JDK building from source - Prevent user name leaking into the generated binary?
Jaikiran Pai
jai.forums2013 at gmail.com
Mon Jan 11 07:58:39 UTC 2021
Hello David,
On 11/01/21 12:02 pm, David Holmes wrote:
> Hi Jaikiran,
>
> On 11/01/2021 2:43 pm, Jaikiran Pai wrote:
>> I build the JDK from source using "make images". When I use that JDK
>> binary, the user name of the user who built the binary "leaks" into
>> some of the runtime system properties and (of course as a result)
>> into the output of java -version. Here's the output of java -version
>> of such a built JDK:
>>
>>
>> openjdk version "16-internal" 2021-03-16
>> OpenJDK Runtime Environment (build 16-internal+0-adhoc.jaikiran.jdk16)
>> OpenJDK 64-Bit Server VM (build 16-internal+0-adhoc.jaikiran.jdk16,
>> mixed mode, sharing)
>>
>>
>> Notice the "jaikiran" in that output - that's the user name who built
>> the JDK. Furthermore, this also ends up in runtime properties like:
>>
>>
>> java.runtime.version = 16-internal+0-adhoc.jaikiran.jdk16
>> ...
>> java.vm.version = 16-internal+0-adhoc.jaikiran.jdk16
>>
>>
>> Is there a way/option that I can use while building the JDK that will
>> prevent this user name leaking into the built binary?
>
> Yes. You have full control over the version string at configure time.
> See:
>
> make/autoconf/jdk-version.m4
>
> As the format of the version string is controlled by a JEP and has a
> lot of rules there are actually quite a number of configure flags that
> can affect the version string. Your simplest option may just be to use
> --with-version-string="your version string".
Thank you for pointing to me that file. Yes, this option is good enough
for me to override the default one.
>
>> Better still can that option be the default?
>
> Not in my opinion. :) We find it useful to see what binary was used in
> detail.
Fair enough :)
-Jaikiran
More information about the build-dev
mailing list