[java-1.7.0-openjdk/f20] added nss EC support and ppc le support
jiri vanek
jvanek at fedoraproject.org
Wed Jul 2 12:14:48 UTC 2014
commit 3b15c52631a8b346946abc08fe9ffd3579f3069f
Author: Jiri Vanek <jvanek at jvanek.redhat>
Date: Wed Jul 2 14:14:35 2014 +0200
added nss EC support and ppc le support
fsg.sh | 8 +-------
java-1.7.0-openjdk.spec | 39 ++++++++++++++++++++++++++++++---------
nss.cfg | 3 ++-
rh1022017.patch | 44 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 77 insertions(+), 17 deletions(-)
---
diff --git a/fsg.sh b/fsg.sh
index 062ffd4..838e585 100644
--- a/fsg.sh
+++ b/fsg.sh
@@ -106,10 +106,4 @@ echo "Removing registration tests"
rm -rvf openjdk/jdk/test/com/sun/servicetag
echo "Removing EC source code we don't build"
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDHKeyAgreement.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunECEntries.java
-rm -rvf openjdk/jdk/src/share/native/sun/security/ec
-rm -rvf openjdk/jdk/make/sun/security/ec
+rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl
diff --git a/java-1.7.0-openjdk.spec b/java-1.7.0-openjdk.spec
index 71d1128..aab1b14 100644
--- a/java-1.7.0-openjdk.spec
+++ b/java-1.7.0-openjdk.spec
@@ -9,7 +9,10 @@
%global ppc64le ppc64le
%global ppc64be ppc64 ppc64p7
%global multilib_arches %{power64} sparc64 x86_64
-%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{ppc64be} %{aarch64}
+%global jit_arches %{ix86} x86_64 sparcv9 sparc64 %{ppc64be} %{ppc64le} %{aarch64}
+
+# Always set this so the nss.cfg file is not broken
+%global NSS_LIBDIR %(pkg-config --variable=libdir nss)
#if 0, then links are set forcibly, if 1 ten only if status is auto
%global graceful_links 1
@@ -163,7 +166,7 @@
Name: java-%{javaver}-%{origin}
Version: %{javaver}.%{updatever}
-Release: %{icedtea_version}.1%{?dist}
+Release: %{icedtea_version}.2%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -273,6 +276,9 @@ Patch200: abrt_friendly_hs_log_jdk7.patch
# mixer
Patch300: pulse-soundproperties.patch
+# Make the curves reported by Java's SSL implementation match those of NSS
+Patch400: rh1022017.patch
+
# Temporary patches
#Workaround RH902004
@@ -314,8 +320,12 @@ BuildRequires: at-spi-devel
BuildRequires: gawk
BuildRequires: pkgconfig >= 0.9.0
BuildRequires: xorg-x11-utils
+# Requirements for setting up the nss.cfg
BuildRequires: nss-devel
+# Required for NIO2
BuildRequires: libattr-devel
+# Build requirements for SunEC system NSS support
+BuildRequires: nss-softokn-freebl-devel >= 3.16.1
BuildRequires: python
# PulseAudio build requirements.
%if %{with_pulseaudio}
@@ -492,6 +502,9 @@ cp %{SOURCE2} .
%patch300
%endif
+# ECC fix
+%patch400
+
# Add systemtap patches if enabled
%if %{with_systemtap}
%endif
@@ -647,6 +660,10 @@ make \
STRIP_POLICY="no_strip" \
JAVAC_WARNINGS_FATAL="false" \
INSTALL_LOCATION=%{_jvmdir}/%{sdkdir} \
+ SYSTEM_NSS="true" \
+ NSS_LIBS="`pkg-config --libs nss-softokn` -lfreebl" \
+ NSS_CFLAGS="`pkg-config --cflags nss-softokn` " \
+ ECC_JUST_SUITE_B="true" \
%{debugbuild}
popd >& /dev/null
@@ -665,6 +682,10 @@ ln -s %{_jvmdir}/%{sdkdir}/jre/lib $JAVA_HOME/jre-abrt/lib
cat %{SOURCE13} | sed -e s:@JAVA_PATH@:%{_jvmdir}/%{sdkdir}/jre-abrt/bin/java:g -e s:@LIB_DIR@:%{LIBDIR}/libabrt-java-connector.so:g > $JAVA_HOME/jre/bin/java
chmod 755 $JAVA_HOME/jre/bin/java
+# Install nss.cfg right away as we will be using the JRE above
+cp -a %{SOURCE8} $JAVA_HOME/jre/lib/security/
+sed -i -e s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g $JAVA_HOME/jre/lib/security/nss.cfg
+
# Build pulseaudio and install it to JDK build location
%if %{with_pulseaudio}
pushd pulseaudio
@@ -793,10 +814,6 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir}/lib/%{archinstall}/client/
popd
-# Install nss.cfg
-install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir}/lib/security/
-
-
# Install Javadoc documentation.
install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
cp -a %{buildoutputdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir}
@@ -1171,9 +1188,6 @@ done
update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk} %{priority} \
--slave %{_jvmjardir}/jre-%{javaver} jre_%{javaver}_%{origin}_exports %{jvmjardir}
-update-desktop-database %{_datadir}/applications &> /dev/null || :
-
-/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
exit 0
@@ -1530,6 +1544,13 @@ exit 0
%{_jvmdir}/%{jredir}/lib/accessibility.properties
%changelog
+* Tue Jul 01 2014 Andrew Hughes <gnu.andrew at redhat.com> - 1.7.0.60-2.5.0.2
+- Add nss-softokn dependency for SunEC provider
+- Add support for ppc64le
+- Enable SunEC provider with system NSS support.
+- Ensure java-1.7.0-openjdk is used to build, not 8
+- Set INSTALL_LOCATION so it can be used in the rpath.
+
* Thu Jun 19 2014 Jiri Vanek <jvanek at redhat.com> - 1.7.0.60-2.5.0.1.f20
- added and applied as reverted patch404 gtk3ToBeReverted.patch
- reverting controversial fix of http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=729
diff --git a/nss.cfg b/nss.cfg
index c510dd0..377a39c 100644
--- a/nss.cfg
+++ b/nss.cfg
@@ -1,4 +1,5 @@
name = NSS
-nssLibraryDirectory =
+nssLibraryDirectory = @NSS_LIBDIR@
nssDbMode = noDb
attributes = compatibility
+handleStartupErrors = ignoreMultipleInitialisation
diff --git a/rh1022017.patch b/rh1022017.patch
new file mode 100644
index 0000000..3468779
--- /dev/null
+++ b/rh1022017.patch
@@ -0,0 +1,44 @@
+diff -r cdfd161703ed src/share/classes/sun/security/ssl/HelloExtensions.java
+--- openjdk/jdk/src/share/classes/sun/security/ssl/HelloExtensions.java Wed Oct 23 05:22:55 2013 +0100
++++ openjdk/jdk/src/share/classes/sun/security/ssl/HelloExtensions.java Thu Nov 07 12:41:45 2013 +0000
+@@ -435,25 +435,11 @@
+ // the extension value to send in the ClientHello message
+ static final SupportedEllipticCurvesExtension DEFAULT;
+
+- private static final boolean fips;
+-
+ static {
+- int[] ids;
+- fips = SunJSSE.isFIPS();
+- if (fips == false) {
+- ids = new int[] {
+- // NIST curves first
+- // prefer NIST P-256, rest in order of increasing key length
+- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
+- // non-NIST curves
+- 15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
+- };
+- } else {
+- ids = new int[] {
+- // same as above, but allow only NIST curves in FIPS mode
+- 23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
+- };
+- }
++ int[] ids = new int[] {
++ // NSS currently only supports these three NIST curves
++ 23, 24, 25
++ };
+ DEFAULT = new SupportedEllipticCurvesExtension(ids);
+ }
+
+@@ -545,10 +531,6 @@
+ if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
+ return false;
+ }
+- if (fips == false) {
+- // in non-FIPS mode, we support all valid indices
+- return true;
+- }
+ return DEFAULT.contains(index);
+ }
+
More information about the scm-commits
mailing list