* Move cacerts replacement to install section and retain original of this and tzdb.dat
* Run tests on the installed image, rather than the build image
* Introduce variables to refer to the static library installation directories
* Use relative symlinks so they work within the image
* Run debug symbols check during build stage, before the install strips them
The move of turning on system security properties is retained so we don't ship with them off
Related: rhbz#2084218
Update release notes to 17.0.3.0+7
Need to include the '.S' suffix in debuginfo checks after JDK-8284661
Explicitly require crypto-policies during build and runtime for system security properties
Make use of the vendor version string to store our version & release rather than an upstream release date
Include a test in the RPM to check the build has the correct vendor information.
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the shell.
Resolves: rhbz#2084218
Update release notes to 17.0.4.0+1
Switch to EA mode for 17.0.4 pre-release builds.
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
Move EA designator check to prep so failures can be caught earlier
Make EA designator check non-fatal while upstream is not maintaining it
Related: rhbz#2084218
Move cacerts replacement to install section and retain original of this and tzdb.dat
Run tests on the installed image, rather than the build image
Introduce variables to refer to the static library installation directories
Use relative symlinks so they work within the image
Run debug symbols check during build stage, before the install strips them
Related: rhbz#2100677
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Resolves: rhbz#2099844
Resolves: rhbz#2100677
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
RH2023467: Enable FIPS keys export
RH2094027: SunEC runtime permission for FIPS
Resolves: rhbz#2029657
Resolves: rhbz#2096117
Update to jdk-17.0.3.0+7 tarball
Update release notes to 17.0.3.0+7
Add missing README.md and generate_source_tarball.sh
Switch to GA mode for release
JDK-8283911 patch no longer needed now we're GA...
Resolves: rhbz#2073579
Update release notes to 17.0.3.0+1
Switch to EA mode for 17.0.3 pre-release builds.
Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
Related: rhbz#2050460
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
* Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
* Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
* Handle Fedora in distro conditionals that currently only pertain to RHEL.
* Replace tabs by sets of spaces to make rpmlint happy
- Run OpenJDK normalizer script on the spec file to fix further rogue whitespace
* javadoc-zip gets its own provides next to plain javadoc ones
* Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions.
* Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
- Need to support noarch for creating source RPMs for non-scratch builds.
* Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Resolves: rhbz#2022826
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
Rename libsvml.so to libjsvml.so following JDK-8276025
Drop JDK-8276572 patch which is now upstream
Resolves: rhbz#2039392
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
Related: rhbz#1995889
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
Related: rhbz#1995889
