aports/community/openjdk11/APKBUILD

# Contributor: Simon Frankenberger <simon-alpine@fraho.eu>
# Maintainer: Simon Frankenberger <simon-alpine@fraho.eu>
pkgname=openjdk11
pkgver=11.0.18_p10
_pkgver=${pkgver%_p*}-ga
pkgrel=0
pkgdesc="Oracle OpenJDK 11"
provider_priority=11
url="https://github.com/openjdk/jdk11u"
# oracle dropped support for 32 bit
# riscv64 blocked by openjdk10
arch="all !x86 !armhf !armv7 !riscv64"
license="GPL-2.0-with-classpath-exception"
makedepends="autoconf
	bash
	gawk
	grep
	make
	openjdk10-jdk
	zip
	alsa-lib-dev
	cups-dev
	elfutils-dev
	fontconfig-dev
	freetype-dev
	giflib-dev
	lcms2-dev
	libffi-dev
	libjpeg-turbo-dev
	libx11-dev
	libxext-dev
	libxrandr-dev
	libxrender-dev
	libxt-dev
	libxtst-dev
	linux-headers
	zlib-dev"
depends="$pkgname-jdk $pkgname-demos $pkgname-doc" # for the virtual openjdk11 package
subpackages="$pkgname-jmods:_jmods:noarch
	$pkgname-demos:_demos:noarch
	$pkgname-doc:_doc:noarch
	$pkgname-jre:_jre
	$pkgname-src:_src:noarch
	$pkgname-jre-headless:_jre_headless
	$pkgname-jdk:_jdk"
source="jdk-$_pkgver.tar.gz::https://github.com/openjdk/jdk11u/archive/jdk-$_pkgver.tar.gz

	ppc64le.patch
	JDK-8267908.patch

	HelloWorld.java
	TestECDSA.java
	TestCryptoLevel.java
	Alpine_Bug_10126.java
"
builddir="$srcdir/jdk11u-jdk-$_pkgver"

_java_home="/usr/lib/jvm/java-11-openjdk"

ldpath="$_java_home/lib:$_java_home/lib/jli:$_java_home/lib/server"
sonameprefix="$pkgname:"

# enable running the JTReg tests in check?
# see comment in that function for explanation
_run_jtreg=${_run_jtreg:-0}
if [ $_run_jtreg -ne 0 ]; then
	makedepends="$makedepends java-jtreg"
	checkdepends="$checkdepends font-freefont xvfb-run"
fi

case "$CARCH" in
	aarch64|s390x)
		options="!check" # get stuck forever on builders
		;;
esac

# secfixes:
#   11.0.18_p10-r0:
#     - CVE-2023-21835
#     - CVE-2023-21843
#   11.0.17_p8-r0:
#     - CVE-2022-21628
#     - CVE-2022-21626
#     - CVE-2022-39399
#     - CVE-2022-21624
#     - CVE-2022-21619
#   11.0.16_p8-r0:
#     - CVE-2022-21540
#     - CVE-2022-21541
#     - CVE-2022-21549
#     - CVE-2022-25647
#     - CVE-2022-34169
#   11.0.15_p10-r0:
#     - CVE-2021-44531
#     - CVE-2021-44532
#     - CVE-2021-44533
#     - CVE-2022-0778
#     - CVE-2022-21476
#     - CVE-2022-21426
#     - CVE-2022-21496
#     - CVE-2022-21434
#     - CVE-2022-21443
#     - CVE-2022-21824
#   11.0.14_p9-r0:
#     - CVE-2022-21291
#     - CVE-2022-21305
#     - CVE-2022-21277
#     - CVE-2022-21360
#     - CVE-2022-21365
#     - CVE-2022-21366
#     - CVE-2022-21282
#     - CVE-2022-21296
#     - CVE-2022-21299
#     - CVE-2022-21271
#     - CVE-2022-21283
#     - CVE-2022-21293
#     - CVE-2022-21294
#     - CVE-2022-21340
#     - CVE-2022-21341
#     - CVE-2022-21248
#   11.0.13_p8-r0:
#     - CVE-2021-35567
#     - CVE-2021-35550
#     - CVE-2021-35586
#     - CVE-2021-35564
#     - CVE-2021-35556
#     - CVE-2021-35559
#     - CVE-2021-35561
#     - CVE-2021-35565
#     - CVE-2021-35578
#     - CVE-2021-35603
#   11.0.12_p7-r0:
#     - CVE-2021-2341
#     - CVE-2021-2369
#     - CVE-2021-2388
#   11.0.9_p11-r0:
#     - CVE-2020-14779
#     - CVE-2020-14781
#     - CVE-2020-14782
#     - CVE-2020-14792
#     - CVE-2020-14796
#     - CVE-2020-14797
#     - CVE-2020-14798
#     - CVE-2020-14803
#   11.0.8_p10-r0:
#     - CVE-2020-14556
#     - CVE-2020-14562
#     - CVE-2020-14573
#     - CVE-2020-14577
#     - CVE-2020-14581
#     - CVE-2020-14583
#     - CVE-2020-14593
#     - CVE-2020-14621
#   11.0.7_p10-r0:
#     - CVE-2020-2754
#     - CVE-2020-2755
#     - CVE-2020-2756
#     - CVE-2020-2757
#     - CVE-2020-2767
#     - CVE-2020-2773
#     - CVE-2020-2778
#     - CVE-2020-2781
#     - CVE-2020-2800
#     - CVE-2020-2803
#     - CVE-2020-2805
#     - CVE-2020-2816
#     - CVE-2020-2830
#   11.0.6_p10-r0:
#     - CVE-2020-2583
#     - CVE-2020-2590
#     - CVE-2020-2593
#     - CVE-2020-2601
#     - CVE-2020-2604
#     - CVE-2020-2654
#     - CVE-2020-2655
#   11.0.5_p10-r0:
#     - CVE-2019-2894
#     - CVE-2019-2933
#     - CVE-2019-2945
#     - CVE-2019-2949
#     - CVE-2019-2958
#     - CVE-2019-2962
#     - CVE-2019-2964
#     - CVE-2019-2973
#     - CVE-2019-2975
#     - CVE-2019-2977
#     - CVE-2019-2978
#     - CVE-2019-2981
#     - CVE-2019-2983
#     - CVE-2019-2987
#     - CVE-2019-2988
#     - CVE-2019-2989
#     - CVE-2019-2992
#     - CVE-2019-2999
#   11.0.4_p11-r0:
#     - CVE-2019-2745
#     - CVE-2019-2762
#     - CVE-2019-2766
#     - CVE-2019-2769
#     - CVE-2019-2786
#     - CVE-2019-2816
#     - CVE-2019-2818
#     - CVE-2019-2821
#     - CVE-2019-7317

prepare() {
	default_prepare

	# update autoconf files to detect alpine
	update_config_sub
	update_config_guess

	# remove not compilable module (hotspot jdk.hotspot.agent)
	# this needs libthread_db which is only provided by glibc
	#
	# haven't found any way to disable this module so just remove it.
	rm -r src/jdk.hotspot.agent
}

build() {
	if [ $_run_jtreg -ne 0 ]; then
		_with_jtreg="--with-jtreg=/usr/share/java/jtreg"
	else
		_with_jtreg="--with-jtreg=no"
	fi

	# CFLAGS, CXXFLAGS and LDFLAGS are ignored as shown by a warning
	# in the output of ./configure unless used like such:
	#  --with-extra-cflags="$CFLAGS"
	#  --with-extra-cxxflags="$CXXFLAGS"
	#  --with-extra-ldflags="$LDFLAGS"
	# See also paragraph "Configure Control Variables" from "common/doc/building.md"
	# shellcheck disable=2097 disable=2098
	CFLAGS='' CXXFLAGS='' LDFLAGS='' \
		bash ./configure \
		--openjdk-target=$CHOST \
		--prefix="$_java_home" \
		--sysconfdir=/etc \
		--mandir=/usr/share/man \
		--infodir=/usr/share/info \
		--localstatedir=/var \
		--with-extra-cflags="$CFLAGS" \
		--with-extra-cxxflags="$CXXFLAGS" \
		--with-extra-ldflags="$LDFLAGS" \
		--with-zlib=system \
		--with-libjpeg=system \
		--with-giflib=system \
		--with-libpng=system \
		--with-lcms=system \
		--with-jobs=${JOBS:-4} \
		--with-test-jobs=${JOBS:-4} \
		--with-native-debug-symbols=none \
		$_with_jtreg \
		--disable-warnings-as-errors \
		--disable-precompiled-headers \
		--enable-dtrace=no \
		--with-jvm-variants=server \
		--with-debug-level=release \
		--with-version-pre= \
		--with-version-opt="alpine-r$pkgrel" \
		--with-version-build=${pkgver#*p} \
		--with-vendor-name="Alpine" \
		--with-vendor-url="https://alpinelinux.org/" \
		--with-vendor-bug-url="https://gitlab.alpinelinux.org/alpine/aports/issues" \
		--with-vendor-vm-bug-url="https://gitlab.alpinelinux.org/alpine/aports/issues"
	MAKEFLAGS='' make images
}

check() {
	local _java_bin="./build/*-normal-server-release/images/jdk/bin"

	# 1) compile and run a simple hello world
	$_java_bin/javac -d . "$srcdir"/HelloWorld.java
	$_java_bin/java HelloWorld

	# 2) compile and run a testcase for unlimited policy
	$_java_bin/javac -d . "$srcdir"/TestCryptoLevel.java
	$_java_bin/java -cp . --add-opens java.base/javax.crypto=ALL-UNNAMED TestCryptoLevel

	# 3) compile and run a testcase for ECDSA signatures
	$_java_bin/javac -d . "$srcdir"/TestECDSA.java
	$_java_bin/java TestECDSA

	# 4) compile and run testcase for bug 10126
	$_java_bin/javac -d . "$srcdir"/Alpine_Bug_10126.java
	$_java_bin/java Alpine_Bug_10126

	# run the gtest unittest suites
	MAKEFLAGS='' make test-hotspot-gtest

	# The jtreg tests take very, very long to finish and show some failures (9 - 12 on my machine, varying between runs)
	# I think these are not critical and can be safely ignored.
	# As the tests take too long, they are disabled by default.
	# When updating this aport please let them run at least once on your machine to see if the failure count changes.
	if [ $_run_jtreg -ne 0 ]; then
		_logfile=$( mktemp -p "$builddir" )
		MAKEFLAGS='' xvfb-run make \
			run-test-tier1 \
			run-test-tier2 \
			run-test-tier3 \
			| tee "$_logfile"
		msg "---------------------------------------"
		msg "The build log can be found at $_logfile"
		# abort the build so you may take a look at the logfile
		false
		return 1
	fi
}

package() {
	mkdir -p "$pkgdir/$_java_home"
	cp -r build/*-normal-server-release/images/jdk/* "$pkgdir/$_java_home"
}

_jmods() {
	pkgdesc="Oracle OpenJDK 11 (jmods)"
	depends=""
	_fromroot="$pkgdir/$_java_home"
	_toroot="$subpkgdir/$_java_home"

	mkdir -p "$_toroot"
	mv "$_fromroot/jmods" "$_toroot"
}

_demos() {
	pkgdesc="Oracle OpenJDK 11 (demos)"
	depends=""
	_fromroot="$pkgdir/$_java_home"
	_toroot="$subpkgdir/$_java_home"

	mkdir -p "$_toroot"
	mv "$_fromroot/demo" "$_toroot"
}

_doc() {
	pkgdesc="Oracle OpenJDK 11 (Documentation)"
	depends=""
	_fromroot="$pkgdir/$_java_home"
	_toroot="$subpkgdir/$_java_home"

	mkdir -p "$_toroot"
	mv "$_fromroot/man" "$_toroot"
}

_jre() {
	pkgdesc="Oracle OpenJDK 11 (JRE)"
	depends="$pkgname-jre-headless"
	provides=java-jre
	_fromroot="$pkgdir/$_java_home"
	_toroot="$subpkgdir/$_java_home"

	mkdir -p "$_toroot/lib"
	mv "$_fromroot/lib/libawt_xawt.so" \
		"$_fromroot/lib/libfontmanager.so" \
		"$_fromroot/lib/libjavajpeg.so" \
		"$_fromroot/lib/libjawt.so" \
		"$_fromroot/lib/libjsound.so" \
		"$_fromroot/lib/liblcms.so" \
		"$_fromroot/lib/libsplashscreen.so" \
		"$_toroot/lib"
}

_src() {
	pkgdesc="Oracle OpenJDK 11 (sources)"
	depends="$pkgname-jre-headless"
	mkdir -p "$subpkgdir/$_java_home"/lib
	mv "$pkgdir"/$_java_home/lib/src.zip \
		"$subpkgdir"/$_java_home/lib/
}

_jre_headless() {
	pkgdesc="Oracle OpenJDK 11 (JRE headless)"
	depends="java-common java-cacerts"
	provides=java-jre-headless
	_fromroot="$pkgdir/$_java_home"
	_toroot="$subpkgdir/$_java_home"

	mkdir -p "$_toroot"
	mv "$_fromroot/lib" "$_toroot"

	# ct.sym should stay in -jdk
	mkdir "$_fromroot/lib"
	mv "$_toroot/lib/ct.sym" "$_fromroot/lib"

	mkdir -p "$_toroot/bin"
	for i in java \
		jfr \
		jjs \
		jrunscript \
		keytool \
		pack200 \
		rmid \
		rmiregistry \
		unpack200; do
		mv "$_fromroot/bin/$i" "$_toroot/bin/$i"
	done

	# jaotc only available on x86_64
	if [ "$CARCH" = "x86_64" ]; then
		mv "$_fromroot/bin/jaotc" "$_toroot/bin/jaotc"
	fi

	mv "$_fromroot/legal"              "$_toroot"
	mv "$_fromroot/conf"               "$_toroot"
	mv "$_fromroot/release"            "$_toroot"
	cp "$builddir/ASSEMBLY_EXCEPTION"  "$_toroot"
	cp "$builddir/LICENSE"             "$_toroot"
	cp "$builddir/README.md"           "$_toroot"

	# symlink to shared cacerts store
	rm "$_toroot/lib/security/cacerts"
	ln -sf /etc/ssl/certs/java/cacerts \
		"$_toroot/lib/security/cacerts"

	# symlink for java-common to work (expects jre in $_java_home/jre)
	ln -sf . "$_toroot/jre"
}

_jdk() {
	pkgdesc="Oracle OpenJDK 11 (JDK)"
	depends="$pkgname-jre $pkgname-jmods"
	provides=java-jdk
	_fromroot="$pkgdir/$_java_home"
	_toroot="$subpkgdir/$_java_home"

	mkdir -p "$_toroot"
	mv "$_fromroot/bin" "$_toroot"
	mv "$_fromroot/lib" "$_toroot"
	mv "$_fromroot/include" "$_toroot"
}

sha512sums="
10a48066ad1d2b627cc9be5c6e06a0deef7241f3b95b917b3bf86ffeb53ea043915e0eb7784ea244332d9c3941c8c5056c154e5aff4522b95aca8c8372c19474  jdk-11.0.18-ga.tar.gz
e8d2213b5995bc0811f9a0036a9794150568ff9de4e202674e218ece7996553b1f222cff43dd21222c378f4f95a1471da25859b5a82ee496ed64df85f34ff199  ppc64le.patch
b0963e5b6dc4d6cec0670827e0a0691d65e44587a8912ac9110aeb36d7f2d07a8afe9e155ea1568fe1534c09ef3277aeca8a66bbf155354b5cdc6e2b9636b5b4  JDK-8267908.patch
d1767dddd8e0956e25c0f77ed45c6fc86a1191bae1704a6dc33be490fd20eaa50461fe5c2a3349512059d555651e2eb41437dd3c1096c351e8ee68b4534a2579  HelloWorld.java
27e91edef89d26c0c5b9a813e2045f8d2b348745a506ae37b34b660fa7093da9a4e0e676ea41dc4a5c901bce02e5304d95e90f68d6c99cbf461b2da40a7a9853  TestECDSA.java
b02dff8d549f88317bb4c741a9e269e8d59eef990197d085388fc49c7423a4eb9367dbe1e02bffb10e7862f5980301eb58d4494e177d0e8f60af6b05c7fbbe60  TestCryptoLevel.java
cc466f64fcc8762cf6e3c1f5739be6425209b27aa58acff4e7eb126003d61fa18266f0e79e57e9d84224654010185ab45dc0a8043543dea227258458a00a1eb1  Alpine_Bug_10126.java
"