Necessary parts moved from rpm-like install to build
Necessary parts moved from rpm-like install to build
This commit is contained in:
parent
0a2ae2a1d9
commit
1ba1df7a76
@ -1193,22 +1193,14 @@ function installjdk() {
|
|||||||
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
|
||||||
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
|
||||||
|
|
||||||
# Turn on system security properties
|
|
||||||
sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \
|
|
||||||
${imagepath}/conf/security/java.security
|
|
||||||
|
|
||||||
|
|
||||||
# Rename OpenJDK cacerts database
|
|
||||||
mv ${imagepath}/lib/security/cacerts{,.upstream}
|
|
||||||
# Install cacerts symlink needed by some apps which hard-code the path
|
|
||||||
ln -sv /etc/pki/java/cacerts ${imagepath}/lib/security
|
|
||||||
|
|
||||||
# Create fake alt-java as a placeholder for future alt-java
|
# Create fake alt-java as a placeholder for future alt-java
|
||||||
pushd ${imagepath}
|
if [ -d man/man1 ] ; then
|
||||||
# add alt-java man page
|
pushd ${imagepath}
|
||||||
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
# add alt-java man page
|
||||||
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
|
||||||
popd
|
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
|
||||||
|
popd
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1299,20 +1291,15 @@ EOF
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
for suffix in %{build_loop} ; do
|
for suffix in %{build_loop} ; do
|
||||||
|
|
||||||
if [ "x$suffix" = "x" ] ; then
|
if [ "x$suffix" = "x" ] ; then
|
||||||
debugbuild=release
|
debugbuild=release
|
||||||
else
|
else
|
||||||
# change --something to something
|
# change --something to something
|
||||||
debugbuild=`echo $suffix | sed "s/-//g"`
|
debugbuild=`echo $suffix | sed "s/-//g"`
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
for loop in %{main_suffix} %{staticlibs_loop} ; do
|
for loop in %{main_suffix} %{staticlibs_loop} ; do
|
||||||
|
|
||||||
builddir=%{buildoutputdir -- ${suffix}${loop}}
|
builddir=%{buildoutputdir -- ${suffix}${loop}}
|
||||||
bootbuilddir=boot${builddir}
|
bootbuilddir=boot${builddir}
|
||||||
|
|
||||||
if test "x${loop}" = "x%{main_suffix}" ; then
|
if test "x${loop}" = "x%{main_suffix}" ; then
|
||||||
link_opt="%{link_type}"
|
link_opt="%{link_type}"
|
||||||
%if %{system_libs}
|
%if %{system_libs}
|
||||||
@ -1357,6 +1344,7 @@ for suffix in %{build_loop} ; do
|
|||||||
# Final setup on the main image
|
# Final setup on the main image
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
||||||
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
|
installjdk ${top_dir_abs_main_build_path}/images/%{jreimage}
|
||||||
# Check debug symbols were built into the dynamic libraries
|
# Check debug symbols were built into the dynamic libraries
|
||||||
debugcheckjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
debugcheckjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
|
||||||
|
|
||||||
@ -1365,11 +1353,40 @@ for suffix in %{build_loop} ; do
|
|||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
pushd ${top_dir_abs_main_build_path}/images
|
pushd ${top_dir_abs_main_build_path}/images
|
||||||
if [ "x$suffix" == "x" ] ; then
|
if [ "x$suffix" == "x" ] ; then
|
||||||
nameSuffix=""
|
nameSuffix=""
|
||||||
else
|
else
|
||||||
nameSuffix=`echo "$suffix"| sed s/-/./`
|
nameSuffix=`echo "$suffix"| sed s/-/./`
|
||||||
fi
|
fi
|
||||||
|
# additional steps needed for fluent repack; most of them done twice, as images are already populated
|
||||||
|
# maybe most of them should be done in upstream build?
|
||||||
|
for imagedir in %{jdkimage} %{jreimage} ; do
|
||||||
|
pushd $imagedir
|
||||||
|
# Convert man pages to UTF8 encoding
|
||||||
|
if [ -d man/man1 ] ; then # jre do not have man pages...
|
||||||
|
for manpage in man/man1/* ; do
|
||||||
|
iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
|
||||||
|
mv -f $manpage.tmp $manpage
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
# Install release notes
|
||||||
|
cp -a %{SOURCE10} `pwd`
|
||||||
|
cp -a %{SOURCE10} `pwd`/legal
|
||||||
|
# stabilize permissions; aprtially duplicated in instalojdk
|
||||||
|
find `pwd` -name "*.so" -exec chmod 755 {} \; -exec echo "set 755 to so {}" \; ;
|
||||||
|
find `pwd` -type d -exec chmod 755 {} \; -exec echo "set 755 to dir {}" \; ;
|
||||||
|
find `pwd`/legal -type f -exec chmod 644 {} \; -exec echo "set 644 to licences {}" \; ;
|
||||||
|
popd # jdkimage/jreimage
|
||||||
|
done # jre/sdk work in loop
|
||||||
|
# javadoc is done only for release sdkimage
|
||||||
|
if ! echo $suffix | grep -q "debug" ; then
|
||||||
|
# Install Javadoc documentation
|
||||||
|
#cp -a docs %{jdkimage} # not sure if the plaintext javadoc is for some use
|
||||||
|
built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
|
||||||
|
cp -a `pwd`/../bundles/${built_doc_archive} `pwd`/%{jdkimage}/javadocs.zip || ls -l `pwd`/../bundles
|
||||||
|
fi
|
||||||
|
# end of additional steps
|
||||||
|
|
||||||
mv %{jdkimage} %{jdkportablename -- "$nameSuffix"}
|
mv %{jdkimage} %{jdkportablename -- "$nameSuffix"}
|
||||||
mv %{jreimage} %{jreportablename -- "$nameSuffix"}
|
mv %{jreimage} %{jreportablename -- "$nameSuffix"}
|
||||||
tar -cJf ../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"}
|
tar -cJf ../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"}
|
||||||
@ -1400,134 +1417,8 @@ for suffix in %{build_loop} ; do
|
|||||||
done # end of release / debug cycle loop
|
done # end of release / debug cycle loop
|
||||||
|
|
||||||
%install
|
%install
|
||||||
STRIP_KEEP_SYMTAB=libjvm*
|
|
||||||
|
|
||||||
|
|
||||||
for suffix in %{build_loop} ; do
|
for suffix in %{build_loop} ; do
|
||||||
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}}
|
||||||
if [ "fixme" == "todo" ] ; then #todo, extract some parts to build, drop the rest - but keep it in rpms after repack
|
|
||||||
|
|
||||||
# done in build
|
|
||||||
%if %{include_staticlibs}
|
|
||||||
top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticlibs_loop}}
|
|
||||||
%endif
|
|
||||||
jdk_image=${top_dir_abs_main_build_path}/images/%{jdkimage}
|
|
||||||
|
|
||||||
# tbd in rpms
|
|
||||||
# Install the jdk
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}
|
|
||||||
cp -a ${jdk_image} $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}
|
|
||||||
|
|
||||||
pushd ${jdk_image}
|
|
||||||
|
|
||||||
# tbd in rpms
|
|
||||||
%if %{with_systemtap}
|
|
||||||
# Install systemtap support files
|
|
||||||
install -dm 755 $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset
|
|
||||||
# note, that uniquesuffix is in BUILD dir in this case
|
|
||||||
cp -a $RPM_BUILD_DIR/%{uniquesuffix ""}/tapset$suffix/*.stp $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
|
|
||||||
pushd $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/
|
|
||||||
tapsetFiles=`ls *.stp`
|
|
||||||
popd
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{tapsetdir}
|
|
||||||
for name in $tapsetFiles ; do
|
|
||||||
targetName=`echo $name | sed "s/.stp/$suffix.stp/"`
|
|
||||||
ln -srvf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/tapset/$name $RPM_BUILD_ROOT%{tapsetdir}/$targetName
|
|
||||||
done
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# tbd in rpms
|
|
||||||
# Install version-ed symlinks
|
|
||||||
pushd $RPM_BUILD_ROOT%{_jvmdir}
|
|
||||||
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
|
|
||||||
popd
|
|
||||||
|
|
||||||
# todo fix in build
|
|
||||||
# Install man pages
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man1
|
|
||||||
for manpage in man/man1/*
|
|
||||||
do
|
|
||||||
# Convert man pages to UTF8 encoding
|
|
||||||
iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp
|
|
||||||
mv -f $manpage.tmp $manpage
|
|
||||||
install -m 644 -p $manpage $RPM_BUILD_ROOT%{_mandir}/man1/$(basename \
|
|
||||||
$manpage .1)-%{uniquesuffix -- $suffix}.1
|
|
||||||
done
|
|
||||||
# Remove man pages from jdk image
|
|
||||||
rm -rf $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/man
|
|
||||||
|
|
||||||
popd
|
|
||||||
|
|
||||||
# done in build
|
|
||||||
# Install static libs artefacts
|
|
||||||
%if %{include_staticlibs}
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
|
|
||||||
cp -a ${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image}/lib/*.a \
|
|
||||||
$RPM_BUILD_ROOT%{_jvmdir}/%{sdkdir -- $suffix}/%{static_libs_install_dir}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# todo fix in build
|
|
||||||
if ! echo $suffix | grep -q "debug" ; then
|
|
||||||
# Install Javadoc documentation
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
|
|
||||||
cp -a ${top_dir_abs_main_build_path}/images/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}
|
|
||||||
built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip
|
|
||||||
cp -a ${top_dir_abs_main_build_path}/bundles/${built_doc_archive} \
|
|
||||||
$RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir -- $suffix}.zip || ls -l ${top_dir_abs_main_build_path}/bundles/
|
|
||||||
fi
|
|
||||||
|
|
||||||
# todo fix in build
|
|
||||||
# Install release notes
|
|
||||||
commondocdir=${RPM_BUILD_ROOT}%{_defaultdocdir}/%{uniquejavadocdir -- $suffix}
|
|
||||||
install -d -m 755 ${commondocdir}
|
|
||||||
cp -a %{SOURCE10} ${commondocdir}
|
|
||||||
|
|
||||||
# Install icons and menu entries
|
|
||||||
for s in 16 24 32 48 ; do
|
|
||||||
install -D -p -m 644 \
|
|
||||||
%{top_level_dir_name}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png \
|
|
||||||
$RPM_BUILD_ROOT%{_datadir}/icons/hicolor/${s}x${s}/apps/java-%{javaver}-%{origin}.png
|
|
||||||
done
|
|
||||||
|
|
||||||
# tbd in rpms
|
|
||||||
# Install desktop files
|
|
||||||
install -d -m 755 $RPM_BUILD_ROOT%{_datadir}/{applications,pixmaps}
|
|
||||||
for e in jconsole$suffix ; do
|
|
||||||
desktop-file-install --vendor=%{uniquesuffix -- $suffix} --mode=644 \
|
|
||||||
--dir=$RPM_BUILD_ROOT%{_datadir}/applications $e.desktop
|
|
||||||
done
|
|
||||||
|
|
||||||
# tbd in rpms
|
|
||||||
# Install /etc/.java/.systemPrefs/ directory
|
|
||||||
# See https://bugzilla.redhat.com/show_bug.cgi?id=741821
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/.java/.systemPrefs
|
|
||||||
|
|
||||||
# todo fix in build
|
|
||||||
# copy samples next to demos; samples are mostly js files
|
|
||||||
cp -r %{top_level_dir_name}/src/sample $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/
|
|
||||||
|
|
||||||
|
|
||||||
# tbd in rpms
|
|
||||||
# moving config files to /etc
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
|
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
|
|
||||||
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/conf/ $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}
|
|
||||||
mv $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib/security $RPM_BUILD_ROOT/%{etcjavadir -- $suffix}/lib
|
|
||||||
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}
|
|
||||||
ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/conf ./conf
|
|
||||||
popd
|
|
||||||
pushd $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/lib
|
|
||||||
ln -srv $RPM_BUILD_ROOT%{etcjavadir -- $suffix}/lib/security ./security
|
|
||||||
popd
|
|
||||||
# end moving files to /etc
|
|
||||||
|
|
||||||
# todo fix in build
|
|
||||||
# stabilize permissions
|
|
||||||
find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -name "*.so" -exec chmod 755 {} \; ;
|
|
||||||
find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/ -type d -exec chmod 755 {} \; ;
|
|
||||||
find $RPM_BUILD_ROOT/%{_jvmdir}/%{sdkdir -- $suffix}/legal -type f -exec chmod 644 {} \; ;
|
|
||||||
|
|
||||||
fi # fixme, todo
|
|
||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
if [ "x$suffix" == "x" ] ; then
|
if [ "x$suffix" == "x" ] ; then
|
||||||
@ -1585,14 +1476,14 @@ $JAVA_HOME/bin/java --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLev
|
|||||||
$JAVA_HOME/bin/javac -d . %{SOURCE14}
|
$JAVA_HOME/bin/javac -d . %{SOURCE14}
|
||||||
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
|
$JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||")
|
||||||
|
|
||||||
# Check system crypto (policy) is active and can be disabled
|
# Check system crypto (policy) is deactive and can be enabled
|
||||||
# Test takes a single argument - true or false - to state whether system
|
# Test takes a single argument - true or false - to state whether system
|
||||||
# security properties are enabled or not.
|
# security properties are enabled or not.
|
||||||
$JAVA_HOME/bin/javac -d . %{SOURCE15}
|
$JAVA_HOME/bin/javac -d . %{SOURCE15}
|
||||||
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
|
export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||")
|
||||||
export SEC_DEBUG="-Djava.security.debug=properties"
|
export SEC_DEBUG="-Djava.security.debug=properties"
|
||||||
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} true
|
$JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false
|
||||||
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false
|
$JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=false ${PROG} true || echo "do not work, https://pkgs.devel.redhat.com/cgit/rpms/java-11-openjdk/tree/java-11-openjdk.spec?h=openjdk-portable-rhel-7#n1292 have it wrong?"
|
||||||
|
|
||||||
# Check java launcher has no SSB mitigation
|
# Check java launcher has no SSB mitigation
|
||||||
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi
|
||||||
|
Loading…
Reference in New Issue
Block a user