From 4da093c9eba510b601c1008e0f6421042fc351ea Mon Sep 17 00:00:00 2001
From: importbot <releng@rockylinux.org>
Date: Thu, 18 Apr 2024 18:52:38 +0000
Subject: [PATCH] import java-21-openjdk-21.0.3.0.9-1.el8
---
.java-21-openjdk.checksum | 2 +-
.java-21-openjdk.metadata | 2 +-
...48eda.patch => fips-21u-0a42e29b391.patch} | 27 +-
SOURCES/java-21-openjdk-portable.specfile | 263 +++++++++++++++---
...0-rh910107-fail_to_load_pcsc_library.patch | 125 ---------
SPECS/java-21-openjdk.spec | 138 +++++++--
6 files changed, 364 insertions(+), 193 deletions(-)
rename SOURCES/{fips-21u-75ffdc48eda.patch => fips-21u-0a42e29b391.patch} (99%)
delete mode 100644 SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch
diff --git a/.java-21-openjdk.checksum b/.java-21-openjdk.checksum
index 08acd52..a7047d3 100644
--- a/.java-21-openjdk.checksum
+++ b/.java-21-openjdk.checksum
@@ -1 +1 @@
-5e3e384556a91d25428454ed10b662827f31eaf8f316e085277b2279cbe7bb8d
+4649c1532d245cabf78280c227e923a9ec7c43eec6df3de43f709deec79cfaf7
diff --git a/.java-21-openjdk.metadata b/.java-21-openjdk.metadata
index 0f74417..845fca2 100644
--- a/.java-21-openjdk.metadata
+++ b/.java-21-openjdk.metadata
@@ -1,2 +1,2 @@
-9ca965b81c935859350dff694ef13c4eae2e1b8dee2b423988f998ab51795f57 SOURCES/openjdk-21.0.2+13.tar.xz
+1a73d369c125ca45240a02f8b5c4b01b113d5fa7041145bb6492807d123d4da7 SOURCES/openjdk-21.0.3+9.tar.xz
d8a785cc9cc71745c17ecb9e5f0f919e7776b2f21584634f1eb71e4c7e813d6f SOURCES/tapsets-icedtea-6.0.0pre00-c848b93a8598.tar.xz
diff --git a/SOURCES/fips-21u-75ffdc48eda.patch b/SOURCES/fips-21u-0a42e29b391.patch
similarity index 99%
rename from SOURCES/fips-21u-75ffdc48eda.patch
rename to SOURCES/fips-21u-0a42e29b391.patch
index 8413fe1..54e8da0 100644
--- a/SOURCES/fips-21u-75ffdc48eda.patch
+++ b/SOURCES/fips-21u-0a42e29b391.patch
@@ -116,7 +116,7 @@ index 00000000000..f48fc7f7e80
+ AC_SUBST(NSS_LIBDIR)
+])
diff --git a/make/autoconf/libraries.m4 b/make/autoconf/libraries.m4
-index a1fc81564b1..ebad69d9dcf 100644
+index 51d4f724c33..feb0bcf3e75 100644
--- a/make/autoconf/libraries.m4
+++ b/make/autoconf/libraries.m4
@@ -35,6 +35,7 @@ m4_include([lib-std.m4])
@@ -127,7 +127,7 @@ index a1fc81564b1..ebad69d9dcf 100644
################################################################################
# Determine which libraries are needed for this configuration
-@@ -134,6 +135,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
+@@ -128,6 +129,7 @@ AC_DEFUN_ONCE([LIB_SETUP_LIBRARIES],
LIB_SETUP_X11
LIB_TESTS_SETUP_GTEST
@@ -136,10 +136,10 @@ index a1fc81564b1..ebad69d9dcf 100644
BASIC_JDKLIB_LIBS=""
BASIC_JDKLIB_LIBS_TARGET=""
diff --git a/make/autoconf/spec.gmk.in b/make/autoconf/spec.gmk.in
-index 0f85917814e..9419562b654 100644
+index f6def153c82..4d7abc33427 100644
--- a/make/autoconf/spec.gmk.in
+++ b/make/autoconf/spec.gmk.in
-@@ -867,6 +867,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
+@@ -873,6 +873,11 @@ INSTALL_SYSCONFDIR=@sysconfdir@
# Libraries
#
@@ -2959,7 +2959,7 @@ index 00000000000..f8d505ca815
+}
\ No newline at end of file
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
-index 6b26297b1b4..7ee5e07756c 100644
+index c3b412885a6..0e7ce73b158 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Key.java
@@ -37,6 +37,8 @@ import javax.crypto.*;
@@ -2981,20 +2981,21 @@ index 6b26297b1b4..7ee5e07756c 100644
private static final String PUBLIC = "public";
private static final String PRIVATE = "private";
private static final String SECRET = "secret";
-@@ -401,8 +406,10 @@ abstract class P11Key implements Key, Length {
+@@ -401,9 +406,10 @@ abstract class P11Key implements Key, Length {
new CK_ATTRIBUTE(CKA_EXTRACTABLE),
});
-- boolean keySensitive = (attrs[0].getBoolean() ||
-- attrs[1].getBoolean() || !attrs[2].getBoolean());
+- boolean keySensitive =
+- (attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
+- attrs[1].getBoolean() || !attrs[2].getBoolean();
+ boolean exportable = plainKeySupportEnabled && !algorithm.equals("DH");
+ boolean keySensitive = (!exportable &&
-+ (attrs[0].getBoolean() ||
-+ attrs[1].getBoolean() || !attrs[2].getBoolean()));
++ ((attrs[0].getBoolean() && P11Util.isNSS(session.token)) ||
++ attrs[1].getBoolean() || !attrs[2].getBoolean()));
return switch (algorithm) {
case "RSA" -> P11RSAPrivateKeyInternal.of(session, keyID, algorithm,
-@@ -454,7 +461,8 @@ abstract class P11Key implements Key, Length {
+@@ -455,7 +461,8 @@ abstract class P11Key implements Key, Length {
public String getFormat() {
token.ensureValid();
@@ -3004,7 +3005,7 @@ index 6b26297b1b4..7ee5e07756c 100644
return null;
} else {
return "RAW";
-@@ -1624,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference<P11Key> {
+@@ -1625,4 +1632,3 @@ final class SessionKeyRef extends PhantomReference<P11Key> {
this.clear();
}
}
@@ -3204,7 +3205,7 @@ index 5cd6828d293..bae49c4e8a9 100644
debug.println("logout succeeded");
}
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
-index 3378409ca1c..7602a92a252 100644
+index a6f5f0a8764..9a07c96ca4e 100644
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/Token.java
@@ -33,6 +33,7 @@ import java.lang.ref.*;
diff --git a/SOURCES/java-21-openjdk-portable.specfile b/SOURCES/java-21-openjdk-portable.specfile
index 23f5b8e..bf8380d 100644
--- a/SOURCES/java-21-openjdk-portable.specfile
+++ b/SOURCES/java-21-openjdk-portable.specfile
@@ -314,7 +314,7 @@
# New Version-String scheme-style defines
%global featurever 21
%global interimver 0
-%global updatever 2
+%global updatever 3
%global patchver 0
# buildjdkver is usually same as %%{featurever},
# but in time of bootstrap of next jdk, it is featurever-1,
@@ -364,7 +364,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
-%global fipsver 75ffdc48eda
+%global fipsver 0a42e29b391
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@@ -378,7 +378,7 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 13
+%global buildver 9
%global rpmrelease 1
#%%global tagsuffix %%{nil}
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
@@ -650,10 +650,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
#
#############################################
-# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
-# PR: https://github.com/openjdk/jdk/pull/15409
-Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch
-
# Currently empty
#############################################
@@ -709,8 +705,15 @@ BuildRequires: java-%{buildjdkver}-%{origin}%{?pkgos:-%{pkgos}}-devel
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-# 2023c required as of JDK-8305113
-BuildRequires: tzdata-java >= 2023c
+# Full documentation build requirements
+# pandoc is not available on RHEL 7
+%if 0%{?rhel} >= 8
+BuildRequires: graphviz
+BuildRequires: pandoc
+%endif
+# 2024a required as of JDK-8325150
+# Use 2023d until 2024a is in the buildroot
+BuildRequires: tzdata-java >= 2023d
# cacerts build requirement in portable mode
BuildRequires: ca-certificates
# Earlier versions have a bug in tree vectorization on PPC
@@ -730,7 +733,7 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in src/java.desktop/share/legal/freetype.md
-Provides: bundled(freetype) = 2.13.0
+Provides: bundled(freetype) = 2.13.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
@@ -922,6 +925,7 @@ echo "WARNING: The build of a fresh libjvm has been disabled due to a JDK versio
echo "Build JDK version is %{buildjdkver}, feature JDK version is %{featurever}"
%endif
+export XZ_OPT="-T0"
%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
@@ -938,11 +942,22 @@ sh %{SOURCE12} %{top_level_dir_name}
%endif
# Patch the JDK
+# This syntax is deprecated:
+# %patchN [...]
+# and should be replaced with:
+# %patch -PN [...]
+# For example:
+# %patch1001 -p1
+# becomes:
+# %patch -P1001 -p1
+# The replacement format suggested by recent (circa Fedora 38) RPM
+# deprecation messages:
+# %patch N [...]
+# is not backward-compatible with prior (circa RHEL-8) versions of
+# rpmbuild.
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
-%patch1001 -p1
-# Patches in need of upstreaming
-%patch6 -p1
+%patch -P1001 -p1
popd # openjdk
@@ -997,6 +1012,7 @@ export NUM_PROC=${NUM_PROC:-1}
# Honor %%_smp_ncpus_max
[ ${NUM_PROC} -gt %{?_smp_ncpus_max} ] && export NUM_PROC=%{?_smp_ncpus_max}
%endif
+export XZ_OPT="-T0"
%ifarch s390x sparc64 alpha %{power64} %{aarch64}
export ARCH_DATA_MODEL=64
@@ -1022,9 +1038,58 @@ EXTRA_CPP_FLAGS="$(echo ${EXTRA_CPP_FLAGS} | sed -e 's|-mstackrealign|-mincoming
%endif
export EXTRA_CFLAGS EXTRA_CPP_FLAGS
+# Set modification times (mtimes) of files within JAR files generated
+# by the OpenJDK build to a timestamp that is constant across RPM
+# rebuilds. OpenJDK provides the --with-source-date configure option
+# for this purpose. Potential arguments in the RPM build context are:
+#
+# A) --with-source-date="${SOURCE_DATE_EPOCH}"
+# B) --with-source-date=version
+# C) --with-source-date="${OPENJDK_UPSTREAM_TAG_EPOCH}"
+#
+# Consider Option A. Fedora 38 (rpm-4.18.2) and RHEL-8 (rpm-4.14.3)
+# have different support for SOURCE_DATE_EPOCH. To keep
+# SOURCE_DATE_EPOCH constant across RPM rebuilds, one could set the
+# source_date_epoch_from_changelog macro to 1 on both Fedora 38 and
+# RHEL-8. However, on RHEL-8, this results in the RPM build times
+# being set to the timestamp of the most recent changelog. This is
+# bad for tracing when RPMs were actually built. Fedora 38 supports a
+# better behaviour via the introduction of the
+# use_source_date_epoch_as_buildtime macro, set to 0 by default.
+# There is no way to make this work on RHEL-8 as well though, so
+# option A is suboptimal.
+#
+# Option B uses the value of the DEFAULT_VERSION_DATE field from
+# make/conf/version-numbers.conf. DEFAULT_VERSION_DATE represents the
+# aspirational eventual JDK general availability (GA) release date.
+# When the RPM build occurs prior to GA, generated JAR files will have
+# payload mtimes in the future relative to the RPM build time.
+# Whereas for tarballs some tools will issue warnings about future
+# mtimes, per OPENJDK-2583 apparently this is no problem for Java and
+# JAR files.
+#
+# Option C uses the modification timestamp of files in the source
+# tarball. The reproducibility logic in generate_source_tarball.sh
+# sets them all to the commit time of the release-tagged OpenJDK
+# commit, as archived in the tarball. This timestamp is deterministic
+# across RPM rebuilds and is reliably in the past. Any file's mtime
+# will do, so use version-numbers.conf's.
+#
+# Use option B for JAR files, based on the discussion in OPENJDK-2583.
+#
+# For portable tarballs, use option C (OPENJDK_UPSTREAM_TAG_EPOCH) for
+# the modification times of all files in the portable tarballs. Doing
+# so eliminates one source of variability across RPM rebuilds.
+VERSION_FILE="$(pwd)"/"%{top_level_dir_name}"/make/conf/version-numbers.conf
+OPENJDK_UPSTREAM_TAG_EPOCH="$(stat --format=%Y "${VERSION_FILE}")"
+
echo "Building %{SOURCE11}"
mkdir -p %{altjavaoutputdir}
gcc ${EXTRA_CFLAGS} -o %{altjavaoutputdir}/%{alt_java_name} %{SOURCE11}
+echo "Generating %{alt_java_name} man page"
+altjavamanpage=%{altjavaoutputdir}/%{alt_java_name}.1
+echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > ${altjavamanpage}
+cat %{top_level_dir_name}/src/java.base/share/man/java.1 >> ${altjavamanpage}
echo "Building %{newjavaver}-%{buildver}, pre=%{ea_designator}, opt=%{lts_designator}"
@@ -1066,9 +1131,6 @@ function buildjdk() {
scl enable devtoolset-%{dtsversion} "bash ${top_dir_abs_src_path}/configure \
%ifarch %{zero_arches}
--with-jvm-variants=zero \
-%endif
-%ifarch %{ppc64le}
- --with-jobs=1 \
%endif
--with-cacerts-file=`readlink -f %{_sysconfdir}/pki/java/cacerts` \
--with-version-build=%{buildver} \
@@ -1096,7 +1158,7 @@ function buildjdk() {
--with-extra-cflags=\"$EXTRA_CFLAGS\" \
--with-extra-ldflags=\"%{ourldflags}\" \
--with-num-cores=\"$NUM_PROC\" \
- --with-source-date=\"${SOURCE_DATE_EPOCH}\" \
+ --with-source-date=\"version\" \
--disable-javac-server \
%ifarch %{zgc_arches}
--with-jvm-features=zgc \
@@ -1115,14 +1177,15 @@ function stripjdk() {
local jreimagepath=${outputdir}/images/%{jreimage}
local jmodimagepath=${outputdir}/images/jmods
local supportdir=${outputdir}/support
+ local modulebuildpath=${outputdir}/jdk/modules
if [ "x$suffix" = "x" ] ; then
# Keep the unstripped version for consumption by RHEL RPMs
cp -a ${jdkimagepath}{,.unstripped}
# Strip the files
- for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} -type f) ; do
- if file ${file} | grep -q 'ELF'; then
+ for file in $(find ${jdkimagepath} ${jreimagepath} ${supportdir} ${modulebuildpath} -type f) ; do
+ if file ${file} | cut -d ':' -f 2 | grep -q 'ELF'; then
noextfile=${file/.so/};
scl enable devtoolset-%{dtsversion} "objcopy --only-keep-debug ${file} ${noextfile}.debuginfo";
scl enable devtoolset-%{dtsversion} "objcopy --add-gnu-debuglink=${noextfile}.debuginfo ${file}";
@@ -1206,13 +1269,6 @@ function installjdk() {
# Install local files which are distributed with the JDK
install -m 644 %{SOURCE10} ${imagepath}
- # Create fake alt-java as a placeholder for future alt-java
- pushd ${imagepath}
- # add alt-java man page
- echo "Hardened java binary recommended for launching untrusted code from the Web e.g. javaws" > man/man1/%{alt_java_name}.1
- cat man/man1/java.1 >> man/man1/%{alt_java_name}.1
- popd
-
# Print release information
cat ${imagepath}/release
fi
@@ -1232,6 +1288,49 @@ function genchecksum() {
popd
}
+# Create a reproducible tarball in an appropriate way for
+# the version of tar in use
+function createtar() {
+ local directory=${1}
+ local archive=${2}
+ local filter=${3}
+ local transform=${4}
+
+ if [ "x${filter}" != "x" ] ; then
+ local filteroption="-name ${filter}";
+ fi
+ if [ "x${transform}" != "x" ] ; then
+ local transoption="--transform ${transform}";
+ fi
+
+ local common_tar_opts="--owner=0 --group=0 --numeric-owner \
+ ${transoption} --create --xz"
+ # Capture tar version, removing the decimal point (so 1.28 => 128)
+ tarver=$(tar --version|head -n1|sed -re 's|tar \(GNU tar\) ([0-9]).([0-9]*)|\1\2|')
+ echo "Detected tar ${tarver}"
+ if [ ${tarver} -gt 128 ] ; then
+ local tar_time="$(date --utc --iso-8601=seconds --date=@"${OPENJDK_UPSTREAM_TAG_EPOCH}")"
+ local tar_opts="--mtime=${tar_time} --sort=name ${common_tar_opts}"
+ if test "x${filteroption}" = "x"; then
+ tar ${tar_opts} --file ${archive} ${directory}
+ else
+ tar ${tar_opts} --file ${archive} $(find ${directory} ${filteroption})
+ fi
+ else
+ # See https://reproducible-builds.org/docs/archives/
+ # RHEL-7 has tar 1.26 which does not support --sort=name (added
+ # in 1.28), so use find-piped-through-sort instead. Omit
+ # --pax-option since it made the docs package not reproducible
+ # due to PaxHeaders timestamp differences.
+ local tar_opts="--mtime=@${OPENJDK_UPSTREAM_TAG_EPOCH} \
+ --no-recursion --null --files-from - \
+ ${common_tar_opts}"
+ find ${directory} ${filteroption} -print0 | \
+ LC_ALL=C sort -z | \
+ tar ${tar_opts} --file ${archive}
+ fi
+}
+
function packagejdk() {
local imagesdir=$(pwd)/${1}/images
local docdir=$(pwd)/${1}/images/docs
@@ -1270,7 +1369,7 @@ function packagejdk() {
if [ "x$suffix" = "x" ] ; then
# Keep the unstripped version for consumption by RHEL RPMs
mv %{jdkimage}.unstripped ${jdkname}
- tar -cJf ${unstrippedarchive} ${jdkname}
+ createtar ${jdkname} ${unstrippedarchive}
genchecksum ${unstrippedarchive}
mv ${jdkname} %{jdkimage}.unstripped
fi
@@ -1281,13 +1380,13 @@ function packagejdk() {
# Release images have external debug symbols
if [ "x$suffix" = "x" ] ; then
- tar -cJf ${debugarchive} $(find ${jdkname} -name \*.debuginfo)
+ createtar ${jdkname} ${debugarchive} \*.debuginfo
genchecksum ${debugarchive}
mkdir ${docname}
mv ${docdir} ${docname}
mv ${bundledir}/${built_doc_archive} ${docname}
- tar -cJf ${docarchive} ${docname}
+ createtar ${docname} ${docarchive}
genchecksum ${docarchive}
mkdir ${miscname}
@@ -1297,23 +1396,23 @@ function packagejdk() {
%if %{with_systemtap}
cp -a ${tapsetdir}* ${miscname}
%endif
- cp -av ${altjavadir}/%{alt_java_name} ${miscname}
- tar -cJf ${miscarchive} ${miscname}
+ cp -av ${altjavadir}/%{alt_java_name}{,.1} ${miscname}
+ createtar ${miscname} ${miscarchive}
genchecksum ${miscarchive}
fi
- tar -cJf ${jdkarchive} --exclude='**.debuginfo' ${jdkname}
+ createtar ${jdkname} ${jdkarchive}
genchecksum ${jdkarchive}
- tar -cJf ${jrearchive} --exclude='**.debuginfo' ${jrename}
+ createtar ${jrename} ${jrearchive}
genchecksum ${jrearchive}
%if %{include_staticlibs}
# Static libraries (needed for building graal vm with native image)
# Tar as overlay. Transform to the JDK name, since we just want to "add"
# static libraries to that folder
- tar -cJf ${staticarchive} \
- --transform "s|^%{static_libs_image}/lib/*|${staticname}/lib/static/linux-%{archinstall}/glibc/|" "%{static_libs_image}/lib"
+ createtar "%{static_libs_image}/lib" ${staticarchive} "" \
+ "s|^%{static_libs_image}/lib/*|${staticname}/lib/static/linux-%{archinstall}/glibc/|"
genchecksum ${staticarchive}
%endif
@@ -1686,6 +1785,100 @@ done
%{_jvmdir}/%{miscportablearchive}.sha256sum
%changelog
+* Sat Apr 13 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.9-1
+- Update to jdk-21.0.3+9 (GA)
+- Update release notes to 21.0.3+9
+- Switch to GA mode.
+- Change --with-source-date value to 'version' to match Temurin builds
+- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
+- Resolves: OPENJDK-2585
+
+* Thu Apr 04 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.7-0.1.ea
+- Update to jdk-21.0.3+7 (EA)
+- Update release notes to 21.0.3+7
+- Require tzdata 2024a due to upstream inclusion of JDK-8322725
+- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
+- Drop JDK-8009550 which is now available upstream
+- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254
+
+* Thu Mar 21 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.1-0.2.ea
+- generate_source_tarball.sh: Update examples in header for clarity
+- generate_source_tarball.sh: Cleanup message issued when checkout already exists
+- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
+- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
+- icedtea_sync.sh: Reinstate from rhel-8.9.0 branch
+- Move maintenance scripts to a scripts subdirectory
+- discover_trees.sh: Set compile-command and indentation instructions for Emacs
+- discover_trees.sh: shellcheck: Do not use -o (SC2166)
+- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
+- generate_source_tarball.sh: Add authorship
+- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
+- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
+- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
+- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
+- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
+- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST
+- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)
+- Vary reproducible tar creation by version of tar detected
+- Set OPENJDK_UPSTREAM_TAG_EPOCH & VERSION_FILE at start of build section as in 17u
+- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck
+
+* Wed Mar 20 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:21.0.3.0.1-0.2.ea
+- generate_source_tarball.sh: Add WITH_TEMP environment variable
+- generate_source_tarball.sh: Multithread xz on all available cores
+- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
+- generate_source_tarball.sh: Update comment about tarball naming
+- generate_source_tarball.sh: Reformat comment header
+- generate_source_tarball.sh: Reformat and update help output
+- generate_source_tarball.sh: Do a shallow clone, for speed
+- generate_source_tarball.sh: Append -ea designator when required
+- generate_source_tarball.sh: Eliminate some removal prompting
+- generate_source_tarball.sh: Make tarball reproducible
+- generate_source_tarball.sh: Prefix temporary directory with temp-
+- generate_source_tarball.sh: Remove temporary directory exit conditions
+- generate_source_tarball.sh: Fix -ea logic to add dash
+- generate_source_tarball.sh: Set compile-command in Emacs
+- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
+- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
+- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
+- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
+- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
+- Use backward-compatible patch syntax
+- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
+- generate_source_tarball.sh: Fix whitespace
+- generate_source_tarball.sh: Remove trailing period in echo
+- generate_source_tarball.sh: Use long-style argument to grep
+- generate_source_tarball.sh: Add license
+- generate_source_tarball.sh: Add indentation instructions for Emacs
+- Remove -T0 argument from systemtap tar invocation
+
+* Mon Mar 11 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.1-0.2.ea
+- Introduce tar_opts to avoid repetition of lengthy tar creation options
+- Add module build path to stripped directories to catch jpackageapplauncher files
+- Move alt-java man page to the misc tarball so it is not in the JDK image
+- Resolves: OPENJDK-2820
+- Resolves: OPENJDK-2821
+
+* Thu Feb 08 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:21.0.3.0.1-0.2.ea
+- Invoke xz in multi-threaded mode
+- Remove ppc64le with-jobs=1 workaround
+- Make portable tarball modification times reproducible
+- Use RHEL-7 tar-1.26-compatible invocations for reproducible tarballs
+
+* Fri Feb 02 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.1-0.1.ea
+- Update to jdk-21.0.3+1 (EA)
+- Update release notes to 21.0.3+1
+- Switch to EA mode
+- Require tzdata 2023d due to upstream inclusion of JDK-8322725
+- Bump FreeType version to 2.13.2 following JDK-8316028
+
+* Sat Jan 27 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.2.0.13-2
+- Sync with upstream release notes
+
* Tue Jan 09 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.2.0.13-1
- Update to jdk-21.0.2+13 (GA)
- Update release notes to 21.0.2+13
diff --git a/SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch b/SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch
deleted file mode 100644
index 9213937..0000000
--- a/SOURCES/jdk8009550-rh910107-fail_to_load_pcsc_library.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-commit d0523302416bc6507696f20d1068f16427bcf6b8
-Author: Andrew Hughes <gnu.andrew@redhat.com>
-Date: Thu Aug 24 01:23:49 2023 +0100
-
- 8009550: PlatformPCSC should load versioned so
-
-diff --git a/src/java.base/share/classes/sun/security/util/Debug.java b/src/java.base/share/classes/sun/security/util/Debug.java
-index bff273c6548..e5a6b288ff8 100644
---- a/src/java.base/share/classes/sun/security/util/Debug.java
-+++ b/src/java.base/share/classes/sun/security/util/Debug.java
-@@ -81,6 +81,7 @@ public static void Help()
- System.err.println("logincontext login context results");
- System.err.println("jca JCA engine class debugging");
- System.err.println("keystore KeyStore debugging");
-+ System.err.println("pcsc Smartcard library debugging");
- System.err.println("policy loading and granting");
- System.err.println("provider security provider debugging");
- System.err.println("pkcs11 PKCS11 session manager debugging");
-diff --git a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
-index bacff32efbc..d9f605ada1e 100644
---- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
-+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
-@@ -1,5 +1,6 @@
- /*
- * Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
-+ * Copyright (c) 2023, Red Hat Inc. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
-@@ -46,8 +47,13 @@ class PlatformPCSC {
-
- private static final String PROP_NAME = "sun.security.smartcardio.library";
-
-- private static final String LIB1 = "/usr/$LIBISA/libpcsclite.so";
-- private static final String LIB2 = "/usr/local/$LIBISA/libpcsclite.so";
-+ private static final String[] LIB_TEMPLATES = { "/usr/$LIBISA/libpcsclite.so",
-+ "/usr/local/$LIBISA/libpcsclite.so",
-+ "/usr/lib/$ARCH-linux-gnu/libpcsclite.so",
-+ "/usr/lib/arm-linux-gnueabi/libpcsclite.so",
-+ "/usr/lib/arm-linux-gnueabihf/libpcsclite.so",
-+ "/usr/lib/$ARCH-kfreebsd-gnu/libpcsclite.so" };
-+ private static final String[] LIB_SUFFIXES = { ".1", ".0", "" };
- private static final String PCSC_FRAMEWORK = "/System/Library/Frameworks/PCSC.framework/Versions/Current/PCSC";
-
- PlatformPCSC() {
-@@ -73,23 +79,38 @@ public Throwable run() {
- });
-
- // expand $LIBISA to the system specific directory name for libraries
-+ // expand $ARCH to the Debian system architecture in use
- private static String expand(String lib) {
- int k = lib.indexOf("$LIBISA");
-- if (k == -1) {
-- return lib;
-+ if (k != -1) {
-+ String libDir;
-+ if ("64".equals(System.getProperty("sun.arch.data.model"))) {
-+ // assume Linux convention
-+ libDir = "lib64";
-+ } else {
-+ // must be 32-bit
-+ libDir = "lib";
-+ }
-+ lib = lib.replace("$LIBISA", libDir);
- }
-- String s1 = lib.substring(0, k);
-- String s2 = lib.substring(k + 7);
-- String libDir;
-- if ("64".equals(System.getProperty("sun.arch.data.model"))) {
-- // assume Linux convention
-- libDir = "lib64";
-- } else {
-- // must be 32-bit
-- libDir = "lib";
-+
-+ k = lib.indexOf("$ARCH");
-+ if (k != -1) {
-+ String arch = System.getProperty("os.arch");
-+ lib = lib.replace("$ARCH", getDebianArchitecture(arch));
- }
-- String s = s1 + libDir + s2;
-- return s;
-+
-+ return lib;
-+ }
-+
-+ private static String getDebianArchitecture(String jdkArch) {
-+ return switch (jdkArch) {
-+ case "amd64" -> "x86_64";
-+ case "ppc" -> "powerpc";
-+ case "ppc64" -> "powerpc64";
-+ case "ppc64le" -> "powerpc64le";
-+ default -> jdkArch;
-+ };
- }
-
- private static String getLibraryName() throws IOException {
-@@ -98,15 +119,18 @@ private static String getLibraryName() throws IOException {
- if (lib.length() != 0) {
- return lib;
- }
-- lib = expand(LIB1);
-- if (new File(lib).isFile()) {
-- // if LIB1 exists, use that
-- return lib;
-- }
-- lib = expand(LIB2);
-- if (new File(lib).isFile()) {
-- // if LIB2 exists, use that
-- return lib;
-+
-+ for (String template : LIB_TEMPLATES) {
-+ for (String suffix : LIB_SUFFIXES) {
-+ lib = expand(template) + suffix;
-+ if (debug != null) {
-+ debug.println("Looking for " + lib);
-+ }
-+ if (new File(lib).isFile()) {
-+ // if library exists, use that
-+ return lib;
-+ }
-+ }
- }
-
- // As of macos 11, framework libraries have been removed from the file
diff --git a/SPECS/java-21-openjdk.spec b/SPECS/java-21-openjdk.spec
index 6a88316..e51795d 100644
--- a/SPECS/java-21-openjdk.spec
+++ b/SPECS/java-21-openjdk.spec
@@ -143,6 +143,11 @@
# Set of architectures where we verify backtraces with gdb
%global gdb_arches %{jit_arches} %{zero_arches}
+# Define the OS the portable JDK is built on
+# This is undefined for openjdk-portable-rhel-8 builds and
+# equals 'rhel7' for openjdk-portable-rhel-7 builds
+%global pkgos rhel7
+
# By default, we build a debug build during main build on JIT architectures
%if %{with slowdebug}
%ifarch %{debug_arches}
@@ -300,7 +305,7 @@
# New Version-String scheme-style defines
%global featurever 21
%global interimver 0
-%global updatever 2
+%global updatever 3
%global patchver 0
# We don't add any LTS designator for STS packages (Fedora and EPEL).
# We need to explicitly exclude EPEL as it would have the %%{rhel} macro defined.
@@ -336,7 +341,7 @@
# Define IcedTea version used for SystemTap tapsets and desktop file
%global icedteaver 6.0.0pre00-c848b93a8598
# Define current Git revision for the FIPS support patches
-%global fipsver 75ffdc48eda
+%global fipsver 0a42e29b391
# Define JDK versions
%global newjavaver %{featurever}.%{interimver}.%{updatever}.%{patchver}
%global javaver %{featurever}
@@ -350,11 +355,11 @@
%global origin_nice OpenJDK
%global top_level_dir_name %{vcstag}
%global top_level_dir_name_backup %{top_level_dir_name}-backup
-%global buildver 13
+%global buildver 9
%global rpmrelease 1
# Settings used by the portable build
%global portablerelease 1
-%global portablesuffix el7_9
+%global portablesuffix %{?pkgos:el7_9}%{!?pkgos:el8}
%global portablebuilddir /builddir/build/BUILD
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
@@ -1140,8 +1145,9 @@ Requires: ca-certificates
# Require javapackages-filesystem for ownership of /usr/lib/jvm/ and macros
Requires: javapackages-filesystem
# Require zone-info data provided by tzdata-java sub-package
-# 2023c required as of JDK-8305113
-Requires: tzdata-java >= 2023c
+# 2024a required as of JDK-8325150
+# Use 2023d until 2024a is in the buildroot
+Requires: tzdata-java >= 2023d
# for support of kernel stream control
# libsctp.so.1 is being `dlopen`ed on demand
Requires: lksctp-tools%{?_isa}
@@ -1262,8 +1268,6 @@ Provides: java-%{origin}-src%{?1} = %{epoch}:%{version}-%{release}
# Prevent brp-java-repack-jars from being run
%global __jar_repack 0
-# Define the OS the portable JDK is built on
-%global pkgos rhel7
# Define the root name of the portable packages
%global pkgnameroot java-%{featurever}-%{origin}-portable%{?pkgos:-%{pkgos}}
@@ -1402,10 +1406,6 @@ Patch1001: fips-%{featurever}u-%{fipsver}.patch
#
#############################################
-# JDK-8009550, RH910107: Depend on pcsc-lite-libs instead of pcsc-lite-devel as this is only in optional repo
-# PR: https://github.com/openjdk/jdk/pull/15409
-Patch6: jdk8009550-rh910107-fail_to_load_pcsc_library.patch
-
# Currently empty
#############################################
@@ -1467,8 +1467,9 @@ BuildRequires: %{pkgnameroot}-misc = %{epoch}:%{version}-%{prelease}.%{portables
%ifarch %{zero_arches}
BuildRequires: libffi-devel
%endif
-# 2023c required as of JDK-8305113
-BuildRequires: tzdata-java >= 2023c
+# 2024a required as of JDK-8325150
+# Use 2023d until 2024a is in the buildroot
+BuildRequires: tzdata-java >= 2023d
# Earlier versions have a bug in tree vectorization on PPC
BuildRequires: gcc >= 4.8.3-8
@@ -1486,7 +1487,7 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%else
# Version in src/java.desktop/share/legal/freetype.md
-Provides: bundled(freetype) = 2.13.0
+Provides: bundled(freetype) = 2.13.2
# Version in src/java.desktop/share/native/libsplashscreen/giflib/gif_lib.h
Provides: bundled(giflib) = 5.2.1
# Version in src/java.desktop/share/native/libharfbuzz/hb-version.h
@@ -1840,6 +1841,7 @@ if [ %{include_debug_build} -eq 0 -a %{include_normal_build} -eq 0 -a %{includ
exit 14
fi
+export XZ_OPT="-T0"
%setup -q -c -n %{uniquesuffix ""} -T -a 0
# https://bugzilla.redhat.com/show_bug.cgi?id=1189084
prioritylength=`expr length %{priority}`
@@ -1856,11 +1858,22 @@ sh %{SOURCE12} %{top_level_dir_name}
%endif
# Patch the JDK
+# This syntax is deprecated:
+# %patchN [...]
+# and should be replaced with:
+# %patch -PN [...]
+# For example:
+# %patch1001 -p1
+# becomes:
+# %patch -P1001 -p1
+# The replacement format suggested by recent (circa Fedora 38) RPM
+# deprecation messages:
+# %patch N [...]
+# is not backward-compatible with prior (circa RHEL-8) versions of
+# rpmbuild.
pushd %{top_level_dir_name}
# Add crypto policy and FIPS support
-%patch1001 -p1
-# Patches in need of upstreaming
-%patch6 -p1
+%patch -P1001 -p1
popd # openjdk
@@ -1917,6 +1930,8 @@ function customisejdk() {
fi
}
+export XZ_OPT="-T0"
+
mkdir -p $(dirname %{installoutputdir})
docdir=%{installoutputdir -- "-docs"}
@@ -2171,6 +2186,8 @@ install -D -p -m 755 ${miscdir}/%{alt_java_name} $RPM_BUILD_ROOT%{jrebindir -- $
ln -sf %{sdkdir -- $suffix} %{jrelnk -- $suffix}
popd
+ # Copy alt-java man page into image so it gets installed with the others
+ cp -a ${miscdir}/%{alt_java_name}.1 ${jdk_image}/man/man1
# Install man pages
install -d -m 755 $RPM_BUILD_ROOT%{_mandir}/man1
pushd ${jdk_image}
@@ -2479,6 +2496,91 @@ require "copy_jdk_configs.lua"
%endif
%changelog
+* Sun Apr 14 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.9-1
+- Update to jdk-21.0.3+9 (GA)
+- Update release notes to 21.0.3+9
+- Switch to GA mode.
+- Sync the copy of the portable specfile with the latest update
+- ** This tarball is embargoed until 2024-04-16 @ 1pm PT. **
+- Resolves: RHEL-32405
+
+* Sun Apr 14 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.7-0.1.ea
+- Update to jdk-21.0.3+7 (EA)
+- Update release notes to 21.0.3+7
+- Require tzdata 2024a due to upstream inclusion of JDK-8322725
+- Only require tzdata 2023d for now as 2024a is unavailable in buildroot
+- Drop JDK-8009550 which is now available upstream
+- Re-generate FIPS patch against 21.0.3+7 following backport of JDK-8325254
+- Resolves: RHEL-30944
+
+* Sun Apr 14 2024 Thomas Fitzsimmons <fitzsim@redhat.com> - 1:21.0.3.0.1-0.2.ea
+- Invoke xz in multi-threaded mode
+- generate_source_tarball.sh: Add WITH_TEMP environment variable
+- generate_source_tarball.sh: Multithread xz on all available cores
+- generate_source_tarball.sh: Add OPENJDK_LATEST environment variable
+- generate_source_tarball.sh: Update comment about tarball naming
+- generate_source_tarball.sh: Reformat comment header
+- generate_source_tarball.sh: Reformat and update help output
+- generate_source_tarball.sh: Do a shallow clone, for speed
+- generate_source_tarball.sh: Append -ea designator when required
+- generate_source_tarball.sh: Eliminate some removal prompting
+- generate_source_tarball.sh: Make tarball reproducible
+- generate_source_tarball.sh: Prefix temporary directory with temp-
+- generate_source_tarball.sh: Remove temporary directory exit conditions
+- generate_source_tarball.sh: Fix -ea logic to add dash
+- generate_source_tarball.sh: Set compile-command in Emacs
+- generate_source_tarball.sh: Remove REPO_NAME from FILE_NAME_ROOT
+- generate_source_tarball.sh: Move PROJECT_NAME and REPO_NAME checks
+- generate_source_tarball.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- generate_source_tarball.sh: shellcheck: Double-quote variable references (SC2086)
+- generate_source_tarball.sh: shellcheck: Do not use -a (SC2166)
+- generate_source_tarball.sh: shellcheck: Do not use $ on arithmetic variables (SC2004)
+- Use backward-compatible patch syntax
+- generate_source_tarball.sh: Ignore -ga tags with OPENJDK_LATEST
+- generate_source_tarball.sh: Fix whitespace
+- generate_source_tarball.sh: Remove trailing period in echo
+- generate_source_tarball.sh: Use long-style argument to grep
+- generate_source_tarball.sh: Add license
+- generate_source_tarball.sh: Add indentation instructions for Emacs
+- Related: RHEL-30944
+
+* Sun Apr 14 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.1-0.2.ea
+- Install alt-java man page from the misc tarball as it is no longer in the JDK image
+- generate_source_tarball.sh: Update examples in header for clarity
+- generate_source_tarball.sh: Cleanup message issued when checkout already exists
+- generate_source_tarball.sh: Create directory in TMPDIR when using WITH_TEMP
+- generate_source_tarball.sh: Only add --depth=1 on non-local repositories
+- Move maintenance scripts to a scripts subdirectory
+- discover_trees.sh: Set compile-command and indentation instructions for Emacs
+- discover_trees.sh: shellcheck: Do not use -o (SC2166)
+- discover_trees.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- discover_trees.sh: shellcheck: Double-quote variable references (SC2086)
+- generate_source_tarball.sh: Add authorship
+- icedtea_sync.sh: Set compile-command and indentation instructions for Emacs
+- icedtea_sync.sh: shellcheck: Double-quote variable references (SC2086)
+- icedtea_sync.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- openjdk_news.sh: Set compile-command and indentation instructions for Emacs
+- openjdk_news.sh: shellcheck: Double-quote variable references (SC2086)
+- openjdk_news.sh: shellcheck: Remove x-prefixes since we use Bash (SC2268)
+- openjdk_news.sh: shellcheck: Remove deprecated egrep usage (SC2196)
+- generate_source_tarball.sh: Output values of new options WITH_TEMP and OPENJDK_LATEST
+- generate_source_tarball.sh: Double-quote DEPTH reference (SC2086)
+- generate_source_tarball.sh: Avoid empty DEPTH reference while still appeasing shellcheck
+- Related: RHEL-30944
+
+* Sun Apr 14 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.3.0.1-0.1.ea
+- Update to jdk-21.0.3+1 (EA)
+- Update release notes to 21.0.3+1
+- Switch to EA mode
+- Require tzdata 2023d due to upstream inclusion of JDK-8322725
+- Bump FreeType version to 2.13.2 following JDK-8316028
+- Related: RHEL-30944
+
+* Fri Apr 12 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.2.0.13-2
+- Sync the copy of the portable specfile with the latest update
+- Define portablesuffix according to whether pkgos is defined or not
+- Related: RHEL-30944
+
* Tue Jan 09 2024 Andrew Hughes <gnu.andrew@redhat.com> - 1:21.0.2.0.13-1
- Update to jdk-21.0.2+13 (GA)
- Sync the copy of the portable specfile with the latest update
--
GitLab