/hg/icedtea6: 3 new changesets
andrew at icedtea.classpath.org
andrew at icedtea.classpath.org
Wed Dec 18 06:51:42 PST 2013
changeset 7c63c22bfa05 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=7c63c22bfa05
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Dec 18 13:56:16 2013 +0000
PR1290: Ensure unlimited crypto policy is in place.
2013-06-05 Andrew John Hughes <gnu.andrew at member.fsf.org>
PR1290: Ensure unlimited crypto policy is in place.
* Makefile.am:
(CRYPTO_CHECK_BUILD_DIR): New variable.
(CRYPTO_CHECK_SRCS): Likewise.
(EXTRA_DIST): Add crypto check sources.
(.PHONY): Add new clean targets.
(icedtea-against-icedtea): Depend on check-crypto.
(clean-icedtea-against-icedtea): Depend on
clean-check-crypto.
(icedtea-debug-against-icedtea): Depend on
check-crypto-debug.
(clean-icedtea-debug-against-icedtea): Depend on
clean-check-crypto-debug.
(check-crypto): Run the crypto checker on a normal
stage 2 build.
(clean-check-crypto): Delete the check-crypto stamp.
(check-crypto-debug): Run the crypto checker on a
debug stage 2 build.
(clean-check-crypto-debug): Delete the
check-crypto-debug stamp.
(icedtea-against-ecj): Depend on
check-crypto-boot.
(clean-icedtea-against-ecj): Depend on
clean-check-crypto-boot.
(check-crypto-boot): Run the crypto checker on
the stage 1 build.
(clean-check-crypto-boot): Delete the
check-crypto-boot stamp.
(cryptocheck): Build the crypto checker.
(clean-cryptocheck): Revert cryptocheck.
* NEWS: Updated.
* TestCryptoLevel.java:
Checks whether the unlimited crypto policy is in
place or not.
changeset 7e1b45672b18 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=7e1b45672b18
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Dec 18 13:59:03 2013 +0000
Make clean-crypto targets depend on JDK being built.
2013-06-05 Andrew John Hughes <gnu.andrew at member.fsf.org>
* Makefile.am:
(check-crypto): Depend on icedtea.stamp.
(check-crypto-debug): Depend on icedtea-debug.stamp.
(clean-crypto-boot): Depend on icedtea-ecj.stamp.
changeset be0e350adea7 in /hg/icedtea6
details: http://icedtea.classpath.org/hg/icedtea6?cmd=changeset;node=be0e350adea7
author: Andrew John Hughes <gnu.andrew at redhat.com>
date: Wed Dec 18 14:01:07 2013 +0000
Actually invoke clean-cryptocheck.
2013-06-06 Andrew John Hughes <gnu.andrew at member.fsf.org>
* Makefile.am:
(.PHONY): Add clean-cryptocheck.
(clean-local): Likewise.
diffstat:
ChangeLog | 50 +++++++++++++++++++++++++++++++++
Makefile.am | 73 ++++++++++++++++++++++++++++++++++++++++++------
NEWS | 1 +
TestCryptoLevel.java | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 193 insertions(+), 9 deletions(-)
diffs (324 lines):
diff -r eeeac5962554 -r be0e350adea7 ChangeLog
--- a/ChangeLog Mon Dec 09 22:28:23 2013 +0000
+++ b/ChangeLog Wed Dec 18 14:01:07 2013 +0000
@@ -1,3 +1,53 @@
+2013-06-06 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ * Makefile.am:
+ (.PHONY): Add clean-cryptocheck.
+ (clean-local): Likewise.
+
+2013-06-05 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ * Makefile.am:
+ (check-crypto): Depend on icedtea.stamp.
+ (check-crypto-debug): Depend on icedtea-debug.stamp.
+ (clean-crypto-boot): Depend on icedtea-ecj.stamp.
+
+2013-06-05 Andrew John Hughes <gnu.andrew at member.fsf.org>
+
+ PR1290: Ensure unlimited crypto policy is in place.
+ * Makefile.am:
+ (CRYPTO_CHECK_BUILD_DIR): New variable.
+ (CRYPTO_CHECK_SRCS): Likewise.
+ (EXTRA_DIST): Add crypto check sources.
+ (.PHONY): Add new clean targets.
+ (icedtea-against-icedtea): Depend on check-crypto.
+ (clean-icedtea-against-icedtea): Depend on
+ clean-check-crypto.
+ (icedtea-debug-against-icedtea): Depend on
+ check-crypto-debug.
+ (clean-icedtea-debug-against-icedtea): Depend on
+ clean-check-crypto-debug.
+ (check-crypto): Run the crypto checker on a normal
+ stage 2 build.
+ (clean-check-crypto): Delete the check-crypto stamp.
+ (check-crypto-debug): Run the crypto checker on a
+ debug stage 2 build.
+ (clean-check-crypto-debug): Delete the
+ check-crypto-debug stamp.
+ (icedtea-against-ecj): Depend on
+ check-crypto-boot.
+ (clean-icedtea-against-ecj): Depend on
+ clean-check-crypto-boot.
+ (check-crypto-boot): Run the crypto checker on
+ the stage 1 build.
+ (clean-check-crypto-boot): Delete the
+ check-crypto-boot stamp.
+ (cryptocheck): Build the crypto checker.
+ (clean-cryptocheck): Revert cryptocheck.
+ * NEWS: Updated.
+ * TestCryptoLevel.java:
+ Checks whether the unlimited crypto policy is in
+ place or not.
+
2013-12-09 Andrew John Hughes <gnu.andrew at redhat.com>
* Makefile.am:
diff -r eeeac5962554 -r be0e350adea7 Makefile.am
--- a/Makefile.am Mon Dec 09 22:28:23 2013 +0000
+++ b/Makefile.am Wed Dec 18 14:01:07 2013 +0000
@@ -39,6 +39,7 @@
FONTCONFIG_PATH = openjdk/jdk/src/solaris/classes/sun/awt/fontconfigs
REWRITER_BUILD_DIR = $(abs_top_builddir)/rewriter.build
GENERATED_BUILD_DIR = $(abs_top_builddir)/generated.build
+CRYPTO_CHECK_BUILD_DIR = $(abs_top_builddir)/cryptocheck.build
# Source directories
@@ -258,6 +259,8 @@
# Sources list
REWRITER_SRCS = $(top_srcdir)/rewriter/com/redhat/rewriter/ClassRewriter.java
+CRYPTO_CHECK_SRCS = $(top_srcdir)/TestCryptoLevel.java
+
# Relative path to JTreg tool
JTREG_DIR = src/jtreg
JTREG_SRCS = $(top_srcdir)/$(JTREG_DIR)
@@ -882,7 +885,8 @@
scripts/jni_desc \
rewriter/agpl-3.0.txt \
$(REWRITER_SRCS) \
- $(TAPSET_TEST_SRCS)
+ $(TAPSET_TEST_SRCS) \
+ $(CRYPTO_CHECK_SRCS)
# Top-Level Targets
# =================
@@ -904,7 +908,7 @@
clean-icedtea-against-ecj clean-extract-ecj clean-generated clean-replace-hotspot \
clean-rewriter clean-rewrite-rhino clean-rt clean-bootstrap-directory \
clean-bootstrap-directory-ecj clean-bootstrap-directory-symlink \
- clean-bootstrap-directory-symlink-ecj clean-fonts
+ clean-bootstrap-directory-symlink-ecj clean-fonts clean-cryptocheck
if [ -e bootstrap ]; then \
rmdir bootstrap ; \
fi
@@ -943,7 +947,8 @@
clean-add-tzdata-support clean-add-tzdata-support-debug clean-add-systemtap-ecj \
clean-add-pulseaudio-ecj clean-add-nss-ecj clean-add-tzdata-support-ecj clean-fonts \
clean-download-hotspot clean-tests clean-tapset-report jtregcheck clean-pax-mark-vm \
- clean-pax-mark-vm-debug clean-pax-mark-vm-ecj
+ clean-pax-mark-vm-debug clean-pax-mark-vm-ecj clean-check-crypto clean-check-crypto-debug \
+ clean-check-crypto-boot clean-cryptocheck
env:
@echo 'unset JAVA_HOME'
@@ -1646,27 +1651,28 @@
stamps/icedtea-against-icedtea.stamp: stamps/icedtea.stamp \
stamps/add-jamvm.stamp stamps/add-cacao.stamp stamps/add-zero.stamp \
stamps/add-systemtap.stamp stamps/add-pulseaudio.stamp stamps/add-nss.stamp \
- stamps/add-tzdata-support.stamp stamps/add-archive.stamp stamps/pax-mark-vm.stamp
+ stamps/add-tzdata-support.stamp stamps/add-archive.stamp stamps/pax-mark-vm.stamp \
+ stamps/check-crypto.stamp
mkdir -p stamps
touch stamps/icedtea-against-icedtea.stamp
clean-icedtea-against-icedtea: clean-add-jamvm clean-add-zero clean-add-cacao \
clean-add-systemtap clean-add-pulseaudio clean-add-nss clean-add-tzdata-support \
- clean-add-archive clean-pax-mark-vm
+ clean-add-archive clean-pax-mark-vm clean-check-crypto
rm -f stamps/icedtea-against-icedtea.stamp
stamps/icedtea-debug-against-icedtea.stamp: stamps/icedtea-debug.stamp \
stamps/add-jamvm-debug.stamp stamps/add-cacao-debug.stamp \
stamps/add-zero-debug.stamp stamps/add-systemtap-debug.stamp stamps/add-pulseaudio-debug.stamp \
stamps/add-nss-debug.stamp stamps/add-tzdata-support-debug.stamp stamps/add-archive-debug.stamp \
- stamps/pax-mark-vm-debug.stamp
+ stamps/pax-mark-vm-debug.stamp stamps/check-crypto-debug.stamp
mkdir -p stamps
touch stamps/icedtea-debug-against-icedtea.stamp
clean-icedtea-debug-against-icedtea: clean-add-zero-debug \
clean-add-jamvm-debug clean-add-cacao-debug clean-add-systemtap-debug \
clean-add-pulseaudio-debug clean-add-nss-debug clean-add-tzdata-support-debug \
- clean-add-archive-debug clean-pax-mark-vm-debug
+ clean-add-archive-debug clean-pax-mark-vm-debug clean-check-crypto-debug
rm -f stamps/icedtea-debug-against-icedtea.stamp
stamps/add-systemtap.stamp: stamps/icedtea.stamp
@@ -1958,6 +1964,24 @@
clean-pax-mark-vm-debug:
rm -f stamps/pax-mark-vm-debug.stamp
+stamps/check-crypto.stamp: stamps/cryptocheck.stamp stamps/icedtea.stamp
+ if [ -e $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \
+ $(BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \
+ fi
+ mkdir -p stamps
+ touch $@
+
+clean-check-crypto:
+ rm -f stamps/check-crypto.stamp
+
+stamps/check-crypto-debug.stamp: stamps/cryptocheck.stamp stamps/icedtea-debug.stamp
+ if [ -e $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \
+ $(DEBUG_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \
+ fi
+
+clean-check-crypto-debug:
+ rm -f stamps/check-crypto-debug.stamp
+
# OpenJDK ecj Targets
# ===================
@@ -1979,12 +2003,12 @@
stamps/icedtea-against-ecj.stamp: stamps/icedtea-ecj.stamp stamps/add-systemtap-ecj.stamp \
stamps/add-pulseaudio-ecj.stamp stamps/add-nss-ecj.stamp stamps/add-tzdata-support-ecj.stamp \
- stamps/add-archive-ecj.stamp stamps/pax-mark-vm-ecj.stamp
+ stamps/add-archive-ecj.stamp stamps/pax-mark-vm-ecj.stamp stamps/check-crypto-boot.stamp
mkdir -p stamps
touch stamps/icedtea-against-ecj.stamp
clean-icedtea-against-ecj: clean-add-systemtap-ecj clean-add-pulseaudio-ecj clean-add-nss-ecj \
- clean-add-tzdata-support-ecj clean-add-archive-ecj clean-pax-mark-vm-ecj
+ clean-add-tzdata-support-ecj clean-add-archive-ecj clean-pax-mark-vm-ecj clean-check-crypto-boot
rm -f stamps/icedtea-against-ecj.stamp
stamps/add-systemtap-ecj.stamp: stamps/icedtea-ecj.stamp
@@ -2132,6 +2156,16 @@
clean-pax-mark-vm-ecj:
rm -f stamps/pax-mark-vm-ecj.stamp
+stamps/check-crypto-boot.stamp: stamps/cryptocheck.stamp stamps/icedtea-ecj.stamp
+ if [ -e $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java ] ; then \
+ $(ECJ_BUILD_OUTPUT_DIR)/j2sdk-image/bin/java -cp $(CRYPTO_CHECK_BUILD_DIR) TestCryptoLevel ; \
+ fi
+ mkdir -p stamps
+ touch $@
+
+clean-check-crypto-boot:
+ rm -f stamps/check-crypto-boot.stamp
+
# Rebuild targets
rebuild:
@@ -2720,6 +2754,19 @@
endif
touch stamps/rt.stamp
+# Crypto Level Check
+
+stamps/cryptocheck.stamp: $(INITIAL_BOOTSTRAP_LINK_STAMP)
+ mkdir -p $(CRYPTO_CHECK_BUILD_DIR)
+ $(BOOT_DIR)/bin/javac $(IT_JAVACFLAGS) \
+ -d $(CRYPTO_CHECK_BUILD_DIR) $(CRYPTO_CHECK_SRCS)
+ mkdir -p stamps
+ touch $@
+
+clean-cryptocheck:
+ rm -rf $(CRYPTO_CHECK_BUILD_DIR)
+ rm -f stamps/cryptocheck.stamp
+
# Target Aliases
# ===============
@@ -2739,6 +2786,14 @@
cacao: stamps/cacao.stamp
+check-crypto: stamps/check-crypto.stamp
+
+check-crypto-boot: stamps/check-crypto-boot.stamp
+
+check-crypto-debug: stamps/check-crypto-debug.stamp
+
+cryptocheck: stamps/cryptocheck.stamp
+
nbplatform: stamps/nbplatform.stamp
download: stamps/download.stamp
diff -r eeeac5962554 -r be0e350adea7 NEWS
--- a/NEWS Mon Dec 09 22:28:23 2013 +0000
+++ b/NEWS Wed Dec 18 14:01:07 2013 +0000
@@ -878,6 +878,7 @@
- RH902004: very bad performance with E-Porto Add-In für OpenOffice Writer installed (hs23 only)
- RH991170: java does not use correct kerberos credential cache
- PR1535: Allow use of system Kerberos to obtain cache location
+ - PR1290: Ensure unlimited crypto policy is in place.
* JamVM
- JSR 335: Lambda Expressions
- JEP 171: Implement fence methods in sun.misc.Unsafe
diff -r eeeac5962554 -r be0e350adea7 TestCryptoLevel.java
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/TestCryptoLevel.java Wed Dec 18 14:01:07 2013 +0000
@@ -0,0 +1,78 @@
+/* TestCryptoLevel -- Ensure unlimited crypto policy is in use.
+ Copyright (C) 2012 Red Hat, Inc.
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.lang.reflect.InvocationTargetException;
+
+import java.security.Permission;
+import java.security.PermissionCollection;
+
+public class TestCryptoLevel
+{
+ public static void main(String[] args)
+ throws NoSuchFieldException, ClassNotFoundException,
+ IllegalAccessException, InvocationTargetException
+ {
+ Class<?> cls = null;
+ Method def = null, exempt = null;
+
+ try
+ {
+ cls = Class.forName("javax.crypto.JceSecurity");
+ }
+ catch (ClassNotFoundException ex)
+ {
+ System.err.println("Running a non-Sun JDK.");
+ System.exit(0);
+ }
+ catch (ExceptionInInitializerError err)
+ {
+ System.err.println("Failed to initialise JceSecurity: "
+ + err.getCause().getCause().getMessage());
+ System.exit(-2);
+ }
+ try
+ {
+ def = cls.getDeclaredMethod("getDefaultPolicy");
+ exempt = cls.getDeclaredMethod("getExemptPolicy");
+ }
+ catch (NoSuchMethodException ex)
+ {
+ System.err.println("Running IcedTea with the original crypto patch.");
+ System.exit(0);
+ }
+ def.setAccessible(true);
+ exempt.setAccessible(true);
+ PermissionCollection defPerms = (PermissionCollection) def.invoke(null);
+ PermissionCollection exemptPerms = (PermissionCollection) exempt.invoke(null);
+ Class<?> apCls = Class.forName("javax.crypto.CryptoAllPermission");
+ Field apField = apCls.getDeclaredField("INSTANCE");
+ apField.setAccessible(true);
+ Permission allPerms = (Permission) apField.get(null);
+ if (defPerms.implies(allPerms) && (exemptPerms == null || exemptPerms.implies(allPerms)))
+ {
+ System.err.println("Running with the unlimited policy.");
+ System.exit(0);
+ }
+ else
+ {
+ System.err.println("WARNING: Running with a restricted crypto policy.");
+ System.exit(-1);
+ }
+ }
+}
More information about the distro-pkg-dev
mailing list