* Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
* Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
* Handle Fedora in distro conditionals that currently only pertain to RHEL.
* Replace tabs by sets of spaces to make rpmlint happy
- Run OpenJDK normalizer script on the spec file to fix further rogue whitespace
* javadoc-zip gets its own provides next to plain javadoc ones
* Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions.
* Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
- Need to support noarch for creating source RPMs for non-scratch builds.
* Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Related: RHEL-45216
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
Rename libsvml.so to libjsvml.so following JDK-8276025
Drop JDK-8276572 patch which is now upstream
Related: RHEL-45216
- Update to jdk-17+35, also known as jdk-17-ga.
- Remove boot JDKs in favour of OpenJDK 17 build now in the buildroot.
- Update buildjdkver to 17 so as to build with itself
- Add possibility to disable system crypto policy
- Add PR3695 to allow the system crypto policy to be turned off
- Re-enable TestSecurityProperties after inclusion of PR3695
- Added gating.yaml
- Fix patch rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
- Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics.
- Remove restriction on disabling product build, as debug packages no longer have javadoc packages.
- Update to jdk-17+33, including JDWP fix and July 2021 CPU
- Support the FIPS mode crypto policy (RH1655466)
- Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
- SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
- Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
- No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
- Disable FIPS mode support unless com.redhat.fips is set to "true".
- Use appropriate keystore types when in FIPS mode (RH1818909)
- Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
- Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
- Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
- Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
- Detect FIPS using SECMOD_GetSystemFIPSEnabled in the new libsystemconf JDK library.
- Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
- Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
- Add patch to disable non-FIPS crypto in the SUN and SunEC security providers.
- Add patch to login to the NSS software token when in FIPS mode.
- Fix unused function compiler warning found in systemconf.c
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.access.
- Add JDK-8272332 fix so we actually link against HarfBuzz.
- Update release notes to document the major changes between OpenJDK 11 & 17.
- Add FIPS patch to allow plain key import.
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Patch syslookup.c so it actually has some code to be compiled into libsyslookup
- alternatives creation moved to posttrans
- Set LTS designator on RHEL, but not Fedora or EPEL.
Related: RHEL-45216
cpio: jdk-17.0.9+9/make/NONE: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-buffer-deserialize-json.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-buffer-deserialize-json.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-buffer-deserialize-text-glyphs.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-buffer-deserialize-text-glyphs.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-buffer-deserialize-text-unicode.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-buffer-deserialize-text-unicode.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-number-parser.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-number-parser.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-indic-machine.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-indic-machine.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-khmer-machine.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-khmer-machine.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-myanmar-machine.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-myanmar-machine.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-use-machine.hh: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hb-ot-shaper-use-machine.rl: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/adGlobals_aarch64.hpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64.hpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64_clone.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64_expand.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64_format.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64_gen.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64_misc.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/ad_aarch64_pipeline.cpp: Cannot stat: No such file or directory
cpio: jdk-17.0.9+9/make/hotspot/dfa_aarch64.cpp: Cannot stat: No such file or directory
adapted tests to jdk17 like stile
by addedd symlinks restructuring the structure for original build sources
according to logs, some are still missing
probably generated during the build, and thus not existing in prep,
when the sources subpkg is created after patching
java-X-openjdk-portable must not be rebuilt for flatpaks, nor do we want
to rebuild tzdata for tzdata-java, so it will be added to the runtimes.
Therefore, we need to take into account the possibility of different
prefixes for those compared to java-X-openjdk.
The JDK build includes CDS archives, classes.jsa and classes_nocoops.jsa
already since JEP 341. Executing -Xshare:dump in the headless post
script breaks AppCDS workflows using dynamic dumps since that relies
on the base CDS archive from the JDK to be unchanged.
Removed many pre-steps, build requires and patching. Removed build.
added dependencies on portables
extracted portabels to BUILD
keep systemtap
todo, repack it properly
removed nss setup, enabled buildr and tuned "install"
check debuginfo for jre only
Print release
repacked portables
Remove javadoc.zip only for release build
Update release notes to 17.0.6+9
Drop local copy of JDK-8293834 now this is upstream
Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
Update TestTranslations.java to test the new America/Ciudad_Juarez zone
...after
<6eee73b250>
"Update to jdk-11.0.16.1+1" added the TestTranslations.java "test to ensure
timezones can be translated": Similar to the previous
<1ac4052b44>
"Fix flatpak builds", during a flatpak build of java-11-openjdk its
.../images/jdk/lib/tzdb.dat is a dangling symlink to
/app/share/javazi-1.8/tzdb.dat (but which will be a working symlink in at least
the assembled LibreOffice flatpak). That causes execution of
TestTranslations.java during the build to fail due to a
java.io.FileNotFoundException when trying to access that tzdb.dat. The easiest
fix appears to be to just not run that specific test for a flatpak build.
* Add nss.fips.cfg support to OpenJDK tree
* RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
* Remove forgotten dead code from RH2020290 and RH2104724
Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
Update release notes to 17.0.6+1
Switch to EA mode for 17.0.6 pre-release builds.
Re-enable EA upstream status check now it is being actively maintained.
Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
Bump tzdata requirement to 2022e now the package is available in Fedora
Update release notes to 17.0.5+8 (GA)
Switch to GA mode for final release.
The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds
Remove freetype sources along with zlib sources
Update CLDR data with Europe/Kyiv (JDK-8293834)
Drop JDK-8292223 patch which we found to be unnecessary
Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
Update release notes to 17.0.5+1
Switch to EA mode for 17.0.5 pre-release builds.
Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
Bump FreeType bundled version to 2.12.1 following JDK-8290334
Update release notes to 17.0.4.1+1
Add patch to provide translations for Europe/Kyiv added in tzdata2022b
Add test to ensure timezones can be translated
* RH2104724: Avoid import/export of DH private keys
* RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
* Build the systemconf library on all platforms
Update release notes to 17.0.3.0+7
Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
Need to include the '.S' suffix in debuginfo checks after JDK-8284661
Include a test in the RPM to check the build has the correct vendor information.
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the shell.
Update release notes to 17.0.4.0+1
Switch to EA mode for 17.0.4 pre-release builds.
Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
Move EA designator check to prep so failures can be caught earlier
Make EA designator check non-fatal while upstream is not maintaining it
Move cacerts replacement to install section and retain original of this and tzdb.dat
Run tests on the installed image, rather than the build image
Introduce variables to refer to the static library installation directories
Use relative symlinks so they work within the image
Run debug symbols check during build stage, before the install strips them
...after 19065a8b01585a1aa5f22e38e99fc0c47c597074 "Temporarily move x86 to use
Zero in order to get a working build":
When building the
> if ${run_bootstrap} ; then
branch for suffix='' and loop='-main', the second
> buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line. But installjdk does
> rm ${imagepath}/lib/tzdb.dat
> ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat in a
flatpak build (rather than the usual /usr/share/javazi-1.8/tzdb.dat in a non-
flatpak build) which is not present at build-time (but will be present at
runtime in at least the LibreOffice flatpak, which bundles tzdata-java built for
the flatpak /app prefix). So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.
(This was not an issue prior to 19065a8b01585a1aa5f22e38e99fc0c47c597074, as
installjdk's modification of lib/tzdb.dat used to be done only for the "Final
setup on the main image" at the very end of the build, not during the build for
JDKs that are themselves used later during the build.)
The easiest workaround for this issue appears to be to just not bootstrap_build
in the flatpak case, avoiding the situation that a JDK whose lib/tzdb.dat has
been modified through installjdk is used during the build.
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Update release notes to 17.0.3.0+7
Update README.md and generate_source_tarball.sh to match CentOS
Switch to GA mode for release
JDK-8283911 patch no longer needed now we're GA...
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Set LTS designator on RHEL, excluding Fedora & EPEL.
Rename libsvml.so to libjsvml.so following JDK-8276025
Remove JDK-8276572 patch which is now upstream.
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
