RFR 8193255: Root Certificates should be stored in text format and assembled at build time
Erik Joelsson
erik.joelsson at oracle.com
Thu May 30 14:01:30 UTC 2019
Hello Max,
Looking in ToolsJdk.gmk, I realize that the BUILD_TOOLS variable was
renamed back when we unified the repositories and is now called
BUILD_TOOLS_JDK. It seems like I missed updating the references to this
variable in the gendata dir. If you use the new variable name in the
prerequisites list, you get a rebuild. Feel free to update the other
references in make/gendata if you want to.
In my experience, using directories for dependencies in make does not
work well. Since all the files in make/data/cacerts are in a flat
structure, I would recommend expressing the prerequisites as:
$(wildcard $(GENDATA_CACERTS_SRC)/*)
This will not cover the case where a file is removed, but that case is
rarely handled well in make based build systems.
Some minor notes.
The current recommended macro for creating the target directory in a
recipe is $(call MakeTargetDir).
For logical indent (Gendata-java.base.gmk:75 and Copy-java.base.gmk:173)
please use 2 spaces [1].
I also think it would be good with a comment in Copy-java.base.gmk
explaining that CACERTS_FILE is optionally set in configure to override
the default cacerts which is otherwise generated in Gendata-java.base.gmk.
Thanks,
/Erik
[1] http://openjdk.java.net/groups/build/doc/code-conventions.html
On 2019-05-30 06:34, Weijun Wang wrote:
> Since I need to track all added, removed, updated files in that directory, I thought depending on the directory itself is more correct. If I use the FindFiles function, then if some files are removed the cacerts will not be rebuilt.
>
> --Max
>
>> On May 30, 2019, at 9:11 PM, David Holmes <david.holmes at oracle.com> wrote:
>>
>> Hi Max,
>>
>> Not a review :)
>>
>> On 30/05/2019 11:01 pm, Weijun Wang wrote:
>>> Please take a review at
>>> http://cr.openjdk.java.net/~weijun/8193255/webrev.00/
>>> Please pay attention to the 1st 3 and the last 2 files. Others are PEM files for all certs inside the original cacerts.
>>> There is one thing I cannot get correct. If I update the GenerateCacerts.java file and rerun make, the cacerts file is unchanged. I thought the following line
>>> $(GENDATA_CACERTS): $(BUILD_TOOLS) $(GENDATA_CACERTS_SRC)
>>> means when when the tool is changed, GENDATA_CACERTS will be called.
>> I think you have set a dependency on the directory, not the files within it. If you look at make/gensrc/Gensrc-jdk.internal.vm.compiler.gmk for example you'll see this rule:
>>
>> $(GENSRC_DIR)/_gensrc_proc_done: $(PROC_SRCS) $(PROCESSOR_JARS)
>>
>> but PROC_SRCS is defined as
>>
>> PROC_SRCS := $(filter %.java, $(call FindFiles, $(PROC_SRC_DIRS)))
>>
>> which is all the .java files in the src directory.
>>
>> David
>>
>>> Thanks,
>>> Max
More information about the security-dev
mailing list