[java-1.7.0-openjdk/f20] added nss EC support and ppc le support

jiri vanek jvanek at fedoraproject.org
Wed Jul 2 12:14:48 UTC 2014 

commit 3b15c52631a8b346946abc08fe9ffd3579f3069f
Author: Jiri Vanek <jvanek at jvanek.redhat>
Date:   Wed Jul 2 14:14:35 2014 +0200

    added nss EC support and ppc le support

 fsg.sh                  |    8 +-------
 java-1.7.0-openjdk.spec |   39 ++++++++++++++++++++++++++++++---------
 nss.cfg                 |    3 ++-
 rh1022017.patch         |   44 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 77 insertions(+), 17 deletions(-)
---
diff --git a/fsg.sh b/fsg.sh
index 062ffd4..838e585 100644
--- a/fsg.sh
+++ b/fsg.sh
@@ -106,10 +106,4 @@ echo "Removing registration tests"
 rm -rvf openjdk/jdk/test/com/sun/servicetag
 
 echo "Removing EC source code we don't build"
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDHKeyAgreement.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECDSASignature.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/ECKeyPairGenerator.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunEC.java
-rm -vf openjdk/jdk/src/share/classes/sun/security/ec/SunECEntries.java
-rm -rvf openjdk/jdk/src/share/native/sun/security/ec
-rm -rvf openjdk/jdk/make/sun/security/ec
+rm -rvf openjdk/jdk/src/share/native/sun/security/ec/impl
diff --git a/java-1.7.0-openjdk.spec b/java-1.7.0-openjdk.spec
index 71d1128..aab1b14 100644
--- a/java-1.7.0-openjdk.spec
+++ b/java-1.7.0-openjdk.spec
@@ -9,7 +9,10 @@
 %global ppc64le			ppc64le
 %global ppc64be			ppc64 ppc64p7
 %global multilib_arches %{power64} sparc64 x86_64 
-%global jit_arches		%{ix86} x86_64 sparcv9 sparc64 %{ppc64be} %{aarch64}
+%global jit_arches		%{ix86} x86_64 sparcv9 sparc64 %{ppc64be} %{ppc64le} %{aarch64}
+
+# Always set this so the nss.cfg file is not broken
+%global NSS_LIBDIR %(pkg-config --variable=libdir nss)
 
 #if 0, then links are set forcibly, if 1 ten only if status is auto
 %global graceful_links 1
@@ -163,7 +166,7 @@
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}
-Release: %{icedtea_version}.1%{?dist}
+Release: %{icedtea_version}.2%{?dist}
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons,
 # and this change was brought into RHEL-4.  java-1.5.0-ibm packages
 # also included the epoch in their virtual provides.  This created a
@@ -273,6 +276,9 @@ Patch200: abrt_friendly_hs_log_jdk7.patch
 # mixer
 Patch300: pulse-soundproperties.patch
 
+# Make the curves reported by Java's SSL implementation match those of NSS
+Patch400: rh1022017.patch
+
 # Temporary patches
 
 #Workaround RH902004
@@ -314,8 +320,12 @@ BuildRequires: at-spi-devel
 BuildRequires: gawk
 BuildRequires: pkgconfig >= 0.9.0
 BuildRequires: xorg-x11-utils
+# Requirements for setting up the nss.cfg
 BuildRequires: nss-devel
+# Required for NIO2
 BuildRequires: libattr-devel
+# Build requirements for SunEC system NSS support
+BuildRequires: nss-softokn-freebl-devel >= 3.16.1
 BuildRequires: python
 # PulseAudio build requirements.
 %if %{with_pulseaudio}
@@ -492,6 +502,9 @@ cp %{SOURCE2} .
 %patch300
 %endif
 
+# ECC fix
+%patch400
+
 # Add systemtap patches if enabled
 %if %{with_systemtap}
 %endif
@@ -647,6 +660,10 @@ make \
   STRIP_POLICY="no_strip" \
   JAVAC_WARNINGS_FATAL="false" \
   INSTALL_LOCATION=%{_jvmdir}/%{sdkdir} \
+  SYSTEM_NSS="true" \
+  NSS_LIBS="`pkg-config --libs nss-softokn` -lfreebl" \
+  NSS_CFLAGS="`pkg-config --cflags nss-softokn` " \
+  ECC_JUST_SUITE_B="true" \
   %{debugbuild}
 
 popd >& /dev/null
@@ -665,6 +682,10 @@ ln -s %{_jvmdir}/%{sdkdir}/jre/lib $JAVA_HOME/jre-abrt/lib
 cat %{SOURCE13} | sed -e s:@JAVA_PATH@:%{_jvmdir}/%{sdkdir}/jre-abrt/bin/java:g -e s:@LIB_DIR@:%{LIBDIR}/libabrt-java-connector.so:g >  $JAVA_HOME/jre/bin/java
 chmod 755 $JAVA_HOME/jre/bin/java
 
+# Install nss.cfg right away as we will be using the JRE above
+cp -a %{SOURCE8} $JAVA_HOME/jre/lib/security/
+sed -i -e s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g $JAVA_HOME/jre/lib/security/nss.cfg
+
 # Build pulseaudio and install it to JDK build location
 %if %{with_pulseaudio}
 pushd pulseaudio
@@ -793,10 +814,6 @@ mkdir -p $RPM_BUILD_ROOT%{_jvmdir}/%{jredir}/lib/%{archinstall}/client/
 popd
 
 
-# Install nss.cfg
-install -m 644 %{SOURCE8} $RPM_BUILD_ROOT%{_jvmdir}/%{jredir}/lib/security/
-
-
 # Install Javadoc documentation.
 install -d -m 755 $RPM_BUILD_ROOT%{_javadocdir}
 cp -a %{buildoutputdir}/docs $RPM_BUILD_ROOT%{_javadocdir}/%{uniquejavadocdir}
@@ -1171,9 +1188,6 @@ done
 update-alternatives --install %{_jvmdir}/jre-%{javaver}-%{origin} jre_%{javaver}_%{origin} %{_jvmdir}/%{jrelnk} %{priority} \
 --slave %{_jvmjardir}/jre-%{javaver}       jre_%{javaver}_%{origin}_exports      %{jvmjardir}
 
-update-desktop-database %{_datadir}/applications &> /dev/null || :
-
-/bin/touch --no-create %{_datadir}/icons/hicolor &>/dev/null || :
 
 exit 0
 
@@ -1530,6 +1544,13 @@ exit 0
 %{_jvmdir}/%{jredir}/lib/accessibility.properties
 
 %changelog
+* Tue Jul 01 2014 Andrew Hughes <gnu.andrew at redhat.com> - 1.7.0.60-2.5.0.2
+- Add nss-softokn dependency for SunEC provider
+- Add support for ppc64le
+- Enable SunEC provider with system NSS support.
+- Ensure java-1.7.0-openjdk is used to build, not 8
+- Set INSTALL_LOCATION so it can be used in the rpath.
+
 * Thu Jun 19 2014 Jiri Vanek  <jvanek at redhat.com> - 1.7.0.60-2.5.0.1.f20
 - added and applied as reverted patch404 gtk3ToBeReverted.patch
  - reverting controversial fix of http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=729
diff --git a/nss.cfg b/nss.cfg
index c510dd0..377a39c 100644
--- a/nss.cfg
+++ b/nss.cfg
@@ -1,4 +1,5 @@
 name = NSS
-nssLibraryDirectory = 
+nssLibraryDirectory = @NSS_LIBDIR@
 nssDbMode = noDb
 attributes = compatibility
+handleStartupErrors = ignoreMultipleInitialisation
diff --git a/rh1022017.patch b/rh1022017.patch
new file mode 100644
index 0000000..3468779
--- /dev/null
+++ b/rh1022017.patch
@@ -0,0 +1,44 @@
+diff -r cdfd161703ed src/share/classes/sun/security/ssl/HelloExtensions.java
+--- openjdk/jdk/src/share/classes/sun/security/ssl/HelloExtensions.java	Wed Oct 23 05:22:55 2013 +0100
++++ openjdk/jdk/src/share/classes/sun/security/ssl/HelloExtensions.java	Thu Nov 07 12:41:45 2013 +0000
+@@ -435,25 +435,11 @@
+     // the extension value to send in the ClientHello message
+     static final SupportedEllipticCurvesExtension DEFAULT;
+ 
+-    private static final boolean fips;
+-
+     static {
+-        int[] ids;
+-        fips = SunJSSE.isFIPS();
+-        if (fips == false) {
+-            ids = new int[] {
+-                // NIST curves first
+-                // prefer NIST P-256, rest in order of increasing key length
+-                23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
+-                // non-NIST curves
+-                15, 16, 17, 2, 18, 4, 5, 20, 8, 22,
+-            };
+-        } else {
+-            ids = new int[] {
+-                // same as above, but allow only NIST curves in FIPS mode
+-                23, 1, 3, 19, 21, 6, 7, 9, 10, 24, 11, 12, 25, 13, 14,
+-            };
+-        }
++	int[] ids = new int[] {
++	    // NSS currently only supports these three NIST curves
++	    23, 24, 25
++	};
+         DEFAULT = new SupportedEllipticCurvesExtension(ids);
+     }
+ 
+@@ -545,10 +531,6 @@
+         if ((index <= 0) || (index >= NAMED_CURVE_OID_TABLE.length)) {
+             return false;
+         }
+-        if (fips == false) {
+-            // in non-FIPS mode, we support all valid indices
+-            return true;
+-        }
+         return DEFAULT.contains(index);
+     }
+

More information about the scm-commits mailing list