RFR: 8010785: JDK 8 build on Linux fails with new build mechanism

David Holmes david.holmes at oracle.com
Thu Jun 6 19:08:49 PDT 2013


On 4/06/2013 10:38 PM, David Holmes wrote:
> On 4/06/2013 9:21 PM, Erik Joelsson wrote:
>>
>>
>> On 2013-06-04 06:56, David Holmes wrote:
>>>
>>> I think we should add a (configure time?) check to watch for the
>>> illegal: BUILD_CRYPTO=no,  OPENJDK=true.
>>>
>> Not sure where that would fit. Configure is only setting BUILD_CRYPTO
>> false in the closed logic, so this would be to catch someone either
>> setting it on command line to configure or make, or a licensee adding
>> --enable-openjdk-only to configure. To catch both we would need the
>> check in the open. (And if we start looking at BUILD_CRYPTO in open
>> configure, we might as well set it to yes there for a default and skip
>> ever having it empty.)
>
> Can we do something in the makefile then? Straight after the comment
>
> 475 # The source for the crypto jars is not available for all licensees.
> The BUILD_CRYPTO
> 476 # variable is set to false if these jars can't be built to skip that
> step of the build.
> 477 # Note that for OPENJDK, the build will fail if BUILD_CRYPTO=false
> since then there is no
> 478 # other way to get the jars then to build them.

BTW in the above comment need to change "false" to "no".

David

> ifeq ($(BUILD_CRYPTO), no)
>    ifdef OPENJDK
>      $(error Crypto libraries must be built in an OpenJDK build)
>    endif
> endif
>
> David
>
>> /Erik
>>> David
>>> -----
>>>
>>>> On 2013-06-03 06:22, David Holmes wrote:
>>>>> Hi Erik,
>>>>>
>>>>> In CreateJars.gmk I don't understand why you move the update to the
>>>>> JARS variable inside the BUILD_CRYPTO conditional when the jar file is
>>>>> a pre-req for a target defined outside of that conditional. What are
>>>>> the allowed combinations:
>>>>>
>>>>> BUILD_CRYPTO=yes, OPENJDK=true  == OK (normal OpenJDK build)
>>>>> BUILD_CRYPTO=yes, OPENJDK=false == OK? (builds but doesn't use it?)
>>>>> BUILD_CRYPTO=no,  OPENJDK=true  == ILLEGAL? (missing re-req in rule?)
>>>>> BUILD_CRYPTO=no, OPENJDK=false  == OK (normal Oracle JDK build)
>>>>>
>>>>> This also seems to indicate that the earlier comment block:
>>>>>
>>>>> 469
>>>>> ##########################################################################################
>>>>>
>>>>>
>>>>>
>>>>>  470 # For all security jars, always build the jar, but for closed,
>>>>> install the prebuilt signed
>>>>>  471 # version instead of the newly built jar. Unsigned jars are
>>>>> treated as intermediate targets
>>>>>  472 # and explicitly added to the JARS list. For open, signing is not
>>>>> needed. See SignJars.gmk
>>>>>  473 # for more information.
>>>>>
>>>>> needs updating to account for this new condition. ("security" covers
>>>>> these crypto jars).
>>>>>
>>>> This is true and I've updated the comment to point it out.
>>>> BUILD_CRYPTO=false and OPENJDK=true is not a legal combination.
>>>>> ---
>>>>>
>>>>> In Setup.gmk, wouldn't this:
>>>>>
>>>>> 38 ifndef OPENJDK
>>>>>   39   # Some licensees do not get the Security Source bundles.  We
>>>>> will
>>>>>   40   # fall back on the prebuilt jce.jar so that we can do a best
>>>>>   41   # attempt at building.
>>>>>   42   ifeq ($(wildcard
>>>>> $(JDK_TOPDIR)/src/share/classes/javax/crypto/Cipher.java),)
>>>>>   43     JCE_PATH :=
>>>>> $(PATH_SEP)$(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
>>>>>   44   endif
>>>>>   45 endif
>>>>>
>>>>> be better handled by a configure check that the sources exist - as is
>>>>> done for other potentially not-present components? Further I think
>>>>> this kind of check belongs in a closed build file as it doesn't relate
>>>>> to building the openjdk sources.
>>>>>
>>>> Also true. The condition is actually similar enough to that of
>>>> BUILD_CRYPTO to be treated as the same. I moved this to a closed file.
>>>>
>>>> /Erik
>>>>> Thanks,
>>>>> David
>>>>>
>>>>> On 31/05/2013 8:14 PM, Erik Joelsson wrote:
>>>>>> Finally getting back to this. Updated webrevs:
>>>>>>
>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.jdk.02/
>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.root.02/
>>>>>>
>>>>>> The javascript part is no longer needed since it has been removed.
>>>>>>
>>>>>> /Erik
>>>>>>
>>>>>> On 2013-04-11 12:53, Erik Joelsson wrote:
>>>>>>> Open part of this review.
>>>>>>>
>>>>>>> The licensee bundles aren't buildable with the new build for several
>>>>>>> reasons. I've tried to fix all the issues that I've found and have
>>>>>>> now
>>>>>>> successfully built them on linux, windows and solaris. Here is a
>>>>>>> list
>>>>>>> of the changes that I had to do to OpenJDK:
>>>>>>>
>>>>>>> * Filter out javascript src when the rhino source isn't available.
>>>>>>> Also do not copy rhino resource files when not available. This is
>>>>>>> controlled by a new variable, INCLUDE_JAVASCRIPT, which we control
>>>>>>> from closed configure and shouldn't affect the OpenJDK build. I also
>>>>>>> moved the copying of the resources to the correct makefile,
>>>>>>> CopyIntoClasses.gmk.
>>>>>>>
>>>>>>> * If javax/crypto isn't available, jce.jar needs to be added to the
>>>>>>> bootclasspath of the main java compilation. Also, a number of
>>>>>>> security
>>>>>>> jar files shouldn't be built at all. (Normally these are built
>>>>>>> just to
>>>>>>> exercise the logic, but not used.) The kerberos library is also
>>>>>>> excluded by this. Introduced the variable BUILD_CRYPTO, also set by
>>>>>>> closed configure to control this. I used the logic ifneq
>>>>>>> ($(BUILD_CRYPTO),no) to not change the behavior if the variable
>>>>>>> isn't
>>>>>>> set, which it won't be in the open case.
>>>>>>>
>>>>>>> * I removed the logic for setting the closed cacerts file in the
>>>>>>> open
>>>>>>> configure script.
>>>>>>>
>>>>>>> * Also fixing JDK-8005655 by adding logic for unzipping sec-bin (and
>>>>>>> friends) if available.
>>>>>>>
>>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.jdk.01/
>>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.root.01/
>>>>>>>
>>>>>>> /Erik


More information about the security-dev mailing list