@ -23,6 +23,8 @@
%bcond_without staticlibs
# Remove build artifacts by default
%bcond_with artifacts
# Build a fresh libjvm.so for use in a copy of the bootstrap JDK
%bcond_without fresh_libjvm
# Workaround for stripping of debug symbols from static libraries
%if %{with staticlibs}
@ -32,6 +34,13 @@
%global include_staticlibs 0
%endif
# Define whether to use the bootstrap JDK directly or with a fresh libjvm.so
%if %{with fresh_libjvm}
%global build_hotspot_first 1
%else
%global build_hotspot_first 0
%endif
# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
# This fixes detailed NMT and other tools which need minimal debug info.
# See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879
@ -76,7 +85,7 @@
# in alternatives those are slaves and master, very often triplicated by man pages
# in files all masters and slaves are ghosted
# the ghosts are here to allow installation via query like `dnf install /usr/bin/java`
# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_
# you can list those files, with appropriate sections: cat *.spec | grep -e --install -e --slave -e post_ -e alternatives
# TODO - fix those hardcoded lists via single list
# Those files must *NOT* be ghosted for *slowdebug* packages
# FIXME - if you are moving jshell or jlink or similar, always modify all three sections
@ -102,7 +111,9 @@
# Set of architectures for which we build fastdebug builds
%global fastdebug_arches x86_64 ppc64le aarch64
# Set of architectures with a Just-In-Time (JIT) compiler
%global jit_arches %{debug_arches} %{arm}
%global jit_arches %{arm} %{aarch64} %{ix86} %{power64} s390x sparcv9 sparc64 x86_64
# Set of architectures which use the Zero assembler port (!jit_arches)
%global zero_arches ppc s390
# Set of architectures which run a full bootstrap cycle
%global bootstrap_arches %{jit_arches}
# Set of architectures which support SystemTap tapsets
@ -121,6 +132,8 @@
%global zgc_arches x86_64
# Set of architectures for which alt-java has SSB mitigation
%global ssbd_arches x86_64
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
# By default, we build a slowdebug build during main build on JIT architectures
%if %{with slowdebug}
@ -174,7 +187,7 @@
%global fastdebug_build %{nil}
%endif
# If you disable both builds, then the build fails
# If you disable all builds, then the build fails
# Build and test slowdebug first as it provides the best diagnostics
%global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build}
@ -208,6 +221,11 @@
%global release_targets images docs-zip
# No docs nor bootcycle for debug builds
%global debug_targets images
# Target to use to just build HotSpot
%global hotspot_target hotspot
# JDK to use for bootstrapping
%global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk
# Disable LTO as this causes build failures at the moment.
# See RHBZ#1861401
@ -297,8 +315,8 @@
# New Version-String scheme-style defines
%global featurever 11
%global interimver 0
%global updatever 15
%global patchver 0
%global updatever 14
%global patchver 1
# If you bump featurever, you must bump also vendor_version_string
# Used via new version scheme. JDK 11 was
# GA'ed in September 2018 => 18.9
@ -344,8 +362,8 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 9
%global rpmrelease 2
%global buildver 1
%global rpmrelease 6
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk
@ -443,6 +461,9 @@
%global alternatives_requires %{_sbindir}/alternatives
%endif
%global family %{name}.%{_arch}
%global family_noarch %{name}
%if %{with_systemtap}
# Where to install systemtap tapset (links)
# We would like these to be in a package specific sub-dir,
@ -460,6 +481,50 @@
# not-duplicated scriptlets for normal/debug packages
%global update_desktop_icons /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%define save_alternatives() %{expand:
# warning! alternatives are localised!
# LANG=cs_CZ.UTF-8 alternatives --display java | head
# LANG=en_US.UTF-8 alternatives --display java | head
function nonLocalisedAlternativesDisplayOfMaster() {
LANG=en_US.UTF-8 alternatives --display "$MASTER"
}
function headOfAbove() {
nonLocalisedAlternativesDisplayOfMaster | head -n $1
}
MASTER="%{?1}"
LOCAL_LINK="%{?2}"
FAMILY="%{?3}"
rm -f %{_localstatedir}/lib/rpm-state/"$MASTER"_$FAMILY > /dev/null
if nonLocalisedAlternativesDisplayOfMaster > /dev/null ; then
if headOfAbove 1 | grep -q manual ; then
if headOfAbove 2 | tail -n 1 | grep -q %{compatiblename} ; then
headOfAbove 2 > %{_localstatedir}/lib/rpm-state/"$MASTER"_"$FAMILY"
fi
fi
fi
}
%define save_and_remove_alternatives() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
upgrade1_uninstal0=%{?3}
if [ "0$upgrade1_uninstal0" -gt 0 ] ; then # removal of this condition will cause persistence between uninstall
%{save_alternatives %{?1} %{?2} %{?4}}
fi
alternatives --remove "%{?1}" "%{?2}"
}
%define set_if_needed_alternatives() %{expand:
MASTER="%{?1}"
FAMILY="%{?2}"
ALTERNATIVES_FILE="%{_localstatedir}/lib/rpm-state/$MASTER"_"$FAMILY"
if [ -e "$ALTERNATIVES_FILE" ] ; then
rm "$ALTERNATIVES_FILE"
alternatives --set $MASTER $FAMILY
fi
}
%define post_script() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
@ -467,20 +532,19 @@ update-desktop-database %{_datadir}/applications &> /dev/null || :
exit 0
}
%define post_headless() %{expand:
%ifarch %{share_arches}
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
%endif
%define alternatives_java_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
key=java
alternatives \\
--install %{_bindir}/java java %{jrebindir -- %{?1}}/java $PRIORITY --family %{name}.%{_arch } \\
--install %{_bindir}/java $key %{jrebindir -- %{?1}}/java $PRIORITY --family %{family } \\
--slave %{_jvmdir}/jre jre %{_jvmdir}/%{sdkdir -- %{?1}} \\
--slave %{_bindir}/%{alt_java_name} %{alt_java_name} %{jrebindir -- %{?1}}/%{alt_java_name} \\
--slave %{_bindir}/jjs jjs %{jrebindir -- %{?1}}/jjs \\
@ -506,12 +570,23 @@ alternatives \\
--slave %{_mandir}/man1/unpack200.1$ext unpack200.1$ext \\
%{_mandir}/man1/unpack200-%{uniquesuffix -- %{?1}}.1$ext
%{set_if_needed_alternatives $key %{family}}
for X in %{origin} %{javaver} ; do
alternatives --install %{_jvmdir}/jre-"$X" jre_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
key=jre_"$X"
alternatives --install %{_jvmdir}/jre-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
done
update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{name}.%{_arch}
key=jre_%{javaver}_%{origin}
alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} $key %{_jvmdir}/%{jrelnk -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
}
%define post_headless() %{expand:
%ifarch %{share_arches}
%{jrebindir -- %{?1}}/java -Xshare:dump >/dev/null 2>/dev/null
%endif
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -538,26 +613,34 @@ exit 0
%define postun_headless() %{expand:
alternatives --remove java %{jrebindir -- %{?1}}/java
alternatives --remove jre_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
alternatives --remove jre_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
alternatives --remove jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}}
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives java %{jrebindir -- %{?1}}/java $post_state %{family}}
%{save_and_remove_alternatives jre_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives jre_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk -- %{?1}} $post_state %{family}}
}
%define posttrans_script() %{expand:
%{update_desktop_icons}
}
%define post_devel() %{expand:
%define alternatives_javac_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
ext=.gz
key=javac
alternatives \\
--install %{_bindir}/javac javac %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{name}.%{_arch } \\
--install %{_bindir}/javac $key %{sdkbindir -- %{?1}}/javac $PRIORITY --family %{family } \\
--slave %{_jvmdir}/java java_sdk %{_jvmdir}/%{sdkdir -- %{?1}} \\
%ifarch %{aot_arches}
--slave %{_bindir}/jaotc jaotc %{sdkbindir -- %{?1}}/jaotc \\
@ -565,7 +648,9 @@ alternatives \\
--slave %{_bindir}/jlink jlink %{sdkbindir -- %{?1}}/jlink \\
--slave %{_bindir}/jmod jmod %{sdkbindir -- %{?1}}/jmod \\
%ifarch %{sa_arches}
%ifnarch %{zero_arches}
--slave %{_bindir}/jhsdb jhsdb %{sdkbindir -- %{?1}}/jhsdb \\
%endif
%endif
--slave %{_bindir}/jar jar %{sdkbindir -- %{?1}}/jar \\
--slave %{_bindir}/jarsigner jarsigner %{sdkbindir -- %{?1}}/jarsigner \\
@ -623,15 +708,22 @@ alternatives \\
--slave %{_mandir}/man1/rmic.1$ext rmic.1$ext \\
%{_mandir}/man1/rmic-%{uniquesuffix -- %{?1}}.1$ext \\
--slave %{_mandir}/man1/serialver.1$ext serialver.1$ext \\
%{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext \\
%{_mandir}/man1/serialver-%{uniquesuffix -- %{?1}}.1$ext
%{set_if_needed_alternatives $key %{family}}
for X in %{origin} %{javaver} ; do
alternatives \\
--install %{_jvmdir}/java-"$X" java_sdk_"$X" %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
key=java_sdk_"$X"
alternatives --install %{_jvmdir}/java-"$X" $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
done
update-alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{name}.%{_arch}
key=java_sdk_%{javaver}_%{origin}
alternatives --install %{_jvmdir}/java-%{javaver}-%{origin} $key %{_jvmdir}/%{sdkdir -- %{?1}} $PRIORITY --family %{family}
%{set_if_needed_alternatives $key %{family}}
}
%define post_devel() %{expand:
update-desktop-database %{_datadir}/applications &> /dev/null || :
/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
@ -639,10 +731,14 @@ exit 0
}
%define postun_devel() %{expand:
alternatives --remove javac %{sdkbindir -- %{?1}}/javac
alternatives --remove java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
alternatives --remove java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}}
alternatives --remove java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}}
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives javac %{sdkbindir -- %{?1}}/javac $post_state %{family}}
%{save_and_remove_alternatives java_sdk_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives java_sdk_%{javaver} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
%{save_and_remove_alternatives java_sdk_%{javaver}_%{origin} %{_jvmdir}/%{sdkdir -- %{?1}} $post_state %{family}}
update-desktop-database %{_datadir}/applications &> /dev/null || :
@ -654,42 +750,54 @@ exit 0
}
%define posttrans_devel() %{expand:
%{alternatives_javac_install -- %{?1}}
%{update_desktop_icons}
}
%define post_javadoc() %{expand:
%define alternatives_javadoc_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
alternatives \\
--install %{_javadocdir}/java javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api \\
$PRIORITY --family %{name }
key=javadocdir
alternatives --install %{_javadocdir}/java $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $PRIORITY --family %{family_noarch}
%{set_if_needed_alternatives $key %{family_noarch} }
exit 0
}
%define postun_javadoc() %{expand:
alternatives --remove javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives javadocdir %{_javadocdir}/%{uniquejavadocdir -- %{?1}}/api $post_state %{family_noarch}}
exit 0
}
%define post_javadoc_zip() %{expand:
%define alternatives_javadoczip_install() %{expand:
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
PRIORITY=%{priority}
if [ "%{?1}" == %{debug_suffix} ]; then
let PRIORITY=PRIORITY-1
fi
alternatives \\
--install %{_javadocdir}/java-zip javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip \\
$PRIORITY --family %{name}
key=javadoczip
alternatives --install %{_javadocdir}/java-zip $key %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $PRIORITY --family %{family_noarch}
%{set_if_needed_alternatives $key %{family_noarch}}
exit 0
}
%define postun_javadoc_zip() %{expand:
alternatives --remove javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip
if [ "x$debug" == "xtrue" ] ; then
set -x
fi
post_state=$1 # from postun, https://docs.fedoraproject.org/en-US/packaging-guidelines/Scriptlets/#_syntax
%{save_and_remove_alternatives javadoczip %{_javadocdir}/%{uniquejavadocdir -- %{?1}}.zip $post_state %{family_noarch}}
exit 0
}
@ -760,8 +868,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/librmi.so
# Some architectures don't have the serviceability agent
%ifarch %{sa_arches}
%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsaproc.so
%endif
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsctp.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsunec.so
%{_jvmdir}/%{sdkdir -- %{?1}}/lib/libsystemconf.so
@ -855,8 +965,10 @@ exit 0
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jimage
# Some architectures don't have the serviceability agent
%ifarch %{sa_arches}
%ifnarch %{zero_arches}
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jhsdb
%endif
%endif
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jinfo
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jlink
%{_jvmdir}/%{sdkdir -- %{?1}}/bin/jmap
@ -1015,8 +1127,8 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
# 2021a required as of JDK-8260356 in April 2021 CPU
Requires: tzdata-java >= 2021a
# 2021e required as of JDK-8275766 in January 2022 CPU
Requires: tzdata-java >= 2021e
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@ -1029,6 +1141,8 @@ OrderWithRequires: copy-jdk-configs
%endif
# for printing support
Requires: cups-libs
# for FIPS PKCS11 provider
Requires: nss
# Post requires alternatives to install tool alternatives
Requires(post): %{alternatives_requires}
# Postun requires alternatives to uninstall tool alternatives
@ -1111,10 +1225,10 @@ Requires(post): %{alternatives_requires}
Requires(postun): %{alternatives_requires}
# Standard JPackage javadoc provides
Provides: java-%{javaver}-javadoc%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-javadoc%{?1} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
Provides: java-%{javaver}-%{origin}-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%if %is_system_jdk
Provides: java-javadoc%{?1} = %{epoch}:%{version}-%{release}
Provides: java-javadoc%{?1}%{?2} = %{epoch}:%{version}-%{release}
%endif
}
@ -1241,6 +1355,10 @@ Patch1011: rh1991003-enable_fips_keys_import.patch
# RH2021263: Resolve outstanding FIPS issues
Patch1014: rh2021263-fips_ensure_security_initialised.patch
Patch1015: rh2021263-fips_missing_native_returns.patch
# RH2052819: Fix FIPS reliance on crypto policies
Patch1016: rh2021263-fips_separate_policy_and_fips_init.patch
# RH2052829: Detect NSS at Runtime for FIPS detection
Patch1017: rh2052829-fips_runtime_nss_detection.patch
#############################################
#
@ -1269,15 +1387,25 @@ Patch8: jdk8275535-rh2053256-ldap_auth.patch
#############################################
#
# Patches appearing in 11.0.15
# Backportable patches
#
# This section includes patches which are
# present in the current development tree, but
# need to be reviewed & pushed to the appropriate
# updates tree of OpenJDK.
#############################################
# JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32
Patch101: jdk8257794-remove_broken_assert.patch
#############################################
#
# Patches appearing in 11.0.13
#
# This section includes patches which are present
# in the listed OpenJDK 11u release and should be
# able to be removed once that release is out
# and used by this RPM.
#############################################
# JDK-8284920: Incorrect Token type causes XPath expression to return empty result
Patch9: jdk8284920-incorrect_token_type.patch
BuildRequires: autoconf
BuildRequires: automake
@ -1304,8 +1432,8 @@ BuildRequires: libXrandr-devel
BuildRequires: libXrender-devel
BuildRequires: libXt-devel
BuildRequires: libXtst-devel
# Requirements for setting up the nss.cfg and FIPS support
BuildRequires: nss-devel >= 3.53
# Requirement for setting up nss.cfg and nss.fips.cfg
BuildRequires: nss-devel
BuildRequires: pkgconfig
BuildRequires: xorg-x11-proto-devel
BuildRequires: zip
@ -1313,11 +1441,11 @@ BuildRequires: unzip
BuildRequires: javapackages-filesystem
BuildRequires: java-%{buildjdkver}-openjdk-devel
# Zero-assembler build requirement
%ifnarch %{jit _arches}
%ifarch %{zero _arches}
BuildRequires: libffi-devel
%endif
# 2021a required as of JDK-8260356 in April 2021 CPU
BuildRequires: tzdata-java >= 2021a
# 2021e required as of JDK-8275766 in January 2022 CPU
BuildRequires: tzdata-java >= 2021e
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@ -1599,7 +1727,7 @@ Group: Documentation
Requires: javapackages-filesystem
Obsoletes: javadoc-debug
%{java_javadoc_rpo %{nil}}
%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc
The %{origin_nice} %{featurever} API documentation.
@ -1612,7 +1740,8 @@ Group: Documentation
Requires: javapackages-filesystem
Obsoletes: javadoc-zip-debug
%{java_javadoc_rpo %{nil}}
%{java_javadoc_rpo -- %{nil} -zip}
%{java_javadoc_rpo -- %{nil} %{nil}}
%description javadoc-zip
The %{origin_nice} %{featurever} API documentation compressed in a single archive.
@ -1668,9 +1797,10 @@ pushd %{top_level_dir_name}
%patch3 -p1
%patch4 -p1
%patch7 -p1
%patch9 -p1
popd # openjdk
%patch101
%patch1000
%patch600
%patch1001
@ -1683,6 +1813,8 @@ popd # openjdk
%patch1011
%patch1014
%patch1015
%patch1016
%patch1017
%patch8
@ -1737,7 +1869,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build
# How many CPU's do we have?
@ -1764,17 +1895,21 @@ EXTRA_CPP_FLAGS="%ourcppflags"
# fix rpmlint warnings
EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing"
%endif
%ifarch %{ix86}
# Align stack boundary on x86_32
EXTRA_CFLAGS="$(echo ${EXTRA_CFLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming-stack-boundary=2 -mpreferred-stack-boundary=4|')"
%endif
# Fixes annocheck warnings in assembler files due to missing build notes
EXTRA_ASFLAGS="${EXTRA_CFLAGS} -Wa,--generate-missing-build-notes=yes"
export EXTRA_CFLAGS EXTRA_ASFLAGS
export EXTRA_CFLAGS EXTRA_CPP_FLAGS EXTRA_ ASFLAGS
function buildjdk() {
local outputdir=${1}
local installdir=${2}
local buildjdk=${3}
local maketargets="${4}"
local debuglevel=${5}
local link_opt=${6}
local buildjdk=${2}
local maketargets="${3}"
local debuglevel=${4}
local link_opt=${5}
local top_dir_abs_src_path=$(pwd)/%{top_level_dir_name}
local top_dir_abs_build_path=$(pwd)/${outputdir}
@ -1787,11 +1922,11 @@ function buildjdk() {
echo "Using link_opt: ${link_opt}"
echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
mkdir -p ${outputdir} ${installdir}
mkdir -p ${outputdir}
pushd ${outputdir}
bash ${top_dir_abs_src_path}/configure \
%ifnarch %{jit _arches}
%ifarch %{zero _arches}
--with-jvm-variants=zero \
%endif
%ifarch %{ppc64le}
@ -1808,7 +1943,7 @@ function buildjdk() {
--with-boot-jdk=${buildjdk} \
--with-debug-level=${debuglevel} \
--with-native-debug-symbols="%{debug_symbols}" \
--en able-sysconf-nss \
--dis able-sysconf-nss \
--enable-unlimited-crypto \
--with-zlib=system \
--with-libjpeg=${link_opt} \
@ -1836,8 +1971,15 @@ function buildjdk() {
$maketargets || ( pwd; find ${top_dir_abs_src_path} ${top_dir_abs_build_path} -name "hs_err_pid*.log" | xargs cat && false )
popd
}
function installjdk() {
local outputdir=${1}
local installdir=${2}
local imagepath=${installdir}/images/%{jdkimage}
echo "Installing build from ${outputdir} to ${installdir}..."
mkdir -p ${installdir}
echo "Installing images..."
mv ${outputdir}/images ${installdir}
if [ -d ${outputdir}/bundles ] ; then
@ -1853,39 +1995,47 @@ function buildjdk() {
echo "Removing output directory...";
rm -rf ${outputdir}
%endif
}
function installjdk() {
local imagepath=${1}
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
if [ -d ${imagepath} ] ; then
# the build (erroneously) removes read permissions from some jars
# this is a regression in OpenJDK 7 (our compiler):
# http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437
find ${imagepath} -iname '*.jar' -exec chmod ugo+r {} \;
# Build screws up permissions on binaries
# https://bugs.openjdk.java.net/browse/JDK-8173610
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
find ${imagepath}/bin/ -exec chmod +x {} \;
# Build screws up permissions on binaries
# https://bugs.openjdk.java.net/browse/JDK-8173610
find ${imagepath} -iname '*.so' -exec chmod +x {} \;
find ${imagepath}/bin/ -exec chmod +x {} \;
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg ${imagepath}/conf/security/
# Install nss.cfg right away as we will be using the JRE above
install -m 644 nss.cfg ${imagepath}/conf/security/
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
# Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies)
install -m 644 nss.fips.cfg ${imagepath}/conf/security/
# Use system-wide tzdata
rm ${imagepath}/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
# Use system-wide tzdata
rm ${imagepath}/lib/tzdb.dat
ln -s %{_datadir}/javazi-1.8/tzdb.dat ${imagepath}/lib/tzdb.dat
# Create fake alt-java as a placeholder for future alt-java
pushd ${imagepath}
# add alt-java man page
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
# Create fake alt-java as a placeholder for future alt-java
pushd ${imagepath}
# add alt-java man page
echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
popd
fi
}
%if %{build_hotspot_first}
# Build a fresh libjvm.so first and use it to bootstrap
cp -LR --preserve=mode,timestamps %{bootjdk} newboot
systemjdk=$(pwd)/newboot
buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled"
mv build/newboot/jdk/lib/server/libjvm.so newboot/lib/server
%else
systemjdk=%{bootjdk}
%endif
for suffix in %{build_loop} ; do
if [ "x$suffix" = "x" ] ; then
@ -1895,7 +2045,6 @@ for suffix in %{build_loop} ; do
debugbuild=`echo $suffix | sed "s/-//g"`
fi
systemjdk=/usr/lib/jvm/java-%{buildjdkver}-openjdk
for loop in %{main_suffix} %{staticlibs_loop} ; do
@ -1922,11 +2071,14 @@ for suffix in %{build_loop} ; do
run_bootstrap=%{bootstrap_build}
fi
if ${run_bootstrap} ; then
buildjdk ${bootbuilddir} ${bootinstalldir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
buildjdk ${builddir} ${installdir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
%{!?with_artifacts:rm -rf ${bootinstalldir}}
buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} ${link_opt}
installjdk ${bootbuilddir} ${bootinstalldir}
buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} ${link_opt}
installjdk ${builddir} ${installdir}
%{!?with_artifacts:rm -rf ${bootinstalldir}}
else
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
installjdk ${builddir} ${installdir}
fi
# Restore original source tree we modified by removing full in-tree sources
rm -rf %{top_level_dir_name}
@ -1937,15 +2089,12 @@ for suffix in %{build_loop} ; do
# Static library cycle only builds the static libraries
maketargets="%{static_libs_target}"
# Always just do the one build for the static libraries
buildjdk ${builddir} ${installdir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} ${link_opt}
installjdk ${builddir} ${installdir}
fi
done # end of main / staticlibs loop
# Final setup on the main image
top_dir_abs_main_build_path=$(pwd)/%{installoutputdir -- ${suffix}%{main_suffix}}
installjdk ${top_dir_abs_main_build_path}/images/%{jdkimage}
# build cycles
done # end of release / debug cycle loop
@ -2054,20 +2203,16 @@ gdb -q "$JAVA_HOME/bin/java" <<EOF | tee gdb.out
handle SIGSEGV pass nostop noprint
handle SIGILL pass nostop noprint
set breakpoint pending on
break javaCalls.cpp:1
break javaCalls.cpp:58
commands 1
backtrace
quit
end
run -version
EOF
%if 0%{?fedora} > 0
# This fails on s390x for some reason. Disable for now. See:
# https://koji.fedoraproject.org/koji/taskinfo?taskID=41499227
%ifnarch s390x
%ifarch %{gdb_arches}
grep 'JavaCallWrapper::JavaCallWrapper' gdb.out
%endif
%endif
# Check src.zip has all sources. See RHBZ#1130490
$JAVA_HOME/bin/jar -tf $JAVA_HOME/lib/src.zip | grep 'sun.misc.Unsafe'
@ -2294,6 +2439,9 @@ end
%posttrans
%{posttrans_script %{nil}}
%posttrans headless
%{alternatives_java_install %{nil}}
%post devel
%{post_devel %{nil}}
@ -2303,14 +2451,14 @@ end
%posttrans devel
%{posttrans_devel %{nil}}
%post javadoc
%{post_javadoc %{nil}}
%posttrans javadoc
%{alternatives_javadoc_install %{nil}}
%postun javadoc
%{postun_javadoc %{nil}}
%post javadoc-zip
%{post_javadoc_zip %{nil}}
%posttrans javadoc-zip
%{alternatives_javadoczip_install %{nil}}
%postun javadoc-zip
%{postun_javadoc_zip %{nil}}
@ -2323,6 +2471,9 @@ end
%post headless-slowdebug
%{post_headless -- %{debug_suffix_unquoted}}
%posttrans headless-slowdebug
%{alternatives_java_install -- %{debug_suffix_unquoted}}
%postun slowdebug
%{postun_script -- %{debug_suffix_unquoted}}
@ -2358,6 +2509,9 @@ end
%posttrans fastdebug
%{posttrans_script -- %{fastdebug_suffix_unquoted}}
%posttrans headless-fastdebug
%{alternatives_java_install -- %{fastdebug_suffix_unquoted}}
%post devel-fastdebug
%{post_devel -- %{fastdebug_suffix_unquoted}}
@ -2464,99 +2618,148 @@ end
%endif
%changelog
* Sat Apr 16 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.15.0.9-2
- Add JDK-8284920 fix for XPath regression
- Related: rhbz#2073422
* Fri Apr 15 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.15.0.9-2
- Remove security items from release notes that were only in 17u and N/A for 11u
- Related: rhbz#2073422
* Wed Apr 13 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.15.0.9-1
- Update to jdk-11.0.15.0+9
- Update release notes to 11.0.15.0+9
- Switch to GA mode for release
- ** This tarball is embargoed until 2022-04-19 @ 1pm PT. **
- Resolves: rhbz#2073422
* Tue Apr 12 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.15.0.8-0.1.ea
- Update to jdk-11.0.15.0+8
- Update release notes to 11.0.15.0+8
- Switch to EA mode for 11.0.15 pre-release builds.
- Rebase RH1996182 FIPS patch after JDK-8254410
- Related: rhbz#2073422
* Wed Feb 23 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-2
- Add JDK-8275535 patch to fix LDAP authentication issue.
- Resolves: rhbz#2055344
* Mon Feb 28 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-6
- Detect NSS at runtime for FIPS detection
- Turn off build-time NSS linking and go back to an explicit Requires on NSS
- Resolves: rhbz#2052827
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-1
* Fri Feb 25 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-5
- Add JDK-8275535 patch to fix LDAP authentication issue.
- Resolves: rhbz#2053284
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.1.1-4
- Storing and restoring alterntives during update manually
- Fixing Bug 2001567 - update of JDK/JRE is removing its manually selected alterantives and select (as auto) system JDK/JRE
-- The move of alternatives creation to posttrans to fix:
-- Bug 1200302 - dnf reinstall breaks alternatives
-- Had caused the alternatives to be removed, and then created again,
-- instead of being added, and then removing the old, and thus persisting
-- the selection in family
-- Thus this fix, is storing the family of manually selected master, and if
-- stored, then it is restoring the family of the master
- Resolves: rhbz#2008192
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.1.1-3
- Family extracted to globals
- Resolves: rhbz#2008192
* Fri Feb 25 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.1.1-2
- alternatives creation moved to posttrans
- Thus fixing the old reisntall issue:
- https://bugzilla.redhat.com/show_bug.cgi?id=1200302
- https://bugzilla.redhat.com/show_bug.cgi?id=1976053
- Resolves: rhbz#2008192
* Fri Feb 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.1.1-1
- Update to jdk-11.0.14.1+1
- Update release notes to 11.0.14.1+1
- Require tzdata 2021e as of JDK-8275766.
- Resolves: rhbz#2052809
- Resolves: rhbz#1966234
* Tue Jan 18 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-2
* Thu Feb 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-6
- Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent
- Resolves: rhbz#2052816
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-5
- Refactor build functions so we can build just HotSpot without any attempt at installation.
- Sync gdb test with java-1.8.0-openjdk.
- Improve architecture restrictions for the gdb test.
- Replace -mstackrealign with -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 on x86_32 for stack alignment
- Explicitly list JIT architectures rather than relying on those with slowdebug builds
- Disable the serviceability agent on Zero architectures even when the architecture itself is supported
- Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds
- Related: rhbz#2052809
* Fri Feb 11 2022 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.0.9-5
- Give javadoc-zip its own Provides, next to the plain javadoc ones
- Related: rhbz#2052809
* Fri Feb 11 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-4
- Fix FIPS issues in native code and with initialisation of java.security.Security
- Related: rhbz#2039366
- Resolves: rhbz#2021559
* Thu Feb 10 2022 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.14.0.9-3
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
- Resolves: rhbz#2023534
* Mon Jan 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-1
* Mon Jan 17 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.9-2
- Update to jdk-11.0.14.0+9
- Update release notes to 11.0.14.0+9
- Switch to GA mode for final release.
- This tarball is embargoed until 2022-01-18 @ 1pm PT.
- Resolves: rhbz#2039366
* Fri Jan 14 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.8-0.1.ea
- Update to jdk-11.0.14.0+8
- Update release notes to 11.0.14.0+8
- Resolves: rhbz#2022821
* Thu Jan 13 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.14.0.1-0.1.ea
- Update to jdk-11.0.14.0+1
- Update release notes to 11.0.14.0+1
- Switch to EA mode for 11.0.14 pre-release builds.
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
- Rename blacklisted.certs to blocked.certs following JDK-8253866
- Rebase RH1996182 login patch and drop redundant security policy extension after JDK-8269034
- Related: rhbz#2039366
- Related: rhbz#2022821
* Wed Dec 01 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.14.0.8-0.1.ea
* Thu Jan 13 2022 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-5
- Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le.
- Related: rhbz#2022821
* Wed Dec 01 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.13.0.8-4
- Replaced hardcoded 11 by featurever where appropriate
- Fixed comment of `for slowdebug` to correct `any debug`
- Related: rhbz#2039366
* Sun Nov 07 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-4
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Resolves: rhbz#2014212
* Sun Nov 07 2021 Martin Balao <mbalao@redhat.com> - 1:11.0.13.0.8-4
- Add patch to allow plain key import.
- Resolves: rhbz#2014212
* Thu Oct 28 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-3
- Bump and rebuild to try and get a build correctly tagged.
- Related: rhbz#2012334
- Related: rhbz#2022821
* Wed Oct 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-2
- Update to jdk-11.0.12 .0+8
- Update release notes to 11.0.12 .0+8
* Wed Oct 13 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.8-3
- Update to jdk-11.0.13.0+8
- Update release notes to 11.0.13.0+8
- Switch to GA mode for final release.
- This tarball is embargoed until 2021-10-19 @ 1pm PT.
- Resolves: rhbz#2012334
- Resolves: rhbz#2012335
* Tue Oct 12 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.7-0.1.ea
- Update to jdk-11.0.13.0+7
- Update release notes to 11.0.13.0+7
- Resolves: rhbz#1999938
* Mon Oct 11 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.13.0.1-0.1.ea
- Update to jdk-11.0.13.0+1
- Update release notes to 11.0.13.0+1
- Update tarball generation script to use git following OpenJDK 11u's move to github
- Switch to EA mode for 11.0.13 pre-release builds.
- Remove non-Free test from source tarball.
- Remove "-clean" suffix as no 11.0.13 builds are unclean .
- Drop JDK-8269668 patch which is now applied upstream.
- Related: rhbz#2011826
- Related: rhbz#1999938
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-9
- The bootstrap JDK is now in bootinstalldir, not bootbuilddir.
- Related: rhbz#1999938
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-5
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-9
- Reduce disk footprint by removing build artifacts by default.
- Related: rhbz#1999938
* Sun Oct 10 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-8
- Restructure the build so a minimal initial build is then used for the final build (with docs)
- This reduces pressure on the system JDK and ensures the JDK being built can do a full build
- Reduce disk footprint by removing build artifacts by default.
- Related: rhbz#2011826
- Related: rhbz#1999938
* Mon Sep 06 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.12.0.7-5
* Tue Oct 05 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-7
- Allow plain key import to be disabled with -Dcom.redhat.fips.plainKeySupport=false
- Resolves: rhbz#1991003
* Tue Oct 05 2021 Martin Balao <mbalao@redhat.com> - 1:11.0.12.0.7-7
- Add patch to allow plain key import.
- Resolves: rhbz#1991003
* Mon Sep 06 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.12.0.7-6
- Minor cosmetic improvements to make spec more comparable between variants
- Related: rhbz#2011826
- Related: rhbz#1999938
* Mon Sep 06 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-5
- Remove non-Free test from source tarball.
- Related: rhbz#1999938
* Mon Aug 30 2021 Andrew Hughes <gnu.andrew@redhat.com> - 1:11.0.12.0.7-4
- Extend the default security policy to accomodate PKCS11 accessing jdk.internal.misc.
CentOS Sources
3 years ago
committed by
Stepan Oksanichenko