JDK building from source - Prevent user name leaking into the generated binary?
David Holmes
david.holmes at oracle.com
Mon Jan 11 06:32:57 UTC 2021
Hi Jaikiran,
On 11/01/2021 2:43 pm, Jaikiran Pai wrote:
> I build the JDK from source using "make images". When I use that JDK
> binary, the user name of the user who built the binary "leaks" into some
> of the runtime system properties and (of course as a result) into the
> output of java -version. Here's the output of java -version of such a
> built JDK:
>
>
> openjdk version "16-internal" 2021-03-16
> OpenJDK Runtime Environment (build 16-internal+0-adhoc.jaikiran.jdk16)
> OpenJDK 64-Bit Server VM (build 16-internal+0-adhoc.jaikiran.jdk16,
> mixed mode, sharing)
>
>
> Notice the "jaikiran" in that output - that's the user name who built
> the JDK. Furthermore, this also ends up in runtime properties like:
>
>
> java.runtime.version = 16-internal+0-adhoc.jaikiran.jdk16
> ...
> java.vm.version = 16-internal+0-adhoc.jaikiran.jdk16
>
>
> Is there a way/option that I can use while building the JDK that will
> prevent this user name leaking into the built binary?
Yes. You have full control over the version string at configure time. See:
make/autoconf/jdk-version.m4
As the format of the version string is controlled by a JEP and has a lot
of rules there are actually quite a number of configure flags that can
affect the version string. Your simplest option may just be to use
--with-version-string="your version string".
If you like most of the defaults but not the user name you may be able
to override that simply by changing USER in your environment when
running configure.
> Better still can that option be the default?
Not in my opinion. :) We find it useful to see what binary was used in
detail.
Cheers,
David
>
> -Jaikiran
>
>
More information about the build-dev
mailing list