From dee0f272933f5c2a5e590e84d17e96577a7ce8b3 Mon Sep 17 00:00:00 2001 From: Petra Alice Mikova Date: Tue, 8 Aug 2023 14:49:30 +0200 Subject: [PATCH 01/15] Update to JDK21 ea version - initial update to jdk21 - commented out fips patches - updated to jdk21 ea - updated patch 1001 - rh1648249-add_commented_out_nss_cfg_provider_to_java_security - replaced files used for static libs smoke tests --- .gitignore | 1 + java-latest-openjdk-portable.spec | 26 ++++++++++++------- ...ut_nss_cfg_provider_to_java_security.patch | 13 +++++----- sources | 2 +- 4 files changed, 25 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index 8540e85..f411948 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ /openjdk-jdk20u-jdk-20+36.tar.xz /openjdk-jdk20u-jdk-20.0.1+9.tar.xz /openjdk-jdk20u-jdk-20.0.2+9.tar.xz +/openjdk-jdk21u-jdk-21+34.tar.xz diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 6d96bdf..0d8400d 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -331,14 +331,14 @@ %endif # New Version-String scheme-style defines -%global featurever 20 +%global featurever 21 %global interimver 0 -%global updatever 2 +%global updatever 0 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, # and this it is better to change it here, on single place -%global buildjdkver %{featurever} +%global buildjdkver 20 # We don't add any LTS designator for STS packages (Fedora and EPEL). # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined. %if 0%{?rhel} && !0%{?epel} @@ -390,7 +390,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 9 +%global buildver 34 %global rpmrelease 1 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -417,7 +417,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 1 +%global is_ga 0 %if %{is_ga} %global build_type GA %global ea_designator "" @@ -692,7 +692,7 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d # RH2104724: Avoid import/export of DH private keys # RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode # Build the systemconf library on all platforms -Patch1001: fips-20u-%{fipsver}.patch +# Patch1001: fips-20u-%{fipsver}.patch ############################################# # @@ -977,7 +977,7 @@ pushd %{top_level_dir_name} %patch3 -p1 %patch6 -p1 # Add crypto policy and FIPS support -%patch1001 -p1 +# %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 popd # openjdk @@ -1151,7 +1151,6 @@ function buildjdk() { --with-boot-jdk=${buildjdk} \ --with-debug-level=${debuglevel} \ --with-native-debug-symbols="%{debug_symbols}" \ - --disable-sysconf-nss \ --enable-unlimited-crypto \ --with-zlib=%{link_type} \ --with-freetype=%{link_type} \ @@ -1534,8 +1533,8 @@ $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})| %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) export STATIC_LIBS_HOME=${top_dir_abs_main_build_path}/../../%{buildoutputdir -- ${suffix}%{staticlibs_suffix}}/images/static-libs/lib/ -readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep w_remainder.c -readelf --debug-dump $STATIC_LIBS_HOME/libfdlibm.a | grep e_remainder.c +readelf --debug-dump $STATIC_LIBS_HOME/libnet.a | grep Inet4AddressImpl.c +readelf --debug-dump $STATIC_LIBS_HOME/libnet.a | grep Inet6AddressImpl.c %endif # Check src.zip has all sources. See RHBZ#1130490 @@ -1627,6 +1626,13 @@ done %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles} %changelog +* Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.34-0.1.ea.rolling +- initial update to jdk21 +- commented out fips patches +- updated to jdk21 ea +- updated patch 1001 - rh1648249-add_commented_out_nss_cfg_provider_to_java_security +- replace smoketests in staticlibs test, as the previous files used were removed by a patch in JDK + * Thu Aug 03 2023 Jiri Vanek - 1:20.0.2.0.9-1.rolling - Update to jdk-20.0.2+9 - Update release notes to 20.0.2+9 diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch index c178077..ff3a79b 100644 --- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch @@ -1,12 +1,13 @@ -diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security -index 68a9c1a2d08..7aa25eb2cb7 100644 ---- openjdk.orig/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI +diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security +index 5149edba0e5..7676c695b36 100644 +--- a/src/java.base/share/conf/security/java.security ++++ b/src/java.base/share/conf/security/java.security +@@ -84,6 +84,8 @@ security.provider.tbd=SunMSCAPI security.provider.tbd=Apple #endif security.provider.tbd=SunPKCS11 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg ++ # - # Security providers used when FIPS mode support is active + # A list of preferred providers for specific algorithms. These providers will diff --git a/sources b/sources index c44230f..c74d310 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openjdk-jdk20u-jdk-20.0.2+9.tar.xz) = ce5383228c42f612e79e65300c048e91ec3ae5941b6769c67c05aa4e98299f8044b2945e64cd38b2e60f3c7558e608a3baa20cf7af2b0108d48c865a71ee1979 +SHA512 (openjdk-jdk21u-jdk-21+34.tar.xz) = 18254fa72851666d9e80a56dc85052d8711794b9c7f81c3f7a80e3c585b13eab783060b04fc3b3bbddbebbb8c4148109a9e822aba2f54aa3b614fd16149017b2 From 43b5b84321eb2306baa4a3155b8475f5f24cf727 Mon Sep 17 00:00:00 2001 From: Petra Alice Mikova Date: Tue, 15 Aug 2023 10:58:47 +0200 Subject: [PATCH 02/15] Modified README.md, NEWS file --- NEWS | 287 +++++++++++++++++++----------------------------------- README.md | 2 +- 2 files changed, 99 insertions(+), 190 deletions(-) diff --git a/NEWS b/NEWS index 256b111..06591a2 100644 --- a/NEWS +++ b/NEWS @@ -3,161 +3,11 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY -New in release OpenJDK 20.0.2 (2023-07-18): -=========================================== -* CVEs - - CVE-2023-22041 - - CVE-2023-22051 - - CVE-2023-25193 - - CVE-2023-22044 - - CVE-2023-22045 - - CVE-2023-22049 - - CVE-2023-22036 - - CVE-2023-22006 -* Security fixes - - JDK-8299945: Update the release version after forking Apr CPU23_04 - - JDK-8299946: Update the Jul CPU23_07 release date in master branch after forking Apr CPU23_04 - - JDK-8299129: Enhance NameService lookups - - JDK-8295304: Runtime support improvements - - JDK-8300285: Enhance TLS data handling - - JDK-8298676: Enhanced Look and Feel - - JDK-8304460: Improve array usages - - JDK-8304468: Better array usages - - JDK-8302483: Enhance ZIP performance - - JDK-8305565: Incorrect milestone for release JDK 20.0.2 - - JDK-8300596: Enhance Jar Signature validation - - JDK-8302475: Enhance HTTP client file downloading - - JDK-8305421: Work around JDK-8305420 in CDSJDITest.java - - JDK-8294323: Improve Shared Class Data - - JDK-8305312: Enhanced path handling - - JDK-8296565: Enhanced archival support - - JDK-8306049: Change milestone to fcs for all releases - - JDK-8303376: Better launching of JDI - - JDK-8308682: Enhance AES performance -* Other changes - - JDK-8304741: C2 Intrinsification of Float.floatToFloat16 and Float.float16ToFloat Yields Different Result than the Interpreter - - JDK-8306763: GHA: MSVC installation is failing - - JDK-8304075: Consider removal of expiry check in VerifyCACerts.java test - - JDK-8304077: The "ZonedDateTime.parse" may not accept the "UTC+XX" zone id - - JDK-8304227: Corrupted heap dumps due to missing retries for os::write() - - JDK-8304424: Update HarfBuzz to 7.0.1 - - JDK-8304887: javax/swing/JFileChooser/4847375/bug4847375.java fails with AssertionError - - JDK-8305123: javac regression: Compilation with --release 8 fails on underscore in enum identifiers - - JDK-8305537: Use default visibility for static library builds - - JDK-8305540: ArrayFill with store on backedge needs to reduce length by 1 - - JDK-8305541: C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE - - JDK-8305542: C2: PhaseCFG::convert_NeverBranch_to_Goto must handle both orders of successors - - JDK-8305546: C2: Arraycopy intrinsic throws incorrect exception - - JDK-8305548: use-after-free related to GraphKit::clone_map - - JDK-8305549: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument - - JDK-8305550: C2: CmpU::Value must filter overflow computation against local sub computation - - JDK-8305551: C2 compiled code crashes with SIGFPE with -XX:+StressLCM and -XX:+StressGCM - - JDK-8305554: C2: java.lang.StringUTF16::indexOfChar intrinsic called with negative character argument - - JDK-8305555: C2: assert(get_ctrl(n) == cle_out) during unrolling - - JDK-8305557: Vector.lane() gets wrong value on x86 - - JDK-8305558: [JVMCI] Insufficient error handling when CodeBuffer is exhausted - - JDK-8305560: C2: "Bad graph detected in build_loop_late" after a CMove is wrongly split thru phi - - JDK-8305561: DebugNonSafepoints generates incorrect information - - JDK-8305850: Fastdebug build fails after JDK-8296389 - - JDK-8305851: use-def assert: special case undetected loops nested in infinite loops - - JDK-8305865: (tz) Update Timezone Data to 2023c - - JDK-8305876: Special case infinite loops with unmerged backedges in IdealLoopTree::check_safepts - - JDK-8306319: Add the runtime version in the release file of a JDK image - - JDK-8306478: On the latest macOS+XCode the Robot API may report wrong colors - - JDK-8306750: Upgrade JLine to 3.22.0 - - JDK-8306751: JShell does not switch to raw mode when there is no /bin/test - - JDK-8306771: [AIX] Broken build after JDK-8301998 - - JDK-8307107: updateIconImages may lead to deadlock after JDK-8276849 - - JDK-8307111: Shenandoah evacuation workers may deadlock - - JDK-8307112: GHA: MSVC installation could be optional since it might already be pre-installed - - JDK-8307151: Shenandoah: Missing barriers on deoptimization path - - JDK-8307364: Make runtime/Monitor/GuaranteedAsyncDeflationIntervalTest.java more reliable - - JDK-8307372: Add TWCA Global Root CA - - JDK-8307373: Add 2 Microsoft TLS roots - - JDK-8307391: Monitor deflation might be accidentally disabled by zero intervals - - JDK-8307631: Add GTS root CAs - - JDK-8308008: java.time.Instant calculation bug in until and between methods - - JDK-8309850: ConcurrentModificationException in javadoc tool - - JDK-8301870: Include cdb in the Windows devkit - - JDK-8303906: Update jdk20u fix version to 20.0.2 - - JDK-8303958: Missing Classpath exception from Continuation.c - - JDK-8304417: GCC 12 reports some compiler warnings in bundled freetype - - JDK-8304981: jcmd: ManagementAgent.status truncates the text longer than O_BUFLEN - - JDK-8305545: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined must respect ForceInline - - JDK-8305547: use-after-free in Node::destruct - - JDK-8305552: [JVMCI] BytecodeFrame.equals is broken - - JDK-8305553: C2: assert in PhaseIdealLoop::do_unroll() is subject to undefined behavior - - JDK-8305789: Update Commons BCEL to Version 6.7.0 - - JDK-8305849: Memory leak in CompilerOracle::parse_from_line - - JDK-8305859: ProblemList runtime/CompressedOops/CompressedClassPointers.java - - JDK-8305948: Performance degradation for float/double modulo on Linux - - JDK-8306448: NoClassDefFoundError omits the original cause of an error - - JDK-8307209: Thread stacksize is reported with wrong units in os::create_thread logging - - JDK-8307360: [vectorapi] The typeChar of LaneType is incorrect when default locale is tr - - JDK-8307361: Guarantee eventual async monitor deflation - - JDK-8307380: harfbuzz build fails with GCC 7 after JDK-8301998 - - JDK-8307419: UTIL_LOOKUP_PROGS fails on pathes with space - - JDK-8307420: UTIL_REQUIRE_SPECIAL warning on grep - - JDK-8307705: Support for GB18030-2022 - - JDK-8308112: Allow collectors to provide specific values for GC notifications' actions - - JDK-8308390: Font.getStringBounds calculates wrong width for TextAttribute.TRACKING other than 0.0 - - JDK-8308418: Socket input stream read burns CPU cycles with back-to-back poll(0) calls - - JDK-8308457: [AIX] VM crashes with UseRTMLocking on Power10 - - JDK-8308693: Add missing gc+phases logging for ObjectCount(AfterGC) JFR event collection code - - JDK-8309483: PPC: Non-Top Interpreted frames should be independent of ABI_ELFv2 - - JDK-8305544: UB: Compile::_phase_optimize_finished is initialized too late - - JDK-8305556: Memory leak in WB_IsMethodCompatible - - JDK-8305559: Identical branch conditions in CompileBroker::print_heapinfo - -The full list of changes in 20u can be found at: -- * https://builds.shipilev.net/backports-monitor/release-notes-20.0.2.txt -- * https://builds.shipilev.net/backports-monitor/pushes-20.0.2.txt - -New in release OpenJDK 20.0.1 (2023-04-18): -=========================================== - -* CVEs - - CVE-2023-21930 - - CVE-2023-21937 - - CVE-2023-21938 - - CVE-2023-21939 - - CVE-2023-21967 - - CVE-2023-21968 -* Security fixes - - JDK-8287404: Improve ping times - - JDK-8288436: Improve Xalan supports - - JDK-8294474: Better AES support - - JDK-8295304: Runtime support improvements - - JDK-8296676, JDK-8296622: Improve String platform support - - JDK-8296684: Improve String platform support - - JDK-8296692: Improve String platform support - - JDK-8296832: Improve Swing platform support - - JDK-8297371: Improve UTF8 representation redux - - JDK-8298310: Enhance TLS session negotiation - - JDK-8298667: Improved path handling - - JDK-8299129: Enhance NameService lookups -* Other changes - - JDK-8208077: File.listRoots performance degradation - - JDK-8245654: Add Certigna Root CA - - JDK-8278965: crash in SymbolTable::do_lookup - - JDK-8295951: intermittent cmp_baseline task failures with CDS files - - JDK-8299194: CustomTzIDCheckDST.java may fail at future date - - JDK-8299843: Bump version numbers for 20.0.1 - - JDK-8299947: Change milestone to fcs for all releases - - JDK-8301123: Enable Symbol refcounting underflow checks in PRODUCT - - JDK-8301858: Verification error when compiling switch with record patterns - - JDK-8301876: Crash in DumpTimeClassInfo::add_verification_constraint - - JDK-8302202: Incorrect desugaring of null-allowed nested patterns - - JDK-8302879: doc/building.md update link to jtreg builds - - JDK-8303412: Update linux_x64-to-linux_aarch64 cross compilation devkit at Oracle - -New in release OpenJDK 20.0.0 (2023-03-21): +New in release OpenJDK 21.0.0 (2023-09-XX): =========================================== Major changes are listed below. Some changes may have been backported -to earlier releases following their first appearance in OpenJDK 20. - -The full list of changes in 20u can be found at: -- * https://builds.shipilev.net/backports-monitor/release-notes-20.txt +to earlier releases following their first appearance in OpenJDK 18 +through to 21. NEW FEATURES ============ @@ -171,6 +21,7 @@ https://openjdk.org/jeps/406 https://openjdk.org/jeps/420 https://openjdk.org/jeps/427 https://openjdk.org/jeps/433 +https://openjdk.org/jeps/441 Enhance the Java programming language with pattern matching for `switch` expressions and statements, along with extensions to the @@ -179,39 +30,53 @@ expression to be tested against a number of patterns, each with a specific action, so that complex data-oriented queries can be expressed concisely and safely. -This is a preview feature (http://openjdk.java.net/jeps/12) introduced -in OpenJDK 17 (JEP 406), which saw a second preview in OpenJDK 18 (JEP -420) and a third in OpenJDK 19 (JEP 427). It reaches its fourth -preview (JEP 427) in OpenJDK 20. +This was a preview feature (http://openjdk.java.net/jeps/12) +introduced in OpenJDK 17 (JEP 406), which saw a second preview in +OpenJDK 18 (JEP 420), a third in OpenJDK 19 (JEP 427) and a fourth +(JEP 427) in OpenJDK 20. It became final with OpenJDK 21 (JEP 441). Record Patterns =============== https://openjdk.org/jeps/405 https://openjdk.org/jeps/432 +https://openjdk.org/jeps/440 Enhance the Java programming language with record patterns to deconstruct record values. Record patterns and type patterns can be nested to enable a powerful, declarative, and composable form of data navigation and processing. +This was a preview feature (http://openjdk.java.net/jeps/12) introduced +in OpenJDK 19 (JEP 405) with a second preview (JEP 432) in OpenJDK 20. +It became final with OpenJDK 21 (JEP 440). + +String Templates +================ +https://openjdk.org/jeps/430 + +Enhance the Java programming language with string templates. String +templates complement Java's existing string literals and text blocks +by coupling literal text with embedded expressions and template +processors to produce specialized results. + This is a preview feature (http://openjdk.java.net/jeps/12) introduced -in OpenJDK 19 (JEP 405). It reaches its second preview (JEP 432) in -OpenJDK 20. +in OpenJDK 21 (JEP 430). + +Unnamed Patterns and Variables +============================== +https://openjdk.org/jeps/443 + +Enhance the Java language with unnamed patterns, which match a record +component without stating the component's name or type, and unnamed +variables, which can be initialized but not used. Both are denoted by +an underscore character, _. + +This is a preview feature (http://openjdk.java.net/jeps/12) introduced +in OpenJDK 21 (JEP 443). Library Features ================ -Scoped Values -============= -https://openjdk.org/jeps/429 - -Introduce scoped values, which enable the sharing of immutable data -within and across threads. They are preferred to thread-local -variables, especially when using large numbers of virtual threads. - -This is an incubation feature (https://openjdk.java.net/jeps/11) -introduced in OpenJDK 20 (JEP 429). - Vector API ========== https://openjdk.org/jeps/338 @@ -219,6 +84,7 @@ https://openjdk.org/jeps/414 https://openjdk.org/jeps/417 https://openjdk.org/jeps/426 https://openjdk.org/jeps/438 +https://openjdk.org/jeps/448 Introduce an API to express vector computations that reliably compile at runtime to optimal vector hardware instructions on supported CPU @@ -228,7 +94,8 @@ scalar computations. This is an incubation feature (https://openjdk.java.net/jeps/11) introduced in OpenJDK 16 (JEP 338). A second round of incubation took place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third, -OpenJDK 19 a fourth (JEP 426) and OpenJDK 20 (JEP 438) sees its fifth. +OpenJDK 19 a fourth (JEP 426), OpenJDK 20 (JEP 438) a fifth and +OpenJDK 21 a sixth (JEP 448). Foreign Function & Memory API ============================= @@ -236,6 +103,7 @@ https://openjdk.org/jeps/412 https://openjdk.org/jeps/419 https://openjdk.org/jeps/424 https://openjdk.org/jeps/434 +https://openjdk.org/jeps/442 Introduce an API by which Java programs can interoperate with code and data outside of the Java runtime. By efficiently invoking foreign @@ -250,26 +118,15 @@ It was first introduced in incubation evolution of the Foreign Memory Access API (OpenJDK 14 through 16) and Foreign Linker API (OpenJDK 16) (see release notes for java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP -419) before its inclusion as a preview in OpenJDK 19 (JEP 424). It -reaches a second preview in OpenJDK 20 (JEP 434). - -Virtual Threads -=============== -https://openjdk.org/jeps/425 -https://openjdk.org/jeps/436 - -Introduce virtual threads to the Java Platform. Virtual threads are -lightweight threads that dramatically reduce the effort of writing, -maintaining, and observing high-throughput concurrent applications. - -This is a preview feature (http://openjdk.java.net/jeps/12) introduced -in OpenJDK 19 (JEP 425) and reaching its second preview in OpenJDK 20 -(JEP 436). +419) before its inclusion as a preview in OpenJDK 19 (JEP 424) and a +second in OpenJDK 20 (JEP 434). It reaches a third preview in OpenJDK +21 (JEP 442). Structured Concurrency ====================== https://openjdk.org/jeps/428 https://openjdk.org/jeps/437 +https://openjdk.org/jeps/453 Simplify multithreaded programming by introducing an API for structured concurrency. Structured concurrency treats multiple tasks @@ -277,6 +134,58 @@ running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability. -This is an incubation feature (https://openjdk.java.net/jeps/11) -introduced in OpenJDK 19 (JEP 428). A second round of incubation takes -place in OpenJDK 20 (JEP 437). +This API is now a preview feature (http://openjdk.java.net/jeps/12) in +OpenJDK 21 (JEP 453). It was first introduced in incubation +(https://openjdk.java.net/jeps/11) in OpenJDK 19 (JEP 428) and had a +second round of incubation in OpenJDK 20 (JEP 437). + +Sequenced Collections +===================== +https://openjdk.org/jeps/431 + +Introduce new interfaces to represent collections with a defined +encounter order. Each such collection has a well-defined first +element, second element, and so forth, up to the last element. It also +provides uniform APIs for accessing its first and last elements, and +for processing its elements in reverse order. + +Key Encapsulation Mechanism API +=============================== +https://openjdk.org/jeps/452 + +Introduce an API for key encapsulation mechanisms (KEMs), an +encryption technique for securing symmetric keys using public key +cryptography. + +Virtual Machine Enhancements +============================ + +Generational ZGC +================ +https://openjdk.org/jeps/439 + +Improve application performance by extending the Z Garbage Collector +(ZGC) to maintain separate generations for young and old objects. This +will allow ZGC to collect young objects — which tend to die young — +more frequently. + +DEPRECATIONS +============ + +Deprecate the Windows 32-bit x86 Port for Removal +================================================= +https://openjdk.org/jeps/449 + +Deprecate the Windows 32-bit x86 port, with the intent to remove it in +a future release. + +Prepare to Disallow the Dynamic Loading of Agents +================================================= +https://openjdk.org/jeps/451 + +Issue warnings when agents are loaded dynamically into a running +JVM. These warnings aim to prepare users for a future release which +disallows the dynamic loading of agents by default in order to improve +integrity by default. Serviceability tools that load agents at startup +will not cause warnings to be issued in any release. + diff --git a/README.md b/README.md index 32ed900..d139d7d 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ The java-latest-openjdk-portable package Rolling release of (usually) STSs OpenJDK OpenJDK has release cadence of 6 months, but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbor them. Currently it is build of OpenJDK 12. LTSs will go also as separate packages. -JDK12 is current release of Java platform. It is bringing many cool improvements - https://openjdk.java.net/projects/jdk/12/ and is landing to your Fedora. Where it will be maintained for f28 and newer. Unluckily, this package is STS (short term support) version. Between individual LTS there will be always several STS. Again, please see announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install LTS in fedora build root, alongside with latest STS via alternatives. +JDK21 is current release of Java platform. It is bringing many cool improvements - https://openjdk.org/projects/jdk/21/ and is landing to your Fedora. Where it will be maintained for f28 and newer. Unluckily, this package is STS (short term support) version. Between individual LTS there will be always several STS. Again, please see announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install LTS in fedora build root, alongside with latest STS via alternatives. See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html From a238aebf8e39ec86d5288906e184b5aae541c130 Mon Sep 17 00:00:00 2001 From: Petra Alice Mikova Date: Fri, 25 Aug 2023 09:14:14 +0200 Subject: [PATCH 03/15] Update FIPS support to bring in latest changes - * RH2048582: Support PKCS#12 keystores - * RH2020290: Support TLS 1.3 in FIPS mode - * Add nss.fips.cfg support to OpenJDK tree - * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode - * Remove forgotten dead code from RH2020290 and RH2104724 - * OJ1357: Fix issue on FIPS with a SecurityManager in place - * RH2134669: Add missing attributes when registering services in FIPS mode. - * test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class - * RH1940064: Enable XML Signature provider in FIPS mode - * Remove GCC minor versioning (JDK-8284772) to unbreak testing - Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build - require tzdata 2023c --- ...3d95b5.patch => fips-21u-75ffdc48eda.patch | 1256 +++++++++++++---- java-latest-openjdk-portable.spec | 47 +- nss.fips.cfg.in | 8 - ...ut_nss_cfg_provider_to_java_security.patch | 14 +- 4 files changed, 1044 insertions(+), 281 deletions(-) rename fips-20u-fd3de3d95b5.patch => fips-21u-75ffdc48eda.patch (77%) delete mode 100644 nss.fips.cfg.in diff --git a/fips-20u-fd3de3d95b5.patch b/fips-21u-75ffdc48eda.patch similarity index 77% rename from fips-20u-fd3de3d95b5.patch rename to fips-21u-75ffdc48eda.patch index c36a5b6..7ffbe3a 100644 --- a/fips-20u-fd3de3d95b5.patch +++ b/fips-21u-75ffdc48eda.patch @@ -1,9 +1,33 @@ +diff --git a/make/autoconf/build-aux/pkg.m4 b/make/autoconf/build-aux/pkg.m4 +index 5f4b22bb27f..1ca9f5b8ffe 100644 +--- a/make/autoconf/build-aux/pkg.m4 ++++ b/make/autoconf/build-aux/pkg.m4 +@@ -179,3 +179,19 @@ else + ifelse([$3], , :, [$3]) + fi[]dnl + ])# PKG_CHECK_MODULES ++ ++dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, ++dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) ++dnl ------------------------------------------- ++dnl Since: 0.28 ++dnl ++dnl Retrieves the value of the pkg-config variable for the given module. ++AC_DEFUN([PKG_CHECK_VAR], ++[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl ++AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl ++ ++_PKG_CONFIG([$1], [variable="][$3]["], [$2]) ++AS_VAR_COPY([$1], [pkg_cv_][$1]) ++ ++AS_VAR_IF([$1], [""], [$5], [$4])dnl ++])dnl PKG_CHECK_VAR diff --git a/make/autoconf/lib-sysconf.m4 b/make/autoconf/lib-sysconf.m4 new file mode 100644 -index 00000000000..b2b1c1787da +index 00000000000..f48fc7f7e80 --- /dev/null +++ b/make/autoconf/lib-sysconf.m4 -@@ -0,0 +1,84 @@ +@@ -0,0 +1,87 @@ +# +# Copyright (c) 2021, Red Hat, Inc. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. @@ -38,8 +62,10 @@ index 00000000000..b2b1c1787da + # + # Check for the NSS library + # ++ AC_MSG_CHECKING([for NSS library directory]) ++ PKG_CHECK_VAR(NSS_LIBDIR, nss, libdir, [AC_MSG_RESULT([$NSS_LIBDIR])], [AC_MSG_RESULT([not found])]) + -+ AC_MSG_CHECKING([whether to use the system NSS library with the System Configurator (libsysconf)]) ++ AC_MSG_CHECKING([whether to link the system NSS library with the System Configurator (libsysconf)]) + + # default is not available + DEFAULT_SYSCONF_NSS=no @@ -87,9 +113,10 @@ index 00000000000..b2b1c1787da + fi + fi + AC_SUBST(USE_SYSCONF_NSS) ++ AC_SUBST(NSS_LIBDIR) +]) diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4 -index 7a1d8d80bb2..1807cb71073 100644 +index a1fc81564b1..ebad69d9dcf 100644 --- a/make/autoconf/libraries.m4 +++ b/make/autoconf/libraries.m4 @@ -35,6 +35,7 @@ m4_include([lib-std.m4]) @@ -100,31 +127,54 @@ index 7a1d8d80bb2..1807cb71073 100644 ################################################################################ # Determine which libraries are needed for this configuration -@@ -107,6 +108,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], +@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES], LIB_SETUP_X11 LIB_TESTS_SETUP_GTEST + LIB_SETUP_SYSCONF_LIBS BASIC_JDKLIB_LIBS="" - if test "x$TOOLCHAIN_TYPE" != xmicrosoft; then + BASIC_JDKLIB_LIBS_TARGET="" diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in -index 9448cb9b7e8..8d3d931e951 100644 +index 0f85917814e..9419562b654 100644 --- a/make/autoconf/spec.gmk.in +++ b/make/autoconf/spec.gmk.in -@@ -859,6 +859,10 @@ INSTALL_SYSCONFDIR=@sysconfdir@ +@@ -867,6 +867,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@ # Libraries # +USE_SYSCONF_NSS:=@USE_SYSCONF_NSS@ +NSS_LIBS:=@NSS_LIBS@ +NSS_CFLAGS:=@NSS_CFLAGS@ ++NSS_LIBDIR:=@NSS_LIBDIR@ + USE_EXTERNAL_LCMS:=@USE_EXTERNAL_LCMS@ LCMS_CFLAGS:=@LCMS_CFLAGS@ LCMS_LIBS:=@LCMS_LIBS@ +diff --git a/make/modules/java.base/Gendata.gmk b/make/modules/java.base/Gendata.gmk +index 9e5cfe2d0fc..434ade8e182 100644 +--- a/make/modules/java.base/Gendata.gmk ++++ b/make/modules/java.base/Gendata.gmk +@@ -98,3 +98,17 @@ $(GENDATA_JAVA_SECURITY): $(BUILD_TOOLS_JDK) $(GENDATA_JAVA_SECURITY_SRC) $(REST + TARGETS += $(GENDATA_JAVA_SECURITY) + + ################################################################################ ++ ++GENDATA_NSS_FIPS_CFG_SRC := $(TOPDIR)/src/java.base/share/conf/security/nss.fips.cfg.in ++GENDATA_NSS_FIPS_CFG := $(SUPPORT_OUTPUTDIR)/modules_conf/java.base/security/nss.fips.cfg ++ ++$(GENDATA_NSS_FIPS_CFG): $(GENDATA_NSS_FIPS_CFG_SRC) ++ $(call LogInfo, Generating nss.fips.cfg) ++ $(call MakeTargetDir) ++ $(call ExecuteWithLog, $(SUPPORT_OUTPUTDIR)/gensrc/java.base/_$(@F), \ ++ ( $(SED) -e 's:@NSS_LIBDIR@:$(NSS_LIBDIR):g' $< ) > $@ \ ++ ) ++ ++TARGETS += $(GENDATA_NSS_FIPS_CFG) ++ ++################################################################################ diff --git a/make/modules/java.base/Lib.gmk b/make/modules/java.base/Lib.gmk -index 3b782577258..f515b0ba241 100644 +index 1e0f66726d0..59fe923f2c5 100644 --- a/make/modules/java.base/Lib.gmk +++ b/make/modules/java.base/Lib.gmk @@ -163,6 +163,29 @@ ifeq ($(call isTargetOsType, unix), true) @@ -158,7 +208,7 @@ index 3b782577258..f515b0ba241 100644 # Create the symbols file for static builds. diff --git a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java -index 38836d2701e..d967010b848 100644 +index 10093137151..b023c63ae58 100644 --- a/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java +++ b/src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java @@ -31,6 +31,7 @@ import java.security.SecureRandom; @@ -169,7 +219,7 @@ index 38836d2701e..d967010b848 100644 import static sun.security.util.SecurityConstants.PROVIDER_VER; import static sun.security.util.SecurityProviderConstants.*; -@@ -78,6 +79,10 @@ import static sun.security.util.SecurityProviderConstants.*; +@@ -82,6 +83,10 @@ import static sun.security.util.SecurityProviderConstants.*; public final class SunJCE extends Provider { @@ -180,7 +230,7 @@ index 38836d2701e..d967010b848 100644 @java.io.Serial private static final long serialVersionUID = 6812507587804302833L; -@@ -143,285 +148,287 @@ public final class SunJCE extends Provider { +@@ -147,298 +152,299 @@ public final class SunJCE extends Provider { void putEntries() { // reuse attribute map and reset before each reuse HashMap attrs = new HashMap<>(3); @@ -388,6 +438,13 @@ index 38836d2701e..d967010b848 100644 - ps("Cipher", "PBEWithHmacSHA512AndAES_128", - "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128"); - +- ps("Cipher", "PBEWithHmacSHA512/224AndAES_128", +- "com.sun.crypto.provider.PBES2Core$HmacSHA512_224AndAES_128"); +- +- ps("Cipher", "PBEWithHmacSHA512/256AndAES_128", +- "com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_128"); +- +- - ps("Cipher", "PBEWithHmacSHA1AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); - @@ -403,6 +460,12 @@ index 38836d2701e..d967010b848 100644 - ps("Cipher", "PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256"); - +- ps("Cipher", "PBEWithHmacSHA512/224AndAES_256", +- "com.sun.crypto.provider.PBES2Core$HmacSHA512_224AndAES_256"); +- +- ps("Cipher", "PBEWithHmacSHA512/256AndAES_256", +- "com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_256"); +- - /* - * Key(pair) Generator engines - */ @@ -668,6 +731,12 @@ index 38836d2701e..d967010b848 100644 + ps("Cipher", "PBEWithHmacSHA512AndAES_128", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128"); + ++ ps("Cipher", "PBEWithHmacSHA512/224AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA512_224AndAES_128"); ++ ++ ps("Cipher", "PBEWithHmacSHA512/256AndAES_128", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_128"); ++ + ps("Cipher", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256"); + @@ -683,6 +752,12 @@ index 38836d2701e..d967010b848 100644 + ps("Cipher", "PBEWithHmacSHA512AndAES_256", + "com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256"); + ++ ps("Cipher", "PBEWithHmacSHA512/224AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA512_224AndAES_256"); ++ ++ ps("Cipher", "PBEWithHmacSHA512/256AndAES_256", ++ "com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_256"); ++ + /* + * Key(pair) Generator engines + */ @@ -747,7 +822,7 @@ index 38836d2701e..d967010b848 100644 /* * Algorithm parameter generation engines -@@ -430,15 +437,17 @@ public final class SunJCE extends Provider { +@@ -447,15 +453,17 @@ public final class SunJCE extends Provider { "DiffieHellman", "com.sun.crypto.provider.DHParameterGenerator", null); @@ -774,9 +849,22 @@ index 38836d2701e..d967010b848 100644 /* * Algorithm Parameter engines -@@ -610,118 +619,120 @@ public final class SunJCE extends Provider { - ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256", - "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256"); +@@ -625,10 +633,10 @@ public final class SunJCE extends Provider { + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA512/224AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_224AndAES_128"); ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_224AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_128", +- "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_128"); ++ "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_128"); + + ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256"); +@@ -651,136 +659,137 @@ public final class SunJCE extends Provider { + ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_256", + "com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_256"); - // PBKDF2 - psA("SecretKeyFactory", "PBKDF2WithHmacSHA1", @@ -790,6 +878,10 @@ index 38836d2701e..d967010b848 100644 - "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); - ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", - "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); +- ps("SecretKeyFactory", "PBKDF2WithHmacSHA512/224", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512_224"); +- ps("SecretKeyFactory", "PBKDF2WithHmacSHA512/256", +- "com.sun.crypto.provider.PBKDF2Core$HmacSHA512_256"); - - /* - * MAC @@ -854,6 +946,11 @@ index 38836d2701e..d967010b848 100644 - "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); - ps("Mac", "PBEWithHmacSHA512", - "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); +- ps("Mac", "PBEWithHmacSHA512/224", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512_224", null, attrs); +- ps("Mac", "PBEWithHmacSHA512/256", +- "com.sun.crypto.provider.PBMAC1Core$HmacSHA512_256", null, attrs); +- - ps("Mac", "SslMacMD5", - "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); - ps("Mac", "SslMacSHA1", @@ -866,6 +963,15 @@ index 38836d2701e..d967010b848 100644 - "com.sun.crypto.provider.JceKeyStore"); - - /* +- * KEMs +- */ +- attrs.clear(); +- attrs.put("ImplementedIn", "Software"); +- attrs.put("SupportedKeyClasses", "java.security.interfaces.ECKey" + +- "|java.security.interfaces.XECKey"); +- ps("KEM", "DHKEM", "com.sun.crypto.provider.DHKEM", null, attrs); +- +- /* - * SSL/TLS mechanisms - * - * These are strictly internal implementations and may @@ -903,6 +1009,10 @@ index 38836d2701e..d967010b848 100644 + "com.sun.crypto.provider.PBKDF2Core$HmacSHA384"); + ps("SecretKeyFactory", "PBKDF2WithHmacSHA512", + "com.sun.crypto.provider.PBKDF2Core$HmacSHA512"); ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512/224", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512_224"); ++ ps("SecretKeyFactory", "PBKDF2WithHmacSHA512/256", ++ "com.sun.crypto.provider.PBKDF2Core$HmacSHA512_256"); + + /* + * MAC @@ -955,7 +1065,6 @@ index 38836d2701e..d967010b848 100644 + "com.sun.crypto.provider.HmacPKCS12PBECore$HmacPKCS12PBE_SHA512_256", + null, attrs); + -+ + // PBMAC1 + ps("Mac", "PBEWithHmacSHA1", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA1", null, attrs); @@ -967,6 +1076,11 @@ index 38836d2701e..d967010b848 100644 + "com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs); + ps("Mac", "PBEWithHmacSHA512", + "com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs); ++ ps("Mac", "PBEWithHmacSHA512/224", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512_224", null, attrs); ++ ps("Mac", "PBEWithHmacSHA512/256", ++ "com.sun.crypto.provider.PBMAC1Core$HmacSHA512_256", null, attrs); ++ + ps("Mac", "SslMacMD5", + "com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs); + ps("Mac", "SslMacSHA1", @@ -979,6 +1093,15 @@ index 38836d2701e..d967010b848 100644 + "com.sun.crypto.provider.JceKeyStore"); + + /* ++ * KEMs ++ */ ++ attrs.clear(); ++ attrs.put("ImplementedIn", "Software"); ++ attrs.put("SupportedKeyClasses", "java.security.interfaces.ECKey" + ++ "|java.security.interfaces.XECKey"); ++ ps("KEM", "DHKEM", "com.sun.crypto.provider.DHKEM", null, attrs); ++ ++ /* + * SSL/TLS mechanisms + * + * These are strictly internal implementations and may @@ -1008,7 +1131,7 @@ index 38836d2701e..d967010b848 100644 // Return the instance of this class or create one if needed. diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java -index 257dc172ee2..35cea6c54e7 100644 +index 671529f71a1..af632936921 100644 --- a/src/java.base/share/classes/java/security/Security.java +++ b/src/java.base/share/classes/java/security/Security.java @@ -34,6 +34,7 @@ import java.net.URL; @@ -1406,7 +1529,7 @@ index 00000000000..3f3caac64dc + boolean isPlainKeySupportEnabled(); +} diff --git a/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java b/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java -index cf76aa9ff94..9ecb14db126 100644 +index 919d758a6e3..b1e5fbaf84a 100644 --- a/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java +++ b/src/java.base/share/classes/jdk/internal/access/SharedSecrets.java @@ -43,6 +43,7 @@ import java.io.PrintStream; @@ -1417,15 +1540,15 @@ index cf76aa9ff94..9ecb14db126 100644 import java.security.Signature; /** A repository of "shared secrets", which are a mechanism for -@@ -89,6 +90,7 @@ public class SharedSecrets { - private static JavaSecuritySpecAccess javaSecuritySpecAccess; +@@ -90,6 +91,7 @@ public class SharedSecrets { private static JavaxCryptoSealedObjectAccess javaxCryptoSealedObjectAccess; private static JavaxCryptoSpecAccess javaxCryptoSpecAccess; + private static JavaTemplateAccess javaTemplateAccess; + private static JavaSecuritySystemConfiguratorAccess javaSecuritySystemConfiguratorAccess; public static void setJavaUtilCollectionAccess(JavaUtilCollectionAccess juca) { javaUtilCollectionAccess = juca; -@@ -521,4 +523,15 @@ public class SharedSecrets { +@@ -537,4 +539,15 @@ public class SharedSecrets { MethodHandles.lookup().ensureInitialized(c); } catch (IllegalAccessException e) {} } @@ -1442,10 +1565,10 @@ index cf76aa9ff94..9ecb14db126 100644 + } } diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java -index d985dec174f..a5b9cbf7fbc 100644 +index 06b141dcf22..e8cbf7f15d7 100644 --- a/src/java.base/share/classes/module-info.java +++ b/src/java.base/share/classes/module-info.java -@@ -163,6 +163,7 @@ module java.base { +@@ -158,6 +158,7 @@ module java.base { java.naming, java.rmi, jdk.charsets, @@ -1454,7 +1577,7 @@ index d985dec174f..a5b9cbf7fbc 100644 jdk.jlink, jdk.jfr, diff --git a/src/java.base/share/classes/sun/security/provider/SunEntries.java b/src/java.base/share/classes/sun/security/provider/SunEntries.java -index 0d4ae1019e1..e839866a28c 100644 +index f036a411f1d..1e9de933bd9 100644 --- a/src/java.base/share/classes/sun/security/provider/SunEntries.java +++ b/src/java.base/share/classes/sun/security/provider/SunEntries.java @@ -38,6 +38,7 @@ import java.util.HashMap; @@ -1476,7 +1599,7 @@ index 0d4ae1019e1..e839866a28c 100644 // the default algo used by SecureRandom class for new SecureRandom() calls public static final String DEF_SECURE_RANDOM_ALGO; -@@ -102,99 +107,101 @@ public final class SunEntries { +@@ -102,89 +107,92 @@ public final class SunEntries { // common attribute map HashMap attrs = new HashMap<>(3); @@ -1540,8 +1663,6 @@ index 0d4ae1019e1..e839866a28c 100644 - "sun.security.provider.DSA$SHA3_384withDSA", attrs); - addWithAlias(p, "Signature", "SHA3-512withDSA", - "sun.security.provider.DSA$SHA3_512withDSA", attrs); -- -- attrs.remove("KeySize"); + if (!systemFipsEnabled) { + /* + * SecureRandom engines @@ -1564,32 +1685,7 @@ index 0d4ae1019e1..e839866a28c 100644 + add(p, "SecureRandom", "SHA1PRNG", + "sun.security.provider.SecureRandom", attrs); -- add(p, "Signature", "SHA1withDSAinP1363Format", -- "sun.security.provider.DSA$SHA1withDSAinP1363Format"); -- add(p, "Signature", "NONEwithDSAinP1363Format", -- "sun.security.provider.DSA$RawDSAinP1363Format"); -- add(p, "Signature", "SHA224withDSAinP1363Format", -- "sun.security.provider.DSA$SHA224withDSAinP1363Format"); -- add(p, "Signature", "SHA256withDSAinP1363Format", -- "sun.security.provider.DSA$SHA256withDSAinP1363Format"); -- add(p, "Signature", "SHA384withDSAinP1363Format", -- "sun.security.provider.DSA$SHA384withDSAinP1363Format"); -- add(p, "Signature", "SHA512withDSAinP1363Format", -- "sun.security.provider.DSA$SHA512withDSAinP1363Format"); -- add(p, "Signature", "SHA3-224withDSAinP1363Format", -- "sun.security.provider.DSA$SHA3_224withDSAinP1363Format"); -- add(p, "Signature", "SHA3-256withDSAinP1363Format", -- "sun.security.provider.DSA$SHA3_256withDSAinP1363Format"); -- add(p, "Signature", "SHA3-384withDSAinP1363Format", -- "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); -- add(p, "Signature", "SHA3-512withDSAinP1363Format", -- "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); -- /* -- * Key Pair Generator engines -- */ -- attrs.clear(); -- attrs.put("ImplementedIn", "Software"); -- attrs.put("KeySize", "2048"); // for DSA KPG and APG only +- attrs.remove("KeySize"); + /* + * Signature engines + */ @@ -1652,16 +1748,39 @@ index 0d4ae1019e1..e839866a28c 100644 + "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); + add(p, "Signature", "SHA3-512withDSAinP1363Format", + "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); -+ /* -+ * Key Pair Generator engines -+ */ -+ attrs.clear(); -+ attrs.put("ImplementedIn", "Software"); -+ attrs.put("KeySize", "2048"); // for DSA KPG and APG only + +- add(p, "Signature", "SHA1withDSAinP1363Format", +- "sun.security.provider.DSA$SHA1withDSAinP1363Format"); +- add(p, "Signature", "NONEwithDSAinP1363Format", +- "sun.security.provider.DSA$RawDSAinP1363Format"); +- add(p, "Signature", "SHA224withDSAinP1363Format", +- "sun.security.provider.DSA$SHA224withDSAinP1363Format"); +- add(p, "Signature", "SHA256withDSAinP1363Format", +- "sun.security.provider.DSA$SHA256withDSAinP1363Format"); +- add(p, "Signature", "SHA384withDSAinP1363Format", +- "sun.security.provider.DSA$SHA384withDSAinP1363Format"); +- add(p, "Signature", "SHA512withDSAinP1363Format", +- "sun.security.provider.DSA$SHA512withDSAinP1363Format"); +- add(p, "Signature", "SHA3-224withDSAinP1363Format", +- "sun.security.provider.DSA$SHA3_224withDSAinP1363Format"); +- add(p, "Signature", "SHA3-256withDSAinP1363Format", +- "sun.security.provider.DSA$SHA3_256withDSAinP1363Format"); +- add(p, "Signature", "SHA3-384withDSAinP1363Format", +- "sun.security.provider.DSA$SHA3_384withDSAinP1363Format"); +- add(p, "Signature", "SHA3-512withDSAinP1363Format", +- "sun.security.provider.DSA$SHA3_512withDSAinP1363Format"); ++ } + + attrs.clear(); + attrs.put("ImplementedIn", "Software"); +@@ -196,9 +204,11 @@ public final class SunEntries { + attrs.put("ImplementedIn", "Software"); + attrs.put("KeySize", "2048"); // for DSA KPG and APG only - String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; - dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); - addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); ++ if (!systemFipsEnabled) { + String dsaKPGImplClass = "sun.security.provider.DSAKeyPairGenerator$"; + dsaKPGImplClass += (useLegacyDSA? "Legacy" : "Current"); + addWithAlias(p, "KeyPairGenerator", "DSA", dsaKPGImplClass, attrs); @@ -1669,7 +1788,7 @@ index 0d4ae1019e1..e839866a28c 100644 /* * Algorithm Parameter Generator engines -@@ -209,42 +216,44 @@ public final class SunEntries { +@@ -213,44 +223,46 @@ public final class SunEntries { addWithAlias(p, "AlgorithmParameters", "DSA", "sun.security.provider.DSAParameters", attrs); @@ -1678,6 +1797,8 @@ index 0d4ae1019e1..e839866a28c 100644 - */ - addWithAlias(p, "KeyFactory", "DSA", - "sun.security.provider.DSAKeyFactory", attrs); +- addWithAlias(p, "KeyFactory", "HSS/LMS", +- "sun.security.provider.HSS$KeyFactoryImpl", attrs); - - /* - * Digest engines @@ -1694,6 +1815,8 @@ index 0d4ae1019e1..e839866a28c 100644 + */ + addWithAlias(p, "KeyFactory", "DSA", + "sun.security.provider.DSAKeyFactory", attrs); ++ addWithAlias(p, "KeyFactory", "HSS/LMS", ++ "sun.security.provider.HSS$KeyFactoryImpl", attrs); - addWithAlias(p, "MessageDigest", "SHA-224", - "sun.security.provider.SHA2$SHA224", attrs); @@ -1750,7 +1873,7 @@ index 0d4ae1019e1..e839866a28c 100644 /* * Certificates diff --git a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java -index 539ef1e8ee8..7662684797e 100644 +index 539ef1e8ee8..435f57e3ff2 100644 --- a/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java +++ b/src/java.base/share/classes/sun/security/rsa/SunRsaSignEntries.java @@ -27,6 +27,7 @@ package sun.security.rsa; @@ -1772,19 +1895,7 @@ index 539ef1e8ee8..7662684797e 100644 private void add(Provider p, String type, String algo, String cn, List aliases, HashMap attrs) { services.add(new Provider.Service(p, type, algo, cn, -@@ -56,49 +61,58 @@ public final class SunRsaSignEntries { - // start populating content using the specified provider - // common attribute map - HashMap attrs = new HashMap<>(3); -- attrs.put("SupportedKeyClasses", -- "java.security.interfaces.RSAPublicKey" + -- "|java.security.interfaces.RSAPrivateKey"); -+ if (!systemFipsEnabled) { -+ attrs.put("SupportedKeyClasses", -+ "java.security.interfaces.RSAPublicKey" + -+ "|java.security.interfaces.RSAPrivateKey"); -+ } - +@@ -63,42 +68,49 @@ public final class SunRsaSignEntries { add(p, "KeyFactory", "RSA", "sun.security.rsa.RSAKeyFactory$Legacy", getAliases("PKCS1"), null); @@ -1867,139 +1978,11 @@ index 539ef1e8ee8..7662684797e 100644 addA(p, "AlgorithmParameters", "RSASSA-PSS", "sun.security.rsa.PSSParameters", null); } -diff --git a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java -index a9f97c76cb9..3571778367f 100644 ---- a/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java -+++ b/src/java.base/share/classes/sun/security/ssl/SSLContextImpl.java -@@ -32,6 +32,7 @@ import java.security.cert.*; - import java.util.*; - import java.util.concurrent.locks.ReentrantLock; - import javax.net.ssl.*; -+import jdk.internal.access.SharedSecrets; - import sun.security.action.GetPropertyAction; - import sun.security.provider.certpath.AlgorithmChecker; - import sun.security.validator.Validator; -@@ -530,22 +531,40 @@ public abstract class SSLContextImpl extends SSLContextSpi { - private static final List serverDefaultCipherSuites; - - static { -- supportedProtocols = Arrays.asList( -- ProtocolVersion.TLS13, -- ProtocolVersion.TLS12, -- ProtocolVersion.TLS11, -- ProtocolVersion.TLS10, -- ProtocolVersion.SSL30, -- ProtocolVersion.SSL20Hello -- ); -- -- serverDefaultProtocols = getAvailableProtocols( -- new ProtocolVersion[] { -- ProtocolVersion.TLS13, -- ProtocolVersion.TLS12, -- ProtocolVersion.TLS11, -- ProtocolVersion.TLS10 -- }); -+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() -+ .isSystemFipsEnabled()) { -+ // RH1860986: TLSv1.3 key derivation not supported with -+ // the Security Providers available in system FIPS mode. -+ supportedProtocols = Arrays.asList( -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ ); -+ -+ serverDefaultProtocols = getAvailableProtocols( -+ new ProtocolVersion[] { -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ }); -+ } else { -+ supportedProtocols = Arrays.asList( -+ ProtocolVersion.TLS13, -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10, -+ ProtocolVersion.SSL30, -+ ProtocolVersion.SSL20Hello -+ ); -+ -+ serverDefaultProtocols = getAvailableProtocols( -+ new ProtocolVersion[] { -+ ProtocolVersion.TLS13, -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ }); -+ } - - supportedCipherSuites = getApplicableSupportedCipherSuites( - supportedProtocols); -@@ -836,12 +855,23 @@ public abstract class SSLContextImpl extends SSLContextSpi { - ProtocolVersion[] candidates; - if (refactored.isEmpty()) { - // Client and server use the same default protocols. -- candidates = new ProtocolVersion[] { -- ProtocolVersion.TLS13, -- ProtocolVersion.TLS12, -- ProtocolVersion.TLS11, -- ProtocolVersion.TLS10 -- }; -+ if (SharedSecrets.getJavaSecuritySystemConfiguratorAccess() -+ .isSystemFipsEnabled()) { -+ // RH1860986: TLSv1.3 key derivation not supported with -+ // the Security Providers available in system FIPS mode. -+ candidates = new ProtocolVersion[] { -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ }; -+ } else { -+ candidates = new ProtocolVersion[] { -+ ProtocolVersion.TLS13, -+ ProtocolVersion.TLS12, -+ ProtocolVersion.TLS11, -+ ProtocolVersion.TLS10 -+ }; -+ } - } else { - // Use the customized TLS protocols. - candidates = -diff --git a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java -index 894e26dfad8..8b16378b96b 100644 ---- a/src/java.base/share/classes/sun/security/ssl/SunJSSE.java -+++ b/src/java.base/share/classes/sun/security/ssl/SunJSSE.java -@@ -27,6 +27,8 @@ package sun.security.ssl; - - import java.security.*; - import java.util.*; -+ -+import jdk.internal.access.SharedSecrets; - import static sun.security.util.SecurityConstants.PROVIDER_VER; - - /** -@@ -102,8 +104,13 @@ public class SunJSSE extends java.security.Provider { - "sun.security.ssl.SSLContextImpl$TLS11Context", null, null); - ps("SSLContext", "TLSv1.2", - "sun.security.ssl.SSLContextImpl$TLS12Context", null, null); -- ps("SSLContext", "TLSv1.3", -- "sun.security.ssl.SSLContextImpl$TLS13Context", null, null); -+ if (!SharedSecrets.getJavaSecuritySystemConfiguratorAccess() -+ .isSystemFipsEnabled()) { -+ // RH1860986: TLSv1.3 key derivation not supported with -+ // the Security Providers available in system FIPS mode. -+ ps("SSLContext", "TLSv1.3", -+ "sun.security.ssl.SSLContextImpl$TLS13Context", null, null); -+ } - ps("SSLContext", "TLS", - "sun.security.ssl.SSLContextImpl$TLSContext", - List.of("SSL"), null); diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security -index 8156eea7e11..6a7f6eeafcc 100644 +index 5149edba0e5..8227d650a03 100644 --- a/src/java.base/share/conf/security/java.security +++ b/src/java.base/share/conf/security/java.security -@@ -85,6 +85,16 @@ security.provider.tbd=Apple +@@ -85,6 +85,17 @@ security.provider.tbd=Apple #endif security.provider.tbd=SunPKCS11 @@ -2012,23 +1995,60 @@ index 8156eea7e11..6a7f6eeafcc 100644 +fips.provider.4=SunJSSE +fips.provider.5=SunJCE +fips.provider.6=SunRsaSign ++fips.provider.7=XMLDSig + # # A list of preferred providers for specific algorithms. These providers will # be searched for matching algorithms before the list of registered providers. -@@ -295,6 +305,11 @@ policy.ignoreIdentityScope=false +@@ -295,6 +306,47 @@ policy.ignoreIdentityScope=false # keystore.type=pkcs12 +# +# Default keystore type used when global crypto-policies are set to FIPS. +# -+fips.keystore.type=PKCS11 ++fips.keystore.type=pkcs12 ++ ++# ++# Location of the NSS DB keystore (PKCS11) in FIPS mode. ++# ++# The syntax for this property is identical to the 'nssSecmodDirectory' ++# attribute available in the SunPKCS11 NSS configuration file. Use the ++# 'sql:' prefix to refer to an SQLite DB. ++# ++# If the system property fips.nssdb.path is also specified, it supersedes ++# the security property value defined here. ++# ++# Note: the default value for this property points to an NSS DB that might be ++# readable by multiple operating system users and unsuitable to store keys. ++# ++fips.nssdb.path=sql:/etc/pki/nssdb ++ ++# ++# PIN for the NSS DB keystore (PKCS11) in FIPS mode. ++# ++# Values must take any of the following forms: ++# 1) pin: ++# Value: clear text PIN value. ++# 2) env: ++# Value: environment variable containing the PIN value. ++# 3) file: ++# Value: path to a file containing the PIN value in its first ++# line. ++# ++# If the system property fips.nssdb.pin is also specified, it supersedes ++# the security property value defined here. ++# ++# When used as a system property, UTF-8 encoded values are valid. When ++# used as a security property (such as in this file), encode non-Basic ++# Latin Unicode characters with \uXXXX. ++# ++fips.nssdb.pin=pin: + # # Controls compatibility mode for JKS and PKCS12 keystore types. # -@@ -332,6 +347,13 @@ package.definition=sun.misc.,\ +@@ -332,6 +384,13 @@ package.definition=sun.misc.,\ # security.overridePropertiesFile=true @@ -2042,11 +2062,25 @@ index 8156eea7e11..6a7f6eeafcc 100644 # # Determines the default key and trust manager factory algorithms for # the javax.net.ssl package. +diff --git a/src/java.base/share/conf/security/nss.fips.cfg.in b/src/java.base/share/conf/security/nss.fips.cfg.in +new file mode 100644 +index 00000000000..55bbba98b7a +--- /dev/null ++++ b/src/java.base/share/conf/security/nss.fips.cfg.in +@@ -0,0 +1,8 @@ ++name = NSS-FIPS ++nssLibraryDirectory = @NSS_LIBDIR@ ++nssSecmodDirectory = ${fips.nssdb.path} ++nssDbMode = readWrite ++nssModule = fips ++ ++attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true } ++ diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy -index 2a01c06250a..aea4620b1ab 100644 +index 86d45147709..22fd8675503 100644 --- a/src/java.base/share/lib/security/default.policy +++ b/src/java.base/share/lib/security/default.policy -@@ -124,6 +124,7 @@ grant codeBase "jrt:/jdk.charsets" { +@@ -130,6 +130,7 @@ grant codeBase "jrt:/jdk.charsets" { grant codeBase "jrt:/jdk.crypto.ec" { permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; @@ -2054,6 +2088,15 @@ index 2a01c06250a..aea4620b1ab 100644 permission java.lang.RuntimePermission "loadLibrary.sunec"; permission java.security.SecurityPermission "putProviderProperty.SunEC"; permission java.security.SecurityPermission "clearProviderProperties.SunEC"; +@@ -150,6 +151,8 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" { + permission java.util.PropertyPermission "os.name", "read"; + permission java.util.PropertyPermission "os.arch", "read"; + permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read"; ++ permission java.util.PropertyPermission "fips.nssdb.path", "read,write"; ++ permission java.util.PropertyPermission "fips.nssdb.pin", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; diff --git a/src/java.base/share/native/libsystemconf/systemconf.c b/src/java.base/share/native/libsystemconf/systemconf.c new file mode 100644 index 00000000000..ddf9befe5bc @@ -2298,10 +2341,10 @@ index 00000000000..ddf9befe5bc +#endif diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java new file mode 100644 -index 00000000000..52a403107c3 +index 00000000000..48d6d656a28 --- /dev/null +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSKeyImporter.java -@@ -0,0 +1,461 @@ +@@ -0,0 +1,457 @@ +/* + * Copyright (c) 2021, Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. @@ -2376,9 +2419,6 @@ index 00000000000..52a403107c3 + private static volatile Provider sunECProvider = null; + private static final ReentrantLock sunECProviderLock = new ReentrantLock(); + -+ private static volatile KeyFactory DHKF = null; -+ private static final ReentrantLock DHKFLock = new ReentrantLock(); -+ + static Long importKey(SunPKCS11 sunPKCS11, long hSession, CK_ATTRIBUTE[] attributes) + throws PKCS11Exception { + long keyID = -1; @@ -2623,8 +2663,7 @@ index 00000000000..52a403107c3 + CKA_PRIVATE_EXPONENT, CKA_PRIME_1, CKA_PRIME_2, + CKA_EXPONENT_1, CKA_EXPONENT_2, CKA_COEFFICIENT); + RSAPrivateKey rsaPKey = RSAPrivateCrtKeyImpl.newKey( -+ RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey -+ ); ++ RSAUtil.KeyType.RSA, "PKCS#8", plainExportedKey); + CK_ATTRIBUTE attr; + if ((attr = sensitiveAttrs.get(CKA_PRIVATE_EXPONENT)) != null) { + attr.pValue = rsaPKey.getPrivateExponent().toByteArray(); @@ -2763,8 +2802,164 @@ index 00000000000..52a403107c3 + } + } +} +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java +new file mode 100644 +index 00000000000..f8d505ca815 +--- /dev/null ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/FIPSTokenLoginHandler.java +@@ -0,0 +1,149 @@ ++/* ++ * Copyright (c) 2022, Red Hat, Inc. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++package sun.security.pkcs11; ++ ++import java.io.BufferedReader; ++import java.io.ByteArrayInputStream; ++import java.io.InputStream; ++import java.io.InputStreamReader; ++import java.io.IOException; ++import java.nio.charset.StandardCharsets; ++import java.nio.file.Files; ++import java.nio.file.Path; ++import java.nio.file.Paths; ++import java.nio.file.StandardOpenOption; ++import java.security.ProviderException; ++ ++import javax.security.auth.callback.Callback; ++import javax.security.auth.callback.CallbackHandler; ++import javax.security.auth.callback.PasswordCallback; ++import javax.security.auth.callback.UnsupportedCallbackException; ++ ++import sun.security.util.Debug; ++import sun.security.util.SecurityProperties; ++ ++final class FIPSTokenLoginHandler implements CallbackHandler { ++ ++ private static final String FIPS_NSSDB_PIN_PROP = "fips.nssdb.pin"; ++ ++ private static final Debug debug = Debug.getInstance("sunpkcs11"); ++ ++ public void handle(Callback[] callbacks) ++ throws IOException, UnsupportedCallbackException { ++ if (!(callbacks[0] instanceof PasswordCallback)) { ++ throw new UnsupportedCallbackException(callbacks[0]); ++ } ++ PasswordCallback pc = (PasswordCallback)callbacks[0]; ++ pc.setPassword(getFipsNssdbPin()); ++ } ++ ++ private static char[] getFipsNssdbPin() throws ProviderException { ++ if (debug != null) { ++ debug.println("FIPS: Reading NSS DB PIN for token..."); ++ } ++ String pinProp = SecurityProperties ++ .privilegedGetOverridable(FIPS_NSSDB_PIN_PROP); ++ if (pinProp != null && !pinProp.isEmpty()) { ++ String[] pinPropParts = pinProp.split(":", 2); ++ if (pinPropParts.length < 2) { ++ throw new ProviderException("Invalid " + FIPS_NSSDB_PIN_PROP + ++ " property value."); ++ } ++ String prefix = pinPropParts[0].toLowerCase(); ++ String value = pinPropParts[1]; ++ String pin = null; ++ if (prefix.equals("env")) { ++ if (debug != null) { ++ debug.println("FIPS: PIN value from the '" + value + ++ "' environment variable."); ++ } ++ pin = System.getenv(value); ++ } else if (prefix.equals("file")) { ++ if (debug != null) { ++ debug.println("FIPS: PIN value from the '" + value + ++ "' file."); ++ } ++ pin = getPinFromFile(Paths.get(value)); ++ } else if (prefix.equals("pin")) { ++ if (debug != null) { ++ debug.println("FIPS: PIN value from the " + ++ FIPS_NSSDB_PIN_PROP + " property."); ++ } ++ pin = value; ++ } else { ++ throw new ProviderException("Unsupported prefix for " + ++ FIPS_NSSDB_PIN_PROP + "."); ++ } ++ if (pin != null && !pin.isEmpty()) { ++ if (debug != null) { ++ debug.println("FIPS: non-empty PIN."); ++ } ++ /* ++ * C_Login in libj2pkcs11 receives the PIN in a char[] and ++ * discards the upper byte of each char, before passing ++ * the value to the NSS Software Token. However, the ++ * NSS Software Token accepts any UTF-8 PIN value. Thus, ++ * expand the PIN here to account for later truncation. ++ */ ++ byte[] pinUtf8 = pin.getBytes(StandardCharsets.UTF_8); ++ char[] pinChar = new char[pinUtf8.length]; ++ for (int i = 0; i < pinChar.length; i++) { ++ pinChar[i] = (char)(pinUtf8[i] & 0xFF); ++ } ++ return pinChar; ++ } ++ } ++ if (debug != null) { ++ debug.println("FIPS: empty PIN."); ++ } ++ return null; ++ } ++ ++ /* ++ * This method extracts the token PIN from the first line of a password ++ * file in the same way as NSS modutil. See for example the -newpwfile ++ * argument used to change the password for an NSS DB. ++ */ ++ private static String getPinFromFile(Path f) throws ProviderException { ++ try (InputStream is = ++ Files.newInputStream(f, StandardOpenOption.READ)) { ++ /* ++ * SECU_FilePasswd in NSS (nss/cmd/lib/secutil.c), used by modutil, ++ * reads up to 4096 bytes. In addition, the NSS Software Token ++ * does not accept PINs longer than 500 bytes (see SFTK_MAX_PIN ++ * in nss/lib/softoken/pkcs11i.h). ++ */ ++ BufferedReader in = ++ new BufferedReader(new InputStreamReader( ++ new ByteArrayInputStream(is.readNBytes(4096)), ++ StandardCharsets.UTF_8)); ++ return in.readLine(); ++ } catch (IOException ioe) { ++ throw new ProviderException("Error reading " + FIPS_NSSDB_PIN_PROP + ++ " from the '" + f + "' file.", ioe); ++ } ++ } ++} +\ No newline at end of file diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java -index af6fbeba48a..a20278cb683 100644 +index 6b26297b1b4..7ee5e07756c 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java @@ -37,6 +37,8 @@ import javax.crypto.*; @@ -2786,7 +2981,7 @@ index af6fbeba48a..a20278cb683 100644 private static final String PUBLIC = "public"; private static final String PRIVATE = "private"; private static final String SECRET = "secret"; -@@ -391,8 +396,10 @@ abstract class P11Key implements Key, Length { +@@ -401,8 +406,10 @@ abstract class P11Key implements Key, Length { new CK_ATTRIBUTE(CKA_EXTRACTABLE), }); @@ -2799,7 +2994,7 @@ index af6fbeba48a..a20278cb683 100644 return switch (algorithm) { case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm, -@@ -444,7 +451,8 @@ abstract class P11Key implements Key, Length { +@@ -454,7 +461,8 @@ abstract class P11Key implements Key, Length { public String getFormat() { token.ensureValid(); @@ -2809,13 +3004,13 @@ index af6fbeba48a..a20278cb683 100644 return null; } else { return "RAW"; -@@ -1575,4 +1583,3 @@ final class SessionKeyRef extends PhantomReference { +@@ -1624,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference { this.clear(); } } - diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java -index 04a1a70ed23..a5c9b5fddf4 100644 +index 5cd6828d293..bae49c4e8a9 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/SunPKCS11.java @@ -26,6 +26,9 @@ @@ -2828,7 +3023,7 @@ index 04a1a70ed23..a5c9b5fddf4 100644 import java.util.*; import java.security.*; -@@ -42,6 +45,7 @@ import javax.security.auth.callback.PasswordCallback; +@@ -42,10 +45,12 @@ import javax.security.auth.callback.PasswordCallback; import com.sun.crypto.provider.ChaCha20Poly1305Parameters; @@ -2836,7 +3031,12 @@ index 04a1a70ed23..a5c9b5fddf4 100644 import jdk.internal.misc.InnocuousThread; import sun.security.util.Debug; import sun.security.util.ResourcesMgr; -@@ -65,6 +69,37 @@ public final class SunPKCS11 extends AuthProvider { + import static sun.security.util.SecurityConstants.PROVIDER_VER; ++import sun.security.util.SecurityProperties; + import static sun.security.util.SecurityProviderConstants.getAliases; + + import sun.security.pkcs11.Secmod.*; +@@ -65,6 +70,39 @@ public final class SunPKCS11 extends AuthProvider { @Serial private static final long serialVersionUID = -1354835039035306505L; @@ -2870,11 +3070,43 @@ index 04a1a70ed23..a5c9b5fddf4 100644 + fipsImportKey = fipsImportKeyTmp; + fipsExportKey = fipsExportKeyTmp; + } ++ ++ private static final String FIPS_NSSDB_PATH_PROP = "fips.nssdb.path"; + static final Debug debug = Debug.getInstance("sunpkcs11"); // the PKCS11 object through which we make the native calls @SuppressWarnings("serial") // Type of field is not Serializable; -@@ -325,9 +360,19 @@ public final class SunPKCS11 extends AuthProvider { +@@ -123,6 +161,29 @@ public final class SunPKCS11 extends AuthProvider { + return AccessController.doPrivileged(new PrivilegedExceptionAction<>() { + @Override + public SunPKCS11 run() throws Exception { ++ if (systemFipsEnabled) { ++ /* ++ * The nssSecmodDirectory attribute in the SunPKCS11 ++ * NSS configuration file takes the value of the ++ * fips.nssdb.path System property after expansion. ++ * Security properties expansion is unsupported. ++ */ ++ String nssdbPath = ++ SecurityProperties.privilegedGetOverridable( ++ FIPS_NSSDB_PATH_PROP); ++ if (System.getSecurityManager() != null) { ++ AccessController.doPrivileged( ++ (PrivilegedAction) () -> { ++ System.setProperty( ++ FIPS_NSSDB_PATH_PROP, ++ nssdbPath); ++ return null; ++ }); ++ } else { ++ System.setProperty( ++ FIPS_NSSDB_PATH_PROP, nssdbPath); ++ } ++ } + return new SunPKCS11(new Config(newConfigName)); + } + }); +@@ -325,9 +386,19 @@ public final class SunPKCS11 extends AuthProvider { // request multithreaded access first initArgs.flags = CKF_OS_LOCKING_OK; PKCS11 tmpPKCS11; @@ -2896,7 +3128,7 @@ index 04a1a70ed23..a5c9b5fddf4 100644 } catch (PKCS11Exception e) { if (debug != null) { debug.println("Multi-threaded initialization failed: " + e); -@@ -342,8 +387,9 @@ public final class SunPKCS11 extends AuthProvider { +@@ -342,8 +413,9 @@ public final class SunPKCS11 extends AuthProvider { } else { initArgs.flags = 0; } @@ -2908,31 +3140,116 @@ index 04a1a70ed23..a5c9b5fddf4 100644 } p11 = tmpPKCS11; -@@ -383,6 +429,24 @@ public final class SunPKCS11 extends AuthProvider { - if (nssModule != null) { - nssModule.setProvider(this); +@@ -1389,11 +1461,52 @@ public final class SunPKCS11 extends AuthProvider { + } + + @Override ++ @SuppressWarnings("removal") + public Object newInstance(Object param) + throws NoSuchAlgorithmException { + if (!token.isValid()) { + throw new NoSuchAlgorithmException("Token has been removed"); } -+ if (systemFipsEnabled) { -+ // The NSS Software Token in FIPS 140-2 mode requires a user -+ // login for most operations. See sftk_fipsCheck. The NSS DB -+ // (/etc/pki/nssdb) PIN is empty. -+ Session session = null; ++ if (systemFipsEnabled && !token.fipsLoggedIn && ++ !getType().equals("KeyStore")) { ++ /* ++ * The NSS Software Token in FIPS 140-2 mode requires a ++ * user login for most operations. See sftk_fipsCheck ++ * (nss/lib/softoken/fipstokn.c). In case of a KeyStore ++ * service, let the caller perform the login with ++ * KeyStore::load. Keytool, for example, does this to pass a ++ * PIN from either the -srcstorepass or -deststorepass ++ * argument. In case of a non-KeyStore service, perform the ++ * login now with the PIN available in the fips.nssdb.pin ++ * property. ++ */ + try { -+ session = token.getOpSession(); -+ p11.C_Login(session.id(), CKU_USER, new char[] {}); -+ } catch (PKCS11Exception p11e) { -+ if (debug != null) { -+ debug.println("Error during token login: " + -+ p11e.getMessage()); ++ if (System.getSecurityManager() != null) { ++ try { ++ AccessController.doPrivileged( ++ (PrivilegedExceptionAction) () -> { ++ token.ensureLoggedIn(null); ++ return null; ++ }); ++ } catch (PrivilegedActionException pae) { ++ Exception e = pae.getException(); ++ if (e instanceof LoginException le) { ++ throw le; ++ } else if (e instanceof PKCS11Exception p11e) { ++ throw p11e; ++ } else { ++ throw new RuntimeException(e); ++ } ++ } ++ } else { ++ token.ensureLoggedIn(null); + } -+ throw p11e; -+ } finally { -+ token.releaseSession(session); ++ } catch (PKCS11Exception | LoginException e) { ++ throw new ProviderException("FIPS: error during the Token" + ++ " login required for the " + getType() + ++ " service.", e); + } + } - } catch (Exception e) { - if (config.getHandleStartupErrors() == Config.ERR_IGNORE_ALL) { - throw new UnsupportedOperationException + try { + return newInstance0(param); + } catch (PKCS11Exception e) { +@@ -1750,6 +1863,9 @@ public final class SunPKCS11 extends AuthProvider { + try { + session = token.getOpSession(); + p11.C_Logout(session.id()); ++ if (systemFipsEnabled) { ++ token.fipsLoggedIn = false; ++ } + if (debug != null) { + debug.println("logout succeeded"); + } +diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java +index 3378409ca1c..7602a92a252 100644 +--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java ++++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java +@@ -33,6 +33,7 @@ import java.lang.ref.*; + import java.security.*; + import javax.security.auth.login.LoginException; + ++import jdk.internal.access.SharedSecrets; + import sun.security.jca.JCAUtil; + + import sun.security.pkcs11.wrapper.*; +@@ -48,6 +49,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.RV.*; + */ + final class Token implements Serializable { + ++ private static final boolean systemFipsEnabled = SharedSecrets ++ .getJavaSecuritySystemConfiguratorAccess().isSystemFipsEnabled(); ++ + // need to be serializable to allow SecureRandom to be serialized + @Serial + private static final long serialVersionUID = 2541527649100571747L; +@@ -125,6 +129,10 @@ final class Token implements Serializable { + // flag indicating whether we are logged in + private volatile boolean loggedIn; + ++ // Flag indicating the login status for the NSS Software Token in FIPS mode. ++ // This Token is never asynchronously removed. Used from SunPKCS11. ++ volatile boolean fipsLoggedIn; ++ + // time we last checked login status + private long lastLoginCheck; + +@@ -242,7 +250,12 @@ final class Token implements Serializable { + // call provider.login() if not + void ensureLoggedIn(Session session) throws PKCS11Exception, LoginException { + if (!isLoggedIn(session)) { +- provider.login(null, null); ++ if (systemFipsEnabled) { ++ provider.login(null, new FIPSTokenLoginHandler()); ++ fipsLoggedIn = true; ++ } else { ++ provider.login(null, null); ++ } + } + } + diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java index 4b06daaf264..55e14945469 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java @@ -3209,7 +3526,7 @@ index 920422376f8..6aa308fa5f8 100644 * Constructor taking the error code (the CKR_* constants in PKCS#11) and * extra info for error message. diff --git a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java -index 3cfb74c8115..0e333d8ba74 100644 +index 7f8c4dba002..e65b11fc3ee 100644 --- a/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java +++ b/src/jdk.crypto.ec/share/classes/sun/security/ec/SunEC.java @@ -34,6 +34,7 @@ import java.security.ProviderException; @@ -3231,7 +3548,7 @@ index 3cfb74c8115..0e333d8ba74 100644 private static class ProviderServiceA extends ProviderService { ProviderServiceA(Provider p, String type, String algo, String cn, HashMap attrs) { -@@ -243,83 +248,85 @@ public final class SunEC extends Provider { +@@ -240,83 +245,85 @@ public final class SunEC extends Provider { putXDHEntries(); putEdDSAEntries(); @@ -3394,7 +3711,7 @@ index 3cfb74c8115..0e333d8ba74 100644 } private void putXDHEntries() { -@@ -336,23 +343,25 @@ public final class SunEC extends Provider { +@@ -333,23 +340,25 @@ public final class SunEC extends Provider { "X448", "sun.security.ec.XDHKeyFactory.X448", ATTRS)); @@ -3437,7 +3754,7 @@ index 3cfb74c8115..0e333d8ba74 100644 } private void putEdDSAEntries() { -@@ -367,21 +376,23 @@ public final class SunEC extends Provider { +@@ -364,21 +373,23 @@ public final class SunEC extends Provider { putService(new ProviderServiceA(this, "KeyFactory", "Ed448", "sun.security.ec.ed.EdDSAKeyFactory.Ed448", ATTRS)); @@ -3476,3 +3793,442 @@ index 3cfb74c8115..0e333d8ba74 100644 } } +diff --git a/test/jdk/sun/security/pkcs11/fips/NssdbPin.java b/test/jdk/sun/security/pkcs11/fips/NssdbPin.java +new file mode 100644 +index 00000000000..ce01c655eb8 +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/fips/NssdbPin.java +@@ -0,0 +1,349 @@ ++/* ++ * Copyright (c) 2022, Red Hat, Inc. ++ * ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.lang.reflect.Method; ++import java.nio.charset.StandardCharsets; ++import java.nio.file.Files; ++import java.nio.file.Path; ++import java.security.KeyStore; ++import java.security.Provider; ++import java.security.Security; ++import java.util.Arrays; ++import java.util.function.Consumer; ++import java.util.List; ++import javax.crypto.Cipher; ++import javax.crypto.spec.SecretKeySpec; ++ ++import jdk.test.lib.process.Proc; ++import jdk.test.lib.util.FileUtils; ++ ++/* ++ * @test ++ * @bug 9999999 ++ * @summary ++ * Test that the fips.nssdb.path and fips.nssdb.pin properties can be used ++ * for a successful login into an NSS DB. Some additional unitary testing ++ * is then performed. This test depends on NSS modutil and must be run in ++ * FIPS mode (the SunPKCS11-NSS-FIPS security provider has to be available). ++ * @modules jdk.crypto.cryptoki/sun.security.pkcs11:+open ++ * @library /test/lib ++ * @requires (jdk.version.major >= 8) ++ * @run main/othervm/timeout=600 NssdbPin ++ * @author Martin Balao (mbalao@redhat.com) ++ */ ++ ++public final class NssdbPin { ++ ++ // Public properties and names ++ private static final String FIPS_NSSDB_PATH_PROP = "fips.nssdb.path"; ++ private static final String FIPS_NSSDB_PIN_PROP = "fips.nssdb.pin"; ++ private static final String FIPS_PROVIDER_NAME = "SunPKCS11-NSS-FIPS"; ++ private static final String NSSDB_TOKEN_NAME = ++ "NSS FIPS 140-2 Certificate DB"; ++ ++ // Data to be tested ++ private static final String[] PINS_TO_TEST = ++ new String[] { ++ "", ++ "1234567890abcdef1234567890ABCDEF\uA4F7" ++ }; ++ private static enum PropType { SYSTEM, SECURITY } ++ private static enum LoginType { IMPLICIT, EXPLICIT } ++ ++ // Internal test fields ++ private static final boolean DEBUG = true; ++ private static class TestContext { ++ String pin; ++ PropType propType; ++ Path workspace; ++ String nssdbPath; ++ Path nssdbPinFile; ++ LoginType loginType; ++ TestContext(String pin, Path workspace) { ++ this.pin = pin; ++ this.workspace = workspace; ++ this.nssdbPath = "sql:" + workspace; ++ this.loginType = LoginType.IMPLICIT; ++ } ++ } ++ ++ public static void main(String[] args) throws Throwable { ++ if (args.length == 3) { ++ // Executed by a child process. ++ mainChild(args[0], args[1], LoginType.valueOf(args[2])); ++ } else if (args.length == 0) { ++ // Executed by the parent process. ++ mainLauncher(); ++ // Test defaults ++ mainChild("sql:/etc/pki/nssdb", "", LoginType.IMPLICIT); ++ System.out.println("TEST PASS - OK"); ++ } else { ++ throw new Exception("Unexpected number of arguments."); ++ } ++ } ++ ++ private static void mainChild(String expectedPath, String expectedPin, ++ LoginType loginType) throws Throwable { ++ if (DEBUG) { ++ for (String prop : Arrays.asList(FIPS_NSSDB_PATH_PROP, ++ FIPS_NSSDB_PIN_PROP)) { ++ System.out.println(prop + " (System): " + ++ System.getProperty(prop)); ++ System.out.println(prop + " (Security): " + ++ Security.getProperty(prop)); ++ } ++ } ++ ++ /* ++ * Functional cross-test against an NSS DB generated by modutil ++ * with the same PIN. Check that we can perform a crypto operation ++ * that requires a login. The login might be explicit or implicit. ++ */ ++ Provider p = Security.getProvider(FIPS_PROVIDER_NAME); ++ if (DEBUG) { ++ System.out.println(FIPS_PROVIDER_NAME + ": " + p); ++ } ++ if (p == null) { ++ throw new Exception(FIPS_PROVIDER_NAME + " initialization failed."); ++ } ++ if (DEBUG) { ++ System.out.println("Login type: " + loginType); ++ } ++ if (loginType == LoginType.EXPLICIT) { ++ // Do the expansion to account for truncation, so C_Login in ++ // the NSS Software Token gets a UTF-8 encoded PIN. ++ byte[] pinUtf8 = expectedPin.getBytes(StandardCharsets.UTF_8); ++ char[] pinChar = new char[pinUtf8.length]; ++ for (int i = 0; i < pinChar.length; i++) { ++ pinChar[i] = (char)(pinUtf8[i] & 0xFF); ++ } ++ KeyStore.getInstance("PKCS11", p).load(null, pinChar); ++ if (DEBUG) { ++ System.out.println("Explicit login succeeded."); ++ } ++ } ++ if (DEBUG) { ++ System.out.println("Trying a crypto operation..."); ++ } ++ final int blockSize = 16; ++ Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding", p); ++ cipher.init(Cipher.ENCRYPT_MODE, ++ new SecretKeySpec(new byte[blockSize], "AES")); ++ if (cipher.doFinal(new byte[blockSize]).length != blockSize) { ++ throw new Exception("Could not perform a crypto operation."); ++ } ++ if (DEBUG) { ++ if (loginType == LoginType.IMPLICIT) { ++ System.out.println("Implicit login succeeded."); ++ } ++ System.out.println("Crypto operation after login succeeded."); ++ } ++ ++ if (loginType == LoginType.IMPLICIT) { ++ /* ++ * Additional unitary testing. Expected to succeed at this point. ++ */ ++ if (DEBUG) { ++ System.out.println("Trying unitary test..."); ++ } ++ String sysPathProp = System.getProperty(FIPS_NSSDB_PATH_PROP); ++ if (DEBUG) { ++ System.out.println("Path value (as a System property): " + ++ sysPathProp); ++ } ++ if (!expectedPath.equals(sysPathProp)) { ++ throw new Exception("Path is different than expected: " + ++ sysPathProp + " (actual) vs " + expectedPath + ++ " (expected)."); ++ } ++ Class c = Class ++ .forName("sun.security.pkcs11.FIPSTokenLoginHandler"); ++ Method m = c.getDeclaredMethod("getFipsNssdbPin"); ++ m.setAccessible(true); ++ String pin = null; ++ char[] pinChar = (char[]) m.invoke(c); ++ if (pinChar != null) { ++ byte[] pinUtf8 = new byte[pinChar.length]; ++ for (int i = 0; i < pinUtf8.length; i++) { ++ pinUtf8[i] = (byte) pinChar[i]; ++ } ++ pin = new String(pinUtf8, StandardCharsets.UTF_8); ++ } ++ if (!expectedPin.isEmpty() && !expectedPin.equals(pin) || ++ expectedPin.isEmpty() && pin != null) { ++ throw new Exception("PIN is different than expected: '" + pin + ++ "' (actual) vs '" + expectedPin + "' (expected)."); ++ } ++ if (DEBUG) { ++ System.out.println("PIN value: " + pin); ++ System.out.println("Unitary test succeeded."); ++ } ++ } ++ } ++ ++ private static void mainLauncher() throws Throwable { ++ for (String pin : PINS_TO_TEST) { ++ Path workspace = Files.createTempDirectory(null); ++ try { ++ TestContext ctx = new TestContext(pin, workspace); ++ createNSSDB(ctx); ++ { ++ ctx.loginType = LoginType.IMPLICIT; ++ for (PropType propType : PropType.values()) { ++ ctx.propType = propType; ++ pinLauncher(ctx); ++ envLauncher(ctx); ++ fileLauncher(ctx); ++ } ++ } ++ explicitLoginLauncher(ctx); ++ } finally { ++ FileUtils.deleteFileTreeWithRetry(workspace); ++ } ++ } ++ } ++ ++ private static void pinLauncher(TestContext ctx) throws Throwable { ++ launchTest(p -> {}, "pin:" + ctx.pin, ctx); ++ } ++ ++ private static void envLauncher(TestContext ctx) throws Throwable { ++ final String NSSDB_PIN_ENV_VAR = "NSSDB_PIN_ENV_VAR"; ++ launchTest(p -> p.env(NSSDB_PIN_ENV_VAR, ctx.pin), ++ "env:" + NSSDB_PIN_ENV_VAR, ctx); ++ } ++ ++ private static void fileLauncher(TestContext ctx) throws Throwable { ++ // The file containing the PIN (ctx.nssdbPinFile) was created by the ++ // generatePinFile method, called from createNSSDB. ++ launchTest(p -> {}, "file:" + ctx.nssdbPinFile, ctx); ++ } ++ ++ private static void explicitLoginLauncher(TestContext ctx) ++ throws Throwable { ++ ctx.loginType = LoginType.EXPLICIT; ++ ctx.propType = PropType.SYSTEM; ++ launchTest(p -> {}, "Invalid PIN, must be ignored", ctx); ++ } ++ ++ private static void launchTest(Consumer procCb, String pinPropVal, ++ TestContext ctx) throws Throwable { ++ if (DEBUG) { ++ System.out.println("Launching JVM with " + FIPS_NSSDB_PATH_PROP + ++ "=" + ctx.nssdbPath + " and " + FIPS_NSSDB_PIN_PROP + ++ "=" + pinPropVal); ++ } ++ Proc p = Proc.create(NssdbPin.class.getName()) ++ .args(ctx.nssdbPath, ctx.pin, ctx.loginType.name()); ++ if (ctx.propType == PropType.SYSTEM) { ++ p.prop(FIPS_NSSDB_PATH_PROP, ctx.nssdbPath); ++ p.prop(FIPS_NSSDB_PIN_PROP, pinPropVal); ++ // Make sure that Security properties defaults are not used. ++ p.secprop(FIPS_NSSDB_PATH_PROP, ""); ++ p.secprop(FIPS_NSSDB_PIN_PROP, ""); ++ } else if (ctx.propType == PropType.SECURITY) { ++ p.secprop(FIPS_NSSDB_PATH_PROP, ctx.nssdbPath); ++ pinPropVal = escapeForPropsFile(pinPropVal); ++ p.secprop(FIPS_NSSDB_PIN_PROP, pinPropVal); ++ } else { ++ throw new Exception("Unsupported property type."); ++ } ++ if (DEBUG) { ++ p.inheritIO(); ++ p.prop("java.security.debug", "sunpkcs11"); ++ p.debug(NssdbPin.class.getName()); ++ ++ // Need the launched process to connect to a debugger? ++ //System.setProperty("test.vm.opts", "-Xdebug -Xrunjdwp:" + ++ // "transport=dt_socket,address=localhost:8000,suspend=y"); ++ } else { ++ p.nodump(); ++ } ++ procCb.accept(p); ++ p.start().waitFor(0); ++ } ++ ++ private static String escapeForPropsFile(String str) throws Throwable { ++ StringBuffer sb = new StringBuffer(); ++ for (int i = 0; i < str.length(); i++) { ++ int cp = str.codePointAt(i); ++ if (Character.UnicodeBlock.of(cp) ++ == Character.UnicodeBlock.BASIC_LATIN) { ++ sb.append(Character.toChars(cp)); ++ } else { ++ sb.append("\\u").append(String.format("%04X", cp)); ++ } ++ } ++ return sb.toString(); ++ } ++ ++ private static void createNSSDB(TestContext ctx) throws Throwable { ++ ProcessBuilder pb = getModutilPB(ctx, "-create"); ++ if (DEBUG) { ++ System.out.println("Creating an NSS DB in " + ctx.workspace + ++ "..."); ++ System.out.println("cmd: " + String.join(" ", pb.command())); ++ } ++ if (pb.start().waitFor() != 0) { ++ throw new Exception("NSS DB creation failed."); ++ } ++ generatePinFile(ctx); ++ pb = getModutilPB(ctx, "-changepw", NSSDB_TOKEN_NAME, ++ "-newpwfile", ctx.nssdbPinFile.toString()); ++ if (DEBUG) { ++ System.out.println("NSS DB created."); ++ System.out.println("Changing NSS DB PIN..."); ++ System.out.println("cmd: " + String.join(" ", pb.command())); ++ } ++ if (pb.start().waitFor() != 0) { ++ throw new Exception("NSS DB PIN change failed."); ++ } ++ if (DEBUG) { ++ System.out.println("NSS DB PIN changed."); ++ } ++ } ++ ++ private static ProcessBuilder getModutilPB(TestContext ctx, String... args) ++ throws Throwable { ++ ProcessBuilder pb = new ProcessBuilder("modutil", "-force"); ++ List pbCommand = pb.command(); ++ if (args != null) { ++ pbCommand.addAll(Arrays.asList(args)); ++ } ++ pbCommand.add("-dbdir"); ++ pbCommand.add(ctx.nssdbPath); ++ if (DEBUG) { ++ pb.inheritIO(); ++ } else { ++ pb.redirectError(ProcessBuilder.Redirect.INHERIT); ++ } ++ return pb; ++ } ++ ++ private static void generatePinFile(TestContext ctx) throws Throwable { ++ ctx.nssdbPinFile = Files.createTempFile(ctx.workspace, null, null); ++ Files.writeString(ctx.nssdbPinFile, ctx.pin + System.lineSeparator() + ++ "2nd line with garbage"); ++ } ++} +diff --git a/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java b/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java +new file mode 100644 +index 00000000000..87f1ad04505 +--- /dev/null ++++ b/test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java +@@ -0,0 +1,77 @@ ++/* ++ * Copyright (c) 2022, Red Hat, Inc. ++ * ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++ ++import java.security.Provider; ++import java.security.Security; ++ ++/* ++ * @test ++ * @bug 9999999 ++ * @requires (jdk.version.major >= 8) ++ * @run main/othervm/timeout=30 VerifyMissingAttributes ++ * @author Martin Balao (mbalao@redhat.com) ++ */ ++ ++public final class VerifyMissingAttributes { ++ ++ private static final String[] svcAlgImplementedIn = { ++ "AlgorithmParameterGenerator.DSA", ++ "AlgorithmParameters.DSA", ++ "CertificateFactory.X.509", ++ "KeyStore.JKS", ++ "KeyStore.CaseExactJKS", ++ "KeyStore.DKS", ++ "CertStore.Collection", ++ "CertStore.com.sun.security.IndexedCollection" ++ }; ++ ++ public static void main(String[] args) throws Throwable { ++ Provider sunProvider = Security.getProvider("SUN"); ++ for (String svcAlg : svcAlgImplementedIn) { ++ String filter = svcAlg + " ImplementedIn:Software"; ++ doQuery(sunProvider, filter); ++ } ++ if (Double.parseDouble( ++ System.getProperty("java.specification.version")) >= 17) { ++ String filter = "KeyFactory.RSASSA-PSS SupportedKeyClasses:" + ++ "java.security.interfaces.RSAPublicKey" + ++ "|java.security.interfaces.RSAPrivateKey"; ++ doQuery(Security.getProvider("SunRsaSign"), filter); ++ } ++ System.out.println("TEST PASS - OK"); ++ } ++ ++ private static void doQuery(Provider expectedProvider, String filter) ++ throws Exception { ++ if (expectedProvider == null) { ++ throw new Exception("Provider not found."); ++ } ++ Provider[] providers = Security.getProviders(filter); ++ if (providers == null || providers.length != 1 || ++ providers[0] != expectedProvider) { ++ throw new Exception("Failure retrieving the provider with this" + ++ " query: " + filter); ++ } ++ } ++} + diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 0d8400d..518de1f 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -383,7 +383,7 @@ # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches -%global fipsver fd3de3d95b5 +%global fipsver 75ffdc48eda # Standard JPackage naming and versioning defines %global origin openjdk @@ -632,9 +632,6 @@ Source15: TestSecurityProperties.java # Ensure vendor settings are correct Source16: CheckVendor.java -# nss fips configuration file -Source17: nss.fips.cfg.in - # Ensure translations are available for new timezones Source18: TestTranslations.java @@ -667,8 +664,8 @@ Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk1 Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch # Crypto policy and FIPS support patches -# Patch is generated from the fips-20u tree at https://github.com/rh-openjdk/jdk/tree/fips-20u -# as follows: git diff %%{vcstag} src make > fips-20u-$(git show -s --format=%h HEAD).patch +# Patch is generated from the fips-21u tree at https://github.com/rh-openjdk/jdk/tree/fips-21u +# as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch # Diff is limited to src and make subdirectories to exclude .github changes # Fixes currently included: # PR3183, RH1340845: Follow system wide crypto policy @@ -691,8 +688,18 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d # RH2090378: Revert to disabling system security properties and FIPS mode support together # RH2104724: Avoid import/export of DH private keys # RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode +# RH2048582: Support PKCS#12 keystores +# RH2020290: Support TLS 1.3 in FIPS mode +# Add nss.fips.cfg support to OpenJDK tree +# RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode +# Remove forgotten dead code from RH2020290 and RH2104724 +# OJ1357: Fix issue on FIPS with a SecurityManager in place +# RH2134669: Add missing attributes when registering services in FIPS mode. +# test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class +# RH1940064: Enable XML Signature provider in FIPS mode # Build the systemconf library on all platforms -# Patch1001: fips-20u-%{fipsver}.patch +# Remove GCC minor versioning (JDK-8284772) to unbreak testing +Patch1001: fips-21u-%{fipsver}.patch ############################################# # @@ -761,8 +768,8 @@ BuildRequires: java-latest-openjdk-devel %ifarch %{zero_arches} BuildRequires: libffi-devel %endif -# 2022g required as of JDK-8297804 -BuildRequires: tzdata-java >= 2022g +# 2023c required as of JDK-8305113 +BuildRequires: tzdata-java >= 2023c # cacerts build requirement in portable mode BuildRequires: ca-certificates @@ -977,7 +984,7 @@ pushd %{top_level_dir_name} %patch3 -p1 %patch6 -p1 # Add crypto policy and FIPS support -# %patch1001 -p1 +%patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 popd # openjdk @@ -1039,9 +1046,6 @@ done # Setup nss.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg -# Setup nss.fips.cfg -sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg - %build %if (0%{?rhel} > 0 && 0%{?rhel} < 8) mkdir bootjdk @@ -1151,6 +1155,7 @@ function buildjdk() { --with-boot-jdk=${buildjdk} \ --with-debug-level=${debuglevel} \ --with-native-debug-symbols="%{debug_symbols}" \ + --disable-sysconf-nss \ --enable-unlimited-crypto \ --with-zlib=%{link_type} \ --with-freetype=%{link_type} \ @@ -1202,9 +1207,6 @@ function installjdk() { # Install nss.cfg right away as we will be using the JRE above install -m 644 nss.cfg ${imagepath}/conf/security/ - # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) - install -m 644 nss.fips.cfg ${imagepath}/conf/security/ - # Create fake alt-java as a placeholder for future alt-java if [ -d man/man1 ] ; then pushd ${imagepath} @@ -1632,6 +1634,19 @@ done - updated to jdk21 ea - updated patch 1001 - rh1648249-add_commented_out_nss_cfg_provider_to_java_security - replace smoketests in staticlibs test, as the previous files used were removed by a patch in JDK +- require tzdata 2023c +- Update FIPS support to bring in latest changes +- * RH2048582: Support PKCS#12 keystores +- * RH2020290: Support TLS 1.3 in FIPS mode +- * Add nss.fips.cfg support to OpenJDK tree +- * RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode +- * Remove forgotten dead code from RH2020290 and RH2104724 +- * OJ1357: Fix issue on FIPS with a SecurityManager in place +- * RH2134669: Add missing attributes when registering services in FIPS mode. +- * test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class +- * RH1940064: Enable XML Signature provider in FIPS mode +- * Remove GCC minor versioning (JDK-8284772) to unbreak testing +- Drop local nss.fips.cfg.in handling now this is handled in the patched OpenJDK build * Thu Aug 03 2023 Jiri Vanek - 1:20.0.2.0.9-1.rolling - Update to jdk-20.0.2+9 diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in deleted file mode 100644 index 2d9ec35..0000000 --- a/nss.fips.cfg.in +++ /dev/null @@ -1,8 +0,0 @@ -name = NSS-FIPS -nssLibraryDirectory = @NSS_LIBDIR@ -nssSecmodDirectory = sql:/etc/pki/nssdb -nssDbMode = readOnly -nssModule = fips - -attributes(*,CKO_SECRET_KEY,CKK_GENERIC_SECRET)={ CKA_SIGN=true } - diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch index ff3a79b..b357edf 100644 --- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +++ b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch @@ -1,13 +1,13 @@ -diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security -index 5149edba0e5..7676c695b36 100644 ---- a/src/java.base/share/conf/security/java.security -+++ b/src/java.base/share/conf/security/java.security -@@ -84,6 +84,8 @@ security.provider.tbd=SunMSCAPI +diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security +index 68a9c1a2d08..7aa25eb2cb7 100644 +--- openjdk.orig/src/java.base/share/conf/security/java.security ++++ openjdk/src/java.base/share/conf/security/java.security +@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI security.provider.tbd=Apple #endif security.provider.tbd=SunPKCS11 +#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg -+ # - # A list of preferred providers for specific algorithms. These providers will + # Security providers used when FIPS mode support is active + From fd0dca9babe5e2a239d82d7c5570583d8138b8d3 Mon Sep 17 00:00:00 2001 From: Petra Alice Mikova Date: Fri, 25 Aug 2023 10:06:40 +0200 Subject: [PATCH 04/15] Update NEWS file with some missed JEPs --- NEWS | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 06591a2..066d951 100644 --- a/NEWS +++ b/NEWS @@ -6,8 +6,10 @@ CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY New in release OpenJDK 21.0.0 (2023-09-XX): =========================================== Major changes are listed below. Some changes may have been backported -to earlier releases following their first appearance in OpenJDK 18 -through to 21. +to earlier releases following their first appearance in OpenJDK 21. + +The full list of changes in 21u can be found at: +- * https://builds.shipilev.net/backports-monitor/release-notes-21.txt NEW FEATURES ============ @@ -122,6 +124,19 @@ java-17-openjdk). OpenJDK 18 saw a second round of incubation (JEP second in OpenJDK 20 (JEP 434). It reaches a third preview in OpenJDK 21 (JEP 442). +Virtual Threads +=============== +https://openjdk.org/jeps/425 +https://openjdk.org/jeps/436 + +Introduce virtual threads to the Java Platform. Virtual threads are +lightweight threads that dramatically reduce the effort of writing, +maintaining, and observing high-throughput concurrent applications. + +This is a preview feature (http://openjdk.java.net/jeps/12) introduced +in OpenJDK 19 (JEP 425) and reaching its second preview in OpenJDK 20 +(JEP 436). + Structured Concurrency ====================== https://openjdk.org/jeps/428 @@ -139,6 +154,18 @@ OpenJDK 21 (JEP 453). It was first introduced in incubation (https://openjdk.java.net/jeps/11) in OpenJDK 19 (JEP 428) and had a second round of incubation in OpenJDK 20 (JEP 437). +Scoped Values +============= +https://openjdk.org/jeps/429 + +Introduce scoped values, which enable the sharing of immutable data +within and across threads. They are preferred to thread-local +variables, especially when using large numbers of virtual threads. + +This API is now a preview feature (http://openjdk.java.net/jeps/12) +in OpenJDK 21 (JEP 429). It was first introduced in incubation +(https://openjdk.java.net/jeps/11) in OpenJDK 20 (JEP 429). + Sequenced Collections ===================== https://openjdk.org/jeps/431 From f6cdd00fdee89fb1aa62dc5ec5b95c067e84dc57 Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Mon, 28 Aug 2023 16:04:28 +0200 Subject: [PATCH 05/15] updated to jdk-21+35, which is no longer EA --- .gitignore | 1 + generate_source_tarball.sh | 5 +++-- java-latest-openjdk-portable.spec | 7 +++++-- sources | 2 +- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index f411948..cf8d957 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ /openjdk-jdk20u-jdk-20.0.1+9.tar.xz /openjdk-jdk20u-jdk-20.0.2+9.tar.xz /openjdk-jdk21u-jdk-21+34.tar.xz +/openjdk-jdk21u-jdk-21+35.tar.xz diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh index c5bb0e8..b1e2009 100755 --- a/generate_source_tarball.sh +++ b/generate_source_tarball.sh @@ -6,9 +6,10 @@ # If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL # # In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg: +# BOOT_JDK=/usr/lib/jvm/java-20-openjdk # PROJECT_NAME=openjdk -# REPO_NAME=jdk18u -# VERSION=jdk-18.0.1+10 +# REPO_NAME=jdk21u +# VERSION=jdk-21+35 # or to eg prepare systemtap: # icedtea7's jstack and other tapsets # VERSION=6327cf1cea9e diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 518de1f..80d4854 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -390,7 +390,7 @@ %global origin_nice OpenJDK %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 34 +%global buildver 35 %global rpmrelease 1 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk @@ -417,7 +417,7 @@ # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases -%global is_ga 0 +%global is_ga 1 %if %{is_ga} %global build_type GA %global ea_designator "" @@ -1628,6 +1628,9 @@ done %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles} %changelog +* Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.35-0.1.rolling +- updated to jdk-21+35, which is no longer EA + * Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.34-0.1.ea.rolling - initial update to jdk21 - commented out fips patches diff --git a/sources b/sources index c74d310..443c08d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openjdk-jdk21u-jdk-21+34.tar.xz) = 18254fa72851666d9e80a56dc85052d8711794b9c7f81c3f7a80e3c585b13eab783060b04fc3b3bbddbebbb8c4148109a9e822aba2f54aa3b614fd16149017b2 +SHA512 (openjdk-jdk21u-jdk-21+35.tar.xz) = 5961f12ff9828856e5ce7847a06177a6761088dbefbcac05512a7c3433d45154f6d59872cd00268fecd987128e623bb343d9879b26f6c6c811e6d6713d1b17a2 From fff7874101a13073dc48d63657881324f7c9d39e Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Thu, 14 Sep 2023 16:14:32 +0100 Subject: [PATCH 06/15] Bump buildjdkver now that java-21-openjdk is available in the buildroot --- java-latest-openjdk-portable.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 80d4854..65c2533 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -338,7 +338,7 @@ # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, # and this it is better to change it here, on single place -%global buildjdkver 20 +%global buildjdkver 21 # We don't add any LTS designator for STS packages (Fedora and EPEL). # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined. %if 0%{?rhel} && !0%{?epel} @@ -391,7 +391,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 35 -%global rpmrelease 1 +%global rpmrelease 2 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -1628,7 +1628,10 @@ done %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles} %changelog -* Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.35-0.1.rolling +* Thu Sep 14 2023 Andrew Hughes - 1:21.0.0.0.35-2.rolling +- Bump buildjdkver now that java-21-openjdk is available in the buildroot + +* Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.35-1.rolling - updated to jdk-21+35, which is no longer EA * Tue Aug 08 2023 Petra Alice Mikova 1:21.0.0.0.34-0.1.ea.rolling From 4ec83bb3a6d6f8530433036f7f73567b34326f0e Mon Sep 17 00:00:00 2001 From: Andrew John Hughes Date: Fri, 15 Sep 2023 18:23:53 +0100 Subject: [PATCH 07/15] Sync with upcoming java-21-openjdk package in RHEL - Update documentation (README.md, add missing JEP to release notes) - Replace alt-java patch with a binary separate from the JDK - Drop stale patches that are of little use any more: - * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work - * No accessibility subpackage to warrant RH1648242 patch any more - * No use of system libjpeg turbo to warrant RH649512 patch any more - Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed - Update generate_tarball.sh to sync with upstream vanilla script - Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball - Use upstream release URL for OpenJDK source - Port misc tarball from RHEL to house alt-java outside the JDK tree - Port improved tarball creation and checking from RHEL so tarballs are verified --- .gitignore | 1 + NEWS | 21 ++- README.md | 24 ++- alt-java.c | 100 +++++++++++ generate_source_tarball.sh | 48 ++--- java-latest-openjdk-portable.spec | 166 +++++++++++------- ...0-rh910107-fail_to_load_pcsc_library.patch | 125 +++++++++++++ nss.cfg.in | 5 - ...sible_toolkit_crash_do_not_break_jvm.patch | 16 -- ...ut_nss_cfg_provider_to_java_security.patch | 13 -- ...lite-libs_instead_of_pcsc-lite-devel.patch | 15 -- rh1750419-redhat_alt_java.patch | 117 ------------ ...eg_turbo_1_4_compat_for_jdk10_and_up.patch | 19 -- sources | 2 +- 14 files changed, 383 insertions(+), 289 deletions(-) create mode 100644 alt-java.c create mode 100644 jdk8009550-rh910107-fail_to_load_pcsc_library.patch delete mode 100644 nss.cfg.in delete mode 100644 rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch delete mode 100644 rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch delete mode 100644 rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch delete mode 100644 rh1750419-redhat_alt_java.patch delete mode 100644 rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch diff --git a/.gitignore b/.gitignore index cf8d957..79f3174 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ /openjdk-jdk20u-jdk-20.0.2+9.tar.xz /openjdk-jdk21u-jdk-21+34.tar.xz /openjdk-jdk21u-jdk-21+35.tar.xz +/openjdk-21+35.tar.xz diff --git a/NEWS b/NEWS index 066d951..73322e7 100644 --- a/NEWS +++ b/NEWS @@ -76,6 +76,20 @@ an underscore character, _. This is a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 21 (JEP 443). +Unnamed Classes and Instance Main Methods +========================================= +https://openjdk.org/jeps/445 + +Evolve the Java language so that students can write their first +programs without needing to understand language features designed for +large programs. Far from using a separate dialect of Java, students +can write streamlined declarations for single-class programs and then +seamlessly expand their programs to use more advanced features as +their skills grow. + +This is a preview feature (http://openjdk.java.net/jeps/12) introduced +in OpenJDK 21 (JEP 445). + Library Features ================ @@ -128,14 +142,15 @@ Virtual Threads =============== https://openjdk.org/jeps/425 https://openjdk.org/jeps/436 +https://openjdk.org/jeps/444 Introduce virtual threads to the Java Platform. Virtual threads are lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications. -This is a preview feature (http://openjdk.java.net/jeps/12) introduced -in OpenJDK 19 (JEP 425) and reaching its second preview in OpenJDK 20 -(JEP 436). +This was a preview feature (http://openjdk.java.net/jeps/12) +introduced in OpenJDK 19 (JEP 425) and reaching its second preview in +OpenJDK 20 (JEP 436). It became final with OpenJDK 21 (JEP 444). Structured Concurrency ====================== diff --git a/README.md b/README.md index d139d7d..55536ce 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,14 @@ -# java-latest-openjdk-portable +This package contains the latest rolling release of OpenJDK. OpenJDK +has a release cadence of six months, with a new release in March and +September each year. -The java-latest-openjdk-portable package -======= -Rolling release of (usually) STSs OpenJDK -OpenJDK has release cadence of 6 months, but 3/4 of them are Short Term Supported for 6 months only. This package is designed to harbor them. Currently it is build of OpenJDK 12. LTSs will go also as separate packages. +The current release is OpenJDK 21. For a list of major changes from +OpenJDK 20, see the NEWS file included in this package and the +upstream release page: -JDK21 is current release of Java platform. It is bringing many cool improvements - https://openjdk.org/projects/jdk/21/ and is landing to your Fedora. Where it will be maintained for f28 and newer. Unluckily, this package is STS (short term support) version. Between individual LTS there will be always several STS. Again, please see announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html and See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf . So this is rolling release of all STSs to come. Its fate during the release of fresh LTS is yet to be decided. You will always be allowed to install LTS in fedora build root, alongside with latest STS via alternatives. +https://openjdk.java.net/projects/jdk/21/ - -See announcement: http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html -See java SIG plans: https://jvanek.fedorapeople.org/devconf/2018/changesInjavaReleaseProcess.pdf - -https://bugzilla.redhat.com/show_bug.cgi?id=1557371#c0 -https://fedoraproject.org/wiki/Changes/java-openjdk-10 -https://fedoraproject.org/wiki/Changes/java-11-openjdk-TechPreview +This package is intended for those who want to follow the latest +OpenJDK releases. Long term support versions of OpenJDK are available +in the java-1.8.0-openjdk, java-11-openjdk and java-17-openjdk +packages. diff --git a/alt-java.c b/alt-java.c new file mode 100644 index 0000000..644d002 --- /dev/null +++ b/alt-java.c @@ -0,0 +1,100 @@ +/* + * Copyright (C) 2023 Red Hat, Inc. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Red Hat designates this + * particular file as subject to the "Classpath" exception as provided + * by Red Hat in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Per task speculation control */ +#ifndef PR_GET_SPECULATION_CTRL +# define PR_GET_SPECULATION_CTRL 52 +#endif +#ifndef PR_SET_SPECULATION_CTRL +# define PR_SET_SPECULATION_CTRL 53 +#endif +/* Speculation control variants */ +#ifndef PR_SPEC_STORE_BYPASS +# define PR_SPEC_STORE_BYPASS 0 +#endif +/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ + +#ifndef PR_SPEC_NOT_AFFECTED +# define PR_SPEC_NOT_AFFECTED 0 +#endif +#ifndef PR_SPEC_PRCTL +# define PR_SPEC_PRCTL (1UL << 0) +#endif +#ifndef PR_SPEC_ENABLE +# define PR_SPEC_ENABLE (1UL << 1) +#endif +#ifndef PR_SPEC_DISABLE +# define PR_SPEC_DISABLE (1UL << 2) +#endif +#ifndef PR_SPEC_FORCE_DISABLE +# define PR_SPEC_FORCE_DISABLE (1UL << 3) +#endif +#ifndef PR_SPEC_DISABLE_NOEXEC +# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) +#endif + +static void set_speculation() { +#if defined(__linux__) && defined(__x86_64__) + // PR_SPEC_DISABLE_NOEXEC doesn't survive execve, so we can't use it + // if ( prctl(PR_SET_SPECULATION_CTRL, + // PR_SPEC_STORE_BYPASS, + // PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { + // return; + // } + prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); +#else +#warning alt-java requested but SSB mitigation not available on this platform. +#endif +} + +int main(int argc, char **argv) { + set_speculation(); + + char our_name[PATH_MAX], java_name[PATH_MAX]; + ssize_t len = readlink("/proc/self/exe", our_name, PATH_MAX - 1); + if (len < 0) { + perror("I can't find myself"); + exit(2); + } + + our_name[len] = '\0'; // readlink(2) doesn't append a null byte + char *path = dirname(our_name); + strncpy(java_name, path, PATH_MAX - 1); + + size_t remaining_bytes = PATH_MAX - strlen(path) - 1; + strncat(java_name, "/java", remaining_bytes); + + execv(java_name, argv); + fprintf(stderr, "%s failed to launch: %s\n", java_name, strerror(errno)); + + exit(1); +} + diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh index b1e2009..f27158d 100755 --- a/generate_source_tarball.sh +++ b/generate_source_tarball.sh @@ -30,19 +30,20 @@ set -e OPENJDK_URL_DEFAULT=https://github.com COMPRESSION_DEFAULT=xz -# Corresponding IcedTea version -ICEDTEA_VERSION=15.0 if [ "x$1" = "xhelp" ] ; then + if [ "x$VERSION" = "x" ] ; then + VERSION=""; + fi echo -e "Behaviour may be specified by setting the following variables:\n" - echo "VERSION - the version of the specified OpenJDK project" + echo "VERSION - the version of the specified OpenJDK project (current value: ${VERSION})" echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)" echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)" echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})" echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})" - echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)" + echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to open${VERSION})" echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)" - echo "TO_COMPRESS - what part of clone to pack (default is openjdk)" + echo "TO_COMPRESS - what part of clone to pack (default is ${VERSION})" echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run" exit 1; fi @@ -53,6 +54,7 @@ if [ "x$VERSION" = "x" ] ; then exit 2 fi echo "Version: ${VERSION}" + NUM_VER=${VERSION##jdk-} RELEASE_VER=${NUM_VER%%+*} BUILD_VER=${NUM_VER##*+} @@ -109,7 +111,7 @@ fi echo "Creating a tar.${COMPRESSION} archive" if [ "x$FILE_NAME_ROOT" = "x" ] ; then - FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION} + FILE_NAME_ROOT=open${VERSION} echo "No file name root specified; default to ${FILE_NAME_ROOT}" fi if [ "x$REPO_ROOT" = "x" ] ; then @@ -118,7 +120,7 @@ if [ "x$REPO_ROOT" = "x" ] ; then fi; if [ "x$TO_COMPRESS" = "x" ] ; then - TO_COMPRESS="openjdk" + TO_COMPRESS="${VERSION}" echo "No targets to be compressed specified, ; default to ${TO_COMPRESS}" fi; @@ -141,35 +143,35 @@ else mkdir "${FILE_NAME_ROOT}" pushd "${FILE_NAME_ROOT}" echo "Cloning ${VERSION} root repository from ${REPO_ROOT}" - git clone -b ${VERSION} ${REPO_ROOT} openjdk + git clone -b ${VERSION} ${REPO_ROOT} ${VERSION} popd fi pushd "${FILE_NAME_ROOT}" # Generate .src-rev so build has knowledge of the revision the tarball was created from mkdir build pushd build - sh ${PWD}/../openjdk/configure --with-boot-jdk=${BOOT_JDK} + sh ${PWD}/../${VERSION}/configure --with-boot-jdk=${BOOT_JDK} make store-source-revision popd rm -rf build # Remove commit checks - echo "Removing $(find openjdk -name '.jcheck' -print)" - find openjdk -name '.jcheck' -print0 | xargs -0 rm -rf + echo "Removing $(find ${VERSION} -name '.jcheck' -print)" + find ${VERSION} -name '.jcheck' -print0 | xargs -0 rm -r # Remove history and GHA - echo "find openjdk -name '.hgtags'" - find openjdk -name '.hgtags' -exec rm -fv '{}' '+' - echo "find openjdk -name '.hgignore'" - find openjdk -name '.hgignore' -exec rm -fv '{}' '+' - echo "find openjdk -name '.gitattributes'" - find openjdk -name '.gitattributes' -exec rm -fv '{}' '+' - echo "find openjdk -name '.gitignore'" - find openjdk -name '.gitignore' -exec rm -fv '{}' '+' - echo "find openjdk -name '.git'" - find openjdk -name '.git' -exec rm -rfv '{}' '+' - echo "find openjdk -name '.github'" - find openjdk -name '.github' -exec rm -rfv '{}' '+' + echo "find ${VERSION} -name '.hgtags'" + find ${VERSION} -name '.hgtags' -exec rm -v '{}' '+' + echo "find ${VERSION} -name '.hgignore'" + find ${VERSION} -name '.hgignore' -exec rm -v '{}' '+' + echo "find ${VERSION} -name '.gitattributes'" + find ${VERSION} -name '.gitattributes' -exec rm -v '{}' '+' + echo "find ${VERSION} -name '.gitignore'" + find ${VERSION} -name '.gitignore' -exec rm -v '{}' '+' + echo "find ${VERSION} -name '.git'" + find ${VERSION} -name '.git' -exec rm -rv '{}' '+' + echo "find ${VERSION} -name '.github'" + find ${VERSION} -name '.github' -exec rm -rv '{}' '+' echo "Compressing remaining forest" if [ "X$COMPRESSION" = "Xxz" ] ; then diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 65c2533..4710c10 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -257,12 +257,6 @@ %global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||') %global ourldflags %{__global_ldflags} -# With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path -# the initialization must be here. Later the pkg-config have buggy behavior -# looks like openjdk RPM specific bug -# Always set this so the nss.cfg file is not broken -%global NSS_LIBDIR %(pkg-config --variable=libdir nss) - # In some cases, the arch used by the JDK does # not match _arch. # Also, in some cases, the machine name used by SystemTap @@ -388,10 +382,10 @@ # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK -%global top_level_dir_name %{origin} +%global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 35 -%global rpmrelease 2 +%global rpmrelease 3 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -444,6 +438,7 @@ %global static_libs_install_dir %{static_libs_arch_dir}/glibc # output dir stub %define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}} +%global altjavaoutputdir install/altjava.install # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}} # main id and dir of this jdk @@ -464,6 +459,8 @@ # Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on # top of the JDK archive %define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} +%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable%{1}.misc;g" | sed "s;openjdkportable;el;g") +%define miscportablearchive() %{miscportablename}.tar.xz # RPM 4.19 no longer accept our double percentaged %%{nil} passed to %%{1} # so we have to pass in "" but evaluate it, otherwise files record will include it @@ -548,6 +545,8 @@ ExcludeArch: %{ix86} %define java_static_libs_rpo() %{expand: } +%define java_misc_rpo() %{expand: +} # Prevent brp-java-repack-jars from being run %global __jar_repack 0 @@ -598,7 +597,7 @@ URL: http://openjdk.java.net/ # The source tarball, generated using generate_source_tarball.sh -Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz +Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (6.x). @@ -613,8 +612,8 @@ Source0: openjdk-jdk%{featurever}u-%{vcstag}.tar.xz # Release notes Source10: NEWS -# nss configuration file -Source11: nss.cfg.in +# Source code for alt-java +Source11: alt-java.c # Removed libraries that we link instead # Disabled in portables @@ -649,20 +648,6 @@ Source1004: ojdk17-s390x-17.35.tar.gz # ############################################ -# NSS via SunPKCS11 Provider (disabled comment -# due to memory leak). -Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch -# RH1750419: enable build of speculative store bypass hardened alt-java (CVE-2018-3639) -Patch600: rh1750419-redhat_alt_java.patch - -# Ignore AWTError when assistive technologies are loaded -Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch -# Restrict access to java-atk-wrapper classes -Patch2: rh1648644-java_access_bridge_privileged_security.patch -Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch -# Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo -Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch - # Crypto policy and FIPS support patches # Patch is generated from the fips-21u tree at https://github.com/rh-openjdk/jdk/tree/fips-21u # as follows: git diff %%{vcstag} src make test > fips-21u-$(git show -s --format=%h HEAD).patch @@ -688,7 +673,8 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d # RH2090378: Revert to disabling system security properties and FIPS mode support together # RH2104724: Avoid import/export of DH private keys # RH2092507: P11Key.getEncoded does not work for DH keys in FIPS mode -# RH2048582: Support PKCS#12 keystores +# Build the systemconf library on all platforms +# RH2048582: Support PKCS#12 keystores [now part of JDK-8301553 upstream] # RH2020290: Support TLS 1.3 in FIPS mode # Add nss.fips.cfg support to OpenJDK tree # RH2117972: Extend the support for NSS DBs (PKCS11) in FIPS mode @@ -697,15 +683,17 @@ Patch6: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-d # RH2134669: Add missing attributes when registering services in FIPS mode. # test/jdk/sun/security/pkcs11/fips/VerifyMissingAttributes.java: fixed jtreg main class # RH1940064: Enable XML Signature provider in FIPS mode -# Build the systemconf library on all platforms -# Remove GCC minor versioning (JDK-8284772) to unbreak testing -Patch1001: fips-21u-%{fipsver}.patch +# RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized [now part of JDK-8301553 upstream] +Patch1001: fips-%{featurever}u-%{fipsver}.patch ############################################# # # OpenJDK patches in need of upstreaming # ############################################# +# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo +# PR: https://github.com/openjdk/jdk/pull/15409 +Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch ############################################# # @@ -746,7 +734,7 @@ BuildRequires: libXrandr-devel BuildRequires: libXrender-devel BuildRequires: libXt-devel BuildRequires: libXtst-devel -# Requirement for setting up nss.cfg and nss.fips.cfg +# Requirement for setting up nss.fips.cfg BuildRequires: nss-devel # Requirement for system security property test %if (0%{?rhel} > 0 && 0%{?rhel} < 8) @@ -916,6 +904,14 @@ The %{origin_nice} %{featurever} libraries for static linking - portable edition # staticlibs %endif +%package misc +Summary: %{origin_nice} %{featurever} miscellany + +%{java_misc_rpo %{nil}} + +%description misc +The %{origin_nice} %{featurever} miscellany. + %package sources Summary: %{origin_nice} %{featurever} full patched sources of portable JDK @@ -979,18 +975,12 @@ sh %{SOURCE12} %{top_level_dir_name} # Patch the JDK pushd %{top_level_dir_name} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch6 -p1 # Add crypto policy and FIPS support %patch1001 -p1 -# nss.cfg PKCS11 support; must come last as it also alters java.security -%patch1000 -p1 +# Patches in need of upstreaming +%patch6 -p1 popd # openjdk -%patch600 - # The OpenJDK version file includes the current # upstream version information. For some reason, # configure does not automatically use the @@ -1043,9 +1033,6 @@ done # Prepare desktop files # Portables do not have desktop integration -# Setup nss.cfg -sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg - %build %if (0%{?rhel} > 0 && 0%{?rhel} < 8) mkdir bootjdk @@ -1100,6 +1087,10 @@ EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming %endif export EXTRA_CFLAGS EXTRA_CPP_FLAGS +echo "Building %{SOURCE11}" +mkdir -p %{altjavaoutputdir} +gcc ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11} + function buildjdk() { local outputdir=${1} local buildjdk=${2} @@ -1204,9 +1195,6 @@ function installjdk() { find ${imagepath} -iname '*.so' -exec chmod +x {} \; find ${imagepath}/bin/ -exec chmod +x {} \; - # Install nss.cfg right away as we will be using the JRE above - install -m 644 nss.cfg ${imagepath}/conf/security/ - # Create fake alt-java as a placeholder for future alt-java if [ -d man/man1 ] ; then pushd ${imagepath} @@ -1294,10 +1282,25 @@ EOF fi } +function genchecksum() { + local checkedfile=${1} + + checkdir=$(dirname ${1}) + checkfile=$(basename ${1}) + + echo "Generating checksum for ${checkfile} in ${checkdir}..." + pushd ${checkdir} + sha256sum ${checkfile} > ${checkfile}.sha256sum + sha256sum --check ${checkfile}.sha256sum + popd +} + +packagesdir=$(pwd)/.. + pwd ls -l -tar -cJf ../%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" openjdk nss* -sha256sum ../%{jdkportablesourcesarchive -- ""} > ../%{jdkportablesourcesarchive -- ""}.sha256sum +tar -cJf ${packagesdir}/%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" %{top_level_dir_name} +genchecksum ${packagesdir}/%{jdkportablesourcesarchive -- ""} %if %{build_hotspot_first} # Build a fresh libjvm.so first and use it to bootstrap @@ -1410,12 +1413,12 @@ for suffix in %{build_loop} ; do mv %{jdkimage} %{jdkportablename -- "$nameSuffix"} mv %{jreimage} %{jreportablename -- "$nameSuffix"} - tar -cJf ../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"} - sha256sum ../../../../%{jdkportablearchive -- "$nameSuffix"} > ../../../../%{jdkportablearchive -- "$nameSuffix"}.sha256sum - tar -cJf ../../../../%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"} - sha256sum ../../../../%{jreportablearchive -- "$nameSuffix"} > ../../../../%{jreportablearchive -- "$nameSuffix"}.sha256sum + tar -cJf ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"} + genchecksum ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} + tar -cJf ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"} + genchecksum ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} # copy licenses so they are avialable out of tarball - cp -rf %{jdkportablename -- "$nameSuffix"}/legal ../../../../%{jdkportablearchive -- "%{normal_suffix}"}-legal + cp -rf %{jdkportablename -- "$nameSuffix"}/legal ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal mv %{jdkportablename -- "$nameSuffix"} %{jdkimage} mv %{jreportablename -- "$nameSuffix"} %{jreimage} popd #images @@ -1426,8 +1429,8 @@ for suffix in %{build_loop} ; do # Tar as overlay. Transform to the JDK name, since we just want to "add" # static libraries to that folder portableJDKname=%{staticlibsportablename -- "$nameSuffix"} - tar -cJf ../../../../%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" - sha256sum ../../../../%{staticlibsportablearchive -- "$nameSuffix"} > ../../../../%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum + tar -cJf ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" + genchecksum ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} popd #staticlibs-images %endif ################################################################################ @@ -1437,10 +1440,26 @@ for suffix in %{build_loop} ; do # build cycles done # end of release / debug cycle loop +# These are from the source tree so no debug variants +miscname=%{miscportablename} +miscarchive=${packagesdir}/%{miscportablearchive} + +mkdir ${miscname} +cp -av %{altjavaoutputdir}/%{alt_java_name} ${miscname} +tar -cJf ${miscarchive} ${miscname} +genchecksum ${miscarchive} + %install + +packagesdir=$(pwd)/.. + mkdir -p $RPM_BUILD_ROOT%{_jvmdir} -mv ../%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/ -mv ../%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ +# Install outside the loop as there are no debug variants +miscarchive=${packagesdir}/%{miscportablearchive} +mv ${packagesdir}/%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/ +mv ${packagesdir}/%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ +mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/ +mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ for suffix in %{build_loop} ; do top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} @@ -1451,13 +1470,13 @@ top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} else nameSuffix=`echo "$suffix"| sed s/-/./` fi - mv ../%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ - mv ../%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ - mv ../%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ - mv ../%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ %if %{include_staticlibs} - mv ../%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ - mv ../%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ %endif if [ "x$suffix" == "x" ] ; then dnameSuffix="$nameSuffix".debuginfo @@ -1471,7 +1490,7 @@ done ################################################################################ # the licenses are packed onloy once and shared mkdir -p $RPM_BUILD_ROOT%{unpacked_licenses} -mv ../%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"} +mv ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"} # To show sha in the build log for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do ls -l $file ; cat $file ; done ################################################################################ @@ -1513,10 +1532,11 @@ $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=fal if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi # Check alt-java launcher has SSB mitigation on supported architectures +# set_speculation function exists in both cases, so check for prctl call %ifarch %{ssbd_arches} -nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation +nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl %else -if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi +if ! nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl ; then true ; else false; fi %endif # Check correct vendor values have been set @@ -1627,7 +1647,25 @@ done %{_jvmdir}/%{jdkportablesourcesarchiveForFiles}.sha256sum %license %{unpacked_licenses}/%{jdkportablesourcesarchiveForFiles} +%files misc +%{_jvmdir}/%{miscportablearchive} +%{_jvmdir}/%{miscportablearchive}.sha256sum + %changelog +* Fri Sep 15 2023 Andrew Hughes - 1:21.0.0.0.35-3.rolling +- Update documentation (README.md, add missing JEP to release notes) +- Replace alt-java patch with a binary separate from the JDK +- Drop stale patches that are of little use any more: +- * nss.cfg has been disabled since early PKCS11 work and long superseded by FIPS work +- * No accessibility subpackage to warrant RH1648242 patch any more +- * No use of system libjpeg turbo to warrant RH649512 patch any more +- Replace RH1684077 pcsc-lite-libs patch with better JDK-8009550 fix being upstreamed +- Update generate_tarball.sh to sync with upstream vanilla script +- Change top_level_dir_name to use the VCS tag, matching new upstream release style tarball +- Use upstream release URL for OpenJDK source +- Port misc tarball from RHEL to house alt-java outside the JDK tree +- Port improved tarball creation and checking from RHEL so tarballs are verified + * Thu Sep 14 2023 Andrew Hughes - 1:21.0.0.0.35-2.rolling - Bump buildjdkver now that java-21-openjdk is available in the buildroot diff --git a/jdk8009550-rh910107-fail_to_load_pcsc_library.patch b/jdk8009550-rh910107-fail_to_load_pcsc_library.patch new file mode 100644 index 0000000..9213937 --- /dev/null +++ b/jdk8009550-rh910107-fail_to_load_pcsc_library.patch @@ -0,0 +1,125 @@ +commit d0523302416bc6507696f20d1068f16427bcf6b8 +Author: Andrew Hughes +Date: Thu Aug 24 01:23:49 2023 +0100 + + 8009550: PlatformPCSC should load versioned so + +diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java +index bff273c6548..e5a6b288ff8 100644 +--- a/src/java.base/share/classes/sun/security/util/Debug.java ++++ b/src/java.base/share/classes/sun/security/util/Debug.java +@@ -81,6 +81,7 @@ public static void Help() + System.err.println("logincontext login context results"); + System.err.println("jca JCA engine class debugging"); + System.err.println("keystore KeyStore debugging"); ++ System.err.println("pcsc Smartcard library debugging"); + System.err.println("policy loading and granting"); + System.err.println("provider security provider debugging"); + System.err.println("pkcs11 PKCS11 session manager debugging"); +diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java +index bacff32efbc..d9f605ada1e 100644 +--- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java ++++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java +@@ -1,5 +1,6 @@ + /* + * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2023, Red Hat Inc. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it +@@ -46,8 +47,13 @@ class PlatformPCSC { + + private static final String PROP_NAME = "sun.security.smartcardio.library"; + +- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so"; +- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so"; ++ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so", ++ "/usr/local/$LIBISA/libpcsclite.so", ++ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so", ++ "/usr/lib/arm-linux-gnueabi/libpcsclite.so", ++ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so", ++ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" }; ++ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" }; + private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC"; + + PlatformPCSC() { +@@ -73,23 +79,38 @@ public Throwable run() { + }); + + // expand $LIBISA to the system specific directory name for libraries ++ // expand $ARCH to the Debian system architecture in use + private static String expand(String lib) { + int k = lib.indexOf("$LIBISA"); +- if (k == -1) { +- return lib; ++ if (k != -1) { ++ String libDir; ++ if ("64".equals(System.getProperty("sun.arch.data.model"))) { ++ // assume Linux convention ++ libDir = "lib64"; ++ } else { ++ // must be 32-bit ++ libDir = "lib"; ++ } ++ lib = lib.replace("$LIBISA", libDir); + } +- String s1 = lib.substring(0, k); +- String s2 = lib.substring(k + 7); +- String libDir; +- if ("64".equals(System.getProperty("sun.arch.data.model"))) { +- // assume Linux convention +- libDir = "lib64"; +- } else { +- // must be 32-bit +- libDir = "lib"; ++ ++ k = lib.indexOf("$ARCH"); ++ if (k != -1) { ++ String arch = System.getProperty("os.arch"); ++ lib = lib.replace("$ARCH", getDebianArchitecture(arch)); + } +- String s = s1 + libDir + s2; +- return s; ++ ++ return lib; ++ } ++ ++ private static String getDebianArchitecture(String jdkArch) { ++ return switch (jdkArch) { ++ case "amd64" -> "x86_64"; ++ case "ppc" -> "powerpc"; ++ case "ppc64" -> "powerpc64"; ++ case "ppc64le" -> "powerpc64le"; ++ default -> jdkArch; ++ }; + } + + private static String getLibraryName() throws IOException { +@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException { + if (lib.length() != 0) { + return lib; + } +- lib = expand(LIB1); +- if (new File(lib).isFile()) { +- // if LIB1 exists, use that +- return lib; +- } +- lib = expand(LIB2); +- if (new File(lib).isFile()) { +- // if LIB2 exists, use that +- return lib; ++ ++ for (String template : LIB_TEMPLATES) { ++ for (String suffix : LIB_SUFFIXES) { ++ lib = expand(template) + suffix; ++ if (debug != null) { ++ debug.println("Looking for " + lib); ++ } ++ if (new File(lib).isFile()) { ++ // if library exists, use that ++ return lib; ++ } ++ } + } + + // As of macos 11, framework libraries have been removed from the file diff --git a/nss.cfg.in b/nss.cfg.in deleted file mode 100644 index 377a39c..0000000 --- a/nss.cfg.in +++ /dev/null @@ -1,5 +0,0 @@ -name = NSS -nssLibraryDirectory = @NSS_LIBDIR@ -nssDbMode = noDb -attributes = compatibility -handleStartupErrors = ignoreMultipleInitialisation diff --git a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch b/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch deleted file mode 100644 index 3042186..0000000 --- a/rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -r 618ad1237e73 src/java.desktop/share/classes/java/awt/Toolkit.java ---- a/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jun 13 19:37:49 2019 +0200 -+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java Thu Jul 04 10:35:42 2019 +0200 -@@ -595,7 +595,11 @@ - toolkit = new HeadlessToolkit(toolkit); - } - if (!GraphicsEnvironment.isHeadless()) { -- loadAssistiveTechnologies(); -+ try { -+ loadAssistiveTechnologies(); -+ } catch (AWTError error) { -+ // ignore silently -+ } - } - } - return toolkit; diff --git a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch b/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch deleted file mode 100644 index b357edf..0000000 --- a/rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git openjdk.orig/src/java.base/share/conf/security/java.security openjdk/src/java.base/share/conf/security/java.security -index 68a9c1a2d08..7aa25eb2cb7 100644 ---- openjdk.orig/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -78,6 +78,7 @@ security.provider.tbd=SunMSCAPI - security.provider.tbd=Apple - #endif - security.provider.tbd=SunPKCS11 -+#security.provider.tbd=SunPKCS11 ${java.home}/lib/security/nss.cfg - - # - # Security providers used when FIPS mode support is active - diff --git a/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch b/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch deleted file mode 100644 index 4c1476f..0000000 --- a/rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java -index bacff32efbc..ff7b3dcc81c 100644 ---- openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java -+++ openjdk/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java -@@ -46,8 +46,8 @@ class PlatformPCSC { - - private static final String PROP_NAME = "sun.security.smartcardio.library"; - -- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so"; -- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so"; -+ private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so.1"; -+ private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so.1"; - private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC"; - - PlatformPCSC() { diff --git a/rh1750419-redhat_alt_java.patch b/rh1750419-redhat_alt_java.patch deleted file mode 100644 index d877ca8..0000000 --- a/rh1750419-redhat_alt_java.patch +++ /dev/null @@ -1,117 +0,0 @@ -diff --git openjdk.orig/make/modules/java.base/Launcher.gmk openjdk/make/modules/java.base/Launcher.gmk -index 700ddefda49..2882de68eb2 100644 ---- openjdk.orig/make/modules/java.base/Launcher.gmk -+++ openjdk/make/modules/java.base/Launcher.gmk -@@ -41,6 +41,14 @@ $(eval $(call SetupBuildLauncher, java, \ - OPTIMIZATION := HIGH, \ - )) - -+#Wno-error=cpp is present to allow commented warning in ifdef part of main.c -+$(eval $(call SetupBuildLauncher, alt-java, \ -+ CFLAGS := -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES -DREDHAT_ALT_JAVA -Wno-error=cpp, \ -+ EXTRA_RCFLAGS := $(JAVA_RCFLAGS), \ -+ VERSION_INFO_RESOURCE := $(JAVA_VERSION_INFO_RESOURCE), \ -+ OPTIMIZATION := HIGH, \ -+)) -+ - ifeq ($(call isTargetOs, windows), true) - $(eval $(call SetupBuildLauncher, javaw, \ - CFLAGS := -DJAVAW -DEXPAND_CLASSPATH_WILDCARDS -DENABLE_ARG_FILES, \ -diff --git openjdk.orig/src/java.base/share/native/launcher/alt_main.h openjdk/src/java.base/share/native/launcher/alt_main.h -new file mode 100644 -index 00000000000..697df2898ac ---- /dev/null -+++ openjdk/src/java.base/share/native/launcher/alt_main.h -@@ -0,0 +1,73 @@ -+/* -+ * Copyright (c) 2019, Red Hat, Inc. All rights reserved. -+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. -+ * -+ * This code is free software; you can redistribute it and/or modify it -+ * under the terms of the GNU General Public License version 2 only, as -+ * published by the Free Software Foundation. Oracle designates this -+ * particular file as subject to the "Classpath" exception as provided -+ * by Oracle in the LICENSE file that accompanied this code. -+ * -+ * This code is distributed in the hope that it will be useful, but WITHOUT -+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or -+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+ * version 2 for more details (a copy is included in the LICENSE file that -+ * accompanied this code). -+ * -+ * You should have received a copy of the GNU General Public License version -+ * 2 along with this work; if not, write to the Free Software Foundation, -+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -+ * -+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA -+ * or visit www.oracle.com if you need additional information or have any -+ * questions. -+ */ -+ -+#ifdef REDHAT_ALT_JAVA -+ -+#include -+ -+ -+/* Per task speculation control */ -+#ifndef PR_GET_SPECULATION_CTRL -+# define PR_GET_SPECULATION_CTRL 52 -+#endif -+#ifndef PR_SET_SPECULATION_CTRL -+# define PR_SET_SPECULATION_CTRL 53 -+#endif -+/* Speculation control variants */ -+#ifndef PR_SPEC_STORE_BYPASS -+# define PR_SPEC_STORE_BYPASS 0 -+#endif -+/* Return and control values for PR_SET/GET_SPECULATION_CTRL */ -+ -+#ifndef PR_SPEC_NOT_AFFECTED -+# define PR_SPEC_NOT_AFFECTED 0 -+#endif -+#ifndef PR_SPEC_PRCTL -+# define PR_SPEC_PRCTL (1UL << 0) -+#endif -+#ifndef PR_SPEC_ENABLE -+# define PR_SPEC_ENABLE (1UL << 1) -+#endif -+#ifndef PR_SPEC_DISABLE -+# define PR_SPEC_DISABLE (1UL << 2) -+#endif -+#ifndef PR_SPEC_FORCE_DISABLE -+# define PR_SPEC_FORCE_DISABLE (1UL << 3) -+#endif -+#ifndef PR_SPEC_DISABLE_NOEXEC -+# define PR_SPEC_DISABLE_NOEXEC (1UL << 4) -+#endif -+ -+static void set_speculation() __attribute__((constructor)); -+static void set_speculation() { -+ if ( prctl(PR_SET_SPECULATION_CTRL, -+ PR_SPEC_STORE_BYPASS, -+ PR_SPEC_DISABLE_NOEXEC, 0, 0) == 0 ) { -+ return; -+ } -+ prctl(PR_SET_SPECULATION_CTRL, PR_SPEC_STORE_BYPASS, PR_SPEC_DISABLE, 0, 0); -+} -+ -+#endif // REDHAT_ALT_JAVA -diff --git openjdk.orig/src/java.base/share/native/launcher/main.c openjdk/src/java.base/share/native/launcher/main.c -index b734fe2ba78..79dc8307650 100644 ---- openjdk.orig/src/java.base/share/native/launcher/main.c -+++ openjdk/src/java.base/share/native/launcher/main.c -@@ -34,6 +34,14 @@ - #include "jli_util.h" - #include "jni.h" - -+#ifdef REDHAT_ALT_JAVA -+#if defined(__linux__) && defined(__x86_64__) -+#include "alt_main.h" -+#else -+#warning alt-java requested but SSB mitigation not available on this platform. -+#endif -+#endif -+ - /* - * Entry point. - */ diff --git a/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch b/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch deleted file mode 100644 index 1b706a1..0000000 --- a/rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch +++ /dev/null @@ -1,19 +0,0 @@ -Remove uses of FAR in jpeg code - -Upstream libjpeg-trubo removed the (empty) FAR macro: -http://sourceforge.net/p/libjpeg-turbo/code/1312/ - -Adjust our code to not use the undefined FAR macro anymore. - -diff --git a/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c b/jdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c ---- openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c -+++ openjdk/src/java.desktop/share/native/libjavajpeg/imageioJPEG.c -@@ -1385,7 +1385,7 @@ - /* and fill it in */ - dst_ptr = icc_data; - for (seq_no = first; seq_no < last; seq_no++) { -- JOCTET FAR *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN; -+ JOCTET *src_ptr = icc_markers[seq_no]->data + ICC_OVERHEAD_LEN; - unsigned int length = - icc_markers[seq_no]->data_length - ICC_OVERHEAD_LEN; - diff --git a/sources b/sources index 443c08d..a5817fd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openjdk-jdk21u-jdk-21+35.tar.xz) = 5961f12ff9828856e5ce7847a06177a6761088dbefbcac05512a7c3433d45154f6d59872cd00268fecd987128e623bb343d9879b26f6c6c811e6d6713d1b17a2 +SHA512 (openjdk-21+35.tar.xz) = 311e954cc8d28a336b85efc05baade8945fe5292ae2d91cc7ff71c6b3a1830b1a4b9fc641f87e68a4b3db175eb5c21a18664457715da9b37720c5d4b3eb67195 From 9e5764b72d8f3ac8141370dea8e739ee676e914f Mon Sep 17 00:00:00 2001 From: Jiri Date: Wed, 20 Sep 2023 21:36:50 +0200 Subject: [PATCH 08/15] removed %{1} from misc --- java-latest-openjdk-portable.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 4710c10..ffb74a8 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -1,4 +1,3 @@ -%if (0%{?rhel} > 0 && 0%{?rhel} < 8) # portable jdk 17 specific bug, _jvmdir being missing %define _jvmdir /usr/lib/jvm %endif @@ -385,7 +384,7 @@ %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 35 -%global rpmrelease 3 +%global rpmrelease 4 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -459,7 +458,7 @@ # Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on # top of the JDK archive %define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} -%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable%{1}.misc;g" | sed "s;openjdkportable;el;g") +%define miscportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable.misc;g" | sed "s;openjdkportable;el;g") %define miscportablearchive() %{miscportablename}.tar.xz # RPM 4.19 no longer accept our double percentaged %%{nil} passed to %%{1} @@ -1652,6 +1651,9 @@ done %{_jvmdir}/%{miscportablearchive}.sha256sum %changelog +* Wed Sep 20 2023 Jiri Vanek - 1:21.0.0.0.35-4.rolling +- removed %{1} from miscportablename + * Fri Sep 15 2023 Andrew Hughes - 1:21.0.0.0.35-3.rolling - Update documentation (README.md, add missing JEP to release notes) - Replace alt-java patch with a binary separate from the JDK From 898c425bb61bb936be3117e39564691ac56b901f Mon Sep 17 00:00:00 2001 From: Jiri Date: Wed, 20 Sep 2023 21:39:53 +0200 Subject: [PATCH 09/15] Returned misteriously disapeared line --- java-latest-openjdk-portable.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index ffb74a8..8a3b968 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -1,3 +1,4 @@ +%if (0%{?rhel} > 0 && 0%{?rhel} < 8) # portable jdk 17 specific bug, _jvmdir being missing %define _jvmdir /usr/lib/jvm %endif From 1eb10e704bfd129924882085b3519c94f50b9454 Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Tue, 21 Nov 2023 15:48:20 +0100 Subject: [PATCH 10/15] updated to OpenJDK 21.0.1 (2023-10-17) - adjsuted generate_source_tarball - removed icedtea_sync - dropped standalone licenses - added usntripped subpkg - added docs subpkg - adjsuted versions of bundled libraries - build refactored to several solid methods following gnu_andrew - removed no longer needed jdk8296108-tzdata2022f.patch, jdk8296715-cldr2022f.patch, rh1648644-java_access_bridge_privileged_security.patch - added jdk8311630-s390_ffmapi.patch to support virtual threads on s390x - aligned fips-21u-75ffdc48eda.patch (gnu_andrew) --- .gitignore | 1 + NEWS | 282 ++- discover_trees.sh | 54 + fips-21u-75ffdc48eda.patch | 1 - generate_source_tarball.sh | 26 +- icedtea_sync.sh | 193 +- java-latest-openjdk-portable.spec | 993 +++++---- jconsole.desktop.in | 11 +- jdk8296108-tzdata2022f.patch | 1 - jdk8296715-cldr2022f.patch | 1 - jdk8311630-s390_ffmapi.patch | 1906 +++++++++++++++++ openjdk_news.sh | 4 +- ...va_access_bridge_privileged_security.patch | 20 - sources | 2 +- 14 files changed, 2804 insertions(+), 691 deletions(-) create mode 100755 discover_trees.sh delete mode 100644 jdk8296108-tzdata2022f.patch delete mode 100644 jdk8296715-cldr2022f.patch create mode 100644 jdk8311630-s390_ffmapi.patch delete mode 100644 rh1648644-java_access_bridge_privileged_security.patch diff --git a/.gitignore b/.gitignore index 79f3174..3f711a8 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ /openjdk-jdk21u-jdk-21+34.tar.xz /openjdk-jdk21u-jdk-21+35.tar.xz /openjdk-21+35.tar.xz +/openjdk-21.0.1+12.tar.xz diff --git a/NEWS b/NEWS index 73322e7..09d1dfe 100644 --- a/NEWS +++ b/NEWS @@ -3,13 +3,210 @@ Key: JDK-X - https://bugs.openjdk.java.net/browse/JDK-X CVE-XXXX-YYYY: https://cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY +New in release OpenJDK 21.0.1 (2023-10-17): +=========================================== + +* CVEs + - CVE-2023-22081 + - CVE-2023-22025 +* Security fixes + - JDK-8286503, JDK-8312367: Enhance security classes + - JDK-8296581: Better system proxy support + - JDK-8297856: Improve handling of Bidi characters + - JDK-8309966: Enhanced TLS connections + - JDK-8312248: Enhanced archival support redux + - JDK-8314649: Enhanced archival support redux + - JDK-8317121: vector_masked_load instruction is moved too early after JDK-8286941 +* Other changes + - JDK-8240567: MethodTooLargeException thrown while creating a jlink image + - JDK-8284772: GHA: Use GCC Major Version Dependencies Only + - JDK-8293114: JVM should trim the native heap + - JDK-8299658: C1 compilation crashes in LinearScan::resolve_exception_edge + - JDK-8302017: Allocate BadPaddingException only if it will be thrown + - JDK-8303815: Improve Metaspace test speed + - JDK-8304954: SegmentedCodeCache fails when using large pages + - JDK-8307766: Linux: Provide the option to override the timer slack + - JDK-8308042: [macos] Developer ID Application Certificate not picked up by jpackage if it contains UNICODE characters + - JDK-8308047: java/util/concurrent/ScheduledThreadPoolExecutor/BasicCancelTest.java timed out and also had jcmd pipe errors + - JDK-8308184: Launching java with large number of jars in classpath with java.protocol.handler.pkgs system property set can lead to StackOverflowError + - JDK-8308474: DSA does not reset SecureRandom when initSign is called again + - JDK-8308609: java/lang/ScopedValue/StressStackOverflow.java fails with "-XX:-VMContinuations" + - JDK-8309032: jpackage does not work for module projects unless --module-path is specified + - JDK-8309088: security/infra/java/security/cert/CertPathValidator/certification/AmazonCA.java fails + - JDK-8309214: sun/security/pkcs11/KeyStore/CertChainRemoval.java fails after 8301154 + - JDK-8309475: Test java/foreign/TestByteBuffer.java fails: a problem with msync (aix) + - JDK-8309502: RISC-V: String.indexOf intrinsic may produce misaligned memory loads + - JDK-8309591: Socket.setOption(TCP_QUICKACK) uses wrong level + - JDK-8309746: Reconfigure check should include make/conf/version-numbers.conf + - JDK-8309889: [s390] Missing return statement after calling jump_to_native_invoker method in generate_method_handle_dispatch. + - JDK-8310106: sun.security.ssl.SSLHandshake.getHandshakeProducer() incorrectly checks handshakeConsumers + - JDK-8310171: Bump version numbers for 21.0.1 + - JDK-8310211: serviceability/jvmti/thread/GetStackTrace/getstacktr03/getstacktr03.java failing + - JDK-8310233: Fix THP detection on Linux + - JDK-8310268: RISC-V: misaligned memory access in String.Compare intrinsic + - JDK-8310321: make JDKOPT_CHECK_CODESIGN_PARAMS more verbose + - JDK-8310586: ProblemList java/lang/ScopedValue/StressStackOverflow.java#default with virtual threads on linux-all + - JDK-8310687: JDK-8303215 is incomplete + - JDK-8310873: Re-enable locked_create_entry symbol check in runtime/NMT/CheckForProperDetailStackTrace.java for RISC-V + - JDK-8311026: Some G1 specific tests do not set -XX:+UseG1GC + - JDK-8311033: [macos] PrinterJob does not take into account Sides attribute + - JDK-8311160: [macOS, Accessibility] VoiceOver: No announcements on JRadioButtonMenuItem and JCheckBoxMenuItem + - JDK-8311249: Remove unused MemAllocator::obj_memory_range + - JDK-8311285: report some fontconfig related environment variables in hs_err file + - JDK-8311511: Improve description of NativeLibrary JFR event + - JDK-8311592: ECKeySizeParameterSpec causes too many exceptions on third party providers + - JDK-8311682: Change milestone to fcs for all releases + - JDK-8311862: RISC-V: small improvements to shift immediate instructions + - JDK-8311917: MAP_FAILED definition seems to be obsolete in src/java.desktop/unix/native/common/awt/fontpath.c + - JDK-8311921: Inform about MaxExpectedDataSegmentSize in case of pthread_create failures on AIX + - JDK-8311923: TestIRMatching.java fails on RISC-V + - JDK-8311926: java/lang/ScopedValue/StressStackOverflow.java takes 9mins in tier1 + - JDK-8311955: c++filt is now ibm-llvm-cxxfilt when using xlc17 / clang on AIX + - JDK-8311981: Test gc/stringdedup/TestStringDeduplicationAgeThreshold.java#ZGenerational timed out + - JDK-8312127: FileDescriptor.sync should temporarily increase parallelism + - JDK-8312180: (bf) MappedMemoryUtils passes incorrect arguments to msync (aix) + - JDK-8312182: THPs cause huge RSS due to thread start timing issue + - JDK-8312394: [linux] SIGSEGV if kernel was built without hugepage support + - JDK-8312395: Improve assertions in growableArray + - JDK-8312401: SymbolTable::do_add_if_needed hangs when called in InstanceKlass::add_initialization_error path with requesting length exceeds max_symbol_length + - JDK-8312489: Increase jdk.jar.maxSignatureFileSize default which is too low for JARs such as WhiteSource/Mend unified agent jar + - JDK-8312525: New test runtime/os/TestTrimNative.java#trimNative is failing: did not see the expected RSS reduction + - JDK-8312535: MidiSystem.getSoundbank() throws unexpected SecurityException + - JDK-8312555: Ideographic characters aren't stretched by AffineTransform.scale(2, 1) + - JDK-8312573: Failure during CompileOnly parsing leads to ShouldNotReachHere + - JDK-8312585: Rename DisableTHPStackMitigation flag to THPStackMitigation + - JDK-8312591: GCC 6 build failure after JDK-8280982 + - JDK-8312619: Strange error message when switching over long + - JDK-8312620: WSL Linux build crashes after JDK-8310233 + - JDK-8312625: Test serviceability/dcmd/vm/TrimLibcHeapTest.java failed: RSS use increased + - JDK-8312909: C1 should not inline through interface calls with non-subtype receiver + - JDK-8312976: MatchResult produces StringIndexOutOfBoundsException for groups outside match + - JDK-8312984: javac may crash on a record pattern with too few components + - JDK-8313081: MonitoringSupport_lock should be unconditionally initialized after 8304074 + - JDK-8313248: C2: setScopedValueCache intrinsic exposes nullptr pre-values to store barriers + - JDK-8313262: C2: Sinking node may cause required cast to be dropped + - JDK-8313307: java/util/Formatter/Padding.java fails on some Locales + - JDK-8313312: Add missing classpath exception copyright header + - JDK-8313323: javac -g on a java file which uses unnamed variable leads to ClassFormatError when launching that class + - JDK-8313402: C1: Incorrect LoadIndexed value numbering + - JDK-8313428: GHA: Bump GCC versions for July 2023 updates + - JDK-8313576: GCC 7 reports compiler warning in bundled freetype 2.13.0 + - JDK-8313602: increase timeout for jdk/classfile/CorpusTest.java + - JDK-8313626: C2 crash due to unexpected exception control flow + - JDK-8313657: com.sun.jndi.ldap.Connection.cleanup does not close connections on SocketTimeoutErrors + - JDK-8313676: Amend TestLoadIndexedMismatch test to target intrinsic directly + - JDK-8313678: SymbolTable can leak Symbols during cleanup + - JDK-8313691: use close after failing os::fdopen in vmError and ciEnv + - JDK-8313701: GHA: RISC-V should use the official repository for bootstrap + - JDK-8313707: GHA: Bootstrap sysroots with --variant=minbase + - JDK-8313752: InstanceKlassFlags::print_on doesn't print the flag names + - JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) + - JDK-8313796: AsyncGetCallTrace crash on unreadable interpreter method pointer + - JDK-8313874: JNI NewWeakGlobalRef throws exception for null arg + - JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/CodeCacheFullCountTest.java fails with java.lang.VirtualMachineError + - JDK-8313904: [macos] All signing tests which verifies unsigned app images are failing + - JDK-8314020: Print instruction blocks in byte units + - JDK-8314024: SIGSEGV in PhaseIdealLoop::build_loop_late_post_work due to bad immediate dominator info + - JDK-8314063: The socket is not closed in Connection::createSocket when the handshake failed for LDAP connection + - JDK-8314117: RISC-V: Incorrect VMReg encoding in RISCV64Frame.java + - JDK-8314118: Update JMH devkit to 1.37 + - JDK-8314139: TEST_BUG: runtime/os/THPsInThreadStackPreventionTest.java could fail on machine with large number of cores + - JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to extra concurrent mark with -Xcomp + - JDK-8314216: Case enumConstant, pattern compilation fails + - JDK-8314262: GHA: Cut down cross-compilation sysroots deeper + - JDK-8314423: Multiple patterns without unnamed variables + - JDK-8314426: runtime/os/TestTrimNative.java is failing on slow machines + - JDK-8314501: Shenandoah: sun/tools/jhsdb/heapconfig/JMapHeapConfigTest.java fails + - JDK-8314517: some tests fail in case ipv6 is disabled on the machine + - JDK-8314618: RISC-V: -XX:MaxVectorSize does not work as expected + - JDK-8314656: GHA: No need for Debian ports keyring installation after JDK-8313701 + - JDK-8314679: SA fails to properly attach to JVM after having just detached from a different JVM + - JDK-8314730: GHA: Drop libfreetype6-dev transitional package in favor of libfreetype-dev + - JDK-8314850: SharedRuntime::handle_wrong_method() gets called too often when resolving Continuation.enter + - JDK-8314960: Add Certigna Root CA - 2 + - JDK-8315020: The macro definition for LoongArch64 zero build is not accurate. + - JDK-8315051: jdk/jfr/jvm/TestGetEventWriter.java fails with non-JVMCI GCs + - JDK-8315534: Incorrect warnings about implicit annotation processing + +Notes on individual issues: +=========================== + +core-libs/java.util.jar: + +JDK-8313765: Invalid CEN header (invalid zip64 extra data field size) +===================================================================== +Additional validity checks in the handling of Zip64 files, +JDK-8302483, introduced in 21.0.0, caused the use of some valid zip +files to now fail with the error, `Invalid CEN header (invalid zip64 +extra data field size)` + +This release, 21.0.1, allows for zero length headers and additional +padding produced by some Zip64 creation tools. + +The following third party tools have also released patches to better +adhere to the ZIP File Format Specification: + +* Apache Commons Compress fix for Empty CEN Zip64 Extra Headers fixed in Commons Compress release 1.11 +* Apache Ant fix for Empty CEN Zip64 Extra Headers fixed in Ant 1.10.14 +* BND issue with writing invalid Extra Headers fixed in BND 5.3 + +The maven-bundle-plugin 5.1.5 includes the BND 5.3 patch. + +If these improved validation checks cause issues for deployed zip or +jar files, check how the file was created and whether patches are +available from the generating software to resolve the issue. With +both JDK releases, the checks can be disabled by setting the new +system property, `jdk.util.zip.disableZip64ExtraFieldValidation` to +`true`. + +hotspot/runtime: + +JDK-8311981: JVM May Hang When Using Generational ZGC if a VM Handshake Stalls on Memory +======================================================================================== +The JVM can hang under an uncommon condition that involves the JVM +running out of heap memory, the GC just starting a relocation phase to +reclaim memory, and a JVM thread-local Handshake asking to relocate an +object. This potential deadlock should now be avoided in this +release. + +core-libs/java.util.regex: + +JDK-8312976: `java.util.regex.MatchResult` Might Throw `StringIndexOutOfBoundsException` on Regex Patterns Containing Lookaheads and Lookbehinds +================================================================================================================================================ +JDK-8132995 introduced an unintended regression when using instances +returned by `java.util.regex.Matcher.toMatchResult()`. + +This regression happens with a `java.util.regex.Pattern`s containing +lookaheads and lookbehinds that, in turn, contain groups. If these are +located outside the match, a `StringIndexOutOfBoundsException` is +thrown when accessing these groups. See JDK-8312976 for an example. + +The issue is resolved in this release by calculating a minimum start +location as part of the match result and using this in constructing +String objects, rather than the location of the first match. + +JDK-8314960: Added Certigna Root CA Certificate +=============================================== +The following root certificate has been added to the cacerts +truststore: + +Name: Certigna (Dhimyotis) +Alias Name: certignarootca +Distinguished Name: CN=Certigna Root CA, OU=0002 48146308100036, O=Dhimyotis, C=FR + +JDK-8312489: Increase Default Value of the System Property `jdk.jar.maxSignatureFileSize` +========================================================================================= +A maximum signature file size property, jdk.jar.maxSignatureFileSize, +was introduced in the 21.0.0 release of OpenJDK by JDK-8300596 to +control the maximum size of signature files in a signed JAR. The +default value of 8MB proved to be too small for some JAR files. This +release, 21.0.1, increases it to 16MB. + New in release OpenJDK 21.0.0 (2023-09-XX): =========================================== Major changes are listed below. Some changes may have been backported -to earlier releases following their first appearance in OpenJDK 21. - -The full list of changes in 21u can be found at: -- * https://builds.shipilev.net/backports-monitor/release-notes-21.txt +to earlier releases following their first appearance in OpenJDK 18 +through to 21. NEW FEATURES ============ @@ -76,8 +273,8 @@ an underscore character, _. This is a preview feature (http://openjdk.java.net/jeps/12) introduced in OpenJDK 21 (JEP 443). -Unnamed Classes and Instance Main Methods -========================================= +Unnamed Classes and Instance Main Methods (Preview) +=================================================== https://openjdk.org/jeps/445 Evolve the Java language so that students can write their first @@ -93,6 +290,24 @@ in OpenJDK 21 (JEP 445). Library Features ================ +UTF-8 by Default +================ +https://openjdk.org/jeps/400 + +Specify UTF-8 as the default charset of the standard Java APIs. With +this change, APIs that depend upon the default charset will behave +consistently across all implementations, operating systems, locales, +and configurations. + +Reimplement Core Reflection with Method Handles +=============================================== +https://openjdk.org/jeps/416 + +Reimplement java.lang.reflect.Method, Constructor, and Field on top of +java.lang.invoke method handles. Making method handles the underlying +mechanism for reflection will reduce the maintenance and development +cost of both the java.lang.reflect and java.lang.invoke APIs. + Vector API ========== https://openjdk.org/jeps/338 @@ -113,6 +328,14 @@ place in OpenJDK 17 (JEP 414), OpenJDK 18 (JEP 417) saw a third, OpenJDK 19 a fourth (JEP 426), OpenJDK 20 (JEP 438) a fifth and OpenJDK 21 a sixth (JEP 448). +Internet-Address Resolution SPI +=============================== +https://openjdk.org/jeps/418 + +Define a service-provider interface (SPI) for host name and address +resolution, so that java.net.InetAddress can make use of resolvers +other than the platform's built-in resolver. + Foreign Function & Memory API ============================= https://openjdk.org/jeps/412 @@ -211,9 +434,55 @@ Improve application performance by extending the Z Garbage Collector will allow ZGC to collect young objects — which tend to die young — more frequently. +Tools +===== + +Simple Web Server +================= +https://openjdk.org/jeps/408 + +Provide a command-line tool, `jwebserver`, to start a minimal web +server that serves static files only. No CGI or servlet-like +functionality is available. This tool will be useful for prototyping, +ad-hoc coding, and testing purposes, particularly in educational +contexts. + +Code Snippets in Java API Documentation +======================================= +https://openjdk.org/jeps/413 + +Introduce an @snippet tag for JavaDoc's Standard Doclet, to simplify +the inclusion of example source code in API documentation. + +Ports +===== + +Linux/RISC-V Port +================= +https://openjdk.org/jeps/422 + +RISC-V is a free and open-source RISC instruction set architecture +(ISA) designed originally at the University of California, Berkeley, +and now developed collaboratively under the sponsorship of RISC-V +International. It is already supported by a wide range of language +toolchains. With the increasing availability of RISC-V hardware, a +port of the JDK would be valuable. + DEPRECATIONS ============ +Deprecate Finalization for Removal +================================== +https://openjdk.org/jeps/421 + +Deprecate finalization for removal in a future release. Finalization +remains enabled by default for now, but can be disabled to facilitate +early testing. In a future release it will be disabled by default, and +in a later release it will be removed. Maintainers of libraries and +applications that rely upon finalization should consider migrating to +other resource management techniques such as the try-with-resources +statement and cleaners. + Deprecate the Windows 32-bit x86 Port for Removal ================================================= https://openjdk.org/jeps/449 @@ -230,4 +499,3 @@ JVM. These warnings aim to prepare users for a future release which disallows the dynamic loading of agents by default in order to improve integrity by default. Serviceability tools that load agents at startup will not cause warnings to be issued in any release. - diff --git a/discover_trees.sh b/discover_trees.sh new file mode 100755 index 0000000..8c31278 --- /dev/null +++ b/discover_trees.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# Copyright (C) 2020 Red Hat, Inc. +# Written by Andrew John Hughes . +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +TREE=${1} + +if test "x${TREE}" = "x"; then + TREE=${PWD} +fi + +if [ -e ${TREE}/nashorn/.hg -o -e ${TREE}/nashorn/merge.changeset ] ; then + NASHORN="nashorn" ; +fi + +if [ -e ${TREE}/corba/.hg -o -e ${TREE}/corba/merge.changeset ] ; then + CORBA="corba"; +fi + +if [ -e ${TREE}/jaxp/.hg -o -e ${TREE}/jaxp/merge.changeset ] ; then + JAXP="jaxp"; +fi + +if [ -e ${TREE}/jaxws/.hg -o -e ${TREE}/jaxws/merge.changeset ] ; then + JAXWS="jaxws"; +fi + +if [ -e ${TREE}/langtools/.hg -o -e ${TREE}/langtools/merge.changeset ] ; then + LANGTOOLS="langtools"; +fi + +if [ -e ${TREE}/jdk/.hg -o -e ${TREE}/jdk/merge.changeset ] ; then + JDK="jdk"; +fi + +if [ -e ${TREE}/hotspot/.hg -o -e ${TREE}/hotspot/merge.changeset ] ; then + HOTSPOT="hotspot"; +fi + +SUBTREES="${CORBA} ${JAXP} ${JAXWS} ${LANGTOOLS} ${NASHORN} ${JDK} ${HOTSPOT}"; +echo ${SUBTREES} diff --git a/fips-21u-75ffdc48eda.patch b/fips-21u-75ffdc48eda.patch index 7ffbe3a..8413fe1 100644 --- a/fips-21u-75ffdc48eda.patch +++ b/fips-21u-75ffdc48eda.patch @@ -4231,4 +4231,3 @@ index 00000000000..87f1ad04505 + } + } +} - diff --git a/generate_source_tarball.sh b/generate_source_tarball.sh index f27158d..5d6efd9 100755 --- a/generate_source_tarball.sh +++ b/generate_source_tarball.sh @@ -6,10 +6,9 @@ # If your local repo follows upstream forests conventions, it may be enough to set OPENJDK_URL # # In any case you have to set PROJECT_NAME REPO_NAME and VERSION. eg: -# BOOT_JDK=/usr/lib/jvm/java-20-openjdk # PROJECT_NAME=openjdk # REPO_NAME=jdk21u -# VERSION=jdk-21+35 +# VERSION=jdk-21.0.1+12 # or to eg prepare systemtap: # icedtea7's jstack and other tapsets # VERSION=6327cf1cea9e @@ -36,13 +35,13 @@ if [ "x$1" = "xhelp" ] ; then VERSION=""; fi echo -e "Behaviour may be specified by setting the following variables:\n" - echo "VERSION - the version of the specified OpenJDK project (current value: ${VERSION})" + echo "VERSION - the version of the specified OpenJDK project" echo "PROJECT_NAME -- the name of the OpenJDK project being archived (optional; only needed by defaults)" echo "REPO_NAME - the name of the OpenJDK repository (optional; only needed by defaults)" echo "OPENJDK_URL - the URL to retrieve code from (optional; defaults to ${OPENJDK_URL_DEFAULT})" echo "COMPRESSION - the compression type to use (optional; defaults to ${COMPRESSION_DEFAULT})" - echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to open${VERSION})" - echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME)" + echo "FILE_NAME_ROOT - name of the archive, minus extensions (optional; defaults to PROJECT_NAME-REPO_NAME-VERSION)" + echo "REPO_ROOT - the location of the Git repository to archive (optional; defaults to OPENJDK_URL/PROJECT_NAME/REPO_NAME.git)" echo "TO_COMPRESS - what part of clone to pack (default is ${VERSION})" echo "BOOT_JDK - the bootstrap JDK to satisfy the configure run" exit 1; @@ -111,7 +110,7 @@ fi echo "Creating a tar.${COMPRESSION} archive" if [ "x$FILE_NAME_ROOT" = "x" ] ; then - FILE_NAME_ROOT=open${VERSION} + FILE_NAME_ROOT=${PROJECT_NAME}-${REPO_NAME}-${VERSION} echo "No file name root specified; default to ${FILE_NAME_ROOT}" fi if [ "x$REPO_ROOT" = "x" ] ; then @@ -121,7 +120,7 @@ fi; if [ "x$TO_COMPRESS" = "x" ] ; then TO_COMPRESS="${VERSION}" - echo "No targets to be compressed specified, ; default to ${TO_COMPRESS}" + echo "No targets to be compressed specified ; default to ${TO_COMPRESS}" fi; echo -e "Settings:" @@ -147,6 +146,7 @@ else popd fi pushd "${FILE_NAME_ROOT}" + # Generate .src-rev so build has knowledge of the revision the tarball was created from mkdir build pushd build @@ -161,17 +161,17 @@ pushd "${FILE_NAME_ROOT}" # Remove history and GHA echo "find ${VERSION} -name '.hgtags'" - find ${VERSION} -name '.hgtags' -exec rm -v '{}' '+' + find ${VERSION} -name '.hgtags' -exec rm -fv '{}' '+' echo "find ${VERSION} -name '.hgignore'" - find ${VERSION} -name '.hgignore' -exec rm -v '{}' '+' + find ${VERSION} -name '.hgignore' -exec rm -fv '{}' '+' echo "find ${VERSION} -name '.gitattributes'" - find ${VERSION} -name '.gitattributes' -exec rm -v '{}' '+' + find ${VERSION} -name '.gitattributes' -exec rm -fv '{}' '+' echo "find ${VERSION} -name '.gitignore'" - find ${VERSION} -name '.gitignore' -exec rm -v '{}' '+' + find ${VERSION} -name '.gitignore' -exec rm -fv '{}' '+' echo "find ${VERSION} -name '.git'" - find ${VERSION} -name '.git' -exec rm -rv '{}' '+' + find ${VERSION} -name '.git' -exec rm -rfv '{}' '+' echo "find ${VERSION} -name '.github'" - find ${VERSION} -name '.github' -exec rm -rv '{}' '+' + find ${VERSION} -name '.github' -exec rm -rfv '{}' '+' echo "Compressing remaining forest" if [ "X$COMPRESSION" = "Xxz" ] ; then diff --git a/icedtea_sync.sh b/icedtea_sync.sh index e5c54f3..c1b8f6a 100755 --- a/icedtea_sync.sh +++ b/icedtea_sync.sh @@ -1,192 +1 @@ -#!/bin/bash - -# Copyright (C) 2019 Red Hat, Inc. -# Written by Andrew John Hughes . -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with this program. If not, see . - -ICEDTEA_USE_VCS=true - -ICEDTEA_VERSION=3.15.0 -ICEDTEA_URL=https://icedtea.classpath.org/download/source -ICEDTEA_SIGNING_KEY=CFDA0F9B35964222 - -ICEDTEA_HG_URL=https://icedtea.classpath.org/hg/icedtea11 - -set -e - -RPM_DIR=${PWD} -if [ ! -f ${RPM_DIR}/jconsole.desktop.in ] ; then - echo "Not in RPM source tree."; - exit 1; -fi - -if test "x${TMPDIR}" = "x"; then - TMPDIR=/tmp; -fi -WORKDIR=${TMPDIR}/it.sync - -echo "Using working directory ${WORKDIR}" -mkdir ${WORKDIR} -pushd ${WORKDIR} - -if test "x${WGET}" = "x"; then - WGET=$(which wget); - if test "x${WGET}" = "x"; then - echo "wget not found"; - exit 1; - fi -fi - -if test "x${TAR}" = "x"; then - TAR=$(which tar) - if test "x${TAR}" = "x"; then - echo "tar not found"; - exit 2; - fi -fi - -echo "Dependencies:"; -echo -e "\tWGET: ${WGET}"; -echo -e "\tTAR: ${TAR}\n"; - -if test "x${ICEDTEA_USE_VCS}" = "xtrue"; then - echo "Mode: Using VCS"; - - if test "x${GREP}" = "x"; then - GREP=$(which grep); - if test "x${GREP}" = "x"; then - echo "grep not found"; - exit 3; - fi - fi - - if test "x${CUT}" = "x"; then - CUT=$(which cut); - if test "x${CUT}" = "x"; then - echo "cut not found"; - exit 4; - fi - fi - - if test "x${TR}" = "x"; then - TR=$(which tr); - if test "x${TR}" = "x"; then - echo "tr not found"; - exit 5; - fi - fi - - if test "x${HG}" = "x"; then - HG=$(which hg); - if test "x${HG}" = "x"; then - echo "hg not found"; - exit 6; - fi - fi - - echo "Dependencies:"; - echo -e "\tGREP: ${GREP}"; - echo -e "\tCUT: ${CUT}"; - echo -e "\tTR: ${TR}"; - echo -e "\tHG: ${HG}"; - - echo "Checking out repository from VCS..."; - ${HG} clone ${ICEDTEA_HG_URL} icedtea - - echo "Obtaining version from configure.ac..."; - ROOT_VER=$(${GREP} '^AC_INIT' icedtea/configure.ac|${CUT} -d ',' -f 2|${TR} -d '[][:space:]') - echo "Root version from configure: ${ROOT_VER}"; - - VCS_REV=$(${HG} log -R icedtea --template '{node|short}' -r tip) - echo "VCS revision: ${VCS_REV}"; - - ICEDTEA_VERSION="${ROOT_VER}-${VCS_REV}" - echo "Creating icedtea-${ICEDTEA_VERSION}"; - mkdir icedtea-${ICEDTEA_VERSION} - echo "Copying required files from checkout to icedtea-${ICEDTEA_VERSION}"; - # Commented out for now as IcedTea 6's jconsole.desktop.in is outdated - #cp -a icedtea/jconsole.desktop.in ../icedtea-${ICEDTEA_VERSION} - cp -a ${RPM_DIR}/jconsole.desktop.in icedtea-${ICEDTEA_VERSION} - cp -a icedtea/tapset icedtea-${ICEDTEA_VERSION} - - rm -rf icedtea -else - echo "Mode: Using tarball"; - - if test "x${ICEDTEA_VERSION}" = "x"; then - echo "No IcedTea version specified for tarball download."; - exit 3; - fi - - if test "x${CHECKSUM}" = "x"; then - CHECKSUM=$(which sha256sum) - if test "x${CHECKSUM}" = "x"; then - echo "sha256sum not found"; - exit 4; - fi - fi - - if test "x${PGP}" = "x"; then - PGP=$(which gpg) - if test "x${PGP}" = "x"; then - echo "gpg not found"; - exit 5; - fi - fi - - echo "Dependencies:"; - echo -e "\tCHECKSUM: ${CHECKSUM}"; - echo -e "\tPGP: ${PGP}\n"; - - echo "Checking for IcedTea signing key ${ICEDTEA_SIGNING_KEY}..."; - if ! gpg --list-keys ${ICEDTEA_SIGNING_KEY}; then - echo "IcedTea signing key ${ICEDTEA_SIGNING_KEY} not installed."; - exit 6; - fi - - echo "Downloading IcedTea release tarball..."; - ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz - echo "Downloading IcedTea tarball signature..."; - ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.tar.xz.sig - echo "Downloading IcedTea tarball checksums..."; - ${WGET} -v ${ICEDTEA_URL}/icedtea-${ICEDTEA_VERSION}.sha256 - - echo "Verifying checksums..."; - ${CHECKSUM} --check --ignore-missing icedtea-${ICEDTEA_VERSION}.sha256 - - echo "Checking signature..."; - ${PGP} --verify icedtea-${ICEDTEA_VERSION}.tar.xz.sig - - echo "Extracting files..."; - ${TAR} xJf icedtea-${ICEDTEA_VERSION}.tar.xz \ - icedtea-${ICEDTEA_VERSION}/tapset \ - icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in - - rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz - rm -vf icedtea-${ICEDTEA_VERSION}.tar.xz.sig - rm -vf icedtea-${ICEDTEA_VERSION}.sha256 -fi - -echo "Replacing desktop files..."; -mv -v icedtea-${ICEDTEA_VERSION}/jconsole.desktop.in ${RPM_DIR} - -echo "Creating new tapset tarball..."; -mv -v icedtea-${ICEDTEA_VERSION} openjdk -${TAR} cJf ${RPM_DIR}/tapsets-icedtea-${ICEDTEA_VERSION}.tar.xz openjdk - -rm -rvf openjdk - -popd -rm -rf ${WORKDIR} +# this file is intentionally not here, as portable builds do not have desktop integration diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 8a3b968..f487843 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -1,8 +1,3 @@ -%if (0%{?rhel} > 0 && 0%{?rhel} < 8) -# portable jdk 17 specific bug, _jvmdir being missing -%define _jvmdir /usr/lib/jvm -%endif - # debug_package %%{nil} is portable-jdks specific %define debug_package %{nil} @@ -41,8 +36,6 @@ %define __os_install_post %{nil} %endif -%global unpacked_licenses %{_datarootdir}/licenses - # Workaround for stripping of debug symbols from static libraries %if %{with staticlibs} %define __brp_strip_static_archive %{nil} @@ -66,10 +59,6 @@ # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 %global _find_debuginfo_opts -g -# With LTO flags enabled, debuginfo checks fail for some reason. Disable -# LTO for a passing build. This really needs to be looked at. -%define _lto_cflags %{nil} - # note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros # also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch # see the difference between global and define: @@ -147,9 +136,9 @@ # Set of architectures which support the serviceability agent %global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} %{arm} # Set of architectures which support class data sharing -# See https://bugzilla.redhat.com/show_bug.cgi?id=513605 -# MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT -%global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{arm} s390x +# As of JDK-8005165 in OpenJDK 10, class sharing is not arch-specific +# However, it does segfault on the Zero assembler port, so currently JIT only +%global share_arches %{jit_arches} # Set of architectures for which we build the Shenandoah garbage collector %global shenandoah_arches x86_64 %{aarch64} # Set of architectures for which we build the Z garbage collector @@ -166,7 +155,7 @@ %global gdb_arches %{jit_arches} %{zero_arches} %endif -# By default, we build a debug build during main build on JIT architectures +# By default, we build a slowdebug build during main build on JIT architectures %if %{with slowdebug} %ifarch %{debug_arches} %global include_debug_build 1 @@ -237,17 +226,24 @@ %global static_libs_target %{nil} %endif -# RPM JDK builds keep the debug symbols internal, to be later stripped by RPM -%global debug_symbols internal - -# unlike portables,the rpms have to use static_libs_target very dynamically -%global bootstrap_targets images legacy-jre-image -%global release_targets images docs-zip legacy-jre-image +# The static libraries are produced under the same configuration as the main +# build for portables, as we expect in-tree libraries to be used throughout. +# If system libraries are enabled, the static libraries will also use them +# which may cause issues. +%global bootstrap_targets images %{static_libs_target} legacy-jre-image +%global release_targets images docs-zip %{static_libs_target} legacy-jre-image # No docs nor bootcycle for debug builds -%global debug_targets images legacy-jre-image +%global debug_targets images %{static_libs_target} legacy-jre-image # Target to use to just build HotSpot %global hotspot_target hotspot +# DTS toolset to use to provide gcc & binutils +%global dtsversion 10 + +# Disable LTO as this causes build failures at the moment. +# See RHBZ#1861401 +%define _lto_cflags %{nil} + # Filter out flags from the optflags macro that cause problems with the OpenJDK build # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 # We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) @@ -327,20 +323,20 @@ # New Version-String scheme-style defines %global featurever 21 %global interimver 0 -%global updatever 0 +%global updatever 1 %global patchver 0 # buildjdkver is usually same as %%{featurever}, # but in time of bootstrap of next jdk, it is featurever-1, # and this it is better to change it here, on single place -%global buildjdkver 21 +%global buildjdkver %{featurever} # We don't add any LTS designator for STS packages (Fedora and EPEL). # We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined. %if 0%{?rhel} && !0%{?epel} %global lts_designator "LTS" %global lts_designator_zip -%{lts_designator} %else - %global lts_designator "" - %global lts_designator_zip "" + %global lts_designator "" + %global lts_designator_zip "" %endif # JDK to use for bootstrapping %global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk @@ -366,26 +362,34 @@ %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} %else %if 0%{?rhel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{name} +%global oj_vendor_bug_url https://access.redhat.com/support/cases/ %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif %endif %endif -%global oj_vendor_version (Red_Hat-%{version}-%{release}) +%global oj_vendor_version (Red_Hat-%{version}-%{rpmrelease}) # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 6.0.0pre00-c848b93a8598 # Define current Git revision for the FIPS support patches %global fipsver 75ffdc48eda +# Define JDK versions +%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} +%global javaver %{featurever} +# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames +%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) +# The tag used to create the OpenJDK tarball +%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK %global top_level_dir_name %{vcstag} %global top_level_dir_name_backup %{top_level_dir_name}-backup -%global buildver 35 -%global rpmrelease 4 +%global buildver 12 +%global rpmrelease 2 +#%%global tagsuffix %%{nil} # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -398,14 +402,6 @@ # for techpreview, using 1, so slowdebugs can have 0 %global priority %( printf '%08d' 1 ) %endif -%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver} -%global javaver %{featurever} - -# Strip up to 6 trailing zeros in newjavaver, as the JDK does, to get the correct version used in filenames -%global filever %(svn=%{newjavaver}; for i in 1 2 3 4 5 6 ; do svn=${svn%%.0} ; done; echo ${svn}) - -# The tag used to create the OpenJDK tarball -%global vcstag jdk-%{filever}+%{buildver}%{?tagsuffix:-%{tagsuffix}} # Define milestone (EA for pre-releases, GA for releases) # Release will be (where N is usually a number starting at 1): @@ -415,7 +411,7 @@ %if %{is_ga} %global build_type GA %global ea_designator "" -%global ea_designator_zip "" +%global ea_designator_zip %{nil} %global extraver %{nil} %global eaprefix %{nil} %else @@ -438,7 +434,9 @@ %global static_libs_install_dir %{static_libs_arch_dir}/glibc # output dir stub %define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}} +%define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}} %global altjavaoutputdir install/altjava.install +%define packageoutputdir() %{expand:packages/jdk%{featurever}.packages%{?1}} # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}.%{_arch}%{?1}} # main id and dir of this jdk @@ -459,6 +457,8 @@ # Intentionally use jdkportablenameimpl here since we want to have static-libs files overlayed on # top of the JDK archive %define staticlibsportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} +%define docportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable.docs;g" | sed "s;openjdkportable;el;g") +%define docportablearchive() %{docportablename}.tar.xz %define miscportablename() %(echo %{uniquesuffix ""} | sed "s;%{version}-%{release};\\0.portable.misc;g" | sed "s;openjdkportable;el;g") %define miscportablearchive() %{miscportablename}.tar.xz @@ -490,6 +490,12 @@ %global __requires_exclude ^(%{_privatelibs}|%{_publiclibs})$ %endif +# VM variant being built +%ifarch %{zero_arches} +%global vm_variant zero +%else +%global vm_variant server +%endif %global etcjavasubdir %{_sysconfdir}/java/java-%{javaver}-%{origin} %define etcjavadir() %{expand:%{etcjavasubdir}/%{uniquesuffix -- %{?1}}} @@ -512,29 +518,8 @@ %global alternatives_requires %{_sbindir}/alternatives %endif -%if %{with_systemtap} -# Where to install systemtap tapset (links) -# We would like these to be in a package specific sub-dir, -# but currently systemtap doesn't support that, so we have to -# use the root tapset dir for now. To distinguish between 64 -# and 32 bit architectures we place the tapsets under the arch -# specific dir (note that systemtap will only pickup the tapset -# for the primary arch for now). Systemtap uses the machine name -# aka target_cpu as architecture specific directory name. -%global tapsetroot /usr/share/systemtap -%global tapsetdirttapset %{tapsetroot}/tapset/ -%global tapsetdir %{tapsetdirttapset}/%{stapinstall} -%endif - -# x86 is no longer supported -%if 0%{?java_arches:1} -ExclusiveArch: %{java_arches} -%else -ExcludeArch: %{ix86} -%endif - -# Portables have no rpo (requires/provides), but thsoe are awesome for orientation in spec -# also scriptlets are hapily missing and files are handled old fashion +# Portables have no repo (requires/provides), but these are awesome for orientation in spec +# Also scriptlets are happily missing and files are handled old fashion # not-duplicated requires/provides/obsoletes for normal/debug packages %define java_rpo() %{expand: } @@ -545,16 +530,18 @@ ExcludeArch: %{ix86} %define java_static_libs_rpo() %{expand: } +%define java_unstripped_rpo() %{expand: +} + +%define java_docs_rpo() %{expand: +} + %define java_misc_rpo() %{expand: } # Prevent brp-java-repack-jars from being run %global __jar_repack 0 -# portables have grown out of its component, moving back to java-x-vendor -# this expression, when declared as global, filled component with java-x-vendor portable -%define component %(echo %{name} | sed "s;-portable;;g") - Name: java-latest-%{origin}-portable Version: %{newjavaver}.%{buildver} # This package needs `.rolling` as part of Release so as to not conflict on install with @@ -572,6 +559,11 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}.rolling%{?dist} # provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". Epoch: 1 + +# portables have grown out of its component, moving back to java-x-vendor +# this expression, when declared as global, filled component with java-x-vendor portable +%define component %(echo %{name} | sed "s;-portable;;g") + Summary: %{origin_nice} %{featurever} Runtime Environment portable edition # Groups are only used up to RHEL 8 and on Fedora versions prior to F30 %if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30) @@ -595,9 +587,8 @@ Group: Development/Languages License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib and ISC and FTL and RSA URL: http://openjdk.java.net/ - # The source tarball, generated using generate_source_tarball.sh -Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}.tar.xz +Source0: https://openjdk-sources.osci.io/openjdk%{featurever}/open%{vcstag}%{ea_designator_zip}.tar.xz # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (6.x). @@ -616,8 +607,7 @@ Source10: NEWS Source11: alt-java.c # Removed libraries that we link instead -# Disabled in portables -#Source12: remove-intree-libraries.sh +Source12: remove-intree-libraries.sh # Ensure we aren't using the limited crypto policy Source13: TestCryptoLevel.java @@ -634,14 +624,6 @@ Source16: CheckVendor.java # Ensure translations are available for new timezones Source18: TestTranslations.java -%if (0%{?rhel} > 0 && 0%{?rhel} < 8) -# boot jdk for portable build root on -Source1001: ojdk17-aarch64-17.35.tar.gz -Source1002: ojdk17-ppc64le-17.35.tar.gz -Source1003: ojdk17-x86_64-17.35.tar.gz -Source1004: ojdk17-s390x-17.35.tar.gz -%endif - ############################################ # # RPM/distribution specific patches @@ -691,16 +673,29 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch # OpenJDK patches in need of upstreaming # ############################################# + # JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo # PR: https://github.com/openjdk/jdk/pull/15409 Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch +# Currently empty + ############################################# # # OpenJDK patches which missed last update # ############################################# -#empty now + +# JDK-8311630: [s390] Implementation of Foreign Function & Memory API (Preview) +Patch100: jdk8311630-s390_ffmapi.patch + +############################################# +# +# Portable build specific patches +# +############################################# + +# Currently empty BuildRequires: autoconf BuildRequires: automake @@ -710,11 +705,11 @@ BuildRequires: cups-devel BuildRequires: desktop-file-utils # elfutils only are OK for build without AOT BuildRequires: elfutils-devel +BuildRequires: file BuildRequires: fontconfig-devel -BuildRequires: freetype-devel %if (0%{?rhel} > 0 && 0%{?rhel} < 8) -BuildRequires: devtoolset-8-gcc -BuildRequires: devtoolset-8-gcc-c++ +BuildRequires: devtoolset-%{dtsversion}-gcc +BuildRequires: devtoolset-%{dtsversion}-gcc-c++ %else BuildRequires: gcc # gcc-c++ is already needed @@ -737,9 +732,8 @@ BuildRequires: libXtst-devel # Requirement for setting up nss.fips.cfg BuildRequires: nss-devel # Requirement for system security property test -%if (0%{?rhel} > 0 && 0%{?rhel} < 8) -BuildRequires: crypto-policies -%endif +#N/A +#BuildRequires: crypto-policies BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip @@ -758,7 +752,6 @@ BuildRequires: libffi-devel %endif # 2023c required as of JDK-8305113 BuildRequires: tzdata-java >= 2023c - # cacerts build requirement in portable mode BuildRequires: ca-certificates # Earlier versions have a bug in tree vectorization on PPC @@ -777,18 +770,18 @@ BuildRequires: lcms2-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel %else -# Version in src/java.desktop/share/native/libfreetype/include/freetype/freetype.h -Provides: bundled(freetype) = 2.12.1 +# Version in src/java.desktop/share/legal/freetype.md +Provides: bundled(freetype) = 2.13.0 # Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h Provides: bundled(giflib) = 5.2.1 # Version in src/java.desktop/share/native/libharfbuzz/hb-version.h -Provides: bundled(harfbuzz) = 4.4.1 +Provides: bundled(harfbuzz) = 7.2.0 # Version in src/java.desktop/share/native/liblcms/lcms2.h -Provides: bundled(lcms2) = 2.12.0 +Provides: bundled(lcms2) = 2.15.0 # Version in src/java.desktop/share/native/libjavajpeg/jpeglib.h Provides: bundled(libjpeg) = 6b # Version in src/java.desktop/share/native/libsplashscreen/libpng/png.h -Provides: bundled(libpng) = 1.6.37 +Provides: bundled(libpng) = 1.6.39 # We link statically against libstdc++ to increase portability BuildRequires: libstdc++-static %endif @@ -863,7 +856,7 @@ Group: Development/Tools %{java_devel_rpo -- %{fastdebug_suffix_unquoted}} %description devel-fastdebug -The %{origin_nice} %{featurever} development tools - portable edition. +The %{origin_nice} %{featurever} runtime environment and development tools - portable edition %{fastdebug_warning} %endif @@ -871,7 +864,7 @@ The %{origin_nice} %{featurever} development tools - portable edition. %if %{include_normal_build} %package static-libs -Summary: %{origin_nice} %{featurever} libraries for static linking - portable edition. +Summary: %{origin_nice} %{featurever} libraries for static linking - portable edition %{java_static_libs_rpo %{nil}} @@ -886,7 +879,7 @@ Summary: %{origin_nice} %{featurever} libraries for static linking - portable ed %{java_static_libs_rpo -- %{debug_suffix_unquoted}} %description static-libs-slowdebug -The %{origin_nice} %{featurever} libraries for static linking - portable edition. +The %{origin_nice} %{featurever} libraries for static linking - portable edition %{debug_warning} %endif @@ -897,13 +890,32 @@ Summary: %{origin_nice} %{featurever} libraries for static linking - portable ed %{java_static_libs_rpo -- %{fastdebug_suffix_unquoted}} %description static-libs-fastdebug -The %{origin_nice} %{featurever} libraries for static linking - portable edition. +The %{origin_nice} %{featurever} libraries for static linking - portable edition %{fastdebug_warning} %endif # staticlibs %endif +%if %{include_normal_build} +%package unstripped +Summary: The %{origin_nice} %{featurever} runtime environment. + +%{java_unstripped_rpo %{nil}} + +%description unstripped +The %{origin_nice} %{featurever} runtime environment. + +%endif + +%package docs +Summary: %{origin_nice} %{featurever} API documentation + +%{java_docs_rpo %{nil}} + +%description docs +The %{origin_nice} %{featurever} API documentation. + %package misc Summary: %{origin_nice} %{featurever} miscellany @@ -923,10 +935,10 @@ The %{origin_nice} %{featurever} full patched sources of portable JDK to build, echo "Preparing %{oj_vendor_version}" # Using the echo macro breaks rpmdev-bumpspec, as it parses the first line of stdout :-( -%if 0%{?stapinstall:1} - echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{stapinstall}" +%if 0%{?_build_cpu:1} + echo "CPU: %{_target_cpu}, arch install directory: %{archinstall}, SystemTap install directory: %{_build_cpu}" %else - %{error:Unrecognised architecture %{_target_cpu}} + %{error:Unrecognised architecture %{_build_cpu}} %endif if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then @@ -947,7 +959,6 @@ else echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" exit 13 fi - if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." exit 14 @@ -979,8 +990,11 @@ pushd %{top_level_dir_name} %patch1001 -p1 # Patches in need of upstreaming %patch6 -p1 +# Patches in next release +%patch100 -p1 popd # openjdk + # The OpenJDK version file includes the current # upstream version information. For some reason, # configure does not automatically use the @@ -1001,59 +1015,12 @@ if [ "x${UPSTREAM_EA_DESIGNATOR}" != "x%{ea_designator}" ] ; then exit 17 fi -# Extract systemtap tapsets -%if %{with_systemtap} -tar --strip-components=1 -x -I xz -f %{SOURCE8} -%if %{include_debug_build} -cp -r tapset tapset%{debug_suffix} -%endif -%if %{include_fastdebug_build} -cp -r tapset tapset%{fastdebug_suffix} -%endif - -for suffix in %{build_loop} ; do - for file in "tapset"$suffix/*.in; do - OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` - sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/server/libjvm.so:g" $file > $file.1 - sed -e "s:@JAVA_SPEC_VER@:%{javaver}:g" $file.1 > $file.2 -# TODO find out which architectures other than i686 have a client vm -%ifarch %{ix86} - sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/lib/client/libjvm.so:g" $file.2 > $OUTPUT_FILE -%else - sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.2 > $OUTPUT_FILE -%endif - sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE - sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE - sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE - done -done -# systemtap tapsets ends -%endif +# Systemtap is processed in rpms # Prepare desktop files # Portables do not have desktop integration %build -%if (0%{?rhel} > 0 && 0%{?rhel} < 8) -mkdir bootjdk -pushd bootjdk -%ifarch %{aarch64} -tar --strip-components=1 -xf %{SOURCE1001} -%endif -%ifarch %{ppc64le} -tar --strip-components=1 -xf %{SOURCE1002} -%endif -%ifarch x86_64 -tar --strip-components=1 -xf %{SOURCE1003} -%endif -%ifarch s390x -tar --strip-components=1 -xf %{SOURCE1004} -%endif -BOOT_JDK=$PWD -popd -%else -BOOT_JDK=%{bootjdk} -%endif # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) @@ -1091,12 +1058,15 @@ echo "Building %{SOURCE11}" mkdir -p %{altjavaoutputdir} gcc ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11} +echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}" + function buildjdk() { local outputdir=${1} local buildjdk=${2} local maketargets="${3}" local debuglevel=${4} local link_opt=${5} + local debug_symbols=${6} local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name} local top_dir_abs_build_path=$(pwd)/${outputdir} @@ -1115,6 +1085,7 @@ function buildjdk() { echo "Using make targets: ${maketargets}" echo "Using debuglevel: ${debuglevel}" echo "Using link_opt: ${link_opt}" + echo "Using debug_symbols: ${debug_symbols}" echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}" mkdir -p ${outputdir} @@ -1125,7 +1096,7 @@ function buildjdk() { # are always used in a system_libs build, even # for the static library build %if (0%{?rhel} > 0 && 0%{?rhel} < 8) - scl enable devtoolset-8 -- bash ${top_dir_abs_src_path}/configure \ + scl enable devtoolset-%{dtsversion} -- bash ${top_dir_abs_src_path}/configure \ %else bash ${top_dir_abs_src_path}/configure \ %endif @@ -1145,7 +1116,7 @@ function buildjdk() { --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ --with-boot-jdk=${buildjdk} \ --with-debug-level=${debuglevel} \ - --with-native-debug-symbols="%{debug_symbols}" \ + --with-native-debug-symbols="${debug_symbols}" \ --disable-sysconf-nss \ --enable-unlimited-crypto \ --with-zlib=%{link_type} \ @@ -1169,7 +1140,7 @@ function buildjdk() { cat spec.gmk %if (0%{?rhel} > 0 && 0%{?rhel} < 8) - scl enable devtoolset-8 -- make \ + scl enable devtoolset-%{dtsversion} -- make \ %else make \ %endif @@ -1177,109 +1148,117 @@ function buildjdk() { WARNINGS_ARE_ERRORS="-Wno-error" \ CFLAGS_WARNINGS_ARE_ERRORS="-Wno-error" \ $maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false ) - popd } -function installjdk() { - local imagepath=${1} +function stripjdk() { + local outputdir=${1} + local jdkimagepath=${outputdir}/images/%{jdkimage} + local jreimagepath=${outputdir}/images/%{jreimage} + local jmodimagepath=${outputdir}/images/jmods + local supportdir=${outputdir}/support - if [ -d ${imagepath} ] ; then - # the build (erroneously) removes read permissions from some jars - # this is a regression in OpenJDK 7 (our compiler): - # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 - find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \; + if [ "x$suffix" = "x" ] ; then + # Keep the unstripped version for consumption by RHEL RPMs + cp -a ${jdkimagepath}{,.unstripped} - # Build screws up permissions on binaries - # https://bugs.openjdk.java.net/browse/JDK-8173610 - find ${imagepath} -iname '*.so' -exec chmod +x {} \; - find ${imagepath}/bin/ -exec chmod +x {} \; - - # Create fake alt-java as a placeholder for future alt-java - if [ -d man/man1 ] ; then - pushd ${imagepath} - # add alt-java man page - echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1 - cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 - popd - fi - fi -} - -# Checks on debuginfo must be performed before the files are stripped -# by the RPM installation stage -function debugcheckjdk() { - local imagepath=${1} - - if [ -d ${imagepath} ] ; then - - so_suffix="so" - # Check debug symbols are present and can identify code - find "${imagepath}" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib - do - if [ -f "$lib" ] ; then - echo "Testing $lib for debug symbols" - # All these tests rely on RPM failing the build if the exit code of any set - # of piped commands is non-zero. - - # Test for .debug_* sections in the shared object. This is the main test - # Stripped objects will not contain these - eu-readelf -S "$lib" | grep "] .debug_" - test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 - - # Test FILE symbols. These will most likely be removed by anything that - # manipulates symbol tables because it's generally useless. So a nice test - # that nothing has messed with symbols - old_IFS="$IFS" - IFS=$'\n' - for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") - do - # We expect to see .cpp and .S files, except for architectures like aarch64 and - # s390 where we expect .o and .oS files - echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|S|oS))?$" - done - IFS="$old_IFS" - - # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking - if [ "`basename $lib`" = "libjvm.so" ]; then - eu-readelf -s "$lib" | \ - grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" - fi - - # Test that there are no .gnu_debuglink sections pointing to another - # debuginfo file. There shouldn't be any debuginfo files, so the link makes - # no sense either - eu-readelf -S "$lib" | grep 'gnu' - if eu-readelf -S "$lib" | grep "\] .gnu_debuglink" | grep PROGBITS; then - echo "bad .gnu_debuglink section." - eu-readelf -x .gnu_debuglink "$lib" - false - fi + # Strip the files + for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} -type f) ; do + if file ${file} | grep -q 'ELF'; then + noextfile=${file/.so/}; + objcopy --only-keep-debug ${file} ${noextfile}.debuginfo; + objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}; + strip -g ${file}; fi done - # Make sure gdb can do a backtrace based on line numbers on libjvm.so - # javaCalls.cpp:58 should map to: - # http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 - # Using line number 1 might cause build problems. See: - # https://bugzilla.redhat.com/show_bug.cgi?id=1539664 - # https://bugzilla.redhat.com/show_bug.cgi?id=1538767 - gdb -q "${imagepath}/bin/java" < man/man1/%{alt_java_name}.1 + cat man/man1/java.1 >> man/man1/%{alt_java_name}.1 + popd + + # Print release information + cat ${imagepath}/release + fi + done } function genchecksum() { @@ -1295,218 +1274,202 @@ function genchecksum() { popd } -packagesdir=$(pwd)/.. +function packFullPatchedSources() { + srcpackagesdir=`pwd` + tar -cJf ${srcpackagesdir}/%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" %{top_level_dir_name} + genchecksum ${srcpackagesdir}/%{jdkportablesourcesarchive -- ""} +} -pwd -ls -l -tar -cJf ${packagesdir}/%{jdkportablesourcesarchive -- ""} --transform "s|^|%{jdkportablesourcesname -- ""}/|" %{top_level_dir_name} -genchecksum ${packagesdir}/%{jdkportablesourcesarchive -- ""} +function packagejdk() { + local imagesdir=$(pwd)/${1}/images + local docdir=$(pwd)/${1}/images/docs + local bundledir=$(pwd)/${1}/bundles + local packagesdir=$(pwd)/${2} + local srcdir=$(pwd)/%{top_level_dir_name} + local tapsetdir=$(pwd)/tapset + local altjavadir=$(pwd)/${3} + + echo "Packaging build from ${imagesdir} to ${packagesdir}..." + mkdir -p ${packagesdir} + pushd ${imagesdir} + + echo "Packaging build from ${imagesdir} to ${packagesdir}..." + mkdir -p ${packagesdir} + pushd ${imagesdir} + + if [ "x$suffix" = "x" ] ; then + nameSuffix="" + else + nameSuffix=`echo "$suffix"| sed s/-/./` + fi + + jdkname=%{jdkportablename -- "$nameSuffix"} + jdkarchive=${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} + jrename=%{jreportablename -- "$nameSuffix"} + jrearchive=${packagesdir}/%{jreportablearchive -- "$nameSuffix"} + staticname=%{staticlibsportablename -- "$nameSuffix"} + staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} + debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"} + unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} + # We only use docs for the release build + docname=%{docportablename} + docarchive=${packagesdir}/%{docportablearchive} + built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip + # These are from the source tree so no debug variants + miscname=%{miscportablename} + miscarchive=${packagesdir}/%{miscportablearchive} + + if [ "x$suffix" = "x" ] ; then + # Keep the unstripped version for consumption by RHEL RPMs + mv %{jdkimage}.unstripped ${jdkname} + tar -cJf ${unstrippedarchive} ${jdkname} + genchecksum ${unstrippedarchive} + mv ${jdkname} %{jdkimage}.unstripped + fi + + # Rename directories for packaging + mv %{jdkimage} ${jdkname} + mv %{jreimage} ${jrename} + + # Release images have external debug symbols + if [ "x$suffix" = "x" ] ; then + tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo) + genchecksum ${debugarchive} + + mkdir ${docname} + mv ${docdir} ${docname} + mv ${bundledir}/${built_doc_archive} ${docname} + tar -cJf ${docarchive} ${docname} + genchecksum ${docarchive} + + mkdir ${miscname} + for s in 16 24 32 48 ; do + cp -av ${srcdir}/src/java.desktop/unix/classes/sun/awt/X11/java-icon${s}.png ${miscname} + done +%if %{with_systemtap} + cp -a ${tapsetdir}* ${miscname} +%endif + cp -av ${altjavadir}/%{alt_java_name} ${miscname} + tar -cJf ${miscarchive} ${miscname} + genchecksum ${miscarchive} + fi + + tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname} + genchecksum ${jdkarchive} + + tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename} + genchecksum ${jrearchive} + +%if %{include_staticlibs} + # Static libraries (needed for building graal vm with native image) + # Tar as overlay. Transform to the JDK name, since we just want to "add" + # static libraries to that folder + tar -cJf ${staticarchive} \ + --transform "s|^%{static_libs_image}/lib/*|${staticname}/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" + genchecksum ${staticarchive} +%endif + + # Revert directory renaming so testing will run + # TODO: testing should run on the packaged JDK + mv ${jdkname} %{jdkimage} + mv ${jrename} %{jreimage} + + popd #images + +} + +packFullPatchedSources %if %{build_hotspot_first} # Build a fresh libjvm.so first and use it to bootstrap cp -LR --preserve=mode,timestamps %{bootjdk} newboot systemjdk=$(pwd)/newboot - buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" - mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server + buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" "internal" + mv build/newboot/jdk/lib/%{vm_variant}/libjvm.so newboot/lib/%{vm_variant} %else systemjdk=%{bootjdk} %endif for suffix in %{build_loop} ; do + if [ "x$suffix" = "x" ] ; then debugbuild=release else # change --something to something debugbuild=`echo $suffix | sed "s/-//g"` fi - for loop in %{main_suffix} %{staticlibs_loop} ; do - builddir=%{buildoutputdir -- ${suffix}${loop}} - bootbuilddir=boot${builddir} - if test "x${loop}" = "x%{main_suffix}" ; then - link_opt="%{link_type}" + # We build with internal debug symbols and do + # our own stripping for one version of the + # release build + debug_symbols=internal + + builddir=%{buildoutputdir -- ${suffix}} + bootbuilddir=boot${builddir} + installdir=%{installoutputdir -- ${suffix}} + bootinstalldir=boot${installdir} + packagesdir=%{packageoutputdir -- ${suffix}} + + link_opt="%{link_type}" %if %{system_libs} - # Copy the source tree so we can remove all in-tree libraries - cp -a %{top_level_dir_name} %{top_level_dir_name_backup} - # Remove all libraries that are linked - sh %{SOURCE12} %{top_level_dir_name} full + # Copy the source tree so we can remove all in-tree libraries + cp -a %{top_level_dir_name} %{top_level_dir_name_backup} + # Remove all libraries that are linked + sh %{SOURCE12} %{top_level_dir_name} full %endif - # Debug builds don't need same targets as release for - # build speed-up. We also avoid bootstrapping these - # slower builds. - if echo $debugbuild | grep -q "debug" ; then - maketargets="%{debug_targets}" - run_bootstrap=false - else - maketargets="%{release_targets}" - run_bootstrap=%{bootstrap_build} - fi - if ${run_bootstrap} ; then - buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} - buildjdk ${builddir} $(pwd)/${bootbuilddir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} - rm -rf ${bootbuilddir} - else - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} - fi + # Debug builds don't need same targets as release for + # build speed-up. We also avoid bootstrapping these + # slower builds. + if echo $debugbuild | grep -q "debug" ; then + maketargets="%{debug_targets}" + run_bootstrap=false + else + maketargets="%{release_targets}" + run_bootstrap=%{bootstrap_build} + fi + if ${run_bootstrap} ; then + buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt} ${debug_symbols} + installjdk ${bootbuilddir} ${bootinstalldir} + buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + stripjdk ${builddir} + installjdk ${builddir} ${installdir} + %{!?with_artifacts:rm -rf ${bootinstalldir}} + else + buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} ${debug_symbols} + stripjdk ${builddir} + installjdk ${builddir} ${installdir} + fi + packagejdk ${installdir} ${packagesdir} %{altjavaoutputdir} + %if %{system_libs} - # Restore original source tree we modified by removing full in-tree sources - rm -rf %{top_level_dir_name} - mv %{top_level_dir_name_backup} %{top_level_dir_name} + # Restore original source tree we modified by removing full in-tree sources + rm -rf %{top_level_dir_name} + mv %{top_level_dir_name_backup} %{top_level_dir_name} %endif - else - # Use bundled libraries for building statically - link_opt="bundled" - # Static library cycle only builds the static libraries - maketargets="%{static_libs_target}" - # Always just do the one build for the static libraries - buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt} - fi - - done # end of main / staticlibs loop - - # Final setup on the main image - top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} - for image in %{jdkimage} %{jreimage} ; do - imagePath=${top_dir_abs_main_build_path}/images/${image} - installjdk ${imagePath} - done - # Check debug symbols were built into the dynamic libraries; todo, why it passes in JDK only? - debugcheckjdk ${top_dir_abs_main_build_path}/images/%{jdkimage} - - # Print release information - cat ${top_dir_abs_main_build_path}/images/%{jdkimage}/release - -################################################################################ - pushd ${top_dir_abs_main_build_path}/images - if [ "x$suffix" == "x" ] ; then - nameSuffix="" - else - nameSuffix=`echo "$suffix"| sed s/-/./` - fi - # additional steps needed for fluent repack; most of them done twice, as images are already populated - # maybe most of them should be done in upstream build? - for imagedir in %{jdkimage} %{jreimage} ; do - pushd $imagedir - # Convert man pages to UTF8 encoding - if [ -d man/man1 ] ; then # jre do not have man pages... - for manpage in man/man1/* ; do - iconv -f ISO_8859-1 -t UTF8 $manpage -o $manpage.tmp - mv -f $manpage.tmp $manpage - done - fi - # Install release notes - cp -a %{SOURCE10} `pwd` - cp -a %{SOURCE10} `pwd`/legal - # stabilize permissions; aprtially duplicated in instalojdk - find `pwd` -name "*.so" -exec chmod 755 {} \; -exec echo "set 755 to so {}" \; ; - find `pwd` -type d -exec chmod 755 {} \; -exec echo "set 755 to dir {}" \; ; - find `pwd`/legal -type f -exec chmod 644 {} \; -exec echo "set 644 to licences {}" \; ; - popd # jdkimage/jreimage - done # jre/sdk work in loop - # javadoc is done only for release sdkimage - if ! echo $suffix | grep -q "debug" ; then - # Install Javadoc documentation - #cp -a docs %{jdkimage} # not sure if the plaintext javadoc is for some use - built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip - cp -a `pwd`/../bundles/${built_doc_archive} `pwd`/%{jdkimage}/javadocs.zip || ls -l `pwd`/../bundles - fi - # end of additional steps - - mv %{jdkimage} %{jdkportablename -- "$nameSuffix"} - mv %{jreimage} %{jreportablename -- "$nameSuffix"} - tar -cJf ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"} - genchecksum ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} - tar -cJf ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"} - genchecksum ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} - # copy licenses so they are avialable out of tarball - cp -rf %{jdkportablename -- "$nameSuffix"}/legal ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal - mv %{jdkportablename -- "$nameSuffix"} %{jdkimage} - mv %{jreportablename -- "$nameSuffix"} %{jreimage} - popd #images -%if %{include_staticlibs} - top_dir_abs_staticlibs_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{staticlibs_suffix}} - pushd ${top_dir_abs_staticlibs_build_path}/images - # Static libraries (needed for building graal vm with native image) - # Tar as overlay. Transform to the JDK name, since we just want to "add" - # static libraries to that folder - portableJDKname=%{staticlibsportablename -- "$nameSuffix"} - tar -cJf ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} --transform "s|^%{static_libs_image}/lib/*|$portableJDKname/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib" - genchecksum ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} - popd #staticlibs-images -%endif -################################################################################ -# note, currently no debuginfo, consult portbale spec for external (zipped) debuginfo, being tarred alone -################################################################################ # build cycles done # end of release / debug cycle loop -# These are from the source tree so no debug variants -miscname=%{miscportablename} -miscarchive=${packagesdir}/%{miscportablearchive} - -mkdir ${miscname} -cp -av %{altjavaoutputdir}/%{alt_java_name} ${miscname} -tar -cJf ${miscarchive} ${miscname} -genchecksum ${miscarchive} - -%install - -packagesdir=$(pwd)/.. - -mkdir -p $RPM_BUILD_ROOT%{_jvmdir} -# Install outside the loop as there are no debug variants -miscarchive=${packagesdir}/%{miscportablearchive} -mv ${packagesdir}/%{jdkportablesourcesarchive -- ""} $RPM_BUILD_ROOT%{_jvmdir}/ -mv ${packagesdir}/%{jdkportablesourcesarchive -- ""}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ -mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/ -mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ - -for suffix in %{build_loop} ; do -top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} - -################################################################################ - if [ "x$suffix" == "x" ] ; then - nameSuffix="" - else - nameSuffix=`echo "$suffix"| sed s/-/./` - fi - mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ - mv ${packagesdir}/%{jdkportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ - mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ - mv ${packagesdir}/%{jreportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ -%if %{include_staticlibs} - mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ - mv ${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ -%endif - if [ "x$suffix" == "x" ] ; then - dnameSuffix="$nameSuffix".debuginfo -# todo handle debuginfo, see note at build (we will need to pack one stripped and one unstripped release build) -# mv ../%{jdkportablearchive -- "$dnameSuffix"} $RPM_BUILD_ROOT%{_jvmdir}/ -# mv ../%{jdkportablearchive -- "$dnameSuffix"}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ - fi -################################################################################ -# end, dual install -done -################################################################################ -# the licenses are packed onloy once and shared -mkdir -p $RPM_BUILD_ROOT%{unpacked_licenses} -mv ${packagesdir}/%{jdkportablearchive -- "%{normal_suffix}"}-legal $RPM_BUILD_ROOT%{unpacked_licenses}/%{jdkportablesourcesarchive -- "%{normal_suffix}"} -# To show sha in the build log -for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do ls -l $file ; cat $file ; done -################################################################################ - %check # We test debug first as it will give better diagnostics on a crash for suffix in %{build_loop} ; do -# Tests in the check stage are performed on the installed image -# rpmbuild operates as follows: build -> install -> test -# however in portbales, we test built image instead of installed one -top_dir_abs_main_build_path=$(pwd)/%{buildoutputdir -- ${suffix}%{main_suffix}} +# portable builds have static_libs embedded, thus top_dir_abs_main_build_path is same as top_dir_abs_staticlibs_build_path +top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}} +%if %{include_staticlibs} +top_dir_abs_staticlibs_build_path=${top_dir_abs_main_build_path} +%endif + export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} -#check Shenandoah is enabled +# Pre-test setup + +# System security properties are disabled by default on portable. +# Turn on system security properties +#sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ +#${JAVA_HOME}/conf/security/java.security + +# Check Shenandoah is enabled %if %{use_shenandoah_hotspot} $JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -version %endif @@ -1525,9 +1488,14 @@ $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") $JAVA_HOME/bin/javac -d . %{SOURCE15} export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") export SEC_DEBUG="-Djava.security.debug=properties" +# Specific to portable:System security properties to be off by default $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=false ${PROG} false +# Check correct vendor values have been set +$JAVA_HOME/bin/javac -d . %{SOURCE16} +$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}" + # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi @@ -1539,14 +1507,11 @@ nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl if ! nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl ; then true ; else false; fi %endif -# Check correct vendor values have been set -$JAVA_HOME/bin/javac -d . %{SOURCE16} -$JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" "%{oj_vendor_url}" "%{oj_vendor_bug_url}" "%{oj_vendor_version}" - %if ! 0%{?flatpak} # Check translations are available for new timezones (during flatpak builds, the # tzdb.dat used by this test is not where the test expects it, so this is -# disabled for flatpak builds) +# disabled for flatpak builds) +# Disable test until we are on the latest JDK $JAVA_HOME/bin/javac -d . %{SOURCE18} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR @@ -1554,9 +1519,82 @@ $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})| %if %{include_staticlibs} # Check debug symbols in static libraries (smoke test) -export STATIC_LIBS_HOME=${top_dir_abs_main_build_path}/../../%{buildoutputdir -- ${suffix}%{staticlibs_suffix}}/images/static-libs/lib/ -readelf --debug-dump $STATIC_LIBS_HOME/libnet.a | grep Inet4AddressImpl.c -readelf --debug-dump $STATIC_LIBS_HOME/libnet.a | grep Inet6AddressImpl.c +export STATIC_LIBS_HOME=${top_dir_abs_staticlibs_build_path}/images/%{static_libs_image} +ls -l $STATIC_LIBS_HOME +ls -l $STATIC_LIBS_HOME/lib +readelf --debug-dump $STATIC_LIBS_HOME/lib/libnet.a | grep Inet4AddressImpl.c +readelf --debug-dump $STATIC_LIBS_HOME/lib/libnet.a | grep Inet6AddressImpl.c +%endif + +# Release builds strip the debug symbols into external .debuginfo files +if [ "x$suffix" = "x" ] ; then + so_suffix="debuginfo" +else + so_suffix="so" +fi +# Check debug symbols are present and can identify code +find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib +do + if [ -f "$lib" ] ; then + echo "Testing $lib for debug symbols" + # All these tests rely on RPM failing the build if the exit code of any set + # of piped commands is non-zero. + + # Test for .debug_* sections in the shared object. This is the main test + # Stripped objects will not contain these + eu-readelf -S "$lib" | grep "] .debug_" + test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 + + # Test FILE symbols. These will most likely be removed by anything that + # manipulates symbol tables because it's generally useless. So a nice test + # that nothing has messed with symbols + old_IFS="$IFS" + IFS=$'\n' + for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") + do + # We expect to see .cpp and .S files, except for architectures like aarch64 and + # s390 where we expect .o and .oS files + echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|S|oS))?$" + done + IFS="$old_IFS" + + # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking + if [ "`basename $lib`" = "libjvm.so" ]; then + eu-readelf -s "$lib" | \ + grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" + fi + + # Test that there are no .gnu_debuglink sections pointing to another + # debuginfo file. There shouldn't be any debuginfo files, so the link makes + # no sense either + eu-readelf -S "$lib" | grep 'gnu' + if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then + echo "bad .gnu_debuglink section." + eu-readelf -x .gnu_debuglink "$lib" + false + fi + fi +done + +# Make sure gdb can do a backtrace based on line numbers on libjvm.so +# javaCalls.cpp:58 should map to: +# http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 +# Using line number 1 might cause build problems. See: +# https://bugzilla.redhat.com/show_bug.cgi?id=1539664 +# https://bugzilla.redhat.com/show_bug.cgi?id=1538767 +gdb -q "$JAVA_HOME/bin/java" < - 1:21.0.1.0.12-2.rolling +- updated to OpenJDK 21.0.1 (2023-10-17) +- adjsuted generate_source_tarball +- removed icedtea_sync +- dropped standalone licenses +- added usntripped subpkg +- added docs subpkg +- adjsuted versions of bundled libraries +- build refactored to several solid methods following gnu_andrew +- removed no longer needed jdk8296108-tzdata2022f.patch, jdk8296715-cldr2022f.patch, rh1648644-java_access_bridge_privileged_security.patch +- added jdk8311630-s390_ffmapi.patch to support virtual threads on s390x +- aligned fips-21u-75ffdc48eda.patch (gnu_andrew) + * Wed Sep 20 2023 Jiri Vanek - 1:21.0.0.0.35-4.rolling - removed %{1} from miscportablename diff --git a/jconsole.desktop.in b/jconsole.desktop.in index 8a3b04d..c1b8f6a 100644 --- a/jconsole.desktop.in +++ b/jconsole.desktop.in @@ -1,10 +1 @@ -[Desktop Entry] -Name=OpenJDK @JAVA_VER@ for @target_cpu@ Monitoring & Management Console (@OPENJDK_VER@) -Comment=Monitor and manage OpenJDK applications -Exec=_SDKBINDIR_/jconsole -Icon=java-@JAVA_VER@-@JAVA_VENDOR@ -Terminal=false -Type=Application -StartupWMClass=sun-tools-jconsole-JConsole -Categories=Development;Profiling;Java; -Version=1.0 +# this file is intentionally not here, as portable builds do not have desktop integration diff --git a/jdk8296108-tzdata2022f.patch b/jdk8296108-tzdata2022f.patch deleted file mode 100644 index 8b13789..0000000 --- a/jdk8296108-tzdata2022f.patch +++ /dev/null @@ -1 +0,0 @@ - diff --git a/jdk8296715-cldr2022f.patch b/jdk8296715-cldr2022f.patch deleted file mode 100644 index 8b13789..0000000 --- a/jdk8296715-cldr2022f.patch +++ /dev/null @@ -1 +0,0 @@ - diff --git a/jdk8311630-s390_ffmapi.patch b/jdk8311630-s390_ffmapi.patch new file mode 100644 index 0000000..cd3bc08 --- /dev/null +++ b/jdk8311630-s390_ffmapi.patch @@ -0,0 +1,1906 @@ +commit 27f635fabe7c2933674ad40443906fc35eecf785 +Author: Sidraya Jayagond +Date: Tue Sep 12 09:07:09 2023 +0000 + + 8311630: [s390] Implementation of Foreign Function & Memory API (Preview) + + Backport-of: ec1f7a8480db025a6f405817a106af8e92b69c44 + +diff --git a/src/hotspot/cpu/s390/downcallLinker_s390.cpp b/src/hotspot/cpu/s390/downcallLinker_s390.cpp +index baee7d7a043..f831da90755 100644 +--- a/src/hotspot/cpu/s390/downcallLinker_s390.cpp ++++ b/src/hotspot/cpu/s390/downcallLinker_s390.cpp +@@ -23,8 +23,76 @@ + */ + + #include "precompiled.hpp" ++#include "asm/macroAssembler.inline.hpp" ++#include "code/codeBlob.hpp" ++#include "code/codeCache.hpp" ++#include "code/vmreg.inline.hpp" ++#include "compiler/oopMap.hpp" ++#include "logging/logStream.hpp" ++#include "memory/resourceArea.hpp" + #include "prims/downcallLinker.hpp" +-#include "utilities/debug.hpp" ++#include "runtime/globals.hpp" ++#include "runtime/stubCodeGenerator.hpp" ++ ++#define __ _masm-> ++ ++class DowncallStubGenerator : public StubCodeGenerator { ++ BasicType* _signature; ++ int _num_args; ++ BasicType _ret_bt; ++ const ABIDescriptor& _abi; ++ ++ const GrowableArray& _input_registers; ++ const GrowableArray& _output_registers; ++ ++ bool _needs_return_buffer; ++ int _captured_state_mask; ++ bool _needs_transition; ++ ++ int _frame_complete; ++ int _frame_size_slots; ++ OopMapSet* _oop_maps; ++ public: ++ DowncallStubGenerator(CodeBuffer* buffer, ++ BasicType* signature, ++ int num_args, ++ BasicType ret_bt, ++ const ABIDescriptor& abi, ++ const GrowableArray& input_registers, ++ const GrowableArray& output_registers, ++ bool needs_return_buffer, ++ int captured_state_mask, ++ bool needs_transition) ++ :StubCodeGenerator(buffer, PrintMethodHandleStubs), ++ _signature(signature), ++ _num_args(num_args), ++ _ret_bt(ret_bt), ++ _abi(abi), ++ _input_registers(input_registers), ++ _output_registers(output_registers), ++ _needs_return_buffer(needs_return_buffer), ++ _captured_state_mask(captured_state_mask), ++ _needs_transition(needs_transition), ++ _frame_complete(0), ++ _frame_size_slots(0), ++ _oop_maps(nullptr) { ++ } ++ void generate(); ++ int frame_complete() const { ++ return _frame_complete; ++ } ++ ++ int framesize() const { ++ return (_frame_size_slots >> (LogBytesPerWord - LogBytesPerInt)); ++ } ++ ++ OopMapSet* oop_maps() const { ++ return _oop_maps; ++ } ++}; ++ ++static const int native_invoker_code_base_size = 512; ++static const int native_invoker_size_per_args = 8; + + RuntimeStub* DowncallLinker::make_downcall_stub(BasicType* signature, + int num_args, +@@ -35,6 +103,197 @@ RuntimeStub* DowncallLinker::make_downcall_stub(BasicType* signature, + bool needs_return_buffer, + int captured_state_mask, + bool needs_transition) { +- Unimplemented(); +- return nullptr; ++ ++ int code_size = native_invoker_code_base_size + (num_args * native_invoker_size_per_args); ++ int locs_size = 1; //must be non zero ++ CodeBuffer code("nep_invoker_blob", code_size, locs_size); ++ ++ DowncallStubGenerator g(&code, signature, num_args, ret_bt, abi, ++ input_registers, output_registers, ++ needs_return_buffer, captured_state_mask, ++ needs_transition); ++ g.generate(); ++ code.log_section_sizes("nep_invoker_blob"); ++ ++ RuntimeStub* stub = ++ RuntimeStub::new_runtime_stub("nep_invoker_blob", ++ &code, ++ g.frame_complete(), ++ g.framesize(), ++ g.oop_maps(), false); ++ ++#ifndef PRODUCT ++ LogTarget(Trace, foreign, downcall) lt; ++ if (lt.is_enabled()) { ++ ResourceMark rm; ++ LogStream ls(lt); ++ stub->print_on(&ls); ++ } ++#endif ++ ++ return stub; ++} ++ ++void DowncallStubGenerator::generate() { ++ Register call_target_address = Z_R1_scratch, ++ tmp = Z_R0_scratch; ++ ++ VMStorage shuffle_reg = _abi._scratch1; ++ ++ JavaCallingConvention in_conv; ++ NativeCallingConvention out_conv(_input_registers); ++ ArgumentShuffle arg_shuffle(_signature, _num_args, _signature, _num_args, &in_conv, &out_conv, shuffle_reg); ++ ++#ifndef PRODUCT ++ LogTarget(Trace, foreign, downcall) lt; ++ if (lt.is_enabled()) { ++ ResourceMark rm; ++ LogStream ls(lt); ++ arg_shuffle.print_on(&ls); ++ } ++#endif ++ ++ assert(_abi._shadow_space_bytes == frame::z_abi_160_size, "expected space according to ABI"); ++ int allocated_frame_size = _abi._shadow_space_bytes; ++ allocated_frame_size += arg_shuffle.out_arg_bytes(); ++ ++ assert(!_needs_return_buffer, "unexpected needs_return_buffer"); ++ RegSpiller out_reg_spiller(_output_registers); ++ int spill_offset = allocated_frame_size; ++ allocated_frame_size += BytesPerWord; ++ ++ StubLocations locs; ++ locs.set(StubLocations::TARGET_ADDRESS, _abi._scratch2); ++ ++ if (_captured_state_mask != 0) { ++ __ block_comment("{ _captured_state_mask is set"); ++ locs.set_frame_data(StubLocations::CAPTURED_STATE_BUFFER, allocated_frame_size); ++ allocated_frame_size += BytesPerWord; ++ __ block_comment("} _captured_state_mask is set"); ++ } ++ ++ allocated_frame_size = align_up(allocated_frame_size, StackAlignmentInBytes); ++ _frame_size_slots = allocated_frame_size >> LogBytesPerInt; ++ ++ _oop_maps = _needs_transition ? new OopMapSet() : nullptr; ++ address start = __ pc(); ++ ++ __ save_return_pc(); ++ __ push_frame(allocated_frame_size, Z_R11); // Create a new frame for the wrapper. ++ ++ _frame_complete = __ pc() - start; // frame build complete. ++ ++ if (_needs_transition) { ++ __ block_comment("{ thread java2native"); ++ __ get_PC(Z_R1_scratch); ++ address the_pc = __ pc(); ++ __ set_last_Java_frame(Z_SP, Z_R1_scratch); ++ ++ OopMap* map = new OopMap(_frame_size_slots, 0); ++ _oop_maps->add_gc_map(the_pc - start, map); ++ ++ // State transition ++ __ set_thread_state(_thread_in_native); ++ __ block_comment("} thread java2native"); ++ } ++ __ block_comment("{ argument shuffle"); ++ arg_shuffle.generate(_masm, shuffle_reg, frame::z_jit_out_preserve_size, _abi._shadow_space_bytes, locs); ++ __ block_comment("} argument shuffle"); ++ ++ __ call(as_Register(locs.get(StubLocations::TARGET_ADDRESS))); ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ ++ if (_captured_state_mask != 0) { ++ __ block_comment("{ save thread local"); ++ ++ out_reg_spiller.generate_spill(_masm, spill_offset); ++ ++ __ load_const_optimized(call_target_address, CAST_FROM_FN_PTR(uint64_t, DowncallLinker::capture_state)); ++ __ z_lg(Z_ARG1, Address(Z_SP, locs.data_offset(StubLocations::CAPTURED_STATE_BUFFER))); ++ __ load_const_optimized(Z_ARG2, _captured_state_mask); ++ __ call(call_target_address); ++ ++ out_reg_spiller.generate_fill(_masm, spill_offset); ++ ++ __ block_comment("} save thread local"); ++ } ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ ++ Label L_after_safepoint_poll; ++ Label L_safepoint_poll_slow_path; ++ Label L_reguard; ++ Label L_after_reguard; ++ ++ if (_needs_transition) { ++ __ block_comment("{ thread native2java"); ++ __ set_thread_state(_thread_in_native_trans); ++ ++ if (!UseSystemMemoryBarrier) { ++ __ z_fence(); // Order state change wrt. safepoint poll. ++ } ++ ++ __ safepoint_poll(L_safepoint_poll_slow_path, tmp); ++ ++ __ load_and_test_int(tmp, Address(Z_thread, JavaThread::suspend_flags_offset())); ++ __ z_brne(L_safepoint_poll_slow_path); ++ ++ __ bind(L_after_safepoint_poll); ++ ++ // change thread state ++ __ set_thread_state(_thread_in_Java); ++ ++ __ block_comment("reguard stack check"); ++ __ z_cli(Address(Z_thread, JavaThread::stack_guard_state_offset() + in_ByteSize(sizeof(StackOverflow::StackGuardState) - 1)), ++ StackOverflow::stack_guard_yellow_reserved_disabled); ++ __ z_bre(L_reguard); ++ __ bind(L_after_reguard); ++ ++ __ reset_last_Java_frame(); ++ __ block_comment("} thread native2java"); ++ } ++ ++ __ pop_frame(); ++ __ restore_return_pc(); // This is the way back to the caller. ++ __ z_br(Z_R14); ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ ++ if (_needs_transition) { ++ __ block_comment("{ L_safepoint_poll_slow_path"); ++ __ bind(L_safepoint_poll_slow_path); ++ ++ // Need to save the native result registers around any runtime calls. ++ out_reg_spiller.generate_spill(_masm, spill_offset); ++ ++ __ load_const_optimized(call_target_address, CAST_FROM_FN_PTR(uint64_t, JavaThread::check_special_condition_for_native_trans)); ++ __ z_lgr(Z_ARG1, Z_thread); ++ __ call(call_target_address); ++ ++ out_reg_spiller.generate_fill(_masm, spill_offset); ++ ++ __ z_bru(L_after_safepoint_poll); ++ __ block_comment("} L_safepoint_poll_slow_path"); ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ __ block_comment("{ L_reguard"); ++ __ bind(L_reguard); ++ ++ // Need to save the native result registers around any runtime calls. ++ out_reg_spiller.generate_spill(_masm, spill_offset); ++ ++ __ load_const_optimized(call_target_address, CAST_FROM_FN_PTR(uint64_t, SharedRuntime::reguard_yellow_pages)); ++ __ call(call_target_address); ++ ++ out_reg_spiller.generate_fill(_masm, spill_offset); ++ ++ __ z_bru(L_after_reguard); ++ ++ __ block_comment("} L_reguard"); ++ } ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ ++ __ flush(); + } +diff --git a/src/hotspot/cpu/s390/foreignGlobals_s390.cpp b/src/hotspot/cpu/s390/foreignGlobals_s390.cpp +index d3a318536bd..9796ab4ffe4 100644 +--- a/src/hotspot/cpu/s390/foreignGlobals_s390.cpp ++++ b/src/hotspot/cpu/s390/foreignGlobals_s390.cpp +@@ -23,34 +23,209 @@ + */ + + #include "precompiled.hpp" +-#include "code/vmreg.hpp" ++#include "asm/macroAssembler.inline.hpp" ++#include "code/vmreg.inline.hpp" ++#include "runtime/jniHandles.hpp" ++#include "runtime/jniHandles.inline.hpp" ++#include "oops/typeArrayOop.inline.hpp" ++#include "oops/oopCast.inline.hpp" + #include "prims/foreignGlobals.hpp" +-#include "utilities/debug.hpp" ++#include "prims/foreignGlobals.inline.hpp" ++#include "prims/vmstorage.hpp" ++#include "utilities/formatBuffer.hpp" + +-class MacroAssembler; ++#define __ masm-> ++ ++bool ABIDescriptor::is_volatile_reg(Register reg) const { ++ return _integer_volatile_registers.contains(reg); ++} ++ ++bool ABIDescriptor::is_volatile_reg(FloatRegister reg) const { ++ return _float_argument_registers.contains(reg) ++ || _float_additional_volatile_registers.contains(reg); ++} + + bool ForeignGlobals::is_foreign_linker_supported() { +- return false; ++ return true; + } + + const ABIDescriptor ForeignGlobals::parse_abi_descriptor(jobject jabi) { +- Unimplemented(); +- return {}; ++ oop abi_oop = JNIHandles::resolve_non_null(jabi); ++ ABIDescriptor abi; ++ ++ objArrayOop inputStorage = jdk_internal_foreign_abi_ABIDescriptor::inputStorage(abi_oop); ++ parse_register_array(inputStorage, StorageType::INTEGER, abi._integer_argument_registers, as_Register); ++ parse_register_array(inputStorage, StorageType::FLOAT, abi._float_argument_registers, as_FloatRegister); ++ ++ objArrayOop outputStorage = jdk_internal_foreign_abi_ABIDescriptor::outputStorage(abi_oop); ++ parse_register_array(outputStorage, StorageType::INTEGER, abi._integer_return_registers, as_Register); ++ parse_register_array(outputStorage, StorageType::FLOAT, abi._float_return_registers, as_FloatRegister); ++ ++ objArrayOop volatileStorage = jdk_internal_foreign_abi_ABIDescriptor::volatileStorage(abi_oop); ++ parse_register_array(volatileStorage, StorageType::INTEGER, abi._integer_volatile_registers, as_Register); ++ parse_register_array(volatileStorage, StorageType::FLOAT, abi._float_additional_volatile_registers, as_FloatRegister); ++ ++ abi._stack_alignment_bytes = jdk_internal_foreign_abi_ABIDescriptor::stackAlignment(abi_oop); ++ abi._shadow_space_bytes = jdk_internal_foreign_abi_ABIDescriptor::shadowSpace(abi_oop); ++ ++ abi._scratch1 = parse_vmstorage(jdk_internal_foreign_abi_ABIDescriptor::scratch1(abi_oop)); ++ abi._scratch2 = parse_vmstorage(jdk_internal_foreign_abi_ABIDescriptor::scratch2(abi_oop)); ++ ++ return abi; + } + + int RegSpiller::pd_reg_size(VMStorage reg) { +- Unimplemented(); +- return -1; ++ if (reg.type() == StorageType::INTEGER || reg.type() == StorageType::FLOAT) { ++ return 8; ++ } ++ return 0; // stack and BAD + } + + void RegSpiller::pd_store_reg(MacroAssembler* masm, int offset, VMStorage reg) { +- Unimplemented(); ++ if (reg.type() == StorageType::INTEGER) { ++ __ reg2mem_opt(as_Register(reg), Address(Z_SP, offset), true); ++ } else if (reg.type() == StorageType::FLOAT) { ++ __ freg2mem_opt(as_FloatRegister(reg), Address(Z_SP, offset), true); ++ } else { ++ // stack and BAD ++ } + } + + void RegSpiller::pd_load_reg(MacroAssembler* masm, int offset, VMStorage reg) { +- Unimplemented(); ++ if (reg.type() == StorageType::INTEGER) { ++ __ mem2reg_opt(as_Register(reg), Address(Z_SP, offset), true); ++ } else if (reg.type() == StorageType::FLOAT) { ++ __ mem2freg_opt(as_FloatRegister(reg), Address(Z_SP, offset), true); ++ } else { ++ // stack and BAD ++ } ++} ++ ++static int reg2offset(VMStorage vms, int stk_bias) { ++ assert(!vms.is_reg(), "wrong usage"); ++ return vms.index_or_offset() + stk_bias; ++} ++ ++static void move_reg(MacroAssembler* masm, int out_stk_bias, ++ VMStorage from_reg, VMStorage to_reg) { ++ int out_bias = 0; ++ switch (to_reg.type()) { ++ case StorageType::INTEGER: ++ if (to_reg.segment_mask() == REG64_MASK && from_reg.segment_mask() == REG32_MASK ) { ++ // see CCallingConventionRequiresIntsAsLongs ++ __ z_lgfr(as_Register(to_reg), as_Register(from_reg)); ++ } else { ++ __ lgr_if_needed(as_Register(to_reg), as_Register(from_reg)); ++ } ++ break; ++ case StorageType::STACK: ++ out_bias = out_stk_bias; //fallthrough ++ case StorageType::FRAME_DATA: { ++ // Integer types always get a 64 bit slot in C. ++ if (from_reg.segment_mask() == REG32_MASK) { ++ // see CCallingConventionRequiresIntsAsLongs ++ __ z_lgfr(as_Register(from_reg), as_Register(from_reg)); ++ } ++ switch (to_reg.stack_size()) { ++ case 8: __ reg2mem_opt(as_Register(from_reg), Address(Z_SP, reg2offset(to_reg, out_bias)), true); break; ++ case 4: __ reg2mem_opt(as_Register(from_reg), Address(Z_SP, reg2offset(to_reg, out_bias)), false); break; ++ default: ShouldNotReachHere(); ++ } ++ } break; ++ default: ShouldNotReachHere(); ++ } ++} ++ ++static void move_float(MacroAssembler* masm, int out_stk_bias, ++ VMStorage from_reg, VMStorage to_reg) { ++ switch (to_reg.type()) { ++ case StorageType::FLOAT: ++ if (from_reg.segment_mask() == REG64_MASK) ++ __ move_freg_if_needed(as_FloatRegister(to_reg), T_DOUBLE, as_FloatRegister(from_reg), T_DOUBLE); ++ else ++ __ move_freg_if_needed(as_FloatRegister(to_reg), T_FLOAT, as_FloatRegister(from_reg), T_FLOAT); ++ break; ++ case StorageType::STACK: ++ if (from_reg.segment_mask() == REG64_MASK) { ++ assert(to_reg.stack_size() == 8, "size should match"); ++ __ freg2mem_opt(as_FloatRegister(from_reg), Address(Z_SP, reg2offset(to_reg, out_stk_bias)), true); ++ } else { ++ assert(to_reg.stack_size() == 4, "size should match"); ++ __ freg2mem_opt(as_FloatRegister(from_reg), Address(Z_SP, reg2offset(to_reg, out_stk_bias)), false); ++ } ++ break; ++ default: ShouldNotReachHere(); ++ } ++} ++ ++static void move_stack(MacroAssembler* masm, Register tmp_reg, int in_stk_bias, int out_stk_bias, ++ VMStorage from_reg, VMStorage to_reg) { ++ int out_bias = 0; ++ Address from_addr(Z_R11, reg2offset(from_reg, in_stk_bias)); ++ switch (to_reg.type()) { ++ case StorageType::INTEGER: ++ switch (from_reg.stack_size()) { ++ case 8: __ mem2reg_opt(as_Register(to_reg), from_addr, true);break; ++ case 4: __ mem2reg_opt(as_Register(to_reg), from_addr, false);break; ++ default: ShouldNotReachHere(); ++ } ++ break; ++ case StorageType::FLOAT: ++ switch (from_reg.stack_size()) { ++ case 8: __ mem2freg_opt(as_FloatRegister(to_reg), from_addr, true);break; ++ case 4: __ mem2freg_opt(as_FloatRegister(to_reg), from_addr, false);break; ++ default: ShouldNotReachHere(); ++ } ++ break; ++ case StorageType::STACK: ++ out_bias = out_stk_bias; // fallthrough ++ case StorageType::FRAME_DATA: { ++ switch (from_reg.stack_size()) { ++ case 8: __ mem2reg_opt(tmp_reg, from_addr, true); break; ++ case 4: if (to_reg.stack_size() == 8) { ++ __ mem2reg_signed_opt(tmp_reg, from_addr); ++ } else { ++ __ mem2reg_opt(tmp_reg, from_addr, false); ++ } ++ break; ++ default: ShouldNotReachHere(); ++ } ++ switch (to_reg.stack_size()) { ++ case 8: __ reg2mem_opt(tmp_reg, Address (Z_SP, reg2offset(to_reg, out_bias)), true); break; ++ case 4: __ reg2mem_opt(tmp_reg, Address (Z_SP, reg2offset(to_reg, out_bias)), false); break; ++ default: ShouldNotReachHere(); ++ } ++ } break; ++ default: ShouldNotReachHere(); ++ } + } + + void ArgumentShuffle::pd_generate(MacroAssembler* masm, VMStorage tmp, int in_stk_bias, int out_stk_bias, const StubLocations& locs) const { +- Unimplemented(); ++ Register tmp_reg = as_Register(tmp); ++ for (int i = 0; i < _moves.length(); i++) { ++ Move move = _moves.at(i); ++ VMStorage from_reg = move.from; ++ VMStorage to_reg = move.to; ++ ++ // replace any placeholders ++ if (from_reg.type() == StorageType::PLACEHOLDER) { ++ from_reg = locs.get(from_reg); ++ } ++ if (to_reg.type() == StorageType::PLACEHOLDER) { ++ to_reg = locs.get(to_reg); ++ } ++ ++ switch (from_reg.type()) { ++ case StorageType::INTEGER: ++ move_reg(masm, out_stk_bias, from_reg, to_reg); ++ break; ++ case StorageType::FLOAT: ++ move_float(masm, out_stk_bias, from_reg, to_reg); ++ break; ++ case StorageType::STACK: ++ move_stack(masm, tmp_reg, in_stk_bias, out_stk_bias, from_reg, to_reg); ++ break; ++ default: ShouldNotReachHere(); ++ } ++ } + } +diff --git a/src/hotspot/cpu/s390/foreignGlobals_s390.hpp b/src/hotspot/cpu/s390/foreignGlobals_s390.hpp +index 8b86a2b06a6..4ff3b3e40b4 100644 +--- a/src/hotspot/cpu/s390/foreignGlobals_s390.hpp ++++ b/src/hotspot/cpu/s390/foreignGlobals_s390.hpp +@@ -24,6 +24,23 @@ + #ifndef CPU_S390_VM_FOREIGN_GLOBALS_S390_HPP + #define CPU_S390_VM_FOREIGN_GLOBALS_S390_HPP + +-class ABIDescriptor {}; ++struct ABIDescriptor { ++ GrowableArray _integer_argument_registers; ++ GrowableArray _integer_return_registers; ++ GrowableArray _float_argument_registers; ++ GrowableArray _float_return_registers; ++ ++ GrowableArray _integer_volatile_registers; ++ GrowableArray _float_additional_volatile_registers; ++ ++ int32_t _stack_alignment_bytes; ++ int32_t _shadow_space_bytes; ++ ++ VMStorage _scratch1; ++ VMStorage _scratch2; ++ ++ bool is_volatile_reg(Register reg) const; ++ bool is_volatile_reg(FloatRegister reg) const; ++}; + + #endif // CPU_S390_VM_FOREIGN_GLOBALS_S390_HPP +diff --git a/src/hotspot/cpu/s390/frame_s390.cpp b/src/hotspot/cpu/s390/frame_s390.cpp +index 23547fa6617..ac24e43f00c 100644 +--- a/src/hotspot/cpu/s390/frame_s390.cpp ++++ b/src/hotspot/cpu/s390/frame_s390.cpp +@@ -218,13 +218,32 @@ frame frame::sender_for_entry_frame(RegisterMap *map) const { + } + + UpcallStub::FrameData* UpcallStub::frame_data_for_frame(const frame& frame) const { +- ShouldNotCallThis(); +- return nullptr; ++ assert(frame.is_upcall_stub_frame(), "wrong frame"); ++ // need unextended_sp here, since normal sp is wrong for interpreter callees ++ return reinterpret_cast( ++ reinterpret_cast
(frame.unextended_sp()) + in_bytes(_frame_data_offset)); + } + + bool frame::upcall_stub_frame_is_first() const { +- ShouldNotCallThis(); +- return false; ++ assert(is_upcall_stub_frame(), "must be optimized entry frame"); ++ UpcallStub* blob = _cb->as_upcall_stub(); ++ JavaFrameAnchor* jfa = blob->jfa_for_frame(*this); ++ return jfa->last_Java_sp() == nullptr; ++} ++ ++frame frame::sender_for_upcall_stub_frame(RegisterMap* map) const { ++ assert(map != nullptr, "map must be set"); ++ UpcallStub* blob = _cb->as_upcall_stub(); ++ // Java frame called from C; skip all C frames and return top C ++ // frame of that chunk as the sender ++ JavaFrameAnchor* jfa = blob->jfa_for_frame(*this); ++ assert(!upcall_stub_frame_is_first(), "must have a frame anchor to go back to"); ++ assert(jfa->last_Java_sp() > sp(), "must be above this frame on stack"); ++ map->clear(); ++ assert(map->include_argument_oops(), "should be set by clear"); ++ frame fr(jfa->last_Java_sp(), jfa->last_Java_pc()); ++ ++ return fr; + } + + frame frame::sender_for_interpreter_frame(RegisterMap *map) const { +diff --git a/src/hotspot/cpu/s390/frame_s390.inline.hpp b/src/hotspot/cpu/s390/frame_s390.inline.hpp +index dfa68940bac..c188618653d 100644 +--- a/src/hotspot/cpu/s390/frame_s390.inline.hpp ++++ b/src/hotspot/cpu/s390/frame_s390.inline.hpp +@@ -352,12 +352,10 @@ inline frame frame::sender(RegisterMap* map) const { + // update it accordingly. + map->set_include_argument_oops(false); + +- if (is_entry_frame()) { +- return sender_for_entry_frame(map); +- } +- if (is_interpreted_frame()) { +- return sender_for_interpreter_frame(map); +- } ++ if (is_entry_frame()) return sender_for_entry_frame(map); ++ if (is_upcall_stub_frame()) return sender_for_upcall_stub_frame(map); ++ if (is_interpreted_frame()) return sender_for_interpreter_frame(map); ++ + assert(_cb == CodeCache::find_blob(pc()),"Must be the same"); + if (_cb != nullptr) return sender_for_compiled_frame(map); + +diff --git a/src/hotspot/cpu/s390/globalDefinitions_s390.hpp b/src/hotspot/cpu/s390/globalDefinitions_s390.hpp +index 99906bb369e..2232215a587 100644 +--- a/src/hotspot/cpu/s390/globalDefinitions_s390.hpp ++++ b/src/hotspot/cpu/s390/globalDefinitions_s390.hpp +@@ -28,7 +28,7 @@ + + #define ShortenBranches true + +-const int StackAlignmentInBytes = 16; ++const int StackAlignmentInBytes = 8; + + #define SUPPORTS_NATIVE_CX8 + +diff --git a/src/hotspot/cpu/s390/methodHandles_s390.cpp b/src/hotspot/cpu/s390/methodHandles_s390.cpp +index 6392ba45a6c..ef8722f2499 100644 +--- a/src/hotspot/cpu/s390/methodHandles_s390.cpp ++++ b/src/hotspot/cpu/s390/methodHandles_s390.cpp +@@ -349,7 +349,16 @@ address MethodHandles::generate_method_handle_interpreter_entry(MacroAssembler* + + void MethodHandles::jump_to_native_invoker(MacroAssembler* _masm, Register nep_reg, Register temp_target) { + BLOCK_COMMENT("jump_to_native_invoker {"); +- __ should_not_reach_here(); ++ assert(nep_reg != noreg, "required register"); ++ ++ // Load the invoker, as NEP -> .invoker ++ __ verify_oop(nep_reg); ++ ++ __ z_lg(temp_target, Address(nep_reg, ++ NONZERO(jdk_internal_foreign_abi_NativeEntryPoint::downcall_stub_address_offset_in_bytes()))); ++ ++ __ z_br(temp_target); ++ + BLOCK_COMMENT("} jump_to_native_invoker"); + } + +diff --git a/src/hotspot/cpu/s390/upcallLinker_s390.cpp b/src/hotspot/cpu/s390/upcallLinker_s390.cpp +index 3e1fb04218b..b748ec547cc 100644 +--- a/src/hotspot/cpu/s390/upcallLinker_s390.cpp ++++ b/src/hotspot/cpu/s390/upcallLinker_s390.cpp +@@ -22,15 +22,287 @@ + */ + + #include "precompiled.hpp" ++#include "asm/macroAssembler.inline.hpp" ++#include "logging/logStream.hpp" ++#include "memory/resourceArea.hpp" + #include "prims/upcallLinker.hpp" +-#include "utilities/debug.hpp" ++#include "runtime/sharedRuntime.hpp" ++#include "runtime/signature.hpp" ++#include "runtime/stubRoutines.hpp" ++#include "utilities/formatBuffer.hpp" ++#include "utilities/globalDefinitions.hpp" + ++#define __ _masm-> ++ ++// for callee saved regs, according to the caller's ABI ++static int compute_reg_save_area_size(const ABIDescriptor& abi) { ++ int size = 0; ++ for (int i = 0; i < Register::number_of_registers; i++) { ++ Register reg = as_Register(i); ++ // Z_SP saved/restored by prologue/epilogue ++ if (reg == Z_SP) continue; ++ if (!abi.is_volatile_reg(reg)) { ++ size += 8; // bytes ++ } ++ } ++ ++ for (int i = 0; i < FloatRegister::number_of_registers; i++) { ++ FloatRegister reg = as_FloatRegister(i); ++ if (!abi.is_volatile_reg(reg)) { ++ size += 8; // bytes ++ } ++ } ++ ++ return size; ++} ++ ++static void preserve_callee_saved_registers(MacroAssembler* _masm, const ABIDescriptor& abi, int reg_save_area_offset) { ++ // 1. iterate all registers in the architecture ++ // - check if they are volatile or not for the given abi ++ // - if NOT, we need to save it here ++ ++ int offset = reg_save_area_offset; ++ ++ __ block_comment("{ preserve_callee_saved_regs "); ++ for (int i = 0; i < Register::number_of_registers; i++) { ++ Register reg = as_Register(i); ++ // Z_SP saved/restored by prologue/epilogue ++ if (reg == Z_SP) continue; ++ if (!abi.is_volatile_reg(reg)) { ++ __ z_stg(reg, Address(Z_SP, offset)); ++ offset += 8; ++ } ++ } ++ ++ for (int i = 0; i < FloatRegister::number_of_registers; i++) { ++ FloatRegister reg = as_FloatRegister(i); ++ if (!abi.is_volatile_reg(reg)) { ++ __ z_std(reg, Address(Z_SP, offset)); ++ offset += 8; ++ } ++ } ++ ++ __ block_comment("} preserve_callee_saved_regs "); ++} ++ ++static void restore_callee_saved_registers(MacroAssembler* _masm, const ABIDescriptor& abi, int reg_save_area_offset) { ++ // 1. iterate all registers in the architecture ++ // - check if they are volatile or not for the given abi ++ // - if NOT, we need to restore it here ++ ++ int offset = reg_save_area_offset; ++ ++ __ block_comment("{ restore_callee_saved_regs "); ++ for (int i = 0; i < Register::number_of_registers; i++) { ++ Register reg = as_Register(i); ++ // Z_SP saved/restored by prologue/epilogue ++ if (reg == Z_SP) continue; ++ if (!abi.is_volatile_reg(reg)) { ++ __ z_lg(reg, Address(Z_SP, offset)); ++ offset += 8; ++ } ++ } ++ ++ for (int i = 0; i < FloatRegister::number_of_registers; i++) { ++ FloatRegister reg = as_FloatRegister(i); ++ if (!abi.is_volatile_reg(reg)) { ++ __ z_ld(reg, Address(Z_SP, offset)); ++ offset += 8; ++ } ++ } ++ ++ __ block_comment("} restore_callee_saved_regs "); ++} ++ ++static const int upcall_stub_code_base_size = 1024; // depends on GC (resolve_jobject) ++static const int upcall_stub_size_per_arg = 16; // arg save & restore + move + address UpcallLinker::make_upcall_stub(jobject receiver, Method* entry, + BasicType* in_sig_bt, int total_in_args, + BasicType* out_sig_bt, int total_out_args, + BasicType ret_type, + jobject jabi, jobject jconv, + bool needs_return_buffer, int ret_buf_size) { +- ShouldNotCallThis(); +- return nullptr; ++ ResourceMark rm; ++ const ABIDescriptor abi = ForeignGlobals::parse_abi_descriptor(jabi); ++ const CallRegs call_regs = ForeignGlobals::parse_call_regs(jconv); ++ int code_size = upcall_stub_code_base_size + (total_in_args * upcall_stub_size_per_arg); ++ CodeBuffer buffer("upcall_stub", code_size, /* locs_size = */ 0); ++ ++ Register call_target_address = Z_R1_scratch; ++ ++ VMStorage shuffle_reg = abi._scratch1; ++ JavaCallingConvention out_conv; ++ NativeCallingConvention in_conv(call_regs._arg_regs); ++ ArgumentShuffle arg_shuffle(in_sig_bt, total_in_args, out_sig_bt, total_out_args, &in_conv, &out_conv, shuffle_reg); ++ ++ // The Java call uses the JIT ABI, but we also call C. ++ int out_arg_area = MAX2(frame::z_jit_out_preserve_size + arg_shuffle.out_arg_bytes(), (int)frame::z_abi_160_size); ++ ++#ifndef PRODUCT ++ LogTarget(Trace, foreign, upcall) lt; ++ if (lt.is_enabled()) { ++ ResourceMark rm; ++ LogStream ls(lt); ++ arg_shuffle.print_on(&ls); ++ } ++#endif ++ ++ ++ int reg_save_area_size = compute_reg_save_area_size(abi); ++ RegSpiller arg_spiller(call_regs._arg_regs); ++ RegSpiller result_spiller(call_regs._ret_regs); ++ ++ int res_save_area_offset = out_arg_area; ++ int arg_save_area_offset = res_save_area_offset + result_spiller.spill_size_bytes(); ++ int reg_save_area_offset = arg_save_area_offset + arg_spiller.spill_size_bytes(); ++ int frame_data_offset = reg_save_area_offset + reg_save_area_size; ++ int frame_bottom_offset = frame_data_offset + sizeof(UpcallStub::FrameData); ++ ++ int frame_size = align_up(frame_bottom_offset, StackAlignmentInBytes); ++ StubLocations locs; ++ ++ // The space we have allocated will look like: ++ // ++ // ++ // FP-> | | ++ // |---------------------| = frame_bottom_offset = frame_size ++ // | | ++ // | FrameData | ++ // |---------------------| = frame_data_offset ++ // | | ++ // | reg_save_area | ++ // |---------------------| = reg_save_are_offset ++ // | | ++ // | arg_save_area | ++ // |---------------------| = arg_save_are_offset ++ // | | ++ // | res_save_area | ++ // |---------------------| = res_save_are_offset ++ // | | ++ // SP-> | out_arg_area | needs to be at end for shadow space ++ // ++ // ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ ++ MacroAssembler* _masm = new MacroAssembler(&buffer); ++ address start = __ pc(); ++ ++ __ save_return_pc(); ++ assert((abi._stack_alignment_bytes % StackAlignmentInBytes) == 0, "must be 8 byte aligned"); ++ // allocate frame (frame_size is also aligned, so stack is still aligned) ++ __ push_frame(frame_size); ++ ++ // we have to always spill args since we need to do a call to get the thread ++ // (and maybe attach it). ++ arg_spiller.generate_spill(_masm, arg_save_area_offset); ++ // Java methods won't preserve them, so save them here: ++ preserve_callee_saved_registers(_masm, abi, reg_save_area_offset); ++ ++ __ block_comment("{ on_entry"); ++ __ load_const_optimized(call_target_address, CAST_FROM_FN_PTR(uint64_t, UpcallLinker::on_entry)); ++ __ z_aghik(Z_ARG1, Z_SP, frame_data_offset); ++ __ call(call_target_address); ++ __ z_lgr(Z_thread, Z_RET); ++ __ block_comment("} on_entry"); ++ ++ arg_spiller.generate_fill(_masm, arg_save_area_offset); ++ __ block_comment("{ argument shuffle"); ++ arg_shuffle.generate(_masm, shuffle_reg, abi._shadow_space_bytes, frame::z_jit_out_preserve_size, locs); ++ __ block_comment("} argument shuffle"); ++ ++ __ block_comment("{ receiver "); ++ __ load_const_optimized(Z_ARG1, (intptr_t)receiver); ++ __ resolve_jobject(Z_ARG1, Z_tmp_1, Z_tmp_2); ++ __ block_comment("} receiver "); ++ ++ __ load_const_optimized(Z_method, (intptr_t)entry); ++ __ z_stg(Z_method, Address(Z_thread, in_bytes(JavaThread::callee_target_offset()))); ++ ++ __ z_lg(call_target_address, Address(Z_method, in_bytes(Method::from_compiled_offset()))); ++ __ call(call_target_address); ++ ++ // return value shuffle ++ assert(!needs_return_buffer, "unexpected needs_return_buffer"); ++ // CallArranger can pick a return type that goes in the same reg for both CCs. ++ if (call_regs._ret_regs.length() > 0) { // 0 or 1 ++ VMStorage ret_reg = call_regs._ret_regs.at(0); ++ // Check if the return reg is as expected. ++ switch (ret_type) { ++ case T_BOOLEAN: ++ case T_BYTE: ++ case T_SHORT: ++ case T_CHAR: ++ case T_INT: ++ __ z_lgfr(Z_RET, Z_RET); // Clear garbage in high half. ++ // fallthrough ++ case T_LONG: ++ assert(as_Register(ret_reg) == Z_RET, "unexpected result register"); ++ break; ++ case T_FLOAT: ++ case T_DOUBLE: ++ assert(as_FloatRegister(ret_reg) == Z_FRET, "unexpected result register"); ++ break; ++ default: ++ fatal("unexpected return type: %s", type2name(ret_type)); ++ } ++ } ++ ++ result_spiller.generate_spill(_masm, res_save_area_offset); ++ ++ __ block_comment("{ on_exit"); ++ __ load_const_optimized(call_target_address, CAST_FROM_FN_PTR(uint64_t, UpcallLinker::on_exit)); ++ __ z_aghik(Z_ARG1, Z_SP, frame_data_offset); ++ __ call(call_target_address); ++ __ block_comment("} on_exit"); ++ ++ restore_callee_saved_registers(_masm, abi, reg_save_area_offset); ++ ++ result_spiller.generate_fill(_masm, res_save_area_offset); ++ ++ __ pop_frame(); ++ __ restore_return_pc(); ++ __ z_br(Z_R14); ++ ++ ////////////////////////////////////////////////////////////////////////////// ++ ++ __ block_comment("{ exception handler"); ++ ++ intptr_t exception_handler_offset = __ pc() - start; ++ ++ // Native caller has no idea how to handle exceptions, ++ // so we just crash here. Up to callee to catch exceptions. ++ __ verify_oop(Z_ARG1); ++ __ load_const_optimized(call_target_address, CAST_FROM_FN_PTR(uint64_t, UpcallLinker::handle_uncaught_exception)); ++ __ call_c(call_target_address); ++ __ should_not_reach_here(); ++ ++ __ block_comment("} exception handler"); ++ ++ _masm->flush(); ++ ++#ifndef PRODUCT ++ stringStream ss; ++ ss.print("upcall_stub_%s", entry->signature()->as_C_string()); ++ const char* name = _masm->code_string(ss.as_string()); ++#else // PRODUCT ++ const char* name = "upcall_stub"; ++#endif // PRODUCT ++ ++ buffer.log_section_sizes(name); ++ UpcallStub* blob ++ = UpcallStub::create(name, ++ &buffer, ++ exception_handler_offset, ++ receiver, ++ in_ByteSize(frame_data_offset)); ++#ifndef PRODUCT ++ if (lt.is_enabled()) { ++ ResourceMark rm; ++ LogStream ls(lt); ++ blob->print_on(&ls); ++ } ++#endif ++ ++ return blob->code_begin(); + } +diff --git a/src/hotspot/cpu/s390/vmstorage_s390.hpp b/src/hotspot/cpu/s390/vmstorage_s390.hpp +index 192159adc4c..6a595670920 100644 +--- a/src/hotspot/cpu/s390/vmstorage_s390.hpp ++++ b/src/hotspot/cpu/s390/vmstorage_s390.hpp +@@ -29,24 +29,79 @@ + #include "asm/register.hpp" + + enum class StorageType : int8_t { +- STACK = 0, +- PLACEHOLDER = 1, +-// special locations used only by native code +- FRAME_DATA = PLACEHOLDER + 1, ++ INTEGER = 0, ++ FLOAT = 1, ++ STACK = 2, ++ PLACEHOLDER = 3, ++ // special locations used only by native code ++ FRAME_DATA = 4, + INVALID = -1 + }; + + // need to define this before constructing VMStorage (below) + constexpr inline bool VMStorage::is_reg(StorageType type) { +- return false; ++ return type == StorageType::INTEGER || type == StorageType::FLOAT; + } + constexpr inline StorageType VMStorage::stack_type() { return StorageType::STACK; } + constexpr inline StorageType VMStorage::placeholder_type() { return StorageType::PLACEHOLDER; } + constexpr inline StorageType VMStorage::frame_data_type() { return StorageType::FRAME_DATA; } + ++// Needs to be consistent with S390Architecture.java. ++constexpr uint16_t REG32_MASK = 0b0000000000000001; ++constexpr uint16_t REG64_MASK = 0b0000000000000011; ++ ++inline Register as_Register(VMStorage vms) { ++ assert(vms.type() == StorageType::INTEGER, "not the right type"); ++ return ::as_Register(vms.index()); ++} ++ ++inline FloatRegister as_FloatRegister(VMStorage vms) { ++ assert(vms.type() == StorageType::FLOAT, "not the right type"); ++ return ::as_FloatRegister(vms.index()); ++} ++ ++inline VMStorage as_VMStorage(Register reg, uint16_t segment_mask = REG64_MASK) { ++ return VMStorage::reg_storage(StorageType::INTEGER, segment_mask, reg->encoding()); ++} ++ ++inline VMStorage as_VMStorage(FloatRegister reg, uint16_t segment_mask = REG64_MASK) { ++ return VMStorage::reg_storage(StorageType::FLOAT, segment_mask, reg->encoding()); ++} ++ + inline VMStorage as_VMStorage(VMReg reg, BasicType bt) { ++ if (reg->is_Register()) { ++ uint16_t segment_mask = 0; ++ switch (bt) { ++ case T_BOOLEAN: ++ case T_CHAR : ++ case T_BYTE : ++ case T_SHORT : ++ case T_INT : segment_mask = REG32_MASK; break; ++ default : segment_mask = REG64_MASK; break; ++ } ++ return as_VMStorage(reg->as_Register(), segment_mask); ++ } else if (reg->is_FloatRegister()) { ++ // FP regs always use double format. However, we need the correct format for loads /stores. ++ return as_VMStorage(reg->as_FloatRegister(), (bt == T_FLOAT) ? REG32_MASK : REG64_MASK); ++ } else if (reg->is_stack()) { ++ uint16_t size = 0; ++ switch (bt) { ++ case T_BOOLEAN: ++ case T_CHAR : ++ case T_BYTE : ++ case T_SHORT : ++ case T_INT : ++ case T_FLOAT : size = 4; break; ++ default : size = 8; break; ++ } ++ return VMStorage(StorageType::STACK, size, ++ checked_cast(reg->reg2stack() * VMRegImpl::stack_slot_size)); ++ } else if (!reg->is_valid()) { ++ return VMStorage::invalid(); ++ } ++ + ShouldNotReachHere(); + return VMStorage::invalid(); + } + +-#endif // CPU_S390_VMSTORAGE_S390_INLINE_HPP +\ No newline at end of file ++#endif // CPU_S390_VMSTORAGE_S390_INLINE_HPP +diff --git a/src/java.base/share/classes/jdk/internal/foreign/CABI.java b/src/java.base/share/classes/jdk/internal/foreign/CABI.java +index eee4ae67457..d376a196333 100644 +--- a/src/java.base/share/classes/jdk/internal/foreign/CABI.java ++++ b/src/java.base/share/classes/jdk/internal/foreign/CABI.java +@@ -41,6 +41,7 @@ public enum CABI { + WIN_AARCH_64, + LINUX_PPC_64_LE, + LINUX_RISCV_64, ++ LINUX_S390, + FALLBACK, + UNSUPPORTED; + +@@ -81,7 +82,11 @@ public enum CABI { + if (OperatingSystem.isLinux()) { + return LINUX_RISCV_64; + } +- } ++ } else if (arch.equals("s390x")) { ++ if (OperatingSystem.isLinux()) { ++ return LINUX_S390; ++ } ++ } + } else if (FallbackLinker.isSupported()) { + return FALLBACK; // fallback linker + } +diff --git a/src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java b/src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java +index b5eb1029ff5..8a322cdcf7a 100644 +--- a/src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java ++++ b/src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java +@@ -32,6 +32,7 @@ import jdk.internal.foreign.abi.aarch64.windows.WindowsAArch64Linker; + import jdk.internal.foreign.abi.fallback.FallbackLinker; + import jdk.internal.foreign.abi.ppc64.linux.LinuxPPC64leLinker; + import jdk.internal.foreign.abi.riscv64.linux.LinuxRISCV64Linker; ++import jdk.internal.foreign.abi.s390.linux.LinuxS390Linker; + import jdk.internal.foreign.abi.x64.sysv.SysVx64Linker; + import jdk.internal.foreign.abi.x64.windows.Windowsx64Linker; + import jdk.internal.foreign.layout.AbstractLayout; +@@ -60,7 +61,8 @@ import java.util.Set; + public abstract sealed class AbstractLinker implements Linker permits LinuxAArch64Linker, MacOsAArch64Linker, + SysVx64Linker, WindowsAArch64Linker, + Windowsx64Linker, LinuxPPC64leLinker, +- LinuxRISCV64Linker, FallbackLinker { ++ LinuxRISCV64Linker, LinuxS390Linker, ++ FallbackLinker { + + public interface UpcallStubFactory { + MemorySegment makeStub(MethodHandle target, Arena arena); +diff --git a/src/java.base/share/classes/jdk/internal/foreign/abi/SharedUtils.java b/src/java.base/share/classes/jdk/internal/foreign/abi/SharedUtils.java +index 1e417245543..92d10a1dbdf 100644 +--- a/src/java.base/share/classes/jdk/internal/foreign/abi/SharedUtils.java ++++ b/src/java.base/share/classes/jdk/internal/foreign/abi/SharedUtils.java +@@ -35,6 +35,7 @@ import jdk.internal.foreign.abi.aarch64.windows.WindowsAArch64Linker; + import jdk.internal.foreign.abi.fallback.FallbackLinker; + import jdk.internal.foreign.abi.ppc64.linux.LinuxPPC64leLinker; + import jdk.internal.foreign.abi.riscv64.linux.LinuxRISCV64Linker; ++import jdk.internal.foreign.abi.s390.linux.LinuxS390Linker; + import jdk.internal.foreign.abi.x64.sysv.SysVx64Linker; + import jdk.internal.foreign.abi.x64.windows.Windowsx64Linker; + import jdk.internal.vm.annotation.ForceInline; +@@ -242,6 +243,7 @@ public final class SharedUtils { + case WIN_AARCH_64 -> WindowsAArch64Linker.getInstance(); + case LINUX_PPC_64_LE -> LinuxPPC64leLinker.getInstance(); + case LINUX_RISCV_64 -> LinuxRISCV64Linker.getInstance(); ++ case LINUX_S390 -> LinuxS390Linker.getInstance(); + case FALLBACK -> FallbackLinker.getInstance(); + case UNSUPPORTED -> throw new UnsupportedOperationException("Platform does not support native linker"); + }; +diff --git a/src/java.base/share/classes/jdk/internal/foreign/abi/s390/S390Architecture.java b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/S390Architecture.java +new file mode 100644 +index 00000000000..bbafef2f3dc +--- /dev/null ++++ b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/S390Architecture.java +@@ -0,0 +1,151 @@ ++/* ++ * Copyright (c) 2020, 2023, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2023 IBM Corp. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package jdk.internal.foreign.abi.s390; ++ ++import jdk.internal.foreign.abi.ABIDescriptor; ++import jdk.internal.foreign.abi.Architecture; ++import jdk.internal.foreign.abi.StubLocations; ++import jdk.internal.foreign.abi.VMStorage; ++ ++public final class S390Architecture implements Architecture { ++ public static final Architecture INSTANCE = new S390Architecture(); ++ ++ // Needs to be consistent with vmstorage_s390.hpp. ++ public static final short REG32_MASK = 0b0000_0000_0000_0001; ++ public static final short REG64_MASK = 0b0000_0000_0000_0011; ++ ++ private static final int INTEGER_REG_SIZE = 8; ++ private static final int FLOAT_REG_SIZE = 8; ++ private static final int STACK_SLOT_SIZE = 8; ++ ++ // Suppresses default constructor, ensuring non-instantiability. ++ private S390Architecture() { ++ } ++ ++ @Override ++ public boolean isStackType(int cls) { ++ return cls == StorageType.STACK; ++ } ++ ++ @Override ++ public int typeSize(int cls) { ++ switch (cls) { ++ case StorageType.INTEGER: ++ return INTEGER_REG_SIZE; ++ case StorageType.FLOAT: ++ return FLOAT_REG_SIZE; ++ // STACK is deliberately omitted ++ } ++ ++ throw new IllegalArgumentException("Invalid Storage Class: " + cls); ++ } ++ ++ public interface StorageType { ++ byte INTEGER = 0; ++ byte FLOAT = 1; ++ byte STACK = 2; ++ byte PLACEHOLDER = 3; ++ } ++ ++ public static class Regs { // break circular dependency ++ public static final VMStorage r0 = integerRegister(0); ++ public static final VMStorage r1 = integerRegister(1); ++ public static final VMStorage r2 = integerRegister(2); ++ public static final VMStorage r3 = integerRegister(3); ++ public static final VMStorage r4 = integerRegister(4); ++ public static final VMStorage r5 = integerRegister(5); ++ public static final VMStorage r6 = integerRegister(6); ++ public static final VMStorage r7 = integerRegister(7); ++ public static final VMStorage r8 = integerRegister(8); ++ public static final VMStorage r9 = integerRegister(9); ++ public static final VMStorage r10 = integerRegister(10); ++ public static final VMStorage r11 = integerRegister(11); ++ public static final VMStorage r12 = integerRegister(12); ++ public static final VMStorage r13 = integerRegister(13); ++ public static final VMStorage r14 = integerRegister(14); ++ public static final VMStorage r15 = integerRegister(15); ++ ++ public static final VMStorage f0 = floatRegister(0); ++ public static final VMStorage f1 = floatRegister(1); ++ public static final VMStorage f2 = floatRegister(2); ++ public static final VMStorage f3 = floatRegister(3); ++ public static final VMStorage f4 = floatRegister(4); ++ public static final VMStorage f5 = floatRegister(5); ++ public static final VMStorage f6 = floatRegister(6); ++ public static final VMStorage f7 = floatRegister(7); ++ public static final VMStorage f8 = floatRegister(8); ++ public static final VMStorage f9 = floatRegister(9); ++ public static final VMStorage f10 = floatRegister(10); ++ public static final VMStorage f11 = floatRegister(11); ++ public static final VMStorage f12 = floatRegister(12); ++ public static final VMStorage f13 = floatRegister(13); ++ public static final VMStorage f14 = floatRegister(14); ++ public static final VMStorage f15 = floatRegister(15); ++ } ++ ++ private static VMStorage integerRegister(int index) { ++ return new VMStorage(StorageType.INTEGER, REG64_MASK, index, "r" + index); ++ } ++ ++ private static VMStorage floatRegister(int index) { ++ return new VMStorage(StorageType.FLOAT, REG64_MASK, index, "f" + index); ++ } ++ ++ public static VMStorage stackStorage(short size, int byteOffset) { ++ return new VMStorage(StorageType.STACK, size, byteOffset); ++ } ++ ++ public static ABIDescriptor abiFor(VMStorage[] inputIntRegs, ++ VMStorage[] inputFloatRegs, ++ VMStorage[] outputIntRegs, ++ VMStorage[] outputFloatRegs, ++ VMStorage[] volatileIntRegs, ++ VMStorage[] volatileFloatRegs, ++ int stackAlignment, ++ int shadowSpace, ++ VMStorage scratch1, VMStorage scratch2) { ++ return new ABIDescriptor( ++ INSTANCE, ++ new VMStorage[][] { ++ inputIntRegs, ++ inputFloatRegs, ++ }, ++ new VMStorage[][] { ++ outputIntRegs, ++ outputFloatRegs, ++ }, ++ new VMStorage[][] { ++ volatileIntRegs, ++ volatileFloatRegs, ++ }, ++ stackAlignment, ++ shadowSpace, ++ scratch1, scratch2, ++ StubLocations.TARGET_ADDRESS.storage(StorageType.PLACEHOLDER), ++ StubLocations.RETURN_BUFFER.storage(StorageType.PLACEHOLDER), ++ StubLocations.CAPTURED_STATE_BUFFER.storage(StorageType.PLACEHOLDER)); ++ } ++} +diff --git a/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/LinuxS390CallArranger.java b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/LinuxS390CallArranger.java +new file mode 100644 +index 00000000000..84392e45089 +--- /dev/null ++++ b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/LinuxS390CallArranger.java +@@ -0,0 +1,311 @@ ++/* ++ * Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2023 IBM Corp. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package jdk.internal.foreign.abi.s390.linux; ++ ++import java.lang.foreign.AddressLayout; ++import java.lang.foreign.FunctionDescriptor; ++import java.lang.foreign.GroupLayout; ++import java.lang.foreign.MemoryLayout; ++import java.lang.foreign.MemorySegment; ++import jdk.internal.foreign.abi.ABIDescriptor; ++import jdk.internal.foreign.abi.AbstractLinker.UpcallStubFactory; ++import jdk.internal.foreign.abi.Binding; ++import jdk.internal.foreign.abi.CallingSequence; ++import jdk.internal.foreign.abi.CallingSequenceBuilder; ++import jdk.internal.foreign.abi.DowncallLinker; ++import jdk.internal.foreign.abi.LinkerOptions; ++import jdk.internal.foreign.abi.UpcallLinker; ++import jdk.internal.foreign.abi.SharedUtils; ++import jdk.internal.foreign.abi.VMStorage; ++import jdk.internal.foreign.Utils; ++ ++import java.lang.foreign.ValueLayout; ++import java.lang.invoke.MethodHandle; ++import java.lang.invoke.MethodType; ++import java.util.List; ++import java.util.Map; ++import java.util.Optional; ++ ++import static jdk.internal.foreign.abi.s390.linux.TypeClass.*; ++import static jdk.internal.foreign.abi.s390.S390Architecture.*; ++import static jdk.internal.foreign.abi.s390.S390Architecture.Regs.*; ++ ++/** ++ * For the S390 C ABI specifically, this class uses CallingSequenceBuilder ++ * to translate a C FunctionDescriptor into a CallingSequence, which can then be turned into a MethodHandle. ++ * ++ * This includes taking care of synthetic arguments like pointers to return buffers for 'in-memory' returns. ++ */ ++public class LinuxS390CallArranger { ++ ++ private static final int STACK_SLOT_SIZE = 8; ++ public static final int MAX_REGISTER_ARGUMENTS = 5; ++ public static final int MAX_FLOAT_REGISTER_ARGUMENTS = 4; ++ ++ private static final ABIDescriptor CLinux = abiFor( ++ new VMStorage[] { r2, r3, r4, r5, r6, }, // GP input ++ new VMStorage[] { f0, f2, f4, f6 }, // FP input ++ new VMStorage[] { r2, }, // GP output ++ new VMStorage[] { f0, }, // FP output ++ new VMStorage[] { r0, r1, r2, r3, r4, r5, r14 }, // volatile GP ++ new VMStorage[] { f1, f3, f5, f7 }, // volatile FP (excluding argument registers) ++ 8, // Stack is always 8 byte aligned on S390 ++ 160, // ABI header ++ r0, r1 // scratch reg r0 & r1 ++ ); ++ ++ public record Bindings(CallingSequence callingSequence, boolean isInMemoryReturn) {} ++ ++ public static Bindings getBindings(MethodType mt, FunctionDescriptor cDesc, boolean forUpcall) { ++ return getBindings(mt, cDesc, forUpcall, LinkerOptions.empty()); ++ } ++ ++ public static Bindings getBindings(MethodType mt, FunctionDescriptor cDesc, boolean forUpcall, LinkerOptions options) { ++ CallingSequenceBuilder csb = new CallingSequenceBuilder(CLinux, forUpcall, options); ++ ++ BindingCalculator argCalc = forUpcall ? new BoxBindingCalculator(true) : new UnboxBindingCalculator(true); ++ BindingCalculator retCalc = forUpcall ? new UnboxBindingCalculator(false) : new BoxBindingCalculator(false); ++ ++ boolean returnInMemory = isInMemoryReturn(cDesc.returnLayout()); ++ if (returnInMemory) { ++ Class carrier = MemorySegment.class; ++ MemoryLayout layout =SharedUtils.C_POINTER; ++ csb.addArgumentBindings(carrier, layout, argCalc.getBindings(carrier, layout)); ++ } else if (cDesc.returnLayout().isPresent()) { ++ Class carrier = mt.returnType(); ++ MemoryLayout layout = cDesc.returnLayout().get(); ++ csb.setReturnBindings(carrier, layout, retCalc.getBindings(carrier, layout)); ++ } ++ ++ for (int i = 0; i < mt.parameterCount(); i++) { ++ Class carrier = mt.parameterType(i); ++ MemoryLayout layout = cDesc.argumentLayouts().get(i); ++ csb.addArgumentBindings(carrier, layout, argCalc.getBindings(carrier, layout)); ++ } ++ ++ return new Bindings(csb.build(), returnInMemory); ++ } ++ ++ public static MethodHandle arrangeDowncall(MethodType mt, FunctionDescriptor cDesc, LinkerOptions options) { ++ Bindings bindings = getBindings(mt, cDesc, false, options); ++ ++ MethodHandle handle = new DowncallLinker(CLinux, bindings.callingSequence).getBoundMethodHandle(); ++ ++ if (bindings.isInMemoryReturn) { ++ handle = SharedUtils.adaptDowncallForIMR(handle, cDesc, bindings.callingSequence); ++ } ++ ++ return handle; ++ } ++ ++ public static UpcallStubFactory arrangeUpcall(MethodType mt, FunctionDescriptor cDesc, LinkerOptions options) { ++ Bindings bindings = getBindings(mt, cDesc, true, options); ++ ++ final boolean dropReturn = true; /* drop return, since we don't have bindings for it */ ++ return SharedUtils.arrangeUpcallHelper(mt, bindings.isInMemoryReturn, dropReturn, CLinux, ++ bindings.callingSequence); ++ } ++ ++ private static boolean isInMemoryReturn(Optional returnLayout) { ++ return returnLayout ++ .filter(layout -> layout instanceof GroupLayout) ++ .isPresent(); ++ } ++ ++ static class StorageCalculator { ++ private final boolean forArguments; ++ ++ private final int[] nRegs = new int[] { 0, 0 }; ++ private long stackOffset = 0; ++ ++ public StorageCalculator(boolean forArguments) { ++ this.forArguments = forArguments; ++ } ++ ++ VMStorage stackAlloc(long size, long alignment) { ++ long alignedStackOffset = Utils.alignUp(stackOffset, alignment); ++ ++ short encodedSize = (short) size; ++ assert (encodedSize & 0xFFFF) == size; ++ ++ VMStorage storage = stackStorage(encodedSize, (int) alignedStackOffset); ++ stackOffset = alignedStackOffset + size; ++ return storage; ++ } ++ ++ VMStorage regAlloc(int type) { ++ int gpRegCnt = (type == StorageType.INTEGER) ? 1 : 0; ++ int fpRegCnt = (type == StorageType.FLOAT) ? 1 : 0; ++ ++ // Use stack if not enough registers available. ++ if ((type == StorageType.FLOAT && (nRegs[StorageType.FLOAT] + fpRegCnt) > MAX_FLOAT_REGISTER_ARGUMENTS) ++ || (type == StorageType.INTEGER && (nRegs[StorageType.INTEGER] + gpRegCnt) > MAX_REGISTER_ARGUMENTS)) return null; ++ ++ VMStorage[] source = (forArguments ? CLinux.inputStorage : CLinux.outputStorage)[type]; ++ VMStorage result = source[nRegs[type]]; ++ ++ nRegs[StorageType.INTEGER] += gpRegCnt; ++ nRegs[StorageType.FLOAT] += fpRegCnt; ++ return result; ++ ++ } ++ VMStorage getStorage(int type, boolean is32Bit) { ++ VMStorage reg = regAlloc(type); ++ if (reg != null) { ++ if (is32Bit) { ++ reg = new VMStorage(reg.type(), REG32_MASK, reg.indexOrOffset()); ++ } ++ return reg; ++ } ++ VMStorage stack; ++ if (is32Bit) { ++ stackAlloc(4, STACK_SLOT_SIZE); // Skip first half of stack slot. ++ stack = stackAlloc(4, 4); ++ } else ++ stack = stackAlloc(8, STACK_SLOT_SIZE); ++ ++ return stack; ++ } ++ } ++ ++ abstract static class BindingCalculator { ++ protected final StorageCalculator storageCalculator; ++ ++ protected BindingCalculator(boolean forArguments) { ++ this.storageCalculator = new LinuxS390CallArranger.StorageCalculator(forArguments); ++ } ++ ++ abstract List getBindings(Class carrier, MemoryLayout layout); ++ } ++ ++ // Compute recipe for transferring arguments / return values to C from Java. ++ static class UnboxBindingCalculator extends BindingCalculator { ++ UnboxBindingCalculator(boolean forArguments) { ++ super(forArguments); ++ } ++ ++ @Override ++ List getBindings(Class carrier, MemoryLayout layout) { ++ TypeClass argumentClass = TypeClass.classifyLayout(layout); ++ Binding.Builder bindings = Binding.builder(); ++ switch (argumentClass) { ++ case STRUCT_REGISTER -> { ++ assert carrier == MemorySegment.class; ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ Class type = SharedUtils.primitiveCarrierForSize(layout.byteSize(), false); ++ bindings.bufferLoad(0, type) ++ .vmStore(storage, type); ++ } ++ case STRUCT_SFA -> { ++ assert carrier == MemorySegment.class; ++ VMStorage storage = storageCalculator.getStorage(StorageType.FLOAT, layout.byteSize() == 4); ++ Class type = SharedUtils.primitiveCarrierForSize(layout.byteSize(), true); ++ bindings.bufferLoad(0, type) ++ .vmStore(storage, type); ++ } ++ case STRUCT_REFERENCE -> { ++ assert carrier == MemorySegment.class; ++ bindings.copy(layout) ++ .unboxAddress(); ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ bindings.vmStore(storage, long.class); ++ } ++ case POINTER -> { ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ bindings.unboxAddress() ++ .vmStore(storage, long.class); ++ } ++ case INTEGER -> { ++ // ABI requires all int types to get extended to 64 bit. ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ bindings.vmStore(storage, carrier); ++ } ++ case FLOAT -> { ++ VMStorage storage = storageCalculator.getStorage(StorageType.FLOAT, carrier == float.class); ++ bindings.vmStore(storage, carrier); ++ } ++ default -> throw new UnsupportedOperationException("Unhandled class " + argumentClass); ++ } ++ return bindings.build(); ++ } ++ } ++ ++ // Compute recipe for transferring arguments / return values from C to Java. ++ static class BoxBindingCalculator extends BindingCalculator { ++ BoxBindingCalculator(boolean forArguments) { ++ super(forArguments); ++ } ++ ++ @Override ++ List getBindings(Class carrier, MemoryLayout layout) { ++ TypeClass argumentClass = TypeClass.classifyLayout(layout); ++ Binding.Builder bindings = Binding.builder(); ++ switch (argumentClass) { ++ case STRUCT_REGISTER -> { ++ assert carrier == MemorySegment.class; ++ bindings.allocate(layout) ++ .dup(); ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ Class type = SharedUtils.primitiveCarrierForSize(layout.byteSize(), false); ++ bindings.vmLoad(storage, type) ++ .bufferStore(0, type); ++ } ++ case STRUCT_SFA -> { ++ assert carrier == MemorySegment.class; ++ bindings.allocate(layout) ++ .dup(); ++ VMStorage storage = storageCalculator.getStorage(StorageType.FLOAT, layout.byteSize() == 4); ++ Class type = SharedUtils.primitiveCarrierForSize(layout.byteSize(), true); ++ bindings.vmLoad(storage, type) ++ .bufferStore(0, type); ++ } ++ case STRUCT_REFERENCE -> { ++ assert carrier == MemorySegment.class; ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ bindings.vmLoad(storage, long.class) ++ .boxAddress(layout); ++ } ++ case POINTER -> { ++ AddressLayout addressLayout = (AddressLayout) layout; ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ bindings.vmLoad(storage, long.class) ++ .boxAddressRaw(Utils.pointeeByteSize(addressLayout), Utils.pointeeByteAlign(addressLayout)); ++ } ++ case INTEGER -> { ++ // We could use carrier != long.class for BoxBindingCalculator, but C always uses 64 bit slots. ++ VMStorage storage = storageCalculator.getStorage(StorageType.INTEGER, false); ++ bindings.vmLoad(storage, carrier); ++ } ++ case FLOAT -> { ++ VMStorage storage = storageCalculator.getStorage(StorageType.FLOAT, carrier == float.class); ++ bindings.vmLoad(storage, carrier); ++ } ++ default -> throw new UnsupportedOperationException("Unhandled class " + argumentClass); ++ } ++ return bindings.build(); ++ } ++ } ++} +diff --git a/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/LinuxS390Linker.java b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/LinuxS390Linker.java +new file mode 100644 +index 00000000000..ac004b9e1e0 +--- /dev/null ++++ b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/LinuxS390Linker.java +@@ -0,0 +1,64 @@ ++/* ++ * Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2023 IBM Corp. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package jdk.internal.foreign.abi.s390.linux; ++ ++import jdk.internal.foreign.abi.AbstractLinker; ++import jdk.internal.foreign.abi.LinkerOptions; ++ ++import java.lang.foreign.FunctionDescriptor; ++import java.lang.invoke.MethodHandle; ++import java.lang.invoke.MethodType; ++import java.nio.ByteOrder; ++ ++public final class LinuxS390Linker extends AbstractLinker { ++ ++ public static LinuxS390Linker getInstance() { ++ final class Holder { ++ private static final LinuxS390Linker INSTANCE = new LinuxS390Linker(); ++ } ++ ++ return Holder.INSTANCE; ++ } ++ ++ private LinuxS390Linker() { ++ // Ensure there is only one instance ++ } ++ ++ @Override ++ protected MethodHandle arrangeDowncall(MethodType inferredMethodType, FunctionDescriptor function, LinkerOptions options) { ++ return LinuxS390CallArranger.arrangeDowncall(inferredMethodType, function, options); ++ } ++ ++ @Override ++ protected UpcallStubFactory arrangeUpcall(MethodType targetType, FunctionDescriptor function, LinkerOptions options) { ++ return LinuxS390CallArranger.arrangeUpcall(targetType, function, options); ++ } ++ ++ @Override ++ protected ByteOrder linkerByteOrder() { ++ return ByteOrder.BIG_ENDIAN; ++ } ++} +diff --git a/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/TypeClass.java b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/TypeClass.java +new file mode 100644 +index 00000000000..095cb2c08a8 +--- /dev/null ++++ b/src/java.base/share/classes/jdk/internal/foreign/abi/s390/linux/TypeClass.java +@@ -0,0 +1,126 @@ ++/* ++ * Copyright (c) 2022, 2023, Oracle and/or its affiliates. All rights reserved. ++ * Copyright (c) 2023 IBM Corp. All rights reserved. ++ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. ++ * ++ * This code is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License version 2 only, as ++ * published by the Free Software Foundation. Oracle designates this ++ * particular file as subject to the "Classpath" exception as provided ++ * by Oracle in the LICENSE file that accompanied this code. ++ * ++ * This code is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License ++ * version 2 for more details (a copy is included in the LICENSE file that ++ * accompanied this code). ++ * ++ * You should have received a copy of the GNU General Public License version ++ * 2 along with this work; if not, write to the Free Software Foundation, ++ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. ++ * ++ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA ++ * or visit www.oracle.com if you need additional information or have any ++ * questions. ++ */ ++package jdk.internal.foreign.abi.s390.linux; ++ ++import java.lang.foreign.GroupLayout; ++import java.lang.foreign.MemoryLayout; ++import java.lang.foreign.MemorySegment; ++import java.lang.foreign.SequenceLayout; ++import java.lang.foreign.ValueLayout; ++import java.util.List; ++import java.util.ArrayList; ++ ++public enum TypeClass { ++ STRUCT_REGISTER, ++ STRUCT_SFA, // Single Float Aggregate ++ STRUCT_REFERENCE, ++ POINTER, ++ INTEGER, ++ FLOAT; ++ ++ private static TypeClass classifyValueType(ValueLayout type) { ++ Class carrier = type.carrier(); ++ if (carrier == boolean.class || carrier == byte.class || carrier == char.class || ++ carrier == short.class || carrier == int.class || carrier == long.class) { ++ return INTEGER; ++ } else if (carrier == float.class || carrier == double.class) { ++ return FLOAT; ++ } else if (carrier == MemorySegment.class) { ++ return POINTER; ++ } else { ++ throw new IllegalStateException("Cannot get here: " + carrier.getName()); ++ } ++ } ++ ++ private static boolean isRegisterAggregate(MemoryLayout type) { ++ long byteSize = type.byteSize(); ++ if (byteSize > 8 || byteSize == 3 || byteSize == 5 || byteSize == 6 || byteSize == 7) ++ return false; ++ return true; ++ } ++ ++ static List scalarLayouts(GroupLayout gl) { ++ List out = new ArrayList<>(); ++ scalarLayoutsInternal(out, gl); ++ return out; ++ } ++ ++ private static void scalarLayoutsInternal(List out, GroupLayout gl) { ++ for (MemoryLayout member : gl.memberLayouts()) { ++ if (member instanceof GroupLayout memberGl) { ++ scalarLayoutsInternal(out, memberGl); ++ } else if (member instanceof SequenceLayout memberSl) { ++ for (long i = 0; i < memberSl.elementCount(); i++) { ++ out.add(memberSl.elementLayout()); ++ } ++ } else { ++ // padding or value layouts ++ out.add(member); ++ } ++ } ++ } ++ ++ static boolean isSingleFloatAggregate(MemoryLayout type) { ++ List scalarLayouts = scalarLayouts((GroupLayout) type); ++ ++ final int numElements = scalarLayouts.size(); ++ if (numElements > 1 || numElements == 0) ++ return false; ++ ++ MemoryLayout baseType = scalarLayouts.get(0); ++ ++ if (!(baseType instanceof ValueLayout)) ++ return false; ++ ++ TypeClass baseArgClass = classifyValueType((ValueLayout) baseType); ++ if (baseArgClass != FLOAT) ++ return false; ++ ++ return true; ++ } ++ ++ private static TypeClass classifyStructType(MemoryLayout layout) { ++ ++ if (!isRegisterAggregate(layout)) { ++ return TypeClass.STRUCT_REFERENCE; ++ } ++ ++ if (isSingleFloatAggregate(layout)) { ++ return TypeClass.STRUCT_SFA; ++ } ++ return TypeClass.STRUCT_REGISTER; ++ } ++ ++ public static TypeClass classifyLayout(MemoryLayout type) { ++ if (type instanceof ValueLayout) { ++ return classifyValueType((ValueLayout) type); ++ } else if (type instanceof GroupLayout) { ++ return classifyStructType(type); ++ } else { ++ throw new IllegalArgumentException("Unsupported layout: " + type); ++ } ++ } ++} +diff --git a/test/jdk/java/foreign/TestClassLoaderFindNative.java b/test/jdk/java/foreign/TestClassLoaderFindNative.java +index 3f5fec0c195..44ec8732ed4 100644 +--- a/test/jdk/java/foreign/TestClassLoaderFindNative.java ++++ b/test/jdk/java/foreign/TestClassLoaderFindNative.java +@@ -31,9 +31,10 @@ + import java.lang.foreign.Arena; + import java.lang.foreign.MemorySegment; + import java.lang.foreign.SymbolLookup; ++import java.nio.ByteOrder; + import org.testng.annotations.Test; + +-import static java.lang.foreign.ValueLayout.JAVA_BYTE; ++import static java.lang.foreign.ValueLayout.JAVA_INT; + import static org.testng.Assert.*; + + // FYI this test is run on 64-bit platforms only for now, +@@ -58,8 +59,8 @@ public class TestClassLoaderFindNative { + + @Test + public void testVariableSymbolLookup() { +- MemorySegment segment = SymbolLookup.loaderLookup().find("c").get().reinterpret(1); +- assertEquals(segment.get(JAVA_BYTE, 0), 42); ++ MemorySegment segment = SymbolLookup.loaderLookup().find("c").get().reinterpret(4); ++ assertEquals(segment.get(JAVA_INT, 0), 42); + } + + @Test +diff --git a/test/jdk/java/foreign/TestIllegalLink.java b/test/jdk/java/foreign/TestIllegalLink.java +index 677f0bce62f..5d8277a5d4c 100644 +--- a/test/jdk/java/foreign/TestIllegalLink.java ++++ b/test/jdk/java/foreign/TestIllegalLink.java +@@ -54,6 +54,7 @@ import static org.testng.Assert.fail; + public class TestIllegalLink extends NativeTestHelper { + + private static final boolean IS_SYSV = CABI.current() == CABI.SYS_V; ++ private static final boolean IS_LE = ByteOrder.nativeOrder() == ByteOrder.LITTLE_ENDIAN; + + private static final MemorySegment DUMMY_TARGET = MemorySegment.ofAddress(1); + private static final MethodHandle DUMMY_TARGET_MH = MethodHandles.empty(MethodType.methodType(void.class)); +@@ -113,27 +114,27 @@ public class TestIllegalLink extends NativeTestHelper { + { + FunctionDescriptor.of(MemoryLayout.sequenceLayout(2, C_INT)), + NO_OPTIONS, +- "Unsupported layout: [2:i4]" ++ IS_LE ? "Unsupported layout: [2:i4]" : "Unsupported layout: [2:I4]" + }, + { + FunctionDescriptor.ofVoid(MemoryLayout.sequenceLayout(2, C_INT)), + NO_OPTIONS, +- "Unsupported layout: [2:i4]" ++ IS_LE ? "Unsupported layout: [2:i4]" : "Unsupported layout: [2:I4]" + }, + { + FunctionDescriptor.ofVoid(C_INT.withByteAlignment(2)), + NO_OPTIONS, +- "Unsupported layout: 2%i4" ++ IS_LE ? "Unsupported layout: 2%i4" : "Unsupported layout: 2%I4" + }, + { + FunctionDescriptor.ofVoid(C_POINTER.withByteAlignment(2)), + NO_OPTIONS, +- "Unsupported layout: 2%a8" ++ IS_LE ? "Unsupported layout: 2%a8" : "Unsupported layout: 2%A8" + }, + { + FunctionDescriptor.ofVoid(ValueLayout.JAVA_CHAR.withByteAlignment(4)), + NO_OPTIONS, +- "Unsupported layout: 4%c2" ++ IS_LE ? "Unsupported layout: 4%c2" : "Unsupported layout: 4%C2" + }, + { + FunctionDescriptor.ofVoid(MemoryLayout.structLayout( +@@ -142,7 +143,7 @@ public class TestIllegalLink extends NativeTestHelper { + C_INT.withName("z").withByteAlignment(1) + ).withByteAlignment(1)), + NO_OPTIONS, +- "Unsupported layout: 1%s2" ++ IS_LE ? "Unsupported layout: 1%s2" : "Unsupported layout: 1%S2" + }, + { + FunctionDescriptor.ofVoid(MemoryLayout.structLayout( +@@ -152,7 +153,7 @@ public class TestIllegalLink extends NativeTestHelper { + C_INT.withName("z").withByteAlignment(1) + ))), + NO_OPTIONS, +- "Unsupported layout: 1%s2" ++ IS_LE ? "Unsupported layout: 1%s2" : "Unsupported layout: 1%S2" + }, + { + FunctionDescriptor.ofVoid(MemoryLayout.structLayout( +@@ -160,7 +161,7 @@ public class TestIllegalLink extends NativeTestHelper { + C_INT.withByteAlignment(1) + ))), + NO_OPTIONS, +- "Unsupported layout: 1%i4" ++ IS_LE ? "Unsupported layout: 1%i4" : "Unsupported layout: 1%I4" + }, + { + FunctionDescriptor.ofVoid(MemoryLayout.structLayout( +@@ -173,17 +174,17 @@ public class TestIllegalLink extends NativeTestHelper { + { + FunctionDescriptor.of(C_INT.withOrder(nonNativeOrder())), + NO_OPTIONS, +- "Unsupported layout: I4" ++ IS_LE ? "Unsupported layout: I4" : "Unsupported layout: i4" + }, + { + FunctionDescriptor.of(MemoryLayout.structLayout(C_INT.withOrder(nonNativeOrder()))), + NO_OPTIONS, +- "Unsupported layout: I4" ++ IS_LE ? "Unsupported layout: I4" : "Unsupported layout: i4" + }, + { + FunctionDescriptor.of(MemoryLayout.structLayout(MemoryLayout.sequenceLayout(C_INT.withOrder(nonNativeOrder())))), + NO_OPTIONS, +- "Unsupported layout: I4" ++ IS_LE ? "Unsupported layout: I4" : "Unsupported layout: i4" + }, + { + FunctionDescriptor.ofVoid(MemoryLayout.structLayout( +@@ -227,5 +228,4 @@ public class TestIllegalLink extends NativeTestHelper { + ? ByteOrder.BIG_ENDIAN + : ByteOrder.LITTLE_ENDIAN; + } +- + } +diff --git a/test/jdk/java/foreign/callarranger/platform/PlatformLayouts.java b/test/jdk/java/foreign/callarranger/platform/PlatformLayouts.java +index 1646063fb08..97856075bef 100644 +--- a/test/jdk/java/foreign/callarranger/platform/PlatformLayouts.java ++++ b/test/jdk/java/foreign/callarranger/platform/PlatformLayouts.java +@@ -305,5 +305,4 @@ public final class PlatformLayouts { + public static final AddressLayout C_POINTER = SharedUtils.C_POINTER; + + } +- + } diff --git a/openjdk_news.sh b/openjdk_news.sh index 560b356..386aa53 100755 --- a/openjdk_news.sh +++ b/openjdk_news.sh @@ -18,8 +18,8 @@ OLD_RELEASE=$1 NEW_RELEASE=$2 -SUBDIR=$3 -REPO=$4 +REPO=$3 +SUBDIR=$4 SCRIPT_DIR=$(dirname ${0}) if test "x${SUBDIR}" = "x"; then diff --git a/rh1648644-java_access_bridge_privileged_security.patch b/rh1648644-java_access_bridge_privileged_security.patch deleted file mode 100644 index 53026ad..0000000 --- a/rh1648644-java_access_bridge_privileged_security.patch +++ /dev/null @@ -1,20 +0,0 @@ ---- openjdk/src/java.base/share/conf/security/java.security -+++ openjdk/src/java.base/share/conf/security/java.security -@@ -304,6 +304,8 @@ - # - package.access=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # List of comma-separated packages that start with or equal this string -@@ -316,6 +318,8 @@ - # - package.definition=sun.misc.,\ - sun.reflect.,\ -+ org.GNOME.Accessibility.,\ -+ org.GNOME.Bonobo.,\ - - # - # Determines whether this properties file can be appended to diff --git a/sources b/sources index a5817fd..b2b5901 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openjdk-21+35.tar.xz) = 311e954cc8d28a336b85efc05baade8945fe5292ae2d91cc7ff71c6b3a1830b1a4b9fc641f87e68a4b3db175eb5c21a18664457715da9b37720c5d4b3eb67195 +SHA512 (openjdk-21.0.1+12.tar.xz) = 96513e1346dea623183ae68f88690aa7ea41d65f6a2499b7f9c08954643dd2a6f10d3f4f529fc34e00ff14e8c1bd3764ac78a5c669937a200c910ebcc74e782b From 26504dac4c5d1ddf0ec7e85199b12e54be85e259 Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Tue, 21 Nov 2023 16:02:43 +0100 Subject: [PATCH 11/15] restricted to java-arches --- java-latest-openjdk-portable.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index f487843..7bac98c 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -518,6 +518,13 @@ %global alternatives_requires %{_sbindir}/alternatives %endif +# x86 is no longer supported +%if 0%{?java_arches:1} +ExclusiveArch: %{java_arches} +%else +ExcludeArch: %{ix86} +%endif + # Portables have no repo (requires/provides), but these are awesome for orientation in spec # Also scriptlets are happily missing and files are handled old fashion # not-duplicated requires/provides/obsoletes for normal/debug packages From e4459f4dcc7ba596c3d140a04dd284ccaa1ead0a Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Wed, 22 Nov 2023 11:07:30 +0100 Subject: [PATCH 12/15] moved docs and miscs to release-only condition --- java-latest-openjdk-portable.spec | 34 ++++++++++++++++++------------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 7bac98c..3fa3abd 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -915,6 +915,7 @@ The %{origin_nice} %{featurever} runtime environment. %endif +%if %{include_normal_build} %package docs Summary: %{origin_nice} %{featurever} API documentation @@ -930,6 +931,7 @@ Summary: %{origin_nice} %{featurever} miscellany %description misc The %{origin_nice} %{featurever} miscellany. +%endif %package sources Summary: %{origin_nice} %{featurever} full patched sources of portable JDK @@ -1302,7 +1304,6 @@ function packagejdk() { echo "Packaging build from ${imagesdir} to ${packagesdir}..." mkdir -p ${packagesdir} - pushd ${imagesdir} if [ "x$suffix" = "x" ] ; then nameSuffix="" @@ -1318,10 +1319,11 @@ function packagejdk() { staticarchive=${packagesdir}/%{staticlibsportablearchive -- "$nameSuffix"} debugarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.debuginfo"} unstrippedarchive=${packagesdir}/%{jdkportablearchive -- "${nameSuffix}.unstripped"} - # We only use docs for the release build - docname=%{docportablename} - docarchive=${packagesdir}/%{docportablearchive} - built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip + if [ "x$suffix" = "x" ] ; then + docname=%{docportablename} + docarchive=${packagesdir}/%{docportablearchive} + built_doc_archive=jdk-%{filever}%{ea_designator_zip}+%{buildver}%{lts_designator_zip}-docs.zip + fi # These are from the source tree so no debug variants miscname=%{miscportablename} miscarchive=${packagesdir}/%{miscportablearchive} @@ -1661,15 +1663,16 @@ for suffix in %{build_loop} ; do fi done -# These definitions should match those in installjdk -# Install outside the loop as there are no debug variants -docarchive=${packagesdir}/%{docportablearchive} -miscarchive=${packagesdir}/%{miscportablearchive} - -mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/ -mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ -mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/ -mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ + if [ "x$suffix" = "x" ] ; then + # These definitions should match those in installjdk + # Install outside the loop as there are no debug variants + docarchive=${packagesdir}/%{docportablearchive} + miscarchive=${packagesdir}/%{miscportablearchive} + mv ${docarchive} $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${docarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${miscarchive} $RPM_BUILD_ROOT%{_jvmdir}/ + mv ${miscarchive}.sha256sum $RPM_BUILD_ROOT%{_jvmdir}/ + fi # To show sha in the build log for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do @@ -1744,6 +1747,7 @@ done %{_jvmdir}/%{jdkportablesourcesarchiveForFiles} %{_jvmdir}/%{jdkportablesourcesarchiveForFiles}.sha256sum +%if %{include_normal_build} %files docs %{_jvmdir}/%{docportablearchive} %{_jvmdir}/%{docportablearchive}.sha256sum @@ -1751,6 +1755,7 @@ done %files misc %{_jvmdir}/%{miscportablearchive} %{_jvmdir}/%{miscportablearchive}.sha256sum +%endif %changelog * Wed Nov 22 2023 Jiri Vanek - 1:21.0.1.0.12-2.rolling @@ -1765,6 +1770,7 @@ done - removed no longer needed jdk8296108-tzdata2022f.patch, jdk8296715-cldr2022f.patch, rh1648644-java_access_bridge_privileged_security.patch - added jdk8311630-s390_ffmapi.patch to support virtual threads on s390x - aligned fips-21u-75ffdc48eda.patch (gnu_andrew) +- fixed '--without release' build-ability by moving docs and misc to if-release only * Wed Sep 20 2023 Jiri Vanek - 1:21.0.0.0.35-4.rolling - removed %{1} from miscportablename From 0066a17fe1b16dab26edc793cd2a65c5e6fdf2d8 Mon Sep 17 00:00:00 2001 From: Jiri Date: Thu, 23 Nov 2023 15:14:16 +0100 Subject: [PATCH 13/15] cosmetic changes removed unused macros better comments more quotings --- java-latest-openjdk-portable.spec | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 3fa3abd..96d8be9 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -1,3 +1,8 @@ +%if (0%{?rhel} > 0 && 0%{?rhel} < 8) +# portable jdk 17 specific bug, _jvmdir being missing +%define _jvmdir /usr/lib/jvm +%endif + # debug_package %%{nil} is portable-jdks specific %define debug_package %{nil} @@ -145,7 +150,7 @@ %global zgc_arches x86_64 # Set of architectures for which alt-java has SSB mitigation %global ssbd_arches x86_64 -# Set of architectures for which java has short vector math library (libsvml.so) +# Set of architectures for which java has short vector math library (libjsvml.so) %global svml_arches x86_64 # Set of architectures where we verify backtraces with gdb # s390x fails on RHEL 7 so we exclude it there @@ -428,10 +433,6 @@ # images directories from upstream build %global jdkimage jdk %global static_libs_image static-libs -# installation directory for static libraries -%global static_libs_root lib/static -%global static_libs_arch_dir %{static_libs_root}/linux-%{archinstall} -%global static_libs_install_dir %{static_libs_arch_dir}/glibc # output dir stub %define buildoutputdir() %{expand:build/jdk%{featurever}.build%{?1}} %define installoutputdir() %{expand:install/jdk%{featurever}.install%{?1}} @@ -739,7 +740,7 @@ BuildRequires: libXtst-devel # Requirement for setting up nss.fips.cfg BuildRequires: nss-devel # Requirement for system security property test -#N/A +# N/A for portable. RHEL7 doesn't provide them #BuildRequires: crypto-policies BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel @@ -750,13 +751,16 @@ BuildRequires: unzip %if (0%{?rhel} > 0 && 0%{?rhel} < 8) # No javapackages-filesystem on el7,nor is needed for portables %else -BuildRequires: javapackages-filesystem +# BuildRequires: javapackages-filesystem BuildRequires: java-latest-openjdk-devel %endif # Zero-assembler build requirement %ifarch %{zero_arches} BuildRequires: libffi-devel %endif +# Full documentation build requirements +BuildRequires: graphviz +BuildRequires: pandoc # 2023c required as of JDK-8305113 BuildRequires: tzdata-java >= 2023c # cacerts build requirement in portable mode @@ -1117,7 +1121,7 @@ function buildjdk() { %endif --with-version-build=%{buildver} \ --with-version-pre="%{ea_designator}" \ - --with-version-opt=%{lts_designator} \ + --with-version-opt="%{lts_designator}" \ --with-vendor-version-string="%{oj_vendor_version}" \ --with-vendor-name="%{oj_vendor}" \ --with-vendor-url="%{oj_vendor_url}" \ @@ -1520,7 +1524,6 @@ if ! nm %{altjavaoutputdir}/%{alt_java_name} | grep prctl ; then true ; else fal # Check translations are available for new timezones (during flatpak builds, the # tzdb.dat used by this test is not where the test expects it, so this is # disabled for flatpak builds) -# Disable test until we are on the latest JDK $JAVA_HOME/bin/javac -d . %{SOURCE18} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE $JAVA_HOME/bin/java -Djava.locale.providers=CLDR $(echo $(basename %{SOURCE18})|sed "s|\.java||") CLDR From 8a7656ebac6a9ffd64a3dba70a0366b699915bfd Mon Sep 17 00:00:00 2001 From: Jiri Date: Wed, 29 Nov 2023 11:09:35 +0100 Subject: [PATCH 14/15] redirected bugs to non portable compoment --- java-latest-openjdk-portable.spec | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 96d8be9..19b80f7 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -360,11 +360,11 @@ # Define what url should JVM offer in case of a crash report # order may be important, epel may have rhel declared %if 0%{?epel} -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{name}&version=epel%{epel} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{component}&version=epel%{epel} %else %if 0%{?fedora} # Does not work for rawhide, keeps the version field empty -%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{name}&version=%{fedora} +%global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} %else %if 0%{?rhel} %global oj_vendor_bug_url https://access.redhat.com/support/cases/ @@ -550,6 +550,10 @@ ExcludeArch: %{ix86} # Prevent brp-java-repack-jars from being run %global __jar_repack 0 +# portables have grown out of its component, moving back to java-x-vendor +# this expression, when declared as global, filled component with java-x-vendor portable +%define component %(echo %{name} | sed "s;-portable;;g") + Name: java-latest-%{origin}-portable Version: %{newjavaver}.%{buildver} # This package needs `.rolling` as part of Release so as to not conflict on install with @@ -567,11 +571,6 @@ Release: %{?eaprefix}%{rpmrelease}%{?extraver}.rolling%{?dist} # provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". Epoch: 1 - -# portables have grown out of its component, moving back to java-x-vendor -# this expression, when declared as global, filled component with java-x-vendor portable -%define component %(echo %{name} | sed "s;-portable;;g") - Summary: %{origin_nice} %{featurever} Runtime Environment portable edition # Groups are only used up to RHEL 8 and on Fedora versions prior to F30 %if (0%{?rhel} > 0 && 0%{?rhel} <= 8) || (0%{?fedora} >= 0 && 0%{?fedora} < 30) @@ -991,7 +990,6 @@ if [ $prioritylength -ne 8 ] ; then fi # OpenJDK patches - %if %{system_libs} # Remove libraries that are linked by both static and dynamic builds sh %{SOURCE12} %{top_level_dir_name} @@ -1307,7 +1305,6 @@ function packagejdk() { pushd ${imagesdir} echo "Packaging build from ${imagesdir} to ${packagesdir}..." - mkdir -p ${packagesdir} if [ "x$suffix" = "x" ] ; then nameSuffix="" @@ -1404,7 +1401,6 @@ packFullPatchedSources %endif for suffix in %{build_loop} ; do - if [ "x$suffix" = "x" ] ; then debugbuild=release else @@ -1484,7 +1480,7 @@ export JAVA_HOME=${top_dir_abs_main_build_path}/images/%{jdkimage} # Check Shenandoah is enabled %if %{use_shenandoah_hotspot} -$JAVA_HOME/bin/java -XX:+UnlockExperimentalVMOptions -XX:+UseShenandoahGC -version +$JAVA_HOME/bin/java -XX:+UseShenandoahGC -version %endif # Check unlimited policy has been used @@ -1684,7 +1680,6 @@ for file in `ls $RPM_BUILD_ROOT%{_jvmdir}/*.sha256sum` ; do done %if %{include_normal_build} - %files # main package builds always %{_jvmdir}/%{jreportablearchiveForFiles} From 4b38c2140b8a5c59e1d4807ec91cb88dd8ec12d5 Mon Sep 17 00:00:00 2001 From: Jiri Vanek Date: Wed, 29 Nov 2023 18:03:42 +0100 Subject: [PATCH 15/15] removed duplicated info line --- java-latest-openjdk-portable.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/java-latest-openjdk-portable.spec b/java-latest-openjdk-portable.spec index 19b80f7..c7fbdd7 100644 --- a/java-latest-openjdk-portable.spec +++ b/java-latest-openjdk-portable.spec @@ -1304,8 +1304,6 @@ function packagejdk() { mkdir -p ${packagesdir} pushd ${imagesdir} - echo "Packaging build from ${imagesdir} to ${packagesdir}..." - if [ "x$suffix" = "x" ] ; then nameSuffix="" else