1 #
2 # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 #
5 # This code is free software; you can redistribute it and/or modify it
6 # under the terms of the GNU General Public License version 2 only, as
7 # published by the Free Software Foundation. Oracle designates this
8 # particular file as subject to the "Classpath" exception as provided
9 # by Oracle in the LICENSE file that accompanied this code.
10 #
11 # This code is distributed in the hope that it will be useful, but WITHOUT
12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 # version 2 for more details (a copy is included in the LICENSE file that
15 # accompanied this code).
16 #
17 # You should have received a copy of the GNU General Public License version
18 # 2 along with this work; if not, write to the Free Software Foundation,
19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 #
21 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 # or visit www.oracle.com if you need additional information or have any
23 # questions.
24 #
25
26 #
27 # Makefile for building jce.jar and the various cryptographic strength
28 # policy jar files.
29 #
30
31 #
32 # (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Sun JDK builds
33 # respectively.)
34 #
35 # JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE
36 # jar files do not require signing, but those for JDK do. If an unsigned
37 # jar file is installed into JDK, things will break when the crypto
38 # routines are called.
39 #
40 # This Makefile does the "real" build of the JCE files. There are some
41 # javac options currently specific to JCE, so we recompile now to make
42 # sure any implicit compilations didn't use any incorrect flags.
43 #
44 # For OpenJDK, the jar files built here are installed directly into the
45 # OpenJDK.
46 #
47 # For JDK, the binaries use pre-built/pre-signed binary files stored in
48 # the closed workspace that are not shipped in the OpenJDK workspaces.
49 # We still build the JDK files here to verify the files compile, and in
50 # preparation for possible signing. Developers working on JCE in JDK
51 # must sign the JCE files before testing. The JCE signing key is kept
52 # separate from the JDK workspace to prevent its disclosure.
53 #
54 # SPECIAL NOTE TO JCE/JDK developers: The source files must eventually
55 # be built and signed, and the resulting jar files *MUST BE CHECKED INTO
56 # THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT BE
57 # FORGOTTEN*, otherwise a bug fixed in the source code will not be
58 # reflected in the shipped binaries. The "release" target should be
59 # used to generate the required files.
60 #
61 # There are a number of targets to help both JDK/OpenJDK developers.
62 #
63 # Main Targets (JDK/OPENJDK):
64 #
65 # all/clobber/clean The usual.
66 # If OpenJDK: builds/installs the
67 # jce.jar/limited policy files.
68 # If JDK: builds but does not install.
69 # During full tops-down builds,
70 # prebuilt/presigned jce.jar &
71 # limited policy files are copied
72 # in by make/java/redist/Makefile.
73 # If you are working in this directory
74 # and want to install the prebuilts,
75 # use the "install-prebuilt" target.
76 #
77 # jar Builds/installs jce.jar
78 # If OpenJDK, does not sign
79 # If JDK, tries to sign
80 #
81 # Other lesser-used Targets (JDK/OPENJDK):
82 #
83 # build-jar Builds jce.jar (does not sign/install)
84 #
85 # build-policy Builds policy files (does not sign/install)
86 #
87 # install-jar Alias for "jar" above
88 #
89 # install-limited Builds/installs limited policy files
90 # If OpenJDK, does not sign
91 # If JDK, tries to sign
92 # install-unlimited Builds/nstalls unlimited policy files
93 # If OpenJDK, does not sign
94 # If JDK, tries to sign
95 #
96 # Other targets (JDK only):
97 #
98 # sign Alias for sign-jar and sign-policy
99 # sign-jar Builds/signs jce.jar file (no install)
100 # sign-policy Builds/signs policy files (no install)
101 #
102 # release Builds all targets in preparation
103 # for workspace integration.
104 #
105 # install-prebuilt Installs the pre-built jar files
106 #
107 # This makefile was written to support parallel target execution.
108 #
109
110 BUILDDIR = ../..
111 MODULE = base
112 PACKAGE = javax.crypto
113 PRODUCT = sun
114
115 #
116 # The following is for when we need to do postprocessing
117 # (signing) against a read-only build. If the OUTPUTDIR
118 # isn't writable, the build currently crashes out.
119 #
120 ifndef OPENJDK
121 ifdef ALT_JCE_BUILD_DIR
122 # =====================================================
123 # Where to place the output, in case we're building from a read-only
124 # build area. (e.g. a release engineering build.)
125 JCE_BUILD_DIR=${ALT_JCE_BUILD_DIR}
126 IGNORE_WRITABLE_OUTPUTDIR_TEST=true
127 else
128 JCE_BUILD_DIR=${TEMPDIR}
129 endif
130 endif
131
132 include $(BUILDDIR)/common/Defs.gmk
133
134 #
135 # Location for the newly built classfiles.
136 #
137 CLASSDESTDIR = $(TEMPDIR)/classes
138
139 #
140 # Subdirectories of these are automatically included.
141 #
142 AUTO_FILES_JAVA_DIRS = \
143 javax/crypto \
144 sun/security/internal/interfaces \
145 sun/security/internal/spec
146
147 include $(BUILDDIR)/common/Classes.gmk
148
149 #
150 # Rules
151 #
152
153 #
154 # Some licensees do not get the security sources, but we still need to
155 # be able to build "all" for them. Check here to see if the sources were
156 # available. If not, then we don't need to continue this rule.
157 #
158
159 ifdef OPENJDK
160 all: build-jar install-jar build-policy install-limited
161 else # OPENJDK
162 ifeq ($(strip $(FILES_java)),)
163 all:
164 $(no-source-warning)
165 else # FILES_java/policy files available
166 all: build-jar build-policy
167 $(build-warning)
168 endif # $(FILES_java)/policy files available
169 endif # OPENJDK
170
171 #
172 # We use a variety of subdirectories in the $(TEMPDIR) depending on what
173 # part of the build we're doing. Both OPENJDK/JDK builds are initially
174 # done in the unsigned area. When files are signed in JDK, they will be
175 # placed in the appropriate areas.
176 #
177 UNSIGNED_DIR = $(TEMPDIR)/unsigned
178
179 include Defs-jce.gmk
180
181
182 # =====================================================
183 # Build the unsigned jce.jar file. Signing comes later.
184 #
185
186 JAR_DESTFILE = $(LIBDIR)/jce.jar
187
188 #
189 # JCE building is somewhat involved.
190 #
191 # OpenJDK: Since we do not ship prebuilt JCE files, previous compiles
192 # in the build may have needed JCE class signatures. There were then
193 # implicitly built by javac (likely using the boot javac). While using
194 # those class files was fine for signatures, we need to rebuild using
195 # the right compiler.
196 #
197 # JDK: Even through the jce.jar was previously installed, since the
198 # source files are accessible in the source directories, they will
199 # always be "newer" than the prebuilt files inside the jar, and thus
200 # make will always rebuild them. (We could "hide" the JCE source in a
201 # separate directory, but that would make the build logic for JDK and
202 # OpenJDK more complicated.)
203 #
204 # Thus in either situation, we shouldn't use these files.
205 #
206 # To make sure the classes were built with the right compiler options,
207 # delete the existing files in $(CLASSBINDIR), rebuild the right way in a
208 # directory under $(TEMPDIR), then copy the files back to
209 # $(CLASSBINDIR). Building in $(TEMPDIR) allows us to use our make
210 # infrastructure without modification: .classes.list, macros, etc.
211 #
212
213 #
214 # The list of directories that will be remade from scratch, using the
215 # right compilers/options.
216 #
217 DELETE_DIRS = $(patsubst %, $(CLASSBINDIR)/%, $(AUTO_FILES_JAVA_DIRS))
218
219 #
220 # Since the -C option to jar is used below, each directory entry must be
221 # preceded with the appropriate directory to "cd" into.
222 #
223 JAR_DIRS = $(patsubst %, -C $(CLASSDESTDIR) %, $(AUTO_FILES_JAVA_DIRS))
224
225 build-jar: $(UNSIGNED_DIR)/jce.jar
226
227 #
228 # Build jce.jar, then replace the previously built JCE files in the
229 # classes directory with these. This ensures we have consistently built
230 # files throughout the workspaces.
231 #
232 $(UNSIGNED_DIR)/jce.jar: prebuild build $(JCE_MANIFEST_FILE)
233 $(prep-target)
234 $(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \
235 $(BOOT_JAR_JFLAGS)
236 $(CP) -r $(CLASSDESTDIR)/* $(CLASSBINDIR)
237 @$(java-vm-cleanup)
238
239 build: prebuild
240
241 prebuild:
242 $(RM) -r $(DELETE_DIRS)
243
244
245 # =====================================================
246 # Build the unsigned policy files.
247 #
248 # Given the current state of world export/import policies,
249 # these settings work for Sun's situation. This note is not
250 # legal guidance, you must still resolve any export/import issues
251 # applicable for your situation. Contact your export/import
252 # counsel for more information.
253 #
254
255 POLICY_DESTDIR = $(LIBDIR)/security
256 UNSIGNED_POLICY_BUILDDIR = $(UNSIGNED_DIR)/policy
257
258 build-policy: unlimited limited
259
260 #
261 # Build the unsigned unlimited policy files.
262 #
263 unlimited: \
264 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \
265 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar
266
267 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar: \
268 policy/unlimited/default_US_export.policy \
269 policy/unlimited/UNLIMITED
270 $(prep-target)
271 $(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@ \
272 -C policy/unlimited default_US_export.policy \
273 $(BOOT_JAR_JFLAGS)
274 @$(java-vm-cleanup)
275
276 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar: \
277 policy/unlimited/default_local.policy \
278 policy/unlimited/UNLIMITED
279 $(prep-target)
280 $(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@ \
281 -C policy/unlimited default_local.policy \
282 $(BOOT_JAR_JFLAGS)
283 @$(java-vm-cleanup)
284
285 #
286 # Build the unsigned limited policy files.
287 #
288 # NOTE: We currently do not place restrictions on our limited export
289 # policy. This was not a typo.
290 #
291 limited: \
292 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \
293 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar
294
295 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar: \
296 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar
297 $(install-non-module-file)
298
299 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar: \
300 policy/limited/default_local.policy \
301 policy/limited/exempt_local.policy \
302 policy/limited/LIMITED
303 $(prep-target)
304 $(BOOT_JAR_CMD) cmf policy/limited/LIMITED $@ \
305 -C policy/limited default_local.policy \
306 -C policy/limited exempt_local.policy \
307 $(BOOT_JAR_JFLAGS)
308 @$(java-vm-cleanup)
309
310 UNSIGNED_POLICY_FILES = \
311 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \
312 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \
313 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \
314 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \
315
316
317 ifndef OPENJDK
318 # =====================================================
319 # Sign the various jar files. Not needed for OpenJDK.
320 #
321
322 SIGNED_DIR = $(JCE_BUILD_DIR)/signed
323 SIGNED_POLICY_BUILDDIR = $(SIGNED_DIR)/policy
324
325 SIGNED_POLICY_FILES = \
326 $(patsubst $(UNSIGNED_POLICY_BUILDDIR)/%,$(SIGNED_POLICY_BUILDDIR)/%, \
327 $(UNSIGNED_POLICY_FILES))
328
329 sign: sign-jar sign-policy
330
331 sign-jar: $(SIGNED_DIR)/jce.jar
332
333 sign-policy: $(SIGNED_POLICY_FILES)
334
335 ifndef ALT_JCE_BUILD_DIR
336 $(SIGNED_DIR)/jce.jar: $(UNSIGNED_DIR)/jce.jar
337 else
338 #
339 # We have to remove the build dependency, otherwise, we'll try to rebuild it
340 # which we can't do on a read-only filesystem.
341 #
342 $(SIGNED_DIR)/jce.jar:
343 @if [ ! -r $(UNSIGNED_DIR)/jce.jar ] ; then \
344 $(ECHO) "Couldn't find $(UNSIGNED_DIR)/jce.jar"; \
345 exit 1; \
346 fi
347 endif
348 $(call sign-file, $(UNSIGNED_DIR)/jce.jar)
349
350 $(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar: \
351 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar
352 $(call sign-file, $<)
353
354 $(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar: \
355 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar
356 $(call sign-file, $<)
357
358 $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar: \
359 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar
360 $(call sign-file, $<)
361
362 $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar: \
363 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar
364 $(call sign-file, $<)
365
366
367 # =====================================================
368 # Create the Release Engineering files. Signed builds,
369 # unlimited policy file distribution, etc.
370 #
371
372 CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto
373
374 release: $(SIGNED_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \
375 $(CLOSED_DIR)/doc/README.txt
376 $(RM) -r \
377 $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy \
378 $(JCE_BUILD_DIR)/release/jce.jar \
379 $(JCE_BUILD_DIR)/release/US_export_policy.jar \
380 $(JCE_BUILD_DIR)/release/local_policy.jar \
381 $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip
382 $(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy
383 $(CP) $(SIGNED_DIR)/jce.jar $(JCE_BUILD_DIR)/release
384 $(CP) \
385 $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \
386 $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \
387 $(JCE_BUILD_DIR)/release
388 $(CP) \
389 $(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \
390 $(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \
391 $(CLOSED_DIR)/doc/COPYRIGHT.html \
392 $(CLOSED_DIR)/doc/README.txt \
393 $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy
394 cd $(JCE_BUILD_DIR)/release ; \
395 $(ZIPEXE) -qr UnlimitedJCEPolicy.zip UnlimitedJCEPolicy
396 $(release-warning)
397
398 endif # OPENJDK
399
400
401 # =====================================================
402 # Install routines.
403 #
404
405 #
406 # Install jce.jar, depending on which type is requested.
407 #
408 install-jar jar: $(JAR_DESTFILE)
409 ifndef OPENJDK
410 $(release-warning)
411 endif
412
413 ifdef OPENJDK
414 $(JAR_DESTFILE): $(UNSIGNED_DIR)/jce.jar
415 else
416 $(JAR_DESTFILE): $(SIGNED_DIR)/jce.jar
417 endif
418 $(install-non-module-file)
419
420 #
421 # Install the appropriate policy file, depending on the type of build.
422 #
423 ifdef OPENJDK
424 INSTALL_POLICYDIR = $(UNSIGNED_POLICY_BUILDDIR)
425 else
426 INSTALL_POLICYDIR = $(SIGNED_POLICY_BUILDDIR)
427 endif
428
429 install-limited-jars: \
430 $(INSTALL_POLICYDIR)/limited/US_export_policy.jar \
431 $(INSTALL_POLICYDIR)/limited/local_policy.jar
432 $(MKDIR) -p $(POLICY_DESTDIR)
433 $(RM) \
434 $(POLICY_DESTDIR)/US_export_policy.jar \
435 $(POLICY_DESTDIR)/local_policy.jar
436 $(CP) $^ $(POLICY_DESTDIR)
437
438 install-limited: install-limited-jars install-module-files
439 ifndef OPENJDK
440 $(release-warning)
441 endif
442
443 install-unlimited-jars: \
444 $(INSTALL_POLICYDIR)/unlimited/US_export_policy.jar \
445 $(INSTALL_POLICYDIR)/unlimited/local_policy.jar
446 $(MKDIR) -p $(POLICY_DESTDIR)
447 $(RM) \
448 $(POLICY_DESTDIR)/US_export_policy.jar \
449 $(POLICY_DESTDIR)/local_policy.jar
450 $(CP) $^ $(POLICY_DESTDIR)
451
452 install-unlimited: install-unlimited-jars install-module-files
453 ifndef OPENJDK
454 $(release-warning)
455 endif
456
457 ifndef OPENJDK
458 install-prebuilt-jars:
459 @$(ECHO) "\n>>>Installing prebuilt JCE framework..."
460 $(RM) $(JAR_DESTFILE) \
461 $(POLICY_DESTDIR)/US_export_policy.jar \
462 $(POLICY_DESTDIR)/local_policy.jar
463 $(CP) $(PREBUILT_DIR)/jce/jce.jar $(JAR_DESTFILE)
464 $(CP) \
465 $(PREBUILT_DIR)/jce/US_export_policy.jar \
466 $(PREBUILT_DIR)/jce/local_policy.jar \
467 $(POLICY_DESTDIR)
468
469 install-prebuilt: install-prebuilt-jars install-module-files
470 endif
471
472 install-module-files: \
473 $(POLICY_DESTDIR)/US_export_policy.jar \
474 $(POLICY_DESTDIR)/local_policy.jar
475
476 $(POLICY_DESTDIR)/%.jar :
477 $(install-module-file)
478
479 # =====================================================
480 # Support routines.
481 #
482
483 clobber clean::
484 $(RM) -r $(JAR_DESTFILE) $(POLICY_DESTDIR)/US_export_policy.jar \
485 $(POLICY_DESTDIR)/local_policy.jar $(DELETE_DIRS) $(TEMPDIR) \
486 $(JCE_BUILD_DIR)
487
488 .PHONY: build-jar jar build-policy unlimited limited install-jar \
489 install-limited install-unlimited
490 ifndef OPENJDK
491 .PHONY: sign sign-jar sign-policy release install-prebuilt
492 endif