Update release notes to actually reflect OpenJDK 18 and subsequent releases 18.0.1 & 18.0.1.1
Print release file during build, which should now include a correct SOURCE value from .src-rev
Update tarball script with IcedTea GitHub URL and .src-rev generation
Include script to generate bug list for release notes
Update tzdata requirement to 2022a to match JDK-8283350
Fix issue where CheckVendor.java test erroneously passes when it should fail.
Add proper quoting so '&' is not treated as a special character by the shell.
Move cacerts replacement to install section and retain original of this and tzdb.dat
Run tests on the installed image, rather than the build image
Introduce variables to refer to the static library installation directories
Use relative symlinks so they work within the image
Run debug symbols check during build stage, before the install strips them
...after 19065a8b01585a1aa5f22e38e99fc0c47c597074 "Temporarily move x86 to use
Zero in order to get a working build":
When building the
> if ${run_bootstrap} ; then
branch for suffix='' and loop='-main', the second
> buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
uses the JDK (`$(pwd)/${bootinstalldir}/images/%{jdkimage}`) from the installjdk
on the previous line. But installjdk does
> rm ${imagepath}/lib/tzdb.dat
> ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
which made that JDK's tzdb.dat link to /app/share/javazi-1.8/tzdb.dat in a
flatpak build (rather than the usual /usr/share/javazi-1.8/tzdb.dat in a non-
flatpak build) which is not present at build-time (but will be present at
runtime in at least the LibreOffice flatpak, which bundles tzdata-java built for
the flatpak /app prefix). So using that JDK's compiler during the build kept
failing due to java.io.FileNotFoundException for its lib/tzdb.dat.
(This was not an issue prior to 19065a8b01585a1aa5f22e38e99fc0c47c597074, as
installjdk's modification of lib/tzdb.dat used to be done only for the "Final
setup on the main image" at the very end of the build, not during the build for
JDKs that are themselves used later during the build.)
The easiest workaround for this issue appears to be to just not bootstrap_build
in the flatpak case, avoiding the situation that a JDK whose lib/tzdb.dat has
been modified through installjdk is used during the build.
* RH2023467: Enable FIPS keys export
* RH2094027: SunEC runtime permission for FIPS
* RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
* RH2090378: Revert to disabling system security properties and FIPS mode support together
Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Enable system security properties in the RPM (now disabled by default in the FIPS repo)
Improve security properties test to check both enabled and disabled behaviour
Run security properties test with property debugging on
Minor sync-ups with java-17-openjdk spec file
* Add new slave jwebserver and corresponding manpage
- Adjust rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch
- Support JVM variant zero following JDK-8273494 no longer installing Zero's libjvm.so in the server directory
- Disable HotSpot-only pre-build which is incompatible with the boot JDK being a different major version to that being built
- Rebase FIPS patches from fips-18u branch and simplify by using a single patch from that repository
- Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
- Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch
Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
Support a HotSpot-only build so a freshly built libjvm.so can then be used in the bootstrap JDK.
Explicitly list JIT architectures rather than relying on those with slowdebug builds
Disable the serviceability agent on Zero architectures even when the architecture itself is supported
Set LTS designator on RHEL, excluding Fedora & EPEL.
Rename libsvml.so to libjsvml.so following JDK-8276025
Remove JDK-8276572 patch which is now upstream.
Rebase RH1995150 & RH1996182 patches following JDK-8275863 addition to module-info.java
Fixing:
Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
The move of alternatives creation to posttrans to fix:
Bug 1200302 - dnf reinstall breaks alternatives
Had caused the alternatives to be removed, and then created again,
instead of being added, and then removing the old, and thus persisting
the selection in family
Thus this fix, is storing the family of manually selected master, and if
stored, then it is restoring the family of the master
Before this patch, the java-17-openjdk-javadoc-zip was not existing, and
instead of that, javadoc was provided by both
Factm, that both subpkgs should provide javadoc, should be kept
Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.
Resolves: RHBZ#2019555
Minor code cleanups on FIPS detection patch and check for SECMOD_GetSystemFIPSEnabled in configure.
Remove unneeded Requires on NSS as it will now be dynamically linked and detected by RPM.
Update RH1655466 FIPS patch with changes in OpenJDK 8 version.
SunPKCS11 runtime provider name is a concatenation of "SunPKCS11-" and the name in the config file.
Change nss.fips.cfg config name to "NSS-FIPS" to avoid confusion with nss.cfg.
No need to substitute path to nss.fips.cfg as java.security file supports a java.home variable.
Disable FIPS mode support unless com.redhat.fips is set to "true".
Use appropriate keystore types when in FIPS mode (RH1818909)
Enable alignment with FIPS crypto policy by default (-Dcom.redhat.fips=false to disable).
Disable TLSv1.3 when the FIPS crypto policy and the NSS-FIPS provider are in use (RH1860986)
Add explicit runtime dependency on NSS for the PKCS11 provider in FIPS mode
Move setup of JavaSecuritySystemConfiguratorAccess to Security class so it always occurs (RH1915071)
- Adds patch from java-11-openjdk so as to be able to properly
toggle the system crypto policy
- Fixes test TestSecurityProperties.java which was failing
Change path to version-number.conf
Bump sources to 17.0.0+26
Change vendor_version_string
Set is_ga to 0, as this is early access build
removed rmid binary from files and from slaves
removed JAVAC_FLAGS=-g from make command, as it breaks the build since JDK-8258407
add lib/libsyslookup.so to files
renamed lib/security/blacklisted.certs to lib/security/blocked.certs
add lib/libsvml.so for intel
skip debuginfo check for libsyslookup.so on s390x
Update tarball generation script to use git following OpenJDK's move to github
Update tarball generation script to use PR3823 which handles JDK-8235710 changes
Use upstream default for version-pre rather than setting it to "ea" or ""
Drop libsunec.so which is no longer generated, thanks to JDK-8235710
Drop unnecessary compiler flags, dating back to work on GCC 6 & 10
Adapt RH1750419 alt-java patch to still apply after some variable re-naming in the makefiles
Update filever to remove any trailing zeros, as in the OpenJDK build, and use for source filename
Use system harfbuzz now this is supported.
Pass SOURCE_DATE_EPOCH to build for reproducible builds
/usr/sbin/alternatives is not under the Flatpak build's %{_prefix},
which is set to /app.
(See <https://pagure.io/packaging-committee/issue/848> "Clarify the
use of path macros with respect to build dependencies").
Found when trying to do a LibreOffice Flatpak build from RHEL RPM
specs, which includes java-1.8.0-openjdk among its components.
Add release notes for 15.0.1.0 & 15.0.2.0
Use JEP-322 Time-Based Versioning so we can handle a future 11.0.9.1-like release correctly.
Still use 15.0.x rather than 15.0.x.0 for file naming, as the trailing zero is omitted from tags.
Cleanup debug package descriptions and version number placement.
Remove unused patch files.
- introduced debug_arches, bootstrap_arches, systemtap_arches, fastdebug_arches, sa_arches, share_arches, shenandoah_arches, zgc_arches
instead of various hardcoded ifarches
- updated systemtap
- added requires excludes for debug pkgs
- removed redundant logic around jsa files
- added runtime requires of lksctp-tools and libXcomposite%
- added and used Source15 TestSecurityProperties.java, but is made always positive as jdk15 now does not honor system policies
- s390x excluded form fastdebug build
- Update to jdk 15.0.0.36 tag
- Modify rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch
- Update vendor version string to 20.9
- Remove jjs binaries from files after JEP 372: Nashorn removal
- Remove rmic binaries from files after JDK-8225319