1 # 2 # Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 3 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 # 5 # This code is free software; you can redistribute it and/or modify it 6 # under the terms of the GNU General Public License version 2 only, as 7 # published by the Free Software Foundation. Oracle designates this 8 # particular file as subject to the "Classpath" exception as provided 9 # by Oracle in the LICENSE file that accompanied this code. 10 # 11 # This code is distributed in the hope that it will be useful, but WITHOUT 12 # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 # FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 # version 2 for more details (a copy is included in the LICENSE file that 15 # accompanied this code). 16 # 17 # You should have received a copy of the GNU General Public License version 18 # 2 along with this work; if not, write to the Free Software Foundation, 19 # Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 # 21 # Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 # or visit www.oracle.com if you need additional information or have any 23 # questions. 24 # 25 26 # 27 # Makefile for building jce.jar and the various cryptographic strength 28 # policy jar files. 29 # 30 31 # 32 # (The terms "OpenJDK" and "JDK" below refer to OpenJDK and Sun JDK builds 33 # respectively.) 34 # 35 # JCE builds are very different between OpenJDK and JDK. The OpenJDK JCE 36 # jar files do not require signing, but those for JDK do. If an unsigned 37 # jar file is installed into JDK, things will break when the crypto 38 # routines are called. 39 # 40 # This Makefile does the "real" build of the JCE files. There are some 41 # javac options currently specific to JCE, so we recompile now to make 42 # sure any implicit compilations didn't use any incorrect flags. 43 # 44 # For OpenJDK, the jar files built here are installed directly into the 45 # OpenJDK. 46 # 47 # For JDK, the binaries use pre-built/pre-signed binary files stored in 48 # the closed workspace that are not shipped in the OpenJDK workspaces. 49 # We still build the JDK files here to verify the files compile, and in 50 # preparation for possible signing. Developers working on JCE in JDK 51 # must sign the JCE files before testing. The JCE signing key is kept 52 # separate from the JDK workspace to prevent its disclosure. 53 # 54 # SPECIAL NOTE TO JCE/JDK developers: The source files must eventually 55 # be built and signed, and the resulting jar files *MUST BE CHECKED INTO 56 # THE CLOSED PART OF THE WORKSPACE*. This separate step *MUST NOT BE 57 # FORGOTTEN*, otherwise a bug fixed in the source code will not be 58 # reflected in the shipped binaries. The "release" target should be 59 # used to generate the required files. 60 # 61 # There are a number of targets to help both JDK/OpenJDK developers. 62 # 63 # Main Targets (JDK/OPENJDK): 64 # 65 # all/clobber/clean The usual. 66 # If OpenJDK: builds/installs the 67 # jce.jar/limited policy files. 68 # If JDK: builds but does not install. 69 # During full tops-down builds, 70 # prebuilt/presigned jce.jar & 71 # limited policy files are copied 72 # in by make/java/redist/Makefile. 73 # If you are working in this directory 74 # and want to install the prebuilts, 75 # use the "install-prebuilt" target. 76 # 77 # jar Builds/installs jce.jar 78 # If OpenJDK, does not sign 79 # If JDK, tries to sign 80 # 81 # Other lesser-used Targets (JDK/OPENJDK): 82 # 83 # build-jar Builds jce.jar (does not sign/install) 84 # 85 # build-policy Builds policy files (does not sign/install) 86 # 87 # install-jar Alias for "jar" above 88 # 89 # install-limited Builds/installs limited policy files 90 # If OpenJDK, does not sign 91 # If JDK, tries to sign 92 # install-unlimited Builds/nstalls unlimited policy files 93 # If OpenJDK, does not sign 94 # If JDK, tries to sign 95 # 96 # Other targets (JDK only): 97 # 98 # sign Alias for sign-jar and sign-policy 99 # sign-jar Builds/signs jce.jar file (no install) 100 # sign-policy Builds/signs policy files (no install) 101 # 102 # release Builds all targets in preparation 103 # for workspace integration. 104 # 105 # install-prebuilt Installs the pre-built jar files 106 # 107 # This makefile was written to support parallel target execution. 108 # 109 110 BUILDDIR = ../.. 111 MODULE = base 112 PACKAGE = javax.crypto 113 PRODUCT = sun 114 115 # 116 # The following is for when we need to do postprocessing 117 # (signing) against a read-only build. If the OUTPUTDIR 118 # isn't writable, the build currently crashes out. 119 # 120 ifndef OPENJDK 121 ifdef ALT_JCE_BUILD_DIR 122 # ===================================================== 123 # Where to place the output, in case we're building from a read-only 124 # build area. (e.g. a release engineering build.) 125 JCE_BUILD_DIR=${ALT_JCE_BUILD_DIR} 126 IGNORE_WRITABLE_OUTPUTDIR_TEST=true 127 else 128 JCE_BUILD_DIR=${TEMPDIR} 129 endif 130 endif 131 132 include $(BUILDDIR)/common/Defs.gmk 133 134 # 135 # Location for the newly built classfiles. 136 # 137 CLASSDESTDIR = $(TEMPDIR)/classes 138 139 # 140 # Subdirectories of these are automatically included. 141 # 142 AUTO_FILES_JAVA_DIRS = \ 143 javax/crypto \ 144 sun/security/internal/interfaces \ 145 sun/security/internal/spec 146 147 include $(BUILDDIR)/common/Classes.gmk 148 149 # 150 # Rules 151 # 152 153 # 154 # Some licensees do not get the security sources, but we still need to 155 # be able to build "all" for them. Check here to see if the sources were 156 # available. If not, then we don't need to continue this rule. 157 # 158 159 ifdef OPENJDK 160 all: build-jar install-jar build-policy install-limited 161 else # OPENJDK 162 ifeq ($(strip $(FILES_java)),) 163 all: 164 $(no-source-warning) 165 else # FILES_java/policy files available 166 all: build-jar build-policy 167 $(build-warning) 168 endif # $(FILES_java)/policy files available 169 endif # OPENJDK 170 171 # 172 # We use a variety of subdirectories in the $(TEMPDIR) depending on what 173 # part of the build we're doing. Both OPENJDK/JDK builds are initially 174 # done in the unsigned area. When files are signed in JDK, they will be 175 # placed in the appropriate areas. 176 # 177 UNSIGNED_DIR = $(TEMPDIR)/unsigned 178 179 include Defs-jce.gmk 180 181 182 # ===================================================== 183 # Build the unsigned jce.jar file. Signing comes later. 184 # 185 186 JAR_DESTFILE = $(LIBDIR)/jce.jar 187 188 # 189 # JCE building is somewhat involved. 190 # 191 # OpenJDK: Since we do not ship prebuilt JCE files, previous compiles 192 # in the build may have needed JCE class signatures. There were then 193 # implicitly built by javac (likely using the boot javac). While using 194 # those class files was fine for signatures, we need to rebuild using 195 # the right compiler. 196 # 197 # JDK: Even through the jce.jar was previously installed, since the 198 # source files are accessible in the source directories, they will 199 # always be "newer" than the prebuilt files inside the jar, and thus 200 # make will always rebuild them. (We could "hide" the JCE source in a 201 # separate directory, but that would make the build logic for JDK and 202 # OpenJDK more complicated.) 203 # 204 # Thus in either situation, we shouldn't use these files. 205 # 206 # To make sure the classes were built with the right compiler options, 207 # delete the existing files in $(CLASSBINDIR), rebuild the right way in a 208 # directory under $(TEMPDIR), then copy the files back to 209 # $(CLASSBINDIR). Building in $(TEMPDIR) allows us to use our make 210 # infrastructure without modification: .classes.list, macros, etc. 211 # 212 213 # 214 # The list of directories that will be remade from scratch, using the 215 # right compilers/options. 216 # 217 DELETE_DIRS = $(patsubst %, $(CLASSBINDIR)/%, $(AUTO_FILES_JAVA_DIRS)) 218 219 # 220 # Since the -C option to jar is used below, each directory entry must be 221 # preceded with the appropriate directory to "cd" into. 222 # 223 JAR_DIRS = $(patsubst %, -C $(CLASSDESTDIR) %, $(AUTO_FILES_JAVA_DIRS)) 224 225 build-jar: $(UNSIGNED_DIR)/jce.jar 226 227 # 228 # Build jce.jar, then replace the previously built JCE files in the 229 # classes directory with these. This ensures we have consistently built 230 # files throughout the workspaces. 231 # 232 $(UNSIGNED_DIR)/jce.jar: prebuild build $(JCE_MANIFEST_FILE) 233 $(prep-target) 234 $(BOOT_JAR_CMD) cmf $(JCE_MANIFEST_FILE) $@ $(JAR_DIRS) \ 235 $(BOOT_JAR_JFLAGS) 236 $(CP) -r $(CLASSDESTDIR)/* $(CLASSBINDIR) 237 @$(java-vm-cleanup) 238 239 build: prebuild 240 241 prebuild: 242 $(RM) -r $(DELETE_DIRS) 243 244 245 # ===================================================== 246 # Build the unsigned policy files. 247 # 248 # Given the current state of world export/import policies, 249 # these settings work for Sun's situation. This note is not 250 # legal guidance, you must still resolve any export/import issues 251 # applicable for your situation. Contact your export/import 252 # counsel for more information. 253 # 254 255 POLICY_DESTDIR = $(LIBDIR)/security 256 UNSIGNED_POLICY_BUILDDIR = $(UNSIGNED_DIR)/policy 257 258 build-policy: unlimited limited 259 260 # 261 # Build the unsigned unlimited policy files. 262 # 263 unlimited: \ 264 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \ 265 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar 266 267 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar: \ 268 policy/unlimited/default_US_export.policy \ 269 policy/unlimited/UNLIMITED 270 $(prep-target) 271 $(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@ \ 272 -C policy/unlimited default_US_export.policy \ 273 $(BOOT_JAR_JFLAGS) 274 @$(java-vm-cleanup) 275 276 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar: \ 277 policy/unlimited/default_local.policy \ 278 policy/unlimited/UNLIMITED 279 $(prep-target) 280 $(BOOT_JAR_CMD) cmf policy/unlimited/UNLIMITED $@ \ 281 -C policy/unlimited default_local.policy \ 282 $(BOOT_JAR_JFLAGS) 283 @$(java-vm-cleanup) 284 285 # 286 # Build the unsigned limited policy files. 287 # 288 # NOTE: We currently do not place restrictions on our limited export 289 # policy. This was not a typo. 290 # 291 limited: \ 292 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \ 293 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar 294 295 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar: \ 296 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar 297 $(install-non-module-file) 298 299 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar: \ 300 policy/limited/default_local.policy \ 301 policy/limited/exempt_local.policy \ 302 policy/limited/LIMITED 303 $(prep-target) 304 $(BOOT_JAR_CMD) cmf policy/limited/LIMITED $@ \ 305 -C policy/limited default_local.policy \ 306 -C policy/limited exempt_local.policy \ 307 $(BOOT_JAR_JFLAGS) 308 @$(java-vm-cleanup) 309 310 UNSIGNED_POLICY_FILES = \ 311 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \ 312 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \ 313 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \ 314 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \ 315 316 317 ifndef OPENJDK 318 # ===================================================== 319 # Sign the various jar files. Not needed for OpenJDK. 320 # 321 322 SIGNED_DIR = $(JCE_BUILD_DIR)/signed 323 SIGNED_POLICY_BUILDDIR = $(SIGNED_DIR)/policy 324 325 SIGNED_POLICY_FILES = \ 326 $(patsubst $(UNSIGNED_POLICY_BUILDDIR)/%,$(SIGNED_POLICY_BUILDDIR)/%, \ 327 $(UNSIGNED_POLICY_FILES)) 328 329 sign: sign-jar sign-policy 330 331 sign-jar: $(SIGNED_DIR)/jce.jar 332 333 sign-policy: $(SIGNED_POLICY_FILES) 334 335 ifndef ALT_JCE_BUILD_DIR 336 $(SIGNED_DIR)/jce.jar: $(UNSIGNED_DIR)/jce.jar 337 else 338 # 339 # We have to remove the build dependency, otherwise, we'll try to rebuild it 340 # which we can't do on a read-only filesystem. 341 # 342 $(SIGNED_DIR)/jce.jar: 343 @if [ ! -r $(UNSIGNED_DIR)/jce.jar ] ; then \ 344 $(ECHO) "Couldn't find $(UNSIGNED_DIR)/jce.jar"; \ 345 exit 1; \ 346 fi 347 endif 348 $(call sign-file, $(UNSIGNED_DIR)/jce.jar) 349 350 $(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar: \ 351 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar 352 $(call sign-file, $<) 353 354 $(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar: \ 355 $(UNSIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar 356 $(call sign-file, $<) 357 358 $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar: \ 359 $(UNSIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar 360 $(call sign-file, $<) 361 362 $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar: \ 363 $(UNSIGNED_POLICY_BUILDDIR)/limited/local_policy.jar 364 $(call sign-file, $<) 365 366 367 # ===================================================== 368 # Create the Release Engineering files. Signed builds, 369 # unlimited policy file distribution, etc. 370 # 371 372 CLOSED_DIR = $(BUILDDIR)/closed/javax/crypto 373 374 release: $(SIGNED_DIR)/jce.jar sign-policy $(CLOSED_DIR)/doc/COPYRIGHT.html \ 375 $(CLOSED_DIR)/doc/README.txt 376 $(RM) -r \ 377 $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy \ 378 $(JCE_BUILD_DIR)/release/jce.jar \ 379 $(JCE_BUILD_DIR)/release/US_export_policy.jar \ 380 $(JCE_BUILD_DIR)/release/local_policy.jar \ 381 $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy.zip 382 $(MKDIR) -p $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy 383 $(CP) $(SIGNED_DIR)/jce.jar $(JCE_BUILD_DIR)/release 384 $(CP) \ 385 $(SIGNED_POLICY_BUILDDIR)/limited/US_export_policy.jar \ 386 $(SIGNED_POLICY_BUILDDIR)/limited/local_policy.jar \ 387 $(JCE_BUILD_DIR)/release 388 $(CP) \ 389 $(SIGNED_POLICY_BUILDDIR)/unlimited/US_export_policy.jar \ 390 $(SIGNED_POLICY_BUILDDIR)/unlimited/local_policy.jar \ 391 $(CLOSED_DIR)/doc/COPYRIGHT.html \ 392 $(CLOSED_DIR)/doc/README.txt \ 393 $(JCE_BUILD_DIR)/release/UnlimitedJCEPolicy 394 cd $(JCE_BUILD_DIR)/release ; \ 395 $(ZIPEXE) -qr UnlimitedJCEPolicy.zip UnlimitedJCEPolicy 396 $(release-warning) 397 398 endif # OPENJDK 399 400 401 # ===================================================== 402 # Install routines. 403 # 404 405 # 406 # Install jce.jar, depending on which type is requested. 407 # 408 install-jar jar: $(JAR_DESTFILE) 409 ifndef OPENJDK 410 $(release-warning) 411 endif 412 413 ifdef OPENJDK 414 $(JAR_DESTFILE): $(UNSIGNED_DIR)/jce.jar 415 else 416 $(JAR_DESTFILE): $(SIGNED_DIR)/jce.jar 417 endif 418 $(install-non-module-file) 419 420 # 421 # Install the appropriate policy file, depending on the type of build. 422 # 423 ifdef OPENJDK 424 INSTALL_POLICYDIR = $(UNSIGNED_POLICY_BUILDDIR) 425 else 426 INSTALL_POLICYDIR = $(SIGNED_POLICY_BUILDDIR) 427 endif 428 429 install-limited-jars: \ 430 $(INSTALL_POLICYDIR)/limited/US_export_policy.jar \ 431 $(INSTALL_POLICYDIR)/limited/local_policy.jar 432 $(MKDIR) -p $(POLICY_DESTDIR) 433 $(RM) \ 434 $(POLICY_DESTDIR)/US_export_policy.jar \ 435 $(POLICY_DESTDIR)/local_policy.jar 436 $(CP) $^ $(POLICY_DESTDIR) 437 438 install-limited: install-limited-jars install-module-files 439 ifndef OPENJDK 440 $(release-warning) 441 endif 442 443 install-unlimited-jars: \ 444 $(INSTALL_POLICYDIR)/unlimited/US_export_policy.jar \ 445 $(INSTALL_POLICYDIR)/unlimited/local_policy.jar 446 $(MKDIR) -p $(POLICY_DESTDIR) 447 $(RM) \ 448 $(POLICY_DESTDIR)/US_export_policy.jar \ 449 $(POLICY_DESTDIR)/local_policy.jar 450 $(CP) $^ $(POLICY_DESTDIR) 451 452 install-unlimited: install-unlimited-jars install-module-files 453 ifndef OPENJDK 454 $(release-warning) 455 endif 456 457 ifndef OPENJDK 458 install-prebuilt-jars: 459 @$(ECHO) "\n>>>Installing prebuilt JCE framework..." 460 $(RM) $(JAR_DESTFILE) \ 461 $(POLICY_DESTDIR)/US_export_policy.jar \ 462 $(POLICY_DESTDIR)/local_policy.jar 463 $(CP) $(PREBUILT_DIR)/jce/jce.jar $(JAR_DESTFILE) 464 $(CP) \ 465 $(PREBUILT_DIR)/jce/US_export_policy.jar \ 466 $(PREBUILT_DIR)/jce/local_policy.jar \ 467 $(POLICY_DESTDIR) 468 469 install-prebuilt: install-prebuilt-jars install-module-files 470 endif 471 472 install-module-files: \ 473 $(POLICY_DESTDIR)/US_export_policy.jar \ 474 $(POLICY_DESTDIR)/local_policy.jar 475 476 $(POLICY_DESTDIR)/%.jar : 477 $(install-module-file) 478 479 # ===================================================== 480 # Support routines. 481 # 482 483 clobber clean:: 484 $(RM) -r $(JAR_DESTFILE) $(POLICY_DESTDIR)/US_export_policy.jar \ 485 $(POLICY_DESTDIR)/local_policy.jar $(DELETE_DIRS) $(TEMPDIR) \ 486 $(JCE_BUILD_DIR) 487 488 .PHONY: build-jar jar build-policy unlimited limited install-jar \ 489 install-limited install-unlimited 490 ifndef OPENJDK 491 .PHONY: sign sign-jar sign-policy release install-prebuilt 492 endif