[PATCH FOR REVIEW] Allow OpenJDK to be built with the unlimited crypto policy (original) (raw)
Andrew Hughes ahughes at redhat.com
Tue Sep 18 14:39:20 UTC 2012
- Previous message (by thread): hg: jdk8/tl/jdk: 7199066: Typo in method name
- Next message (by thread): [PATCH FOR REVIEW] Allow OpenJDK to be built with the unlimited crypto policy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is an issue that has been with us for a while. See:
https://bugs.openjdk.java.net/show_bug.cgi?id=100062 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7188845
for some background.
The original proposed patch goes to far in removing most of the infrastructure for restricting crypto levels and signing of crypto jars.
The following simple webrev will achieve what I think is needed:
http://cr.openjdk.java.net/~andrew/100062/webrev.01/
allowing OpenJDK to be built with the unlimited rather than limited crypto policy in place.
The build is only altered if both an OpenJDK build is being performed and UNLIMITED_CRYPTO is defined. In this case, the install-unlimited rule is used to install policies. Without UNLIMITED_CRYPTO being set, OpenJDK builds still depend on install-limited as now.
I believe this is a fairly unintrusive change which should allow GNU/Linux distros to ship without crypto restrictions while still using upstream OpenJDK rather than a variant with several classes removed.
It's not clear to me why this approach wasn't taken before, so I hope I haven't missed something.
If this looks ok, I'll push it as the resolution for bug 7188845.
Andrew :)
Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com)
PGP Key: 248BDC07 (https://keys.indymedia.org/) Fingerprint = EC5A 1F5E C0AD 1D15 8F1F 8F91 3B96 A578 248B DC07
- Previous message (by thread): hg: jdk8/tl/jdk: 7199066: Typo in method name
- Next message (by thread): [PATCH FOR REVIEW] Allow OpenJDK to be built with the unlimited crypto policy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]