--- a/jdk/make/CreateSecurityJars.gmk Wed Dec 04 17:37:25 2013 -0800
+++ b/jdk/make/CreateSecurityJars.gmk Thu Dec 05 09:25:31 2013 +0100
@@ -54,7 +54,7 @@
##########################################################################################
# For security and crypto jars, always build the jar, but for closed, install the prebuilt
# signed version instead of the newly built jar. Unsigned jars are treated as intermediate
-# targets and explicitly added to the JARS list. For open, signing is not needed. See
+# targets and explicitly added to the TARGETS list. For open, signing is not needed. See
# SignJars.gmk for more information.
#
# The source for the crypto jars is not available for all licensees. The BUILD_CRYPTO
@@ -63,7 +63,7 @@
# other way to get the jars than to build them.
SUNPKCS11_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunpkcs11.jar
-SUNPKCS11_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunpkcs11.jar
+SUNPKCS11_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunpkcs11.jar
$(eval $(call SetupArchive,BUILD_SUNPKCS11_JAR, , \
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
@@ -78,19 +78,19 @@
ifndef OPENJDK
SUNPKCS11_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/pkcs11/sunpkcs11.jar
$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_SRC)
- @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunPKCS11 provider..."
+ @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
$(SUNPKCS11_JAR_DST): $(SUNPKCS11_JAR_UNSIGNED)
$(install-file)
endif
-JARS += $(SUNPKCS11_JAR_UNSIGNED) $(SUNPKCS11_JAR_DST)
+TARGETS += $(SUNPKCS11_JAR_UNSIGNED) $(SUNPKCS11_JAR_DST)
##########################################################################################
SUNEC_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunec.jar
-SUNEC_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunec.jar
+SUNEC_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunec.jar
$(eval $(call SetupArchive,BUILD_SUNEC_JAR, , \
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
@@ -105,19 +105,19 @@
ifndef OPENJDK
SUNEC_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ec/sunec.jar
$(SUNEC_JAR_DST): $(SUNEC_JAR_SRC)
- @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunEC provider..."
+ @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
$(SUNEC_JAR_DST): $(SUNEC_JAR_UNSIGNED)
$(install-file)
endif
-JARS += $(SUNEC_JAR_UNSIGNED) $(SUNEC_JAR_DST)
+TARGETS += $(SUNEC_JAR_UNSIGNED) $(SUNEC_JAR_DST)
##########################################################################################
SUNJCE_PROVIDER_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunjce_provider.jar
-SUNJCE_PROVIDER_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunjce_provider.jar
+SUNJCE_PROVIDER_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunjce_provider.jar
ifneq ($(BUILD_CRYPTO), no)
$(eval $(call SetupArchive,BUILD_SUNJCE_PROVIDER_JAR, , \
@@ -130,25 +130,25 @@
$(SUNJCE_PROVIDER_JAR_UNSIGNED): $(JCE_MANIFEST)
- JARS += $(SUNJCE_PROVIDER_JAR_UNSIGNED)
+ TARGETS += $(SUNJCE_PROVIDER_JAR_UNSIGNED)
endif
ifndef OPENJDK
SUNJCE_PROVIDER_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/sunjce_provider.jar
$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_SRC)
- @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunJCE provider..."
+ @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
$(SUNJCE_PROVIDER_JAR_DST): $(SUNJCE_PROVIDER_JAR_UNSIGNED)
$(install-file)
endif
-JARS += $(SUNJCE_PROVIDER_JAR_DST)
+TARGETS += $(SUNJCE_PROVIDER_JAR_DST)
##########################################################################################
JCE_JAR_DST := $(JDK_OUTPUTDIR)/lib/jce.jar
-JCE_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/jce.jar
+JCE_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/jce.jar
ifneq ($(BUILD_CRYPTO), no)
$(eval $(call SetupArchive,BUILD_JCE_JAR, , \
@@ -161,36 +161,43 @@
$(JCE_JAR_UNSIGNED): $(JCE_MANIFEST)
- JARS += $(JCE_JAR_UNSIGNED)
+ TARGETS += $(JCE_JAR_UNSIGNED)
endif
ifndef OPENJDK
JCE_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/jce/jce.jar
$(JCE_JAR_DST): $(JCE_JAR_SRC)
- @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt jce.jar..."
+ @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
$(JCE_JAR_DST): $(JCE_JAR_UNSIGNED)
$(install-file)
endif
-JARS += $(JCE_JAR_DST)
+TARGETS += $(JCE_JAR_DST)
##########################################################################################
US_EXPORT_POLICY_JAR_DST := $(JDK_OUTPUTDIR)/lib/security/US_export_policy.jar
-US_EXPORT_POLICY_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/US_export_policy.jar
ifneq ($(BUILD_CRYPTO), no)
+
+ US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/limited/US_export_policy.jar
+ US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/US_export_policy.jar
+
#
# TODO fix so that SetupArchive does not write files into SRCS
# then we don't need this extra copying
#
# NOTE: We currently do not place restrictions on our limited export
- # policy. This was not a typo.
+ # policy. This was not a typo. This means we are shipping the same file
+ # for both limimted and unlimited US_export_policy.jar.
#
US_EXPORT_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited
- US_EXPORT_POLICY_JAR_TMP := $(JDK_OUTPUTDIR)/US_export_policy_jar.tmp
+ US_EXPORT_POLICY_JAR_TMP := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/US_export_policy_jar.tmp
$(US_EXPORT_POLICY_JAR_TMP)/%: $(US_EXPORT_POLICY_JAR_SRC_DIR)/%
$(install-file)
@@ -200,77 +207,113 @@
$(eval $(call SetupArchive,BUILD_US_EXPORT_POLICY_JAR, $(US_EXPORT_POLICY_JAR_DEPS), \
SRCS := $(US_EXPORT_POLICY_JAR_TMP), \
SUFFIXES := .policy, \
- JAR := $(US_EXPORT_POLICY_JAR_UNSIGNED), \
+ JAR := $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED), \
EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
SKIP_METAINF := true))
- JARS += $(US_EXPORT_POLICY_JAR_UNSIGNED)
+ $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED)
+ $(ECHO) $(LOG_INFO) Copying unlimited $(patsubst $(OUTPUT_ROOT)/%,%,$@)
+ $(install-file)
+
+ TARGETS += $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED) \
+ $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED)
endif
ifndef OPENJDK
+ ifeq ($(UNLIMITED_CRYPTO), true)
+ $(error No prebuilt unlimited crypto jars available)
+ endif
$(US_EXPORT_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/US_export_policy.jar
- $(ECHO) $(LOG_INFO) Copying $(@F)
+ $(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
- $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNSIGNED)
+ ifeq ($(UNLIMITED_CRYPTO), true)
+ $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_UNLIMITED_UNSIGNED)
$(install-file)
+ else
+ $(US_EXPORT_POLICY_JAR_DST): $(US_EXPORT_POLICY_JAR_LIMITED_UNSIGNED)
+ $(install-file)
+ endif
endif
-JARS += $(US_EXPORT_POLICY_JAR_DST)
+TARGETS += $(US_EXPORT_POLICY_JAR_DST)
##########################################################################################
LOCAL_POLICY_JAR_DST := $(JDK_OUTPUTDIR)/lib/security/local_policy.jar
-LOCAL_POLICY_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/local_policy.jar
ifneq ($(BUILD_CRYPTO), no)
+
+ LOCAL_POLICY_JAR_LIMITED_UNSIGNED := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/limited/local_policy.jar
+ LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/local_policy.jar
+
#
# TODO fix so that SetupArchive does not write files into SRCS
# then we don't need this extra copying
#
- LOCAL_POLICY_JAR_TMP := $(JDK_OUTPUTDIR)/local_policy_jar.tmp
+ LOCAL_POLICY_JAR_LIMITED_TMP := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/limited/local_policy_jar.tmp
+ LOCAL_POLICY_JAR_UNLIMITED_TMP := \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/local_policy_jar.tmp
- ifeq ($(UNLIMITED_CRYPTO), true)
- LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited
- LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/default_local.policy
- LOCAL_POLICY_JAR_ATTR := Crypto-Strength: unlimited
- else
- LOCAL_POLICY_JAR_SRC_DIR := $(JDK_TOPDIR)/make/data/cryptopolicy/limited
- LOCAL_POLICY_JAR_DEPS := $(LOCAL_POLICY_JAR_TMP)/exempt_local.policy \
- $(LOCAL_POLICY_JAR_TMP)/default_local.policy
- LOCAL_POLICY_JAR_ATTR := Crypto-Strength: limited
- endif
+ $(LOCAL_POLICY_JAR_LIMITED_TMP)/%: $(JDK_TOPDIR)/make/data/cryptopolicy/limited/%
+ $(install-file)
- $(LOCAL_POLICY_JAR_TMP)/%: $(LOCAL_POLICY_JAR_SRC_DIR)/%
+ $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/%: $(JDK_TOPDIR)/make/data/cryptopolicy/unlimited/%
$(install-file)
- $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR, $(LOCAL_POLICY_JAR_DEPS), \
- SRCS := $(LOCAL_POLICY_JAR_TMP), \
+ $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_LIMITED, \
+ $(LOCAL_POLICY_JAR_LIMITED_TMP)/exempt_local.policy \
+ $(LOCAL_POLICY_JAR_LIMITED_TMP)/default_local.policy, \
+ SRCS := $(LOCAL_POLICY_JAR_LIMITED_TMP), \
SUFFIXES := .policy, \
- JAR := $(LOCAL_POLICY_JAR_UNSIGNED), \
- EXTRA_MANIFEST_ATTR := $(LOCAL_POLICY_JAR_ATTR), \
+ JAR := $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED), \
+ EXTRA_MANIFEST_ATTR := Crypto-Strength: limited, \
SKIP_METAINF := true))
- JARS += $(LOCAL_POLICY_JAR_UNSIGNED)
+ $(eval $(call SetupArchive,BUILD_LOCAL_POLICY_JAR_UNLIMITED, \
+ $(LOCAL_POLICY_JAR_UNLIMITED_TMP)/default_local.policy, \
+ SRCS := $(LOCAL_POLICY_JAR_UNLIMITED_TMP), \
+ SUFFIXES := .policy, \
+ JAR := $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED), \
+ EXTRA_MANIFEST_ATTR := Crypto-Strength: unlimited, \
+ SKIP_METAINF := true))
+
+ TARGETS += $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED) $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED)
+
+ ifndef OPENJDK
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt: \
+ $(JDK_TOPDIR)/make/closed/javax/crypto/doc/README.txt
+ $(install-file)
+
+ TARGETS += $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt
+ endif
endif
ifndef OPENJDK
$(LOCAL_POLICY_JAR_DST): $(JDK_TOPDIR)/make/closed/tools/crypto/jce/local_policy.jar
- $(ECHO) $(LOG_INFO) Copying $(@F)
+ $(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
- $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNSIGNED)
+ ifeq ($(UNLIMITED_CRYPTO), true)
+ $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_UNLIMITED_UNSIGNED)
$(install-file)
+ else
+ $(LOCAL_POLICY_JAR_DST): $(LOCAL_POLICY_JAR_LIMITED_UNSIGNED)
+ $(install-file)
+ endif
endif
-JARS += $(LOCAL_POLICY_JAR_DST)
+TARGETS += $(LOCAL_POLICY_JAR_DST)
##########################################################################################
ifeq ($(OPENJDK_TARGET_OS), windows)
SUNMSCAPI_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/sunmscapi.jar
- SUNMSCAPI_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/sunmscapi.jar
+ SUNMSCAPI_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/sunmscapi.jar
$(eval $(call SetupArchive,BUILD_SUNMSCAPI_JAR, , \
SRCS := $(JDK_OUTPUTDIR)/classes_security, \
@@ -285,14 +328,14 @@
ifndef OPENJDK
SUNMSCAPI_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/mscapi/sunmscapi.jar
$(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_SRC)
- @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt SunMSCAPI provider..."
+ @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
else
$(SUNMSCAPI_JAR_DST): $(SUNMSCAPI_JAR_UNSIGNED)
$(install-file)
endif
- JARS += $(SUNMSCAPI_JAR_UNSIGNED) $(SUNMSCAPI_JAR_DST)
+ TARGETS += $(SUNMSCAPI_JAR_UNSIGNED) $(SUNMSCAPI_JAR_DST)
endif
@@ -302,7 +345,7 @@
ifndef OPENJDK
UCRYPTO_JAR_DST := $(JDK_OUTPUTDIR)/lib/ext/ucrypto.jar
- UCRYPTO_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/unsigned/ucrypto.jar
+ UCRYPTO_JAR_UNSIGNED := $(JDK_OUTPUTDIR)/jce/unsigned/ucrypto.jar
UCRYPTO_JAR_SRC := $(JDK_TOPDIR)/make/closed/tools/crypto/ucrypto/ucrypto.jar
$(eval $(call SetupArchive,BUILD_UCRYPTO_JAR, , \
@@ -316,14 +359,14 @@
$(UCRYPTO_JAR_UNSIGNED): $(JCE_MANIFEST)
$(UCRYPTO_JAR_DST): $(UCRYPTO_JAR_SRC)
- @$(ECHO) $(LOG_INFO) "\n>>>Installing prebuilt OracleUcrypto provider..."
+ @$(ECHO) $(LOG_INFO) Copying prebuilt $(@F)
$(install-file)
- JARS += $(UCRYPTO_JAR_UNSIGNED) $(UCRYPTO_JAR_DST)
+ TARGETS += $(UCRYPTO_JAR_UNSIGNED) $(UCRYPTO_JAR_DST)
endif
endif
-all: $(JARS)
+all: $(TARGETS)
.PHONY: default all
--- a/jdk/make/SignJars.gmk Wed Dec 04 17:37:25 2013 -0800
+++ b/jdk/make/SignJars.gmk Thu Dec 05 09:25:31 2013 +0100
@@ -80,7 +80,7 @@
exit 2; \
fi
-$(JCE_OUTPUTDIR)/%: $(JDK_OUTPUTDIR)/unsigned/%
+$(JDK_OUTPUTDIR)/jce/signed/%: $(JDK_OUTPUTDIR)/jce/unsigned/%
$(call install-file)
$(JARSIGNER) -keystore $(SIGNING_KEYSTORE) \
$@ $(SIGNING_ALIAS) < $(SIGNING_PASSPHRASE)
@@ -88,26 +88,33 @@
JAR_LIST := \
jce.jar \
- local_policy.jar \
+ policy/limited/local_policy.jar \
+ policy/limited/US_export_policy.jar \
+ policy/unlimited/local_policy.jar \
+ policy/unlimited/US_export_policy.jar \
sunec.jar \
sunjce_provider.jar \
sunpkcs11.jar \
- US_export_policy.jar \
sunmscapi.jar \
ucrypto.jar \
#
-UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/unsigned/, $(JAR_LIST)))
+UNSIGNED_JARS := $(wildcard $(addprefix $(JDK_OUTPUTDIR)/jce/unsigned/, $(JAR_LIST)))
ifeq ($(UNSIGNED_JARS), )
- $(error No jars found in $(JDK_OUTPUTDIR)/unsigned/)
+ $(error No jars found in $(JDK_OUTPUTDIR)/jce/unsigned/)
endif
-SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/unsigned/%,$(JCE_OUTPUTDIR)/%, $(UNSIGNED_JARS))
+SIGNED_JARS := $(patsubst $(JDK_OUTPUTDIR)/jce/unsigned/%,$(JDK_OUTPUTDIR)/jce/signed/%, \
+ $(UNSIGNED_JARS))
$(SIGNED_JARS): check-keystore
-all: $(SIGNED_JARS)
+$(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt: \
+ $(JDK_OUTPUTDIR)/jce/unsigned/policy/unlimited/README.txt
+ $(install-file)
+
+all: $(SIGNED_JARS) $(JDK_OUTPUTDIR)/jce/signed/policy/unlimited/README.txt
@$(PRINTF) "\n*** The jar files built by the 'sign-jars' target are developer ***"
@$(PRINTF) "\n*** builds only and *MUST NOT* be checked into the closed workspace. ***"
@$(PRINTF) "\n*** ***"