Skip to content

Commit

Permalink
FL-3824: security update to oracle's javas
Browse files Browse the repository at this point in the history
  • Loading branch information
Oleg Vinichenko committed Jun 10, 2017
1 parent 982e1f3 commit bd309b1
Show file tree
Hide file tree
Showing 4 changed files with 498 additions and 0 deletions.
4 changes: 4 additions & 0 deletions dev-java/oracle-jdk-bin/Manifest
View file
Expand Up @@ -12,3 +12,7 @@ DIST jdk-8u121-linux-arm32-vfp-hflt.tar.gz 81645826 SHA256 134c73db663b1fb0f3d77
DIST jdk-8u121-linux-arm64-vfp-hflt.tar.gz 78462931 SHA256 acd84c59aa0c3fa8cfb2e3c51bbd9ebf979b4ed9b5f15b343821c31af2ce3573 SHA512 a1b0469ed6ad51f2d07f2dfad1ed0c2966661b987b819d4321b4c9b6de5f1aa35e02dd2653abb9ef0fcfa33db4820a67d679a3ff8668ca116b26012e19756ed8 WHIRLPOOL cc3f84f377178024d1ef469a8a089a8d00395760ac79899cc7f60593ec4177d9fa22781de0cdf695f3f20a65762ef9c57ee6024cb66b803ad9833fea2a1857a4
DIST jdk-8u121-linux-i586.tar.gz 185735871 SHA256 f7d6cf1468c5e71ff097bec0189caccdd8e709a2a88a2c9849ad6200c0f33d4c SHA512 d900343912034a6d454ce8ca2dc5767551c6d14ed96b1297bcab817a73b43775f449b29f2c97cc7e7821543388eefc0d5d5fa130187e0a73813812e87c8e30e5 WHIRLPOOL 6af71bf8d5e7df8c82a6afd8a400d9ba76bdc19c73f3f71abf30cf85e8ec2ab3707f961de64d9b7a0b77940aab6093e39df34331529937cf47030980d8cb8a2e
DIST jdk-8u121-linux-x64.tar.gz 183246769 SHA256 97e30203f1aef324a07c94d9d078f5d19bb6c50e638e4492722debca588210bc SHA512 df5d90a87fff6f71246aab1e63412a0b8d50207784da939fdb09ab547a469d121c6c74a7849628fb4d4f3596658eef31fad4026598862f1a5637a15b37b44648 WHIRLPOOL bce31c3b12fe5ec820d8d7e3af6786365bd3830e92d51669bac314f8be866d2f9827fb2b9753fc62feaf574149d23b97a81ead8f8dae2f0dfea6fd98fb9bbbef
DIST jdk-8u131-linux-arm32-vfp-hflt.tar.gz 81648626 SHA256 4d2677261715e9f0e44972517cf22ae40c69ad4dd1e4c34c88127462b13d4949 SHA512 6b3b7ebd0429baf77c31a883be683b664c35172147c782b955c2e7172454386317388fa9096d9b36796b294bef074b7e5e634b318fdcae0c72597cc218fc1cd0 WHIRLPOOL 303d3efcfaf1ebec808ede7b7cf0167953e5b5512b41862711a8da35d0168852ff8ba9994ccf13a59c0c9a723b1e66102263b3b2fada8f44710e16e25d4419b2
DIST jdk-8u131-linux-arm64-vfp-hflt.tar.gz 78446325 SHA256 8f1d59e35cbea789219f9908d666027ab9015abd8f43999d28d21b43d84c77c2 SHA512 e24671cfded186800eec63c1e92901d2d8348f528c31f5878d28e03b936912ada05f8789a98cbe41cd3f8206a52b1c693175e7cfd421a65048924ae6908805f7 WHIRLPOOL 99b9e5f5928817353f671aa10719e1f379876cf6662a3f496f6621bc16575626270c1034636ac5dac4cb5a44e58aba8d958d1bd80118c51d62b729a7f5329b16
DIST jdk-8u131-linux-i586.tar.gz 188105480 SHA256 0069a2b1b1cddbefa45f1ff12933fca3b114b6544d536ec0e2d4861a830d7154 SHA512 5f5428ad9a0bcd20533cafc7c28bd260064da2f00719c3b5dc4a970771ffae11b1b9a18bfef39476c448d63d3efb829641a6c22ffb8faa3bbb7b5b3670487d80 WHIRLPOOL 48c0846ae8ccb4f945fcd7c2ee9235054b4e5899fe4e2359a9d26f407ca2c487d94639f3352f3cce616c073602071d3246bf7a0a18e73179a9c24a3e785c209a
DIST jdk-8u131-linux-x64.tar.gz 185540433 SHA256 62b215bdfb48bace523723cdbb2157c665e6a25429c73828a32f00e587301236 SHA512 92c90f19f0184dfd78ac2b98d8ba0cbddcac3b9fb318ca9eeb6f8c1ce62b5b286cae836edb04689ec62fc9ad6ebbfc0c48d0b107b716c24afe44a3ba41fb66f4 WHIRLPOOL b1df7fa8f678858cb5cd746902042c5aaf079847db290a801cd67fb7f51d53afefa3c1e79c49c089a6cddb91a867cce40d0e554ec08546f492a88c9e1c3f7c3c
288 changes: 288 additions & 0 deletions dev-java/oracle-jdk-bin/oracle-jdk-bin-1.8.0.131.ebuild
View file
@@ -0,0 +1,288 @@
# Distributed under the terms of the GNU General Public License v2

EAPI="5"

inherit eutils java-vm-2 prefix versionator

if [[ "$(get_version_component_range 4)" == 0 ]] ; then
S_PV="$(get_version_component_range 1-3)"
else
MY_PV_EXT="u$(get_version_component_range 4)"
S_PV="$(get_version_component_range 1-4)"
fi

MY_PV="$(get_version_component_range 2)${MY_PV_EXT}"

AT_amd64="jdk-${MY_PV}-linux-x64.tar.gz"
AT_arm="jdk-${MY_PV}-linux-arm-vfp-hflt.tar.gz"
AT_arm="jdk-${MY_PV}-linux-arm32-vfp-hflt.tar.gz"
AT_arm64="jdk-${MY_PV}-linux-arm64-vfp-hflt.tar.gz"
AT_x86="jdk-${MY_PV}-linux-i586.tar.gz"

DEMOS_amd64="jdk-${MY_PV}-linux-x64-demos.tar.gz"
DEMOS_arm="jdk-${MY_PV}-linux-arm-vfp-hflt-demos.tar.gz"
DEMOS_arm="jdk-${MY_PV}-linux-arm32-vfp-hflt-demos.tar.gz"
DEMOS_arm64="jdk-${MY_PV}-linux-arm64-vfp-hflt-demos.tar.gz"
DEMOS_x86="jdk-${MY_PV}-linux-i586-demos.tar.gz"

JCE_DIR="UnlimitedJCEPolicyJDK8"
JCE_FILE="${JCE_DIR}.zip"

DESCRIPTION="Oracle's Java SE Development Kit"
HOMEPAGE="http://www.oracle.com/technetwork/java/javase/"
MIR_URI="mirror://funtoo/oracle-java"
SRC_URI="
amd64? ( ${MIR_URI}/${AT_amd64} )
arm? ( ${MIR_URI}/${AT_arm} )
arm64? ( ${MIR_URI}/${AT_arm64} )
x86? ( ${MIR_URI}/${AT_x86} )
jce? ( ${MIR_URI}/${JCE_FILE} )"

LICENSE="Oracle-BCLA-JavaSE examples? ( BSD )"
SLOT="1.8"
KEYWORDS="*"
IUSE="alsa +awt commercial cups derby doc examples +fontconfig javafx jce nsplugin pax_kernel selinux source"
REQUIRED_USE="javafx? ( alsa fontconfig )"

RESTRICT="mirror preserve-libs strip"
QA_PREBUILT="*"

RDEPEND="!x64-macos? (
awt? (
x11-libs/libX11
x11-libs/libXext
x11-libs/libXi
x11-libs/libXrender
x11-libs/libXtst
)
javafx? (
dev-libs/glib:2
dev-libs/libxml2:2
dev-libs/libxslt
media-libs/freetype:2
x11-libs/cairo
x11-libs/gtk+:2
x11-libs/libX11
x11-libs/libXtst
x11-libs/libXxf86vm
x11-libs/pango
virtual/opengl
)
)
alsa? ( media-libs/alsa-lib )
cups? ( net-print/cups )
doc? ( dev-java/java-sdk-docs:${SLOT} )
fontconfig? ( media-libs/fontconfig:1.0 )
!prefix? ( sys-libs/glibc:* )
selinux? ( sec-policy/selinux-java )"

# A PaX header isn't created by scanelf so depend on paxctl to avoid
# fallback marking. See bug #427642.
DEPEND="app-arch/zip
jce? ( app-arch/unzip )
examples? ( x64-macos? ( app-arch/unzip ) )
pax_kernel? ( sys-apps/paxctl )"

S="${WORKDIR}/jdk"

src_unpack() {
if use arm ; then
# Special case for ARM soft VS hard float.
if [[ ${CHOST} == *-hardfloat-* ]] ; then
unpack $AT_arm
#else
#unpack jdk-${MY_PV}-linux-arm-vfp-sflt.tar.gz
fi
use jce && unpack ${JCE_FILE}
else
default
fi

# Upstream is changing their versioning scheme every release around 1.8.0.*;
# to stop having to change it over and over again, just wildcard match and
# live a happy life instead of trying to get this new jdk1.8.0_05 to work.
mv "${WORKDIR}"/jdk* "${S}" || die
}

src_prepare() {
if use jce ; then
mv "${WORKDIR}"/${JCE_DIR} jre/lib/security/ || die
fi

if [[ -n ${JAVA_PKG_STRICT} ]] ; then
# Mark this binary early to run it now
pax-mark m ./bin/javap

eqawarn "Ensure that this only calls trackJavaUsage(). If not, see bug #559936."
eqawarn
eqawarn "$(./bin/javap -J-Duser.home=${T} -c sun.misc.PostVMInitHook || die)"
fi

# Remove the hook that calls Oracle's evil usage tracker. Not just
# because it's evil but because it breaks the sandbox during builds
# and we can't find any other feasible way to disable it or make it
# write somewhere else. See bug #559936 for details.
zip -d jre/lib/rt.jar sun/misc/PostVMInitHook.class || die
}

src_install() {
local dest="/opt/${P}"
local ddest="${ED}${dest#/}"

# Create files used as storage for system preferences.
mkdir jre/.systemPrefs || die
touch jre/.systemPrefs/.system.lock || die
touch jre/.systemPrefs/.systemRootModFile || die

if ! use alsa ; then
rm -vf jre/lib/*/libjsoundalsa.* || die
fi

if ! use commercial; then
rm -vfr lib/missioncontrol jre/lib/jfr* || die
fi

if ! use awt ; then
rm -vf lib/*/lib*{[jx]awt,splashscreen}* \
bin/{javaws,policytool} || die
fi

if ! use javafx ; then
rm -vf jre/lib/*/lib*{decora,fx,glass,prism}* \
jre/lib/*/libgstreamer-lite.* {,jre/}lib/{,ext/}*fx* \
bin/*javafx* bin/javapackager || die
fi

if ! use nsplugin ; then
rm -vf jre/lib/*/libnpjp2.* || die
else
local nsplugin=$(echo jre/lib/*/libnpjp2.*)
fi

# Even though plugins linked against multiple ffmpeg versions are
# provided, they generally lag behind what Gentoo has available.
rm -vf jre/lib/*/libavplugin* || die

# We package this as dev-util/visualvm.
rm -vfr lib/visualvm || die

dodoc COPYRIGHT
dodir "${dest}"
cp -pPR bin include jre lib man "${ddest}" || die

if use derby ; then
cp -pPR db "${ddest}" || die
fi

if use examples && has ${ARCH} "${DEMOS_AVAILABLE[@]}" ; then
cp -pPR demo sample "${ddest}" || die
fi

if use jce ; then
dodir "${dest}"/jre/lib/security/strong-jce
mv "${ddest}"/jre/lib/security/US_export_policy.jar \
"${ddest}"/jre/lib/security/strong-jce || die
mv "${ddest}"/jre/lib/security/local_policy.jar \
"${ddest}"/jre/lib/security/strong-jce || die
dosym "${dest}"/jre/lib/security/${JCE_DIR}/US_export_policy.jar \
"${dest}"/jre/lib/security/US_export_policy.jar
dosym "${dest}"/jre/lib/security/${JCE_DIR}/local_policy.jar \
"${dest}"/jre/lib/security/local_policy.jar
fi

if use nsplugin ; then
local nsplugin_link=${nsplugin##*/}
nsplugin_link=${nsplugin_link/./-${PN}-${SLOT}.}
dosym "${dest}/${nsplugin}" "/usr/$(get_libdir)/nsbrowser/plugins/${nsplugin_link}"
fi

if use source ; then
cp -v src.zip "${ddest}" || die

if use javafx ; then
cp -v javafx-src.zip "${ddest}" || die
fi
fi

if [[ -d jre/lib/desktop ]] ; then
# Install desktop file for the Java Control Panel.
# Using ${PN}-${SLOT} to prevent file collision with jre and or
# other slots. make_desktop_entry can't be used as ${P} would
# end up in filename.
newicon jre/lib/desktop/icons/hicolor/48x48/apps/sun-jcontrol.png \
sun-jcontrol-${PN}-${SLOT}.png || die
sed -e "s#Name=.*#Name=Java Control Panel for Oracle JDK ${SLOT}#" \
-e "s#Exec=.*#Exec=/opt/${P}/jre/bin/jcontrol#" \
-e "s#Icon=.*#Icon=sun-jcontrol-${PN}-${SLOT}#" \
-e "s#Application;##" \
-e "/Encoding/d" \
jre/lib/desktop/applications/sun_java.desktop \
> "${T}"/jcontrol-${PN}-${SLOT}.desktop || die
domenu "${T}"/jcontrol-${PN}-${SLOT}.desktop
fi

# Prune all fontconfig files so libfontconfig will be used and only install
# a Gentoo specific one if fontconfig is disabled.
# http://docs.oracle.com/javase/8/docs/technotes/guides/intl/fontconfig.html
rm "${ddest}"/jre/lib/fontconfig.* || die
if ! use fontconfig ; then
cp "${FILESDIR}"/fontconfig.Gentoo.properties "${T}"/fontconfig.properties || die
eprefixify "${T}"/fontconfig.properties
insinto "${dest}"/jre/lib/
doins "${T}"/fontconfig.properties
fi

# This needs to be done before CDS - #215225
java-vm_set-pax-markings "${ddest}"

# see bug #207282
einfo "Creating the Class Data Sharing archives"
case ${ARCH} in
arm|ia64)
${ddest}/bin/java -client -Xshare:dump || die
;;
x86)
${ddest}/bin/java -client -Xshare:dump || die
# limit heap size for large memory on x86 #467518
# this is a workaround and shouldn't be needed.
${ddest}/bin/java -server -Xms64m -Xmx64m -Xshare:dump || die
;;
*)
${ddest}/bin/java -server -Xshare:dump || die
;;
esac

# Remove empty dirs we might have copied.
find "${D}" -type d -empty -exec rmdir -v {} + || die

if use x64-macos ; then
# Fix miscellaneous install_name issues.
pushd "${ddest}"/jre/lib > /dev/null || die
local lib needed nlib npath
for lib in decora_sse glass prism_{common,es2,sw} ; do
lib=lib${lib}.dylib
einfo "Fixing self-reference of ${lib}"
install_name_tool \
-id "${EPREFIX}${dest}/jre/lib/${lib}" \
"${lib}"
done
popd > /dev/null

# This is still jdk1{5,6}, even on Java 8, so don't change it
# until you know different.
for nlib in jdk1{5,6} ; do
install_name_tool -change \
/usr/lib/libgcc_s_ppc64.1.dylib \
/usr/lib/libSystem.B.dylib \
"${ddest}"/lib/visualvm/profiler/lib/deployed/${nlib}/mac/libprofilerinterface.jnilib
install_name_tool -id \
"${EPREFIX}${dest}"/lib/visualvm/profiler/lib/deployed/${nlib}/mac/libprofilerinterface.jnilib \
"${ddest}"/lib/visualvm/profiler/lib/deployed/${nlib}/mac/libprofilerinterface.jnilib
done
fi

set_java_env
java-vm_revdep-mask
java-vm_install-env "${FILESDIR}"/${PN}.env.sh
java-vm_sandbox-predict /dev/random /proc/self/coredump_filter
}
2 changes: 2 additions & 0 deletions dev-java/oracle-jre-bin/Manifest
View file
Expand Up @@ -6,3 +6,5 @@ DIST jre-8u112-linux-i586.tar.gz 76262744 SHA256 b314d73ddd80e7d0665fb85853d2d69
DIST jre-8u112-linux-x64.tar.gz 73653824 SHA256 94053c6aa4d672b728c7788fb7d2676e5c6d7e7fcdbc1c86beaa796a083b4e5b SHA512 01dc42552b58d1560fc7236aa53f94c785b238573305d563c73068f564203560fb1db93e7f40815ebb2ce2bab3ed47517ea16882d976730342bdd8290cef55a5 WHIRLPOOL 6dd53b97dca5df8d79ba9203671158f161c5d40f0f061a26c38946a878fa1eeb51be5f996d0231ea298828d055644615dbfa79dd4621c5db2afa4955f05f921b
DIST jre-8u121-linux-i586.tar.gz 76293286 SHA256 1b28662780c98b3233e8dacaa07c505a70c53463d3b00720baa59f955ab1e1bb SHA512 375003c2fec68deed36cf10a2e225044d6c85035d1d756110cb07ffa526d63bee7573b2db7568fb84c6dfdee101da82bedd7785548da812241e4e0234e99a5bb WHIRLPOOL 6f4665e448f59a4d1f432bfc974d9d626400b7932ec7f3f8edba29041354386d399306c685240194749d7a6d0364153143704768c4f205fb02ba44de3db92ba7
DIST jre-8u121-linux-x64.tar.gz 73676107 SHA256 30bf5fbac0cfbc9201cac1d6973dbc96e5f55043ab315eda8c7aeb23df4f2644 SHA512 85ed3820b1461bf8c1b83259962f9e7c3f72d694f446d3e5852c416eeeb9905897a9a3b5eaded9a8d617c9c43848635b2ff7b520021b666fd87f39837e4ff54b WHIRLPOOL f2bdfe315dc9a7a15bd4e73dd774fd31c1c02bb3d5a24d2829cc51d9aed3b75993c9429e211ee4d204606cf6105015aac30c0e408e3558b24d6d3f4f229b9b7e
DIST jre-8u131-linux-i586.tar.gz 78620957 SHA256 a773f2fe17061ef637ed2094b06313a99c0b45ba3d3cb7f8f1ebf18448495aeb SHA512 37508f39c62232953a479794073d8360f41182f2d3ea9fc4356442fb7b517466af944e00d10ed4b65cd12eff7e1de2d860b98bfb6c428bc0ee9e14bcf15b60c5 WHIRLPOOL 91f1e9caafbba0f700c43868409cd9eb5b94f4b9c00313b5df39d38168d127070cb9fc6ab22a76931a8c2504161444b4d43c860667064a41277e77181c4b16d1
DIST jre-8u131-linux-x64.tar.gz 75920010 SHA256 355e5cdb066d4cada1f9f16f358b6fa6280ff5caf7470cf0d5cdd43083408d35 SHA512 26e6515f8e8b4d1d72337e347810d57fcc99284c18260d9ebd67441c19b9f1f73a9570f58a103477f2642e880a79d6579a5e40d75d06e2f4a92a6d3e07ba59db WHIRLPOOL 9cccc44679ddf103c15d6d6797c97d40ccc3abc63f5b05f78c79650be92cfa5dec8c2c567c456556b6f2f6d9ec23fbfbdf2a936ff569ac1bf7e50ce74f57bcef

0 comments on commit bd309b1

Please sign in to comment.