diff options
Diffstat (limited to 'community/openjdk11/APKBUILD')
-rw-r--r-- | community/openjdk11/APKBUILD | 393 |
1 files changed, 273 insertions, 120 deletions
diff --git a/community/openjdk11/APKBUILD b/community/openjdk11/APKBUILD index 1a009368ab4..1786398b97a 100644 --- a/community/openjdk11/APKBUILD +++ b/community/openjdk11/APKBUILD @@ -1,62 +1,59 @@ # Contributor: Simon Frankenberger <simon-alpine@fraho.eu> # Maintainer: Simon Frankenberger <simon-alpine@fraho.eu> pkgname=openjdk11 -pkgver=11.0.5_p10 -_pkgver=${pkgver/_p/+} +pkgver=11.0.23_p9 +_pkgver=${pkgver%_p*}-ga pkgrel=0 pkgdesc="Oracle OpenJDK 11" -url="https://hg.openjdk.java.net/jdk-updates/jdk11u" -arch="all !x86 !armhf !armv7" # openjdk10 is not yet available on 32 bit arches -license="GPL-2.0 with Classpath" -makedepends="autoconf -bash -gawk -grep -make -openjdk10-jdk -zip -alsa-lib-dev -cups-dev -elfutils-dev -fontconfig-dev -freetype-dev -giflib-dev -lcms2-dev -libexecinfo-dev -libffi-dev -libjpeg-turbo-dev -libx11-dev -libxext-dev -libxrandr-dev -libxrender-dev -libxt-dev -libxtst-dev -linux-headers -zlib-dev" -depends="$pkgname-jmods $pkgname-demos $pkgname-doc $pkgname-jdk" # for the virtual openjdk11 package +provider_priority=11 +url="https://github.com/openjdk/jdk11u" +# oracle dropped support for 32 bit +# riscv64 blocked by openjdk10 +arch="all !x86 !armhf !armv7 !riscv64" +license="GPL-2.0-with-classpath-exception" +makedepends=" + $pkgname-bootstrap + autoconf + bash + gawk + grep + make + zip + alsa-lib-dev + cups-dev + elfutils-dev + fontconfig-dev + freetype-dev + giflib-dev + lcms2-dev + libffi-dev + libjpeg-turbo-dev + libx11-dev + libxext-dev + libxrandr-dev + libxrender-dev + libxt-dev + libxtst-dev + linux-headers + zlib-dev + " +depends="$pkgname-jdk $pkgname-demos $pkgname-doc" # for the virtual openjdk11 package subpackages="$pkgname-jmods:_jmods:noarch -$pkgname-demos:_demos:noarch -$pkgname-doc:_doc:noarch -$pkgname-dbg:_dbg -$pkgname-jre:_jre -$pkgname-src:_src:noarch -$pkgname-jre-headless:_jre_headless -$pkgname-jdk:_jdk" -source="jdk-$_pkgver.tar.bz2::http://hg.openjdk.java.net/jdk-updates/jdk11u/archive/jdk-$_pkgver.tar.bz2 - -build.patch -aarch64.patch -arm.patch -ppc64le.patch -x86.patch - -HelloWorld.java -TestECDSA.java -TestCryptoLevel.java -Alpine_Bug_10126.java + $pkgname-demos:_demos:noarch + $pkgname-doc:_doc:noarch + $pkgname-jre:_jre + $pkgname-src:_src:noarch + $pkgname-jre-headless:_jre_headless + $pkgname-jdk:_jdk" +source="jdk-$_pkgver.tar.gz::https://github.com/openjdk/jdk11u/archive/jdk-$_pkgver.tar.gz + lfs64.patch + ppc64le.patch + JDK-8267908.patch " builddir="$srcdir/jdk11u-jdk-$_pkgver" +provides="$pkgname-bootstrap=$pkgver-r$pkgrel" + _java_home="/usr/lib/jvm/java-11-openjdk" ldpath="$_java_home/lib:$_java_home/lib/jli:$_java_home/lib/server" @@ -64,19 +61,182 @@ sonameprefix="$pkgname:" # enable running the JTReg tests in check? # see comment in that function for explanation -_run_jtreg=0 +_run_jtreg=${_run_jtreg:-0} if [ $_run_jtreg -ne 0 ]; then makedepends="$makedepends java-jtreg" - checkdepends="$checkdepends ttf-freefont xvfb" + checkdepends="$checkdepends font-freefont xvfb-run" fi +case "$CARCH" in + aarch64|s390x) + options="!check" # get stuck forever on builders + ;; +esac + +# secfixes: +# 11.0.23_p9-r0: +# - CVE-2024-21085 +# - CVE-2024-21011 +# - CVE-2024-21068 +# - CVE-2024-21094 +# - CVE-2024-21012 +# 11.0.22_p7-r0: +# - CVE-2024-20918 +# - CVE-2024-20952 +# - CVE-2024-20919 +# - CVE-2024-20921 +# - CVE-2024-20926 +# - CVE-2024-20945 +# 11.0.21_p9-r0: +# - CVE-2023-22081 +# 11.0.20_p8-r0: +# - CVE-2023-22041 +# - CVE-2023-25193 +# - CVE-2023-22045 +# - CVE-2023-22049 +# - CVE-2023-22036 +# - CVE-2023-22006 +# 11.0.19_p7-r0: +# - CVE-2023-21930 +# - CVE-2023-21967 +# - CVE-2023-21954 +# - CVE-2023-21939 +# - CVE-2023-21938 +# - CVE-2023-21968 +# - CVE-2023-21937 +# 11.0.18_p10-r0: +# - CVE-2023-21835 +# - CVE-2023-21843 +# 11.0.17_p8-r0: +# - CVE-2022-21628 +# - CVE-2022-21626 +# - CVE-2022-39399 +# - CVE-2022-21624 +# - CVE-2022-21619 +# 11.0.16_p8-r0: +# - CVE-2022-21540 +# - CVE-2022-21541 +# - CVE-2022-21549 +# - CVE-2022-25647 +# - CVE-2022-34169 +# 11.0.15_p10-r0: +# - CVE-2021-44531 +# - CVE-2021-44532 +# - CVE-2021-44533 +# - CVE-2022-0778 +# - CVE-2022-21476 +# - CVE-2022-21426 +# - CVE-2022-21496 +# - CVE-2022-21434 +# - CVE-2022-21443 +# - CVE-2022-21824 +# 11.0.14_p9-r0: +# - CVE-2022-21291 +# - CVE-2022-21305 +# - CVE-2022-21277 +# - CVE-2022-21360 +# - CVE-2022-21365 +# - CVE-2022-21366 +# - CVE-2022-21282 +# - CVE-2022-21296 +# - CVE-2022-21299 +# - CVE-2022-21271 +# - CVE-2022-21283 +# - CVE-2022-21293 +# - CVE-2022-21294 +# - CVE-2022-21340 +# - CVE-2022-21341 +# - CVE-2022-21248 +# 11.0.13_p8-r0: +# - CVE-2021-35567 +# - CVE-2021-35550 +# - CVE-2021-35586 +# - CVE-2021-35564 +# - CVE-2021-35556 +# - CVE-2021-35559 +# - CVE-2021-35561 +# - CVE-2021-35565 +# - CVE-2021-35578 +# - CVE-2021-35603 +# 11.0.12_p7-r0: +# - CVE-2021-2341 +# - CVE-2021-2369 +# - CVE-2021-2388 +# 11.0.9_p11-r0: +# - CVE-2020-14779 +# - CVE-2020-14781 +# - CVE-2020-14782 +# - CVE-2020-14792 +# - CVE-2020-14796 +# - CVE-2020-14797 +# - CVE-2020-14798 +# - CVE-2020-14803 +# 11.0.8_p10-r0: +# - CVE-2020-14556 +# - CVE-2020-14562 +# - CVE-2020-14573 +# - CVE-2020-14577 +# - CVE-2020-14581 +# - CVE-2020-14583 +# - CVE-2020-14593 +# - CVE-2020-14621 +# 11.0.7_p10-r0: +# - CVE-2020-2754 +# - CVE-2020-2755 +# - CVE-2020-2756 +# - CVE-2020-2757 +# - CVE-2020-2767 +# - CVE-2020-2773 +# - CVE-2020-2778 +# - CVE-2020-2781 +# - CVE-2020-2800 +# - CVE-2020-2803 +# - CVE-2020-2805 +# - CVE-2020-2816 +# - CVE-2020-2830 +# 11.0.6_p10-r0: +# - CVE-2020-2583 +# - CVE-2020-2590 +# - CVE-2020-2593 +# - CVE-2020-2601 +# - CVE-2020-2604 +# - CVE-2020-2654 +# - CVE-2020-2655 +# 11.0.5_p10-r0: +# - CVE-2019-2894 +# - CVE-2019-2933 +# - CVE-2019-2945 +# - CVE-2019-2949 +# - CVE-2019-2958 +# - CVE-2019-2962 +# - CVE-2019-2964 +# - CVE-2019-2973 +# - CVE-2019-2975 +# - CVE-2019-2977 +# - CVE-2019-2978 +# - CVE-2019-2981 +# - CVE-2019-2983 +# - CVE-2019-2987 +# - CVE-2019-2988 +# - CVE-2019-2989 +# - CVE-2019-2992 +# - CVE-2019-2999 +# 11.0.4_p11-r0: +# - CVE-2019-2745 +# - CVE-2019-2762 +# - CVE-2019-2766 +# - CVE-2019-2769 +# - CVE-2019-2786 +# - CVE-2019-2816 +# - CVE-2019-2818 +# - CVE-2019-2821 +# - CVE-2019-7317 prepare() { default_prepare # update autoconf files to detect alpine update_config_sub - update_config_guess # remove not compilable module (hotspot jdk.hotspot.agent) # this needs libthread_db which is only provided by glibc @@ -86,21 +246,41 @@ prepare() { } build() { - cd "$builddir" - if [ $_run_jtreg -ne 0 ]; then _with_jtreg="--with-jtreg=/usr/share/java/jtreg" else _with_jtreg="--with-jtreg=no" fi + if [ -n "$USE_CCACHE" ]; then + # workaround ccache being disallowed + export PATH="/usr/bin:/bin:/sbin:/usr/sbin" + local ccache="--enable-ccache" + fi + + # we want to build hotspot with better optimisations; it's set to this + # (prepended) anyway, and it's huge + case "$CARCH" in + ppc64le) + # ppc64le specifically takes 15x longer to compile a certain file with O3, for + # some reason + export CFLAGS="$CFLAGS -O2" + export CXXFLAGS="$CXXFLAGS -O2" + ;; + *) + export CFLAGS="$CFLAGS -O3" + export CXXFLAGS="$CXXFLAGS -O3" + ;; + esac + # CFLAGS, CXXFLAGS and LDFLAGS are ignored as shown by a warning # in the output of ./configure unless used like such: - # --with-extra-cflags="${CFLAGS}" - # --with-extra-cxxflags="${CXXFLAGS}" - # --with-extra-ldflags="${LDFLAGS}" + # --with-extra-cflags="$CFLAGS" + # --with-extra-cxxflags="$CXXFLAGS" + # --with-extra-ldflags="$LDFLAGS" # See also paragraph "Configure Control Variables" from "common/doc/building.md" - CFLAGS= CXXFLAGS= LDFLAGS= \ + # shellcheck disable=2097 disable=2098 + CFLAGS='' CXXFLAGS='' LDFLAGS='' \ bash ./configure \ --openjdk-target=$CHOST \ --prefix="$_java_home" \ @@ -118,7 +298,8 @@ build() { --with-lcms=system \ --with-jobs=${JOBS:-4} \ --with-test-jobs=${JOBS:-4} \ - --with-native-debug-symbols=external \ + --with-native-debug-symbols=none \ + $ccache \ $_with_jtreg \ --disable-warnings-as-errors \ --disable-precompiled-headers \ @@ -126,38 +307,21 @@ build() { --with-jvm-variants=server \ --with-debug-level=release \ --with-version-pre= \ - --with-version-opt=alpine-r${pkgrel} \ - --with-version-build=${_pkgver#*+} \ + --with-version-opt="alpine-r$pkgrel" \ + --with-version-build=${pkgver#*p} \ --with-vendor-name="Alpine" \ --with-vendor-url="https://alpinelinux.org/" \ - --with-vendor-bug-url="https://bugs.alpinelinux.org/projects/alpine/issues" \ - --with-vendor-vm-bug-url="https://bugs.alpinelinux.org/projects/alpine/issues" - MAKEFLAGS= make images + --with-vendor-bug-url="https://gitlab.alpinelinux.org/alpine/aports/issues" \ + --with-vendor-vm-bug-url="https://gitlab.alpinelinux.org/alpine/aports/issues" + # in rare cases the build hangs + MAKEFLAGS='' timeout 3600 make images } check() { - cd "$builddir" - local _java_bin="./build/*-normal-server-release/images/jdk/bin" - # 1) compile and run a simple hello world - $_java_bin/javac -d . "$srcdir"/HelloWorld.java - $_java_bin/java HelloWorld - - # 2) compile and run a testcase for unlimited policy - $_java_bin/javac -d . "$srcdir"/TestCryptoLevel.java - $_java_bin/java -cp . --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel - - # 3) compile and run a testcase for ECDSA signatures - $_java_bin/javac -d . "$srcdir"/TestECDSA.java - $_java_bin/java TestECDSA - - # 4) compile and run testcase for bug 10126 - $_java_bin/javac -d . "$srcdir"/Alpine_Bug_10126.java - $_java_bin/java Alpine_Bug_10126 - # run the gtest unittest suites - MAKEFLAGS= make test-hotspot-gtest + MAKEFLAGS='' make test-hotspot-gtest # The jtreg tests take very, very long to finish and show some failures (9 - 12 on my machine, varying between runs) # I think these are not critical and can be safely ignored. @@ -165,29 +329,20 @@ check() { # When updating this aport please let them run at least once on your machine to see if the failure count changes. if [ $_run_jtreg -ne 0 ]; then _logfile=$( mktemp -p "$builddir" ) - if [ -z "$DISPLAY" ]; then - Xvfb :99 & - _xvfb_pid=$! - DISPLAY=:99 - fi - MAKEFLAGS= DISPLAY=$DISPLAY make \ + MAKEFLAGS='' xvfb-run make \ run-test-tier1 \ run-test-tier2 \ run-test-tier3 \ | tee "$_logfile" msg "---------------------------------------" msg "The build log can be found at $_logfile" - if [ -n "$_xvfb_pid" ]; then - kill $_xvfb_pid - fi # abort the build so you may take a look at the logfile false + return 1 fi } package() { - cd "$builddir" - mkdir -p "$pkgdir/$_java_home" cp -r build/*-normal-server-release/images/jdk/* "$pkgdir/$_java_home" } @@ -222,22 +377,10 @@ _doc() { mv "$_fromroot/man" "$_toroot" } -_dbg() { - pkgdesc="Oracle OpenJDK 11 (debug)" - depends="$pkgname-jdk" - _fromroot="$pkgdir/$_java_home" - _toroot="$subpkgdir/$_java_home" - - mkdir -p "$_toroot/lib/server" - mkdir -p "$_toroot/lib/jli" - mv "$_fromroot"/lib/server/*.debuginfo "$_toroot"/lib/server - mv "$_fromroot"/lib/jli/*.debuginfo "$_toroot"/lib/jli - mv "$_fromroot"/lib/*.debuginfo "$_toroot"/lib -} - _jre() { pkgdesc="Oracle OpenJDK 11 (JRE)" depends="$pkgname-jre-headless" + provides=java-jre _fromroot="$pkgdir/$_java_home" _toroot="$subpkgdir/$_java_home" @@ -263,15 +406,22 @@ _src() { _jre_headless() { pkgdesc="Oracle OpenJDK 11 (JRE headless)" depends="java-common java-cacerts" + provides=java-jre-headless _fromroot="$pkgdir/$_java_home" _toroot="$subpkgdir/$_java_home" mkdir -p "$_toroot" mv "$_fromroot/lib" "$_toroot" + # ct.sym should stay in -jdk + mkdir "$_fromroot/lib" + mv "$_toroot/lib/ct.sym" "$_fromroot/lib" + mkdir -p "$_toroot/bin" for i in java \ + jfr \ jjs \ + jrunscript \ keytool \ pack200 \ rmid \ @@ -280,12 +430,17 @@ _jre_headless() { mv "$_fromroot/bin/$i" "$_toroot/bin/$i" done + # jaotc only available on x86_64 + if [ "$CARCH" = "x86_64" ]; then + mv "$_fromroot/bin/jaotc" "$_toroot/bin/jaotc" + fi + mv "$_fromroot/legal" "$_toroot" mv "$_fromroot/conf" "$_toroot" mv "$_fromroot/release" "$_toroot" cp "$builddir/ASSEMBLY_EXCEPTION" "$_toroot" cp "$builddir/LICENSE" "$_toroot" - cp "$builddir/README" "$_toroot" + cp "$builddir/README.md" "$_toroot" # symlink to shared cacerts store rm "$_toroot/lib/security/cacerts" @@ -298,22 +453,20 @@ _jre_headless() { _jdk() { pkgdesc="Oracle OpenJDK 11 (JDK)" - depends="$pkgname-jre" + depends="$pkgname-jre $pkgname-jmods" + provides=java-jdk _fromroot="$pkgdir/$_java_home" _toroot="$subpkgdir/$_java_home" mkdir -p "$_toroot" mv "$_fromroot/bin" "$_toroot" + mv "$_fromroot/lib" "$_toroot" mv "$_fromroot/include" "$_toroot" } -sha512sums="0d52c78e217b79756be0fc6b3f9204bae254ec7b9ae10b6c3114463a9c028143807f4422711f0c02b81a034ae6e88fa2efc6bed85022720807344230a8aa12a6 jdk-11.0.5+10.tar.bz2 -66a9f2736da87de09d7bcc136771ab760bdba7847f3a23b2aa4efbc2e55ac8b49510c6d7afdf3f8d046c6e3fe9dca0d4cb0b5a38d7a3aebaf86fa0e3cc635eac build.patch -8c0f1f8d2a78ebb30a8460bc0ea9cd2349cea98819df1577bf7de19a1dd82d06a593f36b4e17c282ed53d23f00163e387e3dd1f3c9e5a092726e78c3aa710370 aarch64.patch -d2903a5b3b9f82c4888416580f0b93888bf21ae0dac0ce6e926607a82a9e53b7e10e13f07a984f65dc116e81f58cd3844d6156088534c0059be8f6ee68e19a43 arm.patch -4eb577645e7b6d4563290480e162702030033515ff4845edbd1dbf2604b6f1e7d2a3cdd85058d6b41938b54c097635125c4429b9df3fcda589b980aa1740fd2e ppc64le.patch -89e681da2de0bcb5131e2512d1280ce8da684ede5b38379c6325cd9f57e78a4bdde3abfa0a0a496889411dd57264312094973ce2da301293d0826114a3ef09d3 x86.patch -d1767dddd8e0956e25c0f77ed45c6fc86a1191bae1704a6dc33be490fd20eaa50461fe5c2a3349512059d555651e2eb41437dd3c1096c351e8ee68b4534a2579 HelloWorld.java -27e91edef89d26c0c5b9a813e2045f8d2b348745a506ae37b34b660fa7093da9a4e0e676ea41dc4a5c901bce02e5304d95e90f68d6c99cbf461b2da40a7a9853 TestECDSA.java -b02dff8d549f88317bb4c741a9e269e8d59eef990197d085388fc49c7423a4eb9367dbe1e02bffb10e7862f5980301eb58d4494e177d0e8f60af6b05c7fbbe60 TestCryptoLevel.java -18f72fcc3b09e772da10d6875a7081fe21d3b387e1d4d9a45bb9cc3e306393960b19c27dac61d33a20d7484c22109c2d091c062523d5575b8d30b20949b74f70 Alpine_Bug_10126.java" +sha512sums=" +3851063289042ed467a9cb636eba7170a0feeaa3e5d19bda6c30a186ea624e4ae1b308006652acb9c9820c2065382bd719ee130b7a1a0524fe25ecd639f8a51d jdk-11.0.23-ga.tar.gz +438c6c4c760b7aece90a8e09d5edce842286071195cffe8d417208f3dfdef0953eb68fb8282d44cbd7ac8eeaee637cdb040c06ffa5381c36f47ffd48b5e6d938 lfs64.patch +e8d2213b5995bc0811f9a0036a9794150568ff9de4e202674e218ece7996553b1f222cff43dd21222c378f4f95a1471da25859b5a82ee496ed64df85f34ff199 ppc64le.patch +b0963e5b6dc4d6cec0670827e0a0691d65e44587a8912ac9110aeb36d7f2d07a8afe9e155ea1568fe1534c09ef3277aeca8a66bbf155354b5cdc6e2b9636b5b4 JDK-8267908.patch +" |