rpms/java-25-openjdk
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import CS java-25-openjdk-25.0.2.0.10-2.el9

Browse Source
This commit is contained in:
AlmaLinux RelEng Bot 2026-04-16 04:54:38 -04:00
parent be99dd1d42
commit fa610ddf7b
58 changed files with 179 additions and 38707 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
.gitignore vendored
View File

@ -1,48 +1,3 @@
/openjdk-jdk17u-jdk-17.0.7+7.tar.xz
/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
/openjdk-jdk18u-jdk-18.0.1+0.tar.xz
/openjdk-jdk18u-jdk-18.0.1+10.tar.xz
/openjdk-jdk18u-jdk-18.0.1.1+2.tar.xz
/openjdk-jdk18u-jdk-18.0.2+9.tar.xz
/openjdk-jdk19u-jdk-19+36.tar.xz
/openjdk-jdk19u-jdk-19.0.1+10.tar.xz
/openjdk-jdk19u-jdk-19.0.2+7.tar.xz
/openjdk-jdk20u-jdk-20+36.tar.xz
/openjdk-jdk20u-jdk-20.0.1+9.tar.xz
/openjdk-jdk20u-jdk-20.0.2+9.tar.xz
/openjdk-jdk21u-jdk-21+35.tar.xz
/openjdk-21.0.1+12.tar.xz
/openjdk-21.0.2+11.tar.xz
/openjdk-21.0.2+12.tar.xz
/openjdk-21.0.2+13.tar.xz
/openjdk-21.0.3+1-ea.tar.xz
/openjdk-21.0.3+7-ea.tar.xz
/openjdk-21.0.3+9.tar.xz
/openjdk-21.0.4+1-ea.tar.xz
/openjdk-21.0.4+5-ea.tar.xz
/openjdk-21.0.4+7.tar.xz
/openjdk-21.0.5+1-ea.tar.xz
/openjdk-21.0.5+5-ea.tar.xz
/openjdk-21.0.5+9-ea.tar.xz
/openjdk-21.0.5+10.tar.xz
/openjdk-21.0.5+11.tar.xz
/openjdk-21.0.6+6-ea.tar.xz
/openjdk-21.0.6+7.tar.xz
/openjdk-21.0.7+1-ea.tar.xz
/openjdk-21.0.7+2-ea.tar.xz
/openjdk-21.0.7+3-ea.tar.xz
/openjdk-21.0.7+4-ea.tar.xz
/openjdk-21.0.7+5-ea.tar.xz
/openjdk-21.0.7+6.tar.xz
/openjdk-21.0.8+1-ea.tar.xz
/openjdk-21.0.8+2-ea.tar.xz
/openjdk-21.0.8+8-ea.tar.xz
/openjdk-21.0.8+9.tar.xz
/openjdk-22.0.2+9.tar.xz
/openjdk-23.0.2+7.tar.xz
/openjdk-24.0.2+12.tar.xz
/openjdk-25+36.tar.xz
/openjdk-25.0.1+8.tar.xz
/nssadapter-0.1.0.tar.xz
/openjdk-25.0.2+10.tar.xz
/nssadapter-0.1.1.tar.xz
SOURCES/nssadapter-0.1.0.tar.xz
SOURCES/openjdk-25.0.2+10.tar.xz
SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

3
.java-25-openjdk.metadata Normal file
View File

@ -0,0 +1,3 @@
f796f454a7f6eb8df8fc66c842e3fb2e7f5b82e8 SOURCES/nssadapter-0.1.0.tar.xz
b842f1ba4b1c5b25c36a9ce694a9205d64ebfc15 SOURCES/openjdk-25.0.2+10.tar.xz
c8281ee37b77d535c9c1af86609a531958ff7b34 SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz

0
0001-Allow-devkit-to-work-with-RHEL.patch → SOURCES/0001-Allow-devkit-to-work-with-RHEL.patch
View File

0
0002-Disable-multilib-on-x86_64.patch → SOURCES/0002-Disable-multilib-on-x86_64.patch
View File

0
0003-Log-devkit-build-to-stdout.patch → SOURCES/0003-Log-devkit-build-to-stdout.patch
View File

0
0004-devkit-Remove-.comment-sections-from-sysroot-objects.patch → SOURCES/0004-devkit-Remove-.comment-sections-from-sysroot-objects.patch
View File

0
0005-Tools.gmk-Configure-binutils-with-enable-determinist.patch → SOURCES/0005-Tools.gmk-Configure-binutils-with-enable-determinist.patch
View File

0
0006-Tools.gmk-Add-enable-linker-build-id-to-gcc-build.patch → SOURCES/0006-Tools.gmk-Add-enable-linker-build-id-to-gcc-build.patch
View File

0
0007-Tools.gmk-Exclude-systemtap-sdt-devel-on-s390x-ppc64.patch → SOURCES/0007-Tools.gmk-Exclude-systemtap-sdt-devel-on-s390x-ppc64.patch
View File

0
0008-Tools.gmk-Use-update-repository-on-RHEL-rather-than-.patch → SOURCES/0008-Tools.gmk-Use-update-repository-on-RHEL-rather-than-.patch
View File

0
CheckVendor.java → SOURCES/CheckVendor.java
View File

0
NEWS → SOURCES/NEWS
View File

0
README.md → SOURCES/README.md
View File

0
TestCryptoLevel.java → SOURCES/TestCryptoLevel.java
View File

0
TestECDSA.java → SOURCES/TestECDSA.java
View File

0
TestSecurityProperties.java → SOURCES/TestSecurityProperties.java
View File

0
TestTranslations.java → SOURCES/TestTranslations.java
View File

0
alt-java.c → SOURCES/alt-java.c
View File

0
create-redhat-properties-files.bash → SOURCES/create-redhat-properties-files.bash
View File

17
fips-25u-e55ada9353e.patch → SOURCES/fips-25u-df044414ef4.patch
View File

@ -1,8 +1,8 @@
diff --git a/src/java.base/share/classes/java/security/Provider.java b/src/java.base/share/classes/java/security/Provider.java
index de2845fb550..60eeab678ca 100644
index de2845fb550..b1e416b90f4 100644
--- a/src/java.base/share/classes/java/security/Provider.java
+++ b/src/java.base/share/classes/java/security/Provider.java
@@ -1203,6 +1203,34 @@ public Service getService(String type, String algorithm) {
@@ -1203,6 +1203,39 @@ public Set<Service> getServices() {
return serviceSet;
}
@ -10,7 +10,9 @@ index de2845fb550..60eeab678ca 100644
+ private static final class RedHatFIPSFilter {
+ static final boolean IS_ON = Boolean.parseBoolean(
+ Security.getProperty("__redhat_fips_filter__"));
+ private static final Set<String> ANY_SERVICE_TYPE = Set.of();
+ private static final Map<String, Set<String>> ALLOW_LIST = Map.of(
+ "SunPKCS11-FIPS", ANY_SERVICE_TYPE,
+ "SUN", Set.of(
+ "AlgorithmParameterGenerator",
+ "AlgorithmParameters", "CertificateFactory",
@ -18,18 +20,21 @@ index de2845fb550..60eeab678ca 100644
+ "Configuration", "KeyStore"),
+ "SunEC", Set.of(
+ "AlgorithmParameters", "KeyFactory"),
+ "SunJSSE", ANY_SERVICE_TYPE,
+ "SunJCE", Set.of(
+ "AlgorithmParameters",
+ "AlgorithmParameterGenerator", "KeyFactory",
+ "SecretKeyFactory"),
+ "SunRsaSign", Set.of(
+ "KeyFactory", "AlgorithmParameters")
+ "KeyFactory", "AlgorithmParameters"),
+ "XMLDSig", ANY_SERVICE_TYPE
+ );
+
+ static boolean isAllowed(String provName, String serviceType) {
+ Set<String> allowedServiceTypes = ALLOW_LIST.get(provName);
+ return allowedServiceTypes == null ||
+ allowedServiceTypes.contains(serviceType);
+ return allowedServiceTypes != null &&
+ (allowedServiceTypes == ANY_SERVICE_TYPE ||
+ allowedServiceTypes.contains(serviceType));
+ }
+ }
+ /* ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ FIPS PATCH ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ */
@ -37,7 +42,7 @@ index de2845fb550..60eeab678ca 100644
/**
* Add a service. If a service of the same type with the same algorithm
* name exists, and it was added using {@link #putService putService()},
@@ -1231,6 +1259,15 @@ protected void putService(Service s) {
@@ -1231,6 +1264,15 @@ protected void putService(Service s) {
("service.getProvider() must match this Provider object");
}
String type = s.getType();

70
java-25-openjdk-portable.specfile → SOURCES/java-25-openjdk-portable.specfile
View File

@ -376,7 +376,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
%global fipsver e55ada9353e
%global fipsver df044414ef4
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@ -391,7 +391,7 @@
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 10
%global rpmrelease 3
%global rpmrelease 2
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -643,9 +643,37 @@ Source18: TestTranslations.java
# as follows: git diff %%{vcstag} src make test > fips-25u-$(git show -s --format=%h HEAD).patch
# Diff is limited to src and make subdirectories to exclude .github changes
# Fixes currently included:
# OPENJDK-2108: Internal __redhat_fips__ property
# OPENJDK-2123: Algorithms lockdown
# OPENJDK-4559: Red Hat Build of OpenJDK 25 should not restrict all the providers in FIPS
# PR3183, RH1340845: Follow system wide crypto policy
# PR3695: Allow use of system crypto policy to be disabled by the user
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
# RH1929465: Improve system FIPS detection
# RH1995150: Disable non-FIPS crypto in SUN and SunEC security providers
# RH1996182: Login to the NSS software token in FIPS mode
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
# RH2021263: Resolve outstanding FIPS issues
# RH2052819: Fix FIPS reliance on crypto policies
# RH2052829: Detect NSS at Runtime for FIPS detection
# RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
# RH2023467: Enable FIPS keys export
# RH2094027: SunEC runtime permission for FIPS
# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
# RH2090378: Revert to disabling system security properties and FIPS mode support together
# RH2104724: Avoid import/export of DH private keys
# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
# Build the systemconf library on all platforms
# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream]
# RH2020290: Support TLS 1.3 in FIPS mode
# Add nss.fips.cfg support to OpenJDK tree
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
# Remove forgotten dead code from RH2020290 and RH2104724
# OJ1357: Fix issue on FIPS with a SecurityManager in place
# RH2134669: Add missing attributes when registering services in FIPS mode.
# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
# RH1940064: Enable XML Signature provider in FIPS mode
# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
Patch1001: fips-%{featurever}u-%{fipsver}.patch
#############################################
@ -664,15 +692,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
# JDK-8372534: Update Libpng to 1.6.51
# Integrated in 25.0.3
Patch2001: jdk8372534-libpng-1.6.51.patch
# JDK-8375063: Update Libpng to 1.6.54
# Integrated in 25.0.3
Patch2002: jdk8375063-libpng-1.6.54.patch
# JDK-8375057: Update HarfBuzz to 12.3.2
# Integrated in 25.0.3
Patch2003: jdk8375057-harfbuzz-12.3.2.patch
# JDK-8377526: Update Libpng to 1.6.55
# Integrated in 25.0.3
Patch2004: jdk8377526-libpng-1.6.55.patch
#############################################
#
@ -759,13 +778,13 @@ Provides: bundled(freetype) = 2.13.3
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 12.3.2
Provides: bundled(harfbuzz) = 10.4.0
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.17.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.55
Provides: bundled(libpng) = 1.6.51
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
# We link statically against libstdc++ to increase portability
@ -986,11 +1005,8 @@ sh %{SOURCE12} %{top_level_dir_name}
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
%patch -P1001 -p1
# Add libpng & harfbuzz updates ahead of 25.0.3
# Add libpng update ahead of 25.0.3
%patch -P2001 -p1
%patch -P2002 -p1
%patch -P2003 -p1
%patch -P2004 -p1
popd # openjdk
echo "Generating %{alt_java_name} man page"
@ -1958,20 +1974,6 @@ done
%endif
%changelog
* Tue Mar 03 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-3
- Update FIPS patch to e55ada9353e to include the fix for the too restrictive provider lockdown
- Fix FIPS issue list to represent the new 25u version
- Add JDK-8375063 libpng 1.6.54 ahead of 25.0.3
- Add JDK-8375057 harfbuzz 12.3.2 ahead of 25.0.3
- Add JDK-8377526 libpng 1.6.55 ahead of 25.0.3
- Bump libpng version to 1.6.55 following JDK-8375063 & JDK-8377526
- Bump harfbuzz version to 12.3.2 following JDK-8375057
- Resolves: OPENJDK-4570
- Resolves: OPENJDK-4304
- Resolves: OPENJDK-4524
- Resolves: OPENJDK-4544
- Resolves: OPENJDK-4553
* Mon Jan 12 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-2
- Add JDK-8372534 libpng 1.6.51 ahead of 25.0.3
- Bump libpng version to 1.6.51 following JDK-8372534

0
jconsole.desktop.in → SOURCES/jconsole.desktop.in
View File

0
jdk8372534-libpng-1.6.51.patch → SOURCES/jdk8372534-libpng-1.6.51.patch
View File

41
SOURCES/nssadapter-ldflags.patch Normal file
View File

@ -0,0 +1,41 @@
diff --git a/Makefile b/Makefile
index 5175f21..571748a 100644
--- a/Makefile
+++ b/Makefile
@@ -13,12 +13,12 @@ DEVEL_PKGS = nss nss-softokn
LIB_DIR = $(shell pkg-config --variable=libdir nss-softokn)
SHARED_LIBS = pthread softokn3 nss3
STATIC_LIBS = freebl
-SHR_CFLAGS = -shared -fPIC -fvisibility=hidden -Wl,--exclude-libs,ALL \
- $(addprefix -l,$(SHARED_LIBS)) \
+SHR_CFLAGS = -shared -fPIC -fvisibility=hidden \
$(strip $(shell pkg-config --cflags $(DEVEL_PKGS))) \
-Wpedantic -Wall -Wextra -Wconversion -Werror
DBG_CFLAGS = -Wno-error=unused-variable -Wno-error=unused-parameter -DDEBUG \
-O0 -g
+SHR_LDFLAGS = -Wl,--exclude-libs,ALL $(addprefix -l,$(SHARED_LIBS))
# https://clang.llvm.org/docs/ClangFormatStyleOptions.html
CLANG_FORMAT_STYLE = { \
@@ -53,10 +53,12 @@ endif
.PHONY: release ## Build the library in RELEASE mode (default)
release: BLD_CFLAGS = $(SHR_CFLAGS) $(CFLAGS)
+release: BLD_LDFLAGS = $(SHR_LDFLAGS) $(LDFLAGS)
release: $(CLEAN_IF_PREVIOUS_BUILD_MODE_IS_DEBUG) $(OUTPUT)
.PHONY: debug ## Build the library in DEBUG mode
debug: BLD_CFLAGS = $(SHR_CFLAGS) $(DBG_CFLAGS) $(CFLAGS)
+debug: BLD_LDFLAGS = $(SHR_LDFLAGS) $(LDFLAGS)
debug: CREATE_DBG_SENTINEL_IF_NEEDED = touch $(DBG_SENTINEL)
debug: $(CLEAN_IF_PREVIOUS_BUILD_MODE_IS_RELEASE) $(OUTPUT)
@@ -73,7 +75,7 @@ $(BIN_DIR):
$(OUTPUT): $(BIN_DIR) $(SRC_FILES)
@$(CREATE_DBG_SENTINEL_IF_NEEDED)
- $(CC) $(BLD_CFLAGS) $(filter %.c, $+) \
+ $(CC) $(BLD_CFLAGS) $(filter %.c, $+) $(BLD_LDFLAGS) \
$(addprefix $(LIB_DIR)/lib,$(addsuffix .a,$(STATIC_LIBS))) -o $@

0
openjdk-devkit.specfile → SOURCES/openjdk-devkit.specfile
View File

0
remove-intree-libraries.sh → SOURCES/remove-intree-libraries.sh
View File

225
java-25-openjdk.spec → SPECS/java-25-openjdk.spec
View File

@ -322,9 +322,9 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the crypto policy & FIPS support patches
%global fipsver e55ada9353e
%global fipsver df044414ef4
# Define nssadapter variables
%global nssadapter_version 0.1.1
%global nssadapter_version 0.1.0
%global nssadapter_name nssadapter-%{nssadapter_version}
# Define whether the crypto policy is expected to be active when testing
%global crypto_policy_active true
@ -349,9 +349,9 @@
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 10
%global rpmrelease 4
%global rpmrelease 2
# Settings used by the portable build
%global portablerelease 3
%global portablerelease 2
# Portable suffix differs between RHEL and CentOS
%if 0%{?centos} == 0
%global portablerhel %{?pkgos:7_9}%{!?pkgos:8}
@ -1371,9 +1371,37 @@ Source32: create-redhat-properties-files.bash
# as follows: git diff %%{vcstag} src make test > fips-25u-$(git show -s --format=%h HEAD).patch
# Diff is limited to src and make subdirectories to exclude .github changes
# Fixes currently included:
# OPENJDK-2108: Internal __redhat_fips__ property
# OPENJDK-2123: Algorithms lockdown
# OPENJDK-4559: Red Hat Build of OpenJDK 25 should not restrict all the providers in FIPS
# PR3183, RH1340845: Follow system wide crypto policy
# PR3695: Allow use of system crypto policy to be disabled by the user
# RH1655466: Support RHEL FIPS mode using SunPKCS11 provider
# RH1818909: No ciphersuites availale for SSLSocket in FIPS mode
# RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available
# RH1915071: Always initialise JavaSecuritySystemConfiguratorAccess
# RH1929465: Improve system FIPS detection
# RH1995150: Disable non-FIPS crypto in SUN and SunEC security providers
# RH1996182: Login to the NSS software token in FIPS mode
# RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false
# RH2021263: Resolve outstanding FIPS issues
# RH2052819: Fix FIPS reliance on crypto policies
# RH2052829: Detect NSS at Runtime for FIPS detection
# RH2052070: Enable AlgorithmParameters and AlgorithmParameterGenerator services in FIPS mode
# RH2023467: Enable FIPS keys export
# RH2094027: SunEC runtime permission for FIPS
# RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage
# RH2090378: Revert to disabling system security properties and FIPS mode support together
# RH2104724: Avoid import/export of DH private keys
# RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode
# Build the systemconf library on all platforms
# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream]
# RH2020290: Support TLS 1.3 in FIPS mode
# Add nss.fips.cfg support to OpenJDK tree
# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode
# Remove forgotten dead code from RH2020290 and RH2104724
# OJ1357: Fix issue on FIPS with a SecurityManager in place
# RH2134669: Add missing attributes when registering services in FIPS mode.
# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class
# RH1940064: Enable XML Signature provider in FIPS mode
# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream]
Patch1001: fips-%{featurever}u-%{fipsver}.patch
#############################################
@ -1392,15 +1420,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
# JDK-8372534: Update Libpng to 1.6.51
# Integrated in 25.0.3
Patch2001: jdk8372534-libpng-1.6.51.patch
# JDK-8375063: Update Libpng to 1.6.54
# Integrated in 25.0.3
Patch2002: jdk8375063-libpng-1.6.54.patch
# JDK-8375057: Update HarfBuzz to 12.3.2
# Integrated in 25.0.3
Patch2003: jdk8375057-harfbuzz-12.3.2.patch
# JDK-8377526: Update Libpng to 1.6.55
# Integrated in 25.0.3
Patch2004: jdk8377526-libpng-1.6.55.patch
#############################################
#
@ -1415,8 +1434,7 @@ Patch2004: jdk8377526-libpng-1.6.55.patch
# NSS adapter patches
#
#############################################
# Currently empty
Patch3001: nssadapter-ldflags.patch
BuildRequires: autoconf
BuildRequires: automake
@ -1493,13 +1511,13 @@ Provides: bundled(freetype) = 2.13.3
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.2
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
Provides: bundled(harfbuzz) = 12.3.2
Provides: bundled(harfbuzz) = 10.4.0
# Version in src/java.desktop/share/native/liblcms/lcms2.h
Provides: bundled(lcms2) = 2.17.0
# Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h
Provides: bundled(libjpeg) = 6b
# Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h
Provides: bundled(libpng) = 1.6.55
Provides: bundled(libpng) = 1.6.51
# Version in src/java.base/share/native/libzip/zlib/zlib.h
Provides: bundled(zlib) = 1.3.1
%endif
@ -1935,16 +1953,13 @@ sh %{SOURCE12} %{top_level_dir_name}
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
%patch -P1001 -p1
# Add libpng & harfbuzz updates ahead of 25.0.3
# Add libpng update ahead of 25.0.3
%patch -P2001 -p1
%patch -P2002 -p1
%patch -P2003 -p1
%patch -P2004 -p1
popd # openjdk
# Patch NSS adapter
pushd %{nssadapter_name}
# Nothing to do
%patch -P3001 -p1
popd # nssadapter
# The OpenJDK version file includes the current
@ -2614,51 +2629,15 @@ exit 0
%endif
%changelog
* Thu Mar 12 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-4
- Add tagging scripts with signature checks and gating handling
- Update tagged versions to include 9.8.0-z, 9.9.0, 10.2-z & 10.3.
- Add gating scripts to simplify obtaining results and waiving issues
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-155327
- Resolves: RHEL-155337
- Resolves: RHEL-155339
- Related: RHEL-155000
- Related: RHEL-146649
- Related: RHEL-148327
- Related: RHEL-148830
* Wed Mar 11 2026 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.2.0.10-3
- Disable abidiff inspection in rpminspect.yaml to avoid an out-of-memory error on the CentOS test farm
- See: https://docs.testing-farm.io/Testing%20Farm/0.1/errors.html#TFE-1
- Resolves: RHEL-150976
* Tue Mar 03 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-3
- Update FIPS patch to e55ada9353e to include the fix for the too restrictive provider lockdown
- Fix FIPS issue list to represent the new 25u version
- Add JDK-8375063 libpng 1.6.54 ahead of 25.0.3
- Add JDK-8375057 harfbuzz 12.3.2 ahead of 25.0.3
- Add JDK-8377526 libpng 1.6.55 ahead of 25.0.3
- Bump libpng version to 1.6.55 following JDK-8375063 & JDK-8377526
- Bump harfbuzz version to 12.3.2 following JDK-8375057
- Bump nssadapter version to bring in shared PKCS11 session fix
- Drop LDFLAGS nssadapter patch which is now upstream in 0.1.1
- Resolves: RHEL-155000
- Resolves: RHEL-146649
- Resolves: RHEL-148327
- Resolves: RHEL-148830
- Resolves: RHEL-155044
* Wed Feb 18 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-2
* Wed Jan 28 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-2
- Bump rpmrelease for CentOS build
- Related: RHEL-139579
- Related: RHEL-131430
- Related: RHEL-131443
- Related: RHEL-142855
- Related: RHEL-142799
- Related: RHEL-139577
- Related: RHEL-142856
- Related: RHEL-142808
* Wed Jan 21 2026 Jiri Vanek <jvanek@redhat.com> - 1:25.0.2.0.10-1
- Execute create-redhat-properties-files.bash with '-e' to exit on failure
- Related: RHEL-142855
- Related: RHEL-142856
* Mon Jan 12 2026 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.2.0.10-1
- Update to jdk-25.0.2+10 (GA)
@ -2670,65 +2649,64 @@ exit 0
- Handle 'upgrade' as an alternative to 'update' in openjdk_news.sh
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2026-01-20 @ 1pm PT. **
- Resolves: RHEL-139579
- Resolves: RHEL-131430
- Resolves: RHEL-131443
- Resolves: RHEL-142855
- Resolves: RHEL-142799
- Resolves: RHEL-139577
- Resolves: RHEL-143373
- Resolves: RHEL-143368
- Resolves: RHEL-142856
- Resolves: RHEL-142808
* Sat Dec 06 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-6
- Sync the copy of the portable specfile with the latest update
- Related: RHEL-133733
- Related: RHEL-133735
* Thu Dec 04 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-6
- Remove /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties
- Resolves: RHEL-131897
* Thu Dec 04 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-5
* Mon Dec 08 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-2
- Incorporate new FIPS patch for 25u
- Drop static libjvm.a following adjusted build target for portable build
- Remove redundant (and now outdated) build targets, jdkimage and static_libs_image
- Pass ourflags and ourldflags into the nssadapter build using CFLAGS & LDFLAGS
- Patch the nssadapter build to recognise LDFLAGS
- Remove OpenJDK compiler flag filters and use build_{c,ld}flags directly
- Resolves: RHEL-133733
- Resolves: RHEL-133735
- Resolves: RHEL-133763
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-133743
- Resolves: RHEL-133737
- Related: RHEL-131898
* Wed Nov 26 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-4
* Mon Dec 08 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-2
- Add java-25-openjdk-crypto-adapter subpackage
- Update library setting in create-redhat-properties-files.bash
- Resolves: RHEL-131896
- Remove /usr/lib/jvm/java-25-openjdk/conf/security/redhat/fips.properties
- Resolves: RHEL-132520
- Resolves: RHEL-132523
* Mon Nov 24 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-3
* Fri Nov 28 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-1
- Pass ourflags and ourldflags into the nssadapter build using CFLAGS & LDFLAGS
- Patch the nssadapter build to recognise LDFLAGS
- Resolves: RHEL-131898
* Mon Nov 24 2025 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:25.0.1.0.8-1
- Add libnssadapter.so
- Add FIPS crypto-policies configuration
- Remove obsolete security.useSystemPropertiesFile setup
- Update TestSecurityProperties.java test and calling convention
- Resolves: RHEL-128413
- Resolves: RHEL-128409
- Resolves: RHEL-128414
- Resolves: RHEL-128412
* Wed Nov 12 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-2
- Remove superfluous backslashes that cause two alternative commands to be combined
- Related: RHEL-120553
* Mon Nov 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-1
* Wed Nov 12 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:25.0.1.0.8-1
- Create java-25-openjdk package based on java-21-openjdk
- Update to jdk-25.0.1+8 (GA)
- Update release notes with features of JDK 25
- Update release notes with features of JDK 22, 23, 24 & 25
- Mention finalisation JEP for features finalised in JDK 22, 23 & 24
- Drop fakefeaturever now we have reached OpenJDK 25
- Update release notes to 25.0.1+8
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-120553
* Wed Nov 05 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:24.0.2.0.12-1
- Update to jdk-24.0.2+12 (GA)
- Update release notes with features of JDK 24
- Update README file for java-25-openjdk
- Make sure this is not the default/system JDK providing 'java', 'jre', 'java-devel' ,etc.
- Remove 21u FIPS patch and disable use until we are ready for the 25 version
- Adjust CLDR expectations in TestTranslations.java after JDK-8317979 started using tzdata values
- Adjust TestTranslations.java to expect the same short name throughout for fr_FR and de_DE (bug?)
- Remove references to libsystemconf.so and nss.fips.cfg from the 21u FIPS patch
- Include static libraries in the vm_variant subdirectory after JDK-8307858 (libjvm.a)
- Flip equals test in TestSecurityProperties.java to handle null values from Security.getProperty
- Introduce crypto_policy_active to designate whether we should expect policy adherence in testing
- Flip crypto_policy_active to false while the crypto policy & FIPS patch is not present
- Handle new libsimdsort.so introduced on x86_64 only by JDK-8309130
- Remove lible.so handling following its removal in JDK-8327476: "Upgrade JLine to 3.26.1"
- Install jaxp-strict.properties.template added by JDK-8330542: "Template for Creating Strict JAXP Configuration File"
- alt-java man page installation is now handled by the OpenJDK build
- Adjust TestTranslations.java with updated German translations from CLDR 46 (JDK-8333582) (Mountain->Mountains)
- Run javap with the disassembled code (-c) option now required for -l by JDK-8345145
- Sync the copy of the portable specfile with the latest update
- Remove default.policy and java.policy following JDK-8338411: "Permanently Disable the Security Manager"
- Make man page handling dependent on pandoc being available during the portable build
- Handle new CDS archive variants (*_coh*) added by Compact Object Headers (JDK-8305895)
@ -2736,39 +2714,6 @@ exit 0
- Support jnativescan added by JDK-8317611: "Add a tool like jdeprscan to find usage of restricted methods"
- Add recent native libraries to _privatelibs (libjsvml.so, libsimdsort.so, libsyslookup.so)
- Support libsleef on AArch64 & RISC-V added by JDK-8329816, JDK-8320500 (RISC-V) & JDK-8312425 (AArch64)
- Related: RHEL-120553
* Sat Oct 25 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:23.0.2.0.7-1
- Update to jdk-23.0.2+7 (GA)
- Update release notes with features of JDK 23
- Remove superfluous backslashes that cause two alternative commands to be combined
- Sync the copy of the portable specfile with the latest update
- Remove lible.so handling following its removal in JDK-8327476: "Upgrade JLine to 3.26.1"
- Install jaxp-strict.properties.template added by JDK-8330542: "Template for Creating Strict JAXP Configuration File"
- Related: RHEL-120553
* Tue Sep 23 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:22.0.2.0.9-1
- Update to jdk-22.0.2+9 (GA)
- Update release notes with features of JDK 22
- Remove 21u FIPS patch and disable use until we are ready for the 25 version
- Adjust CLDR expectations in TestTranslations.java after JDK-8317979 started using tzdata values
- Adjust TestTranslations.java to expect the same short name throughout for fr_FR and de_DE (bug?)
- Sync the copy of the portable specfile with the latest update
- Remove references to libsystemconf.so and nss.fips.cfg from the 21u FIPS patch
- Include static libraries in the vm_variant subdirectory after JDK-8307858 (libjvm.a)
- Flip equals test in TestSecurityProperties.java to handle null values from Security.getProperty
- Introduce crypto_policy_active to designate whether we should expect policy adherence in testing
- Flip crypto_policy_active to false while the crypto policy & FIPS patch is not present
- Handle new libsimdsort.so introduced on x86_64 only by JDK-8309130
- Related: RHEL-100678
* Mon Aug 25 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.8.0.9-1
- Create java-25-openjdk package based on java-21-openjdk
- Introduce fakefeaturever to pretend we are java-25-openjdk ahead of time
- Sync the copy of the portable specfile with the latest update
- Update README file for java-25-openjdk
- Make sure this is not the default/system JDK providing 'java', 'jre', 'java-devel' ,etc.
- Related: RHEL-100678
* Thu Jul 10 2025 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.8.0.9-1
- Update to jdk-21.0.8+9 (GA)
- Related: RHEL-100678
- Resolves: RHEL-126022

7
gating.yaml
View File

@ -1,7 +0,0 @@
# recipients: java-qa
--- !Policy
product_versions:
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

31844
jdk8375057-harfbuzz-12.3.2.patch
View File

File diff suppressed because it is too large Load Diff

4384
jdk8375063-libpng-1.6.54.patch
View File

File diff suppressed because it is too large Load Diff

248
jdk8377526-libpng-1.6.55.patch
View File

@ -1,248 +0,0 @@
commit b64f9e043d63b113682ea395e5bd8df2a26327ef
Author: Sergey Bylokhov <serb@openjdk.org>
AuthorDate: Mon Mar 2 18:56:22 2026 +0000
Commit: Sergey Bylokhov <serb@openjdk.org>
CommitDate: Mon Mar 2 18:56:22 2026 +0000
8377526: Update Libpng to 1.6.55
Backport-of: fd74232d5dc4c6bfbcddb82e1b2621289aa2f65a
diff --git a/src/java.desktop/share/legal/libpng.md b/src/java.desktop/share/legal/libpng.md
index 80d12248ec4..a2ffcca1974 100644
--- a/src/java.desktop/share/legal/libpng.md
+++ b/src/java.desktop/share/legal/libpng.md
@@ -1,4 +1,4 @@
-## libpng v1.6.54
+## libpng v1.6.55
### libpng License
<pre>
@@ -170,6 +170,7 @@ ### AUTHORS File Information
* Guy Eric Schalnat
* James Yu
* John Bowler
+ * Joshua Inscoe
* Kevin Bracey
* Lucas Chollet
* Magnus Holmgren
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/CHANGES b/src/java.desktop/share/native/libsplashscreen/libpng/CHANGES
index 3bb1baecd23..af9fcff6eb3 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/CHANGES
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/CHANGES
@@ -5988,7 +5988,7 @@ Version 1.6.32rc01 [August 18, 2017]
Version 1.6.32rc02 [August 22, 2017]
Added contrib/oss-fuzz directory which contains files used by the oss-fuzz
- project (https://github.com/google/oss-fuzz/tree/master/projects/libpng).
+ project <https://github.com/google/oss-fuzz/tree/master/projects/libpng>.
Version 1.6.32 [August 24, 2017]
No changes.
@@ -6323,15 +6323,21 @@ Version 1.6.53 [December 5, 2025]
Version 1.6.54 [January 12, 2026]
Fixed CVE-2026-22695 (medium severity):
- Heap buffer over-read in `png_image_read_direct_scaled.
+ Heap buffer over-read in `png_image_read_direct_scaled`.
(Reported and fixed by Petr Simecek.)
Fixed CVE-2026-22801 (medium severity):
Integer truncation causing heap buffer over-read in `png_image_write_*`.
Implemented various improvements in oss-fuzz.
(Contributed by Philippe Antoine.)
+Version 1.6.55 [February 9, 2026]
+ Fixed CVE-2026-25646 (high severity):
+ Heap buffer overflow in `png_set_quantize`.
+ (Reported and fixed by Joshua Inscoe.)
+ Resolved an oss-fuzz build issue involving nalloc.
+ (Contributed by Philippe Antoine.)
Send comments/corrections/commendations to png-mng-implement at lists.sf.net.
Subscription is required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-implement
+<https://lists.sourceforge.net/lists/listinfo/png-mng-implement>
to subscribe.
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/README b/src/java.desktop/share/native/libsplashscreen/libpng/README
index 63d1376edf7..6e0d1e33137 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/README
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/README
@@ -1,4 +1,4 @@
-README for libpng version 1.6.54
+README for libpng version 1.6.55
================================
See the note about version numbers near the top of `png.h`.
@@ -24,14 +24,14 @@ for more things than just PNG files. You can use zlib as a drop-in
replacement for `fread()` and `fwrite()`, if you are so inclined.
zlib should be available at the same place that libpng is, or at
-https://zlib.net .
+<https://zlib.net>.
You may also want a copy of the PNG specification. It is available
as an RFC, a W3C Recommendation, and an ISO/IEC Standard. You can find
-these at http://www.libpng.org/pub/png/pngdocs.html .
+these at <http://www.libpng.org/pub/png/pngdocs.html>.
-This code is currently being archived at https://libpng.sourceforge.io
-in the download area, and at http://libpng.download/src .
+This code is currently being archived at <https://libpng.sourceforge.io>
+in the download area, and at <http://libpng.download/src>.
This release, based in a large way on Glenn's, Guy's and Andreas'
earlier work, was created and will be supported by myself and the PNG
@@ -39,12 +39,12 @@ development group.
Send comments, corrections and commendations to `png-mng-implement`
at `lists.sourceforge.net`. (Subscription is required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-implement
+<https://lists.sourceforge.net/lists/listinfo/png-mng-implement>
to subscribe.)
Send general questions about the PNG specification to `png-mng-misc`
at `lists.sourceforge.net`. (Subscription is required; visit
-https://lists.sourceforge.net/lists/listinfo/png-mng-misc
+<https://lists.sourceforge.net/lists/listinfo/png-mng-misc>
to subscribe.)
Historical notes
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/png.c b/src/java.desktop/share/native/libsplashscreen/libpng/png.c
index 5636b4a754e..955fda8dd7e 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/png.c
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/png.c
@@ -42,7 +42,7 @@
#include "pngpriv.h"
/* Generate a compiler error if there is an old png.h in the search path. */
-typedef png_libpng_version_1_6_54 Your_png_h_is_not_version_1_6_54;
+typedef png_libpng_version_1_6_55 Your_png_h_is_not_version_1_6_55;
/* Sanity check the chunks definitions - PNG_KNOWN_CHUNKS from pngpriv.h and the
* corresponding macro definitions. This causes a compile time failure if
@@ -849,7 +849,7 @@ png_get_copyright(png_const_structrp png_ptr)
return PNG_STRING_COPYRIGHT
#else
return PNG_STRING_NEWLINE \
- "libpng version 1.6.54" PNG_STRING_NEWLINE \
+ "libpng version 1.6.55" PNG_STRING_NEWLINE \
"Copyright (c) 2018-2026 Cosmin Truta" PNG_STRING_NEWLINE \
"Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson" \
PNG_STRING_NEWLINE \
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/png.h b/src/java.desktop/share/native/libsplashscreen/libpng/png.h
index ab8876a9626..e95c0444399 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/png.h
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/png.h
@@ -29,7 +29,7 @@
* However, the following notice accompanied the original version of this
* file and, per its terms, should not be removed:
*
- * libpng version 1.6.54
+ * libpng version 1.6.55
*
* Copyright (c) 2018-2026 Cosmin Truta
* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
@@ -43,7 +43,7 @@
* libpng versions 0.89, June 1996, through 0.96, May 1997: Andreas Dilger
* libpng versions 0.97, January 1998, through 1.6.35, July 2018:
* Glenn Randers-Pehrson
- * libpng versions 1.6.36, December 2018, through 1.6.54, January 2026:
+ * libpng versions 1.6.36, December 2018, through 1.6.55, February 2026:
* Cosmin Truta
* See also "Contributing Authors", below.
*/
@@ -267,7 +267,7 @@
* ...
* 1.5.30 15 10530 15.so.15.30[.0]
* ...
- * 1.6.54 16 10654 16.so.16.54[.0]
+ * 1.6.55 16 10655 16.so.16.55[.0]
*
* Henceforth the source version will match the shared-library major and
* minor numbers; the shared-library major version number will be used for
@@ -303,7 +303,7 @@
*/
/* Version information for png.h - this should match the version in png.c */
-#define PNG_LIBPNG_VER_STRING "1.6.54"
+#define PNG_LIBPNG_VER_STRING "1.6.55"
#define PNG_HEADER_VERSION_STRING " libpng version " PNG_LIBPNG_VER_STRING "\n"
/* The versions of shared library builds should stay in sync, going forward */
@@ -314,7 +314,7 @@
/* These should match the first 3 components of PNG_LIBPNG_VER_STRING: */
#define PNG_LIBPNG_VER_MAJOR 1
#define PNG_LIBPNG_VER_MINOR 6
-#define PNG_LIBPNG_VER_RELEASE 54
+#define PNG_LIBPNG_VER_RELEASE 55
/* This should be zero for a public release, or non-zero for a
* development version.
@@ -345,7 +345,7 @@
* From version 1.0.1 it is:
* XXYYZZ, where XX=major, YY=minor, ZZ=release
*/
-#define PNG_LIBPNG_VER 10654 /* 1.6.54 */
+#define PNG_LIBPNG_VER 10655 /* 1.6.55 */
/* Library configuration: these options cannot be changed after
* the library has been built.
@@ -455,7 +455,7 @@ extern "C" {
/* This triggers a compiler error in png.c, if png.c and png.h
* do not agree upon the version number.
*/
-typedef char *png_libpng_version_1_6_54;
+typedef char *png_libpng_version_1_6_55;
/* Basic control structions. Read libpng-manual.txt or libpng.3 for more info.
*
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/pngconf.h b/src/java.desktop/share/native/libsplashscreen/libpng/pngconf.h
index 959c604edbc..b957f8b5061 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/pngconf.h
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/pngconf.h
@@ -29,7 +29,7 @@
* However, the following notice accompanied the original version of this
* file and, per its terms, should not be removed:
*
- * libpng version 1.6.54
+ * libpng version 1.6.55
*
* Copyright (c) 2018-2026 Cosmin Truta
* Copyright (c) 1998-2002,2004,2006-2016,2018 Glenn Randers-Pehrson
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/pnglibconf.h b/src/java.desktop/share/native/libsplashscreen/libpng/pnglibconf.h
index b413b510acf..ae1ab462072 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/pnglibconf.h
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/pnglibconf.h
@@ -31,7 +31,7 @@
* However, the following notice accompanied the original version of this
* file and, per its terms, should not be removed:
*/
-/* libpng version 1.6.54 */
+/* libpng version 1.6.55 */
/* Copyright (c) 2018-2026 Cosmin Truta */
/* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson */
diff --git a/src/java.desktop/share/native/libsplashscreen/libpng/pngrtran.c b/src/java.desktop/share/native/libsplashscreen/libpng/pngrtran.c
index 7680fe64828..fcce80da1cb 100644
--- a/src/java.desktop/share/native/libsplashscreen/libpng/pngrtran.c
+++ b/src/java.desktop/share/native/libsplashscreen/libpng/pngrtran.c
@@ -29,7 +29,7 @@
* However, the following notice accompanied the original version of this
* file and, per its terms, should not be removed:
*
- * Copyright (c) 2018-2025 Cosmin Truta
+ * Copyright (c) 2018-2026 Cosmin Truta
* Copyright (c) 1998-2002,2004,2006-2018 Glenn Randers-Pehrson
* Copyright (c) 1996-1997 Andreas Dilger
* Copyright (c) 1995-1996 Guy Eric Schalnat, Group 42, Inc.
@@ -737,8 +737,8 @@ png_set_quantize(png_structrp png_ptr, png_colorp palette,
break;
t->next = hash[d];
- t->left = (png_byte)i;
- t->right = (png_byte)j;
+ t->left = png_ptr->palette_to_index[i];
+ t->right = png_ptr->palette_to_index[j];
hash[d] = t;
}
}

4
rpminspect.yaml
View File

@ -1,4 +0,0 @@
---
inspections:
javabytecode: off
abidiff: off

29
scripts/builds/build_centos.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Builds the RPM on CentOS 9 or 10
centpkg -v build
# Local Variables:
# compile-command: "shellcheck build_centos.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

29
scripts/builds/build_centos_portable_build.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Builds the portable on CentOS
centpkg -v build --target java-openjdk-portable-build --rhel-target none
# Local Variables:
# compile-command: "shellcheck build_centos_portable_build.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

43
scripts/builds/build_rhel_10.sh
View File

@ -1,43 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Builds the RPM on RHEL 10
NVR=${1}
USER=${2}
if test "${NVR}" = ""; then
echo "${0} <NVR> <USER>";
exit 1;
fi
if test "${USER}" = ""; then
echo "${0} <NVR> <USER>";
exit 2;
fi
METADATA="{\"osci\": {\"upstream_nvr\": \"${NVR}\", \"upstream_owner_name\": \"${USER}\"}, \"rhel-target\": \"latest\"}"
rhpkg -v build --target=java-openjdk-rhel-10-build --custom-user-metadata "${METADATA}"
# Local Variables:
# compile-command: "shellcheck build_rhel_10.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

43
scripts/builds/build_rhel_9.sh
View File

@ -1,43 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Builds the RPM on RHEL 9
NVR=${1}
USER=${2}
if test "${NVR}" = ""; then
echo "${0} <NVR> <USER>";
exit 1;
fi
if test "${USER}" = ""; then
echo "${0} <NVR> <USER>";
exit 2;
fi
METADATA="{\"osci\": {\"upstream_nvr\": \"${NVR}\", \"upstream_owner_name\": \"${USER}\"}, \"rhel-target\": \"latest\"}"
rhpkg -v build --target=java-openjdk-rhel-9-build --custom-user-metadata "${METADATA}"
# Local Variables:
# compile-command: "shellcheck build_rhel_9.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

29
scripts/builds/build_rhel_portable_build.sh
View File

@ -1,29 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Builds the portable on RHEL 8
rhpkg -v build --target=java-openjdk-rhel-8-build --skip-nvr-check
# Local Variables:
# compile-command: "shellcheck build_rhel_portable_build.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

43
scripts/builds/build_vanilla.sh
View File

@ -1,43 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Builds a scratch build of vanilla OpenJDK with no local patches
SEPARATE_ARCHES=${1}
CMD="--target java-openjdk-rhel-8-build --skip-nvr-check --nowait";
SUPPORTED_ARCHES="aarch64 ppc64le s390x x86_64";
if [ "x${SEPARATE_ARCHES}" = "x" ] ; then
SEPARATE_ARCHES=0;
fi
if [ ${SEPARATE_ARCHES} -eq 1 ] ; then
for arch in ${SUPPORTED_ARCHES}; do \
rhpkg -v build --arches ${arch} --scratch ${CMD} ; \
done && brew watch-task --mine
else
rhpkg -v build ${CMD} && brew watch-task --mine
fi
# Local Variables:
# compile-command: "shellcheck build_vanilla.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

77
scripts/builds/check_signatures.sh
View File

@ -1,77 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Check the signatures (if any) in RHEL RPM buildinfo
# This is intended to be run from the tagging scripts
# Return codes:
# - 1 - Buildinfo file not specified
# - 2 = Missing buildinfo file
# - 3 = No signatures
# - 4 = Multiple signature types found
# - 5 = PQC signature found
# - 6 = Old signature (fd431d51) found
# - 7 = Unknown signature found
BUILDINFO=${1}
NEW_SIGNATURE="release4";
OLD_SIGNATURE="fd431d51";
if test "${BUILDINFO}" = ""; then
echo "${0} <BUILDINFO>";
exit 1;
fi
if ! test -e "${BUILDINFO}" ; then
echo "${BUILDINFO} not found.";
exit 2;
fi
if cat ${BUILDINFO} | grep -q Signatures ; then
signature=$(cat ${BUILDINFO} | grep Signatures|cut -d ' ' -f 2-|uniq -c);
uniq_count=$(echo ${signature} | wc -l);
if test ${uniq_count} -gt 1; then
echo "Multiple signature types found:";
echo "${signature}";
exit 4;
fi
sig_count=$(echo ${signature} | cut -d ' ' -f 1);
sig_type=$(echo ${signature} | cut -d ' ' -f 2);
echo "${sig_count} signatures of type ${sig_type} found";
if echo "${sig_type}" | grep -q "${NEW_SIGNATURE}" ; then
echo "PQC signature found.";
exit 5;
elif echo "${sig_type}" | grep -q "${OLD_SIGNATURE}"; then
echo "Old pre-PQC signature found.";
exit 6;
else
echo "Unknown signature found.";
exit 7;
fi
else
echo "Build has no signatures.";
exit 3;
fi
# Local Variables:
# compile-command: "shellcheck check_signatures.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

63
scripts/builds/get_gating_results.sh
View File

@ -1,63 +0,0 @@
#!/bin/bash
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Retrieve the results of a gating test using the ID from the JSON
# retrieved by query_build_gating.sh
RESULT_ID=${1}
if test "${RESULT_ID}" = ""; then
echo "No ID specified.";
echo "${0} <RESULT_ID>";
exit 1;
fi
CURL=$(command -v curl)
JSON_TOOL=$(command -v jq)
if test "${CURL}" = ""; then
echo "curl not found";
exit 2;
fi
if test "${JSON_TOOL}" = ""; then
echo "jq not found";
exit 3;
fi
URL="https://resultsdb-api.engineering.redhat.com/api/v2.0/results/${RESULT_ID}"
JSON_OUT=$(mktemp --tmpdir out.XXXXXX.json)
CMD=("${CURL}" --silent --show-error "${URL}")
echo "${CMD[@]}"
if command "${CMD[@]}" > "${JSON_OUT}" ; then
"${JSON_TOOL}" < "${JSON_OUT}"
else
echo "Failed to obtain JSON";
exit 4;
fi
# Local Variables:
# compile-command: "shellcheck get_gating_results.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

94
scripts/builds/query_build_gating.sh
View File

@ -1,94 +0,0 @@
#!/bin/bash
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Retrieve the status of a build's progress through gating
RHEL_VER=${1}
NVR=${2}
if test "${RHEL_VER}" = ""; then
echo "No RHEL version specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 1;
fi
if test "${NVR}" = ""; then
echo "No NVR specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 2;
fi
CURL=$(command -v curl)
JSON_TOOL=$(command -v jq)
JSON_FILE=$(mktemp --tmpdir query.XXXXXX.json)
JSON_OUT=$(mktemp --tmpdir out.XXXXXX.json)
URL="https://greenwave.engineering.redhat.com/api/v1.0/decision"
if test "${CURL}" = ""; then
echo "curl not found";
exit 3;
fi
if test "${JSON_TOOL}" = ""; then
echo "jq not found";
exit 4;
fi
{
echo "{";
printf "\t\"decision_context\":\"osci_compose_gate\",\n";
printf "\t\"product_version\":\"rhel-%d\",\n" "${RHEL_VER}";
printf "\t\"subject_type\":\"koji_build\",\n";
printf "\t\"subject_identifier\":\"%s\",\n" "${NVR}";
printf "\t\"verbose\":false\n";
echo "}";
} > "${JSON_FILE}"
echo "Sending the following JSON...";
cat "${JSON_FILE}"
CMD=("${CURL}" --silent --show-error -X POST)
JSON_COMMAND="--json";
# Check --json is available
${CURL} ${JSON_COMMAND} 2> /dev/null
if [ $? -eq 2 ] ; then
echo "--json unsupported; falling back on --data-ascii";
CMD=("${CMD[@]}" --header Content-Type:application/json --data-ascii);
else
CMD=("${CMD[@]}" "${JSON_COMMAND}");
fi
CMD=("${CMD[@]}" "@${JSON_FILE}" "${URL}")
echo "${CMD[@]}"
if command "${CMD[@]}" > "${JSON_OUT}" ; then
"${JSON_TOOL}" < "${JSON_OUT}"
else
echo "Failed to obtain JSON";
exit 5;
fi
# Local Variables:
# compile-command: "shellcheck query_build_gating.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

87
scripts/builds/tag_rhel.sh
View File

@ -1,87 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Tag public RHEL RPMs into gating for all supported streams
# This is intended to be run from tag_rhel_<ver>_(public|embargoed).sh
BUILD="${1}"
BUILDLOG="${2}"
SUFFIX="${3}"
shift 3;
SUPPORTED_VERS="$*"
CMD_SYNTAX="${0} <BUILD> <BUILDLOG> <SUFFIX> <SUPPORTED_VERS>";
GATE_SUFFIX="gate"
if test "${BUILD}" = ""; then
echo "${CMD_SYNTAX}";
exit 1;
fi
if test "${BUILDLOG}" = ""; then
echo "${CMD_SYNTAX}";
exit 2;
fi
if test "${SUPPORTED_VERS}" = ""; then
echo "${CMD_SYNTAX}";
exit 3;
fi
buildtags=$(grep "^Tag" "${BUILDLOG}" | cut -d : -f 2-)
echo "Build has tags ${buildtags}";
if [ "${SUFFIX}" = "${GATE_SUFFIX}" ] ; then
echo "Gating system can only handle one tag at a time."
echo "Script will need to be re-run for subsequent tags once previous tag has moved to -candidate."
if echo "${buildtags}" | grep -q "${GATE_SUFFIX}"; then
echo "Tag with \"-${GATE_SUFFIX}\" found. Please complete gating before re-running.";
exit 1;
fi
fi
done=0;
for ver in ${SUPPORTED_VERS}; do
vertag="rhel-${ver}";
proposedtag="${vertag}-${SUFFIX}";
echo "Checking if ${BUILD} has been added to ${vertag}...";
if echo "${buildtags}" | grep -q "${vertag}" ; then
echo "${BUILD} has been tagged into ${proposedtag}";
else
if [ "${SUFFIX}" = "${GATE_SUFFIX}" ] && [ "${done}" -eq 1 ]; then
echo "Already added a tag. Need to tag ${proposedtag} in a future run.";
else
echo "Tagging ${BUILD} into ${proposedtag}";
brew tag-build --nowait "${proposedtag}" "${BUILD}";
done=1;
fi
fi
done
if [ "${done}" -eq 1 ]; then
brew watch-task --mine;
else
echo "Nothing to do.";
fi
# Local Variables:
# compile-command: "shellcheck tag_rhel.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

67
scripts/builds/tag_rhel_10_embargoed_pqc.sh
View File

@ -1,67 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Tag newer PQC embargoed RHEL 10 RPMs into supported z-streams
BUILD=${1}
if test "${BUILD}" = ""; then
echo "${0} <BUILD>";
exit 1;
fi
BUILDLOG=$(mktemp --tmpdir "temp-${BUILD}-buildinfo-XXX")
SUPPORTED_VERS="10.2-z 10.1-z"
WORKING_DIR=$(dirname "${0}")
EMBARGOED_SUFFIX="nocompose-candidate"
echo "Obtaining buildinfo for ${BUILD}...";
brew buildinfo "${BUILD}" 2>&1 | tee "${BUILDLOG}" > /dev/null
echo "Checking signatures for ${BUILD}...";
"${WORKING_DIR}"/check_signatures.sh "${BUILDLOG}"
# Return codes:
# - 1 - Buildinfo file not specified
# - 2 = Missing buildinfo file
# - 3 = No signatures
# - 4 = Multiple signature types found
# - 5 = PQC signature found
# - 6 = Old signature (fd431d51) found
# - 7 = Unknown signature found
ret=$?;
if [ "${ret}" -eq 6 ] ; then
echo "Build has old signatures which should not be the case for OpenJDK 25";
exit 2;
elif ! { [ "${ret}" -eq 6 ] || [ "${ret}" -eq 3 ] ; } ; then
echo "Signature check failed.";
exit 3;
fi
echo "Tagging embargoed build for ${SUPPORTED_VERS}...";
"${WORKING_DIR}"/tag_rhel.sh "${BUILD}" "${BUILDLOG}" "${EMBARGOED_SUFFIX}" "${SUPPORTED_VERS}"
rm -f "${BUILDLOG}"
# Local Variables:
# compile-command: "shellcheck tag_rhel_10_embargoed_pqc.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

67
scripts/builds/tag_rhel_10_public_pqc.sh
View File

@ -1,67 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Tag newer PQC public RHEL 10 RPMs into gating for all supported streams
BUILD=${1}
if test "${BUILD}" = ""; then
echo "${0} <BUILD>";
exit 1;
fi
BUILDLOG=$(mktemp --tmpdir "temp-${BUILD}-buildinfo-XXX")
SUPPORTED_VERS="10.3 10.2-z 10.1-z"
WORKING_DIR=$(dirname "${0}")
GATE_SUFFIX="gate"
echo "Obtaining buildinfo for ${BUILD}...";
brew buildinfo "${BUILD}" 2>&1 | tee "${BUILDLOG}" > /dev/null
echo "Checking signatures for ${BUILD}...";
"${WORKING_DIR}"/check_signatures.sh "${BUILDLOG}"
# Return codes:
# - 1 - Buildinfo file not specified
# - 2 = Missing buildinfo file
# - 3 = No signatures
# - 4 = Multiple signature types found
# - 5 = PQC signature found
# - 6 = Old signature (fd431d51) found
# - 7 = Unknown signature found
ret=$?;
if [ "${ret}" -eq 6 ] ; then
echo "Build has old signatures which should not be the case for OpenJDK 25";
exit 2;
elif ! { [ "${ret}" -eq 5 ] || [ "${ret}" -eq 3 ] ; } ; then
echo "Signature check failed.";
exit 3;
fi
echo "Tagging build into gating for ${SUPPORTED_VERS}...";
"${WORKING_DIR}"/tag_rhel.sh "${BUILD}" "${BUILDLOG}" "${GATE_SUFFIX}" "${SUPPORTED_VERS}"
rm -f "${BUILDLOG}"
# Local Variables:
# compile-command: "shellcheck tag_rhel_10_public_pqc.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

67
scripts/builds/tag_rhel_9_embargoed_pqc.sh
View File

@ -1,67 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Tag newer PQC embargoed RHEL 9 RPMs into supported z-streams
BUILD=${1}
if test "${BUILD}" = ""; then
echo "${0} <BUILD>";
exit 1;
fi
BUILDLOG=$(mktemp --tmpdir "temp-${BUILD}-buildinfo-XXX")
SUPPORTED_VERS="9.8.0-z 9.7.0-z"
WORKING_DIR=$(dirname "${0}")
EMBARGOED_SUFFIX="nocompose-candidate"
echo "Obtaining buildinfo for ${BUILD}...";
brew buildinfo "${BUILD}" 2>&1 | tee "${BUILDLOG}" > /dev/null
echo "Checking signatures for ${BUILD}...";
"${WORKING_DIR}"/check_signatures.sh "${BUILDLOG}"
# Return codes:
# - 1 - Buildinfo file not specified
# - 2 = Missing buildinfo file
# - 3 = No signatures
# - 4 = Multiple signature types found
# - 5 = PQC signature found
# - 6 = Old signature (fd431d51) found
# - 7 = Unknown signature found
ret=$?;
if [ "${ret}" -eq 6 ] ; then
echo "Build has old signatures which should not be the case for OpenJDK 25";
exit 2;
elif ! { [ "${ret}" -eq 6 ] || [ "${ret}" -eq 3 ] ; } ; then
echo "Signature check failed.";
exit 3;
fi
echo "Tagging embargoed build for ${SUPPORTED_VERS}...";
"${WORKING_DIR}"/tag_rhel.sh "${BUILD}" "${BUILDLOG}" "${EMBARGOED_SUFFIX}" "${SUPPORTED_VERS}"
rm -f "${BUILDLOG}"
# Local Variables:
# compile-command: "shellcheck tag_rhel_9_embargoed_pqc.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

67
scripts/builds/tag_rhel_9_public_pqc.sh
View File

@ -1,67 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Tag newer PQC public RHEL 9 RPMs into gating for all supported streams
BUILD=${1}
if test "${BUILD}" = ""; then
echo "${0} <BUILD>";
exit 1;
fi
BUILDLOG=$(mktemp --tmpdir "temp-${BUILD}-buildinfo-XXX")
SUPPORTED_VERS="9.9.0 9.8.0-z 9.7.0-z"
WORKING_DIR=$(dirname "${0}")
GATE_SUFFIX="gate"
echo "Obtaining buildinfo for ${BUILD}...";
brew buildinfo "${BUILD}" 2>&1 | tee "${BUILDLOG}" > /dev/null
echo "Checking signatures for ${BUILD}...";
"${WORKING_DIR}"/check_signatures.sh "${BUILDLOG}"
# Return codes:
# - 1 - Buildinfo file not specified
# - 2 = Missing buildinfo file
# - 3 = No signatures
# - 4 = Multiple signature types found
# - 5 = PQC signature found
# - 6 = Old signature (fd431d51) found
# - 7 = Unknown signature found
ret=$?;
if [ "${ret}" -eq 6 ] ; then
echo "Build has old signatures which should not be the case for OpenJDK 25";
exit 2;
elif ! { [ "${ret}" -eq 5 ] || [ "${ret}" -eq 3 ] ; } ; then
echo "Signature check failed.";
exit 3;
fi
echo "Tagging build into gating for ${SUPPORTED_VERS}...";
"${WORKING_DIR}"/tag_rhel.sh "${BUILD}" "${BUILDLOG}" "${GATE_SUFFIX}" "${SUPPORTED_VERS}"
rm -f "${BUILDLOG}"
# Local Variables:
# compile-command: "shellcheck tag_rhel_9_public_pqc.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

132
scripts/builds/waive_issue.sh
View File

@ -1,132 +0,0 @@
#!/bin/bash
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Waive a gating issue
RHEL_VER=${1}
NVR=${2}
TESTCASE=${3}
COMMENT=${4}
CURL=$(command -v curl)
JSON_TOOL=$(command -v json_verify)
JSON_FORMAT=$(command -v jq)
JSON_FILE=$(mktemp --tmpdir waive.XXXXXX.json)
HEADER_FILE=$(mktemp --tmpdir waive.XXXXXX.headers)
JSON_OUT=$(mktemp --tmpdir out.XXXXXX.json)
CACERT=/etc/ssl/certs/2022-IT-Root-CA.pem
CACERT_DIR=$(dirname ${CACERT})
URL="https://waiverdb.engineering.redhat.com/api/v1.0/waivers/"
if test -z "${JSON_TOOL}" -o ! -x "${JSON_TOOL}" ; then
echo "JSON verifier not found. Skipping verification.";
SKIP_JSON=1;
else
SKIP_JSON=0;
fi
if test "x${RHEL_VER}" = "x"; then
echo "No RHEL version specified.";
echo "${0} <RHEL_VER> <NVR> <TESTCASE> <COMMENT>";
exit 1;
fi
if test "x${NVR}" = "x"; then
echo "No NVR specified.";
echo "${0} <RHEL_VER> <NVR> <TESTCASE> <COMMENT>";
exit 2;
fi
if test "x${TESTCASE}" = "x"; then
echo "No testcase specified.";
echo "${0} <RHEL_VER> <NVR> <TESTCASE> <COMMENT>";
exit 3;
fi
if test "x${COMMENT}" = "x"; then
COMMENT="Gating broken";
echo "Setting COMMENT to default of '${COMMENT}'"
fi
if test "${CURL}" = ""; then
echo "curl not found";
exit 4;
fi
if test "${JSON_FORMAT}" = ""; then
echo "jq not found";
exit 5;
fi
{
echo "{";
printf "\t\"subject_type\":\"brew-build\",\n";
printf "\t\"subject_identifier\":\"%s\",\n" "${NVR}";
printf "\t\"testcase\":\"%s\",\n" "${TESTCASE}";
printf "\t\"waived\":true,\n";
printf "\t\"product_version\":\"rhel-%d\",\n" "${RHEL_VER}"
printf "\t\"comment\":\"%s\"\n" "${COMMENT}";
echo "}"
} > "${JSON_FILE}"
if [ "${SKIP_JSON}" -eq 0 ] ; then
"${JSON_TOOL}" < "${JSON_FILE}" || exit 6;
fi
CMD=("${CURL}" --silent --show-error --capath "${CACERT_DIR}" --negotiate -u :)
JSON_COMMAND="--json";
# Check --json is available
${CURL} ${JSON_COMMAND} 2> /dev/null
if [ $? -eq 2 ] ; then
echo "--json unsupported; falling back on --data-binary";
{
echo "Content-Type: application/json";
echo "Accept: application/json";
} > "${HEADER_FILE}"
echo "Header file:";
cat "${HEADER_FILE}"
CMD=("${CMD[@]}" --header "@${HEADER_FILE}" --data-binary);
else
CMD=("${CMD[@]}" "${JSON_COMMAND}");
fi
CMD=("${CMD[@]}" "@${JSON_FILE}" "${URL}")
echo "Sending the following JSON...";
cat "${JSON_FILE}"
echo "${CMD[@]}"
if command "${CMD[@]}" > "${JSON_OUT}" ; then
"${JSON_FORMAT}" < "${JSON_OUT}"
else
echo "Failed to file waiver";
exit 7;
fi
rm -v "${JSON_FILE}"
rm -v "${HEADER_FILE}"
# Local Variables:
# compile-command: "shellcheck waive_issue.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

46
scripts/builds/waive_leapp_issue.sh
View File

@ -1,46 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Waive the leapp gating test which never seems to work
RHEL_VER=${1}
NVR=${2}
WORKING_DIR=$(dirname "${0}")
if test "x${RHEL_VER}" = "x"; then
echo "No RHEL version specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 1;
fi
if test "x${NVR}" = "x"; then
echo "No NVR specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 2;
fi
"${WORKING_DIR}"/waive_issue.sh "${RHEL_VER}" "${NVR}" leapp.brew-build.upgrade.distro "AWOL"
# Local Variables:
# compile-command: "shellcheck waive_leapp_issue.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

53
scripts/builds/waive_rpminspect.sh
View File

@ -1,53 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Waive a rpminspect gating issue
RHEL_VER=${1}
NVR=${2}
COMMENT=${3}
WORKING_DIR=$(dirname "${0}")
if test "x${RHEL_VER}" = "x"; then
echo "No RHEL version specified.";
echo "${0} <RHEL_VER> <NVR> <COMMENT>";
exit 1;
fi
if test "x${NVR}" = "x"; then
echo "No NVR specified.";
echo "${0} <RHEL_VER> <NVR> <COMMENT>";
exit 2;
fi
if test "${COMMENT}" = ""; then
echo "No comment specified.";
echo "${0} <RHEL_VER> <NVR> <COMMENT>";
exit 3;
fi
"${WORKING_DIR}"/waive_issue.sh "${RHEL_VER}" "${NVR}" osci.brew-build.rpminspect.static-analysis "${COMMENT}"
# Local Variables:
# compile-command: "shellcheck waive_rpminspect.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

46
scripts/builds/waive_usual_rpminspect.sh
View File

@ -1,46 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Waive the recurring rpminspect gating issues
# Should be resolved by RHELPLAN-102267
RHEL_VER=${1}
NVR=${2}
if test "x${RHEL_VER}" = "x"; then
echo "No RHEL version specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 1;
fi
if test "x${NVR}" = "x"; then
echo "No NVR specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 2;
fi
"${WORKING_DIR}"/waive_rpminspect.sh "${RHEL_VER}" "${NVR}" \
"Usual failures we waived through rpmdiff; slowdebug unoptimised, RPATH and IPv4 functions"
# Local Variables:
# compile-command: "shellcheck waive_usual_rpminspect.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

47
scripts/builds/waive_usual_tier0.sh
View File

@ -1,47 +0,0 @@
#!/bin/sh
# Copyright (C) 2026 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Waive the usual tier0 gating issue
# Should be resolved by OPENJDK-4517
RHEL_VER=${1}
NVR=${2}
WORKING_DIR=$(dirname "${0}")
if test "x${RHEL_VER}" = "x"; then
echo "No RHEL version specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 1;
fi
if test "x${NVR}" = "x"; then
echo "No NVR specified.";
echo "${0} <RHEL_VER> <NVR>";
exit 2;
fi
"${WORKING_DIR}"/waive_issue.sh "${RHEL_VER}" "${NVR}" osci.brew-build.tier0.functional "Test unable to parse spec file"
# Local Variables:
# compile-command: "shellcheck waive_usual_tier0.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

61
scripts/discover_trees.sh
View File

@ -1,61 +0,0 @@
#!/bin/sh
# Copyright (C) 2024 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
TREE=${1}
if test "${TREE}" = ""; then
TREE=${PWD}
fi
if [ -e "${TREE}"/nashorn/.hg ] || [ -e "${TREE}"/nashorn/merge.changeset ] ; then
NASHORN="nashorn" ;
fi
if [ -e "${TREE}"/corba/.hg ] || [ -e "${TREE}"/corba/merge.changeset ] ; then
CORBA="corba";
fi
if [ -e "${TREE}"/jaxp/.hg ] || [ -e "${TREE}"/jaxp/merge.changeset ] ; then
JAXP="jaxp";
fi
if [ -e "${TREE}"/jaxws/.hg ] || [ -e "${TREE}"/jaxws/merge.changeset ] ; then
JAXWS="jaxws";
fi
if [ -e "${TREE}"/langtools/.hg ] || [ -e "${TREE}"/langtools/merge.changeset ] ; then
LANGTOOLS="langtools";
fi
if [ -e "${TREE}"/jdk/.hg ] || [ -e "${TREE}"/jdk/merge.changeset ] ; then
JDK="jdk";
fi
if [ -e "${TREE}"/hotspot/.hg ] || [ -e "${TREE}"/hotspot/merge.changeset ] ; then
HOTSPOT="hotspot";
fi
SUBTREES="${CORBA} ${JAXP} ${JAXWS} ${LANGTOOLS} ${NASHORN} ${JDK} ${HOTSPOT}";
echo "${SUBTREES}"
# Local Variables:
# compile-command: "shellcheck discover_trees.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

294
scripts/generate_source_tarball.sh
View File

@ -1,294 +0,0 @@
#!/bin/bash
# Copyright (C) 2024 Red Hat, Inc.
# Written by:
# Andrew John Hughes <gnu.andrew@redhat.com>
# Thomas Fitzsimmons <fitzsim@redhat.com>
# Jiri Vanek <jvanek@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Generates the source tarball for OpenJDK projects.
#
# There are multiple ways to specify the source code location and version:
#
# 1. Specify the version (VERSION), the location of the Git repository
# (REPO_ROOT) and the root of the output tarball name (FILE_NAME_ROOT)
# 2. Specify the version (VERSION) along with an upstream project name
# (PROJECT_NAME) and repository name (REPO_NAME) that can be used
# to construct the URL of the upstream OpenJDK repository.
# 3. Specify OPENJDK_LATEST=1 and allow the script to obtain the JDK
# feature version from the spec file, which is then used to
# obtain the latest build promotion from the upstream repository.
#
# An appropriate bootstrap JDK is also required for when ./configure
# is run within the checked out repository to generate the .src-rev.
# file. This can be specified by setting BOOT_JDK.
#
# Example 1:
# This will check out the specified version from the specified
# repository and construct a tarball called openjdk-17.0.3+5.tar.xz:
#
# $ VERSION=jdk-17.0.3+5 FILE_NAME_ROOT=open${VERSION} \
# REPO_ROOT=$HOME/projects/openjdk/upstream/17u \
# BOOT_JDK=/usr/lib/jvm/java-17-openjdk ./generate_source_tarball.sh
#
# Example 2:
# This will check out the same version as example 1, but from the
# upstream repository:
#
# $ VERSION=jdk-17.0.3+5 PROJECT_NAME=openjdk REPO_NAME=jdk17u \
# BOOT_JDK=/usr/lib/jvm/java-17-openjdk ./generate_source_tarball.sh
#
# Example 3:
# This will read the OpenJDK feature version from the spec file, then create a
# tarball from the most recent tag for that version in the upstream Git
# repository.
#
# $ OPENJDK_LATEST=1 \
# BOOT_JDK=/usr/lib/jvm/java-17-openjdk ./generate_source_tarball.sh
#
set -e
OPENJDK_URL_DEFAULT=https://github.com
COMPRESSION_DEFAULT=xz
if [ "$1" = "help" ] ; then
echo "Behaviour may be specified by setting the following variables:"
echo
echo "VERSION - the version of the specified OpenJDK project"
echo " (required unless OPENJDK_LATEST is set)"
echo "PROJECT_NAME - the name of the OpenJDK project being archived"
echo " (needed to compute REPO_ROOT and/or"
echo " FILE_NAME_ROOT automatically;"
echo " optional if they are set explicitly)"
echo "REPO_NAME - the name of the OpenJDK repository"
echo " (needed to compute REPO_ROOT automatically;"
echo " optional if REPO_ROOT is set explicitly)"
echo "OPENJDK_URL - the URL to retrieve code from"
echo " (defaults to ${OPENJDK_URL_DEFAULT})"
echo "COMPRESSION - the compression type to use"
echo " (defaults to ${COMPRESSION_DEFAULT})"
echo "FILE_NAME_ROOT - name of the archive, minus extensions"
echo " (defaults to PROJECT_NAME-VERSION)"
echo "REPO_ROOT - the location of the Git repository to archive"
echo " (defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME.git)"
echo "TO_COMPRESS - what part of clone to pack"
echo " (defaults to ${VERSION})"
echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run"
echo " (defaults to packaged JDK version)"
echo "WITH_TEMP - run in a temporary directory"
echo " (defaults to disabled)"
echo "OPENJDK_LATEST - deduce VERSION from most recent upstream tag"
echo " (implies WITH_TEMP, computes everything else"
echo " automatically; Note: accesses network to read"
echo " tag list from remote Git repository)"
exit 1;
fi
if [ "$OPENJDK_LATEST" != "" ] ; then
FEATURE_VERSION=$(echo '%featurever' \
| rpmspec --shell ./*.spec 2>/dev/null \
| grep --after-context 1 featurever \
| tail --lines 1)
PROJECT_NAME=openjdk
REPO_NAME=jdk"${FEATURE_VERSION}"u
# Skip -ga tags since those are the same as the most recent non-ga tag, and
# the non-ga tag is the one that is used to generated the official source
# tarball. For example:
# ca760c86642aa2e0d9b571aaabac054c0239fbdc refs/tags/jdk-17.0.10-ga^{}
# 25a2e6c20c9a96853714284cabc6b456eb095070 refs/tags/jdk-17.0.10-ga
# ca760c86642aa2e0d9b571aaabac054c0239fbdc refs/tags/jdk-17.0.10+7^{}
# e49c5749b10f3e90274b72e9279f794fdd191d27 refs/tags/jdk-17.0.10+7
VERSION=$(git ls-remote --tags --refs --sort=-version:refname \
"${OPENJDK_URL_DEFAULT}/${PROJECT_NAME}/${REPO_NAME}.git" \
"jdk-${FEATURE_VERSION}*" \
| grep --invert-match '\-ga$' \
| head --lines 1 | cut --characters 52-)
FILE_NAME_ROOT=open${VERSION}
WITH_TEMP=1
fi
if [ "$WITH_TEMP" != "" ] ; then
pushd "$(mktemp --directory --tmpdir temp-generated-source-tarball-XXX)"
fi
if [ "$VERSION" = "" ] ; then
echo "No VERSION specified"
exit 2
fi
echo "Version: ${VERSION}"
NUM_VER=${VERSION##jdk-}
RELEASE_VER=${NUM_VER%%+*}
BUILD_VER=${NUM_VER##*+}
MAJOR_VER=${RELEASE_VER%%.*}
echo "Major version is ${MAJOR_VER}, release ${RELEASE_VER}, build ${BUILD_VER}"
if [ "$BOOT_JDK" = "" ] ; then
echo "No boot JDK specified".
BOOT_JDK=/usr/lib/jvm/java-${MAJOR_VER}-openjdk;
echo -n "Checking for ${BOOT_JDK}...";
if [ -d "${BOOT_JDK}" ] && [ -x "${BOOT_JDK}"/bin/java ] ; then
echo "Boot JDK found at ${BOOT_JDK}";
else
echo "Not found";
PREV_VER=$((MAJOR_VER - 1));
BOOT_JDK=/usr/lib/jvm/java-${PREV_VER}-openjdk;
echo -n "Checking for ${BOOT_JDK}...";
if [ -d ${BOOT_JDK} ] && [ -x ${BOOT_JDK}/bin/java ] ; then
echo "Boot JDK found at ${BOOT_JDK}";
else
echo "Not found";
exit 4;
fi
fi
else
echo "Boot JDK: ${BOOT_JDK}";
fi
if [ "$OPENJDK_URL" = "" ] ; then
OPENJDK_URL=${OPENJDK_URL_DEFAULT}
echo "No OpenJDK URL specified; defaulting to ${OPENJDK_URL}"
else
echo "OpenJDK URL: ${OPENJDK_URL}"
fi
if [ "$COMPRESSION" = "" ] ; then
# rhel 5 needs tar.gz
COMPRESSION=${COMPRESSION_DEFAULT}
fi
echo "Creating a tar.${COMPRESSION} archive"
if [ "$FILE_NAME_ROOT" = "" ] ; then
if [ "$PROJECT_NAME" = "" ] ; then
echo "No PROJECT_NAME specified, needed by FILE_NAME_ROOT"
exit 1
fi
FILE_NAME_ROOT=${PROJECT_NAME}-${VERSION}
echo "No file name root specified; default to ${FILE_NAME_ROOT}"
fi
if [ "$REPO_ROOT" = "" ] ; then
if [ "$PROJECT_NAME" = "" ] ; then
echo "No PROJECT_NAME specified, needed by REPO_ROOT"
exit 1
fi
if [ "$REPO_NAME" = "" ] ; then
echo "No REPO_NAME specified, needed by REPO_ROOT"
exit 3
fi
REPO_ROOT="${OPENJDK_URL}/${PROJECT_NAME}/${REPO_NAME}.git"
echo "No repository root specified; default to ${REPO_ROOT}"
fi;
if [ "$TO_COMPRESS" = "" ] ; then
TO_COMPRESS="${VERSION}"
echo "No targets to be compressed specified ; default to ${TO_COMPRESS}"
fi;
echo -e "Settings:"
echo -e "\tVERSION: ${VERSION}"
echo -e "\tPROJECT_NAME: ${PROJECT_NAME}"
echo -e "\tREPO_NAME: ${REPO_NAME}"
echo -e "\tOPENJDK_URL: ${OPENJDK_URL}"
echo -e "\tCOMPRESSION: ${COMPRESSION}"
echo -e "\tFILE_NAME_ROOT: ${FILE_NAME_ROOT}"
echo -e "\tREPO_ROOT: ${REPO_ROOT}"
echo -e "\tTO_COMPRESS: ${TO_COMPRESS}"
echo -e "\tBOOT_JDK: ${BOOT_JDK}"
echo -e "\tWITH_TEMP: ${WITH_TEMP}"
echo -e "\tOPENJDK_LATEST: ${OPENJDK_LATEST}"
if [ -d "${FILE_NAME_ROOT}" ] ; then
echo "Reusing existing ${FILE_NAME_ROOT}"
STAT_TIME="$(stat --format=%Y "${FILE_NAME_ROOT}")"
TAR_TIME="$(date --date=@"${STAT_TIME}" --iso-8601=seconds)"
else
mkdir "${FILE_NAME_ROOT}"
pushd "${FILE_NAME_ROOT}"
echo "Cloning ${VERSION} root repository from ${REPO_ROOT}"
if realpath -q "${REPO_ROOT}"; then
echo "Local path detected; not adding depth argument";
DEPTH="--";
else
DEPTH="--depth=1";
echo "Remote repository detected; adding ${DEPTH}";
fi
git clone -b "${VERSION}" "${DEPTH}" "${REPO_ROOT}" "${VERSION}"
pushd "${VERSION}"
TAR_TIME="$(git log --max-count 1 --format=%cI)"
popd
popd
fi
pushd "${FILE_NAME_ROOT}"
# Generate .src-rev so build has knowledge of the revision the tarball was
# created from
mkdir build
pushd build
sh "${PWD}"/../"${VERSION}"/configure --with-boot-jdk="${BOOT_JDK}"
make store-source-revision
popd
rm -rf build
# Remove commit checks
echo "Removing $(find "${VERSION}" -name '.jcheck' -print)"
find "${VERSION}" -name '.jcheck' -print0 | xargs -0 rm -r
# Remove history and GHA
echo "find ${VERSION} -name '.hgtags'"
find "${VERSION}" -name '.hgtags' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.hgignore'"
find "${VERSION}" -name '.hgignore' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.gitattributes'"
find "${VERSION}" -name '.gitattributes' -exec rm -v '{}' '+'
echo "find ${VERSION} -name '.gitignore'"
find "${VERSION}" -name '.gitignore' -exec rm -v '{}' '+'
# Work around some Git objects not having write permissions.
echo "chmod --recursive u+w ${VERSION}/.git"
chmod --recursive u+w "${VERSION}"/.git
echo "find ${VERSION} -name '.git'"
find "${VERSION}" -name '.git' -exec rm -rv '{}' '+'
echo "find ${VERSION} -name '.github'"
find "${VERSION}" -name '.github' -exec rm -rv '{}' '+'
echo "Compressing remaining forest"
if [ "$COMPRESSION" = "xz" ] ; then
SWITCH=cJf
else
SWITCH=czf
fi
EA_PART="$(awk -F= \
'/^DEFAULT_PROMOTED_VERSION_PRE/ { if ($2) print "-"$2 }' \
"${VERSION}"/make/conf/version-numbers.conf)"
TARBALL_NAME=${FILE_NAME_ROOT}${EA_PART}.tar.${COMPRESSION}
XZ_OPT=${XZ_OPT-"-T0"} \
tar --mtime="${TAR_TIME}" --owner=root --group=root --sort=name \
--exclude-vcs -$SWITCH "${TARBALL_NAME}" "${TO_COMPRESS}"
mv "${TARBALL_NAME}" ..
popd
if [ "$WITH_TEMP" != "" ] ; then
echo "Tarball is: $(realpath .)/${TARBALL_NAME}"
popd
else
echo -n "Done. You may want to remove the uncompressed version"
echo " - $FILE_NAME_ROOT"
fi
# Local Variables:
# compile-command: "shellcheck generate_source_tarball.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

172
scripts/get_bundle_versions.sh
View File

@ -1,172 +0,0 @@
#!/usr/bin/env sh
# Copyright (C) 2025 Red Hat, Inc.
# Original written by Antonio Vieiro <avieirov@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
if [ $# -ne 1 ]; then
echo "Usage: $0 openjdk-root-directory"
exit 1
fi
JDKROOT=$1
if [ ! -d "${JDKROOT}" ] ; then
echo "${JDKROOT} is not a directory.";
exit 2
fi
# Work out the OpenJDK version
# OpenJDK >= 10 has its version in the build machinery
# OpenJDK >= 17 stores it in a new location (JDK-8258246)
VERSION_FILE="${JDKROOT}"/make/conf/version-numbers.conf
printf "Checking for %s..." "${VERSION_FILE}";
if [ ! -f "${VERSION_FILE}" ] ; then
VERSION_FILE="${JDKROOT}"/make/autoconf/version-numbers
echo "Not found; using old version file ${VERSION_FILE}";
else
echo "found.";
fi
if [ -e "${VERSION_FILE}" ] ; then
openjdk_version=$(grep '^DEFAULT_VERSION_FEATURE' "${VERSION_FILE}" | cut -d '=' -f 2)
elif [ -e "${JDKROOT}"/jdk/src/java.base/share/classes/java/lang/Object.java ] ; then
openjdk_version=9;
elif [ -e "${JDKROOT}"/common/autoconf ] ; then
openjdk_version=8;
else
openjdk_version=7;
fi
echo "OpenJDK version: ${openjdk_version}";
#
# Freetype
#
if [ "${openjdk_version}" -gt 8 ] ; then
FREETYPE=src/java.desktop/share/native/libfreetype/include/freetype/freetype.h
ABS_FREETYPE="${JDKROOT}"/"${FREETYPE}"
if [ ! -f "${ABS_FREETYPE}" ]; then
echo "Freetype header not found!"
exit 2
fi
FREETYPE_VERSION=$(awk '/#define FREETYPE_MAJOR/ {MAJOR=$3} /#define FREETYPE_MINOR/ {MINOR=$3} /#define FREETYPE_PATCH/ {PATCH=$3} END {printf "%s.%s.%s", MAJOR, MINOR, PATCH}' "${ABS_FREETYPE}")
else
echo "No bundled FreeType on ${openjdk_version}";
fi
# giflib
if [ "${openjdk_version}" -gt 8 ] ; then
GIFLIB=src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
else
GIFLIB=jdk/src/share/native/sun/awt/giflib/gif_lib.h
fi
ABS_GIFLIB="${JDKROOT}"/"${GIFLIB}"
if [ ! -f "${ABS_GIFLIB}" ]; then
echo "giflib header not found!"
exit 3
fi
GIFLIB_VERSION=$(awk '/#define GIFLIB_MAJOR/ {MAJOR=$3} /#define GIFLIB_MINOR/ {MINOR=$3} /#define GIFLIB_RELEASE/ {PATCH=$3} END {printf "%s.%s.%s", MAJOR, MINOR, PATCH}' "${ABS_GIFLIB}")
# harfbuzz
if [ "${openjdk_version}" -gt 8 ] ; then
HARFBUZZ=src/java.desktop/share/native/libharfbuzz/hb-version.h
ABS_HARFBUZZ="${JDKROOT}/${HARFBUZZ}"
if [ ! -f "${ABS_HARFBUZZ}" ]; then
echo "HarfBuzz header not found!"
exit 4
fi
HARFBUZZ_VERSION=$(awk '/#define HB_VERSION_MAJOR/ {MAJOR=$3} /#define HB_VERSION_MINOR/ {MINOR=$3} /#define HB_VERSION_MICRO/ {PATCH=$3} END {printf "%s.%s.%s", MAJOR, MINOR, PATCH}' "${ABS_HARFBUZZ}")
else
echo "No HarfBuzz on ${openjdk_version}";
fi
# lcms
if [ "${openjdk_version}" -gt 8 ] ; then
LCMS=src/java.desktop/share/native/liblcms/lcms2.h
else
LCMS=jdk/src/share/native/sun/java2d/cmm/lcms/lcms2.h
fi
ABS_LCMS="${JDKROOT}"/"${LCMS}"
if [ ! -f "${ABS_LCMS}" ]; then
echo "lcms header not found!"
exit 5
fi
LCMS_VERSION=$(awk '/#define LCMS_VERSION/ { MAJOR=int($3 / 1000); REST=$3 % 1000; MINOR=int(REST / 10); PATCH=REST % 10; } END {printf "%s.%s.%s", MAJOR, MINOR, PATCH}' "${ABS_LCMS}")
# jpeg
if [ "${openjdk_version}" -gt 8 ] ; then
JPEG=src/java.desktop/share/native/libjavajpeg/jpeglib.h
else
JPEG=jdk/src/share/native/sun/awt/image/jpeg/jpeglib.h
fi
ABS_JPEG="${JDKROOT}"/"${JPEG}"
if [ ! -f "${ABS_JPEG}" ]; then
echo "jpeg header not found!"
exit 6
fi
JPEG_VERSION=$(awk '/#define JPEG_LIB_VERSION/ { VERSION=$3; MAJOR=int(VERSION / 10); MINOR=VERSION%10; } END {printf "%s%c", MAJOR, (MINOR+96)}' "${ABS_JPEG}")
# png
if [ "${openjdk_version}" -gt 8 ] ; then
PNG=src/java.desktop/share/native/libsplashscreen/libpng/png.h
else
PNG=jdk/src/share/native/sun/awt/libpng/png.h
fi
ABS_PNG="${JDKROOT}"/"${PNG}"
if [ ! -f "${ABS_PNG}" ]; then
echo "png header not found!"
exit 7
fi
PNG_VERSION=$(awk '/#define PNG_LIBPNG_VER_STRING/ { VERSION=$3; gsub("\"", "", VERSION) } END {print VERSION}' "${ABS_PNG}")
# zlib
if [ "${openjdk_version}" -gt 8 ] ; then
ZLIB=src/java.base/share/native/libzip/zlib/zlib.h
else
ZLIB=jdk/src/share/native/java/util/zip/zlib/zlib.h
fi
ABS_ZLIB="${JDKROOT}"/"${ZLIB}"
if [ ! -f "${ABS_ZLIB}" ]; then
echo "zlib header not found!"
exit 8
fi
ZLIB_VERSION=$(awk '/#define ZLIB_VERSION/ { VERSION=$3; gsub("\"", "", VERSION) } END {print VERSION}' "${ABS_ZLIB}")
# Print output
printf "\nRPM definitions:\n"
if [ "${openjdk_version}" -gt 8 ] ; then
echo "# Version in ${FREETYPE}"
echo "Provides: bundled(freetype) = ${FREETYPE_VERSION}"
fi
echo "# Version in ${GIFLIB}"
echo "Provides: bundled(giflib) = ${GIFLIB_VERSION}"
if [ "${openjdk_version}" -gt 8 ] ; then
echo "# Version in ${HARFBUZZ}"
echo "Provides: bundled(harfbuzz) = ${HARFBUZZ_VERSION}"
fi
echo "# Version in ${LCMS}"
echo "Provides: bundled(lcms2) = ${LCMS_VERSION}"
echo "# Version in ${JPEG}"
echo "Provides: bundled(libjpeg) = ${JPEG_VERSION}"
echo "# Version in ${PNG}"
echo "Provides: bundled(libpng) = ${PNG_VERSION}"
echo "# Version in ${ZLIB}"
echo "Provides: bundled(zlib) = ${ZLIB_VERSION}"
# Local Variables:
# compile-command: "shellcheck get_bundle_versions.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

198
scripts/icedtea_sync.sh
View File

@ -1,198 +0,0 @@
#!/bin/bash
# Copyright (C) 2024 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
ICEDTEA_USE_VCS=true
ICEDTEA_VERSION=3.15.0
ICEDTEA_URL=https://icedtea.classpath.org/download/source
ICEDTEA_SIGNING_KEY=CFDA0F9B35964222
ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11
set -e
RPM_DIR=${PWD}
if [ ! -f "${RPM_DIR}/jconsole.desktop.in" ] ; then
echo "Not in RPM source tree.";
exit 1;
fi
if test "${TMPDIR}" = ""; then
TMPDIR=/tmp;
fi
WORKDIR=${TMPDIR}/it.sync
echo "Using working directory ${WORKDIR}"
mkdir "${WORKDIR}"
pushd "${WORKDIR}"
if test "${WGET}" = ""; then
WGET=$(which wget);
if test "${WGET}" = ""; then
echo "wget not found";
exit 1;
fi
fi
if test "${TAR}" = ""; then
TAR=$(which tar)
if test "${TAR}" = ""; then
echo "tar not found";
exit 2;
fi
fi
echo "Dependencies:";
echo -e "\tWGET: ${WGET}";
echo -e "\tTAR: ${TAR}\n";
if test "${ICEDTEA_USE_VCS}" = "true"; then
echo "Mode: Using VCS";
if test "${GREP}" = ""; then
GREP=$(which grep);
if test "${GREP}" = ""; then
echo "grep not found";
exit 3;
fi
fi
if test "${CUT}" = ""; then
CUT=$(which cut);
if test "${CUT}" = ""; then
echo "cut not found";
exit 4;
fi
fi
if test "${TR}" = ""; then
TR=$(which tr);
if test "${TR}" = ""; then
echo "tr not found";
exit 5;
fi
fi
if test "${HG}" = ""; then
HG=$(which hg);
if test "${HG}" = ""; then
echo "hg not found";
exit 6;
fi
fi
echo "Dependencies:";
echo -e "\tGREP: ${GREP}";
echo -e "\tCUT: ${CUT}";
echo -e "\tTR: ${TR}";
echo -e "\tHG: ${HG}";
echo "Checking out repository from VCS...";
${HG} clone ${ICEDTEA_HG_URL} icedtea
echo "Obtaining version from configure.ac...";
ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]')
echo "Root version from configure: ${ROOT_VER}";
VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip)
echo "VCS revision: ${VCS_REV}";
ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}"
echo "Creating icedtea-${ICEDTEA_VERSION}";
mkdir "icedtea-${ICEDTEA_VERSION}"
echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}";
# Commented out for now as IcedTea 6's jconsole.desktop.in is outdated
#cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION}
cp -a "${RPM_DIR}/jconsole.desktop.in" "icedtea-${ICEDTEA_VERSION}"
cp -a icedtea/tapset "icedtea-${ICEDTEA_VERSION}"
rm -rf icedtea
else
echo "Mode: Using tarball";
if test "${ICEDTEA_VERSION}" = ""; then
echo "No IcedTea version specified for tarball download.";
exit 3;
fi
if test "${CHECKSUM}" = ""; then
CHECKSUM=$(which sha256sum)
if test "${CHECKSUM}" = ""; then
echo "sha256sum not found";
exit 4;
fi
fi
if test "${PGP}" = ""; then
PGP=$(which gpg)
if test "${PGP}" = ""; then
echo "gpg not found";
exit 5;
fi
fi
echo "Dependencies:";
echo -e "\tCHECKSUM: ${CHECKSUM}";
echo -e "\tPGP: ${PGP}\n";
echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}...";
if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then
echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed.";
exit 6;
fi
echo "Downloading IcedTea release tarball...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz
echo "Downloading IcedTea tarball signature...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig
echo "Downloading IcedTea tarball checksums...";
${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256
echo "Verifying checksums...";
${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256
echo "Checking signature...";
${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig
echo "Extracting files...";
${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \
icedtea-${ICEDTEA_VERSION}/tapset \
icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz
rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig
rm -vf icedtea-${ICEDTEA_VERSION}.sha256
fi
echo "Replacing desktop files...";
mv -v "icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in" "${RPM_DIR}"
echo "Creating new tapset tarball...";
mv -v "icedtea-${ICEDTEA_VERSION}" openjdk
${TAR} cJf "${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz" openjdk
rm -rvf openjdk
popd
rm -rf "${WORKDIR}"
# Local Variables:
# compile-command: "shellcheck icedtea_sync.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

114
scripts/openjdk_news.sh
View File

@ -1,114 +0,0 @@
#!/bin/bash
# Copyright (C) 2024 Red Hat, Inc.
# Written by Andrew John Hughes <gnu.andrew@redhat.com>, 2012-2022
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
OLD_RELEASE=$1
NEW_RELEASE=$2
REPO=$3
SUBDIR=$4
SCRIPT_DIR=$(dirname "${0}")
if test "${SUBDIR}" = ""; then
echo "No subdirectory specified; using .";
SUBDIR=".";
fi
if test "$REPO" = ""; then
echo "No repository specified; using ${PWD}"
REPO=${PWD}
fi
if test "${TMPDIR}" = ""; then
TMPDIR=/tmp;
fi
echo "Repository: ${REPO}"
if [ -e "${REPO}/.git" ] ; then
TYPE=git;
elif [ -e "${REPO}/.hg" ] ; then
TYPE=hg;
else
echo "No Mercurial or Git repository detected.";
exit 1;
fi
if test "$OLD_RELEASE" = "" || test "$NEW_RELEASE" = ""; then
echo "ERROR: Need to specify old and new release";
exit 2;
fi
echo "Listing fixes between $OLD_RELEASE and $NEW_RELEASE in $REPO"
rm -f "${TMPDIR}/fixes2" "${TMPDIR}/fixes3" "${TMPDIR}/fixes"
for repos in . $("${SCRIPT_DIR}/discover_trees.sh" "${REPO}");
do
if test "$TYPE" = "hg"; then
hg log -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R "$REPO/$repos" -G -M "${REPO}/${SUBDIR}" | \
grep -E '^[o:| ]*summary'|grep -v 'Added tag'|sed -r 's#^[o:| ]*summary:\W*([0-9])# - JDK-\1#'| \
sed 's#^[o:| ]*summary:\W*# - #' >> "${TMPDIR}/fixes2";
hg log -v -r "tag('$NEW_RELEASE'):tag('$OLD_RELEASE') - tag('$OLD_RELEASE')" -R "$REPO/$repos" -G -M "${REPO}/${SUBDIR}" | \
grep -E '^[o:| ]*[0-9]{7}'|sed -r 's#^[o:| ]*([0-9]{7})# - JDK-\1#' >> "${TMPDIR}/fixes3";
else
git -C "${REPO}" log --no-merges --pretty=format:%B "${NEW_RELEASE}...${OLD_RELEASE}" -- "${SUBDIR}" |grep -E '^[0-9]{7}' | \
sed -r 's#^([0-9])# - JDK-\1#' >> "${TMPDIR}/fixes2";
touch "${TMPDIR}/fixes3" ; # unused
fi
done
sort "${TMPDIR}/fixes2" "${TMPDIR}/fixes3" > "${TMPDIR}/fixes4"
uniq "${TMPDIR}/fixes4" > "${TMPDIR}/fixes"
rm -f "${TMPDIR}/fixes2" "${TMPDIR}/fixes3"
if ! [ -s "${TMPDIR}/fixes" ] ; then
echo "Failed to obtain fixes.";
exit 3;
fi
echo "In ${TMPDIR}/fixes:"
cat "${TMPDIR}/fixes"
printf "\nChecking for duplicates...";
if uniq -d "${TMPDIR}/fixes4" | grep 'JDK' > "${TMPDIR}/dupes"; then
printf "found.\nWARNING: Review the following duplicates:\n";
cat "${TMPDIR}/dupes";
else
echo "No apparent duplicates.";
fi
rm -f "${TMPDIR}/fixes4";
printf "\nChecking for backouts...";
if grep -i 'backout' "${TMPDIR}/fixes" > "${TMPDIR}/backouts"; then
printf "found.\nWARNING: Review the following backouts:\n"
cat "${TMPDIR}/backouts";
else
echo "No apparent backouts.";
fi
printf "\nChecking for bundled library updates...";
if grep -iE ':( \(tz\))? (update|upgrade).*(freetype|gif|harfbuzz|lcms|jpeg|png|timezone|zlib)' "${TMPDIR}/fixes" > "${TMPDIR}/bundles"; then
printf "found.\nWARNING: Review the following with respect to bundled provides:\n";
cat "${TMPDIR}/bundles";
echo "Compare the output of $(dirname "${0}")/get_bundle_versions.sh with the RPM using the JDK source tree"
else
echo "No apparent library updates.";
fi
# Local Variables:
# compile-command: "shellcheck openjdk_news.sh"
# fill-column: 80
# indent-tabs-mode: nil
# sh-basic-offset: 4
# End:

3
sources
View File

@ -1,3 +0,0 @@
SHA512 (tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz) = 97d026212363b3c83f6a04100ad7f6fdde833d16579717f8756e2b8c2eb70e144a41a330cb9ccde9c3badd37a2d54fdf4650a950ec21d8b686d545ecb2a64d30
SHA512 (openjdk-25.0.2+10.tar.xz) = 238580373693cb0221f8678df1b1c838b9ae6fc8311c2ece496908444bee640315cba8a3e439866b647021f471b96f011aad35eb3e7ae2369a19d9489c6ddb2d
SHA512 (nssadapter-0.1.1.tar.xz) = 2b4675cfbfa2ccb6c9a4870a4b58ae555267f5b8c9bdb0cf37b075483e6e9ea929561c05070453cf0d67b0b029de5408274555bf2ff50e9533219e898b2717f9

21
tests/tests.yml
View File

@ -1,21 +0,0 @@
---
- hosts: localhost
roles:
- role: standard-test-source
tags:
- always
- role: standard-test-basic
tags:
- classic
- atomic
required_packages:
- java-21-openjdk-devel
tests:
- javaVersion1:
dir: ~
run: set -ex; useradd franta1; su franta1 -c 'java -version';
run: set -ex; useradd franta4; su franta4 -c 'javac -version';
run: ls -l /usr/lib/jvm;
- javaVersion2:
dir: ~
run: set -ex; useradd franta2; su franta2 -c 'java --version'