jdk/make/SignJars.gmk
author lana
Mon, 11 Aug 2014 09:25:30 -0700
changeset 25880 e5967ea9bde2
parent 21980 393509a81cc3
permissions -rw-r--r--
Merge
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     1
#
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
     2
# Copyright (c) 2012, 2013, Oracle and/or its affiliates. All rights reserved.
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     3
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     4
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     5
# This code is free software; you can redistribute it and/or modify it
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     6
# under the terms of the GNU General Public License version 2 only, as
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     7
# published by the Free Software Foundation.  Oracle designates this
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     8
# particular file as subject to the "Classpath" exception as provided
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
     9
# by Oracle in the LICENSE file that accompanied this code.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    10
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    11
# This code is distributed in the hope that it will be useful, but WITHOUT
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    12
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    13
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    14
# version 2 for more details (a copy is included in the LICENSE file that
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    15
# accompanied this code).
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    16
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    17
# You should have received a copy of the GNU General Public License version
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    18
# 2 along with this work; if not, write to the Free Software Foundation,
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    19
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    20
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    21
# Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    22
# or visit www.oracle.com if you need additional information or have any
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    23
# questions.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    24
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    25
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    26
include $(SPEC)
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    27
include MakeBase.gmk
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    28
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    29
# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    30
# builds respectively.)
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    31
#
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    32
# JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    33
# jar files do not require signing, but those for JDK do. If an unsigned
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    34
# jar file is installed into JDK, things will break when the crypto
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    35
# routines are called.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    36
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    37
# All jars are created in CreateJars.gmk. This Makefile does the signing
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    38
# of the jars for JDK.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    39
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    40
# For JDK, the binaries use pre-built/pre-signed binary files stored in
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    41
# the closed workspace that are not shipped in the OpenJDK workspaces.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    42
# We still build the JDK files to verify the files compile, and in
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    43
# preparation for possible signing. Developers working on JCE in JDK
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    44
# must sign the JCE files before testing. The JCE signing key is kept
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    45
# separate from the JDK workspace to prevent its disclosure.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    46
#
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    47
# SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    48
# be built, signed, and then the resulting jar files MUST BE CHECKED
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    49
# INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    50
# BE FORGOTTEN*, otherwise a bug fixed in the source code will not be
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    51
# reflected in the shipped binaries.
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    52
#
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    53
# Please consult with Release Engineering, which is responsible for
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    54
# creating the final JCE builds suitable for checkin.
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    55
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    56
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    57
# Default target
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    58
all:
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    59
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    60
ifndef OPENJDK
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    61
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    62
README-MAKEFILE_WARNING := \
21847
lana
parents: 21534 21805
diff changeset
    63
    "\nPlease read jdk/make/SignJars.gmk for further build instructions.\n"
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    64
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    65
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    66
# Location for JCE codesigning key.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    67
#
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    68
SIGNING_KEY_DIR := /security/ws/JCE-signing/src
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    69
SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    70
SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    71
SIGNING_ALIAS := oracle_jce_rsa
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    72
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    73
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    74
# Defines for signing the various jar files.
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    75
#
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    76
check-keystore:
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    77
	@if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    78
	  $(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    79
	  $(PRINTF) $(README-MAKEFILE_WARNING); \
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    80
	  exit 2; \
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    81
	fi
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    82
21980
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
    83
$(JDK_OUTPUTDIR)/jce/signed/%: $(JDK_OUTPUTDIR)/jce/unsigned/%
16636
1cc691bcfe50 8008373: JFR JTReg tests fail with CompilationError on MacOSX; missing '._sunec.jar'
erikj
parents: 15128
diff changeset
    84
	$(call install-file)
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    85
	$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    86
	    $@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    87
	@$(PRINTF) "\nJar codesigning finished.\n"
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
    88
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    89
JAR_LIST := \
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    90
    jce.jar \
21980
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
    91
    policy/limited/local_policy.jar \
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
    92
    policy/limited/US_export_policy.jar \
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
    93
    policy/unlimited/local_policy.jar \
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
    94
    policy/unlimited/US_export_policy.jar \
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    95
    sunec.jar \
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    96
    sunjce_provider.jar \
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
    97
    sunpkcs11.jar \
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    98
    sunmscapi.jar \
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
    99
    ucrypto.jar \
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   100
    #
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
   101
21980
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   102
UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/jce/unsigned/, $(JAR_LIST)))
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   103
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   104
ifeq ($(UNSIGNED_JARS), )
21980
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   105
  $(error No jars found in $(JDK_OUTPUTDIR)/jce/unsigned/)
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   106
endif
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   107
21980
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   108
SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/jce/unsigned/%,$(JDK_OUTPUTDIR)/jce/signed/%, \
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   109
    $(UNSIGNED_JARS))
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
   110
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
   111
$(SIGNED_JARS): check-keystore
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
   112
21980
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   113
$(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt: \
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   114
    $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   115
	$(install-file)
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   116
393509a81cc3 8027963: Create unlimited policy jars.
erikj
parents: 21847
diff changeset
   117
all: $(SIGNED_JARS) $(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt
21534
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   118
	@$(PRINTF) "\n*** The jar files built by the 'sign-jars' target are developer      ***"
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   119
	@$(PRINTF) "\n*** builds only and *MUST NOT* be checked into the closed workspace. ***"
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   120
	@$(PRINTF) "\n***                                                                  ***"
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   121
	@$(PRINTF) "\n*** Please consult with Release Engineering: they will generate      ***"
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   122
	@$(PRINTF) "\n*** the proper binaries for the closed workspace.                    ***"
5bff6f48f9f4 8027698: Platform specific jars are not being signed by the sign-jars target
erikj
parents: 21128
diff changeset
   123
	@$(PRINTF) "\n"
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
   124
	@$(PRINTF) $(README-MAKEFILE_WARNING)
15128
296bb1620e00 8005355: build-infra: Java security signing (need a top-level make target).
erikj
parents:
diff changeset
   125
20547
453837141fac 8001931: The new build system whitespace cleanup
ihse
parents: 16636
diff changeset
   126
endif # !OPENJDK