8005355: build-infra: Java security signing (need a top-level make target)
Reviewed-by: tbell, ohair
This commit is contained in:
Erik Joelsson
parent
e781e203bf
commit
55ba91ee3e
@ -97,6 +97,9 @@ overlay-images:
|
||||
+$(MAKE) -f CompileLaunchers.gmk OVERLAY_IMAGES=true
|
||||
+$(MAKE) -f Images.gmk overlay-images
|
||||
|
||||
sign-jars:
|
||||
+$(MAKE) -f SignJars.gmk
|
||||
|
||||
BINARIES:=$(notdir $(wildcard $(IMAGES_OUTPUTDIR)/j2sdk-image/bin/*))
|
||||
INSTALLDIR:=openjdk-$(RELEASE)
|
||||
|
||||
|
||||
@ -42,8 +42,7 @@ EXCLUDES += com/sun/pept \
|
||||
com/sun/tools/example/trace\
|
||||
com/sun/tools/example/debug/bdi\
|
||||
com/sun/tools/example/debug/event\
|
||||
com/sun/tools/example/debug/gui \
|
||||
com/oracle/security
|
||||
com/sun/tools/example/debug/gui
|
||||
|
||||
ifdef OPENJDK
|
||||
EXCLUDES+= sun/dc \
|
||||
@ -86,6 +85,8 @@ ifneq ($(OPENJDK_TARGET_OS),solaris)
|
||||
sun/nio/ch/SolarisEventPort.java \
|
||||
sun/tools/attach/SolarisAttachProvider.java \
|
||||
sun/tools/attach/SolarisVirtualMachine.java
|
||||
|
||||
EXCLUDES += com/oracle/security
|
||||
endif
|
||||
|
||||
# In the old build, this isn't excluded on macosx, even though it probably
|
||||
|
||||
@ -129,6 +129,7 @@ JARS+=$(IMAGES_OUTPUTDIR)/lib/ext/localedata.jar
|
||||
|
||||
# Exclude list for rt.jar and resources.jar
|
||||
RT_JAR_EXCLUDES := \
|
||||
com/oracle/security \
|
||||
com/sun/javadoc \
|
||||
com/sun/jdi \
|
||||
com/sun/jarsigner \
|
||||
@ -440,60 +441,61 @@ $(JCE_MANIFEST): $(MAINMANIFEST)
|
||||
$(MV) $@.tmp $@
|
||||
|
||||
##########################################################################################
|
||||
# For all security jars, always build the jar, but for closed, install the prebuilt signed
|
||||
# version instead of the newly built jar. For open, signing is not needed. See SignJars.gmk
|
||||
# for more information.
|
||||
|
||||
SUNPKCS11_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunpkcs11.jar
|
||||
SUNPKCS11_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunpkcs11.jar
|
||||
|
||||
ifndef OPENJDK
|
||||
|
||||
SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar
|
||||
|
||||
$(SUNPKCS11_JAR_DST) : $(SUNPKCS11_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..."
|
||||
$(install-file)
|
||||
|
||||
else
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR,,\
|
||||
$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR,,\
|
||||
SRCS:=$(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES:=.class,\
|
||||
INCLUDES:=sun/security/pkcs11,\
|
||||
JAR:=$(SUNPKCS11_JAR_DST), \
|
||||
JAR:=$(SUNPKCS11_JAR_UNSIGNED), \
|
||||
MANIFEST:=$(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNPKCS11_JAR_DST): $(JCE_MANIFEST)
|
||||
$(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar
|
||||
$(SUNPKCS11_JAR_DST) : $(SUNPKCS11_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNPKCS11_JAR_DST) : $(SUNPKCS11_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNPKCS11_JAR_DST)
|
||||
JARS += $(SUNPKCS11_JAR_DST) $(SUNPKCS11_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
SUNEC_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunec.jar
|
||||
SUNEC_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunec.jar
|
||||
|
||||
ifndef OPENJDK
|
||||
|
||||
SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar
|
||||
|
||||
$(SUNEC_JAR_DST) : $(SUNEC_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..."
|
||||
$(install-file)
|
||||
|
||||
else
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNEC_JAR,,\
|
||||
$(eval $(call SetupArchive,BUILD_SUNEC_JAR,,\
|
||||
SRCS:=$(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES:=.class,\
|
||||
INCLUDES:=sun/security/ec,\
|
||||
JAR:=$(SUNEC_JAR_DST), \
|
||||
JAR:=$(SUNEC_JAR_UNSIGNED), \
|
||||
MANIFEST:=$(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNEC_JAR_DST): $(JCE_MANIFEST)
|
||||
$(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar
|
||||
$(SUNEC_JAR_DST) : $(SUNEC_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNEC_JAR_DST) : $(SUNEC_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNEC_JAR_DST)
|
||||
JARS += $(SUNEC_JAR_DST) $(SUNEC_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
@ -511,162 +513,163 @@ JARS+=$(IMAGES_OUTPUTDIR)/lib/dt.jar
|
||||
##########################################################################################
|
||||
|
||||
SUNJCE_PROVIDER_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunjce_provider.jar
|
||||
SUNJCE_PROVIDER_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunjce_provider.jar
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar
|
||||
|
||||
$(SUNJCE_PROVIDER_JAR_DST) : $(SUNJCE_PROVIDER_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..."
|
||||
$(install-file)
|
||||
|
||||
else
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR,,\
|
||||
$(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR,,\
|
||||
SRCS:=$(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES:=.class,\
|
||||
INCLUDES:= com/sun/crypto/provider,\
|
||||
JAR:=$(SUNJCE_PROVIDER_JAR_DST), \
|
||||
JAR:=$(SUNJCE_PROVIDER_JAR_UNSIGNED), \
|
||||
MANIFEST:=$(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNJCE_PROVIDER_JAR_DST): $(JCE_MANIFEST)
|
||||
|
||||
endif
|
||||
|
||||
JARS += $(SUNJCE_PROVIDER_JAR_DST)
|
||||
|
||||
JCE_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/jce.jar
|
||||
$(SUNJCE_PROVIDER_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
|
||||
JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
|
||||
|
||||
$(JCE_JAR_DST) : $(JCE_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..."
|
||||
SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar
|
||||
$(SUNJCE_PROVIDER_JAR_DST) : $(SUNJCE_PROVIDER_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..."
|
||||
$(install-file)
|
||||
|
||||
else
|
||||
$(SUNJCE_PROVIDER_JAR_DST) : $(SUNJCE_PROVIDER_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_JCE_JAR,,\
|
||||
JARS += $(SUNJCE_PROVIDER_JAR_DST) $(SUNJCE_PROVIDER_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
JCE_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/jce.jar
|
||||
JCE_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/jce.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_JCE_JAR,,\
|
||||
SRCS:=$(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES:=.class,\
|
||||
INCLUDES:= javax/crypto sun/security/internal,\
|
||||
JAR:=$(JCE_JAR_DST), \
|
||||
JAR:=$(JCE_JAR_UNSIGNED), \
|
||||
MANIFEST:=$(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(JCE_JAR_DST): $(JCE_MANIFEST)
|
||||
$(JCE_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
|
||||
$(JCE_JAR_DST) : $(JCE_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..."
|
||||
$(install-file)
|
||||
else
|
||||
$(JCE_JAR_DST) : $(JCE_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(JCE_JAR_DST)
|
||||
JARS += $(JCE_JAR_DST) $(JCE_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
US_EXPORT_POLICY_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/security/US_export_policy.jar
|
||||
US_EXPORT_POLICY_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/US_export_policy.jar
|
||||
|
||||
ifndef OPENJDK
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
# NOTE: We currently do not place restrictions on our limited export
|
||||
# policy. This was not a typo.
|
||||
#
|
||||
US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
US_EXPORT_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/US_export_policy_jar.tmp
|
||||
|
||||
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(US_EXPORT_POLICY_JAR_TMP)/% : $(US_EXPORT_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
else
|
||||
US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
|
||||
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
# NOTE: We currently do not place restrictions on our limited export
|
||||
# policy. This was not a typo.
|
||||
#
|
||||
US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
US_EXPORT_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/US_export_policy_jar.tmp
|
||||
|
||||
$(US_EXPORT_POLICY_JAR_TMP)/% : $(US_EXPORT_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR,$(US_EXPORT_POLICY_JAR_DEPS),\
|
||||
$(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR,$(US_EXPORT_POLICY_JAR_DEPS),\
|
||||
SRCS:=$(US_EXPORT_POLICY_JAR_TMP), \
|
||||
SUFFIXES:= .policy,\
|
||||
JAR:=$(US_EXPORT_POLICY_JAR_DST), \
|
||||
JAR:=$(US_EXPORT_POLICY_JAR_UNSIGNED), \
|
||||
EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
ifndef OPENJDK
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
else
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(US_EXPORT_POLICY_JAR_DST)
|
||||
JARS += $(US_EXPORT_POLICY_JAR_DST) $(US_EXPORT_POLICY_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
LOCAL_POLICY_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/security/local_policy.jar
|
||||
LOCAL_POLICY_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/local_policy.jar
|
||||
|
||||
ifndef OPENJDK
|
||||
|
||||
$(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
LOCAL_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/local_policy_jar.tmp
|
||||
|
||||
ifeq ($(UNLIMITED_CRYPTO), true)
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited
|
||||
else
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/limited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \
|
||||
$(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited
|
||||
endif
|
||||
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
LOCAL_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/local_policy_jar.tmp
|
||||
|
||||
ifeq ($(UNLIMITED_CRYPTO), true)
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited
|
||||
else
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/limited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \
|
||||
$(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited
|
||||
endif
|
||||
|
||||
$(LOCAL_POLICY_JAR_TMP)/% : $(LOCAL_POLICY_JAR_SRC_DIR)/%
|
||||
$(LOCAL_POLICY_JAR_TMP)/% : $(LOCAL_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR,$(LOCAL_POLICY_JAR_DEPS),\
|
||||
$(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR,$(LOCAL_POLICY_JAR_DEPS),\
|
||||
SRCS:=$(LOCAL_POLICY_JAR_TMP),\
|
||||
SUFFIXES:= .policy,\
|
||||
JAR:=$(LOCAL_POLICY_JAR_DST), \
|
||||
JAR:=$(LOCAL_POLICY_JAR_UNSIGNED), \
|
||||
EXTRA_MANIFEST_ATTR := $(LOCAL_POLICY_JAR_ATTR), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
ifndef OPENJDK
|
||||
$(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
else
|
||||
$(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(LOCAL_POLICY_JAR_DST)
|
||||
JARS += $(LOCAL_POLICY_JAR_DST) $(LOCAL_POLICY_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
ifeq ($(OPENJDK_TARGET_OS),windows)
|
||||
|
||||
SUNMSCAPI_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunmscapi.jar
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar
|
||||
|
||||
$(SUNMSCAPI_JAR_DST) : $(SUNMSCAPI_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..."
|
||||
$(install-file)
|
||||
|
||||
else
|
||||
SUNMSCAPI_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunmscapi.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNMSCAPI_JAR,,\
|
||||
SRCS:=$(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES:=.class,\
|
||||
INCLUDES:= sun/security/mscapi,\
|
||||
JAR:=$(SUNMSCAPI_JAR_DST), \
|
||||
JAR:=$(SUNMSCAPI_JAR_UNSIGNED), \
|
||||
SKIP_METAINF:=true))
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar
|
||||
$(SUNMSCAPI_JAR_DST) : $(SUNMSCAPI_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNMSCAPI_JAR_DST) : $(SUNMSCAPI_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNMSCAPI_JAR_DST)
|
||||
JARS += $(SUNMSCAPI_JAR_DST) $(SUNMSCAPI_JAR_UNSIGNED)
|
||||
|
||||
endif
|
||||
|
||||
@ -676,13 +679,24 @@ ifeq ($(OPENJDK_TARGET_OS),solaris)
|
||||
ifndef OPENJDK
|
||||
|
||||
UCRYPTO_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/ucrypto.jar
|
||||
UCRYPTO_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/ucrypto.jar
|
||||
UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_UCRYPTO_JAR,,\
|
||||
SRCS:=$(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES:=.class,\
|
||||
INCLUDES:=com/oracle/security/ucrypto,\
|
||||
JAR:=$(UCRYPTO_JAR_UNSIGNED), \
|
||||
MANIFEST:=$(JCE_MANIFEST), \
|
||||
SKIP_METAINF:=true))
|
||||
|
||||
$(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
$(UCRYPTO_JAR_DST) : $(UCRYPTO_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt OracleUcrypto provider..."
|
||||
$(install-file)
|
||||
|
||||
JARS += $(UCRYPTO_JAR_DST)
|
||||
JARS += $(UCRYPTO_JAR_DST) $(UCRYPTO_JAR_UNSIGNED)
|
||||
|
||||
endif
|
||||
endif
|
||||
|
||||
104
jdk/makefiles/SignJars.gmk
Normal file
104
jdk/makefiles/SignJars.gmk
Normal file
@ -0,0 +1,104 @@
|
||||
#
|
||||
# Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License version 2 only, as
|
||||
# published by the Free Software Foundation. Oracle designates this
|
||||
# particular file as subject to the "Classpath" exception as provided
|
||||
# by Oracle in the LICENSE file that accompanied this code.
|
||||
#
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# version 2 for more details (a copy is included in the LICENSE file that
|
||||
# accompanied this code).
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License version
|
||||
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
# or visit www.oracle.com if you need additional information or have any
|
||||
# questions.
|
||||
#
|
||||
|
||||
include $(SPEC)
|
||||
include MakeBase.gmk
|
||||
|
||||
# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK
|
||||
# builds respectively.)
|
||||
#
|
||||
# JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE
|
||||
# jar files do not require signing, but those for JDK do. If an unsigned
|
||||
# jar file is installed into JDK, things will break when the crypto
|
||||
# routines are called.
|
||||
#
|
||||
# All jars are created in CreateJars.gmk. This Makefile does the signing
|
||||
# of the jars for JDK.
|
||||
#
|
||||
# For JDK, the binaries use pre-built/pre-signed binary files stored in
|
||||
# the closed workspace that are not shipped in the OpenJDK workspaces.
|
||||
# We still build the JDK files to verify the files compile, and in
|
||||
# preparation for possible signing. Developers working on JCE in JDK
|
||||
# must sign the JCE files before testing. The JCE signing key is kept
|
||||
# separate from the JDK workspace to prevent its disclosure.
|
||||
#
|
||||
# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
|
||||
# be built, signed, and then the resulting jar files MUST BE CHECKED
|
||||
# INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT
|
||||
# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be
|
||||
# reflected in the shipped binaries. The "sign-jars" target in the top
|
||||
# level Makefile should be used to generate the required files.
|
||||
#
|
||||
|
||||
# Default target
|
||||
all:
|
||||
|
||||
ifndef OPENJDK
|
||||
|
||||
README-MAKEFILE_WARNING := \
|
||||
"\nPlease read makefiles/SignJars.gmk for further build instructions.\n"
|
||||
|
||||
#
|
||||
# Location for JCE codesigning key.
|
||||
#
|
||||
SIGNING_KEY_DIR := /security/ws/JCE-signing/src
|
||||
SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks
|
||||
SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt
|
||||
SIGNING_ALIAS := oracle_jce_rsa
|
||||
|
||||
#
|
||||
# Defines for signing the various jar files.
|
||||
#
|
||||
check-keystore:
|
||||
@if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \
|
||||
$(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \
|
||||
$(PRINTF) $(README-MAKEFILE_WARNING); \
|
||||
exit 2; \
|
||||
fi
|
||||
|
||||
$(JCE_OUTPUTDIR)/%: $(IMAGES_OUTPUTDIR)/unsigned/%
|
||||
$(MKDIR) -p $(@D)
|
||||
$(CP) $< $@
|
||||
$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \
|
||||
$@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)
|
||||
@$(PRINTF) "\nJar codesigning finished.\n"
|
||||
|
||||
JAR_LIST := jce.jar \
|
||||
local_policy.jar \
|
||||
sunec.jar \
|
||||
sunjce_provider.jar \
|
||||
sunpkcs11.jar \
|
||||
US_export_policy.jar
|
||||
|
||||
SIGNED_JARS := $(addprefix $(JCE_OUTPUTDIR)/,$(JAR_LIST))
|
||||
|
||||
$(SIGNED_JARS): check-keystore
|
||||
|
||||
all: $(SIGNED_JARS)
|
||||
@$(PRINTF) "\n***The jar files built by the 'jar-sign' target must***"
|
||||
@$(PRINTF) "\n***still be checked into the closed workspace! ***"
|
||||
@$(PRINTF) $(README-MAKEFILE_WARNING)
|
||||
|
||||
endif # !OPENJDK
|
||||
Loading…
x
Reference in New Issue
Block a user