jdk/make/javax/crypto/Makefile
author duke
Sat, 01 Dec 2007 00:00:00 +0000
changeset 2 90ce3da70b43
child 300 d4f77ff718fd
permissions -rw-r--r--
Initial load

#
# Copyright 2007 Sun Microsystems, Inc.  All Rights Reserved.
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
#
# This code is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License version 2 only, as
# published by the Free Software Foundation.  Sun designates this
# particular file as subject to the "Classpath" exception as provided
# by Sun in the LICENSE file that accompanied this code.
#
# This code is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# version 2 for more details (a copy is included in the LICENSE file that
# accompanied this code).
#
# You should have received a copy of the GNU General Public License version
# 2 along with this work; if not, write to the Free Software Foundation,
# Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
# Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
# CA 95054 USA or visit www.sun.com if you need additional information or
# have any questions.
#

#
# Makefile for building jce.jar and the various cryptographic strength
# policy jar files.
#

#
# (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Sun JDK builds
# respectively.)
#
# JCE builds are very different between OpenJDK and JDK.  The OpenJDK JCE
# jar files do not require signing, but those for JDK do.  If an unsigned
# jar file is installed into JDK, things will break when the crypto
# routines are called.
#
# This Makefile does the "real" build of the JCE files.  There are some
# javac options currently specific to JCE, so we recompile now to make
# sure any implicit compilations didn't use any incorrect flags.
#
# For OpenJDK, the jar files built here are installed directly into the
# OpenJDK.
#
# For JDK, the binaries use pre-built/pre-signed/pre-obfuscated binary
# files stored in the closed workspace that are not shipped in the
# OpenJDK workspaces.  We still build the JDK files here to verify the
# files compile, and in preparation for possible signing and
# obfuscation.  Developers working on JCE in JDK must sign the JCE files
# before testing: obfuscation is optional during development.  The JCE
# signing key is kept separate from the JDK workspace to prevent its
# disclosure.  The obfuscation tool has not been licensed for general
# usage.
#
# SPECIAL NOTE TO JCE/JDK developers:  The source files must eventually
# be built, obfuscated, signed, and the resulting jar files *MUST BE
# CHECKED INTO THE CLOSED PART OF THE WORKSPACE*.  This separate step
# *MUST NOT BE FORGOTTEN*, otherwise a bug fixed in the source code will
# not be reflected in the shipped binaries.  The "release" target should
# be used to generate the required files.
#
# There are a number of targets to help both JDK/OpenJDK developers.
#
# Main Targets (JDK/OPENJDK):
#
#     all/clobber/clean		The usual.
#				    If OpenJDK, installs
#					jce.jar/limited policy files.
#				    If JDK, installs prebuilt
#					jce.jar/limited policy files.
#
#     jar			Builds/installs jce.jar
#				    If OpenJDK, does not sign
#				    If JDK, tries to sign
#
# Other lesser-used Targets (JDK/OPENJDK):
#
#     build-jar			Builds jce.jar (does not sign/install)
#
#     build-policy		Builds policy files (does not sign/install)
#
#     install-jar		Alias for "jar" above
#
#     install-limited		Builds/installs limited policy files
#				    If OpenJDK, does not sign
#				    If JDK, tries to sign
#     install-unlimited		Builds/nstalls unlimited policy files
#				    If OpenJDK, does not sign
#				    If JDK, tries to sign
#
# Other targets (JDK only):
#
#     sign			Alias for sign-jar and sign-policy
#	  sign-jar		Builds/signs jce.jar file (no install)
#	  sign-policy		Builds/signs policy files (no install)
#
#     obfus			Builds/obfuscates/signs/installs jce.jar
#
#     release			Builds all targets in preparation
#				for workspace integration.
#
#     install-prebuilt		Installs the pre-built jar files
#
# This makefile was written to support parallel target execution.
#

BUILDDIR = ../..
PACKAGE = javax.crypto
PRODUCT = sun

include $(BUILDDIR)/common/Defs.gmk
include Defs-jce.gmk

#
# Location for the newly built classfiles.
#
CLASSDESTDIR = $(TEMPDIR)/classes

#
# Subdirectories of these are automatically included.
#
AUTO_FILES_JAVA_DIRS = \
    javax/crypto \
    sun/security/internal/interfaces \
    sun/security/internal/spec

include $(BUILDDIR)/common/Classes.gmk

#
# Rules
#

#
# Some licensees do not get the security sources, but we still need to
# be able to build "all" for them.  Check here to see if the sources were
# available.  If not, then we don't need to continue this rule.
#

ifdef OPENJDK
all: build-jar install-jar build-policy install-limited
else  # OPENJDK
ifeq ($(strip $(FILES_java)),)
all:
	$(no-source-warning)
else  # FILES_java/policy files available
all: build-jar build-policy
	$(build-warning)
endif # $(FILES_java)/policy files available
endif # OPENJDK

#
# We use a variety of subdirectories in the $(TEMPDIR) depending on what
# part of the build we're doing.  Both OPENJDK/JDK builds are initially
# done in the unsigned area.  When files are signed or obfuscated in JDK,
# they will be placed in the appropriate areas.
#
UNSIGNED_DIR = $(TEMPDIR)/unsigned


# =====================================================
# Build the unsigned jce.jar file.  Signing/obfuscation comes later.
#

JAR_DESTFILE = $(LIBDIR)/jce.jar

#
# JCE building is somewhat involved.
#
# OpenJDK:  Since we do not ship prebuilt JCE files, previous compiles
# in the build may have needed JCE class signatures.  There were then
# implicitly built by javac (likely using the boot javac).  While using
# those class files was fine for signatures, we need to rebuild using
# the right compiler.
#
# JDK:  Even through the jce.jar was previously installed, since the
# source files are accessible in the source directories, they will
# always be "newer" than the prebuilt files inside the jar, and thus
# make will always rebuild them.  (We could "hide" the JCE source in a
# separate directory, but that would make the build logic for JDK and
# OpenJDK more complicated.)
#
# Thus in either situation, we shouldn't use these files.
#
# To make sure the classes were built with the right compiler options,
# delete the existing files in $(CLASSBINDIR), rebuild the right way in a
# directory under $(TEMPDIR), then copy the files back to
# $(CLASSBINDIR).   Building in $(TEMPDIR) allows us to use our make
# infrastructure without modification:  .classes.list, macros, etc.
#

#
# The list of directories that will be remade from scratch, using the
# right compilers/options.
#
DELETE_DIRS = $(patsubst %, $(CLASSBINDIR)/%, $(AUTO_FILES_JAVA_DIRS))

#
# Since the -C option to jar is used below, each directory entry must be
# preceded with the appropriate directory to "cd" into.
#
JAR_DIRS = $(patsubst %, -C $(CLASSDESTDIR) %, $(AUTO_FILES_JAVA_DIRS))

build-jar: $(UNSIGNED_DIR)/jce.jar

#
# Build jce.jar, then replace the previously built JCE files in the
# classes directory with these.  This ensures we have consistently built
# files throughout the workspaces.
#
$(UNSIGNED_DIR)/jce.jar: prebuild build $(JCE_MANIFEST_FILE)
	$(prep-target)
	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \
	    $(JAR_JFLAGS)
	$(CP) -r $(CLASSDESTDIR)/* $(CLASSBINDIR)
	@$(java-vm-cleanup)

build: prebuild

prebuild:
	$(RM) -r $(DELETE_DIRS)


# =====================================================
# Build the unsigned policy files.
#
# Given the current state of world export/import policies,
# these settings work for Sun's situation.  This note is not
# legal guidance, you must still resolve any export/import issues
# applicable for your situation.  Contact your export/import
# counsel for more information.
#

POLICY_DESTDIR			= $(LIBDIR)/security
UNSIGNED_POLICY_BUILDDIR	= $(UNSIGNED_DIR)/policy

build-policy: unlimited limited

#
# Build the unsigned unlimited policy files.
#
unlimited: \
	    $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar	\
	    $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar

$(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar:		\
	    policy/unlimited/default_US_export.policy			\
	    policy/unlimited/UNLIMITED
	$(prep-target)
	$(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@		\
	    -C policy/unlimited default_US_export.policy		\
	    $(JAR_JFLAGS)
	@$(java-vm-cleanup)

$(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar:			\
	    policy/unlimited/default_local.policy			\
	    policy/unlimited/UNLIMITED
	$(prep-target)
	$(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@		\
	    -C policy/unlimited default_local.policy			\
	    $(JAR_JFLAGS)
	@$(java-vm-cleanup)

#
# Build the unsigned limited policy files.
#
# NOTE:  We currently do not place restrictions on our limited export
# policy.  This was not a typo.
#
limited: \
	    $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar	\
	    $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar

$(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar:		\
	    $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar
	$(install-file)

$(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar:			\
	    policy/limited/default_local.policy				\
	    policy/limited/exempt_local.policy				\
	    policy/limited/LIMITED
	$(prep-target)
	$(BOOT_JAR_CMD) cmf policy/limited/LIMITED $@			\
	    -C policy/limited default_local.policy			\
	    -C policy/limited exempt_local.policy			\
	    $(JAR_JFLAGS)
	@$(java-vm-cleanup)

UNSIGNED_POLICY_FILES = \
    $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar		\
    $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar		\
    $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar		\
    $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar		\


ifndef OPENJDK
# =====================================================
# Sign the various jar files.  Not needed for OpenJDK.
#

SIGNED_DIR		= $(TEMPDIR)/signed
SIGNED_POLICY_BUILDDIR	= $(SIGNED_DIR)/policy

SIGNED_POLICY_FILES = \
    $(patsubst $(UNSIGNED_POLICY_BUILDDIR)/%,$(SIGNED_POLICY_BUILDDIR)/%, \
	$(UNSIGNED_POLICY_FILES))

sign: sign-jar sign-policy

sign-jar: $(SIGNED_DIR)/jce.jar

sign-policy: $(SIGNED_POLICY_FILES)

$(SIGNED_DIR)/jce.jar: $(UNSIGNED_DIR)/jce.jar
	$(sign-file)

$(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar:	\
$(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar
	$(sign-file)

$(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar:		\
$(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar
	$(sign-file)

$(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar:		\
$(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar
	$(sign-file)

$(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar:		\
$(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar
	$(sign-file)


# =====================================================
# Obfuscate/sign/install the JDK build.  Not needed for OpenJDK.
#

OBFUS_DIR = $(TEMPDIR)/obfus

CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto

obfus: $(OBFUS_DIR)/jce.jar
	$(release-warning)

$(OBFUS_DIR)/jce.jar: build-jar $(JCE_MANIFEST_FILE)
	$(presign)
	$(preobfus)
	@$(ECHO) ">>>Obfuscating JCE framework..."
	$(prep-target)
	$(CD) $(OBFUS_DIR); \
	$(OBFUSCATOR) -fv \
	    $(CURRENT_DIRECTORY)/$(CLOSED_DIR)/obfus/framework.dox
	@$(CD) $(OBFUS_DIR); $(java-vm-cleanup)
	@# The sun.security.internal classes are currently not obfuscated
	@# due to an obfus problem. Manually copy them to the build directory
	@# so that they are included in the jce.jar file.
	$(CP) -r $(CLASSDESTDIR)/sun $(OBFUS_DIR)/build
	$(RM) $(UNSIGNED_DIR)/jce.jar
	$(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@	\
	    -C $(OBFUS_DIR)/build javax			\
	    -C $(OBFUS_DIR)/build sun			\
	    $(JAR_JFLAGS)
	$(sign-target)
	$(MKDIR) -p $(dir $(JAR_DESTFILE))
	$(RM) $(JAR_DESTFILE)
	$(CP) $@ $(JAR_DESTFILE)
	@$(java-vm-cleanup)

#
# The current obfuscator has a limitation in that it currently only
# supports up to v49 class file format.  Force v49 classfiles in our
# builds for now.
#
TARGET_CLASS_VERSION = 5


# =====================================================
# Create the Release Engineering files.  Obfuscated builds,
# unlimited policy file distribution, etc.
#

release: $(OBFUS_DIR)/jce.jar sign-policy
	$(RM) -r \
	    $(RELEASE_DIR)/UnlimitedJCEPolicy \
	    $(RELEASE_DIR)/jce.jar \
	    $(RELEASE_DIR)/US_export_policy.jar \
	    $(RELEASE_DIR)/local_policy.jar \
	    $(RELEASE_DIR)/UnlimitedJCEPolicy.zip
	$(MKDIR) -p $(RELEASE_DIR)/UnlimitedJCEPolicy
	$(CP) $(OBFUS_DIR)/jce.jar $(RELEASE_DIR)
	$(CP) -r \
	    $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \
	    $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \
	    $(RELEASE_DIR)
	$(CP) \
	    $(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \
	    $(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \
	    $(RELEASE_DIR)/UnlimitedJCEPolicy
	$(CP) $(CLOSED_DIR)/doc/COPYRIGHT.html \
	    $(CLOSED_DIR)/doc/README.txt $(RELEASE_DIR)/UnlimitedJCEPolicy
	cd $(RELEASE_DIR) ; \
	$(ZIPEXE) -qr UnlimitedJCEPolicy.zip UnlimitedJCEPolicy
	$(release-warning)

endif # OPENJDK


# =====================================================
# Install routines.
#

#
# Install jce.jar, depending on which type is requested.
#
install-jar jar: $(JAR_DESTFILE)
ifndef OPENJDK
	$(release-warning)
endif

ifdef OPENJDK
$(JAR_DESTFILE): $(UNSIGNED_DIR)/jce.jar
else
$(JAR_DESTFILE): $(SIGNED_DIR)/jce.jar
endif
	$(install-file)

#
# Install the appropriate policy file, depending on the type of build.
#
ifdef OPENJDK
INSTALL_POLICYDIR = $(UNSIGNED_POLICY_BUILDDIR)
else
INSTALL_POLICYDIR = $(SIGNED_POLICY_BUILDDIR)
endif

install-limited: \
	    $(INSTALL_POLICYDIR)/limited/US_export_policy.jar	\
	    $(INSTALL_POLICYDIR)/limited/local_policy.jar
	$(MKDIR) -p $(POLICY_DESTDIR)
	$(RM) \
	    $(POLICY_DESTDIR)/US_export_policy.jar		\
	    $(POLICY_DESTDIR)/local_policy.jar
	$(CP) $^ $(POLICY_DESTDIR)
ifndef OPENJDK
	$(release-warning)
endif

install-unlimited: \
	    $(INSTALL_POLICYDIR)/unlimited/US_export_policy.jar	\
	    $(INSTALL_POLICYDIR)/unlimited/local_policy.jar
	$(MKDIR) -p $(POLICY_DESTDIR)
	$(RM) \
	    $(POLICY_DESTDIR)/US_export_policy.jar		\
	    $(POLICY_DESTDIR)/local_policy.jar
	$(CP) $^ $(POLICY_DESTDIR)
ifndef OPENJDK
	$(release-warning)
endif

ifndef OPENJDK
install-prebuilt:
	@$(ECHO) "\n>>>Installing prebuilt JCE framework..."
	$(RM) $(JAR_DESTFILE) \
	    $(POLICY_DESTDIR)/US_export_policy.jar \
	    $(POLICY_DESTDIR)/local_policy.jar
	$(CP) $(PREBUILT_DIR)/jce/jce.jar $(JAR_DESTFILE)
	$(CP) \
	    $(PREBUILT_DIR)/jce/US_export_policy.jar \
	    $(PREBUILT_DIR)/jce/local_policy.jar \
	    $(POLICY_DESTDIR)
endif


# =====================================================
# Support routines.
#

clobber clean::
	$(RM) -r $(JAR_DESTFILE) $(POLICY_DESTDIR)/US_export_policy.jar \
	    $(POLICY_DESTDIR)/local_policy.jar $(DELETE_DIRS) $(TEMPDIR)

.PHONY: build-jar jar build-policy unlimited limited install-jar \
	install-limited install-unlimited
ifndef OPENJDK
.PHONY: sign sign-jar sign-policy obfus release install-prebuilt
endif