From edbfd1275a68d9bc99b9d0a25d703c074bf00240 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 18 Apr 2024 18:28:20 +0000 Subject: [PATCH] import UBI java-21-openjdk-21.0.3.0.9-1.el8 --- .gitignore | 2 +- .java-21-openjdk.metadata | 2 +- ...48eda.patch => fips-21u-0a42e29b391.patch} | 27 +- SOURCES/java-21-openjdk-portable.specfile | 263 +++++++++++++++--- ...0-rh910107-fail_to_load_pcsc_library.patch | 125 --------- SPECS/java-21-openjdk.spec | 138 +++++++-- 6 files changed, 364 insertions(+), 193 deletions(-) rename SOURCES/{fips-21u-75ffdc48eda.patch => fips-21u-0a42e29b391.patch} (99%) delete mode 100644 SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch diff --git a/.gitignore b/.gitignore index 78fc684..6f9c83b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ -SOURCES/openjdk-21.0.2+13.tar.xz +SOURCES/openjdk-21.0.3+9.tar.xz SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/.java-21-openjdk.metadata b/.java-21-openjdk.metadata index 30f63c8..4710a31 100644 --- a/.java-21-openjdk.metadata +++ b/.java-21-openjdk.metadata @@ -1,2 +1,2 @@ -0768105cb0e64a986b767cde0dabad6cafc76c6b SOURCES/openjdk-21.0.2+13.tar.xz +d5e32198171cbeca75d165678f273fcc309581a9 SOURCES/openjdk-21.0.3+9.tar.xz c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz diff --git a/SOURCES/fips-21u-75ffdc48eda.patch b/SOURCES/fips-21u-0a42e29b391.patch similarity index 99% rename from SOURCES/fips-21u-75ffdc48eda.patch rename to SOURCES/fips-21u-0a42e29b391.patch index 8413fe1..54e8da0 100644 --- a/SOURCES/fips-21u-75ffdc48eda.patch +++ b/SOURCES/fips-21u-0a42e29b391.patch @@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80 + AC_SUBST(NSS_LIBDIR) +]) diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 -index a1fc81564b1..ebad69d9dcf 100644 +index 51d4f724c33..feb0bcf3e75 100644 --- a/make/autoconf/libraries.m4 +++ b/make/autoconf/libraries.m4 @@ -35,6 +35,7 @@ m4_include([lib-std.m4]) @@ -127,7 +127,7 @@ index a1fc81564b1..ebad69d9dcf 100644 ################################################################################ # Determine which libraries are needed for this configuration -@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], +@@ -128,6 +129,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], LIB_SETUP_X11 LIB_TESTS_SETUP_GTEST @@ -136,10 +136,10 @@ index a1fc81564b1..ebad69d9dcf 100644 BASIC_JDKLIB_LIBS="" BASIC_JDKLIB_LIBS_TARGET="" diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in -index 0f85917814e..9419562b654 100644 +index f6def153c82..4d7abc33427 100644 --- a/make/autoconf/spec.gmk.in +++ b/make/autoconf/spec.gmk.in -@@ -867,6 +867,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@ +@@ -873,6 +873,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@ # Libraries # @@ -2959,7 +2959,7 @@ index 00000000000..f8d505ca815 +} \ No newline at end of file diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java -index 6b26297b1b4..7ee5e07756c 100644 +index c3b412885a6..0e7ce73b158 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java @@ -37,6 +37,8 @@ import javax.crypto.*; @@ -2981,20 +2981,21 @@ index 6b26297b1b4..7ee5e07756c 100644 private static final String PUBLIC = "public"; private static final String PRIVATE = "private"; private static final String SECRET = "secret"; -@@ -401,8 +406,10 @@ abstract class P11Key implements Key, Length { +@@ -401,9 +406,10 @@ abstract class P11Key implements Key, Length { new CK_ATTRIBUTE(CKA_EXTRACTABLE), }); -- boolean keySensitive = (attrs[0].getBoolean() || -- attrs[1].getBoolean() || !attrs[2].getBoolean()); +- boolean keySensitive = +- (attrs[0].getBoolean() && P11Util.isNSS(session.token)) || +- attrs[1].getBoolean() || !attrs[2].getBoolean(); + boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH"); + boolean keySensitive = (!exportable && -+ (attrs[0].getBoolean() || -+ attrs[1].getBoolean() || !attrs[2].getBoolean())); ++ ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) || ++ attrs[1].getBoolean() || !attrs[2].getBoolean())); return switch (algorithm) { case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm, -@@ -454,7 +461,8 @@ abstract class P11Key implements Key, Length { +@@ -455,7 +461,8 @@ abstract class P11Key implements Key, Length { public String getFormat() { token.ensureValid(); @@ -3004,7 +3005,7 @@ index 6b26297b1b4..7ee5e07756c 100644 return null; } else { return "RAW"; -@@ -1624,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference { +@@ -1625,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference { this.clear(); } } @@ -3204,7 +3205,7 @@ index 5cd6828d293..bae49c4e8a9 100644 debug.println("logout succeeded"); } diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java -index 3378409ca1c..7602a92a252 100644 +index a6f5f0a8764..9a07c96ca4e 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java @@ -33,6 +33,7 @@ import java.lang.ref.*; diff --git a/SOURCES/java-21-openjdk-portable.specfile b/SOURCES/java-21-openjdk-portable.specfile index 23f5b8e..bf8380d 100644 --- a/SOURCES/java-21-openjdk-portable.specfile +++ b/SOURCES/java-21-openjdk-portable.specfile @@ -314,7 +314,7 @@ # New Version-String scheme-style defines %global featurever 21 %global interimver 0 -%global updatever 2 +%global updatever 3 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, @@ -364,7 +364,7 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver 75ffdc48eda +%global fipsver 0a42e29b391 # Define JDK versions %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} %global javaver %{featurever} @@ -378,7 +378,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 13 +%global buildver 9 %global rpmrelease 1 #%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -650,10 +650,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch # ############################################# -# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo -# PR: https://github.com/openjdk/jdk/pull/15409 -Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch - # Currently empty ############################################# @@ -709,8 +705,15 @@ BuildRequires: java-%{buildjdkver}-%{origin}%{?pkgos:-%{pkgos}}-devel %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c +# Full documentation build requirements +# pandoc is not available on RHEL 7 +%if 0%{?rhel} >= 8 +BuildRequires: graphviz +BuildRequires: pandoc +%endif +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +BuildRequires: tzdata-java >= 2023d # cacerts build requirement in portable mode BuildRequires: ca-certificates # Earlier versions have a bug in tree vectorization on PPC @@ -730,7 +733,7 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else # Version in src/java.desktop/share/legal/freetype.md -Provides: bundled(freetype) = 2.13.0 +Provides: bundled(freetype) = 2.13.2 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h @@ -922,6 +925,7 @@ echo "WARNING: The build of a fresh libjvm has been disabled due to a JDK versio echo "Build JDK version is %{buildjdkver}, feature JDK version is %{featurever}" %endif +export XZ_OPT="-T0" %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -938,11 +942,22 @@ sh %{SOURCE12} %{top_level_dir_name} %endif # Patch the JDK +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. pushd %{top_level_dir_name} # Add crypto policy and FIPS support -%patch1001 -p1 -# Patches in need of upstreaming -%patch6 -p1 +%patch -P1001 -p1 popd # openjdk @@ -997,6 +1012,7 @@ export NUM_PROC=${NUM_PROC:-1} # Honor %%_smp_ncpus_max [ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} %endif +export XZ_OPT="-T0" %ifarch s390x sparc64 alpha %{power64} %{aarch64} export ARCH_DATA_MODEL=64 @@ -1022,9 +1038,58 @@ EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming %endif export EXTRA_CFLAGS EXTRA_CPP_FLAGS +# Set modification times (mtimes) of files within JAR files generated +# by the OpenJDK build to a timestamp that is constant across RPM +# rebuilds. OpenJDK provides the --with-source-date configure option +# for this purpose. Potential arguments in the RPM build context are: +# +# A) --with-source-date="${SOURCE_DATE_EPOCH}" +# B) --with-source-date=version +# C) --with-source-date="${OPENJDK_UPSTREAM_TAG_EPOCH}" +# +# Consider Option A. Fedora 38 (rpm-4.18.2) and RHEL-8 (rpm-4.14.3) +# have different support for SOURCE_DATE_EPOCH. To keep +# SOURCE_DATE_EPOCH constant across RPM rebuilds, one could set the +# source_date_epoch_from_changelog macro to 1 on both Fedora 38 and +# RHEL-8. However, on RHEL-8, this results in the RPM build times +# being set to the timestamp of the most recent changelog. This is +# bad for tracing when RPMs were actually built. Fedora 38 supports a +# better behaviour via the introduction of the +# use_source_date_epoch_as_buildtime macro, set to 0 by default. +# There is no way to make this work on RHEL-8 as well though, so +# option A is suboptimal. +# +# Option B uses the value of the DEFAULT_VERSION_DATE field from +# make/conf/version-numbers.conf. DEFAULT_VERSION_DATE represents the +# aspirational eventual JDK general availability (GA) release date. +# When the RPM build occurs prior to GA, generated JAR files will have +# payload mtimes in the future relative to the RPM build time. +# Whereas for tarballs some tools will issue warnings about future +# mtimes, per OPENJDK-2583 apparently this is no problem for Java and +# JAR files. +# +# Option C uses the modification timestamp of files in the source +# tarball. The reproducibility logic in generate_source_tarball.sh +# sets them all to the commit time of the release-tagged OpenJDK +# commit, as archived in the tarball. This timestamp is deterministic +# across RPM rebuilds and is reliably in the past. Any file's mtime +# will do, so use version-numbers.conf's. +# +# Use option B for JAR files, based on the discussion in OPENJDK-2583. +# +# For portable tarballs, use option C (OPENJDK_UPSTREAM_TAG_EPOCH) for +# the modification times of all files in the portable tarballs. Doing +# so eliminates one source of variability across RPM rebuilds. +VERSION_FILE="$(pwd)"/"%{top_level_dir_name}"/make/conf/version-numbers.conf +OPENJDK_UPSTREAM_TAG_EPOCH="$(stat --format=%Y "${VERSION_FILE}")" + echo "Building %{SOURCE11}" mkdir -p %{altjavaoutputdir} gcc ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11} +echo "Generating %{alt_java_name} man page" +altjavamanpage=%{altjavaoutputdir}/%{alt_java_name}.1 +echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > ${altjavamanpage} +cat %{top_level_dir_name}/src/java.base/share/man/java.1 >> ${altjavamanpage} echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}" @@ -1066,9 +1131,6 @@ function buildjdk() { scl enable devtoolset-%{dtsversion} "bash ${top_dir_abs_src_path}/configure \ %ifarch %{zero_arches} --with-jvm-variants=zero \ -%endif -%ifarch %{ppc64le} - --with-jobs=1 \ %endif --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ --with-version-build=%{buildver} \ @@ -1096,7 +1158,7 @@ function buildjdk() { --with-extra-cflags=\"$EXTRA_CFLAGS\" \ --with-extra-ldflags=\"%{ourldflags}\" \ --with-num-cores=\"$NUM_PROC\" \ - --with-source-date=\"${SOURCE_DATE_EPOCH}\" \ + --with-source-date=\"version\" \ --disable-javac-server \ %ifarch %{zgc_arches} --with-jvm-features=zgc \ @@ -1115,14 +1177,15 @@ function stripjdk() { local jreimagepath=${outputdir}/images/%{jreimage} local jmodimagepath=${outputdir}/images/jmods local supportdir=${outputdir}/support + local modulebuildpath=${outputdir}/jdk/modules if [ "x$suffix" = "x" ] ; then # Keep the unstripped version for consumption by RHEL RPMs cp -a ${jdkimagepath}{,.unstripped} # Strip the files - for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} -type f) ; do - if file ${file} | grep -q 'ELF'; then + for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} ${modulebuildpath} -type f) ; do + if file ${file} | cut -d ':' -f 2 | grep -q 'ELF'; then noextfile=${file/.so/}; scl enable devtoolset-%{dtsversion} "objcopy --only-keep-debug ${file} ${noextfile}.debuginfo"; scl enable devtoolset-%{dtsversion} "objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}"; @@ -1206,13 +1269,6 @@ function installjdk() { # Install local files which are distributed with the JDK install -m 644 %{SOURCE10} ${imagepath} - # Create fake alt-java as a placeholder for future alt-java - pushd ${imagepath} - # add alt-java man page - echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 - cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 - popd - # Print release information cat ${imagepath}/release fi @@ -1232,6 +1288,49 @@ function genchecksum() { popd } +# Create a reproducible tarball in an appropriate way for +# the version of tar in use +function createtar() { + local directory=${1} + local archive=${2} + local filter=${3} + local transform=${4} + + if [ "x${filter}" != "x" ] ; then + local filteroption="-name ${filter}"; + fi + if [ "x${transform}" != "x" ] ; then + local transoption="--transform ${transform}"; + fi + + local common_tar_opts="--owner=0 --group=0 --numeric-owner \ + ${transoption} --create --xz" + # Capture tar version, removing the decimal point (so 1.28 => 128) + tarver=$(tar --version|head -n1|sed -re 's|tar \(GNU tar\) ([0-9]).([0-9]*)|\1\2|') + echo "Detected tar ${tarver}" + if [ ${tarver} -gt 128 ] ; then + local tar_time="$(date --utc --iso-8601=seconds --date=@"${OPENJDK_UPSTREAM_TAG_EPOCH}")" + local tar_opts="--mtime=${tar_time} --sort=name ${common_tar_opts}" + if test "x${filteroption}" = "x"; then + tar ${tar_opts} --file ${archive} ${directory} + else + tar ${tar_opts} --file ${archive} $(find ${directory} ${filteroption}) + fi + else + # See https://reproducible-builds.org/docs/archives/ + # RHEL-7 has tar 1.26 which does not support --sort=name (added + # in 1.28), so use find-piped-through-sort instead. Omit + # --pax-option since it made the docs package not reproducible + # due to PaxHeaders timestamp differences. + local tar_opts="--mtime=@${OPENJDK_UPSTREAM_TAG_EPOCH} \ + --no-recursion --null --files-from - \ + ${common_tar_opts}" + find ${directory} ${filteroption} -print0 | \ + LC_ALL=C sort -z | \ + tar ${tar_opts} --file ${archive} + fi +} + function packagejdk() { local imagesdir=$(pwd)/${1}/images local docdir=$(pwd)/${1}/images/docs @@ -1270,7 +1369,7 @@ function packagejdk() { if [ "x$suffix" = "x" ] ; then # Keep the unstripped version for consumption by RHEL RPMs mv %{jdkimage}.unstripped ${jdkname} - tar -cJf ${unstrippedarchive} ${jdkname} + createtar ${jdkname} ${unstrippedarchive} genchecksum ${unstrippedarchive} mv ${jdkname} %{jdkimage}.unstripped fi @@ -1281,13 +1380,13 @@ function packagejdk() { # Release images have external debug symbols if [ "x$suffix" = "x" ] ; then - tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo) + createtar ${jdkname} ${debugarchive} \*.debuginfo genchecksum ${debugarchive} mkdir ${docname} mv ${docdir} ${docname} mv ${bundledir}/${built_doc_archive} ${docname} - tar -cJf ${docarchive} ${docname} + createtar ${docname} ${docarchive} genchecksum ${docarchive} mkdir ${miscname} @@ -1297,23 +1396,23 @@ function packagejdk() { %if %{with_systemtap} cp -a ${tapsetdir}* ${miscname} %endif - cp -av ${altjavadir}/%{alt_java_name} ${miscname} - tar -cJf ${miscarchive} ${miscname} + cp -av ${altjavadir}/%{alt_java_name}{,.1} ${miscname} + createtar ${miscname} ${miscarchive} genchecksum ${miscarchive} fi - tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname} + createtar ${jdkname} ${jdkarchive} genchecksum ${jdkarchive} - tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename} + createtar ${jrename} ${jrearchive} genchecksum ${jrearchive} %if %{include_staticlibs} # Static libraries (needed for building graal vm with native image) # Tar as overlay. Transform to the JDK name, since we just want to "add" # static libraries to that folder - tar -cJf ${staticarchive} \ - --transform "s|^%{static_libs_image}/lib/*|${staticname}/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" + createtar "%{static_libs_image}/lib" ${staticarchive} "" \ + "s|^%{static_libs_image}/lib/*|${staticname}/lib/static/linux-%{archinstall}/glibc/|" genchecksum ${staticarchive} %endif @@ -1686,6 +1785,100 @@ done %{_jvmdir}/%{miscportablearchive}.sha256sum %changelog +* Sat Apr 13 2024 Andrew Hughes - 1:21.0.3.0.9-1 +- Update to jdk-21.0.3+9 (GA) +- Update release notes to 21.0.3+9 +- Switch to GA mode. +- Change --with-source-date value to 'version' to match Temurin builds +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** +- Resolves: OPENJDK-2585 + +* Thu Apr 04 2024 Andrew Hughes - 1:21.0.3.0.7-0.1.ea +- Update to jdk-21.0.3+7 (EA) +- Update release notes to 21.0.3+7 +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 +- Only require tzdata 2023d for now as 2024a is unavailable in buildroot +- Drop JDK-8009550 which is now available upstream +- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254 + +* Thu Mar 21 2024 Andrew Hughes - 1:21.0.3.0.1-0.2.ea +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Cleanup message issued when checkout already exists +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- icedtea_sync.sh: Reinstate from rhel-8.9.0 branch +- Move maintenance scripts to a scripts subdirectory +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST +- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) +- Vary reproducible tar creation by version of tar detected +- Set OPENJDK_UPSTREAM_TAG_EPOCH & VERSION_FILE at start of build section as in 17u +- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck + +* Wed Mar 20 2024 Thomas Fitzsimmons - 1:21.0.3.0.1-0.2.ea +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Append -ea designator when required +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Fix -ea logic to add dash +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Fix whitespace +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs +- Remove -T0 argument from systemtap tar invocation + +* Mon Mar 11 2024 Andrew Hughes - 1:21.0.3.0.1-0.2.ea +- Introduce tar_opts to avoid repetition of lengthy tar creation options +- Add module build path to stripped directories to catch jpackageapplauncher files +- Move alt-java man page to the misc tarball so it is not in the JDK image +- Resolves: OPENJDK-2820 +- Resolves: OPENJDK-2821 + +* Thu Feb 08 2024 Thomas Fitzsimmons - 1:21.0.3.0.1-0.2.ea +- Invoke xz in multi-threaded mode +- Remove ppc64le with-jobs=1 workaround +- Make portable tarball modification times reproducible +- Use RHEL-7 tar-1.26-compatible invocations for reproducible tarballs + +* Fri Feb 02 2024 Andrew Hughes - 1:21.0.3.0.1-0.1.ea +- Update to jdk-21.0.3+1 (EA) +- Update release notes to 21.0.3+1 +- Switch to EA mode +- Require tzdata 2023d due to upstream inclusion of JDK-8322725 +- Bump FreeType version to 2.13.2 following JDK-8316028 + +* Sat Jan 27 2024 Andrew Hughes - 1:21.0.2.0.13-2 +- Sync with upstream release notes + * Tue Jan 09 2024 Andrew Hughes - 1:21.0.2.0.13-1 - Update to jdk-21.0.2+13 (GA) - Update release notes to 21.0.2+13 diff --git a/SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch b/SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch deleted file mode 100644 index 9213937..0000000 --- a/SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch +++ /dev/null @@ -1,125 +0,0 @@ -commit d0523302416bc6507696f20d1068f16427bcf6b8 -Author: Andrew Hughes -Date: Thu Aug 24 01:23:49 2023 +0100 - - 8009550: PlatformPCSC should load versioned so - -diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java -index bff273c6548..e5a6b288ff8 100644 ---- a/src/java.base/share/classes/sun/security/util/Debug.java -+++ b/src/java.base/share/classes/sun/security/util/Debug.java -@@ -81,6 +81,7 @@ public static void Help() - System.err.println("logincontext login context results"); - System.err.println("jca JCA engine class debugging"); - System.err.println("keystore KeyStore debugging"); -+ System.err.println("pcsc Smartcard library debugging"); - System.err.println("policy loading and granting"); - System.err.println("provider security provider debugging"); - System.err.println("pkcs11 PKCS11 session manager debugging"); -diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java -index bacff32efbc..d9f605ada1e 100644 ---- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java -+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java -@@ -1,5 +1,6 @@ - /* - * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. -+ * Copyright (c) 2023, Red Hat Inc. All rights reserved. - * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. - * - * This code is free software; you can redistribute it and/or modify it -@@ -46,8 +47,13 @@ class PlatformPCSC { - - private static final String PROP_NAME = "sun.security.smartcardio.library"; - -- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so"; -- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so"; -+ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so", -+ "/usr/local/$LIBISA/libpcsclite.so", -+ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so", -+ "/usr/lib/arm-linux-gnueabi/libpcsclite.so", -+ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so", -+ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" }; -+ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" }; - private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC"; - - PlatformPCSC() { -@@ -73,23 +79,38 @@ public Throwable run() { - }); - - // expand $LIBISA to the system specific directory name for libraries -+ // expand $ARCH to the Debian system architecture in use - private static String expand(String lib) { - int k = lib.indexOf("$LIBISA"); -- if (k == -1) { -- return lib; -+ if (k != -1) { -+ String libDir; -+ if ("64".equals(System.getProperty("sun.arch.data.model"))) { -+ // assume Linux convention -+ libDir = "lib64"; -+ } else { -+ // must be 32-bit -+ libDir = "lib"; -+ } -+ lib = lib.replace("$LIBISA", libDir); - } -- String s1 = lib.substring(0, k); -- String s2 = lib.substring(k + 7); -- String libDir; -- if ("64".equals(System.getProperty("sun.arch.data.model"))) { -- // assume Linux convention -- libDir = "lib64"; -- } else { -- // must be 32-bit -- libDir = "lib"; -+ -+ k = lib.indexOf("$ARCH"); -+ if (k != -1) { -+ String arch = System.getProperty("os.arch"); -+ lib = lib.replace("$ARCH", getDebianArchitecture(arch)); - } -- String s = s1 + libDir + s2; -- return s; -+ -+ return lib; -+ } -+ -+ private static String getDebianArchitecture(String jdkArch) { -+ return switch (jdkArch) { -+ case "amd64" -> "x86_64"; -+ case "ppc" -> "powerpc"; -+ case "ppc64" -> "powerpc64"; -+ case "ppc64le" -> "powerpc64le"; -+ default -> jdkArch; -+ }; - } - - private static String getLibraryName() throws IOException { -@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException { - if (lib.length() != 0) { - return lib; - } -- lib = expand(LIB1); -- if (new File(lib).isFile()) { -- // if LIB1 exists, use that -- return lib; -- } -- lib = expand(LIB2); -- if (new File(lib).isFile()) { -- // if LIB2 exists, use that -- return lib; -+ -+ for (String template : LIB_TEMPLATES) { -+ for (String suffix : LIB_SUFFIXES) { -+ lib = expand(template) + suffix; -+ if (debug != null) { -+ debug.println("Looking for " + lib); -+ } -+ if (new File(lib).isFile()) { -+ // if library exists, use that -+ return lib; -+ } -+ } - } - - // As of macos 11, framework libraries have been removed from the file diff --git a/SPECS/java-21-openjdk.spec b/SPECS/java-21-openjdk.spec index 6a88316..e51795d 100644 --- a/SPECS/java-21-openjdk.spec +++ b/SPECS/java-21-openjdk.spec @@ -143,6 +143,11 @@ # Set of architectures where we verify backtraces with gdb %global gdb_arches %{jit_arches} %{zero_arches} +# Define the OS the portable JDK is built on +# This is undefined for openjdk-portable-rhel-8 builds and +# equals 'rhel7' for openjdk-portable-rhel-7 builds +%global pkgos rhel7 + # By default, we build a debug build during main build on JIT architectures %if %{with slowdebug} %ifarch %{debug_arches} @@ -300,7 +305,7 @@ # New Version-String scheme-style defines %global featurever 21 %global interimver 0 -%global updatever 2 +%global updatever 3 %global patchver 0 # We don't add any LTS designator for STS packages (Fedora and EPEL). # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined. @@ -336,7 +341,7 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver 75ffdc48eda +%global fipsver 0a42e29b391 # Define JDK versions %global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} %global javaver %{featurever} @@ -350,11 +355,11 @@ %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 13 +%global buildver 9 %global rpmrelease 1 # Settings used by the portable build %global portablerelease 1 -%global portablesuffix el7_9 +%global portablesuffix %{?pkgos:el7_9}%{!?pkgos:el8} %global portablebuilddir /builddir/build/BUILD # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit @@ -1140,8 +1145,9 @@ Requires: ca-certificates # Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros Requires: javapackages-filesystem # Require zone-info data provided by tzdata-java sub-package -# 2023c required as of JDK-8305113 -Requires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +Requires: tzdata-java >= 2023d # for support of kernel stream control # libsctp.so.1 is being `dlopen`ed on demand Requires: lksctp-tools%{?_isa} @@ -1262,8 +1268,6 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release} # Prevent brp-java-repack-jars from being run %global __jar_repack 0 -# Define the OS the portable JDK is built on -%global pkgos rhel7 # Define the root name of the portable packages %global pkgnameroot java-%{featurever}-%{origin}-portable%{?pkgos:-%{pkgos}} @@ -1402,10 +1406,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch # ############################################# -# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo -# PR: https://github.com/openjdk/jdk/pull/15409 -Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch - # Currently empty ############################################# @@ -1467,8 +1467,9 @@ BuildRequires: %{pkgnameroot}-misc = %{epoch}:%{version}-%{prelease}.%{portables %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2023c required as of JDK-8305113 -BuildRequires: tzdata-java >= 2023c +# 2024a required as of JDK-8325150 +# Use 2023d until 2024a is in the buildroot +BuildRequires: tzdata-java >= 2023d # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 @@ -1486,7 +1487,7 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else # Version in src/java.desktop/share/legal/freetype.md -Provides: bundled(freetype) = 2.13.0 +Provides: bundled(freetype) = 2.13.2 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h @@ -1840,6 +1841,7 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ exit 14 fi +export XZ_OPT="-T0" %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` @@ -1856,11 +1858,22 @@ sh %{SOURCE12} %{top_level_dir_name} %endif # Patch the JDK +# This syntax is deprecated: +# %patchN [...] +# and should be replaced with: +# %patch -PN [...] +# For example: +# %patch1001 -p1 +# becomes: +# %patch -P1001 -p1 +# The replacement format suggested by recent (circa Fedora 38) RPM +# deprecation messages: +# %patch N [...] +# is not backward-compatible with prior (circa RHEL-8) versions of +# rpmbuild. pushd %{top_level_dir_name} # Add crypto policy and FIPS support -%patch1001 -p1 -# Patches in need of upstreaming -%patch6 -p1 +%patch -P1001 -p1 popd # openjdk @@ -1917,6 +1930,8 @@ function customisejdk() { fi } +export XZ_OPT="-T0" + mkdir -p $(dirname %{installoutputdir}) docdir=%{installoutputdir -- "-docs"} @@ -2171,6 +2186,8 @@ install -D -p -m 755 ${miscdir}/%{alt_java_name} $RPM_BUILD_ROOT%{jrebindir -- $ ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix} popd + # Copy alt-java man page into image so it gets installed with the others + cp -a ${miscdir}/%{alt_java_name}.1 ${jdk_image}/man/man1 # Install man pages install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man1 pushd ${jdk_image} @@ -2479,6 +2496,91 @@ require "copy_jdk_configs.lua" %endif %changelog +* Sun Apr 14 2024 Andrew Hughes - 1:21.0.3.0.9-1 +- Update to jdk-21.0.3+9 (GA) +- Update release notes to 21.0.3+9 +- Switch to GA mode. +- Sync the copy of the portable specfile with the latest update +- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. ** +- Resolves: RHEL-32405 + +* Sun Apr 14 2024 Andrew Hughes - 1:21.0.3.0.7-0.1.ea +- Update to jdk-21.0.3+7 (EA) +- Update release notes to 21.0.3+7 +- Require tzdata 2024a due to upstream inclusion of JDK-8322725 +- Only require tzdata 2023d for now as 2024a is unavailable in buildroot +- Drop JDK-8009550 which is now available upstream +- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254 +- Resolves: RHEL-30944 + +* Sun Apr 14 2024 Thomas Fitzsimmons - 1:21.0.3.0.1-0.2.ea +- Invoke xz in multi-threaded mode +- generate_source_tarball.sh: Add WITH_TEMP environment variable +- generate_source_tarball.sh: Multithread xz on all available cores +- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable +- generate_source_tarball.sh: Update comment about tarball naming +- generate_source_tarball.sh: Reformat comment header +- generate_source_tarball.sh: Reformat and update help output +- generate_source_tarball.sh: Do a shallow clone, for speed +- generate_source_tarball.sh: Append -ea designator when required +- generate_source_tarball.sh: Eliminate some removal prompting +- generate_source_tarball.sh: Make tarball reproducible +- generate_source_tarball.sh: Prefix temporary directory with temp- +- generate_source_tarball.sh: Remove temporary directory exit conditions +- generate_source_tarball.sh: Fix -ea logic to add dash +- generate_source_tarball.sh: Set compile-command in Emacs +- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT +- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks +- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166) +- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004) +- Use backward-compatible patch syntax +- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST +- generate_source_tarball.sh: Fix whitespace +- generate_source_tarball.sh: Remove trailing period in echo +- generate_source_tarball.sh: Use long-style argument to grep +- generate_source_tarball.sh: Add license +- generate_source_tarball.sh: Add indentation instructions for Emacs +- Related: RHEL-30944 + +* Sun Apr 14 2024 Andrew Hughes - 1:21.0.3.0.1-0.2.ea +- Install alt-java man page from the misc tarball as it is no longer in the JDK image +- generate_source_tarball.sh: Update examples in header for clarity +- generate_source_tarball.sh: Cleanup message issued when checkout already exists +- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP +- generate_source_tarball.sh: Only add --depth=1 on non-local repositories +- Move maintenance scripts to a scripts subdirectory +- discover_trees.sh: Set compile-command and indentation instructions for Emacs +- discover_trees.sh: shellcheck: Do not use -o (SC2166) +- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- discover_trees.sh: shellcheck: Double-quote variable references (SC2086) +- generate_source_tarball.sh: Add authorship +- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs +- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086) +- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: Set compile-command and indentation instructions for Emacs +- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086) +- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268) +- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196) +- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST +- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086) +- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck +- Related: RHEL-30944 + +* Sun Apr 14 2024 Andrew Hughes - 1:21.0.3.0.1-0.1.ea +- Update to jdk-21.0.3+1 (EA) +- Update release notes to 21.0.3+1 +- Switch to EA mode +- Require tzdata 2023d due to upstream inclusion of JDK-8322725 +- Bump FreeType version to 2.13.2 following JDK-8316028 +- Related: RHEL-30944 + +* Fri Apr 12 2024 Andrew Hughes - 1:21.0.2.0.13-2 +- Sync the copy of the portable specfile with the latest update +- Define portablesuffix according to whether pkgos is defined or not +- Related: RHEL-30944 + * Tue Jan 09 2024 Andrew Hughes - 1:21.0.2.0.13-1 - Update to jdk-21.0.2+13 (GA) - Sync the copy of the portable specfile with the latest update