author | prr |
Tue, 18 Mar 2014 15:48:03 -0700 | |
changeset 23671 | e0efb704450e |
parent 21980 | 393509a81cc3 |
permissions | -rw-r--r-- |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
1 |
# |
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
2 |
# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved. |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
3 |
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
4 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
5 |
# This code is free software; you can redistribute it and/or modify it |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
6 |
# under the terms of the GNU General Public License version 2 only, as |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
7 |
# published by the Free Software Foundation. Oracle designates this |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
8 |
# particular file as subject to the "Classpath" exception as provided |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
9 |
# by Oracle in the LICENSE file that accompanied this code. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
10 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
11 |
# This code is distributed in the hope that it will be useful, but WITHOUT |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
12 |
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
13 |
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
14 |
# version 2 for more details (a copy is included in the LICENSE file that |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
15 |
# accompanied this code). |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
16 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
17 |
# You should have received a copy of the GNU General Public License version |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
18 |
# 2 along with this work; if not, write to the Free Software Foundation, |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
19 |
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
20 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
21 |
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
22 |
# or visit www.oracle.com if you need additional information or have any |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
23 |
# questions. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
24 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
25 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
26 |
include $(SPEC) |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
27 |
include MakeBase.gmk |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
28 |
|
20547 | 29 |
# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
30 |
# builds respectively.) |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
31 |
# |
20547 | 32 |
# JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE |
33 |
# jar files do not require signing, but those for JDK do. If an unsigned |
|
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
34 |
# jar file is installed into JDK, things will break when the crypto |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
35 |
# routines are called. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
36 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
37 |
# All jars are created in CreateJars.gmk. This Makefile does the signing |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
38 |
# of the jars for JDK. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
39 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
40 |
# For JDK, the binaries use pre-built/pre-signed binary files stored in |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
41 |
# the closed workspace that are not shipped in the OpenJDK workspaces. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
42 |
# We still build the JDK files to verify the files compile, and in |
20547 | 43 |
# preparation for possible signing. Developers working on JCE in JDK |
44 |
# must sign the JCE files before testing. The JCE signing key is kept |
|
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
45 |
# separate from the JDK workspace to prevent its disclosure. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
46 |
# |
20547 | 47 |
# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
48 |
# be built, signed, and then the resulting jar files MUST BE CHECKED |
20547 | 49 |
# INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
50 |
# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be |
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
51 |
# reflected in the shipped binaries. |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
52 |
# |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
53 |
# Please consult with Release Engineering, which is responsible for |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
54 |
# creating the final JCE builds suitable for checkin. |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
55 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
56 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
57 |
# Default target |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
58 |
all: |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
59 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
60 |
ifndef OPENJDK |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
61 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
62 |
README-MAKEFILE_WARNING := \ |
21847 | 63 |
"\nPlease read jdk/make/SignJars.gmk for further build instructions.\n" |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
64 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
65 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
66 |
# Location for JCE codesigning key. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
67 |
# |
20547 | 68 |
SIGNING_KEY_DIR := /security/ws/JCE-signing/src |
69 |
SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks |
|
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
70 |
SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt |
20547 | 71 |
SIGNING_ALIAS := oracle_jce_rsa |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
72 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
73 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
74 |
# Defines for signing the various jar files. |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
75 |
# |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
76 |
check-keystore: |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
77 |
@if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \ |
20547 | 78 |
$(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \ |
79 |
$(PRINTF) $(README-MAKEFILE_WARNING); \ |
|
80 |
exit 2; \ |
|
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
81 |
fi |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
82 |
|
21980 | 83 |
$(JDK_OUTPUTDIR)/jce/signed/%: $(JDK_OUTPUTDIR)/jce/unsigned/% |
16636
1cc691bcfe50
8008373: JFR JTReg tests fail with CompilationError on MacOSX; missing '._sunec.jar'
erikj
parents:
15128
diff
changeset
|
84 |
$(call install-file) |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
85 |
$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \ |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
86 |
$@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE) |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
87 |
@$(PRINTF) "\nJar codesigning finished.\n" |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
88 |
|
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
89 |
JAR_LIST := \ |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
90 |
jce.jar \ |
21980 | 91 |
policy/limited/local_policy.jar \ |
92 |
policy/limited/US_export_policy.jar \ |
|
93 |
policy/unlimited/local_policy.jar \ |
|
94 |
policy/unlimited/US_export_policy.jar \ |
|
20547 | 95 |
sunec.jar \ |
96 |
sunjce_provider.jar \ |
|
97 |
sunpkcs11.jar \ |
|
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
98 |
sunmscapi.jar \ |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
99 |
ucrypto.jar \ |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
100 |
# |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
101 |
|
21980 | 102 |
UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/jce/unsigned/, $(JAR_LIST))) |
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
103 |
|
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
104 |
ifeq ($(UNSIGNED_JARS), ) |
21980 | 105 |
$(error No jars found in $(JDK_OUTPUTDIR)/jce/unsigned/) |
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
106 |
endif |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
107 |
|
21980 | 108 |
SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/jce/unsigned/%,$(JDK_OUTPUTDIR)/jce/signed/%, \ |
109 |
$(UNSIGNED_JARS)) |
|
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
110 |
|
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
111 |
$(SIGNED_JARS): check-keystore |
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
112 |
|
21980 | 113 |
$(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt: \ |
114 |
$(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt |
|
115 |
$(install-file) |
|
116 |
||
117 |
all: $(SIGNED_JARS) $(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt |
|
21534
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
118 |
@$(PRINTF) "\n*** The jar files built by the 'sign-jars' target are developer ***" |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
119 |
@$(PRINTF) "\n*** builds only and *MUST NOT* be checked into the closed workspace. ***" |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
120 |
@$(PRINTF) "\n*** ***" |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
121 |
@$(PRINTF) "\n*** Please consult with Release Engineering: they will generate ***" |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
122 |
@$(PRINTF) "\n*** the proper binaries for the closed workspace. ***" |
5bff6f48f9f4
8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents:
21128
diff
changeset
|
123 |
@$(PRINTF) "\n" |
20547 | 124 |
@$(PRINTF) $(README-MAKEFILE_WARNING) |
15128
296bb1620e00
8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff
changeset
|
125 |
|
20547 | 126 |
endif # !OPENJDK |