# RPM conditionals so as to be able to dynamically produce # slowdebug/release builds. See: # http://rpm.org/user_doc/conditional_builds.html # # Examples: # # Produce release, fastdebug *and* slowdebug builds on x86_64 (default): # $ rpmbuild -ba java-1.8.0-openjdk.spec # # Produce only release builds (no debug builds) on x86_64: # $ rpmbuild -ba java-1.8.0-openjdk.spec --without slowdebug --without fastdebug # # Only produce a release build on x86_64: # $ rhpkg mockbuild --without slowdebug --without fastdebug # # Enable fastdebug builds by default on relevant arches. %bcond_without fastdebug # Enable slowdebug builds by default on relevant arches. %bcond_without slowdebug # Enable release builds by default on relevant arches. %bcond_without release # Remove build artifacts by default %bcond_with artifacts # Build a fresh libjvm.so for use in a copy of the bootstrap JDK %bcond_without fresh_libjvm # Define whether to use the bootstrap JDK directly or with a fresh libjvm.so %if %{with fresh_libjvm} %global build_hotspot_first 1 %else %global build_hotspot_first 0 %endif # The -g flag says to use strip -g instead of full strip on DSOs or EXEs. # This fixes detailed NMT and other tools which need minimal debug info. # See: https://bugzilla.redhat.com/show_bug.cgi?id=1520879 %global _find_debuginfo_opts -g # note: parametrized macros are order-sensitive (unlike not-parametrized) even with normal macros # also necessary when passing it as parameter to other macros. If not macro, then it is considered a switch # see the difference between global and define: # See https://github.com/rpm-software-management/rpm/issues/127 to comments at "pmatilai commented on Aug 18, 2017" # (initiated in https://bugzilla.redhat.com/show_bug.cgi?id=1482192) %global debug_suffix_unquoted -slowdebug %global fastdebug_suffix_unquoted -fastdebug # quoted one for shell operations %global debug_suffix "%{debug_suffix_unquoted}" %global fastdebug_suffix "%{fastdebug_suffix_unquoted}" %global normal_suffix "" %global debug_warning This package is unoptimised with full debugging. Install only as needed and remove ASAP. %global fastdebug_warning This package is optimised with full debugging. Install only as needed and remove ASAP. %global debug_on unoptimised with full debugging on %global fastdebug_on optimised with full debugging on %global for_fastdebug for packages with debugging on and optimisation %global for_debug for packages with debugging on and no optimisation %if %{with release} %global include_normal_build 1 %else %global include_normal_build 0 %endif %if %{include_normal_build} %global normal_build %{normal_suffix} %else %global normal_build %{nil} %endif %global aarch64 aarch64 arm64 armv8 # we need to distinguish between big and little endian PPC64 %global ppc64le ppc64le %global ppc64be ppc64 ppc64p7 # Set of architectures which support multiple ABIs %global multilib_arches %{power64} sparc64 x86_64 # Set of architectures for which we build slowdebug builds %global debug_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} %{power64} # Set of architectures for which we build fastdebug builds %global fastdebug_arches x86_64 ppc64le aarch64 # Set of architectures with a Just-In-Time (JIT) compiler %global jit_arches %{aarch64} %{ix86} %{power64} sparcv9 sparc64 x86_64 # Set of architectures which use the Zero assembler port (!jit_arches) %global zero_arches %{arm} ppc s390 s390x # Set of architectures which run a full bootstrap cycle %global bootstrap_arches %{jit_arches} %{zero_arches} # Set of architectures which support SystemTap tapsets %global systemtap_arches %{jit_arches} # Set of architectures which support the serviceability agent %global sa_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} # Set of architectures which support class data sharing # See https://bugzilla.redhat.com/show_bug.cgi?id=513605 # MetaspaceShared::generate_vtable_methods is not implemented for the PPC JIT %global share_arches %{ix86} x86_64 sparcv9 sparc64 %{aarch64} # Set of architectures which support Java Flight Recorder (JFR) %global jfr_arches %{jit_arches} # Set of architectures for which alt-java has SSB mitigation %global ssbd_arches x86_64 # Set of architectures where we verify backtraces with gdb %global gdb_arches %{jit_arches} %{zero_arches} # By default, we build a debug build during main build on JIT architectures %if %{with slowdebug} %ifarch %{debug_arches} %global include_debug_build 1 %else %global include_debug_build 0 %endif %else %global include_debug_build 0 %endif # By default, we build a fastdebug build during main build only on fastdebug architectures %if %{with fastdebug} %ifarch %{fastdebug_arches} %global include_fastdebug_build 1 %else %global include_fastdebug_build 0 %endif %else %global include_fastdebug_build 0 %endif %if %{include_debug_build} %global slowdebug_build %{debug_suffix} %else %global slowdebug_build %{nil} %endif %if %{include_fastdebug_build} %global fastdebug_build %{fastdebug_suffix} %else %global fastdebug_build %{nil} %endif # If you disable all builds, then the build fails # Build and test slowdebug first as it provides the best diagnostics %global build_loop %{slowdebug_build} %{fastdebug_build} %{normal_build} %if 0%{?flatpak} %global bootstrap_build false %else %ifarch %{bootstrap_arches} %global bootstrap_build true %else %global bootstrap_build false %endif %endif %global bootstrap_targets images %global release_targets images docs-zip # No docs nor bootcycle for debug builds %global debug_targets images # Target to use to just build HotSpot %global hotspot_target hotspot # JDK to use for bootstrapping # Use OpenJDK 7 where available (on RHEL) to avoid # having to use the rhel-7.x-java-unsafe-candidate hack %if ! 0%{?fedora} && 0%{?rhel} <= 6 %global buildjdkver 1.7.0 %else %global buildjdkver 1.8.0 %endif %global bootjdk /usr/lib/jvm/java-%{buildjdkver}-openjdk # Filter out flags from the optflags macro that cause problems with the OpenJDK build # We filter out -O flags so that the optimization of HotSpot is not lowered from O3 to O2 # We filter out -Wall which will otherwise cause HotSpot to produce hundreds of thousands of warnings (100+mb logs) # We replace it with -Wformat (required by -Werror=format-security) and -Wno-cpp to avoid FORTIFY_SOURCE warnings # We filter out -fexceptions as the HotSpot build explicitly does -fno-exceptions and it's otherwise the default for C++ # removal of -g is portable build specific to achieve no debug for release %global ourflags %(echo %optflags | sed -e 's|-Wall|-Wformat|' | sed -r -e 's|-O[0-9]*||' | sed -e 's|-g ||') %global ourcppflags %(echo %ourflags | sed -e 's|-fexceptions||' | sed -e 's|-fasynchronous-unwind-tables||' | sed -e 's|-g ||') # no __global_ldflags in RHEL 6 %global ourldflags %{nil} # With disabled nss is NSS deactivated, so NSS_LIBDIR can contain the wrong path # the initialization must be here. Later the pkg-config have buggy behavior # looks like openjdk RPM specific bug # Always set this so the nss.cfg file is not broken %global NSS_LIBDIR %(pkg-config --variable=libdir nss) %global NSS_LIBS %(pkg-config --libs nss) %global NSS_CFLAGS %(pkg-config --cflags nss-softokn) # see https://bugzilla.redhat.com/show_bug.cgi?id=1332456 %global NSSSOFTOKN_BUILDTIME_NUMBER %(pkg-config --modversion nss-softokn || : ) %global NSS_BUILDTIME_NUMBER %(pkg-config --modversion nss || : ) # this is workaround for processing of requires during srpm creation %global NSSSOFTOKN_BUILDTIME_VERSION %(if [ "x%{NSSSOFTOKN_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSSSOFTOKN_BUILDTIME_NUMBER}" ;fi) %global NSS_BUILDTIME_VERSION %(if [ "x%{NSS_BUILDTIME_NUMBER}" == "x" ] ; then echo "" ;else echo ">= %{NSS_BUILDTIME_NUMBER}" ;fi) # In some cases, the arch used by the JDK does # not match _arch. # Also, in some cases, the machine name used by SystemTap # does not match that given by _target_cpu %ifarch x86_64 %global archinstall amd64 %global stapinstall x86_64 %endif %ifarch ppc %global archinstall ppc %global stapinstall powerpc %endif %ifarch %{ppc64be} %global archinstall ppc64 %global stapinstall powerpc %endif %ifarch %{ppc64le} %global archinstall ppc64le %global stapinstall powerpc %endif %ifarch %{ix86} %global archinstall i386 %global stapinstall i386 %endif %ifarch ia64 %global archinstall ia64 %global stapinstall ia64 %endif %ifarch s390 %global archinstall s390 %global stapinstall s390 %endif %ifarch s390x %global archinstall s390x %global stapinstall s390 %endif %ifarch %{arm} %global archinstall arm %global stapinstall arm %endif %ifarch %{aarch64} %global archinstall aarch64 %global stapinstall arm64 %endif # 32 bit sparc, optimized for v9 %ifarch sparcv9 %global archinstall sparc %global stapinstall %{_target_cpu} %endif # 64 bit sparc %ifarch sparc64 %global archinstall sparcv9 %global stapinstall %{_target_cpu} %endif # Need to support noarch for srpm build %ifarch noarch %global archinstall %{nil} %global stapinstall %{nil} %endif # Always off in portables %ifarch %{systemtap_arches} %global with_systemtap 0 %else %global with_systemtap 0 %endif # New Version-String scheme-style defines %global majorver 8 # Standard JPackage naming and versioning defines %global origin openjdk %global origin_nice OpenJDK %global top_level_dir_name %{origin} # Settings for local security configuration %global security_file %{top_level_dir_name}/jdk/src/share/lib/security/java.security-%{_target_os} %global cacerts_file /etc/pki/java/cacerts # Define vendor information used by OpenJDK %global oj_vendor Red Hat, Inc. %global oj_vendor_url "https://www.redhat.com/" # Define what url should JVM offer in case of a crash report # order may be important, epel may have rhel declared %if 0%{?epel} %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora%20EPEL&component=%{component}&version=epel%{epel} %else %if 0%{?fedora} # Does not work for rawhide, keeps the version field empty %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora&component=%{component}&version=%{fedora} %else %if 0%{?rhel} %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20Enterprise%20Linux%20%{rhel}&component=%{component} %else %global oj_vendor_bug_url https://bugzilla.redhat.com/enter_bug.cgi %endif %endif %endif # note, following three variables are sedded from update_sources if used correctly. Hardcode them rather there. %global shenandoah_project openjdk %global shenandoah_repo shenandoah-jdk8u %global openjdk_revision jdk8u352-b08 %global shenandoah_revision shenandoah-%{openjdk_revision} # Define old aarch64/jdk8u tree variables for compatibility %global project %{shenandoah_project} %global repo %{shenandoah_repo} %global revision %{shenandoah_revision} # Define IcedTea version used for SystemTap tapsets and desktop file %global icedteaver 3.15.0 # Define current Git revision for the FIPS support patches %global fipsver 6d1aade0648 # e.g. aarch64-shenandoah-jdk8u212-b04-shenandoah-merge-2019-04-30 -> aarch64-shenandoah-jdk8u212-b04 %global version_tag %(VERSION=%{revision}; echo ${VERSION%%-shenandoah-merge*}) # eg # jdk8u60-b27 -> jdk8u60 or # aarch64-jdk8u60-b27 -> aarch64-jdk8u60 (dont forget spec escape % by %%) %global whole_update %(VERSION=%{version_tag}; echo ${VERSION%%-*}) # eg jdk8u60 -> 60 or aarch64-jdk8u60 -> 60 %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) %global rpmrelease 1 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, # - N%%{?extraver}{?dist} for GA releases %global is_ga 1 %if %{is_ga} %global milestone fcs %global milestone_version %{nil} %global extraver %{nil} %global eaprefix %{nil} %else %global milestone ea %global milestone_version "-ea" %global extraver .%{milestone} %global eaprefix 0. %endif # priority must be 7 digits in total. The expression is workarounding tip %global priority %(TIP=1800%{updatever}; echo ${TIP/tip/999}) %global javaver 1.%{majorver}.0 # parametrized macros are order-sensitive %global compatiblename %{name} %global fullversion %{compatiblename}-%{version}-%{release} # images stub %global jdkimage j2sdk-image %global jreimage j2re-image # output dir stub %define buildoutputdir() %{expand:build/jdk8.build%{?1}} %define installoutputdir() %{expand:install/jdk8.install%{?1}} # we can copy the javadoc to not arched dir, or make it not noarch %define uniquejavadocdir() %{expand:%{fullversion}%{?1}} # main id and dir of this jdk %define uniquesuffix() %{expand:%{fullversion}.%{_arch}%{?1}} %if (0%{?rhel} > 0 && 0%{?rhel} < 8) %define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el7\\(_[0-9]\\)*;portable%{1}.jre.;g" | sed "s;openjdkportable;el;g") %define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;el7\\(_[0-9]\\)*;portable%{1}.jdk.;g" | sed "s;openjdkportable;el;g") %else %define jreportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;fc\\([0-9]\\)*;0.portable%{1}.jre;g" | sed "s;openjdkportable;el;g") %define jdkportablenameimpl() %(echo %{uniquesuffix ""} | sed "s;fc\\([0-9]\\)*;0.portable%{1}.jdk;g" | sed "s;openjdkportable;el;g") %endif %define jreportablearchive() %{expand:%{jreportablenameimpl -- %%{1}}.tar.xz} %define jdkportablearchive() %{expand:%{jdkportablenameimpl -- %%{1}}.tar.xz} %define jreportablename() %{expand:%{jreportablenameimpl -- %%{1}}} %define jdkportablename() %{expand:%{jdkportablenameimpl -- %%{1}}} # Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1111349. # See also https://bugzilla.redhat.com/show_bug.cgi?id=1590796 # as to why some libraries *cannot* be excluded. In particular, # these are: # libjsig.so, libjava.so, libjawt.so, libjvm.so and libverify.so %global _privatelibs libatk-wrapper[.]so.*|libattach[.]so.*|libawt_headless[.]so.*|libawt[.]so.*|libawt_xawt[.]so.*|libdt_socket[.]so.*|libfontmanager[.]so.*|libhprof[.]so.*|libinstrument[.]so.*|libj2gss[.]so.*|libj2pcsc[.]so.*|libj2pkcs11[.]so.*|libjaas_unix[.]so.*|libjava_crw_demo[.]so.*|libjavajpeg[.]so.*|libjdwp[.]so.*|libjli[.]so.*|libjsdt[.]so.*|libjsoundalsa[.]so.*|libjsound[.]so.*|liblcms[.]so.*|libmanagement[.]so.*|libmlib_image[.]so.*|libnet[.]so.*|libnio[.]so.*|libnpt[.]so.*|libsaproc[.]so.*|libsctp[.]so.*|libsplashscreen[.]so.*|libsunec[.]so.*|libsystemconf[.]so.*|libunpack[.]so.*|libzip[.]so.*|lib[.]so\\(SUNWprivate_.* %global __provides_exclude ^(%{_privatelibs})$ %global __requires_exclude ^(%{_privatelibs})$ # Standard JPackage directories and symbolic links. %global sdkdir() %{expand:%{uniquesuffix %%1}} %global jrelnk() %{expand:jre-%{javaver}-%{origin}-%{version}-%{release}.%{_arch}%1} %global jredir() %{expand:%{sdkdir %%1}/jre} %global sdkbindir() %{expand:%{_jvmdir}/%{sdkdir %%1}/bin} %global jrebindir() %{expand:%{_jvmdir}/%{jredir %%1}/bin} %global alt_java_name alt-java %global jvmjardir() %{expand:%{_jvmjardir}/%{uniquesuffix %%1}} %global rpm_state_dir %{_localstatedir}/lib/rpm-state/ # For flatpack builds hard-code /usr/sbin/alternatives, # otherwise use %%{_sbindir} relative path. %if 0%{?flatpak} %global alternatives_requires /usr/sbin/alternatives %else %global alternatives_requires %{_sbindir}/alternatives %endif %if %{with_systemtap} # Where to install systemtap tapset (links) # We would like these to be in a package specific sub-dir, # but currently systemtap doesn't support that, so we have to # use the root tapset dir for now. To distinguish between 64 # and 32 bit architectures we place the tapsets under the arch # specific dir (note that systemtap will only pickup the tapset # for the primary arch for now). Systemtap uses the machine name # aka target_cpu as architecture specific directory name. %global tapsetroot /usr/share/systemtap %global tapsetdirttapset %{tapsetroot}/tapset/ %global tapsetdir %{tapsetdirttapset}/%{stapinstall} %endif # Prevent brp-java-repack-jars from being run. %global __jar_repack 0 # portables have grown out of its component, moving back to java-x-vendor # this expression, when declared as global, filled component with java-x-vendor portable %define component %(echo %{name} | sed "s;-portable;;g") Name: java-%{javaver}-%{origin}-portable Version: %{javaver}.%{updatever}.%{buildver} Release: %{?eaprefix}%{rpmrelease}%{?extraver}%{?dist} # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons # and this change was brought into RHEL-4. java-1.5.0-ibm packages # also included the epoch in their virtual provides. This created a # situation where in-the-wild java-1.5.0-ibm packages provided "java = # 1:1.5.0". In RPM terms, "1.6.0 < 1:1.5.0" since 1.6.0 is # interpreted as 0:1.6.0. So the "java >= 1.6.0" requirement would be # satisfied by the 1:1.5.0 packages. Thus we need to set the epoch in # JDK package >= 1.6.0 to 1, and packages referring to JDK virtual # provides >= 1.6.0 must specify the epoch, "java >= 1:1.6.0". Epoch: 1 Summary: %{origin_nice} %{majorver} Runtime Environment portable edition Group: Development/Languages # HotSpot code is licensed under GPLv2 # JDK library code is licensed under GPLv2 with the Classpath exception # The Apache license is used in code taken from Apache projects (primarily JAXP & JAXWS) # DOM levels 2 & 3 and the XML digital signature schemas are licensed under the W3C Software License # The JSR166 concurrency code is in the public domain # The BSD and MIT licenses are used for a number of third-party libraries (see THIRD_PARTY_README) # The OpenJDK source tree includes the JPEG library (IJG), zlib & libpng (zlib), giflib and LCMS (MIT) # The test code includes copies of NSS under the Mozilla Public License v2.0 # The PCSClite headers are under a BSD with advertising license # The elliptic curve cryptography (ECC) source code is licensed under the LGPLv2.1 or any later version License: ASL 1.1 and ASL 2.0 and BSD and BSD with advertising and GPL+ and GPLv2 and GPLv2 with exceptions and IJG and LGPLv2+ and MIT and MPLv2.0 and Public Domain and W3C and zlib URL: http://openjdk.java.net/ # Shenandoah HotSpot # aarch64-port/jdk8u-shenandoah contains an integration forest of # OpenJDK 8u, the aarch64 port and Shenandoah # To regenerate, use: # VERSION=%%{shenandoah_revision} # FILE_NAME_ROOT=%%{shenandoah_project}-%%{shenandoah_repo}-${VERSION} # REPO_ROOT= generate_source_tarball.sh # where the source is obtained from http://hg.openjdk.java.net/%%{project}/%%{repo} Source0: %{shenandoah_project}-%{shenandoah_repo}-%{shenandoah_revision}-4curve.tar.xz # Custom README for -src subpackage Source2: README.md # Release notes Source7: NEWS # Use 'icedtea_sync.sh' to update the following # They are based on code contained in the IcedTea project (3.x). # Systemtap tapsets. Zipped up to keep it small. # Disabled in portables #Source8: tapsets-icedtea-%%{icedteaver}.tar.xz # Desktop files. Adapted from IcedTea # Disabled in portables #Source9: jconsole.desktop.in #Source10: policytool.desktop.in # nss configuration file Source11: nss.cfg.in # Removed libraries that we link instead # Disabled in portables #Source12: %%{name}-remove-intree-libraries.sh # Ensure we aren't using the limited crypto policy Source13: TestCryptoLevel.java # Ensure ECDSA is working Source14: TestECDSA.java # Verify system crypto (policy) can be disabled via a property Source15: TestSecurityProperties.java # Ensure vendor settings are correct Source16: CheckVendor.java # nss fips configuration file Source17: nss.fips.cfg.in # Ensure translations are available for new timezones Source18: TestTranslations.java # Disabled in portables #Source20: repackReproduciblePolycies.sh # New versions of config files with aarch64 support. This is not upstream yet. Source100: config.guess Source101: config.sub ############################################ # # RPM/distribution specific patches # # This section includes patches specific to # Fedora/RHEL which can not be upstreamed # either in their current form or at all. ############################################ # Accessibility patches # Ignore AWTError when assistive technologies are loaded Patch1: rh1648242-accessible_toolkit_crash_do_not_break_jvm.patch # Turn on AssumeMP by default on RHEL systems Patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch # RH1648249: Add PKCS11 provider to java.security Patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch # RH1582504: Use RSA as default for keytool, as DSA is disabled in all crypto policies except LEGACY Patch1003: rh1582504-rsa_default_for_keytool.patch # Crypto policy and FIPS support patches # Patch is generated from the fips tree at https://github.com/rh-openjdk/jdk11u/tree/fips # as follows: git diff %%{openjdk_revision} common jdk > fips-8u-$(git show -s --format=%h HEAD).patch # Diff is limited to src and make subdirectories to exclude .github changes # Fixes currently included: # PR3183, RH1340845: Support Fedora/RHEL8 system crypto policy # PR3655: Allow use of system crypto policy to be disabled by the user # RH1655466: Support RHEL FIPS mode using SunPKCS11 provider # RH1760838: No ciphersuites available for SSLSocket in FIPS mode # RH1860986: Disable TLSv1.3 with the NSS-FIPS provider until PKCS#11 v3.0 support is available # RH1906862: Always initialise JavaSecuritySystemConfiguratorAccess # RH1929465: Improve system FIPS detection # RH1996182: Login to the NSS software token in FIPS mode # RH1991003: Allow plain key import unless com.redhat.fips.plainKeySupport is set to false # RH2021263: Resolve outstanding FIPS issues # RH2052819: Fix FIPS reliance on crypto policies # RH2052829: Detect NSS at Runtime for FIPS detection # RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage # RH2090378: Revert to disabling system security properties and FIPS mode support together Patch1001: fips-8u-%{fipsver}.patch ############################################# # # Upstreamable patches # # This section includes patches which need to # be reviewed & pushed to the current development # tree of OpenJDK. ############################################# # PR2737: Allow multiple initialization of PKCS11 libraries Patch5: pr2737-allow_multiple_pkcs11_library_initialisation_to_be_a_non_critical_error.patch # PR2095, RH1163501: 2048-bit DH upper bound too small for Fedora infrastructure (sync with IcedTea 2.x) Patch504: rh1163501-increase_2048_bit_dh_upper_bound_fedora_infrastructure_in_dhparametergenerator.patch # Turn off strict overflow on IndicRearrangementProcessor{,2}.cpp following 8140543: Arrange font actions Patch512: rh1649664-awt2dlibraries_compiled_with_no_strict_overflow.patch # RH1337583, PR2974: PKCS#10 certificate requests now use CRLF line endings rather than system line endings Patch523: pr2974-rh1337583-add_systemlineendings_option_to_keytool_and_use_line_separator_instead_of_crlf_in_pkcs10.patch # PR3083, RH1346460: Regression in SSL debug output without an ECC provider Patch528: pr3083-rh1346460-for_ssl_debug_return_null_instead_of_exception_when_theres_no_ecc_provider.patch # PR2888: OpenJDK should check for system cacerts database (e.g. /etc/pki/java/cacerts) # PR3575, RH1567204: System cacerts database handling should not affect jssecacerts # RH2055274: Revert default keystore to JAVA_HOME/jre/lib/security/cacerts in portable builds # Must be applied after crypto policy patch as it also changes java.security Patch539: pr2888-rh2055274-support_system_cacerts.patch Patch541: rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch # RH1750419: Enable build of speculative store bypass hardened alt-java (CVE-2018-3639) Patch600: rh1750419-redhat_alt_java.patch # JDK-8281098, PR3836: Extra compiler flags not passed to adlc build Patch112: jdk8281098-pr3836-pass_compiler_flags_to_adlc.patch # JDK-8275535, RH2053256: Retrying a failed authentication on multiple LDAP servers can lead to users blocked Patch113: jdk8275535-rh2053256-ldap_auth.patch ############################################# # # Arch-specific upstreamable patches # # This section includes patches which need to # be reviewed & pushed upstream and are specific # to certain architectures. This usually means the # current OpenJDK development branch, but may also # include other trees e.g. for the AArch64 port for # OpenJDK 8u. ############################################# # s390: PR3593: Use "%z" for size_t on s390 as size_t != intptr_t Patch103: pr3593-s390_use_z_format_specifier_for_size_t_arguments_as_size_t_not_equals_to_int.patch # x86: S8199936, PR3533: HotSpot generates code with unaligned stack, crashes on SSE operations (-mstackrealign workaround) Patch105: jdk8199936-pr3533-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x.patch # S390 ambiguous log2_intptr calls Patch107: s390-8214206_fix.patch ############################################# # # Patches which need backporting to 8u # # This section includes patches which have # been pushed upstream to the latest OpenJDK # development tree, but need to be backported # to OpenJDK 8u. ############################################# # S8074839, PR2462: Resolve disabled warnings for libunpack and the unpack200 binary # This fixes printf warnings that lead to build failure with -Werror=format-security from optflags Patch502: pr2462-resolve_disabled_warnings_for_libunpack_and_the_unpack200_binary.patch # PR3591: Fix for bug 3533 doesn't add -mstackrealign to JDK code Patch571: jdk8199936-pr3591-enable_mstackrealign_on_x86_linux_as_well_as_x86_mac_os_x_jdk.patch # 8143245, PR3548: Zero build requires disabled warnings Patch574: jdk8143245-pr3548-zero_build_requires_disabled_warnings.patch # s390: JDK-8203030, Type fixing for s390 Patch102: jdk8203030-zero_s390_31_bit_size_t_type_conflicts_in_shared_code.patch # 8035341: Allow using a system installed libpng Patch202: jdk8035341-allow_using_system_installed_libpng.patch # 8042159: Allow using a system-installed lcms2 Patch203: jdk8042159-allow_using_system_installed_lcms2-root.patch Patch204: jdk8042159-allow_using_system_installed_lcms2-jdk.patch # JDK-8195607, PR3776, RH1760437: sun/security/pkcs11/Secmod/TestNssDbSqlite.java failed with "NSS initialization failed" on NSS 3.34.1 Patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch # JDK-8257794: Zero: assert(istate->_stack_limit == istate->_thread->last_Java_sp() + 1) failed: wrong on Linux/x86_32 Patch581: jdk8257794-remove_broken_assert.patch # JDK-8186464, RH1433262: ZipFile cannot read some InfoZip ZIP64 zip files Patch12: jdk8186464-rh1433262-zip64_failure.patch ############################################# # # Patches appearing in 8u362 # # This section includes patches which are present # in the listed OpenJDK 8u release and should be # able to be removed once that release is out # and used by this RPM. ############################################# # JDK-8294357: (tz) Update Timezone Data to 2022d Patch2002: jdk8294357-tzdata2022d.patch # JDK-8295173: (tz) Update Timezone Data to 2022e Patch2003: jdk8295173-tzdata2022e.patch ############################################# # # Patches ineligible for 8u # # This section includes patches which are present # upstream, but ineligible for upstream 8u backport. ############################################# # 8043805: Allow using a system-installed libjpeg Patch201: jdk8043805-allow_using_system_installed_libjpeg.patch ############################################# # # Shenandoah fixes # # This section includes patches which are # specific to the Shenandoah garbage collector # and should be upstreamed to the appropriate # trees. ############################################# ############################################# # # Non-OpenJDK fixes # # This section includes patches to code other # that from OpenJDK. ############################################# ############################################# # # Dependencies # ############################################# BuildRequires: autoconf BuildRequires: automake BuildRequires: alsa-lib-devel BuildRequires: binutils BuildRequires: cups-devel BuildRequires: desktop-file-utils # elfutils only are OK for build without AOT BuildRequires: elfutils-devel BuildRequires: fontconfig-devel BuildRequires: freetype-devel BuildRequires: giflib-devel BuildRequires: gcc-c++ BuildRequires: libstdc++-static BuildRequires: gdb BuildRequires: gtk2-devel # Portbles uses in tree libraries #BuildRequires: lcms2-devel #BuildRequires: libjpeg-devel #BuildRequires: libpng-devel BuildRequires: libxslt BuildRequires: libX11-devel BuildRequires: libXext-devel BuildRequires: libXi-devel BuildRequires: libXinerama-devel BuildRequires: libXrender-devel BuildRequires: libXt-devel BuildRequires: libXtst-devel # Requirement for setting up nss.cfg and nss.fips.cfg BuildRequires: nss-devel # Commented out for portable RHEL7 doesn't have this # Requirement for system security property test #BuildRequires: crypto-policies BuildRequires: pkgconfig BuildRequires: xorg-x11-proto-devel BuildRequires: zip BuildRequires: tar BuildRequires: unzip # Require a boot JDK which doesn't fail due to RH1482244 BuildRequires: java-%{buildjdkver}-openjdk-devel >= 1.7.0.151-2.6.11.3 # Zero-assembler build requirement %ifarch %{zero_arches} BuildRequires: libffi-devel %endif # 2022d required as of JDK-8294357 # Should be bumped to 2022e once available (JDK-8295173) BuildRequires: tzdata-java >= 2022d # Earlier versions have a bug in tree vectorization on PPC BuildRequires: gcc >= 4.8.3-8 # cacerts build requirement. BuildRequires: ca-certificates BuildRequires: openssl %if %{with_systemtap} BuildRequires: systemtap-sdt-devel %endif %description The %{origin_nice} %{majorver} runtime environment - portable edition %if %{include_normal_build} %package devel Summary: %{origin_nice} %{majorver} Development Environment portable edition Group: Development/Tools %description devel The %{origin_nice} %{majorver} development tools - portable edition %endif %if %{include_debug_build} %package slowdebug Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{debug_on} Group: Development/Languages %description slowdebug The %{origin_nice} %{majorver} runtime environment - portable edition %{debug_warning} %package devel-slowdebug Summary: %{origin_nice} %{majorver} Development Environment portable edition %{debug_on} Group: Development/Tools %description devel-slowdebug The %{origin_nice} %{majorver} development tools - portable edition %{debug_warning} %endif %if %{include_fastdebug_build} %package fastdebug Summary: %{origin_nice} %{majorver} Runtime Environment portable edition %{fastdebug_on} Group: Development/Languages %description fastdebug The %{origin_nice} %{majorver} runtime environment - portable edition %{fastdebug_warning} %package devel-fastdebug Summary: %{origin_nice} %{majorver} Development Environment portable edition %{fastdebug_on} Group: Development/Tools %description devel-fastdebug The %{origin_nice} %{majorver} development tools - portable edition %{fastdebug_warning} %endif %prep if [ %{include_normal_build} -eq 0 -o %{include_normal_build} -eq 1 ] ; then echo "include_normal_build is %{include_normal_build}" else echo "include_normal_build is %{include_normal_build}, that is invalid. Use 1 for yes or 0 for no" exit 11 fi if [ %{include_debug_build} -eq 0 -o %{include_debug_build} -eq 1 ] ; then echo "include_debug_build is %{include_debug_build}" else echo "include_debug_build is %{include_debug_build}, that is invalid. Use 1 for yes or 0 for no" exit 12 fi if [ %{include_fastdebug_build} -eq 0 -o %{include_fastdebug_build} -eq 1 ] ; then echo "include_fastdebug_build is %{include_fastdebug_build}" else echo "include_fastdebug_build is %{include_fastdebug_build}, that is invalid. Use 1 for yes or 0 for no" exit 13 fi if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{include_fastdebug_build} -eq 0 ] ; then echo "You have disabled all builds (normal,fastdebug,slowdebug). That is a no go." exit 14 fi echo "Update version: %{updatever}" echo "Build number: %{buildver}" echo "Milestone: %{milestone}" %setup -q -c -n %{uniquesuffix ""} -T -a 0 # https://bugzilla.redhat.com/show_bug.cgi?id=1189084 prioritylength=`expr length %{priority}` if [ $prioritylength -ne 7 ] ; then echo "priority must be 7 digits in total, violated" exit 14 fi # For old patches ln -s %{top_level_dir_name} jdk8 cp %{SOURCE2} . # replace outdated configure guess script # # the configure macro will do this too, but it also passes a few flags not # supported by openjdk configure script cp %{SOURCE100} %{top_level_dir_name}/common/autoconf/build-aux/ cp %{SOURCE101} %{top_level_dir_name}/common/autoconf/build-aux/ # OpenJDK patches # portables uses in tree versions # Remove libraries that are linked #sh %{SOURCE12} # Do not enable them, they do not work properly with bundled option # System library fixes #%patch201 #%patch202 #%patch203 #%patch204 %patch1 %patch5 # s390 build fixes %patch102 %patch103 %patch107 # AArch64 fixes # x86 fixes %patch105 # Upstreamable fixes %patch502 %patch504 %patch512 %patch523 %patch528 %patch571 %patch574 %patch112 %patch580 %patch581 %patch113 %patch541 %patch12 pushd %{top_level_dir_name} # Add crypto policy and FIPS support %patch1001 -p1 # nss.cfg PKCS11 support; must come last as it also alters java.security %patch1000 -p1 # system cacerts support %patch539 -p1 # tzdata updates targetted for 8u362 %patch2002 -p1 %patch2003 -p1 popd # RPM-only fixes %patch600 %patch1003 # RHEL-only patches %if ! 0%{?fedora} && 0%{?rhel} <= 7 %patch534 %endif # Shenandoah patches # Extract systemtap tapsets %if %{with_systemtap} tar --strip-components=1 -x -I xz -f %{SOURCE8} %if %{include_debug_build} cp -r tapset tapset%{debug_suffix} %endif %if %{include_fastdebug_build} cp -r tapset tapset%{fastdebug_suffix} %endif for suffix in %{build_loop} ; do for file in "tapset"$suffix/*.in; do OUTPUT_FILE=`echo $file | sed -e "s:\.stp\.in$:-%{version}-%{release}.%{_arch}.stp:g"` sed -e "s:@ABS_SERVER_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/server/libjvm.so:g" $file > $file.1 # TODO find out which architectures other than i686 have a client vm %ifarch %{ix86} sed -e "s:@ABS_CLIENT_LIBJVM_SO@:%{_jvmdir}/%{sdkdir -- $suffix}/jre/lib/%{archinstall}/client/libjvm.so:g" $file.1 > $OUTPUT_FILE %else sed -e "/@ABS_CLIENT_LIBJVM_SO@/d" $file.1 > $OUTPUT_FILE %endif sed -i -e "s:@ABS_JAVA_HOME_DIR@:%{_jvmdir}/%{sdkdir -- $suffix}:g" $OUTPUT_FILE sed -i -e "s:@INSTALL_ARCH_DIR@:%{archinstall}:g" $OUTPUT_FILE sed -i -e "s:@prefix@:%{_jvmdir}/%{sdkdir -- $suffix}/:g" $OUTPUT_FILE done done # systemtap tapsets ends %endif # Prepare desktop files # Portables do not have desktop integration # Setup nss.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg # Setup nss.fips.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg # Setup security policy #Commented because NA to portable #sed -i -e "s:^security.systemCACerts=.*:security.systemCACerts=%{cacerts_file}:" %{security_file} %build # How many CPU's do we have? export NUM_PROC=%(/usr/bin/getconf _NPROCESSORS_ONLN 2> /dev/null || :) export NUM_PROC=${NUM_PROC:-1} %if 0%{?_smp_ncpus_max} # Honor %%_smp_ncpus_max [ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max} %endif %ifarch s390x sparc64 alpha %{power64} %{aarch64} export ARCH_DATA_MODEL=64 %endif %ifarch alpha export CFLAGS="$CFLAGS -mieee" %endif # We use ourcppflags because the OpenJDK build seems to # pass EXTRA_CFLAGS to the HotSpot C++ compiler... EXTRA_CFLAGS="%ourcppflags -Wno-error" EXTRA_CPP_FLAGS="%ourcppflags -fno-tree-vrp" %ifarch %{power64} ppc EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-tree-vectorize" # fix rpmlint warnings EXTRA_CFLAGS="$EXTRA_CFLAGS -fno-strict-aliasing" %endif EXTRA_ASFLAGS="${EXTRA_CFLAGS}" export EXTRA_CFLAGS EXTRA_ASFLAGS (cd %{top_level_dir_name}/common/autoconf bash ./autogen.sh ) function buildjdk() { local outputdir=${1} local buildjdk=${2} local maketargets=${3} local debuglevel=${4} local top_srcdir_abs_path=$(pwd)/%{top_level_dir_name} # Variable used in hs_err hook on build failures local top_builddir_abs_path=$(pwd)/${outputdir} echo "Using output directory: ${outputdir}"; echo "Checking build JDK ${buildjdk} is operational..." ${buildjdk}/bin/java -version echo "Using make targets: ${maketargets}" echo "Using debuglevel: ${debuglevel}" echo "Building 8u%{updatever}-%{buildver}, milestone %{milestone}" mkdir -p ${outputdir} pushd ${outputdir} bash ${top_srcdir_abs_path}/configure \ %ifarch %{jfr_arches} --enable-jfr \ %else --disable-jfr \ %endif %ifarch %{zero_arches} --with-jvm-variants=zero \ %endif --with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \ --with-native-debug-symbols=$debug_symbols \ --with-milestone=%{milestone} \ --with-update-version=%{updatever} \ --with-build-number=%{buildver} \ --with-vendor-name="%{oj_vendor}" \ --with-vendor-url="%{oj_vendor_url}" \ --with-vendor-bug-url="%{oj_vendor_bug_url}" \ --with-vendor-vm-bug-url="%{oj_vendor_bug_url}" \ --with-boot-jdk=${buildjdk} \ --with-debug-level=${debuglevel} \ --disable-sysconf-nss \ --enable-unlimited-crypto \ --with-zlib=bundled \ --with-giflib=bundled \ --with-stdc++lib=static \ --with-extra-cxxflags="$EXTRA_CPP_FLAGS" \ --with-extra-cflags="$EXTRA_CFLAGS" \ --with-extra-asflags="$EXTRA_ASFLAGS" \ --with-extra-ldflags="%{ourldflags}" \ --with-num-cores="$NUM_PROC" cat spec.gmk cat hotspot-spec.gmk make \ LOG=trace \ SCTP_WERROR= \ $maketargets || ( pwd; find ${top_srcdir_abs_path} ${top_builddir_abs_path} -name "hs_err_pid*.log" | xargs cat && false ) popd } function installjdk() { local outputdir=${1} local installdir=${2} #Changed as far portable need. We use this for setting JAVA_HOME and JRE_HOME local imagepath=$(pwd)/${installdir} local toplevel_build_dir=$(pwd) local top_builddir_abs_path=$(pwd)/${outputdir} echo "Installing build from ${outputdir} to ${installdir}..." mkdir -p ${installdir} echo "Installing images..." mv ${outputdir}/images ${installdir} if [ -d ${outputdir}/bundles ] ; then echo "Installing bundles..."; mv ${outputdir}/bundles ${installdir} ; fi if [ -d ${outputdir}/docs ] ; then echo "Installing docs..."; mv ${outputdir}/docs ${installdir} ; fi %if !%{with artifacts} echo "Removing output directory..."; rm -rf ${outputdir} %endif # the build (erroneously) removes read permissions from some jars # this is a regression in OpenJDK 7 (our compiler): # http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=1437 find ${imagepath}/images/%{jdkimage} -iname '*.jar' -exec chmod ugo+r {} \; chmod ugo+r ${imagepath}/images/%{jdkimage}/lib/ct.sym # Build screws up permissions on binaries # https://bugs.openjdk.java.net/browse/JDK-8173610 find ${imagepath}/images/%{jdkimage} -iname '*.so' -exec chmod +x {} \; find ${imagepath}/images/%{jdkimage}/bin/ -exec chmod +x {} \; # Install nss.cfg right away as we will be using the JRE above export JAVA_HOME=${imagepath}/images/%{jdkimage} export JRE_HOME=${imagepath}/images/%{jreimage} #portable specific install -m 644 ${toplevel_build_dir}/nss.cfg ${JAVA_HOME}/jre/lib/security/ install -m 644 ${toplevel_build_dir}/nss.cfg ${JRE_HOME}/lib/security/ #portable specific # Install nss.fips.cfg: NSS configuration for global FIPS mode (crypto-policies) install -m 644 ${toplevel_build_dir}/nss.fips.cfg ${JAVA_HOME}/jre/lib/security/ install -m 644 ${toplevel_build_dir}/nss.fips.cfg ${JRE_HOME}/lib/security/ #portable specific # System security properties are disabled by default on portable. # Turn on system security properties #sed -i -e "s:^security.useSystemPropertiesFile=.*:security.useSystemPropertiesFile=true:" \ #${imagepath}/jre/lib/security/java.security pushd ${imagepath}/images if [ "x$suffix" == "x" ] ; then nameSuffix="" else nameSuffix=`echo "$suffix"| sed s/-/./` fi cp %{SOURCE7} %{jreimage}/ cp %{SOURCE7} %{jdkimage}/ for dir in %{jdkimage} %{jreimage} ; do # add alt-java man page echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > "$dir"/man/man1/%{alt_java_name}.1 cat "$dir"/man/man1/java.1 >> "$dir"/man/man1/%{alt_java_name}.1 done mv %{jreimage} %{jreportablename -- "$nameSuffix"} tar -cJf ../../../../../%{jreportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jreportablename -- "$nameSuffix"} sha256sum ../../../../../%{jreportablearchive -- "$nameSuffix"} > ../../../../../%{jreportablearchive -- "$nameSuffix"}.sha256sum if [ "x$suffix" == "x" ] ; then dnameSuffix="$nameSuffix".debuginfo tar -cJf ../../../../../%{jreportablearchive -- "$dnameSuffix"} $(find %{jreportablename -- "$nameSuffix"}/ -name \*.debuginfo) sha256sum ../../../../../%{jreportablearchive -- "$dnameSuffix"} > ../../../../../%{jreportablearchive -- "$dnameSuffix"}.sha256sum fi mv %{jreportablename -- "$nameSuffix"} %{jreimage} mv %{jdkimage} %{jdkportablename -- "$nameSuffix"} srcs=$(find %{jdkportablename -- "$nameSuffix"} | grep -v /demo/ | grep /src.zip$) test `echo "$srcs" | wc -l` -eq 1 tar -cJf ../../../../../%{jdkportablearchive -- "$nameSuffix"} --exclude='**.debuginfo' %{jdkportablename -- "$nameSuffix"} sha256sum ../../../../../%{jdkportablearchive -- "$nameSuffix"} > ../../../../../%{jdkportablearchive -- "$nameSuffix"}.sha256sum if [ "x$suffix" == "x" ] ; then dnameSuffix="$nameSuffix".debuginfo tar -cJf ../../../../../%{jdkportablearchive -- "$dnameSuffix"} $(find %{jdkportablename -- "$nameSuffix"}/ -name \*.debuginfo) sha256sum ../../../../../%{jdkportablearchive -- "$dnameSuffix"} > ../../../../../%{jdkportablearchive -- "$dnameSuffix"}.sha256sum fi mv %{jdkportablename -- "$nameSuffix"} %{jdkimage} popd #images # Print release information # Tweaked as per portable directory structure cat ${imagepath}/images/%{jreimage}/release } %if %{build_hotspot_first} # Build a fresh libjvm.so first and use it to bootstrap cp -LR --preserve=mode,timestamps %{bootjdk} newboot systemjdk=$(pwd)/newboot buildjdk build/newboot ${systemjdk} %{hotspot_target} "release" "bundled" mv build/newboot/hotspot/dist/jre/lib/%{archinstall}/server/libjvm.so newboot/jre/lib/%{archinstall}/server %else systemjdk=%{bootjdk} %endif for suffix in %{build_loop} ; do if [ "x$suffix" = "x" ] ; then debugbuild=release debug_symbols=external else # change --something to something debugbuild=`echo $suffix | sed "s/-//g"` debug_symbols=internal fi builddir=%{buildoutputdir -- $suffix} bootbuilddir=boot${builddir} installdir=%{installoutputdir -- $suffix} bootinstalldir=boot${installdir} # Debug builds don't need same targets as release for # build speed-up. We also avoid bootstrapping these # slower builds. if echo $debugbuild | grep -q "debug" ; then maketargets="%{debug_targets}" run_bootstrap=false else maketargets="%{release_targets}" run_bootstrap=%{bootstrap_build} fi if ${run_bootstrap} ; then buildjdk ${bootbuilddir} ${systemjdk} "%{bootstrap_targets}" ${debugbuild} installjdk ${bootbuilddir} ${bootinstalldir} buildjdk ${builddir} $(pwd)/${bootinstalldir}/images/%{jdkimage} "${maketargets}" ${debugbuild} installjdk ${builddir} ${installdir} %{!?with_artifacts:rm -rf ${bootinstalldir}} else buildjdk ${builddir} ${systemjdk} "${maketargets}" ${debugbuild} installjdk ${builddir} ${installdir} fi # build cycles done %check # We test debug first as it will give better diagnostics on a crash for suffix in %{build_loop} ; do export JAVA_HOME=$(pwd)/%{installoutputdir -- $suffix}/images/%{jdkimage} # Check unlimited policy has been used $JAVA_HOME/bin/javac -d . %{SOURCE13} $JAVA_HOME/bin/java TestCryptoLevel # Check ECC is working $JAVA_HOME/bin/javac -d . %{SOURCE14} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE14})|sed "s|\.java||") || echo "this test should pass! Had not." # Check system crypto (policy) is active and can be disabled # Test takes a single argument - true or false - to state whether system # security properties are enabled or not. $JAVA_HOME/bin/javac -d . %{SOURCE15} export PROG=$(echo $(basename %{SOURCE15})|sed "s|\.java||") export SEC_DEBUG="-Djava.security.debug=properties" # Portable specific: set false whereas its true for upstream $JAVA_HOME/bin/java ${SEC_DEBUG} ${PROG} false $JAVA_HOME/bin/java ${SEC_DEBUG} -Djava.security.disableSystemPropertiesFile=true ${PROG} false # Check correct vendor values have been set $JAVA_HOME/bin/javac -d . %{SOURCE16} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE16})|sed "s|\.java||") "%{oj_vendor}" %{oj_vendor_url} %{oj_vendor_bug_url} # Check java launcher has no SSB mitigation if ! nm $JAVA_HOME/bin/java | grep set_speculation ; then true ; else false; fi # Check alt-java launcher has SSB mitigation on supported architectures %ifarch %{ssbd_arches} nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation %else if ! nm $JAVA_HOME/bin/%{alt_java_name} | grep set_speculation ; then true ; else false; fi %endif # Check translations are available for new timezones $JAVA_HOME/bin/javac -d . %{SOURCE18} $JAVA_HOME/bin/java $(echo $(basename %{SOURCE18})|sed "s|\.java||") JRE # debug-symbols are only in debug build if [ "x$suffix" == "x" ] ; then invert="-v" else invert="" fi # Check debug symbols are present and can identify code SERVER_JVM="$JAVA_HOME/jre/lib/%{archinstall}/server/libjvm.so" if [ -f "$SERVER_JVM" ] ; then nm -aCl "$SERVER_JVM" | grep $invert javaCalls.cpp fi CLIENT_JVM="$JAVA_HOME/jre/lib/%{archinstall}/client/libjvm.so" if [ -f "$CLIENT_JVM" ] ; then nm -aCl "$CLIENT_JVM" | grep $invert javaCalls.cpp fi ZERO_JVM="$JAVA_HOME/jre/lib/%{archinstall}/zero/libjvm.so" if [ -f "$ZERO_JVM" ] ; then nm -aCl "$ZERO_JVM" | grep $invert javaCalls.cpp fi # debug-symbols are only in debug portable build if [ "x$suffix" == "x" ] ; then so_suffix="debuginfo" else so_suffix="so" fi # Check debug symbols are present and can identify code find "$JAVA_HOME" -iname "*.$so_suffix" -print0 | while read -d $'\0' lib do if [ -f "$lib" ] ; then echo "Testing $lib for debug symbols" # All these tests rely on RPM failing the build if the exit code of any set # of piped commands is non-zero. # Test for .debug_* sections in the shared object. This is the main test # Stripped objects will not contain these eu-readelf -S "$lib" | grep "] .debug_" test $(eu-readelf -S "$lib" | grep -E "\]\ .debug_(info|abbrev)" | wc --lines) == 2 # Test FILE symbols. These will most likely be removed by anything that # manipulates symbol tables because it's generally useless. So a nice test # that nothing has messed with symbols old_IFS="$IFS" IFS=$'\n' for line in $(eu-readelf -s "$lib" | grep "00000000 0 FILE LOCAL DEFAULT") do # We expect to see .cpp files, except for architectures like aarch64 and # s390 where we expect .o and .oS files echo "$line" | grep -E "ABS ((.*/)?[-_a-zA-Z0-9]+\.(c|cc|cpp|cxx|o|oS))?$" done IFS="$old_IFS" # If this is the JVM, look for javaCalls.(cpp|o) in FILEs, for extra sanity checking if [ "`basename $lib`" = "libjvm.so" ]; then eu-readelf -s "$lib" | \ grep -E "00000000 0 FILE LOCAL DEFAULT ABS javaCalls.(cpp|o)$" fi # Test that there are no .gnu_debuglink sections pointing to another # debuginfo file. There shouldn't be any debuginfo files, so the link makes # no sense either eu-readelf -S "$lib" | grep 'gnu' if eu-readelf -S "$lib" | grep '] .gnu_debuglink' | grep PROGBITS; then echo "bad .gnu_debuglink section." eu-readelf -x .gnu_debuglink "$lib" false fi fi done # Make sure gdb can do a backtrace based on line numbers on libjvm.so # javaCalls.cpp:58 should map to: # http://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/ff3b27e6bcc2/src/share/vm/runtime/javaCalls.cpp#l58 # Using line number 1 might cause build problems. See: # https://bugzilla.redhat.com/show_bug.cgi?id=1539664 # https://bugzilla.redhat.com/show_bug.cgi?id=1538767 gdb -q "$JAVA_HOME/bin/java" < - 1:1.8.0.352.b08-1 - Update to shenandoah-jdk8u352-b08 (GA) - Update release notes for shenandoah-8u352-b08. - Update in-tree tzdata to 2022e with JDK-8294357 & JDK-8295173 - Add test to ensure timezones can be translated - Rebase FIPS patch against 8u352-b07 - * This tarball is embargoed until 2022-10-18 @ 1pm PT. * - Resolves: rhbz#2133695 * Mon Aug 29 2022 Jayashree Huttanagoudar - 1:1.8.0.345.b01-2 - Added some previously missing piece related to flatpack builds in portable spec - The change went into upstream branch in 8u292-b10(GA) itself * Mon Aug 29 2022 Stephan Bergmann - 1:1.8.0.345.b01-2 - Disable copy-jdk-configs for Flatpak builds - Fix flatpak builds by exempting them from bootstrap - Resolves: rhbz#2102727 * Wed Aug 03 2022 Andrew Hughes - 1:1.8.0.345.b01-1 - Update to shenandoah-jdk8u345-b01 (GA) - Update release notes for 8u345-b01. - Resolves: rhbz#2112405 * Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.342.b07-1 - Update to shenandoah-jdk8u342-b07 (GA) - Update release notes for shenandoah-8u342-b07. - Print release file during build, which should now include a correct SOURCE value from .src-rev - Include script to generate bug list for release notes - Update tzdata requirement to 2022a to match JDK-8283350 - Rebase JDK-8186464 patch so it applies after JDK-8190753 - Switch to GA mode for final release. - This tarball is embargoed until 2022-07-19 @ 1pm PT. - Resolves: rhbz#2106502 * Sun Jul 17 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-5 - System security properties are disabled by default on portable. - Commented out lines which are not applicable for portable. - Commented out BR for crypto-policies for portable * Sun Jul 17 2022 Andrew Hughes - 1:1.8.0.332.b09-5 - Rebase FIPS patches from fips branch and simplify by using a single patch from that repository - * RH2036462: sun.security.pkcs11.wrapper.PKCS11.getInstance breakage - * RH2090378: Revert to disabling system security properties and FIPS mode support together - Rebase RH1648249 nss.cfg patch so it applies after the FIPS patch - Rebase PR2888/RH2055274 cacerts patch so it applies after the current FIPS patch - Perform configuration changes (e.g. nss.cfg, nss.fips.cfg, tzdb.dat) in installjdk - Enable system security properties in the RPM (now disabled by default in the FIPS repo) - Improve security properties test to check both enabled and disabled behaviour - Run security properties test with property debugging on - Explicitly require crypto-policies during build and runtime for system security properties - Resolves: rhbz#2097152 - Resolves: rhbz#2100675 * Thu Jun 30 2022 Francisco Ferrari Bihurriet - 1:1.8.0.332.b09-4 - RH2007331: SecretKey generate/import operations don't add the CKA_SIGN attribute in FIPS mode - Resolves: rhbz#2102435 * Thu May 19 2022 Jiri Vanek - 1:1.8.0.332.b09-3 - to pass aqa: - removed copy system tzdb in favour of in-tree - removed Patch3: rh1648644-java_access_bridge_privileged_security.patch - This is not intended to release untill we decide proper steps * Wed May 11 2022 Jayashree Huttanagoudar - 1:1.8.0.332.b09-2 - Add some missing chunk in %check from upstream spec. * Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b09-1 - Update to shenandoah-jdk8u332-b09 (GA) - Update release notes for 8u332-b09. - Switch to GA mode for final release. - This tarball is embargoed until 2022-04-19 @ 1pm PT. - Resolves: rhbz#2073422 * Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.2.ea - Allow the default keystore to be configured using security.systemCACerts - Use of the property can now be disabled using -Djava.security.disableSystemCACerts=true - Commented out the configuration line for RHEL which is NA for portable. - Resolves: rhbz#2055274 * Mon Apr 18 2022 Andrew Hughes - 1:1.8.0.332.b06-0.1.ea - Update to shenandoah-jdk8u332-b06 (EA) - Update release notes for shenandoah-8u332-b06. - Minor corrections to previous changelog entry. - Resolves: rhbz#2047536 * Sun Apr 17 2022 Andrew Hughes - 1:1.8.0.332.b01-0.1.ea - Update to shenandoah-jdk8u332-b01 (EA) - Update release notes for shenandoah-8u332-b01. - Switch to EA mode. - Remove JDK-8279077 patch now upstream. - Related: rhbz#2047536 * Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-10 - Add JDK-8275535 patch to fix LDAP authentication issue. - Resolves: rhbz#2053285 * Mon Feb 28 2022 Andrew Hughes - 1:1.8.0.322.b06-9 - Detect NSS at runtime for FIPS detection - Resolves: rhbz#2052828 * Mon Feb 21 2022 Andrew Hughes - 1:1.8.0.322.b06-8 - Refactor build functions so we can build just HotSpot without any attempt at installation. - Introduce architecture restriction logic for the gdb test. (RH2041970) - Pass compiler flags to the ADLC build (JDK-8281098) - Adjust JDK8199936/PR3533 -mstackrealign patch to instead pass -mincoming-stack-boundary=2 -mpreferred-stack-boundary=4 - Explicitly list JIT architectures rather than relying on those with slowdebug builds - Disable the serviceability agent on Zero architectures even when the architecture itself is supported - Add backport of JDK-8257794 to fix bogus assert on slowdebug x86-32 Zero builds - Sync minor placement differences with Fedora & RHEL 9 - Resolves: rhbz#2022815 * Mon Jan 31 2022 Andrew Hughes - 1:1.8.0.322.b06-7 - Turn off bootstrapping for slow debug builds, which are particularly slow on ppc64le. - Related: rhbz#2022815 * Fri Jan 28 2022 Andrew Hughes - 1:1.8.0.322.b06-6 - Reduce disk footprint by removing build artifacts by default. - Related: rhbz#1999937 * Thu Jan 27 2022 Jayashree Huttanagoudar - 1:1.8.0.322.b06-5 - Add some diagnostic messages to buildjdk() - Add missing chmod instructions to buildjdk() * Thu Jan 27 2022 Andrew Hughes - 1:1.8.0.322.b06-5 - Use the "reverse" build loop (debug first) as the main and only build loop to get more diagnostics. - Resolves: rhbz#1966233 * Tue Jan 25 2022 Andrew Hughes - 1:1.8.0.322.b06-4 - Install nss.cfg and nss.fips.cfg into portable images. - Consistently make use of jdkimage and jreimage variables. * Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-3 - Separate crypto policy initialisation from FIPS initialisation, now they are no longer interdependent * Mon Jan 24 2022 Andrew Hughes - 1:1.8.0.322.b06-2 - Fix FIPS issues in native code and with initialisation of java.security.Security - Related: rhbz#2039366 * Fri Jan 21 2022 Andrew Hughes - 1:1.8.0.322.b06-1 - Update to aarch64-shenandoah-jdk8u322-b06 (EA) - Update release notes for 8u322-b06. - Switch to GA mode for final release. - Resolves: rhbz#2039366 * Thu Jan 20 2022 Andrew Hughes - 1:1.8.0.322.b05-0.1.ea - Update to aarch64-shenandoah-jdk8u322-b05 (EA) - Update release notes for 8u322-b05. - Require tzdata 2021e as of JDK-8275766. - Update tarball generation script to use git following shenandoah-jdk8u's move to github - Resolves: rhbz#2022815 * Tue Jan 18 2022 Andrew Hughes - 1:1.8.0.322.b04-0.2.ea - Add backport of JDK-8279077 to fix crash on ppc64 - Resolves: rhbz#2030399 * Mon Jan 10 2022 Andrew Hughes - 1:1.8.0.322.b04-0.1.ea - Update to aarch64-shenandoah-jdk8u322-b04 (EA) - Update release notes for 8u322-b04. - Require tzdata 2021c as of JDK-8274407. - Related: rhbz#2022815 * Fri Jan 07 2022 Andrew Hughes - 1:1.8.0.322.b03-0.1.ea - Update to aarch64-shenandoah-jdk8u322-b03 (EA) - Update release notes for 8u322-b03. - Related: rhbz#2022815 * Fri Dec 17 2021 Andrew Hughes - 1:1.8.0.322.b02-0.1.ea - Update to aarch64-shenandoah-jdk8u322-b02 (EA) - Update release notes for 8u322-b02. - Related: rhbz#2022815 * Tue Dec 14 2021 Andrew Hughes - 1:1.8.0.322.b01-0.1.ea - Update to aarch64-shenandoah-jdk8u322-b01 (EA) - Update release notes for 8u322-b01. - Switch to EA mode. - Related: rhbz#2022815 * Tue Dec 14 2021 Jayashree Huttanagoudar - 1:1.8.0.322.b01-0.1.ea - Typo correction to the previous commit for restructuring the build. * Mon Dec 06 2021 Severin Gehwolf - 1:1.8.0.312.b07-5 - Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy secmod.db file as part of nss - Resolves: rhbz#2023532 * Mon Nov 22 2021 Jayashree Huttanagoudar - 1:1.8.0.312.b07-4 - Fixed warnings for bogus date and macro expansion in comment line. * Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-3 - added and enabled nss.cfg (source11: nss.cfg.in + patch1000: rh1648249-add_commented_out_nss_cfg_provider_to_java_security.patch) - added and enabled fips patches and nss.fips.cfg - added and enabled source15: TestSecurityProperties.java test - enabled patch534: rh1648246-always_instruct_vm_to_assume_multiple_processors_are_available.patch - enabled patch539: pr2888-openjdk_should_check_for_system_cacerts_database_eg_etc_pki_java_cacerts.patch - source17: nss.fips.cfg.in,patch1001: rh1655466-global_crypto_and_fips.patch patch1001: rh1655466-global_crypto_and_fips.patch patch1002: rh1818909-fips_default_keystore_type.patch patch1004: rh1860986-disable_tlsv1.3_in_fips_mode.patch patch1005: rh1915071-always_initialise_configurator_access.patch patch1006: rh1929465-improve_system_FIPS_detection-root.patch patch1007: rh1929465-improve_system_FIPS_detection-jdk.patch patch1008: rh1996182-login_to_nss_software_token.patch patch1011: rh1991003-enable_fips_keys_import.patch patch580: jdk8195607-pr3776-rh1760437-nss_sqlite_db_config.patch - Disable FIPS mode detection using NSS in favour of using /proc/sys/crypto/fips_enabled for now, so we don't link against NSS -- effectively disabled Patch1008: rh1929465-improve_system_FIPS_detection.patch by settng --enable-sysconf-nss to --disable-sysconf-nss -- the enable-sysconf-nss was bringing in hard depndence on nss. Without nss, even in non fips, jvm had not even started - introduced ssbd_arches to have properly tested alt-java -- added forgotten test for alt-java - removed bad redeclaration of fastdebug_arches - made TestECDSA non fatal, started to fail. Locally passed. TODO, fix * Mon Oct 25 2021 Jiri Vanek - 1:1.8.0.312.b07-2 - cacerts symlink is resolved before passed to configure - https://issues.redhat.com/browse/OPENJDK-487 * Fri Oct 15 2021 Andrew Hughes - 1:1.8.0.312.b07-1 - Update to aarch64-shenandoah-jdk8u312-b07 (EA) - Update release notes for 8u312-b07. - Switch to GA mode for final release. - This tarball is embargoed until 2021-10-19 @ 1pm PT. - Resolves: rhbz#2011826 * Mon Oct 04 2021 Jiri Vanek - 1:1.8.0.302.b08-2 - fixed bugzilla component. It was pointing to java-x-vendor-portable due to recent rename * Mon Aug 16 2021 Jiri Vanek - 1:1.8.0.302.b08-1 - renamed to java-1.8.0-openjdk-portable - adapted pacakges to not contain double portbale in name * Fri Jul 16 2021 Andrew Hughes - 1:1.8.0.302.b08-0 - Update to aarch64-shenandoah-jdk8u302-b08 (EA) - Update release notes for 8u302-b08. - Switch to GA mode for final release. - This tarball is embargoed until 2021-07-20 @ 1pm PT. - added forgotten patch107 s390-8214206_fix.patch * Thu Jul 01 2021 Jiri Vanek - 1:1.8.0.302.b03-0.1.ea - returned two wrongly removed patches - returned and applied patch541 rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch - returned and applied patch12 jdk8186464-rh1433262-zip64_failure.patch * Sun Jun 27 2021 Andrew Hughes - 1:1.8.0.302.b03-0.0.ea - Update to aarch64-shenandoah-jdk8u302-b03 (EA) - Update release notes for 8u302-b03. - Resolves: rhbz#1967812 * Fri Apr 09 2021 Andrew Hughes - 1:1.8.0.292.b10-1 - Add CVE numbers. - Require tzdata 2021a due to JDK-8260356 - Resolves: rhbz#1938201 * Thu Apr 08 2021 Andrew Hughes - 1:1.8.0.292.b10-0 - Update to aarch64-shenandoah-jdk8u292-b10 (GA) - Update release notes for 8u292-b10. - This tarball is embargoed until 2021-04-20 @ 1pm PT. - Resolves: rhbz#1938201 * Thu Apr 08 2021 Stephan Bergmann - 1:1.8.0.292.b10-0 - Hardcode /usr/sbin/alternatives for Flatpak builds - Resolves: rhbz#1967813 * Tue Mar 30 2021 Andrew Hughes - 1:1.8.0.292.b09-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b09 (EA) - Update release notes for 8u292-b09. - Resolves: rhbz#1938081 * Sat Mar 27 2021 Andrew Hughes - 1:1.8.0.292.b08-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b08 (EA) - Update release notes for 8u292-b08. - Resolves: rhbz#1938081 * Thu Mar 25 2021 Andrew Hughes - 1:1.8.0.292.b07-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b07 (EA) - Update release notes for 8u292-b07. - Resolves: rhbz#1938081 * Mon Mar 22 2021 Andrew Hughes - 1:1.8.0.292.b06-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b06 (EA) - Update release notes for 8u292-b06. - Require tzdata 2020f due to JDK-8259048 - Resolves: rhbz#1938081 * Mon Mar 15 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b05-0.1.ea - Remove patch s390-8214206_fix.patch as portable is not built for s390. * Mon Mar 15 2021 Andrew Hughes - 1:1.8.0.292.b05-0.1.ea - Update to aarch64-shenandoah-jdk8u292-b05-shenandoah-merge-2021-03-11 (EA). - Update release notes for 8u292-b05-shenandoah-merge-2021-03-11. * Mon Mar 08 2021 Andrew Hughes - 1:1.8.0.292.b05-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b05 (EA) - Update release notes for 8u292-b05. * Fri Mar 05 2021 Andrew Hughes - 1:1.8.0.292.b04-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b04 (EA) - Update release notes for 8u292-b04. * Thu Mar 04 2021 Andrew Hughes - 1:1.8.0.292.b03-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b03 (EA) - Update release notes for 8u292-b03. * Tue Mar 02 2021 Andrew Hughes - 1:1.8.0.292.b02-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b02 (EA) - Update release notes for 8u292-b02. * Fri Feb 12 2021 Jayashree Huttanagoudar - 1:1.8.0.292.b01-0.0.ea - Update tzdata-java from 2020b to 2021a * Fri Feb 12 2021 Andrew Hughes - 1:1.8.0.292.b01-0.0.ea - Update to aarch64-shenandoah-jdk8u292-b01 (EA) - Update release notes for 8u292-b01. - Switch to EA mode. * Thu Feb 4 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-4 - Changes to generate sha256sum for each linux-portable build artifacts inside RPM * Mon Jan 25 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-3 - Cleanup package summary for fastdebug and slowdebug. - Resolves: rhbz#1908963 * Mon Jan 25 2021 Andrew Hughes - 1:1.8.0.282.b08-2 - Cleanup package descriptions and version number placement. - Resolves: rhbz#1908963 * Mon Jan 18 2021 Jayashree Huttanagoudar - 1:1.8.0.282.b08-1 - Fix to address the extra src.zip bundled inside jdk tarball. * Sat Jan 16 2021 Andrew Hughes - 1:1.8.0.282.b08-0 - Update to aarch64-shenandoah-jdk8u282-b08 (GA) - Update release notes for 8u282-b08. - This tarball is embargoed until 2021-01-19 @ 1pm PT. - Resolves: rhbz#1908963 * Fri Jan 15 2021 Andrew Hughes - 1:1.8.0.282.b07-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b07 (EA) - Update release notes for 8u282-b07. - Fix placement issue in release notes, caught by comparing with vanilla version. - Resolves: rhbz#1903904 * Wed Jan 13 2021 Andrew Hughes - 1:1.8.0.282.b06-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b06 (EA) - Update release notes for 8u282-b06. - Resolves: rhbz#1903903 * Mon Jan 11 2021 Andrew Hughes - 1:1.8.0.282.b05-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b05 (EA) - Update release notes for 8u282-b05 and make some minor corrections. - Resolves: rhbz#1903903 * Fri Jan 08 2021 Jiri Vanek - 1:1.8.0.282.b04-0.1.ea - added patch600, rh1750419-redhat_alt_java.patch - Replaced alt-java palceholder by real pathced alt-java - remove patch529 rh1566890-CVE_2018_3639-speculative_store_bypass.patch - remove patch531 rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch - both suprassed by new patch - Resolves: rhbz#1750419 * Wed Jan 06 2021 Andrew Hughes - 1:1.8.0.282.b04-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b04 (EA) - Update release notes for 8u282-b04. - Remove upstreamed patch PR3519 - Resolves: rhbz#1903903 * Sat Jan 02 2021 Andrew Hughes - 1:1.8.0.282.b03-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b03 (EA) - Update release notes for 8u282-b03. - Resolves: rhbz#1903903 * Wed Dec 23 2020 Andrew Hughes - 1:1.8.0.282.b02-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b02 (EA) - Resolves: rhbz#1903903 * Tue Dec 22 2020 Jayashree Huttanagoudar - 1:1.8.0.282.b01-0.0.ea - Remove upstreamed JDK-8252395 & JDK-8252975. * Tue Dec 22 2020 Andrew Hughes - 1:1.8.0.282.b01-0.0.ea - Update to aarch64-shenandoah-jdk8u282-b01 (EA) - Update release notes for 8u282-b01. - Switch to EA mode. - Require tzdata 2020b due to resource changes in JDK-8254177 - Remove PR3601, covered upstream by JDK-8062808. - Remove upstreamed JDK-8197981/PR3548, JDK-8062808/PR3548, JDK-8254177 & JDK-8215727. - Resolves: rhbz#1903903 * Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-3 - Included patch to handle '--without fastdebug' option to mockbuild * Wed Dec 09 2020 Jayashree Huttanagoudar - 1:1.8.0.275.b01-2 - Align fastdebug/slowdebug changes with upstream rhel-8.4.0 spec * Tue Dec 01 2020 Jiri Vanek - 1:1.8.0.275.b01-1 - added br of listdc++-static - removed patch998 rh1649731-allow_to_build_on_rhel6_with_stdcpplib_autotools_2_63.patch - removed patch999 gcc-4.4.7-x86-32-siphash64.patch - initial on-el7 build (more tuning expected) * Fri Nov 06 2020 Andrew Hughes - 1:1.8.0.275.b01-0 - Update to aarch64-shenandoah-jdk8u275-b01 (GA) - Update release notes for 8u275. - Resolves: rhbz#1895062 * Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-3 - Add backport of JDK-8215727: "Restore JFR thread sampler loop to old / previous behaviour" - Resolves: rhbz#1876665 * Wed Oct 21 2020 Andrew Hughes - 1:1.8.0.272.b10-2 - Remove the 64-bit siphash test which fails to compile on x86-32 debug builds with gcc 4.4.7 in RHEL 6 - Resolves: rhbz#1876665 * Tue Oct 20 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b10-1 - Added patch to apply tzdata 2020b * Sat Oct 17 2020 Andrew Hughes - 1:1.8.0.272.b10-0 - Update to aarch64-shenandoah-jdk8u272-b10. - Switch to GA mode for final release. - Update release notes for 8u272 release. - Add backport of JDK-8254177 to update to tzdata 2020b - Require tzdata 2020b due to resource changes in JDK-8254177 - Delay tzdata 2020b dependency until tzdata update has shipped. - Adjust JDK-8062808/PR3548 following constantPool.hpp context change in JDK-8243302 - Adjust PR3593 following g1StringDedupTable.cpp context change in JDK-8240124 & JDK-8244955 - This tarball is embargoed until 2020-10-20 @ 1pm PT. - Resolves: rhbz#1876665 * Thu Oct 15 2020 Andrew Hughes - 1:1.8.0.272.b09-0.1.ea - Include a test in the RPM to check the build has the correct vendor information. - Use 'oj_' prefix on new vendor globals to avoid a conflict with RPM's vendor value. - Improve quoting of vendor name - Resolves: rhbz#1876665 * Thu Oct 15 2020 Jiri Vanek - 1:1.8.0.272.b09-0.1.ea - Set vendor property and vendor URLs - Made URLs to be preconfigured by OS - Resolves: rhbz#1876665 * Wed Oct 14 2020 Andrew Hughes - 1:1.8.0.272.b09-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b09 (EA). - Resolves: rhbz#1876665 * Tue Oct 13 2020 Andrew Hughes - 1:1.8.0.272.b08-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b08 (EA). - Resolves: rhbz#1876665 * Mon Oct 12 2020 Andrew Hughes - 1:1.8.0.272.b07-0.5.ea - Enable JFR on x86, now we have JDK-8252096: Shenandoah: adjust SerialPageShiftCount for x86_32 and JFR - Resolves: rhbz#1876665 * Wed Sep 23 2020 Andrew Hughes - 1:1.8.0.272.b07-0.4.ea - Re-organise S/390 patches for upstream submission, separating 8u upstream from Shenandoah fixes. - Add new formatting case found in memprofiler.cpp on debug builds to PR3593 patch. * Wed Sep 23 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.3.ea - Placed upstream patches JDK-8252395 and JDK-8252975 under separate section - So that these patches can be dropped easily once they are available in 8u282 GA release * Thu Sep 17 2020 Jayashree Huttanagoudar - 1:1.8.0.272.b07-0.2.ea - Added upstream patches for JDK-8252395 and JDK-8252975 - JDK-8252395: To ensure debuginfo files get properly copied to the images directory - JDK-8252975: Is to fix the build failure due to JDK-8252395 * Tue Sep 08 2020 Andrew Hughes - 1:1.8.0.272.b07-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b07. * Thu Sep 03 2020 Andrew Hughes - 1:1.8.0.272.b06-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b06. * Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea - Add additional s390 log2_intptr case in shenandoahUtils.cpp introduced by JDK-8245464 * Wed Sep 02 2020 Andrew Hughes - 1:1.8.0.272.b05-0.1.ea - Update to aarch64-shenandoah-jdk8u272-b05-shenandoah-merge-2020-08-28. * Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea - Add additional s390 size_t case in g1ConcurrentMarkObjArrayProcessor.cpp introduced by JDK-8057003 * Thu Aug 27 2020 Andrew Hughes - 1:1.8.0.272.b05-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b05. - Fix context in JDK-8186464/RH1433262 patch, following JDK-8078334 @randomness tag addition. * Wed Aug 19 2020 Andrew Hughes - 1:1.8.0.272.b04-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b04. * Mon Aug 17 2020 Andrew Hughes - 1:1.8.0.272.b03-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b03. * Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea - Change target from 'zip-docs' to 'docs-zip', which is the naming used upstream. * Sun Aug 09 2020 Andrew Hughes - 1:1.8.0.272.b02-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b02. - Remove JDK-8154313 backport now applied upstream. * Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea - JFR must now be explicitly disabled when unwanted (e.g. x86), following switch of upstream default. * Sat Aug 01 2020 Andrew Hughes - 1:1.8.0.272.b01-0.0.ea - Update to aarch64-shenandoah-jdk8u272-b01. - Switch to EA mode. - Remove ZipConstants change from JDK-8186464 backport, now provided upstream by JDK-8075774 * Mon Jul 27 2020 Andrew Hughes - 1:1.8.0.265.b01-0 - Update to aarch64-shenandoah-jdk8u265-b01. - Update release notes for 8u265 release. - Resolves: rhbz#1860453 * Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 - Introduce jfr_arches for architectures which support JFR. - Resolves: rhbz#1838811 * Sun Jul 12 2020 Andrew Hughes - 1:1.8.0.262.b10-0 - Update to aarch64-shenandoah-jdk8u262-b10. - Switch to GA mode for final release. - Update release notes for 8u262 release. - Fix typo in jfr_arches which leads to ppc64 being wrongly excluded. - Split JDK-8042159 patch into per-repo patches as upstream. - Update JDK-8042159 JDK patch to apply after JDK-8238002 changes to Awt2dLibraries.gmk - Resolves: rhbz#1838811 * Sat Jul 11 2020 Andrew Hughes - 1:1.8.0.262.b09-0.3.ea - Restructure the build so a minimal initial build is then used for the final build (with docs) - This reduces pressure on the system JDK and ensures the JDK being built can do a full build - Resolves: rhbz#1838811 * Fri Jul 10 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea - Update to aarch64-shenandoah-jdk8u262-b09-shenandoah-merge-2020-07-03 - Resolves: rhbz#1838811 * Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.2.ea - Sync alt-java support with java-11-openjdk version. - Resolves: rhbz#1838811 * Wed Jul 08 2020 Jiri Vanek - 1:1.8.0.262.b09-0.2.ea - Created copy of java as alt-java and adapted alternatives and man pages - Resolves: rhbz#1838811 * Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b09-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b09. - Resolves: rhbz#1838811 * Wed Jul 08 2020 Andrew Hughes - 1:1.8.0.262.b08-0.3.ea - Update to aarch64-shenandoah-jdk8u262-b08. - Resolves: rhbz#1838811 * Tue Jul 07 2020 Andrew Hughes - 1:1.8.0.262.b07-0.2.ea - Update to aarch64-shenandoah-jdk8u262-b07-shenandoah-merge-2020-06-18. - Resolves: rhbz#1838811 * Fri Jul 03 2020 Andrew Hughes - 1:1.8.0.262.b07-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b07. - Require tzdata 2020a so system tzdata matches resource updates in b07 - Resolves: rhbz#1838811 * Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b06-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b06. - Resolves: rhbz#1838811 * Mon Jun 08 2020 Jayashree Huttanagoudar - 1:1.8.0.262.b05-0.4.ea - Removed patch jdk8243541-rh1838229-tzdata2020a.patch - Portabel builds use upstream tzddb.dat, and we expect it to be synced with jdk code * Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.4.ea - Backport JDK-8186464 so ZIP64 archives < 4GB can be read. - Resolves: rhbz#1433262 * Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.3.ea - Update to aarch64-shenandoah-jdk8u262-b05-shenandoah-merge-2020-06-04. - Resolves: rhbz#1838811 * Mon Jun 08 2020 Andrew Hughes - 1:1.8.0.262.b05-0.2.ea - Backport JDK-8243541 & require tzdata 2020a as latest tzdata package needs resource updates - Resolves: rhbz#1838229 * Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b05-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b05. - Remove backports of JDK-8227269 & JDK-8241750 included upstream in 8u262-b05. - Resolves: rhbz#1838811 * Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b04-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b04. - Resolves: rhbz#1838811 * Sun Jun 07 2020 Andrew Hughes - 1:1.8.0.262.b03-0.2.ea - Update to aarch64-shenandoah-jdk8u262-b03-shenandoah-merge-2020-05-20. - Resolves: rhbz#1838811 * Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b03-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b03. - Resolves: rhbz#1838811 * Sat Jun 06 2020 Andrew Hughes - 1:1.8.0.262.b02-0.2.ea - Enable JFR in our builds, ahead of upstream default. - Only enable JFR for JIT builds, as it is not supported with Zero. - Turn off JFR on x86 for now due to assert(SerializePageShiftCount == count) crash. - Resolves: rhbz#1838811 * Wed Jun 03 2020 Andrew Hughes - 1:1.8.0.262.b02-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b02. - Resolves: rhbz#1838811 * Sun May 24 2020 Andrew Hughes - 1:1.8.0.262.b01-0.1.ea - Update to aarch64-shenandoah-jdk8u262-b01. - Switch to EA mode. - Adjust JDK-8143245/PR3548 patch following context changes due to JDK-8203287 for JFR * Sat May 23 2020 Andrew John Hughes - 1:1.8.0.252.b09-4 - Add backports of JDK-8227269 & JDK-8241750 to resolve slow class loading with JDWP enabled. - Resolves: rhbz#1751985 * Tue Apr 14 2020 Andrew Hughes - 1:1.8.0.252.b09-2 - Add release notes. - Resolves: rhbz#1810557 * Sun Apr 12 2020 Andrew Hughes - 1:1.8.0.252.b09-1 - Make use of --with-extra-asflags introduced in jdk8u252-b01. - Resolves: rhbz#1810557 * Mon Apr 06 2020 Andrew Hughes - 1:1.8.0.252.b09-0 - Update to aarch64-shenandoah-jdk8u252-b09. - Switch to GA mode for final release. - Resolves: rhbz#1810557 * Fri Mar 27 2020 Andrew Hughes - 1:1.8.0.252.b08-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b08. - Resolves: rhbz#1810557 * Tue Mar 24 2020 Andrew Hughes - 1:1.8.0.252.b07-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b07. - Resolves: rhbz#1810557 * Mon Mar 16 2020 Andrew Hughes - 1:1.8.0.252.b06-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b06. - Resolves: rhbz#1810557 * Fri Feb 28 2020 Andrew Hughes - 1:1.8.0.252.b05-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b05. - Resolves: rhbz#1810557 * Mon Feb 24 2020 Andrew Hughes - 1:1.8.0.252.b04-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b04. - Resolves: rhbz#1810557 * Wed Feb 19 2020 Andrew Hughes - 1:1.8.0.252.b03-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b03. - Adjust PR2974/RH1337583 & PR3083/RH1346460 following context changes in JDK-8230978 - Resolves: rhbz#1810557 * Tue Feb 04 2020 Andrew Hughes - 1:1.8.0.252.b02-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b02. - Resolves: rhbz#1810557 * Mon Jan 27 2020 Andrew Hughes - 1:1.8.0.252.b01-0.0.ea - Update to aarch64-shenandoah-jdk8u252-b01. - Switch to EA mode. - Adjust JDK-8199936/PR3533 patch following JDK-8227397 configure change - Resolves: rhbz#1810557 * Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-3 - get rid of openjdkportable in favour of el * Tue Jan 21 2020 Jiri Vanek - 1:1.8.0.242.b08-2 - renamed static to more accurate portable * Wed Jan 15 2020 Jiri Vanek - 1:1.8.0.242.b08-1 - sync with rhel 8.1 * Tue Oct 15 2019 Jiri Vanek - 1:1.8.0.232.b09-0 - Update to aarch64-shenandoah-jdk8u232-b09. - Switch to GA mode for final release. - Remove PR1834/RH1022017 which is now handled by JDK-8228825 upstream. * Mon Oct 07 2019 Jiri Vanek - 1:1.8.0.232.b01-0.0.ea - Update to aarch64-shenandoah-jdk8u232-b01. - Switch to EA mode. - Drop JDK-8210761/RH1632174 as now upstream. - Drop JDK-8223219 as now upstream. * Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-4 - for release, build debugsymbols to special archive * Tue Jul 23 2019 Jiri Vanek - 1:1.8.0.222.b10-3 - filtered out -g from extra flags * Thu Jul 11 2019 Andrew Hughes - 1:1.8.0.222.b10-1 - Update to aarch64-shenandoah-jdk8u222-b10. - Resolves: rhbz#1724452 * Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 - Use normal_suffix for Javadoc zip filename to copy, as there is is no debug version. - Resolves: rhbz#1724452 * Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-2 - Provide Javadoc debug subpackages for now, but populate them from the normal build. - Resolves: rhbz#1724452 * Mon Jul 08 2019 Andrew Hughes - 1:1.8.0.222.b09-1 - Update to aarch64-shenandoah-jdk8u222-b09. - Switch to GA mode for final release. - Resolves: rhbz#1724452 * Tue Jul 02 2019 Andrew Hughes - 1:1.8.0.222.b08-0.1.ea - Update to aarch64-shenandoah-jdk8u222-b08. - Adjust PR3083/RH134640 to apply after JDK-8182999 - Resolves: rhbz#1724452 * Tue Jul 02 2019 Severin Gehwolf - 1:1.8.0.222.b07-0.3.ea - Include 'ea' designator in Release when appropriate. - Resolves: rhbz#1724452 * Wed Jun 26 2019 Severin Gehwolf - 1:1.8.0.222.b07-2 - Don't produce javadoc/javadoc-zip sub packages for the debug variant build. - Don't perform a bootcycle build for the debug variant build. - Resolves: rhbz#1724452 * Tue Jun 25 2019 Andrew Hughes - 1:1.8.0.222.b07-1 - Update to aarch64-shenandoah-jdk8u222-b07 and Shenandoah merge 2019-06-13. - Resolves: rhbz#1724452 * Fri Jun 14 2019 Andrew Hughes - 1:1.8.0.222.b06-1 - Update to aarch64-shenandoah-jdk8u222-b06. - Resolves: rhbz#1724452 * Thu Jun 06 2019 Andrew Hughes - 1:1.8.0.222.b05-1 - Update to aarch64-shenandoah-jdk8u222-b05. - Resolves: rhbz#1724452 * Sat May 25 2019 Andrew Hughes - 1:1.8.0.222.b04-1 - Update to aarch64-shenandoah-jdk8u222-b04. - Drop remaining JDK-8210425/RH1632174 patch now AArch64 part is upstream. - Resolves: rhbz#1705328 * Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 - Handle milestone as variables so we can alter it easily and set the docs zip filename appropriately. - Drop unused use_shenandoah_hotspot variable. - Resolves: rhbz#1705328 * Wed May 22 2019 Andrew Hughes - 1:1.8.0.222.b03-1 - Update to aarch64-shenandoah-jdk8u222-b03. - Set milestone to "ea" as this is not the final release. - Drop 8210425 patches applied upstream. Still need to add AArch64 version in aarch64/shenandoah-jdk8u. - Re-generate JDK-8141570 & JDK-8143245 patches due to 8210425 zeroshark.make changes. - Resolves: rhbz#1705328 * Mon May 13 2019 Andrew Hughes - 1:1.8.0.222.b02-1 - Update to aarch64-shenandoah-jdk8u222-b02. - Drop 8064786/PR3599 & 8210416/RH1632174 as applied upstream (8064786 silently in 8176100). - Resolves: rhbz#1705328 * Thu May 02 2019 Andrew Hughes - 1:1.8.0.222.b01-1 - Update to aarch64-shenandoah-jdk8u222-b01. - Refactor PR2888 after inclusion of 8129988 upstream. Now includes PR3575. - Drop 8171000, 8197546 & PR3634 as applied upstream. - Adjust 8214206 fix for S390 as BinaryMagnitudeSeq moved to shenandoahNumberSeq.cpp - Resolves: rhbz#1705328 * Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b04-1 - Update to aarch64-shenandoah-jdk8u212-b04. - Resolves: rhbz#1693468 * Thu Apr 11 2019 Andrew Hughes - 1:1.8.0.212.b03-0 - Update to aarch64-shenandoah-jdk8u212-b03. - Resolves: rhbz#1693468 * Tue Apr 09 2019 Andrew Hughes - 1:1.8.0.212.b02-0 - Update to aarch64-shenandoah-jdk8u212-b02. - Remove patches included upstream - JDK-8197429/PR3546/RH153662{2,3} - JDK-8184309/PR3596 - Re-generate patches - JDK-8203030 - Add casts to resolve s390 ambiguity in calls to log2_intptr - Resolves: rhbz#1693468 * Sun Apr 07 2019 Andrew Hughes - 1:1.8.0.202.b08-0 - Update to aarch64-shenandoah-jdk8u202-b08. - Remove patches included upstream - JDK-8211387/PR3559 - JDK-8073139/PR1758/RH1191652 - JDK-8044235 - JDK-8131048/PR3574/RH1498936 - JDK-8164920/PR3574/RH1498936 - Resolves: rhbz#1693468 * Thu Apr 04 2019 Andrew Hughes - 1:1.8.0.201.b13-0 - Update to aarch64-shenandoah-jdk8u201-b13. - Drop JDK-8160748 & JDK-8189170 AArch64 patches now applied upstream. - Resolves: rhbz#1693468 * Tue Apr 02 2019 Severin Gehwolf - 1:1.8.0.201.b09-3 - Update patch for RH1566890. - Renamed rh1566890_speculative_store_bypass_so_added_more_per_task_speculation_control_CVE_2018_3639 to rh1566890-CVE_2018_3639-speculative_store_bypass.patch - Added dependent patch, rh1566890-CVE_2018_3639-speculative_store_bypass_toggle.patch - Resolves: rhbz#1693468 * Tue Mar 12 2019 Jiri Vanek - 1:1.8.0.201.b09-2 - name adapted to current tag * Thu Feb 28 2019 Jiri Vanek jvanek@redhat.com - 1:1.8.0.201.b09-2 - Replaced pcsc-lite-devel (which is in optional channel) with pcsc-lite-libs. - added rh1684077-openjdk_should_depend_on_pcsc-lite-libs_instead_of_pcsc-lite-devel.patch to make jdk work with pcsc * Tue Feb 26 2019 Jiri Vanek - 1:1.8.0.201.b09-0 - cripled rpms original specto roduce only portable build - Resolves: rhbz#1661577