Mercurial > hg > openjdk > lambda > jdk
changeset 10418:110c4fe4c354
8009280: JCE jurisdiction policy files not copied into jdk/lib/security
Reviewed-by: tbell, ihse
author | erikj |
---|---|
date | Thu, 24 Oct 2013 10:43:51 +0200 |
parents | 5b4261b4b72a |
children | f40f639e1f52 |
files | makefiles/BuildJdk.gmk makefiles/CompileJavaClasses.gmk makefiles/CreateJars.gmk makefiles/CreateSecurityJars.gmk makefiles/SignJars.gmk |
diffstat | 5 files changed, 390 insertions(+), 296 deletions(-) [+] |
line wrap: on
line diff
--- a/makefiles/BuildJdk.gmk Wed Oct 23 17:57:38 2013 +0200 +++ b/makefiles/BuildJdk.gmk Thu Oct 24 10:43:51 2013 +0200 @@ -80,7 +80,11 @@ # to execute launchers. +$(MAKE) -f GenerateClasses.gmk -jdk: genclasses +securityjars: genclasses securityjars-only +securityjars-only: + +$(MAKE) -f CreateSecurityJars.gmk + +jdk: securityjars # Now we have a complete jdk, which you can run. # It is not yet wrapped up as an installed image.
--- a/makefiles/CompileJavaClasses.gmk Wed Oct 23 17:57:38 2013 +0200 +++ b/makefiles/CompileJavaClasses.gmk Thu Oct 24 10:43:51 2013 +0200 @@ -281,6 +281,19 @@ EXCLUDES += com/apple/jobjc endif +# The security classes should not end up in the classes directory as that will prevent them +# from working when running the exploded jdk image. Compile them separately to a different +# directory from where the jars can be created. +SECURITY_PKGS := \ + com/oracle/security/ucrypto \ + com/sun/crypto/provider \ + javax/crypto \ + sun/security/ec \ + sun/security/internal \ + sun/security/mscapi \ + sun/security/pkcs11 \ + # + # The exception handling of swing beaninfo # These resources violates the convention of having code and resources together under # $(JDK_TOPDIR)/src/.../classes directories @@ -293,22 +306,46 @@ # space separated list. JDK_USER_DEFINED_FILTER := $(strip $(subst $(COMMA),$(SPACE), $(JDK_FILTER))) -$(eval $(call SetupJavaCompilation,BUILD_JDK, \ +ifeq ($(ENABLE_SJAVAC),yes) + # With sjavac enabled, excluded sources are not even considered for linking. + # Explicitly add the security sources to sourcepath for linking. + BUILD_JDK_SOURCEPATH:=$(patsubst %,-i$(SPACE)%.*,$(subst /,.,$(SECURITY_PKGS))) \ + -sourcepath $(JDK_TOPDIR)/src/share/classes +endif + +$(eval $(call SetupJavaCompilation,BUILD_JDK,\ + SETUP:=GENERATE_JDKBYTECODE,\ + SRC:=$(JDK_TOPDIR)/src/share/classes \ + $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes \ + $(MACOSX_SRC_DIRS) \ + $(JDK_OUTPUTDIR)/gensrc \ + $(JDK_OUTPUTDIR)/gensrc_no_srczip \ + $(CLOSED_SRC_DIRS),\ + INCLUDES:=$(JDK_USER_DEFINED_FILTER),\ + EXCLUDES:=$(EXCLUDES) $(SECURITY_PKGS),\ + EXCLUDE_FILES:=$(EXFILES),\ + BIN:=$(JDK_OUTPUTDIR)/classes,\ + COPY:=$(COPY_PATTERNS),\ + COPY_FILES:=$(COPY_FILES),\ + HEADERS:=$(JDK_OUTPUTDIR)/gensrc_headers,\ + ADD_JAVAC_FLAGS:=$(BUILD_JDK_SOURCEPATH))) + +########################################################################################## + +$(eval $(call SetupJavaCompilation,BUILD_SECURITY, \ SETUP := GENERATE_JDKBYTECODE, \ SRC := $(JDK_TOPDIR)/src/share/classes \ - $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes \ - $(MACOSX_SRC_DIRS) \ - $(JDK_OUTPUTDIR)/gensrc \ - $(JDK_OUTPUTDIR)/gensrc_no_srczip \ - $(CLOSED_SRC_DIRS), \ - INCLUDES := $(JDK_USER_DEFINED_FILTER), \ + $(JDK_TOPDIR)/src/$(OPENJDK_TARGET_OS_API_DIR)/classes \ + $(MACOSX_SRC_DIRS) \ + $(CLOSED_SRC_DIRS), \ + INCLUDES := $(SECURITY_PKGS), \ EXCLUDES := $(EXCLUDES), \ EXCLUDE_FILES := $(EXFILES), \ - BIN := $(JDK_OUTPUTDIR)/classes, \ - COPY := $(COPY_PATTERNS), \ - COPY_FILES := $(COPY_FILES), \ + BIN := $(JDK_OUTPUTDIR)/classes_security, \ HEADERS := $(JDK_OUTPUTDIR)/gensrc_headers)) +$(BUILD_SECURITY): $(BUILD_JDK) + ########################################################################################## $(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin: @@ -393,7 +430,7 @@ ########################################################################################## -all: $(BUILD_JDK) $(BUILD_JOBJC) $(BUILD_JOBJC_HEADERS) $(COPY_EXTRA) \ +all: $(BUILD_JDK) $(BUILD_SECURITY) $(BUILD_JOBJC) $(BUILD_JOBJC_HEADERS) $(COPY_EXTRA) \ $(JDK_OUTPUTDIR)/classes/META-INF/services/com.sun.tools.xjc.Plugin \ $(BUILD_ACCESSBRIDGE_32) $(BUILD_ACCESSBRIDGE_64) \ $(BUILD_ACCESSBRIDGE_LEGACY)
--- a/makefiles/CreateJars.gmk Wed Oct 23 17:57:38 2013 +0200 +++ b/makefiles/CreateJars.gmk Thu Oct 24 10:43:51 2013 +0200 @@ -102,7 +102,6 @@ # This value should exclude types destined for jars other than rt.jar and resources.jar. # When building a Profile this value augments the profile specific exclusions RT_JAR_EXCLUDES += \ - com/oracle/security \ com/sun/codemodel \ com/sun/crypto/provider \ com/sun/istack/internal/tools \ @@ -415,86 +414,6 @@ CHECK_COMPRESS_JAR := true)) ########################################################################################## -# Create manifest for security jars - -# -# Include these extra attributes for now, should probably take out. -# -JCE_MANIFEST := $(IMAGES_OUTPUTDIR)/lib/_the.security.manifest.mf -$(JCE_MANIFEST): $(MAINMANIFEST) - $(MKDIR) -p $(@D) - $(RM) $@ $@.tmp - $(SED) -e "s#@@RELEASE@@#$(JDK_VERSION)#" \ - -e "s#@@COMPANY_NAME@@#$(COMPANY_NAME)#" \ - $(MAINMANIFEST) >> $@.tmp - $(ECHO) "Extension-Name: javax.crypto" >> $@.tmp - $(ECHO) "Implementation-Vendor-Id: com.sun" >> $@.tmp - $(MV) $@.tmp $@ - -########################################################################################## -# For security and crypto jars, always build the jar, but for closed, install the prebuilt -# signed version instead of the newly built jar. Unsigned jars are treated as intermediate -# targets and explicitly added to the JARS list. For open, signing is not needed. See -# SignJars.gmk for more information. -# -# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO -# variable is set to no if these jars can't be built to skip that step of the build. -# Note that for OPENJDK, the build will fail if BUILD_CRYPTO=no since then there is no -# other way to get the jars than to build them. - -SUNPKCS11_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunpkcs11.jar -SUNPKCS11_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunpkcs11.jar - -$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR, , \ - SRCS := $(JDK_OUTPUTDIR)/classes, \ - SUFFIXES := .class, \ - INCLUDES := sun/security/pkcs11, \ - JAR := $(SUNPKCS11_JAR_UNSIGNED), \ - MANIFEST := $(JCE_MANIFEST), \ - SKIP_METAINF := true)) - -$(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST) - -ifndef OPENJDK - SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar - $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC) - @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..." - $(install-file) -else - $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED) - $(install-file) -endif - -JARS += $(SUNPKCS11_JAR_UNSIGNED) - -########################################################################################## - -SUNEC_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunec.jar -SUNEC_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunec.jar - -$(eval $(call SetupArchive,BUILD_SUNEC_JAR, , \ - SRCS := $(JDK_OUTPUTDIR)/classes, \ - SUFFIXES := .class, \ - INCLUDES := sun/security/ec, \ - JAR := $(SUNEC_JAR_UNSIGNED), \ - MANIFEST := $(JCE_MANIFEST), \ - SKIP_METAINF := true)) - -$(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST) - -ifndef OPENJDK - SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar - $(SUNEC_JAR_DST): $(SUNEC_JAR_SRC) - @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..." - $(install-file) -else - $(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED) - $(install-file) -endif - -JARS += $(SUNEC_JAR_UNSIGNED) - -########################################################################################## $(eval $(call SetupArchive,BUILD_SWINGBEANS_JAR, , \ SRCS := $(JDK_OUTPUTDIR)/classes, \ @@ -507,208 +426,6 @@ ########################################################################################## -SUNJCE_PROVIDER_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunjce_provider.jar -SUNJCE_PROVIDER_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunjce_provider.jar - -ifneq ($(BUILD_CRYPTO), no) - $(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \ - SRCS := $(JDK_OUTPUTDIR)/classes, \ - SUFFIXES := .class, \ - INCLUDES := com/sun/crypto/provider, \ - JAR := $(SUNJCE_PROVIDER_JAR_UNSIGNED), \ - MANIFEST := $(JCE_MANIFEST), \ - SKIP_METAINF := true)) - - $(SUNJCE_PROVIDER_JAR_UNSIGNED): $(JCE_MANIFEST) - - JARS += $(SUNJCE_PROVIDER_JAR_UNSIGNED) -endif - -ifndef OPENJDK - SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar - $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC) - @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..." - $(install-file) -else - $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED) - $(install-file) -endif - -########################################################################################## - -JCE_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/jce.jar -JCE_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/jce.jar - -ifneq ($(BUILD_CRYPTO), no) - $(eval $(call SetupArchive,BUILD_JCE_JAR, , \ - SRCS := $(JDK_OUTPUTDIR)/classes, \ - SUFFIXES := .class, \ - INCLUDES := javax/crypto sun/security/internal, \ - JAR := $(JCE_JAR_UNSIGNED), \ - MANIFEST := $(JCE_MANIFEST), \ - SKIP_METAINF := true)) - - $(JCE_JAR_UNSIGNED): $(JCE_MANIFEST) - - JARS += $(JCE_JAR_UNSIGNED) -endif - -ifndef OPENJDK - JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar - $(JCE_JAR_DST): $(JCE_JAR_SRC) - @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..." - $(install-file) -else - $(JCE_JAR_DST): $(JCE_JAR_UNSIGNED) - $(install-file) -endif - -########################################################################################## - -US_EXPORT_POLICY_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/security/US_export_policy.jar -US_EXPORT_POLICY_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/US_export_policy.jar - -ifneq ($(BUILD_CRYPTO), no) - # - # TODO fix so that SetupArchive does not write files into SRCS - # then we don't need this extra copying - - # NOTE: We currently do not place restrictions on our limited export - # policy. This was not a typo. - # - US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited - US_EXPORT_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/US_export_policy_jar.tmp - - $(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/% - $(install-file) - - US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy - - $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \ - SRCS := $(US_EXPORT_POLICY_JAR_TMP), \ - SUFFIXES := .policy, \ - JAR := $(US_EXPORT_POLICY_JAR_UNSIGNED), \ - EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ - SKIP_METAINF := true)) - - JARS += $(US_EXPORT_POLICY_JAR_UNSIGNED) -endif - -ifndef OPENJDK - $(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar - $(ECHO) $(LOG_INFO) Copying $(@F) - $(install-file) -else - $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNSIGNED) - $(install-file) -endif - -########################################################################################## - -LOCAL_POLICY_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/security/local_policy.jar -LOCAL_POLICY_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/local_policy.jar - -ifneq ($(BUILD_CRYPTO), no) - # - # TODO fix so that SetupArchive does not write files into SRCS - # then we don't need this extra copying - # - LOCAL_POLICY_JAR_TMP := $(IMAGES_OUTPUTDIR)/local_policy_jar.tmp - - ifeq ($(UNLIMITED_CRYPTO), true) - LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited - LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy - LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited - else - LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/limited - LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \ - $(LOCAL_POLICY_JAR_TMP)/default_local.policy - LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited - endif - - $(LOCAL_POLICY_JAR_TMP)/%: $(LOCAL_POLICY_JAR_SRC_DIR)/% - $(install-file) - - $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR, $(LOCAL_POLICY_JAR_DEPS), \ - SRCS := $(LOCAL_POLICY_JAR_TMP), \ - SUFFIXES := .policy, \ - JAR := $(LOCAL_POLICY_JAR_UNSIGNED), \ - EXTRA_MANIFEST_ATTR := $(LOCAL_POLICY_JAR_ATTR), \ - SKIP_METAINF := true)) - - JARS += $(LOCAL_POLICY_JAR_UNSIGNED) -endif - -ifndef OPENJDK - $(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar - $(ECHO) $(LOG_INFO) Copying $(@F) - $(install-file) -else - $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNSIGNED) - $(install-file) -endif - -########################################################################################## - -ifeq ($(OPENJDK_TARGET_OS), windows) - - SUNMSCAPI_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/sunmscapi.jar - SUNMSCAPI_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/sunmscapi.jar - - $(eval $(call SetupArchive,BUILD_SUNMSCAPI_JAR, , \ - SRCS := $(JDK_OUTPUTDIR)/classes, \ - SUFFIXES := .class, \ - INCLUDES := sun/security/mscapi, \ - JAR := $(SUNMSCAPI_JAR_UNSIGNED), \ - MANIFEST := $(JCE_MANIFEST), \ - SKIP_METAINF := true)) - - $(SUNMSCAPI_JAR_UNSIGNED): $(JCE_MANIFEST) - - ifndef OPENJDK - SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar - $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC) - @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..." - $(install-file) - else - $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED) - $(install-file) - endif - - JARS += $(SUNMSCAPI_JAR_UNSIGNED) - -endif - -########################################################################################## - -ifeq ($(OPENJDK_TARGET_OS), solaris) - ifndef OPENJDK - - UCRYPTO_JAR_DST := $(IMAGES_OUTPUTDIR)/lib/ext/ucrypto.jar - UCRYPTO_JAR_UNSIGNED := $(IMAGES_OUTPUTDIR)/unsigned/ucrypto.jar - UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar - - $(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \ - SRCS := $(JDK_OUTPUTDIR)/classes, \ - SUFFIXES := .class, \ - INCLUDES := com/oracle/security/ucrypto, \ - JAR := $(UCRYPTO_JAR_UNSIGNED), \ - MANIFEST := $(JCE_MANIFEST), \ - SKIP_METAINF := true)) - - $(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST) - - $(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC) - @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt OracleUcrypto provider..." - $(install-file) - - JARS += $(UCRYPTO_JAR_UNSIGNED) - - endif -endif - -########################################################################################## - # Get the CLDRVERSION include gensrc/GensrcCLDR.gmk @@ -1047,6 +764,13 @@ ########################################################################################## +# This rule copies all jars from jdk/lib/... to images/lib/... to avoid having to track +# which jars are where +$(IMAGES_OUTPUTDIR)/lib/%: $(JDK_OUTPUTDIR)/lib/% + $(install-file) + +########################################################################################## + # Import nashorn.jar from nashorn dist dir. $(IMAGES_OUTPUTDIR)/lib/ext/nashorn.jar: $(NASHORN_DIST)/nashorn.jar $(install-file)
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/makefiles/CreateSecurityJars.gmk Thu Oct 24 10:43:51 2013 +0200 @@ -0,0 +1,329 @@ +# +# Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. +# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. +# +# This code is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License version 2 only, as +# published by the Free Software Foundation. Oracle designates this +# particular file as subject to the "Classpath" exception as provided +# by Oracle in the LICENSE file that accompanied this code. +# +# This code is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or +# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +# version 2 for more details (a copy is included in the LICENSE file that +# accompanied this code). +# +# You should have received a copy of the GNU General Public License version +# 2 along with this work; if not, write to the Free Software Foundation, +# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA +# or visit www.oracle.com if you need additional information or have any +# questions. +# + +default: all + +include $(SPEC) +include MakeBase.gmk +include JavaCompilation.gmk +include Setup.gmk + +# The jars created in this file are required for the exploded jdk image to function and +# cannot wait to be built in the images target. + +########################################################################################## +# Create manifest for security jars +# +# Include these extra attributes for now, should probably take out. +# +MAINMANIFEST := $(JDK_TOPDIR)/make/tools/manifest.mf +JCE_MANIFEST := $(JDK_OUTPUTDIR)/lib/_the.security.manifest.mf + +$(JCE_MANIFEST): $(MAINMANIFEST) + $(MKDIR) -p $(@D) + $(RM) $@ $@.tmp + $(SED) -e "s#@@RELEASE@@#$(JDK_VERSION)#" \ + -e "s#@@COMPANY_NAME@@#$(COMPANY_NAME)#" \ + $(MAINMANIFEST) >> $@.tmp + $(ECHO) "Extension-Name: javax.crypto" >> $@.tmp + $(ECHO) "Implementation-Vendor-Id: com.sun" >> $@.tmp + $(MV) $@.tmp $@ + +########################################################################################## +# For security and crypto jars, always build the jar, but for closed, install the prebuilt +# signed version instead of the newly built jar. Unsigned jars are treated as intermediate +# targets and explicitly added to the JARS list. For open, signing is not needed. See +# SignJars.gmk for more information. +# +# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO +# variable is set to no if these jars can't be built to skip that step of the build. +# Note that for OPENJDK, the build will fail if BUILD_CRYPTO=no since then there is no +# other way to get the jars than to build them. + +SUNPKCS11_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunpkcs11.jar +SUNPKCS11_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunpkcs11.jar + +$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR, , \ + SRCS := $(JDK_OUTPUTDIR)/classes_security, \ + SUFFIXES := .class, \ + INCLUDES := sun/security/pkcs11, \ + JAR := $(SUNPKCS11_JAR_UNSIGNED), \ + MANIFEST := $(JCE_MANIFEST), \ + SKIP_METAINF := true)) + +$(SUNPKCS11_JAR_UNSIGNED): $(JCE_MANIFEST) + +ifndef OPENJDK + SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar + $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC) + @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..." + $(install-file) +else + $(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED) + $(install-file) +endif + +JARS += $(SUNPKCS11_JAR_UNSIGNED) $(SUNPKCS11_JAR_DST) + +########################################################################################## + +SUNEC_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunec.jar +SUNEC_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunec.jar + +$(eval $(call SetupArchive,BUILD_SUNEC_JAR, , \ + SRCS := $(JDK_OUTPUTDIR)/classes_security, \ + SUFFIXES := .class, \ + INCLUDES := sun/security/ec, \ + JAR := $(SUNEC_JAR_UNSIGNED), \ + MANIFEST := $(JCE_MANIFEST), \ + SKIP_METAINF := true)) + +$(SUNEC_JAR_UNSIGNED): $(JCE_MANIFEST) + +ifndef OPENJDK + SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar + $(SUNEC_JAR_DST): $(SUNEC_JAR_SRC) + @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..." + $(install-file) +else + $(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED) + $(install-file) +endif + +JARS += $(SUNEC_JAR_UNSIGNED) $(SUNEC_JAR_DST) + +########################################################################################## + +SUNJCE_PROVIDER_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunjce_provider.jar +SUNJCE_PROVIDER_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunjce_provider.jar + +ifneq ($(BUILD_CRYPTO), no) + $(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \ + SRCS := $(JDK_OUTPUTDIR)/classes_security, \ + SUFFIXES := .class, \ + INCLUDES := com/sun/crypto/provider, \ + JAR := $(SUNJCE_PROVIDER_JAR_UNSIGNED), \ + MANIFEST := $(JCE_MANIFEST), \ + SKIP_METAINF := true)) + + $(SUNJCE_PROVIDER_JAR_UNSIGNED): $(JCE_MANIFEST) + + JARS += $(SUNJCE_PROVIDER_JAR_UNSIGNED) +endif + +ifndef OPENJDK + SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar + $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC) + @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..." + $(install-file) +else + $(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED) + $(install-file) +endif + +JARS += $(SUNJCE_PROVIDER_JAR_DST) + +########################################################################################## + +JCE_JAR_DST := $(JDK_OUTPUTDIR)/lib/jce.jar +JCE_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/jce.jar + +ifneq ($(BUILD_CRYPTO), no) + $(eval $(call SetupArchive,BUILD_JCE_JAR, , \ + SRCS := $(JDK_OUTPUTDIR)/classes_security, \ + SUFFIXES := .class, \ + INCLUDES := javax/crypto sun/security/internal, \ + JAR := $(JCE_JAR_UNSIGNED), \ + MANIFEST := $(JCE_MANIFEST), \ + SKIP_METAINF := true)) + + $(JCE_JAR_UNSIGNED): $(JCE_MANIFEST) + + JARS += $(JCE_JAR_UNSIGNED) +endif + +ifndef OPENJDK + JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar + $(JCE_JAR_DST): $(JCE_JAR_SRC) + @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..." + $(install-file) +else + $(JCE_JAR_DST): $(JCE_JAR_UNSIGNED) + $(install-file) +endif + +JARS += $(JCE_JAR_DST) + +########################################################################################## + +US_EXPORT_POLICY_JAR_DST := $(JDK_OUTPUTDIR)/lib/security/US_export_policy.jar +US_EXPORT_POLICY_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/US_export_policy.jar + +ifneq ($(BUILD_CRYPTO), no) + # + # TODO fix so that SetupArchive does not write files into SRCS + # then we don't need this extra copying + # + # NOTE: We currently do not place restrictions on our limited export + # policy. This was not a typo. + # + US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited + US_EXPORT_POLICY_JAR_TMP := $(JDK_OUTPUTDIR)/US_export_policy_jar.tmp + + $(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/% + $(install-file) + + US_EXPORT_POLICY_JAR_DEPS := $(US_EXPORT_POLICY_JAR_TMP)/default_US_export.policy + + $(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \ + SRCS := $(US_EXPORT_POLICY_JAR_TMP), \ + SUFFIXES := .policy, \ + JAR := $(US_EXPORT_POLICY_JAR_UNSIGNED), \ + EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \ + SKIP_METAINF := true)) + + JARS += $(US_EXPORT_POLICY_JAR_UNSIGNED) +endif + +ifndef OPENJDK + $(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar + $(ECHO) $(LOG_INFO) Copying $(@F) + $(install-file) +else + $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNSIGNED) + $(install-file) +endif + +JARS += $(US_EXPORT_POLICY_JAR_DST) + +########################################################################################## + +LOCAL_POLICY_JAR_DST := $(JDK_OUTPUTDIR)/lib/security/local_policy.jar +LOCAL_POLICY_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/local_policy.jar + +ifneq ($(BUILD_CRYPTO), no) + # + # TODO fix so that SetupArchive does not write files into SRCS + # then we don't need this extra copying + # + LOCAL_POLICY_JAR_TMP := $(JDK_OUTPUTDIR)/local_policy_jar.tmp + + ifeq ($(UNLIMITED_CRYPTO), true) + LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/unlimited + LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy + LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited + else + LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/javax/crypto/policy/limited + LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \ + $(LOCAL_POLICY_JAR_TMP)/default_local.policy + LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited + endif + + $(LOCAL_POLICY_JAR_TMP)/%: $(LOCAL_POLICY_JAR_SRC_DIR)/% + $(install-file) + + $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR, $(LOCAL_POLICY_JAR_DEPS), \ + SRCS := $(LOCAL_POLICY_JAR_TMP), \ + SUFFIXES := .policy, \ + JAR := $(LOCAL_POLICY_JAR_UNSIGNED), \ + EXTRA_MANIFEST_ATTR := $(LOCAL_POLICY_JAR_ATTR), \ + SKIP_METAINF := true)) + + JARS += $(LOCAL_POLICY_JAR_UNSIGNED) +endif + +ifndef OPENJDK + $(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar + $(ECHO) $(LOG_INFO) Copying $(@F) + $(install-file) +else + $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNSIGNED) + $(install-file) +endif + +JARS += $(LOCAL_POLICY_JAR_DST) + +########################################################################################## + +ifeq ($(OPENJDK_TARGET_OS), windows) + + SUNMSCAPI_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunmscapi.jar + SUNMSCAPI_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunmscapi.jar + + $(eval $(call SetupArchive,BUILD_SUNMSCAPI_JAR, , \ + SRCS := $(JDK_OUTPUTDIR)/classes_security, \ + SUFFIXES := .class, \ + INCLUDES := sun/security/mscapi, \ + JAR := $(SUNMSCAPI_JAR_UNSIGNED), \ + MANIFEST := $(JCE_MANIFEST), \ + SKIP_METAINF := true)) + + $(SUNMSCAPI_JAR_UNSIGNED): $(JCE_MANIFEST) + + ifndef OPENJDK + SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar + $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC) + @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..." + $(install-file) + else + $(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED) + $(install-file) + endif + + JARS += $(SUNMSCAPI_JAR_UNSIGNED) $(SUNMSCAPI_JAR_DST) + +endif + +########################################################################################## + +ifeq ($(OPENJDK_TARGET_OS), solaris) + ifndef OPENJDK + + UCRYPTO_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/ucrypto.jar + UCRYPTO_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/ucrypto.jar + UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar + + $(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \ + SRCS := $(JDK_OUTPUTDIR)/classes_security, \ + SUFFIXES := .class, \ + INCLUDES := com/oracle/security/ucrypto, \ + JAR := $(UCRYPTO_JAR_UNSIGNED), \ + MANIFEST := $(JCE_MANIFEST), \ + SKIP_METAINF := true)) + + $(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST) + + $(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC) + @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt OracleUcrypto provider..." + $(install-file) + + JARS += $(UCRYPTO_JAR_UNSIGNED) $(UCRYPTO_JAR_DST) + + endif +endif + +all: $(JARS) + +.PHONY: default all
--- a/makefiles/SignJars.gmk Wed Oct 23 17:57:38 2013 +0200 +++ b/makefiles/SignJars.gmk Thu Oct 24 10:43:51 2013 +0200 @@ -78,7 +78,7 @@ exit 2; \ fi -$(JCE_OUTPUTDIR)/%: $(IMAGES_OUTPUTDIR)/unsigned/% +$(JCE_OUTPUTDIR)/%: $(JDK_OUTPUTDIR)/unsigned/% $(call install-file) $(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \ $@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)