Commit Graph

159 Commits

Author SHA1 Message Date
Fedora Release Engineering
2eadc2e3b7 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 13:35:16 +00:00
Andrew Hughes
f5df7fac4a Update FIPS support to bring in latest changes
* OJ1357: Fix issue on FIPS with a SecurityManager in place
2023-01-13 19:38:48 +00:00
Andrew Hughes
0855917e97 Update to jdk-17.0.6+9
Update release notes to 17.0.6+9
Drop local copy of JDK-8293834 now this is upstream
Require tzdata 2022g due to inclusion of JDK-8296108, JDK-8296715 & JDK-8297804
Update TestTranslations.java to test the new America/Ciudad_Juarez zone
2023-01-04 03:06:30 +00:00
Stephan Bergmann
3db7152324 Fix flatpak builds
...after
<6eee73b250>
"Update to jdk-11.0.16.1+1" added the TestTranslations.java "test to ensure
timezones can be translated":  Similar to the previous
<1ac4052b44>
"Fix flatpak builds", during a flatpak build of java-11-openjdk its
.../images/jdk/lib/tzdb.dat is a dangling symlink to
/app/share/javazi-1.8/tzdb.dat (but which will be a working symlink in at least
the assembled LibreOffice flatpak).  That causes execution of
TestTranslations.java during the build to fail due to a
java.io.FileNotFoundException when trying to access that tzdb.dat.  The easiest
fix appears to be to just not run that specific test for a flatpak build.
2023-01-04 02:40:14 +00:00
Jiri Vanek
c59629db64 Bumped release 2022-12-07 16:46:55 +01:00
Andrew Hughes
fc0191002b Update FIPS support to bring in latest changes
* Add nss.fips.cfg support to OpenJDK tree
* RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
* Remove forgotten dead code from RH2020290 and RH2104724

Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build
2022-11-23 16:51:55 +00:00
Andrew Hughes
9253c5fd01 Update to jdk-17.0.6+1
Update release notes to 17.0.6+1
Switch to EA mode for 17.0.6 pre-release builds.
Re-enable EA upstream status check now it is being actively maintained.
Drop JDK-8294357 (tzdata2022d) & JDK-8295173 (tzdata2022e) local patches which are now upstream
Bump tzdata requirement to 2022e now the package is available in Fedora
2022-11-09 02:57:25 +00:00
Andrew Hughes
c0f97cd3e3 Update to jdk-17.0.5+8 (GA)
Update release notes to 17.0.5+8 (GA)
Switch to GA mode for final release.
The stdc++lib, zlib & freetype options should always be set from the global, so they are not altered for staticlibs builds
Remove freetype sources along with zlib sources
2022-10-19 21:21:26 +01:00
Andrew Hughes
48de3d829a Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173
Update CLDR data with Europe/Kyiv (JDK-8293834)
Drop JDK-8292223 patch which we found to be unnecessary
Update TestTranslations.java to use public API based on TimeZoneNamesTest upstream
2022-10-14 20:37:50 +01:00
Andrew Hughes
344ea34bdd Update to jdk-17.0.5+7
Update release notes to 17.0.5+7
2022-10-04 02:40:20 +01:00
Andrew Hughes
3e49d2c00a Update to jdk-17.0.5+1
Update release notes to 17.0.5+1
Switch to EA mode for 17.0.5 pre-release builds.
Bump HarfBuzz bundled version to 4.4.1 following JDK-8289853
Bump FreeType bundled version to 2.12.1 following JDK-8290334
2022-10-03 04:17:10 +01:00
Andrew Hughes
b6fe100065 Switch to static builds, reducing system dependencies and making build more portable 2022-09-01 02:59:35 +01:00
Andrew Hughes
ea9509f5ca Update FIPS support to bring in latest changes
* RH2048582: Support PKCS#12 keystores
* RH2020290: Support TLS 1.3 in FIPS mode
2022-08-29 04:59:50 +01:00
Andrew Hughes
5dd4fd8561 Update to jdk-17.0.4.1+1
Update release notes to 17.0.4.1+1
Add patch to provide translations for Europe/Kyiv added in tzdata2022b
Add test to ensure timezones can be translated
2022-08-21 04:32:49 +01:00
Andrew Hughes
ddd9b60d6e Update FIPS support to bring in latest changes
* RH2104724: Avoid import/export of DH private keys
* RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
* Build the systemconf library on all platforms
2022-08-15 02:09:20 +01:00
Andrew Hughes
b540c51900 Update to jdk-17.0.3.0+8
Update release notes to 17.0.3.0+8
Switch to GA mode for release
Exclude x86 where java_arches is undefined, in order to unbreak build
2022-07-22 16:23:05 +01:00
Jiri
814266f969 moved to build only on %%{java_arches}
-- https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
- reverted :
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild (always mess up release)
-- Try to build on x86 again by creating a husk of a JDK which does not depend on itself
-- Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
-- Replaced binaries and .so files with bash-stubs on i686
- added ExclusiveArch:  %%{java_arches}
-- this now excludes i686
-- this is safely backport-able to older fedoras, as the macro was  backported proeprly (with i686 included)
- https://bugzilla.redhat.com/show_bug.cgi?id=2104128
2022-07-22 12:52:20 +02:00
Fedora Release Engineering
87a3e38c1a Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 15:05:49 +00:00
Andrew Hughes
e47cdf807e Try to build on x86 again by creating a husk of a JDK which does not depend on itself 2022-07-19 01:35:14 +01:00
Andrew Hughes
c43163d445 Update to jdk-17.0.3.0+7
Update release notes to 17.0.3.0+7
Exclude x86 from builds as the bootstrap JDK is now completely broken and unusable
Need to include the '.S' suffix in debuginfo checks after JDK-8284661
2022-07-16 23:41:02 +01:00
Andrew Hughes
0cff01bd23 Explicitly require crypto-policies during build and runtime for system security properties 2022-07-14 14:53:32 +02:00
Jiri
73fbfeeb34 Replaced binaries and .so files with bash-stubs on i686
in preparation of the removal on that architecture
https://fedoraproject.org/wiki/Changes/Drop_i686_JDKs
2022-07-14 14:26:11 +02:00
FeRD (Frank Dana)
3a89c445ab Add additional javadoc & javadoczip alternatives
Create additional alternatives linked from the javadocdir, named:
  * java-%{origin} / java-%{origin}.zip
  * java-%{javaver} / java-%{javaver}.zip
  * java-%{javaver}-%{origin} / java-%{javaver}-%{origin}.zip
2022-07-14 14:20:38 +02:00
Andrew Hughes
b88e34f02e Make use of the vendor version string to store our version & release rather than an upstream release date
Include a test in the RPM to check the build has the correct vendor information.
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the shell.
2022-07-14 03:17:50 +01:00
Andrew Hughes
9686b18e4f Update to jdk-17.0.4.0+1
Update release notes to 17.0.4.0+1
Switch to EA mode for 17.0.4 pre-release builds.
Drop JDK-8282004 patch which is now upstreamed under JDK-8282231
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
Move EA designator check to prep so failures can be caught earlier
Make EA designator check non-fatal while upstream is not maintaining it
2022-07-11 19:40:57 +01:00
Andrew Hughes
1d41f8167f Fix whitespace in spec file 2022-07-07 20:30:28 +01:00
Andrew Hughes
034d3998e6 Sequence spec file sections as they are run by rpmbuild (build, install then test) 2022-07-07 20:26:58 +01:00
Andrew Hughes
14d01cca4a Turn on system security properties as part of the build's install section
Move cacerts replacement to install section and retain original of this and tzdb.dat
Run tests on the installed image, rather than the build image
Introduce variables to refer to the static library installation directories
Use relative symlinks so they work within the image
Run debug symbols check during build stage, before the install strips them
2022-07-06 17:55:20 +01:00
Stephan Bergmann
de9ee07198 Fix flatpak builds
...after 19065a8b01585a1aa5f22e38e99fc0c47c597074 "Temporarily move x86 to use
Zero in order to get a working build":

When building the

>       if ${run_bootstrap} ; then

branch for suffix='' and loop='-main', the second

>           buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}

uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line.  But installjdk does

> 	rm ${imagepath}/lib/tzdb.dat
> 	ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat

which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat in a
flatpak build (rather than the usual /usr/share/javazi-1.8/tzdb.dat in a non-
flatpak build) which is not present at build-time (but will be present at
runtime in at least the LibreOffice flatpak, which bundles tzdata-java built for
the flatpak /app prefix).  So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.

(This was not an issue prior to 19065a8b01585a1aa5f22e38e99fc0c47c597074, as
installjdk's modification of lib/tzdb.dat used to be done only for the "Final
setup on the main image" at the very end of the build, not during the build for
JDKs that are themselves used later during the build.)

The easiest workaround for this issue appears to be to just not bootstrap_build
in the flatpak case, avoiding the situation that a JDK whose lib/tzdb.dat has
been modified through installjdk is used during the build.
2022-07-01 03:20:25 +01:00
Francisco Ferrari Bihurriet
92f9e6d8e3 RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode
Use SunPKCS11 Attributes Configuration to set CKA_SIGN=true on SecretKey generate/import operations in FIPS mode, see:
https://docs.oracle.com/en/java/javase/17/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9__PKCS11-ATTRIBUTES-CONFIGURATION
2022-06-30 14:22:25 -03:00
Stephan Bergmann
a6295304fd Fix flatpak builds (catering for their uncompressed manual pages)
...see
<https://docs.fedoraproject.org/en-US/flatpak/troubleshooting/#_uncompressed_manual_pages>
for details
2022-06-27 10:34:33 +02:00
Andrew John Hughes
2879030caf Update FIPS support to bring in latest changes
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together

Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
2022-06-22 22:32:21 +01:00
Andrew John Hughes
756a991906 Rebase FIPS patches from fips-17u branch and simplify by using a single patch from that repository
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
RH2023467: Enable FIPS keys export
RH2094027: SunEC runtime permission for FIPS
2022-06-13 00:05:38 +01:00
Andrew John Hughes
3cbe105c02 April 2022 security update to jdk 17.0.3+7
Update release notes to 17.0.3.0+7
Update README.md and generate_source_tarball.sh to match CentOS
Switch to GA mode for release
JDK-8283911 patch no longer needed now we're GA...
2022-04-24 22:13:48 +01:00
Andrew John Hughes
a29fc2e266 Update to jdk-17.0.3.0+5
Update release notes to 17.0.3.0+5
2022-04-13 03:34:46 +01:00
Andrew John Hughes
52e513df50 Update to jdk-17.0.3.0+1
Update release notes to 17.0.3.0+1
Switch to EA mode for 17.0.3 pre-release builds.
Add JDK-8283911 to fix bad DEFAULT_PROMOTED_VERSION_PRE value
2022-04-08 17:42:37 +01:00
Andrew John Hughes
8a08a43c55 Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode 2022-04-06 17:42:56 +01:00
Andrew John Hughes
8c47abf37c java-17-openjdk should depend on itself to build, not java-latest-openjdk which is now OpenJDK 18 2022-03-30 20:15:01 +01:00
Andrew John Hughes
87b704d81e Detect NSS at runtime for FIPS detection
Turn off build-time NSS linking and go back to an explicit Requires on NSS
2022-02-24 01:09:59 +00:00
Andrew John Hughes
7f8f4b1f1d Reinstate JIT builds on x86_32.
Add JDK-8282004 to fix missing CALL effects on x86_32.
2022-02-17 01:30:45 +00:00
Andrew John Hughes
a4b6f50066 Re-enable gdb backtrace check 2022-02-08 15:51:33 +00:00
Andrew John Hughes
ee33a76793 Introduce stapinstall variable to set SystemTap arch directory correctly (e.g. arm64 on aarch64)
Need to support noarch for creating source RPMs for non-scratch builds.
2022-02-08 02:08:49 +00:00
Jiri
fbc4f64198 moved to become system jdk 2022-02-05 09:36:08 +01:00
Andrew John Hughes
db59904511 Temporarily move x86 to use Zero in order to get a working build
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
2022-02-05 01:30:39 +00:00
Andrew John Hughes
ed1d0a79ba January 2022 security update to jdk 17.0.2+8
Set LTS designator on RHEL, excluding Fedora & EPEL.
Rename libsvml.so to libjsvml.so following JDK-8276025
Remove JDK-8276572 patch which is now upstream.
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
2022-01-24 15:36:13 +01:00
Andrew John Hughes
62652f81a6 Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent 2022-01-24 15:13:13 +01:00
Fedora Release Engineering
e3a510910e - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-24 15:11:23 +01:00
Andrew John Hughes
eacad27bf1 Sync gdb test with java-1.8.0-openjdk and improve architecture restrictions.
Disable on x86, x86_64, ppc64le & s390x while these are broken in rawhide.
2022-01-24 15:08:20 +01:00
Andrew John Hughes
bda1029633 Fix FIPS issues in native code and with initialisation of java.security.Security 2022-01-24 15:07:56 +01:00
Jiri Vanek
33cde0f7b6 Revert "- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild"
This reverts commit 7364be5487.
2022-01-24 15:07:30 +01:00