RFR: 8010785: JDK 8 build on Linux fails with new build mechanism

Tim Bell tim.bell at oracle.com
Mon Jun 10 23:44:23 PDT 2013


Erik:

Looks good to me.

Tim

> On 2013-06-07 04:08, David Holmes wrote:
>> On 4/06/2013 10:38 PM, David Holmes wrote:
>>> On 4/06/2013 9:21 PM, Erik Joelsson wrote:
>>>>
>>>>
>>>> On 2013-06-04 06:56, David Holmes wrote:
>>>>>
>>>>> I think we should add a (configure time?) check to watch for the
>>>>> illegal: BUILD_CRYPTO=no,  OPENJDK=true.
>>>>>
>>>> Not sure where that would fit. Configure is only setting BUILD_CRYPTO
>>>> false in the closed logic, so this would be to catch someone either
>>>> setting it on command line to configure or make, or a licensee adding
>>>> --enable-openjdk-only to configure. To catch both we would need the
>>>> check in the open. (And if we start looking at BUILD_CRYPTO in open
>>>> configure, we might as well set it to yes there for a default and skip
>>>> ever having it empty.)
>>>
>>> Can we do something in the makefile then? Straight after the comment
>>>
>>> 475 # The source for the crypto jars is not available for all 
>>> licensees.
>>> The BUILD_CRYPTO
>>> 476 # variable is set to false if these jars can't be built to skip 
>>> that
>>> step of the build.
>>> 477 # Note that for OPENJDK, the build will fail if BUILD_CRYPTO=false
>>> since then there is no
>>> 478 # other way to get the jars then to build them.
>>
>> BTW in the above comment need to change "false" to "no".
>>
> Gahh, again, fixed in hopefully the last webrev on this issue. Think 
> this will be a new record for me.
>
> http://cr.openjdk.java.net/~erikj/8010785/webrev.jdk.05/

Looks good to me.

Tim

>
> Thanks for your patience.
>
> /Erik
>
>> David
>>
>>> ifeq ($(BUILD_CRYPTO), no)
>>>    ifdef OPENJDK
>>>      $(error Crypto libraries must be built in an OpenJDK build)
>>>    endif
>>> endif
>>>
>>> David
>>>
>>>> /Erik
>>>>> David
>>>>> -----
>>>>>
>>>>>> On 2013-06-03 06:22, David Holmes wrote:
>>>>>>> Hi Erik,
>>>>>>>
>>>>>>> In CreateJars.gmk I don't understand why you move the update to the
>>>>>>> JARS variable inside the BUILD_CRYPTO conditional when the jar 
>>>>>>> file is
>>>>>>> a pre-req for a target defined outside of that conditional. What 
>>>>>>> are
>>>>>>> the allowed combinations:
>>>>>>>
>>>>>>> BUILD_CRYPTO=yes, OPENJDK=true  == OK (normal OpenJDK build)
>>>>>>> BUILD_CRYPTO=yes, OPENJDK=false == OK? (builds but doesn't use it?)
>>>>>>> BUILD_CRYPTO=no,  OPENJDK=true  == ILLEGAL? (missing re-req in 
>>>>>>> rule?)
>>>>>>> BUILD_CRYPTO=no, OPENJDK=false  == OK (normal Oracle JDK build)
>>>>>>>
>>>>>>> This also seems to indicate that the earlier comment block:
>>>>>>>
>>>>>>> 469
>>>>>>> ########################################################################################## 
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  470 # For all security jars, always build the jar, but for closed,
>>>>>>> install the prebuilt signed
>>>>>>>  471 # version instead of the newly built jar. Unsigned jars are
>>>>>>> treated as intermediate targets
>>>>>>>  472 # and explicitly added to the JARS list. For open, signing 
>>>>>>> is not
>>>>>>> needed. See SignJars.gmk
>>>>>>>  473 # for more information.
>>>>>>>
>>>>>>> needs updating to account for this new condition. ("security" 
>>>>>>> covers
>>>>>>> these crypto jars).
>>>>>>>
>>>>>> This is true and I've updated the comment to point it out.
>>>>>> BUILD_CRYPTO=false and OPENJDK=true is not a legal combination.
>>>>>>> ---
>>>>>>>
>>>>>>> In Setup.gmk, wouldn't this:
>>>>>>>
>>>>>>> 38 ifndef OPENJDK
>>>>>>>   39   # Some licensees do not get the Security Source bundles.  We
>>>>>>> will
>>>>>>>   40   # fall back on the prebuilt jce.jar so that we can do a best
>>>>>>>   41   # attempt at building.
>>>>>>>   42   ifeq ($(wildcard
>>>>>>> $(JDK_TOPDIR)/src/share/classes/javax/crypto/Cipher.java),)
>>>>>>>   43     JCE_PATH :=
>>>>>>> $(PATH_SEP)$(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
>>>>>>>   44   endif
>>>>>>>   45 endif
>>>>>>>
>>>>>>> be better handled by a configure check that the sources exist - 
>>>>>>> as is
>>>>>>> done for other potentially not-present components? Further I think
>>>>>>> this kind of check belongs in a closed build file as it doesn't 
>>>>>>> relate
>>>>>>> to building the openjdk sources.
>>>>>>>
>>>>>> Also true. The condition is actually similar enough to that of
>>>>>> BUILD_CRYPTO to be treated as the same. I moved this to a closed 
>>>>>> file.
>>>>>>
>>>>>> /Erik
>>>>>>> Thanks,
>>>>>>> David
>>>>>>>
>>>>>>> On 31/05/2013 8:14 PM, Erik Joelsson wrote:
>>>>>>>> Finally getting back to this. Updated webrevs:
>>>>>>>>
>>>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.jdk.02/
>>>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.root.02/
>>>>>>>>
>>>>>>>> The javascript part is no longer needed since it has been removed.
>>>>>>>>
>>>>>>>> /Erik
>>>>>>>>
>>>>>>>> On 2013-04-11 12:53, Erik Joelsson wrote:
>>>>>>>>> Open part of this review.
>>>>>>>>>
>>>>>>>>> The licensee bundles aren't buildable with the new build for 
>>>>>>>>> several
>>>>>>>>> reasons. I've tried to fix all the issues that I've found and 
>>>>>>>>> have
>>>>>>>>> now
>>>>>>>>> successfully built them on linux, windows and solaris. Here is a
>>>>>>>>> list
>>>>>>>>> of the changes that I had to do to OpenJDK:
>>>>>>>>>
>>>>>>>>> * Filter out javascript src when the rhino source isn't 
>>>>>>>>> available.
>>>>>>>>> Also do not copy rhino resource files when not available. This is
>>>>>>>>> controlled by a new variable, INCLUDE_JAVASCRIPT, which we 
>>>>>>>>> control
>>>>>>>>> from closed configure and shouldn't affect the OpenJDK build. 
>>>>>>>>> I also
>>>>>>>>> moved the copying of the resources to the correct makefile,
>>>>>>>>> CopyIntoClasses.gmk.
>>>>>>>>>
>>>>>>>>> * If javax/crypto isn't available, jce.jar needs to be added 
>>>>>>>>> to the
>>>>>>>>> bootclasspath of the main java compilation. Also, a number of
>>>>>>>>> security
>>>>>>>>> jar files shouldn't be built at all. (Normally these are built
>>>>>>>>> just to
>>>>>>>>> exercise the logic, but not used.) The kerberos library is also
>>>>>>>>> excluded by this. Introduced the variable BUILD_CRYPTO, also 
>>>>>>>>> set by
>>>>>>>>> closed configure to control this. I used the logic ifneq
>>>>>>>>> ($(BUILD_CRYPTO),no) to not change the behavior if the variable
>>>>>>>>> isn't
>>>>>>>>> set, which it won't be in the open case.
>>>>>>>>>
>>>>>>>>> * I removed the logic for setting the closed cacerts file in the
>>>>>>>>> open
>>>>>>>>> configure script.
>>>>>>>>>
>>>>>>>>> * Also fixing JDK-8005655 by adding logic for unzipping 
>>>>>>>>> sec-bin (and
>>>>>>>>> friends) if available.
>>>>>>>>>
>>>>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.jdk.01/
>>>>>>>>> http://cr.openjdk.java.net/~erikj/8010785/webrev.root.01/
>>>>>>>>>
>>>>>>>>> /Erik



More information about the security-dev mailing list