8009280: JCE jurisdiction policy files not copied into jdk/lib/security
Reviewed-by: tbell, ihse
This commit is contained in:
parent
53fb16b381
commit
a1a132996a
@ -80,7 +80,11 @@ genclasses-only:
|
||||
# to execute launchers.
|
||||
+$(MAKE) -f GenerateClasses.gmk
|
||||
|
||||
jdk: genclasses
|
||||
securityjars: genclasses securityjars-only
|
||||
securityjars-only:
|
||||
+$(MAKE) -f CreateSecurityJars.gmk
|
||||
|
||||
jdk: securityjars
|
||||
# Now we have a complete jdk, which you can run.
|
||||
# It is not yet wrapped up as an installed image.
|
||||
|
||||
|
@ -281,6 +281,19 @@ ifeq ($(OPENJDK_TARGET_OS), macosx)
|
||||
EXCLUDES += com/apple/jobjc
|
||||
endif
|
||||
|
||||
# The security classes should not end up in the classes directory as that will prevent them
|
||||
# from working when running the exploded jdk image. Compile them separately to a different
|
||||
# directory from where the jars can be created.
|
||||
SECURITY_PKGS := \
|
||||
com/oracle/security/ucrypto \
|
||||
com/sun/crypto/provider \
|
||||
javax/crypto \
|
||||
sun/security/ec \
|
||||
sun/security/internal \
|
||||
sun/security/mscapi \
|
||||
sun/security/pkcs11 \
|
||||
#
|
||||
|
||||
# The exception handling of swing beaninfo
|
||||
# These resources violates the convention of having code and resources together under
|
||||
# $(JDK_TOPDIR)/src/.../classes directories
|
||||
@ -293,22 +306,46 @@ $(JDK_OUTPUTDIR)/classes/javax/swing/beaninfo/images/%.gif: $(JDK_TOPDIR)/make/t
|
||||
# space separated list.
|
||||
JDK_USER_DEFINED_FILTER := $(strip $(subst $(COMMA),$(SPACE), $(JDK_FILTER)))
|
||||
|
||||
$(eval $(call SetupJavaCompilation,BUILD_JDK, \
|
||||
ifeq ($(ENABLE_SJAVAC),yes)
|
||||
# With sjavac enabled, excluded sources are not even considered for linking.
|
||||
# Explicitly add the security sources to sourcepath for linking.
|
||||
BUILD_JDK_SOURCEPATH:=$(patsubst %,-i$(SPACE)%.*,$(subst /,.,$(SECURITY_PKGS))) \
|
||||
-sourcepath $(JDK_TOPDIR)/src/share/classes
|
||||
endif
|
||||
|
||||
$(eval $(call SetupJavaCompilation,BUILD_JDK,\
|
||||
SETUP:=GENERATE_JDKBYTECODE,\
|
||||
SRC:=$(JDK_TOPDIR)/src/share/classes \
|
||||
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes \
|
||||
$(MACOSX_SRC_DIRS) \
|
||||
$(JDK_OUTPUTDIR)/gensrc \
|
||||
$(JDK_OUTPUTDIR)/gensrc_no_srczip \
|
||||
$(CLOSED_SRC_DIRS),\
|
||||
INCLUDES:=$(JDK_USER_DEFINED_FILTER),\
|
||||
EXCLUDES:=$(EXCLUDES) $(SECURITY_PKGS),\
|
||||
EXCLUDE_FILES:=$(EXFILES),\
|
||||
BIN:=$(JDK_OUTPUTDIR)/classes,\
|
||||
COPY:=$(COPY_PATTERNS),\
|
||||
COPY_FILES:=$(COPY_FILES),\
|
||||
HEADERS:=$(JDK_OUTPUTDIR)/gensrc_headers,\
|
||||
ADD_JAVAC_FLAGS:=$(BUILD_JDK_SOURCEPATH)))
|
||||
|
||||
##########################################################################################
|
||||
|
||||
$(eval $(call SetupJavaCompilation,BUILD_SECURITY, \
|
||||
SETUP := GENERATE_JDKBYTECODE, \
|
||||
SRC := $(JDK_TOPDIR)/src/share/classes \
|
||||
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes \
|
||||
$(MACOSX_SRC_DIRS) \
|
||||
$(JDK_OUTPUTDIR)/gensrc \
|
||||
$(JDK_OUTPUTDIR)/gensrc_no_srczip \
|
||||
$(CLOSED_SRC_DIRS), \
|
||||
INCLUDES := $(JDK_USER_DEFINED_FILTER), \
|
||||
$(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes \
|
||||
$(MACOSX_SRC_DIRS) \
|
||||
$(CLOSED_SRC_DIRS), \
|
||||
INCLUDES := $(SECURITY_PKGS), \
|
||||
EXCLUDES := $(EXCLUDES), \
|
||||
EXCLUDE_FILES := $(EXFILES), \
|
||||
BIN := $(JDK_OUTPUTDIR)/classes, \
|
||||
COPY := $(COPY_PATTERNS), \
|
||||
COPY_FILES := $(COPY_FILES), \
|
||||
BIN := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
HEADERS := $(JDK_OUTPUTDIR)/gensrc_headers))
|
||||
|
||||
$(BUILD_SECURITY): $(BUILD_JDK)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
$(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin:
|
||||
@ -393,7 +430,7 @@ endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
all: $(BUILD_JDK) $(BUILD_JOBJC) $(BUILD_JOBJC_HEADERS) $(COPY_EXTRA) \
|
||||
all: $(BUILD_JDK) $(BUILD_SECURITY) $(BUILD_JOBJC) $(BUILD_JOBJC_HEADERS) $(COPY_EXTRA) \
|
||||
$(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin \
|
||||
$(BUILD_ACCESSBRIDGE_32) $(BUILD_ACCESSBRIDGE_64) \
|
||||
$(BUILD_ACCESSBRIDGE_LEGACY)
|
||||
|
@ -102,7 +102,6 @@ $(eval $(call SetupArchive,BUILD_LOCALEDATA_JAR, , \
|
||||
# This value should exclude types destined for jars other than rt.jar and resources.jar.
|
||||
# When building a Profile this value augments the profile specific exclusions
|
||||
RT_JAR_EXCLUDES += \
|
||||
com/oracle/security \
|
||||
com/sun/codemodel \
|
||||
com/sun/crypto/provider \
|
||||
com/sun/istack/internal/tools \
|
||||
@ -414,86 +413,6 @@ $(eval $(call SetupArchive,BUILD_JSSE_JAR, , \
|
||||
MANIFEST := $(MAINMANIFEST), \
|
||||
CHECK_COMPRESS_JAR := true))
|
||||
|
||||
##########################################################################################
|
||||
# Create manifest for security jars
|
||||
|
||||
#
|
||||
# Include these extra attributes for now, should probably take out.
|
||||
#
|
||||
JCE_MANIFEST := $(IMAGES_OUTPUTDIR)/lib/_the.security.manifest.mf
|
||||
$(JCE_MANIFEST): $(MAINMANIFEST)
|
||||
$(MKDIR) -p $(@D)
|
||||
$(RM) $@ $@.tmp
|
||||
$(SED) -e "s#@@RELEASE@@#$(JDK_VERSION)#" \
|
||||
-e "s#@@COMPANY_NAME@@#$(COMPANY_NAME)#" \
|
||||
$(MAINMANIFEST) >> $@.tmp
|
||||
$(ECHO) "Extension-Name: javax.crypto" >> $@.tmp
|
||||
$(ECHO) "Implementation-Vendor-Id: com.sun" >> $@.tmp
|
||||
$(MV) $@.tmp $@
|
||||
|
||||
##########################################################################################
|
||||
# For security and crypto jars, always build the jar, but for closed, install the prebuilt
|
||||
# signed version instead of the newly built jar. Unsigned jars are treated as intermediate
|
||||
# targets and explicitly added to the JARS list. For open, signing is not needed. See
|
||||
# SignJars.gmk for more information.
|
||||
#
|
||||
# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO
|
||||
# variable is set to no if these jars can't be built to skip that step of the build.
|
||||
# Note that for OPENJDK, the build will fail if BUILD_CRYPTO=no since then there is no
|
||||
# other way to get the jars than to build them.
|
||||
|
||||
SUNPKCS11_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunpkcs11.jar
|
||||
SUNPKCS11_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunpkcs11.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := sun/security/pkcs11, \
|
||||
JAR := $(SUNPKCS11_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar
|
||||
$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNPKCS11_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
SUNEC_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunec.jar
|
||||
SUNEC_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunec.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNEC_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := sun/security/ec, \
|
||||
JAR := $(SUNEC_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar
|
||||
$(SUNEC_JAR_DST): $(SUNEC_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNEC_JAR_UNSIGNED)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SWINGBEANS_JAR, , \
|
||||
@ -507,208 +426,6 @@ $(eval $(call SetupArchive,BUILD_SWINGBEANS_JAR, , \
|
||||
|
||||
##########################################################################################
|
||||
|
||||
SUNJCE_PROVIDER_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunjce_provider.jar
|
||||
SUNJCE_PROVIDER_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunjce_provider.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
$(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := com/sun/crypto/provider, \
|
||||
JAR := $(SUNJCE_PROVIDER_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNJCE_PROVIDER_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
JARS += $(SUNJCE_PROVIDER_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar
|
||||
$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
JCE_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/jce.jar
|
||||
JCE_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/jce.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
$(eval $(call SetupArchive,BUILD_JCE_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := javax/crypto sun/security/internal, \
|
||||
JAR := $(JCE_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(JCE_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
JARS += $(JCE_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
|
||||
$(JCE_JAR_DST): $(JCE_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..."
|
||||
$(install-file)
|
||||
else
|
||||
$(JCE_JAR_DST): $(JCE_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
US_EXPORT_POLICY_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/security/US_export_policy.jar
|
||||
US_EXPORT_POLICY_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/US_export_policy.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
|
||||
# NOTE: We currently do not place restrictions on our limited export
|
||||
# policy. This was not a typo.
|
||||
#
|
||||
US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
US_EXPORT_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/US_export_policy_jar.tmp
|
||||
|
||||
$(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \
|
||||
SRCS := $(US_EXPORT_POLICY_JAR_TMP), \
|
||||
SUFFIXES := .policy, \
|
||||
JAR := $(US_EXPORT_POLICY_JAR_UNSIGNED), \
|
||||
EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
JARS += $(US_EXPORT_POLICY_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
else
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
LOCAL_POLICY_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/security/local_policy.jar
|
||||
LOCAL_POLICY_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/local_policy.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
LOCAL_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/local_policy_jar.tmp
|
||||
|
||||
ifeq ($(UNLIMITED_CRYPTO), true)
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited
|
||||
else
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/limited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \
|
||||
$(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited
|
||||
endif
|
||||
|
||||
$(LOCAL_POLICY_JAR_TMP)/%: $(LOCAL_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR, $(LOCAL_POLICY_JAR_DEPS), \
|
||||
SRCS := $(LOCAL_POLICY_JAR_TMP), \
|
||||
SUFFIXES := .policy, \
|
||||
JAR := $(LOCAL_POLICY_JAR_UNSIGNED), \
|
||||
EXTRA_MANIFEST_ATTR := $(LOCAL_POLICY_JAR_ATTR), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
JARS += $(LOCAL_POLICY_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
$(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
else
|
||||
$(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
ifeq ($(OPENJDK_TARGET_OS), windows)
|
||||
|
||||
SUNMSCAPI_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunmscapi.jar
|
||||
SUNMSCAPI_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunmscapi.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNMSCAPI_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := sun/security/mscapi, \
|
||||
JAR := $(SUNMSCAPI_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNMSCAPI_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar
|
||||
$(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNMSCAPI_JAR_UNSIGNED)
|
||||
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
ifeq ($(OPENJDK_TARGET_OS), solaris)
|
||||
ifndef OPENJDK
|
||||
|
||||
UCRYPTO_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/ucrypto.jar
|
||||
UCRYPTO_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/ucrypto.jar
|
||||
UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := com/oracle/security/ucrypto, \
|
||||
JAR := $(UCRYPTO_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
$(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt OracleUcrypto provider..."
|
||||
$(install-file)
|
||||
|
||||
JARS += $(UCRYPTO_JAR_UNSIGNED)
|
||||
|
||||
endif
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
# Get the CLDRVERSION
|
||||
include gensrc/GensrcCLDR.gmk
|
||||
|
||||
@ -1047,6 +764,13 @@ endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
# This rule copies all jars from jdk/lib/... to images/lib/... to avoid having to track
|
||||
# which jars are where
|
||||
$(IMAGES_OUTPUTDIR)/lib/%: $(JDK_OUTPUTDIR)/lib/%
|
||||
$(install-file)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
# Import nashorn.jar from nashorn dist dir.
|
||||
$(IMAGES_OUTPUTDIR)/lib/ext/nashorn.jar: $(NASHORN_DIST)/nashorn.jar
|
||||
$(install-file)
|
||||
|
329
jdk/makefiles/CreateSecurityJars.gmk
Normal file
329
jdk/makefiles/CreateSecurityJars.gmk
Normal file
@ -0,0 +1,329 @@
|
||||
#
|
||||
# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
|
||||
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
#
|
||||
# This code is free software; you can redistribute it and/or modify it
|
||||
# under the terms of the GNU General Public License version 2 only, as
|
||||
# published by the Free Software Foundation. Oracle designates this
|
||||
# particular file as subject to the "Classpath" exception as provided
|
||||
# by Oracle in the LICENSE file that accompanied this code.
|
||||
#
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT
|
||||
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||
# version 2 for more details (a copy is included in the LICENSE file that
|
||||
# accompanied this code).
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License version
|
||||
# 2 along with this work; if not, write to the Free Software Foundation,
|
||||
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
#
|
||||
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||
# or visit www.oracle.com if you need additional information or have any
|
||||
# questions.
|
||||
#
|
||||
|
||||
default: all
|
||||
|
||||
include $(SPEC)
|
||||
include MakeBase.gmk
|
||||
include JavaCompilation.gmk
|
||||
include Setup.gmk
|
||||
|
||||
# The jars created in this file are required for the exploded jdk image to function and
|
||||
# cannot wait to be built in the images target.
|
||||
|
||||
##########################################################################################
|
||||
# Create manifest for security jars
|
||||
#
|
||||
# Include these extra attributes for now, should probably take out.
|
||||
#
|
||||
MAINMANIFEST := $(JDK_TOPDIR)/make/tools/manifest.mf
|
||||
JCE_MANIFEST := $(JDK_OUTPUTDIR)/lib/_the.security.manifest.mf
|
||||
|
||||
$(JCE_MANIFEST): $(MAINMANIFEST)
|
||||
$(MKDIR) -p $(@D)
|
||||
$(RM) $@ $@.tmp
|
||||
$(SED) -e "s#@@RELEASE@@#$(JDK_VERSION)#" \
|
||||
-e "s#@@COMPANY_NAME@@#$(COMPANY_NAME)#" \
|
||||
$(MAINMANIFEST) >> $@.tmp
|
||||
$(ECHO) "Extension-Name: javax.crypto" >> $@.tmp
|
||||
$(ECHO) "Implementation-Vendor-Id: com.sun" >> $@.tmp
|
||||
$(MV) $@.tmp $@
|
||||
|
||||
##########################################################################################
|
||||
# For security and crypto jars, always build the jar, but for closed, install the prebuilt
|
||||
# signed version instead of the newly built jar. Unsigned jars are treated as intermediate
|
||||
# targets and explicitly added to the JARS list. For open, signing is not needed. See
|
||||
# SignJars.gmk for more information.
|
||||
#
|
||||
# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO
|
||||
# variable is set to no if these jars can't be built to skip that step of the build.
|
||||
# Note that for OPENJDK, the build will fail if BUILD_CRYPTO=no since then there is no
|
||||
# other way to get the jars than to build them.
|
||||
|
||||
SUNPKCS11_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunpkcs11.jar
|
||||
SUNPKCS11_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunpkcs11.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := sun/security/pkcs11, \
|
||||
JAR := $(SUNPKCS11_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar
|
||||
$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNPKCS11_JAR_UNSIGNED) $(SUNPKCS11_JAR_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
SUNEC_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunec.jar
|
||||
SUNEC_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunec.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNEC_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := sun/security/ec, \
|
||||
JAR := $(SUNEC_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar
|
||||
$(SUNEC_JAR_DST): $(SUNEC_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNEC_JAR_UNSIGNED) $(SUNEC_JAR_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
SUNJCE_PROVIDER_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunjce_provider.jar
|
||||
SUNJCE_PROVIDER_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunjce_provider.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
$(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := com/sun/crypto/provider, \
|
||||
JAR := $(SUNJCE_PROVIDER_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNJCE_PROVIDER_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
JARS += $(SUNJCE_PROVIDER_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar
|
||||
$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNJCE_PROVIDER_JAR_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
JCE_JAR_DST := $(JDK_OUTPUTDIR)/lib/jce.jar
|
||||
JCE_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/jce.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
$(eval $(call SetupArchive,BUILD_JCE_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := javax/crypto sun/security/internal, \
|
||||
JAR := $(JCE_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(JCE_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
JARS += $(JCE_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
|
||||
$(JCE_JAR_DST): $(JCE_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..."
|
||||
$(install-file)
|
||||
else
|
||||
$(JCE_JAR_DST): $(JCE_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(JCE_JAR_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
US_EXPORT_POLICY_JAR_DST := $(JDK_OUTPUTDIR)/lib/security/US_export_policy.jar
|
||||
US_EXPORT_POLICY_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/US_export_policy.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
# NOTE: We currently do not place restrictions on our limited export
|
||||
# policy. This was not a typo.
|
||||
#
|
||||
US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
US_EXPORT_POLICY_JAR_TMP := $(JDK_OUTPUTDIR)/US_export_policy_jar.tmp
|
||||
|
||||
$(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \
|
||||
SRCS := $(US_EXPORT_POLICY_JAR_TMP), \
|
||||
SUFFIXES := .policy, \
|
||||
JAR := $(US_EXPORT_POLICY_JAR_UNSIGNED), \
|
||||
EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
JARS += $(US_EXPORT_POLICY_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
else
|
||||
$(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(US_EXPORT_POLICY_JAR_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
LOCAL_POLICY_JAR_DST := $(JDK_OUTPUTDIR)/lib/security/local_policy.jar
|
||||
LOCAL_POLICY_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/local_policy.jar
|
||||
|
||||
ifneq ($(BUILD_CRYPTO), no)
|
||||
#
|
||||
# TODO fix so that SetupArchive does not write files into SRCS
|
||||
# then we don't need this extra copying
|
||||
#
|
||||
LOCAL_POLICY_JAR_TMP := $(JDK_OUTPUTDIR)/local_policy_jar.tmp
|
||||
|
||||
ifeq ($(UNLIMITED_CRYPTO), true)
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited
|
||||
else
|
||||
LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/limited
|
||||
LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \
|
||||
$(LOCAL_POLICY_JAR_TMP)/default_local.policy
|
||||
LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited
|
||||
endif
|
||||
|
||||
$(LOCAL_POLICY_JAR_TMP)/%: $(LOCAL_POLICY_JAR_SRC_DIR)/%
|
||||
$(install-file)
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR, $(LOCAL_POLICY_JAR_DEPS), \
|
||||
SRCS := $(LOCAL_POLICY_JAR_TMP), \
|
||||
SUFFIXES := .policy, \
|
||||
JAR := $(LOCAL_POLICY_JAR_UNSIGNED), \
|
||||
EXTRA_MANIFEST_ATTR := $(LOCAL_POLICY_JAR_ATTR), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
JARS += $(LOCAL_POLICY_JAR_UNSIGNED)
|
||||
endif
|
||||
|
||||
ifndef OPENJDK
|
||||
$(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar
|
||||
$(ECHO) $(LOG_INFO) Copying $(@F)
|
||||
$(install-file)
|
||||
else
|
||||
$(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(LOCAL_POLICY_JAR_DST)
|
||||
|
||||
##########################################################################################
|
||||
|
||||
ifeq ($(OPENJDK_TARGET_OS), windows)
|
||||
|
||||
SUNMSCAPI_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunmscapi.jar
|
||||
SUNMSCAPI_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunmscapi.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_SUNMSCAPI_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := sun/security/mscapi, \
|
||||
JAR := $(SUNMSCAPI_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(SUNMSCAPI_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
ifndef OPENJDK
|
||||
SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar
|
||||
$(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..."
|
||||
$(install-file)
|
||||
else
|
||||
$(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED)
|
||||
$(install-file)
|
||||
endif
|
||||
|
||||
JARS += $(SUNMSCAPI_JAR_UNSIGNED) $(SUNMSCAPI_JAR_DST)
|
||||
|
||||
endif
|
||||
|
||||
##########################################################################################
|
||||
|
||||
ifeq ($(OPENJDK_TARGET_OS), solaris)
|
||||
ifndef OPENJDK
|
||||
|
||||
UCRYPTO_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/ucrypto.jar
|
||||
UCRYPTO_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/ucrypto.jar
|
||||
UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar
|
||||
|
||||
$(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \
|
||||
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
|
||||
SUFFIXES := .class, \
|
||||
INCLUDES := com/oracle/security/ucrypto, \
|
||||
JAR := $(UCRYPTO_JAR_UNSIGNED), \
|
||||
MANIFEST := $(JCE_MANIFEST), \
|
||||
SKIP_METAINF := true))
|
||||
|
||||
$(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST)
|
||||
|
||||
$(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC)
|
||||
@$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt OracleUcrypto provider..."
|
||||
$(install-file)
|
||||
|
||||
JARS += $(UCRYPTO_JAR_UNSIGNED) $(UCRYPTO_JAR_DST)
|
||||
|
||||
endif
|
||||
endif
|
||||
|
||||
all: $(JARS)
|
||||
|
||||
.PHONY: default all
|
@ -78,7 +78,7 @@ check-keystore:
|
||||
exit 2; \
|
||||
fi
|
||||
|
||||
$(JCE_OUTPUTDIR)/%: $(IMAGES_OUTPUTDIR)/unsigned/%
|
||||
$(JCE_OUTPUTDIR)/%: $(JDK_OUTPUTDIR)/unsigned/%
|
||||
$(call install-file)
|
||||
$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \
|
||||
$@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)
|
||||
|
Loading…
x
Reference in New Issue
Block a user