Mercurial Mercurial > jdk-sandbox / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
jdk/make/SignJars.gmk
changeset 21805 c7d7946239de
parent 21128 2a7460bba7a5
child 21847 8d279ff7e53e
equal deleted inserted replaced
21804:07b686da11c4 21805:c7d7946239de 
       
     1 #
 
       
     2 # Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved.
 
       
     3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 
       
     4 #
 
       
     5 # This code is free software; you can redistribute it and/or modify it
 
       
     6 # under the terms of the GNU General Public License version 2 only, as
 
       
     7 # published by the Free Software Foundation.  Oracle designates this
 
       
     8 # particular file as subject to the "Classpath" exception as provided
 
       
     9 # by Oracle in the LICENSE file that accompanied this code.
 
       
    10 #
 
       
    11 # This code is distributed in the hope that it will be useful, but WITHOUT
 
       
    12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 
       
    13 # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 
       
    14 # version 2 for more details (a copy is included in the LICENSE file that
 
       
    15 # accompanied this code).
 
       
    16 #
 
       
    17 # You should have received a copy of the GNU General Public License version
 
       
    18 # 2 along with this work; if not, write to the Free Software Foundation,
 
       
    19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 
       
    20 #
 
       
    21 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 
       
    22 # or visit www.oracle.com if you need additional information or have any
 
       
    23 # questions.
 
       
    24 #
 
       
    25 
       
    26 include $(SPEC)
 
       
    27 include MakeBase.gmk
 
       
    28 
       
    29 # (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Oracle JDK
 
       
    30 # builds respectively.)
 
       
    31 #
 
       
    32 # JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE
 
       
    33 # jar files do not require signing, but those for JDK do. If an unsigned
 
       
    34 # jar file is installed into JDK, things will break when the crypto
 
       
    35 # routines are called.
 
       
    36 #
 
       
    37 # All jars are created in CreateJars.gmk. This Makefile does the signing
 
       
    38 # of the jars for JDK.
 
       
    39 #
 
       
    40 # For JDK, the binaries use pre-built/pre-signed binary files stored in
 
       
    41 # the closed workspace that are not shipped in the OpenJDK workspaces.
 
       
    42 # We still build the JDK files to verify the files compile, and in
 
       
    43 # preparation for possible signing. Developers working on JCE in JDK
 
       
    44 # must sign the JCE files before testing. The JCE signing key is kept
 
       
    45 # separate from the JDK workspace to prevent its disclosure.
 
       
    46 #
 
       
    47 # SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
 
       
    48 # be built, signed, and then the resulting jar files MUST BE CHECKED
 
       
    49 # INTO THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT
 
       
    50 # BE FORGOTTEN*, otherwise a bug fixed in the source code will not be
 
       
    51 # reflected in the shipped binaries. The "sign-jars" target in the top
 
       
    52 # level Makefile should be used to generate the required files.
 
       
    53 #
 
       
    54 
       
    55 # Default target
 
       
    56 all:
 
       
    57 
       
    58 ifndef OPENJDK
 
       
    59 
       
    60 README-MAKEFILE_WARNING := \
 
       
    61     "\nPlease read make/SignJars.gmk for further build instructions.\n"
 
       
    62 
       
    63 #
 
       
    64 # Location for JCE codesigning key.
 
       
    65 #
 
       
    66 SIGNING_KEY_DIR := /security/ws/JCE-signing/src
 
       
    67 SIGNING_KEYSTORE := $(SIGNING_KEY_DIR)/KeyStore.jks
 
       
    68 SIGNING_PASSPHRASE := $(SIGNING_KEY_DIR)/passphrase.txt
 
       
    69 SIGNING_ALIAS := oracle_jce_rsa
 
       
    70 
       
    71 #
 
       
    72 # Defines for signing the various jar files.
 
       
    73 #
 
       
    74 check-keystore:
 
       
    75 	@if [ ! -f $(SIGNING_KEYSTORE) -o ! -f $(SIGNING_PASSPHRASE) ]; then \
 
       
    76 	  $(PRINTF) "\n$(SIGNING_KEYSTORE): Signing mechanism *NOT* available..."; \
 
       
    77 	  $(PRINTF) $(README-MAKEFILE_WARNING); \
 
       
    78 	  exit 2; \
 
       
    79 	fi
 
       
    80 
       
    81 $(JCE_OUTPUTDIR)/%: $(JDK_OUTPUTDIR)/unsigned/%
 
       
    82 	$(call install-file)
 
       
    83 	$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \
 
       
    84 	    $@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)
 
       
    85 	@$(PRINTF) "\nJar codesigning finished.\n"
 
       
    86 
       
    87 JAR_LIST := jce.jar \
 
       
    88     local_policy.jar \
 
       
    89     sunec.jar \
 
       
    90     sunjce_provider.jar \
 
       
    91     sunpkcs11.jar \
 
       
    92     US_export_policy.jar
 
       
    93 
       
    94 SIGNED_JARS := $(addprefix $(JCE_OUTPUTDIR)/,$(JAR_LIST))
 
       
    95 
       
    96 $(SIGNED_JARS): check-keystore
 
       
    97 
       
    98 all: $(SIGNED_JARS)
 
       
    99 	@$(PRINTF) "\n***The jar files built by the 'jar-sign' target must***"
 
       
   100 	@$(PRINTF) "\n***still be checked into the closed workspace!***"
 
       
   101 	@$(PRINTF) $(README-MAKEFILE_WARNING)
 
       
   102 
       
   103 endif # !OPENJDK
jdk-sandbox