix/*.in; do for file in "tapset"$suffix/*.in; do
OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"`
@ -1640,63 +1753,54 @@ EXTRA_CPP_FLAGS="%ourcppflags"
# fix rpmlint warnings # fix rpmlint warnings
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
%endif %endif
export EXTRA_CFLAGS %ifarch %{ix86}
# Align stack boundary on x86_32
EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
%endif
export EXTRA_CFLAGS EXTRA_CPP_FLAGS
for suffix in %{build_loop} ; do function buildjdk() {
if [ "x$suffix" = "x" ] ; then local outputdir=${1}
debugbuild=release local buildjdk=${2}
else local maketargets="${3}"
# change --something to something local debuglevel=${4}
debugbuild=`echo $suffix | sed "s/-//g"` local link_opt=${5}
fi
for loop in %{main_suffix} %{staticlibs_loop} ; do local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
local top_dir_abs_build_path=$(pwd)/${outputdir}
if test "x${loop}" = "x%{main_suffix}" ; then # The OpenJDK version file includes the current
# Copy the source tree so we can remove all in-tree libraries # upstream version information. For some reason,
cp -a %{top_level_dir_name} %{top_level_dir_name_backup} # configure does not automatically use the
# Remove all libraries that are linked # default pre-version supplied there (despite
sh %{SOURCE12} %{top_level_dir_name} full # what the file claims), so we pass it manually
# Variable used by configure and hs_err hook on build failures # to configure
link_opt="system" VERSION_FILE=${top_dir_abs_src_path}/make/conf/version-numbers.conf
# Debug builds don't need same targets as release for if [ -f ${VERSION_FILE} ] ; then
# build speed-up EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
maketargets="%{release_targets}" else
if echo $debugbuild | grep -q "debug" ; then echo "Could not find OpenJDK version file.";
maketargets="%{debug_targets}" exit 16
fi
if [ "x${EA_DESIGNATOR}" != "x%{expected_ea_designator}" ] ; then
echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
exit 17
fi fi
else
# Variable used by configure and hs_err hook on build failures
link_opt="bundled"
# Static library cycle only builds the static libraries
maketargets="%{static_libs_target}"
fi
top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} echo "Using output directory: ${outputdir}";
top_dir_abs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}${loop}} echo "Checking build JDK ${buildjdk} is operational..."
# The OpenJDK version file includes the current ${buildjdk}/bin/java -version
# upstream version information. For some reason, echo "Using make targets: ${maketargets}"
# configure does not automatically use the echo "Using debuglevel: ${debuglevel}"
# default pre-version supplied there (despite echo "Using link_opt: ${link_opt}"
# what the file claims), so we pass it manually echo "Building %{newjavaver}-%{buildver}, pre=${EA_DESIGNATOR}, opt=%{lts_designator}"
# to configure
VERSION_FILE=${top_dir_abs_src_path}/make/conf/version-numbers.conf
if [ -f ${VERSION_FILE} ] ; then
EA_DESIGNATOR=$(grep '^DEFAULT_PROMOTED_VERSION_PRE' ${VERSION_FILE} | cut -d '=' -f 2)
else
echo "Could not find OpenJDK version file.";
exit 16
fi
if [ "x${EA_DESIGNATOR}" != "x%{expected_ea_designator}" ] ; then
echo "Spec file is configured for a %{build_type} build, but upstream version-pre setting is ${EA_DESIGNATOR}";
exit 17
fi
mkdir -p ${top_dir_abs_build_path} mkdir -p ${outputdir}
pushd ${top_dir_abs_build_path} pushd ${outputdir}
bash ${top_dir_abs_src_path}/configure \ bash ${top_dir_abs_src_path}/configure \
%ifnarch %{jit_arches} %ifarch %{zero_arches}
--with-jvm-variants=zero \ --with-jvm-variants=zero \
%endif %endif
%ifarch %{ppc64le} %ifarch %{ppc64le}
@ -1710,9 +1814,9 @@ bash ${top_dir_abs_src_path}/configure \
--with-vendor-url="https://www.redhat.com/" \ --with-vendor-url="https://www.redhat.com/" \
--with-vendor-bug-url="%{bugs}" \ --with-vendor-bug-url="%{bugs}" \
--with-vendor-vm-bug-url="%{bugs}" \ --with-vendor-vm-bug-url="%{bugs}" \
--with-boot-jdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk \ --with-boot-jdk=${buildjdk} \
--with-debug-level=$debugbuild \ --with-debug-level=${debuglevel} \
--with-native-debug-symbols=internal \ --with-native-debug-symbols="%{debug_symbols}" \
--enable-sysconf-nss \ --enable-sysconf-nss \
--enable-unlimited-crypto \ --enable-unlimited-crypto \
--with-zlib=system \ --with-zlib=system \
@ -1733,53 +1837,116 @@ bash ${top_dir_abs_src_path}/configure \
%endif %endif
--disable-warnings-as-errors --disable-warnings-as-errors
make \ cat spec.gmk
LOG=trace \
WARNINGS_ARE_ERRORS="-Wno-error" \
CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
$maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
popd >& /dev/null make \
LOG=trace \
WARNINGS_ARE_ERRORS="-Wno-error" \
CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \
$maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
# Restore original source tree if we modified it by removing full in-tree sources popd
if [ -d %{top_level_dir_name_backup} ] ; then }
rm -rf %{top_level_dir_name}
mv %{top_level_dir_name_backup} %{top_level_dir_name}
fi
done # end of main / staticlibs loop function installjdk() {
local imagepath=${1}
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} if [ -d ${imagepath} ] ; then
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
# the build (erroneously) removes read permissions from some jars # Build screws up permissions on binaries
# this is a regression in OpenJDK 7 (our compiler): # https://bugs.openjdk.java.net/browse/JDK-8173610
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 find ${imagepath} -iname '*.so' -exec chmod +x {} \;
find ${top_dir_abs_main_build_path}/images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \; find ${imagepath}/bin/ -exec chmod +x {} \;
# Build screws up permissions on binaries # Install nss.cfg right away as we will be using the JRE above
# https://bugs.openjdk.java.net/browse/JDK-8173610 install -m 644 nss.cfg ${imagepath}/conf/security/
find ${top_dir_abs_main_build_path}/images/%{jdkimage} -iname '*.so' -exec chmod +x {} \;
find ${top_dir_abs_main_build_path}/images/%{jdkimage}/bin/ -exec chmod +x {} \;
# Install nss.cfg right away as we will be using the JRE above # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} install -m 644 nss.fips.cfg ${imagepath}/conf/security/
# Install nss.cfg right away as we will be using the JRE above # Use system-wide tzdata
install -m 644 nss.cfg $JAVA_HOME/conf/security/ rm ${imagepath}/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) # Create fake alt-java as a placeholder for future alt-java
install -m 644 nss.fips.cfg $JAVA_HOME/conf/security/ pushd ${imagepath}
# add alt-java man page
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
fi
}
# Use system-wide tzdata %if %{build_hotspot_first}
rm $JAVA_HOME/lib/tzdb.dat # Build a fresh libjvm.so first and use it to bootstrap
ln -s %{_datadir}/javazi-1.8/tzdb.dat $JAVA_HOME/lib/tzdb.dat cp -LR --preserve=mode,timestamps %{bootjdk} newboot
systemjdk=$(pwd)/newboot
buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server
%else
systemjdk=%{bootjdk}
%endif
# Create fake alt-java as a placeholder for future alt-java for suffix in %{build_loop} ; do
pushd ${JAVA_HOME}
# add alt-java man page if [ "x$suffix" = "x" ] ; then
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 debugbuild=release
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 else
popd # change --something to something
debugbuild=`echo $suffix | sed "s/-//g"`
fi
for loop in %{main_suffix} %{staticlibs_loop} ; do
builddir=%{buildoutputdir -- ${suffix}${loop}}
bootbuilddir=boot${builddir}
if test "x${loop}" = "x%{main_suffix}" ; then
# Copy the source tree so we can remove all in-tree libraries
cp -a %{top_level_dir_name} %{top_level_dir_name_backup}
# Remove all libraries that are linked
sh %{SOURCE12} %{top_level_dir_name} full
# Use system libraries
link_opt="system"
# Debug builds don't need same targets as release for
# build speed-up. We also avoid bootstrapping these
# slower builds.
if echo $debugbuild | grep -q "debug" ; then
maketargets="%{debug_targets}"
run_bootstrap=false
else
maketargets="%{release_targets}"
run_bootstrap=%{bootstrap_build}
fi
if ${run_bootstrap} ; then
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
rm -rf ${bootbuilddir}
else
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
fi
# Restore original source tree we modified by removing full in-tree sources
rm -rf %{top_level_dir_name}
mv %{top_level_dir_name_backup} %{top_level_dir_name}
else
# Use bundled libraries for building statically
link_opt="bundled"
# Static library cycle only builds the static libraries
maketargets="%{static_libs_target}"
# Always just do the one build for the static libraries
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
fi
done # end of main / staticlibs loop
# Final setup on the main image
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
# build cycles # build cycles
done # end of release / debug cycle loop done # end of release / debug cycle loop
@ -1830,8 +1997,9 @@ readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep w_remainder.c
readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c readelf --debug-dump $STATIC_LIBS_HOME/lib/libfdlibm.a | grep e_remainder.c
%endif %endif
so_suffix="so"
# Check debug symbols are present and can identify code # Check debug symbols are present and can identify code
find "$JAVA_HOME" -iname '*.so' -print0 | while read -d $'\0' lib find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib
do do
if [ -f "$lib" ] ; then if [ -f "$lib" ] ; then
echo "Testing $lib for debug symbols" echo "Testing $lib for debug symbols"
@ -1884,7 +2052,7 @@ gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
handle SIGSEGV pass nostop noprint handle SIGSEGV pass nostop noprint
handle SIGILL pass nostop noprint handle SIGILL pass nostop noprint
set breakpoint pending on set breakpoint pending on
break javaCalls.cpp:1 break javaCalls.cpp:58
commands 1 commands 1
backtrace backtrace
quit quit
@ -1892,9 +2060,7 @@ end
run -version run -version
EOF EOF
# This fails on s390x for some reason. Disable for now. See: %ifarch %{gdb_arches}
# https://koji.fedoraproject.org/koji/taskinfo?taskID=41499227
%ifnarch s390x
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif %endif
@ -2280,6 +2446,34 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-5
- Fix FIPS issues in native code and with initialisation of java.security.Security
- Resolves: rhbz#2023531
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-4
- Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
- Handle Fedora in distro conditionals that currently only pertain to RHEL.
- Run OpenJDK normalizer script on the spec file to fix further rogue whitespace
- Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions.
- Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
- Need to support noarch for creating source RPMs for non-scratch builds.
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
- Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
- Resolves: rhbz#2022826
* Thu Feb 17 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-4
- Replaced tabs by sets of spaces to make rpmlint happy
- javadoc-zip gets its own provides next to plain javadoc ones
- Resolves: rhbz#2022826
* Wed Feb 16 2022 Jiri Vanek <jvanek@redhat.com> - 1:17.0.2.0.8-3
- Minor cosmetic improvements to make spec more comparable between variants
- Related: rhbz#2022826
* Wed Feb 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2 * Wed Feb 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:17.0.2.0.8-2
- Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@ - Update tapsets from IcedTea 6.x repository with fix for JDK-8015774 changes (_heap->_heaps) and @JAVA_SPEC_VER@
- Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository - Update icedtea_sync.sh with a VCS mode that retrieves sources from a Mercurial repository