127 lines
4.6 KiB
Plaintext
127 lines
4.6 KiB
Plaintext
#
|
|
# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
|
|
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
#
|
|
# This code is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU General Public License version 2 only, as
|
|
# published by the Free Software Foundation. Oracle designates this
|
|
# particular file as subject to the "Classpath" exception as provided
|
|
# by Oracle in the LICENSE file that accompanied this code.
|
|
#
|
|
# This code is distributed in the hope that it will be useful, but WITHOUT
|
|
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
# version 2 for more details (a copy is included in the LICENSE file that
|
|
# accompanied this code).
|
|
#
|
|
# You should have received a copy of the GNU General Public License version
|
|
# 2 along with this work; if not, write to the Free Software Foundation,
|
|
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
#
|
|
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
# or visit www.oracle.com if you need additional information or have any
|
|
# questions.
|
|
#
|
|
|
|
include $(SPEC)
|
|
include MakeBase.gmk
|
|
|
|
# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK
|
|
# builds respectively.)
|
|
#
|
|
# JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE
|
|
# jar files do not require signing, but those for JDK do. If an unsigned
|
|
# jar file is installed into JDK, things will break when the crypto
|
|
# routines are called.
|
|
#
|
|
# All jars are created in CreateJars.gmk. This Makefile does the signing
|
|
# of the jars for JDK.
|
|
#
|
|
# For JDK, the binaries use pre-built/pre-signed binary files stored in
|
|
# the closed workspace that are not shipped in the OpenJDK workspaces.
|
|
# We still build the JDK files to verify the files compile, and in
|
|
# preparation for possible signing. Developers working on JCE in JDK
|
|
# must sign the JCE files before testing. The JCE signing key is kept
|
|
# separate from the JDK workspace to prevent its disclosure.
|
|
#
|
|
# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
|
|
# be built, signed, and then the resulting jar files MUST BE CHECKED
|
|
# INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT
|
|
# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be
|
|
# reflected in the shipped binaries.
|
|
#
|
|
# Please consult with Release Engineering, which is responsible for
|
|
# creating the final JCE builds suitable for checkin.
|
|
#
|
|
|
|
# Default target
|
|
all:
|
|
|
|
ifndef OPENJDK
|
|
|
|
README-MAKEFILE_WARNING := \
|
|
"\nPlease read jdk/make/SignJars.gmk for further build instructions.\n"
|
|
|
|
#
|
|
# Location for JCE codesigning key.
|
|
#
|
|
SIGNING_KEY_DIR := /security/ws/JCE-signing/src
|
|
SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks
|
|
SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt
|
|
SIGNING_ALIAS := oracle_jce_rsa
|
|
|
|
#
|
|
# Defines for signing the various jar files.
|
|
#
|
|
check-keystore:
|
|
@if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \
|
|
$(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \
|
|
$(PRINTF) $(README-MAKEFILE_WARNING); \
|
|
exit 2; \
|
|
fi
|
|
|
|
$(JDK_OUTPUTDIR)/jce/signed/%: $(JDK_OUTPUTDIR)/jce/unsigned/%
|
|
$(call install-file)
|
|
$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \
|
|
$@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)
|
|
@$(PRINTF) "\nJar codesigning finished.\n"
|
|
|
|
JAR_LIST := \
|
|
jce.jar \
|
|
policy/limited/local_policy.jar \
|
|
policy/limited/US_export_policy.jar \
|
|
policy/unlimited/local_policy.jar \
|
|
policy/unlimited/US_export_policy.jar \
|
|
sunec.jar \
|
|
sunjce_provider.jar \
|
|
sunpkcs11.jar \
|
|
sunmscapi.jar \
|
|
ucrypto.jar \
|
|
#
|
|
|
|
UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/jce/unsigned/, $(JAR_LIST)))
|
|
|
|
ifeq ($(UNSIGNED_JARS), )
|
|
$(error No jars found in $(JDK_OUTPUTDIR)/jce/unsigned/)
|
|
endif
|
|
|
|
SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/jce/unsigned/%,$(JDK_OUTPUTDIR)/jce/signed/%, \
|
|
$(UNSIGNED_JARS))
|
|
|
|
$(SIGNED_JARS): check-keystore
|
|
|
|
$(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt: \
|
|
$(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt
|
|
$(install-file)
|
|
|
|
all: $(SIGNED_JARS) $(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt
|
|
@$(PRINTF) "\n*** The jar files built by the 'sign-jars' target are developer ***"
|
|
@$(PRINTF) "\n*** builds only and *MUST NOT* be checked into the closed workspace. ***"
|
|
@$(PRINTF) "\n*** ***"
|
|
@$(PRINTF) "\n*** Please consult with Release Engineering: they will generate ***"
|
|
@$(PRINTF) "\n*** the proper binaries for the closed workspace. ***"
|
|
@$(PRINTF) "\n"
|
|
@$(PRINTF) $(README-MAKEFILE_WARNING)
|
|
|
|
endif # !OPENJDK
|