diff --git a/SOURCES/0001-Disable-SecurityManager-for-Java-18.patch b/SOURCES/0001-Disable-SecurityManager-for-Java-18.patch new file mode 100644 index 0000000..8bb3898 --- /dev/null +++ b/SOURCES/0001-Disable-SecurityManager-for-Java-18.patch @@ -0,0 +1,596 @@ +From e00b30674254bb4fc31ad2114eec808791b0d1dc Mon Sep 17 00:00:00 2001 +From: Marián Konček +Date: Wed, 16 Oct 2024 13:06:34 +0200 +Subject: [PATCH] Disable SecurityManager for Java 18+ + +Upstream: +* https://github.com/apache/ant/commit/689b6ea90ee1fbad580a437137d80609c9336f12 +* https://github.com/apache/ant/commit/e2c68c4931dee7141385af671c4358e511f7c4d7 +* https://github.com/apache/ant/commit/2821ba0d14f932df056e89afa7217e09d5eab270 +* https://github.com/apache/ant/commit/3c03f542411614a07bce7f5cc86ca4da0af39624 + +--- + apache-ant-1.10.9/manual/Tasks/java.html | 10 +++- + apache-ant-1.10.9/manual/Tasks/junit.html | 8 +++ + .../manual/Types/permissions.html | 12 ++++ + .../main/org/apache/tools/ant/MagicNames.java | 11 ++++ + .../tools/ant/taskdefs/ExecuteJava.java | 4 +- + .../org/apache/tools/ant/taskdefs/Java.java | 3 +- + .../ant/taskdefs/condition/JavaVersion.java | 40 +++++++++++-- + .../apache/tools/ant/types/Permissions.java | 43 +++++++++++++- + .../tools/ant/util/SecurityManagerUtil.java | 57 +++++++++++++++++++ + .../util/optional/NoExitSecurityManager.java | 2 + + .../apache/tools/ant/taskdefs/JavaTest.java | 19 ++++++- + .../taskdefs/optional/TraXLiaisonTest.java | 10 ++++ + .../junit/XMLResultAggregatorTest.java | 7 +++ + .../tools/ant/types/PermissionsTest.java | 12 +++- + 14 files changed, 226 insertions(+), 12 deletions(-) + create mode 100644 apache-ant-1.10.9/src/main/org/apache/tools/ant/util/SecurityManagerUtil.java + +diff --git a/manual/Tasks/java.html b/manual/Tasks/java.html +index 98c4bd3..58e5933 100644 +--- a/manual/Tasks/java.html ++++ b/manual/Tasks/java.html +@@ -28,7 +28,9 @@ +

Description

+

Executes a Java class within the running (Apache Ant) JVM or forks another JVM if specified.

+

If odd things go wrong when you run this task, set fork=true to use a new +-JVM.

++JVM. It is necessary to set fork=true, if the class being launched by ++ this task or any libraries being used by that class, call APIs like ++ java.lang.System.exit() or java.lang.Runtime.exit().

+ +

Since Ant 1.6.3, you can interact with a forked JVM, as well as sending input to it via + the input and inputstring attributes.

+@@ -259,13 +261,17 @@ about exec

+ +

Since Ant 1.6.

+ ++

Note:
This element is no longer supported when running on Java 18 and ++ higher versions. See permissions for details

++ +

Security permissions can be revoked and granted during the execution of the class via a + nested permissions element. For more information please + see permissions.

+

When the permission RuntimePermission exitVM has not been granted (or has been + revoked) the System.exit() call will be intercepted and treated like indicated + in failonerror.

+-

Note:
If you do not specify permissions, a set of default permissions will ++

Note:
When running on Java runtime versions lesser than 18, ++ if you do not specify permissions, a set of default permissions will + be added to your Java invocation to make sure that the Ant run will continue or terminated as + indicated by failonerror. All permissions not granted per default will be checked by + whatever security manager was already in place. exitVM will be disallowed.

+diff --git a/manual/Tasks/junit.html b/manual/Tasks/junit.html +index f0e5c95..7a34680 100644 +--- a/manual/Tasks/junit.html ++++ b/manual/Tasks/junit.html +@@ -33,6 +33,11 @@ no JUnit4TestAdapter.

+

Note: This task depends on external libraries not included + in the Apache Ant distribution. See + Library Dependencies for more information.

++ ++

Note: It is necessary to set fork=true, if the test(s) ++ being launched by this task or any libraries being used by the test(s), call APIs like ++java.lang.System.exit() or java.lang.Runtime.exit().

++ +

Note: You must have junit.jar available. You can do one of:

+
    +
  1. Put both junit.jar and ant-junit.jar +@@ -294,6 +299,9 @@ is false or the target JVM doesn't support it (i.e. Java 1.1).

    + +

    Since Ant 1.6.

    + ++

    Note:
    This element is no longer supported when running on Java 18 and ++ higher versions. See permissions for details

    ++ +

    Security permissions can be revoked and granted during the execution of the class via a + nested permissions element. For more information please + see permissions

    +diff --git a/manual/Types/permissions.html b/manual/Types/permissions.html +index 6118ab5..b0c7e89 100644 +--- a/manual/Types/permissions.html ++++ b/manual/Types/permissions.html +@@ -25,6 +25,18 @@ + + +

    Permissions

    ++

    Note: Permissions requires the use of Java SecurityManager. ++ Java version 17 deprecated SecurityManager for removal and Java 18 and higher versions, by ++ default, disallow setting SecurityManager at runtime. Permissions is thus no longer ++ supported when used in Java 18 or higher versions. Using it in those Java runtime versions ++ will throw a org.apache.tools.ant.BuildException. Throwing of ++ BuildException can be relaxed by setting the ++ ant.securitymanager.usage.warn system or Ant property to true, ++ which will then cause a warning to be logged instead of the exception being thrown. Even when ++ ant.securitymanager.usage.warn is set to true, ++ SecurityManager usage will still be disabled and no security checks will be performed. ++ It is recommended to no longer use <permissions>

    ++ +

    Permissions represents a set of security permissions granted or revoked to a specific part + code executed in the JVM where Apache Ant is running in. The actual Permissions are specified + via a set of nested permission items either <grant>ed +diff --git a/src/main/org/apache/tools/ant/MagicNames.java b/src/main/org/apache/tools/ant/MagicNames.java +index 12fbcf7..4e3b873 100644 +--- a/src/main/org/apache/tools/ant/MagicNames.java ++++ b/src/main/org/apache/tools/ant/MagicNames.java +@@ -359,5 +359,16 @@ public final class MagicNames { + */ + public static final String DISABLE_NASHORN_COMPAT = "ant.disable.graal.nashorn.compat"; + ++ /** ++ * When running on Java 18 or higher runtime, Ant will throw a {@link BuildException} ++ * if the {@linkplain org.apache.tools.ant.types.Permissions } type is used. ++ * Set this property to {@code true} to disable throwing an exception and instead just log a ++ * warning message. ++ * ++ * Value: {@value} ++ * @since Ant 1.10.14 ++ */ ++ public static final String WARN_SECURITY_MANAGER_USAGE = "ant.securitymanager.usage.warn"; ++ + } + +diff --git a/src/main/org/apache/tools/ant/taskdefs/ExecuteJava.java b/src/main/org/apache/tools/ant/taskdefs/ExecuteJava.java +index 0964c91..cb0d125 100644 +--- a/src/main/org/apache/tools/ant/taskdefs/ExecuteJava.java ++++ b/src/main/org/apache/tools/ant/taskdefs/ExecuteJava.java +@@ -211,9 +211,11 @@ public class ExecuteJava implements Runnable, TimeoutObserver { + @Override + public void run() { + final Object[] argument = {javaCommand.getArguments()}; ++ boolean restoreSecMgr = false; + try { + if (perm != null) { + perm.setSecurityManager(); ++ restoreSecMgr = true; + } + main.invoke(null, argument); + } catch (InvocationTargetException e) { +@@ -224,7 +226,7 @@ public class ExecuteJava implements Runnable, TimeoutObserver { + } catch (Throwable t) { + caught = t; + } finally { +- if (perm != null) { ++ if (perm != null && restoreSecMgr) { + perm.restoreSecurityManager(); + } + synchronized (this) { +diff --git a/src/main/org/apache/tools/ant/taskdefs/Java.java b/src/main/org/apache/tools/ant/taskdefs/Java.java +index 7acdad4..d92fbf6 100644 +--- a/src/main/org/apache/tools/ant/taskdefs/Java.java ++++ b/src/main/org/apache/tools/ant/taskdefs/Java.java +@@ -38,6 +38,7 @@ import org.apache.tools.ant.types.PropertySet; + import org.apache.tools.ant.types.RedirectorElement; + import org.apache.tools.ant.types.Reference; + import org.apache.tools.ant.util.KeepAliveInputStream; ++import org.apache.tools.ant.util.SecurityManagerUtil; + import org.apache.tools.ant.util.StringUtils; + + /** +@@ -202,7 +203,7 @@ public class Java extends Task { + log("bootclasspath ignored when same JVM is used.", + Project.MSG_WARN); + } +- if (perm == null) { ++ if (perm == null && SecurityManagerUtil.isSetSecurityManagerAllowed()) { + perm = new Permissions(true); + log("running " + this.getCommandLine().getClassname() + + " with default permissions (exit forbidden)", Project.MSG_VERBOSE); +diff --git a/src/main/org/apache/tools/ant/taskdefs/condition/JavaVersion.java b/src/main/org/apache/tools/ant/taskdefs/condition/JavaVersion.java +index e121c30..831d53b 100644 +--- a/src/main/org/apache/tools/ant/taskdefs/condition/JavaVersion.java ++++ b/src/main/org/apache/tools/ant/taskdefs/condition/JavaVersion.java +@@ -27,6 +27,7 @@ import org.apache.tools.ant.util.JavaEnvUtils; + */ + public class JavaVersion implements Condition { + ++ private String atMost = null; + private String atLeast = null; + private String exactly = null; + +@@ -44,16 +45,19 @@ public class JavaVersion implements Condition { + if (null != exactly) { + return actual.isEqual(new DeweyDecimal(exactly)); + } ++ if (atMost != null) { ++ return actual.isLessThanOrEqual(new DeweyDecimal(atMost)); ++ } + //default + return false; + } + + private void validate() throws BuildException { +- if (atLeast != null && exactly != null) { +- throw new BuildException("Only one of atleast or exactly may be set."); ++ if (atLeast != null && exactly != null && atMost != null) { ++ throw new BuildException("Only one of atleast or atmost or exactly may be set."); + } +- if (null == atLeast && null == exactly) { +- throw new BuildException("One of atleast or exactly must be set."); ++ if (null == atLeast && null == exactly && atMost == null) { ++ throw new BuildException("One of atleast or atmost or exactly must be set."); + } + if (atLeast != null) { + try { +@@ -64,6 +68,14 @@ public class JavaVersion implements Condition { + "The 'atleast' attribute is not a Dewey Decimal eg 1.1.0 : " + + atLeast); + } ++ } else if (atMost != null) { ++ try { ++ new DeweyDecimal(atMost); //NOSONAR ++ } catch (NumberFormatException e) { ++ throw new BuildException( ++ "The 'atmost' attribute is not a Dewey Decimal eg 1.1.0 : " ++ + atMost); ++ } + } else { + try { + // only created for side effect +@@ -94,6 +106,26 @@ public class JavaVersion implements Condition { + this.atLeast = atLeast; + } + ++ /** ++ * Get the atmost attribute. ++ * @return the atmost attribute. ++ * @since Ant 1.10.10 ++ */ ++ public String getAtMost() { ++ return atMost; ++ } ++ ++ /** ++ * Set the atmost attribute. ++ * This is of the form major.minor.point. ++ * For example 11.0.2 ++ * @param atMost the version to set ++ * @since Ant 1.10.10 ++ */ ++ public void setAtMost(String atMost) { ++ this.atMost = atMost; ++ } ++ + /** + * Get the exactly attribute. + * @return the exactly attribute. +diff --git a/src/main/org/apache/tools/ant/types/Permissions.java b/src/main/org/apache/tools/ant/types/Permissions.java +index 1d94388..eabd490 100644 +--- a/src/main/org/apache/tools/ant/types/Permissions.java ++++ b/src/main/org/apache/tools/ant/types/Permissions.java +@@ -30,11 +30,15 @@ import java.util.StringTokenizer; + + import org.apache.tools.ant.BuildException; + import org.apache.tools.ant.ExitException; ++import org.apache.tools.ant.Project; ++import org.apache.tools.ant.ProjectComponent; ++import org.apache.tools.ant.util.SecurityManagerUtil; + + /** + * This class implements a security manager meant for usage by tasks that run inside the + * Ant VM. An examples are the Java Task and JUnitTask. + * ++ *

    + * The basic functionality is that nothing (except for a base set of permissions) is allowed, unless + * the permission is granted either explicitly or implicitly. + * If a permission is granted this can be overruled by explicitly revoking the permission. +@@ -42,9 +46,13 @@ import org.apache.tools.ant.ExitException; + * It is not permissible to add permissions (either granted or revoked) while the Security Manager + * is active (after calling setSecurityManager() but before calling restoreSecurityManager()). + * ++ *

    ++ * Note: This class isn't supported in Java 18 and higher where {@link SecurityManager} has been ++ * deprecated for removal. ++ * + * @since Ant 1.6 + */ +-public class Permissions { ++public class Permissions extends ProjectComponent { + + private final List grantedPermissions = new LinkedList<>(); + private final List revokedPermissions = new LinkedList<>(); +@@ -95,9 +103,25 @@ public class Permissions { + * subject to these Permissions. Note that setting the SecurityManager too early may + * prevent your part from starting, as for instance changing classloaders may be prohibited. + * The classloader for the new situation is supposed to be present. ++ *

    ++ * This method is no longer supported in Java 18 and higher versions and throws a ++ * {@link BuildException}. {@link org.apache.tools.ant.MagicNames#WARN_SECURITY_MANAGER_USAGE} ++ * property can be set to {@code true} to log a warning message instead of throwing the exception. ++ * + * @throws BuildException on error + */ + public synchronized void setSecurityManager() throws BuildException { ++ if (!SecurityManagerUtil.isSetSecurityManagerAllowed()) { ++ final String msg = "Use of or " + Permissions.class.getName() ++ + " is disallowed in current Java runtime version"; ++ if (SecurityManagerUtil.warnOnSecurityManagerUsage(getProject())) { ++ // just log a warning ++ log("Security checks are disabled - " + msg, Project.MSG_WARN); ++ return; ++ } else { ++ throw new BuildException(msg); ++ } ++ } + origSm = System.getSecurityManager(); + init(); + System.setSecurityManager(new MySM()); +@@ -167,8 +191,23 @@ public class Permissions { + + /** + * To be used by tasks that just finished executing the parts subject to these permissions. ++ *

    ++ * This method is no longer supported in Java 18 and higher versions and throws a ++ * {@link BuildException}. {@link org.apache.tools.ant.MagicNames#WARN_SECURITY_MANAGER_USAGE} ++ * property can be set to {@code true} to log a warning message instead of throwing the exception. + */ +- public synchronized void restoreSecurityManager() { ++ public synchronized void restoreSecurityManager() throws BuildException { ++ if (!SecurityManagerUtil.isSetSecurityManagerAllowed()) { ++ final String msg = "Use of or " + Permissions.class.getName() ++ + " is disallowed in current Java runtime version"; ++ if (SecurityManagerUtil.warnOnSecurityManagerUsage(getProject())) { ++ // just log a warning ++ log("Security checks are disabled - " + msg, Project.MSG_WARN); ++ return; ++ } else { ++ throw new BuildException(msg); ++ } ++ } + active = false; + System.setSecurityManager(origSm); + } +diff --git a/src/main/org/apache/tools/ant/util/SecurityManagerUtil.java b/src/main/org/apache/tools/ant/util/SecurityManagerUtil.java +new file mode 100644 +index 0000000..836a7b8 +--- /dev/null ++++ b/src/main/org/apache/tools/ant/util/SecurityManagerUtil.java +@@ -0,0 +1,57 @@ ++/* ++ * Licensed to the Apache Software Foundation (ASF) under one or more ++ * contributor license agreements. See the NOTICE file distributed with ++ * this work for additional information regarding copyright ownership. ++ * The ASF licenses this file to You under the Apache License, Version 2.0 ++ * (the "License"); you may not use this file except in compliance with ++ * the License. You may obtain a copy of the License at ++ * ++ * https://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ * ++ */ ++package org.apache.tools.ant.util; ++ ++import org.apache.tools.ant.MagicNames; ++import org.apache.tools.ant.Project; ++ ++/** ++ * @since Ant 1.10.14 ++ */ ++public final class SecurityManagerUtil { ++ ++ private static final boolean isJava18OrHigher = JavaEnvUtils.isAtLeastJavaVersion("18"); ++ private static final boolean sysPropWarnOnSecMgrUsage = ++ Boolean.getBoolean(MagicNames.WARN_SECURITY_MANAGER_USAGE); ++ ++ /** ++ * {@return true if {@code SecurityManager} usage is allowed in current Java runtime. false ++ * otherwise} ++ */ ++ public static boolean isSetSecurityManagerAllowed() { ++ if (isJava18OrHigher) { ++ return false; ++ } ++ return true; ++ } ++ ++ /** ++ * {@return true if {@code SecurityManager} usage should only be logged as a warning. false ++ * otherwise} ++ */ ++ public static boolean warnOnSecurityManagerUsage(final Project project) { ++ if (project == null) { ++ return sysPropWarnOnSecMgrUsage; ++ } ++ final String val = project.getProperty(MagicNames.WARN_SECURITY_MANAGER_USAGE); ++ if (val == null) { ++ return sysPropWarnOnSecMgrUsage; ++ } ++ return Boolean.parseBoolean(val); ++ } ++} +diff --git a/src/main/org/apache/tools/ant/util/optional/NoExitSecurityManager.java b/src/main/org/apache/tools/ant/util/optional/NoExitSecurityManager.java +index 4df8ef0..f1559e9 100644 +--- a/src/main/org/apache/tools/ant/util/optional/NoExitSecurityManager.java ++++ b/src/main/org/apache/tools/ant/util/optional/NoExitSecurityManager.java +@@ -26,6 +26,8 @@ import org.apache.tools.ant.ExitException; + * The goal is to intercept System.exit calls and make it throw an + * exception instead so that a System.exit in a task does not + * fully terminate Ant. ++ *

    ++ * This class is no longer supported in Java runtime versions 18 and higher. + * + * @see ExitException + */ +diff --git a/src/tests/junit/org/apache/tools/ant/taskdefs/JavaTest.java b/src/tests/junit/org/apache/tools/ant/taskdefs/JavaTest.java +index 1265461..3faf3a6 100644 +--- a/src/tests/junit/org/apache/tools/ant/taskdefs/JavaTest.java ++++ b/src/tests/junit/org/apache/tools/ant/taskdefs/JavaTest.java +@@ -35,6 +35,7 @@ import org.apache.tools.ant.MagicNames; + import org.apache.tools.ant.input.DefaultInputHandler; + import org.apache.tools.ant.taskdefs.condition.JavaVersion; + import org.apache.tools.ant.util.FileUtils; ++import org.apache.tools.ant.util.JavaEnvUtils; + import org.apache.tools.ant.util.TeeOutputStream; + import org.junit.Assume; + import org.junit.AssumptionViolatedException; +@@ -72,6 +73,18 @@ public class JavaTest { + + private boolean runFatalTests = false; + ++ private static final boolean allowedToIssueSystemExit; ++ private static final String SKIP_MSG_CAUSE_SYSTEM_EXIT_USE = ++ "Skipping test on current Java version " + JavaEnvUtils.getJavaVersion() ++ + " because test calls System.exit() in non-forked VM"; ++ static { ++ final JavaVersion javaVersion = new JavaVersion(); ++ javaVersion.setAtMost("17"); ++ // don't run tests which call System.exit() on a non-forked VM because ++ // Ant no longer sets a custom SecurityManager to prevent the VM exit ++ // for Java versions >= 18 ++ allowedToIssueSystemExit = javaVersion.eval(); ++ } + + /** + * configure the project. +@@ -209,12 +222,14 @@ public class JavaTest { + @Test + public void testRunFail() { + assumeTrue("Fatal tests have not been set to run", runFatalTests); ++ assumeTrue(SKIP_MSG_CAUSE_SYSTEM_EXIT_USE, allowedToIssueSystemExit); + buildRule.executeTarget("testRunFail"); + } + + @Test + public void testRunFailFoe() { + assumeTrue("Fatal tests have not been set to run", runFatalTests); ++ assumeTrue(SKIP_MSG_CAUSE_SYSTEM_EXIT_USE, allowedToIssueSystemExit); + thrown.expect(BuildException.class); + thrown.expectMessage("Java returned:"); + buildRule.executeTarget("testRunFailFoe"); +@@ -273,12 +288,14 @@ public class JavaTest { + + @Test + public void testResultPropertyNonZeroNoFork() { ++ assumeTrue(SKIP_MSG_CAUSE_SYSTEM_EXIT_USE, allowedToIssueSystemExit); + buildRule.executeTarget("testResultPropertyNonZeroNoFork"); +- assertEquals("-1", buildRule.getProject().getProperty("exitcode")); ++ assertEquals("-1", buildRule.getProject().getProperty("exitcode")); + } + + @Test + public void testRunFailWithFailOnError() { ++ assumeTrue(SKIP_MSG_CAUSE_SYSTEM_EXIT_USE, allowedToIssueSystemExit); + thrown.expect(BuildException.class); + thrown.expectMessage("Java returned:"); + buildRule.executeTarget("testRunFailWithFailOnError"); +diff --git a/src/tests/junit/org/apache/tools/ant/taskdefs/optional/TraXLiaisonTest.java b/src/tests/junit/org/apache/tools/ant/taskdefs/optional/TraXLiaisonTest.java +index 9ea6089..4d69126 100644 +--- a/src/tests/junit/org/apache/tools/ant/taskdefs/optional/TraXLiaisonTest.java ++++ b/src/tests/junit/org/apache/tools/ant/taskdefs/optional/TraXLiaisonTest.java +@@ -35,7 +35,9 @@ import javax.xml.transform.TransformerFactoryConfigurationError; + import org.apache.tools.ant.BuildException; + import org.apache.tools.ant.taskdefs.XSLTLiaison; + import org.apache.tools.ant.taskdefs.XSLTLogger; ++import org.apache.tools.ant.taskdefs.condition.JavaVersion; + import org.apache.tools.ant.util.JAXPUtils; ++import org.apache.tools.ant.util.JavaEnvUtils; + import org.junit.After; + import org.junit.Test; + +@@ -60,6 +62,10 @@ public class TraXLiaisonTest extends AbstractXSLTLiaisonTest implements XSLTLogg + + @Test + public void testXalan2RedirectViaJDKFactory() throws Exception { ++ final JavaVersion javaVersion = new JavaVersion(); ++ javaVersion.setAtMost("17"); ++ assumeTrue("Test sets SecurityManager at runtime which is no longer supported" + ++ " on Java version: " + JavaEnvUtils.getJavaVersion(), javaVersion.eval()); + try { + getClass().getClassLoader().loadClass("org.apache.xalan.lib.Redirect"); + } catch (Exception exc) { +@@ -106,6 +112,10 @@ public class TraXLiaisonTest extends AbstractXSLTLiaisonTest implements XSLTLogg + + @Test + public void testXalan2RedirectViaXalan() throws Exception { ++ final JavaVersion javaVersion = new JavaVersion(); ++ javaVersion.setAtMost("17"); ++ assumeTrue("Test sets SecurityManager at runtime which is no longer supported" + ++ " on Java version: " + JavaEnvUtils.getJavaVersion(), javaVersion.eval()); + try { + getClass().getClassLoader().loadClass("org.apache.xalan.lib.Redirect"); + } catch (Exception exc) { +diff --git a/src/tests/junit/org/apache/tools/ant/taskdefs/optional/junit/XMLResultAggregatorTest.java b/src/tests/junit/org/apache/tools/ant/taskdefs/optional/junit/XMLResultAggregatorTest.java +index 802f572..301c339 100644 +--- a/src/tests/junit/org/apache/tools/ant/taskdefs/optional/junit/XMLResultAggregatorTest.java ++++ b/src/tests/junit/org/apache/tools/ant/taskdefs/optional/junit/XMLResultAggregatorTest.java +@@ -20,6 +20,7 @@ package org.apache.tools.ant.taskdefs.optional.junit; + + import static org.junit.Assert.assertTrue; + import static org.junit.Assume.assumeNoException; ++import static org.junit.Assume.assumeTrue; + + import java.io.File; + import java.io.FileOutputStream; +@@ -29,13 +30,19 @@ import java.security.Permission; + import org.apache.tools.ant.DefaultLogger; + import org.apache.tools.ant.Project; + import org.apache.tools.ant.taskdefs.Delete; ++import org.apache.tools.ant.taskdefs.condition.JavaVersion; + import org.apache.tools.ant.types.FileSet; ++import org.apache.tools.ant.util.JavaEnvUtils; + import org.junit.Test; + + public class XMLResultAggregatorTest { + + @Test + public void testFrames() throws Exception { ++ final JavaVersion javaVersion = new JavaVersion(); ++ javaVersion.setAtMost("17"); ++ assumeTrue("Test sets SecurityManager at runtime which is no longer supported" + ++ " on Java version: " + JavaEnvUtils.getJavaVersion(), javaVersion.eval()); + // For now, skip this test on JDK 6 (and below); see below for why: + try { + Class.forName("java.nio.file.Files"); +diff --git a/src/tests/junit/org/apache/tools/ant/types/PermissionsTest.java b/src/tests/junit/org/apache/tools/ant/types/PermissionsTest.java +index bbc7f1f..7578a25 100644 +--- a/src/tests/junit/org/apache/tools/ant/types/PermissionsTest.java ++++ b/src/tests/junit/org/apache/tools/ant/types/PermissionsTest.java +@@ -19,6 +19,8 @@ + package org.apache.tools.ant.types; + + import org.apache.tools.ant.ExitException; ++import org.apache.tools.ant.taskdefs.condition.JavaVersion; ++import org.apache.tools.ant.util.JavaEnvUtils; + import org.junit.After; + import org.junit.Before; + import org.junit.Rule; +@@ -27,6 +29,7 @@ import org.junit.rules.ExpectedException; + + import static org.hamcrest.Matchers.equalTo; + import static org.hamcrest.Matchers.hasProperty; ++import static org.junit.Assume.assumeTrue; + + /** + * JUnit 4 testcases for org.apache.tools.ant.types.Permissions. +@@ -40,6 +43,11 @@ public class PermissionsTest { + + @Before + public void setUp() { ++ final JavaVersion javaVersion = new JavaVersion(); ++ javaVersion.setAtMost("17"); ++ assumeTrue("org.apache.tools.ant.types.Permissions no longer supported on Java version: " ++ + JavaEnvUtils.getJavaVersion(), javaVersion.eval()); ++ + perms = new Permissions(); + Permissions.Permission perm = new Permissions.Permission(); + // Grant extra permissions to read and write the user.* properties and read to the +@@ -87,7 +95,9 @@ public class PermissionsTest { + + @After + public void tearDown() { +- perms.restoreSecurityManager(); ++ if (perms != null) { ++ perms.restoreSecurityManager(); ++ } + } + + /** Tests a permission that is granted per default. */ +-- +2.47.0 + diff --git a/SOURCES/apache-ant-1.8.ant.conf b/SOURCES/apache-ant-1.8.ant.conf index e169839..bff40df 100644 --- a/SOURCES/apache-ant-1.8.ant.conf +++ b/SOURCES/apache-ant-1.8.ant.conf @@ -17,4 +17,8 @@ else # ANT_HOME for rpm layout ANT_HOME=/usr/share/ant + + if [ -z "$JAVA_HOME" ] ; then + . /etc/java/ant.conf + fi fi diff --git a/SPECS/ant.spec b/SPECS/ant.spec index 47266f6..9f35cd7 100644 --- a/SPECS/ant.spec +++ b/SPECS/ant.spec @@ -34,7 +34,7 @@ Name: ant Version: 1.10.9 -Release: 8%{?dist} +Release: 11%{?dist} Summary: Java build tool Summary(it): Tool per la compilazione di programmi java Summary(fr): Outil de compilation pour java @@ -47,6 +47,7 @@ Source3: ant.asciidoc Patch0: %{name}-build.xml.patch Patch1: %{name}-openjdk-jpeg-cmyk.patch +Patch2: 0001-Disable-SecurityManager-for-Java-18.patch BuildRequires: asciidoc BuildRequires: xmlto @@ -79,11 +80,10 @@ BuildRequires: mvn(org.hamcrest:hamcrest-library) BuildRequires: junit5 %endif -# Theoretically Ant might be usable with just JRE, but typical Ant -# workflow requires full JDK, so we recommend it here. -Recommends: java-devel >= 1:1.8.0 - Requires: %{name}-lib = %{version}-%{release} +Requires: %{name}-jdk-binding = %{version}-%{release} +Suggests: %{name}-openjdk17 = %{version}-%{release} + # Require full javapackages-tools since the ant script uses # /usr/share/java-utils/java-functions Requires: javapackages-tools @@ -323,12 +323,61 @@ Javadoc pour %{name}. %endif +%package openjdk8 +Summary: OpenJDK 8 binding for Ant +RemovePathPostfixes: -openjdk8 +Provides: ant-jdk-binding = %{version}-%{release} +Requires: ant = %{version}-%{release} +Requires: java-1.8.0-openjdk-headless +Recommends: java-1.8.0-openjdk-devel +Conflicts: ant-jdk-binding + +%description openjdk8 +Configures Ant to run with OpenJDK 8. + +%package openjdk11 +Summary: OpenJDK 11 binding for Ant +RemovePathPostfixes: -openjdk11 +Provides: ant-jdk-binding = %{version}-%{release} +Requires: ant = %{version}-%{release} +Requires: java-11-openjdk-headless +Recommends: java-11-openjdk-devel +Conflicts: ant-jdk-binding + +%description openjdk11 +Configures Ant to run with OpenJDK 11. + +%package openjdk17 +Summary: OpenJDK 17 binding for Ant +RemovePathPostfixes: -openjdk17 +Provides: ant-jdk-binding = %{version}-%{release} +Requires: ant = %{version}-%{release} +Requires: java-17-openjdk-headless +Recommends: java-17-openjdk-devel +Conflicts: ant-jdk-binding + +%description openjdk17 +Configures Ant to run with OpenJDK 17. + +%package openjdk21 +Summary: OpenJDK 21 binding for Ant +RemovePathPostfixes: -openjdk21 +Provides: ant-jdk-binding = %{version}-%{release} +Requires: ant = %{version}-%{release} +Requires: java-21-openjdk-headless +Recommends: java-21-openjdk-devel +Conflicts: ant-jdk-binding + +%description openjdk21 +Configures Ant to run with OpenJDK 21. + # ----------------------------------------------------------------------------- %prep %setup -q -n apache-ant-%{version} -%patch0 -p0 -%patch1 -p1 +%patch -P 0 -p0 +%patch -P 1 -p1 +%patch -P 2 -p1 # clean jar files find . -name "*.jar" | xargs -t rm @@ -365,9 +414,9 @@ sed -e 's:/etc/ant.conf:%{_sysconfdir}/ant.conf:g' \ sed -i 's/jaxp_parser_impl//;s/xml-commons-apis//' src/script/ant # Fix file-not-utf8 rpmlint warning -iconv KEYS -f iso-8859-1 -t utf-8 -o KEYS.utf8 +iconv KEYS -f iso-8859-1 -t utf-8 >KEYS.utf8 mv KEYS.utf8 KEYS -iconv LICENSE -f iso-8859-1 -t utf-8 -o LICENSE.utf8 +iconv LICENSE -f iso-8859-1 -t utf-8 >LICENSE.utf8 mv LICENSE.utf8 LICENSE # We want a hard dep on antlr @@ -466,6 +515,20 @@ cp -p src/script/antRun $RPM_BUILD_ROOT%{ant_home}/bin/ mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} cp -p %{name}.conf $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.conf +# JDK bindings for ant.conf +install -d -m 755 $RPM_BUILD_ROOT%{_javaconfdir}/ +## For Java 1.8 prefer jvm +echo ' +if [ -d %{_jvmlibdir}/java-1.8.0-openjdk ]; then + JAVA_HOME=%{_jvmlibdir}/java-1.8.0-openjdk +else + JAVA_HOME=%{_jvmlibdir}/jre-1.8.0-openjdk +fi +' >$RPM_BUILD_ROOT%{_javaconfdir}/ant.conf-openjdk8 +echo 'JAVA_HOME=%{_jvmlibdir}/jre-11-openjdk' >$RPM_BUILD_ROOT%{_javaconfdir}/ant.conf-openjdk11 +echo 'JAVA_HOME=%{_jvmlibdir}/jre-17-openjdk' >$RPM_BUILD_ROOT%{_javaconfdir}/ant.conf-openjdk17 +echo 'JAVA_HOME=%{_jvmlibdir}/jre-21-openjdk' >$RPM_BUILD_ROOT%{_javaconfdir}/ant.conf-openjdk21 + # OPT_JAR_LIST fragments mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d echo "junit hamcrest/core ant/ant-junit" > $RPM_BUILD_ROOT%{_sysconfdir}/%{name}.d/junit @@ -635,9 +698,32 @@ LC_ALL=C.UTF-8 %{ant} -Doffline=true test %endif +%files openjdk8 +%config %{_javaconfdir}/%{name}.conf-openjdk8 + +%files openjdk11 +%config %{_javaconfdir}/%{name}.conf-openjdk11 + +%files openjdk17 +%config %{_javaconfdir}/%{name}.conf-openjdk17 + +%files openjdk21 +%config %{_javaconfdir}/%{name}.conf-openjdk21 + # ----------------------------------------------------------------------------- %changelog +* Thu Nov 21 2024 Marián Konček - 1.10.9-11 +- Fix the usage ot patch macro + +* Fri Nov 08 2024 Marián Konček - 1.10.9-10 +- Add OpenJDK bindings in a separate configuration file +- Resolves: RHEL-62405 + +* Wed Oct 16 2024 Marián Konček - 1.10.9-9 +- Add OpenJDK bindings +- Resolves: RHEL-62405 + * Thu Jun 13 2024 Mikolaj Izdebski - 1.10.9-8 - Fix test failures due to JPEG CMYK support in OpenJDK - Resolves: RHEL-5354