6728161: Add SKIP_BOOT_CYCLE feature to create boot jdk and use it during build
Summary: Needed BOOT_JAR_JFLAGS. Fixed PREVIOUS_RELEASE_IMAGE.
Reviewed-by: tbell
## Copyright 2007-2008 Sun Microsystems, Inc. All Rights Reserved.# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.## This code is free software; you can redistribute it and/or modify it# under the terms of the GNU General Public License version 2 only, as# published by the Free Software Foundation. Sun designates this# particular file as subject to the "Classpath" exception as provided# by Sun in the LICENSE file that accompanied this code.## This code is distributed in the hope that it will be useful, but WITHOUT# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License# version 2 for more details (a copy is included in the LICENSE file that# accompanied this code).## You should have received a copy of the GNU General Public License version# 2 along with this work; if not, write to the Free Software Foundation,# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.## Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,# CA 95054 USA or visit www.sun.com if you need additional information or# have any questions.### Makefile for building jce.jar and the various cryptographic strength# policy jar files.### (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Sun JDK builds# respectively.)## JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE# jar files do not require signing, but those for JDK do. If an unsigned# jar file is installed into JDK, things will break when the crypto# routines are called.## This Makefile does the "real" build of the JCE files. There are some# javac options currently specific to JCE, so we recompile now to make# sure any implicit compilations didn't use any incorrect flags.## For OpenJDK, the jar files built here are installed directly into the# OpenJDK.## For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary# files stored in the closed workspace that are not shipped in the# OpenJDK workspaces. We still build the JDK files here to verify the# files compile, and in preparation for possible signing and# obfuscation. Developers working on JCE in JDK must sign the JCE files# before testing: obfuscation is optional during development. The JCE# signing key is kept separate from the JDK workspace to prevent its# disclosure. The obfuscation tool has not been licensed for general# usage.## SPECIAL NOTE TO JCE/JDK developers: The source files must eventually# be built, obfuscated, signed, and the resulting jar files *MUST BE# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*. This separate step# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will# not be reflected in the shipped binaries. The "release" target should# be used to generate the required files.## There are a number of targets to help both JDK/OpenJDK developers.## Main Targets (JDK/OPENJDK):## all/clobber/clean The usual.# If OpenJDK, installs# jce.jar/limited policy files.# If JDK, installs prebuilt# jce.jar/limited policy files.## jar Builds/installs jce.jar# If OpenJDK, does not sign# If JDK, tries to sign## Other lesser-used Targets (JDK/OPENJDK):## build-jar Builds jce.jar (does not sign/install)## build-policy Builds policy files (does not sign/install)## install-jar Alias for "jar" above## install-limited Builds/installs limited policy files# If OpenJDK, does not sign# If JDK, tries to sign# install-unlimited Builds/nstalls unlimited policy files# If OpenJDK, does not sign# If JDK, tries to sign## Other targets (JDK only):## sign Alias for sign-jar and sign-policy# sign-jar Builds/signs jce.jar file (no install)# sign-policy Builds/signs policy files (no install)## obfus Builds/obfuscates/signs jce.jar## release Builds all targets in preparation# for workspace integration.## install-prebuilt Installs the pre-built jar files## This makefile was written to support parallel target execution.#BUILDDIR = ../..PACKAGE = javax.cryptoPRODUCT = sun## The following is for when we need to do postprocessing# (signing/obfuscation) against a read-only build. If the OUTPUTDIR# isn't writable, the build currently crashes out.#ifndef OPENJDK ifdef ALT_JCE_BUILD_DIR # ===================================================== # Where to place the output, in case we're building from a read-only # build area. (e.g. a release engineering build.) JCE_BUILD_DIR=${ALT_JCE_BUILD_DIR} IGNORE_WRITABLE_OUTPUTDIR_TEST=true else JCE_BUILD_DIR=${TEMPDIR} endifendifinclude $(BUILDDIR)/common/Defs.gmk## Location for the newly built classfiles.#CLASSDESTDIR = $(TEMPDIR)/classes## Subdirectories of these are automatically included.#AUTO_FILES_JAVA_DIRS = \ javax/crypto \ sun/security/internal/interfaces \ sun/security/internal/specinclude $(BUILDDIR)/common/Classes.gmk## Rules### Some licensees do not get the security sources, but we still need to# be able to build "all" for them. Check here to see if the sources were# available. If not, then we don't need to continue this rule.#ifdef OPENJDKall: build-jar install-jar build-policy install-limitedelse # OPENJDKifeq ($(strip $(FILES_java)),)all: $(no-source-warning)else # FILES_java/policy files availableall: build-jar build-policy $(build-warning)endif # $(FILES_java)/policy files availableendif # OPENJDK## We use a variety of subdirectories in the $(TEMPDIR) depending on what# part of the build we're doing. Both OPENJDK/JDK builds are initially# done in the unsigned area. When files are signed or obfuscated in JDK,# they will be placed in the appropriate areas.#UNSIGNED_DIR = $(TEMPDIR)/unsignedinclude Defs-jce.gmk# =====================================================# Build the unsigned jce.jar file. Signing/obfuscation comes later.#JAR_DESTFILE = $(LIBDIR)/jce.jar## JCE building is somewhat involved.## OpenJDK: Since we do not ship prebuilt JCE files, previous compiles# in the build may have needed JCE class signatures. There were then# implicitly built by javac (likely using the boot javac). While using# those class files was fine for signatures, we need to rebuild using# the right compiler.## JDK: Even through the jce.jar was previously installed, since the# source files are accessible in the source directories, they will# always be "newer" than the prebuilt files inside the jar, and thus# make will always rebuild them. (We could "hide" the JCE source in a# separate directory, but that would make the build logic for JDK and# OpenJDK more complicated.)## Thus in either situation, we shouldn't use these files.## To make sure the classes were built with the right compiler options,# delete the existing files in $(CLASSBINDIR), rebuild the right way in a# directory under $(TEMPDIR), then copy the files back to# $(CLASSBINDIR). Building in $(TEMPDIR) allows us to use our make# infrastructure without modification: .classes.list, macros, etc.### The list of directories that will be remade from scratch, using the# right compilers/options.#DELETE_DIRS = $(patsubst %, $(CLASSBINDIR)/%, $(AUTO_FILES_JAVA_DIRS))## Since the -C option to jar is used below, each directory entry must be# preceded with the appropriate directory to "cd" into.#JAR_DIRS = $(patsubst %, -C $(CLASSDESTDIR) %, $(AUTO_FILES_JAVA_DIRS))build-jar: $(UNSIGNED_DIR)/jce.jar## Build jce.jar, then replace the previously built JCE files in the# classes directory with these. This ensures we have consistently built# files throughout the workspaces.#$(UNSIGNED_DIR)/jce.jar: prebuild build $(JCE_MANIFEST_FILE) $(prep-target) $(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \ $(BOOT_JAR_JFLAGS) $(CP) -r $(CLASSDESTDIR)/* $(CLASSBINDIR) @$(java-vm-cleanup)build: prebuildprebuild: $(RM) -r $(DELETE_DIRS)# =====================================================# Build the unsigned policy files.## Given the current state of world export/import policies,# these settings work for Sun's situation. This note is not# legal guidance, you must still resolve any export/import issues# applicable for your situation. Contact your export/import# counsel for more information.#POLICY_DESTDIR = $(LIBDIR)/securityUNSIGNED_POLICY_BUILDDIR = $(UNSIGNED_DIR)/policybuild-policy: unlimited limited## Build the unsigned unlimited policy files.#unlimited: \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar$(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar: \ policy/unlimited/default_US_export.policy \ policy/unlimited/UNLIMITED $(prep-target) $(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@ \ -C policy/unlimited default_US_export.policy \ $(BOOT_JAR_JFLAGS) @$(java-vm-cleanup)$(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar: \ policy/unlimited/default_local.policy \ policy/unlimited/UNLIMITED $(prep-target) $(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@ \ -C policy/unlimited default_local.policy \ $(BOOT_JAR_JFLAGS) @$(java-vm-cleanup)## Build the unsigned limited policy files.## NOTE: We currently do not place restrictions on our limited export# policy. This was not a typo.#limited: \ $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \ $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar$(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar: \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar $(install-file)$(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar: \ policy/limited/default_local.policy \ policy/limited/exempt_local.policy \ policy/limited/LIMITED $(prep-target) $(BOOT_JAR_CMD) cmf policy/limited/LIMITED $@ \ -C policy/limited default_local.policy \ -C policy/limited exempt_local.policy \ $(BOOT_JAR_JFLAGS) @$(java-vm-cleanup)UNSIGNED_POLICY_FILES = \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \ $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \ $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \ifndef OPENJDK# =====================================================# Sign the various jar files. Not needed for OpenJDK.#SIGNED_DIR = $(JCE_BUILD_DIR)/signedSIGNED_POLICY_BUILDDIR = $(SIGNED_DIR)/policySIGNED_POLICY_FILES = \ $(patsubst $(UNSIGNED_POLICY_BUILDDIR)/%,$(SIGNED_POLICY_BUILDDIR)/%, \ $(UNSIGNED_POLICY_FILES))sign: sign-jar sign-policysign-jar: $(SIGNED_DIR)/jce.jarsign-policy: $(SIGNED_POLICY_FILES)ifndef ALT_JCE_BUILD_DIR$(SIGNED_DIR)/jce.jar: $(UNSIGNED_DIR)/jce.jarelse## We have to remove the build dependency, otherwise, we'll try to rebuild it# which we can't do on a read-only filesystem.#$(SIGNED_DIR)/jce.jar: @if [ ! -r $(UNSIGNED_DIR)/jce.jar ] ; then \ $(ECHO) "Couldn't find $(UNSIGNED_DIR)/jce.jar"; \ exit 1; \ fiendif $(call sign-file, $(UNSIGNED_DIR)/jce.jar)$(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar: \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar $(call sign-file, $<)$(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar: \ $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar $(call sign-file, $<)$(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar: \ $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar $(call sign-file, $<)$(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar: \ $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar $(call sign-file, $<)# =====================================================# Obfuscate/sign/install the JDK build. Not needed for OpenJDK.#OBFUS_DIR = $(JCE_BUILD_DIR)/obfus/jceCLOSED_DIR = $(BUILDDIR)/closed/javax/cryptoobfus: $(OBFUS_DIR)/jce.jar $(release-warning)ifndef ALT_JCE_BUILD_DIR$(OBFUS_DIR)/jce.jar: build-jar $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.doxelse## We have to remove the build dependency, otherwise, we'll try to rebuild it# which we can't do on a read-only filesystem.#$(OBFUS_DIR)/jce.jar: $(JCE_MANIFEST_FILE) $(OBFUS_DIR)/framework.dox @if [ ! -d $(CLASSDESTDIR) ] ; then \ $(ECHO) "Couldn't find $(CLASSDESTDIR)"; \ exit 1; \ fiendif @$(ECHO) ">>>Obfuscating JCE framework..." $(presign) $(preobfus) $(prep-target) $(CD) $(OBFUS_DIR); \ $(OBFUSCATOR) -fv framework.dox @$(CD) $(OBFUS_DIR); $(java-vm-cleanup) @# @# The sun.security.internal classes are currently not obfuscated @# due to an obfus problem. Manually copy them to the build directory @# so that they are included in the jce.jar file. @# $(CP) -r $(CLASSDESTDIR)/sun $(OBFUS_DIR)/build $(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ \ -C $(OBFUS_DIR)/build javax \ -C $(OBFUS_DIR)/build sun \ $(BOOT_JAR_JFLAGS) $(sign-target) @$(java-vm-cleanup)$(OBFUS_DIR)/framework.dox: $(CLOSED_DIR)/obfus/framework.dox @$(ECHO) ">>>Creating framework.dox" $(prep-target) $(SED) "s:@@TEMPDIR@@:$(ABS_TEMPDIR):" $< > $@## The current obfuscator has a limitation in that it currently only# supports up to v49 class file format. Force v49 classfiles in our# builds for now.#TARGET_CLASS_VERSION = 5# =====================================================# Create the Release Engineering files. Obfuscated builds,# unlimited policy file distribution, etc.#release: $(OBFUS_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \ $(CLOSED_DIR)/doc/README.txt $(RM) -r \ $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy \ $(JCE_BUILD_DIR)/release/jce.jar \ $(JCE_BUILD_DIR)/release/US_export_policy.jar \ $(JCE_BUILD_DIR)/release/local_policy.jar \ $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip $(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy $(CP) $(OBFUS_DIR)/jce.jar $(JCE_BUILD_DIR)/release $(CP) \ $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \ $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \ $(JCE_BUILD_DIR)/release $(CP) \ $(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \ $(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \ $(CLOSED_DIR)/doc/COPYRIGHT.html \ $(CLOSED_DIR)/doc/README.txt \ $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy cd $(JCE_BUILD_DIR)/release ; \ $(ZIPEXE) -qr UnlimitedJCEPolicy.zip UnlimitedJCEPolicy $(release-warning)endif # OPENJDK# =====================================================# Install routines.### Install jce.jar, depending on which type is requested.#install-jar jar: $(JAR_DESTFILE)ifndef OPENJDK $(release-warning)endififdef OPENJDK$(JAR_DESTFILE): $(UNSIGNED_DIR)/jce.jarelse$(JAR_DESTFILE): $(SIGNED_DIR)/jce.jarendif $(install-file)## Install the appropriate policy file, depending on the type of build.#ifdef OPENJDKINSTALL_POLICYDIR = $(UNSIGNED_POLICY_BUILDDIR)elseINSTALL_POLICYDIR = $(SIGNED_POLICY_BUILDDIR)endifinstall-limited: \ $(INSTALL_POLICYDIR)/limited/US_export_policy.jar \ $(INSTALL_POLICYDIR)/limited/local_policy.jar $(MKDIR) -p $(POLICY_DESTDIR) $(RM) \ $(POLICY_DESTDIR)/US_export_policy.jar \ $(POLICY_DESTDIR)/local_policy.jar $(CP) $^ $(POLICY_DESTDIR)ifndef OPENJDK $(release-warning)endifinstall-unlimited: \ $(INSTALL_POLICYDIR)/unlimited/US_export_policy.jar \ $(INSTALL_POLICYDIR)/unlimited/local_policy.jar $(MKDIR) -p $(POLICY_DESTDIR) $(RM) \ $(POLICY_DESTDIR)/US_export_policy.jar \ $(POLICY_DESTDIR)/local_policy.jar $(CP) $^ $(POLICY_DESTDIR)ifndef OPENJDK $(release-warning)endififndef OPENJDKinstall-prebuilt: @$(ECHO) "\n>>>Installing prebuilt JCE framework..." $(RM) $(JAR_DESTFILE) \ $(POLICY_DESTDIR)/US_export_policy.jar \ $(POLICY_DESTDIR)/local_policy.jar $(CP) $(PREBUILT_DIR)/jce/jce.jar $(JAR_DESTFILE) $(CP) \ $(PREBUILT_DIR)/jce/US_export_policy.jar \ $(PREBUILT_DIR)/jce/local_policy.jar \ $(POLICY_DESTDIR)endif# =====================================================# Support routines.#clobber clean:: $(RM) -r $(JAR_DESTFILE) $(POLICY_DESTDIR)/US_export_policy.jar \ $(POLICY_DESTDIR)/local_policy.jar $(DELETE_DIRS) $(TEMPDIR) \ $(JCE_BUILD_DIR).PHONY: build-jar jar build-policy unlimited limited install-jar \ install-limited install-unlimitedifndef OPENJDK.PHONY: sign sign-jar sign-policy obfus release install-prebuiltendif