diff --git a/.gitignore b/.gitignore index 0e4f3a3..fa4f400 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,4 @@ /openjdk-24.0.2+12.tar.xz /openjdk-25+36.tar.xz /openjdk-25.0.1+8.tar.xz +/nssadapter-0.1.0.tar.xz diff --git a/java-25-openjdk.spec b/java-25-openjdk.spec index d0ded82..b8e7147 100644 --- a/java-25-openjdk.spec +++ b/java-25-openjdk.spec @@ -353,6 +353,8 @@ %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the crypto policy & FIPS support patches %global fipsver 9203d50836c +# Define nssadapter version +%global nssadapter_version 0.1.0 # Define whether the crypto policy is expected to be active when testing %global crypto_policy_active false # Define JDK versions @@ -376,7 +378,7 @@ %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 8 -%global rpmrelease 2 +%global rpmrelease 3 # Settings used by the portable build %global portablerelease 1 # Portable suffix differs between RHEL and CentOS @@ -845,6 +847,7 @@ fi %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libmlib_image.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libnet.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libnio.so +%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libnssadapter.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/libprefs.so %{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so # Some architectures don't have the serviceability agent @@ -1355,6 +1358,10 @@ Source29: 0007-Tools.gmk-Exclude-systemtap-sdt-devel-on-s390x-ppc64.patch # Use update repository on RHEL rather than GA (OPENJDK-3589) Source30: 0008-Tools.gmk-Use-update-repository-on-RHEL-rather-than-.patch +# FIPS support sources. +# For libnssadapter.so (RHEL-128413) +Source31: https://github.com/rh-openjdk/nss-native-fips-key-import-export-adapter/releases/download/%{nssadapter_version}/nssadapter-%{nssadapter_version}.tar.xz + # Setup variables to reference correct sources %global releasezip %{_jvmdir}/%{name}-%{version}-%{prelease}.portable.unstripped.jdk.%{_arch}.tar.xz %global staticlibzip %{_jvmdir}/%{name}-%{version}-%{prelease}.portable.static-libs.%{_arch}.tar.xz @@ -1490,6 +1497,10 @@ BuildRequires: systemtap-sdt-devel %endif BuildRequires: make +# libnssadapter.so build requirements +BuildRequires: nss-devel +BuildRequires: nss-softokn-devel + %if %{system_libs} BuildRequires: freetype-devel BuildRequires: giflib-devel @@ -1873,6 +1884,8 @@ fi export XZ_OPT="-T0" %setup -q -c -n %{uniquesuffix ""} -T -a 0 +# Prepare libnssadapter.so source code +tar -xJf %{SOURCE31} # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` if [ $prioritylength -ne 8 ] ; then @@ -1977,12 +1990,16 @@ for suffix in %{build_loop} ; do if [ "x$suffix" = "x" ] ; then jdkzip=%{releasezip} staticlibzip=%{staticlibzip} + make -C nssadapter-%{nssadapter_version} elif [ "x$suffix" = "x%{fastdebug_suffix_unquoted}" ] ; then jdkzip=%{fastdebugzip} staticlibzip=%{fastdebugstaticlibzip} + make -C nssadapter-%{nssadapter_version} else # slowdebug jdkzip=%{slowdebugzip} staticlibzip=%{slowdebugstaticlibzip} + # Disable _FORTIFY_SOURCE to allow for no optimization + make -C nssadapter-%{nssadapter_version} CFLAGS="${CFLAGS} -O0 -Wp,-U_FORTIFY_SOURCE" fi installdir=%{installoutputdir -- ${suffix}} @@ -1992,6 +2009,10 @@ for suffix in %{build_loop} ; do tar -xJf ${staticlibzip} mv java-%{featurever}-openjdk* ${installdir} + # Install and clean libnssadapter.so + install -m 755 nssadapter-%{nssadapter_version}/bin/libnssadapter.so ${installdir}/lib + make -C nssadapter-%{nssadapter_version} clean + # Fix build paths in ELF files so it looks like we built them portablenvr="%{name}-%{VERSION}-%{prelease}.%{portablesuffix}.%{_arch}" for file in $(find ${installdir} -type f) ; do @@ -2553,6 +2574,10 @@ exit 0 %endif %changelog +* Mon Nov 24 2025 Thomas Fitzsimmons - 1:25.0.1.0.8-3 +- Add libnssadapter.so +- Resolves: RHEL-128413 + * Wed Nov 12 2025 Andrew Hughes - 1:25.0.1.0.8-2 - Remove superfluous backslashes that cause two alternative commands to be combined - Related: RHEL-120553 diff --git a/sources b/sources index 81afaec..1e2c7e3 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30 SHA512 (openjdk-25.0.1+8.tar.xz) = eb84d876f81ca02803283e8294c89b6acbed3753426811c3bcc228615c9618deefc85da4aa702800cac2feb103e628ee8b92292b316e9d7e12a58b6de69c5085 +SHA512 (nssadapter-0.1.0.tar.xz) = 581f49d1a27550e3a2fa0a9d407f43c507627a8439827904d14daaf24e071d9f73884a2abe4cb3d36d26f1af09ef7d20724b2d40c9bac202e0316fac6c1a636b