rpms
/
java-17-openjdk-portable
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Necessary parts moved from rpm-like install to build 

Necessary parts moved from rpm-like install to build
This commit is contained in:
Petra Mikova 2023-01-31 13:14:07 +01:00
parent 0a2ae2a1d9
commit 1ba1df7a76
1 changed files with 45 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

199
java-17-openjdk-portable.spec
View File

@ -1193,22 +1193,14 @@ function installjdk() {
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
# Turn on system security properties
sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
${imagepath}/conf/security/java.security
# Rename OpenJDK cacerts database
mv ${imagepath}/lib/security/cacerts{,.upstream}
# Install cacerts symlink needed by some apps which hard-code the path
ln -sv /etc/pki/java/cacerts ${imagepath}/lib/security
# Create fake alt-java as a placeholder for future alt-java
pushd ${imagepath}
# add alt-java man page
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
if [ -d man/man1 ] ; then
pushd ${imagepath}
# add alt-java man page
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
fi
fi
}
@ -1299,20 +1291,15 @@ EOF
%endif
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
debugbuild=release
else
# change --something to something
debugbuild=`echo $suffix | sed "s/-//g"`
fi
for loop in %{main_suffix} %{staticlibs_loop} ; do
builddir=%{buildoutputdir -- ${suffix}${loop}}
bootbuilddir=boot${builddir}
if test "x${loop}" = "x%{main_suffix}" ; then
link_opt="%{link_type}"
%if %{system_libs}
@ -1357,6 +1344,7 @@ for suffix in %{build_loop} ; do
# Final setup on the main image
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
installjdk ${top_dir_abs_main_build_path}/images/%{jreimage}
# Check debug symbols were built into the dynamic libraries
debugcheckjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
@ -1365,11 +1353,40 @@ for suffix in %{build_loop} ; do
################################################################################
pushd ${top_dir_abs_main_build_path}/images
if [ "x$suffix" == "x" ] ; then
nameSuffix=""
else
nameSuffix=`echo "$suffix"| sed s/-/./`
fi
if [ "x$suffix" == "x" ] ; then
nameSuffix=""
else
nameSuffix=`echo "$suffix"| sed s/-/./`
fi
# additional steps needed for fluent repack; most of them done twice, as images are already populated
# maybe most of them should be done in upstream build?
for imagedir in %{jdkimage} %{jreimage} ; do
pushd $imagedir
# Convert man pages to UTF8 encoding
if [ -d man/man1 ] ; then # jre do not have man pages...
for manpage in man/man1/* ; do
iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
mv -f $manpage.tmp $manpage
done
fi
# Install release notes
cp -a %{SOURCE10} `pwd`
cp -a %{SOURCE10} `pwd`/legal
# stabilize permissions; aprtially duplicated in instalojdk
find `pwd` -name "*.so" -exec chmod 755 {} \; -exec echo "set 755 to so {}" \; ;
find `pwd` -type d -exec chmod 755 {} \; -exec echo "set 755 to dir {}" \; ;
find `pwd`/legal -type f -exec chmod 644 {} \; -exec echo "set 644 to licences {}" \; ;
popd # jdkimage/jreimage
done # jre/sdk work in loop
# javadoc is done only for release sdkimage
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
#cp -a docs %{jdkimage} # not sure if the plaintext javadoc is for some use
built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
cp -a `pwd`/../bundles/${built_doc_archive} `pwd`/%{jdkimage}/javadocs.zip || ls -l `pwd`/../bundles
fi
# end of additional steps
mv %{jdkimage} %{jdkportablename -- "$nameSuffix"}
mv %{jreimage} %{jreportablename -- "$nameSuffix"}
tar -cJf ../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"}
@ -1400,134 +1417,8 @@ for suffix in %{build_loop} ; do
done # end of release / debug cycle loop
%install
STRIP_KEEP_SYMTAB=libjvm*
for suffix in %{build_loop} ; do
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
if [ "fixme" == "todo" ] ; then #todo, extract some parts to build, drop the rest - but keep it in rpms after repack
# done in build
%if %{include_staticlibs}
top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticlibs_loop}}
%endif
jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
# tbd in rpms
# Install the jdk
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
cp -a ${jdk_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
pushd ${jdk_image}
# tbd in rpms
%if %{with_systemtap}
# Install systemtap support files
install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
# note, that uniquesuffix is in BUILD dir in this case
cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
tapsetFiles=`ls *.stp`
popd
install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
for name in $tapsetFiles ; do
targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
ln -srvf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
done
%endif
# tbd in rpms
# Install version-ed symlinks
pushd $RPM_BUILD_ROOT%{_jvmdir}
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
popd
# todo fix in build
# Install man pages
install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man1
for manpage in man/man1/*
do
# Convert man pages to UTF8 encoding
iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
mv -f $manpage.tmp $manpage
install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename \
$manpage .1)-%{uniquesuffix -- $suffix}.1
done
# Remove man pages from jdk image
rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
popd
# done in build
# Install static libs artefacts
%if %{include_staticlibs}
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
%endif
# todo fix in build
if ! echo $suffix | grep -q "debug" ; then
# Install Javadoc documentation
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a ${top_dir_abs_main_build_path}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
cp -a ${top_dir_abs_main_build_path}/bundles/${built_doc_archive} \
$RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}/bundles/
fi
# todo fix in build
# Install release notes
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
install -d -m 755 ${commondocdir}
cp -a %{SOURCE10} ${commondocdir}
# Install icons and menu entries
for s in 16 24 32 48 ; do
install -D -p -m 644 \
%{top_level_dir_name}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
$RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
done
# tbd in rpms
# Install desktop files
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
for e in jconsole$suffix ; do
desktop-file-install --vendor=%{uniquesuffix -- $suffix} --mode=644 \
--dir=$RPM_BUILD_ROOT%{_datadir}/applications $e.desktop
done
# tbd in rpms
# Install /etc/.java/.systemPrefs/ directory
# See https://bugzilla.redhat.com/show_bug.cgi?id=741821
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/.java/.systemPrefs
# todo fix in build
# copy samples next to demos; samples are mostly js files
cp -r %{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
# tbd in rpms
# moving config files to /etc
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/ $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/conf ./conf
popd
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/lib/security ./security
popd
# end moving files to /etc
# todo fix in build
# stabilize permissions
find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;
fi # fixme, todo
################################################################################
if [ "x$suffix" == "x" ] ; then
@ -1585,14 +1476,14 @@ $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLev
$JAVA_HOME/bin/javac -d . %{SOURCE14}
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
# Check system crypto (policy) is active and can be disabled
# Check system crypto (policy) is deactive and can be enabled
# Test takes a single argument - true or false - to state whether system
# security properties are enabled or not.
$JAVA_HOME/bin/javac -d . %{SOURCE15}
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
export SEC_DEBUG="-Djava.security.debug=properties"
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=false ${PROG} true || echo "do not work, https://pkgs.devel.redhat.com/cgit/rpms/java-11-openjdk/tree/java-11-openjdk.spec?h=openjdk-portable-rhel-7#n1292 have it wrong?"
# Check java launcher has no SSB mitigation
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi