diff --git a/.github/workflows/build-autotriage.yml b/.github/workflows/build-autotriage.yml index 28c3f749a..8edfc5ca7 100644 --- a/.github/workflows/build-autotriage.yml +++ b/.github/workflows/build-autotriage.yml @@ -37,7 +37,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: "Run Build Auto Triage" - run: bash "${PWD}/${TRIAGE_SCRIPT}" jdk8u jdk11u jdk17u jdk21u jdk23 jdk24head + run: bash "${PWD}/${TRIAGE_SCRIPT}" jdk8u jdk11u jdk17u jdk21u jdk23u jdk24head - name: Create Issue From File env: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index edf237e16..16731dc40 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -235,7 +235,7 @@ jobs: steps: - name: Restore cygwin packages from cache id: cygwin - uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 with: path: C:\cygwin64 key: cygwin-packages-${{ runner.os }}-v1 @@ -279,7 +279,7 @@ jobs: - name: Restore Visual Studio 2017 from cache id: vs2017 if: matrix.version == 'jdk8u' - uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 with: path: ~/vs2017.exe key: vs2017 @@ -287,7 +287,7 @@ jobs: - name: Restore Visual Studio 2019 from cache id: vs2019 if: matrix.version == 'jdk11u' || matrix.version == 'jdk17u' - uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 with: path: ~/vs2019.exe key: vs2019 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index b8788a01a..98d210107 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -58,7 +58,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -68,7 +68,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 # ℹī¸ Command-line programs to run using the OS shell. # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun @@ -81,6 +81,6 @@ jobs: # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v3.26.11 + uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml index 9d96bcf92..bb4bf54f1 100644 --- a/.github/workflows/ossf-scorecard.yml +++ b/.github/workflows/ossf-scorecard.yml @@ -46,6 +46,6 @@ jobs: name: SARIF file path: results.sarif retention-days: 5 - - uses: github/codeql-action/upload-sarif@6db8d6351fd0be61f9ed8ebd12ccd35dcec51fea # v2.13.4 + - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v2.13.4 with: sarif_file: results.sarif diff --git a/cyclonedx-lib/getDependencies b/cyclonedx-lib/getDependencies index 03164a7b3..855198b77 100644 --- a/cyclonedx-lib/getDependencies +++ b/cyclonedx-lib/getDependencies @@ -2,8 +2,8 @@ LABEL=params.LABEL ? params.LABEL : 'ci.role.test&&hw.arch.x86&&sw.os.linux' -TEMURIN_BUILD_REPO="https://github.com/adamfarley/temurin-build" -TEMURIN_BUILD_BRANCH="add_versions_and_shas_to_build_getdependencies" +TEMURIN_BUILD_REPO="https://github.com/adoptium/temurin-build" +TEMURIN_BUILD_BRANCH="master" stage('Queue') { node("$LABEL") { diff --git a/docker-build.sh b/docker-build.sh index efa1a62ce..24de787f1 100755 --- a/docker-build.sh +++ b/docker-build.sh @@ -20,19 +20,19 @@ # ################################################################################ -# the ${BUILD_CONFIG[CONTAINER_AS_ROOT]} can not be quoted. It is sudo (or simialrly) or nothing. "" is not an option. -# simialrly the ${cpuset} and ${userns} +# The ${BUILD_CONFIG[CONTAINER_AS_ROOT]} can not be quoted. It is sudo (or similar) or nothing. "" is not an option. +# Similarly for ${cpuset} and ${userns}. # shellcheck disable=SC2206 # shellcheck disable=SC2046 # shellcheck disable=SC2086 set -eu -# Create a data volume called ${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}, -# this gets mounted at /openjdk/build inside the container and is persistent +# Create a data volume called ${BUILD_CONFIG[DOCKER_SOURCE_VOLUME_NAME]}. +# This gets mounted at /openjdk/build inside the container and is persistent # between builds/tests unless -c is passed to this script, in which case it is # recreated using the source in the current ./openjdk directory on the host -# machine (outside the container) +# machine (outside the container). createPersistentDockerDataVolume() { set +e @@ -57,7 +57,7 @@ createPersistentDockerDataVolume() fi } -# Build the docker container +# Build the docker container. buildDockerContainer() { echo "Building docker container" @@ -76,7 +76,7 @@ buildDockerContainer() ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" build -t "${BUILD_CONFIG[CONTAINER_NAME]}" -f "${dockerFile}" . --build-arg "OPENJDK_CORE_VERSION=${BUILD_CONFIG[OPENJDK_CORE_VERSION]}" --build-arg "HostUID=${UID}" } -# Execute the (Adoptium) OpenJDK build inside the Docker Container +# Execute the (Adoptium) OpenJDK build inside the Docker Container. buildOpenJDKViaDocker() { local hostDir @@ -89,12 +89,12 @@ buildOpenJDKViaDocker() local localsourcesdir= if [ "${BUILD_CONFIG[OPENJDK_LOCAL_SOURCE_ARCHIVE]}" = "true" ] ; then - # OPENJDK_LOCAL_SOURCE_ARCHIVE_ABSPATH can be file, you can nto mount file + # OPENJDK_LOCAL_SOURCE_ARCHIVE_ABSPATH can be file, you can not mount file. localsourcesdir=$(dirname "${BUILD_CONFIG[OPENJDK_LOCAL_SOURCE_ARCHIVE_ABSPATH]}") fi # TODO This could be extracted overridden by the user if we support more - # architectures going forwards + # architectures going forwards. local container_architecture container_architecture="$(uname -m)/${BUILD_CONFIG[CONTAINER_IMAGE]//:*/}" local build_variant_flag="" @@ -154,7 +154,7 @@ buildOpenJDKViaDocker() BUILD_CONFIG[STATIC_LIBS_IMAGE_PATH]=$static_libs_dir if [ -z "$(command -v "${BUILD_CONFIG[CONTAINER_COMMAND]}")" ]; then - # shellcheck disable=SC2154 + # shellcheck disable=SC2154 echo "Error, please install docker and ensure that it is in your path and running!" exit fi @@ -164,25 +164,25 @@ buildOpenJDKViaDocker() createPersistentDockerDataVolume # If keep is true then use the existing container (or build a new one if we - # can't find it) + # can't find it). if [[ "${BUILD_CONFIG[REUSE_CONTAINER]}" == "true" ]] ; then # shellcheck disable=SC2086 - # If we can't find the previous Docker container then build a new one + # If we can't find the previous Docker container then build a new one. if [ "$(${BUILD_CONFIG[CONTAINER_AS_ROOT]} ${BUILD_CONFIG[CONTAINER_COMMAND]} ps -a | grep -c \"${BUILD_CONFIG[CONTAINER_NAME]}\")" == 0 ]; then - echo "No docker container for reuse was found, so creating '${BUILD_CONFIG[CONTAINER_NAME]}' " + echo "No docker container for reuse was found, so creating '${BUILD_CONFIG[CONTAINER_NAME]}'" buildDockerContainer fi else # shellcheck disable=SC2154 echo "Since you specified --ignore-container, we are removing the existing container (if it exists) and building you a new one{$good}" - # Find the previous Docker container and remove it (if it exists) + # Find the previous Docker container and remove it (if it exists). ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" ps -a | awk '{ print $1,$2 }' | grep "${BUILD_CONFIG[CONTAINER_NAME]}" | awk '{print $1 }' | xargs -I {} ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" rm -f {} - # Build a new container + # Build a new container. buildDockerContainer fi - # Show the user all of the config before we build + # Show the user all of the config before we build. displayParams echo "Target binary directory on host machine: ${hostDir}/target" @@ -190,12 +190,12 @@ buildOpenJDKViaDocker() local cpuSet cpuSet="0-$((BUILD_CONFIG[NUM_PROCESSORS] - 1))" - + local gitSshAccess=() if [[ "${BUILD_CONFIG[USE_SSH]}" == "true" ]] ; then gitSshAccess=(-v "${HOME}/.ssh:/home/build/.ssh" -v "${SSH_AUTH_SOCK}:/build-ssh-agent" -e "SSH_AUTH_SOCK=/build-ssh-agent") fi - + local dockerMode=() local dockerEntrypoint=(--entrypoint /openjdk/sbin/build.sh "${BUILD_CONFIG[CONTAINER_NAME]}") if [[ "${BUILD_CONFIG[DEBUG_DOCKER]}" == "true" ]] ; then @@ -203,7 +203,7 @@ buildOpenJDKViaDocker() dockerEntrypoint=(--entrypoint "/bin/sh" "${BUILD_CONFIG[CONTAINER_NAME]}" -c "/bin/bash") fi - # Command without gitSshAccess or dockerMode arrays + # Command without gitSshAccess or dockerMode arrays. if [ -e "${hostDir}"/pipelines ] ; then local pipelinesdir="${hostDir}"/pipelines else @@ -219,11 +219,11 @@ buildOpenJDKViaDocker() else local userns="" fi - local mountflag=Z #rw? maybe this should be bound to root/rootles content of BUILD_CONFIG[CONTAINER_AS_ROOT] rather then just podman/docker in USE_DOCKER? - mkdir -p "${hostDir}"/workspace/build # shouldnt be already there? - local localsourcesdirmount= + local mountflag=Z #rw? Maybe this should be bound to root/rootless content of BUILD_CONFIG[CONTAINER_AS_ROOT] rather then just podman/docker in USE_DOCKER? + mkdir -p "${hostDir}"/workspace/build # Shouldn't be already there? + local localsourcesdirmount="" if [ -n "${localsourcesdir}" ] ; then - localsourcesdirmount="-v ${localsourcesdir}:${localsourcesdir}:${mountflag}" #read only? Is copied anwya + localsourcesdirmount="-v ${localsourcesdir}:${localsourcesdir}:${mountflag}" # read only? Is copied anyway. fi echo "If you get permissions denied on ${targetdir} or ${pipelinesdir} try to turn off selinux" local commandString=( @@ -234,28 +234,28 @@ buildOpenJDKViaDocker() -v "${targetdir}":/"${BUILD_CONFIG[WORKSPACE_DIR]}"/"${BUILD_CONFIG[TARGET_DIR]}":"${mountflag}" -v "${pipelinesdir}":/openjdk/pipelines:"${mountflag}" -v "${configdir}":/"${BUILD_CONFIG[WORKSPACE_DIR]}"/"config":"${mountflag}" - -e "DEBUG_DOCKER_FLAG=${BUILD_CONFIG[DEBUG_DOCKER]}" + -e "DEBUG_DOCKER_FLAG=${BUILD_CONFIG[DEBUG_DOCKER]}" -e "BUILD_VARIANT=${BUILD_CONFIG[BUILD_VARIANT]}" "${dockerEntrypoint[@]:+${dockerEntrypoint[@]}}") - # If build specifies --ssh, add array to the command string + # If build specifies --ssh, add array to the command string. if [[ "${BUILD_CONFIG[USE_SSH]}" == "true" ]] ; then commandString=("${gitSshAccess[@]:+${gitSshAccess[@]}}" "${commandString[@]}") fi - # If build specifies --debug-docker, add array to the command string + # If build specifies --debug-docker, add array to the command string. if [[ "${BUILD_CONFIG[DEBUG_DOCKER]}" == "true" ]] ; then commandString=("${dockerMode[@]:+${dockerMode[@]}}" "${commandString[@]}") echo "DEBUG DOCKER MODE. To build jdk run /openjdk/sbin/build.sh" fi - # Run the command string in Docker + # Run the command string in Docker. ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" run --name "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" "${commandString[@]}" - # Tell user where the resulting binary can be found on the host system + # Tell user where the resulting binary can be found on the host system. echo "The finished image can be found in ${targetdir} on the host system" - # If we didn't specify to keep the container then remove it + # If we didn't specify to keep the container then remove it. if [[ "${BUILD_CONFIG[KEEP_CONTAINER]}" == "false" ]] ; then echo "Removing container ${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" ${BUILD_CONFIG[CONTAINER_AS_ROOT]} "${BUILD_CONFIG[CONTAINER_COMMAND]}" ps -a | awk '{ print $1,$(NF) }' | grep "${BUILD_CONFIG[OPENJDK_CORE_VERSION]}-${BUILD_CONFIG[BUILD_VARIANT]}" | awk '{print $1 }' | xargs -I {} ${BUILD_CONFIG[CONTAINER_AS_ROOT]} ${BUILD_CONFIG[CONTAINER_COMMAND]} rm {} diff --git a/sbin/build.sh b/sbin/build.sh index 5d9ef5ac8..a51c4947c 100755 --- a/sbin/build.sh +++ b/sbin/build.sh @@ -76,7 +76,28 @@ addConfigureArgIfValueIsNotEmpty() { # Configure the DevKit if required configureDevKitConfigureParameter() { if [[ -n "${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" ]]; then - addConfigureArg "--with-devkit=" "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}" + if [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then + # Windows DevKit, currently only Redist DLLs + + # This is TARGET Architecture for the Redist DLLs to use + # ARCHITECTURE is set to the "target" architecture by caller, or defaults to build architecture if not set + local dll_arch + if [[ "${ARCHITECTURE}" == "x86-32" ]]; then + dll_arch="x86" + elif [[ "${ARCHITECTURE}" == "aarch64" ]]; then + dll_arch="arm64" + else + dll_arch="x64" + fi + + # Add Windows Redist DLL paths + addConfigureArg "--with-ucrt-dll-dir=" "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}/ucrt/DLLs/${dll_arch}" + addConfigureArg "--with-msvcr-dll=" "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}/${dll_arch}/vcruntime140.dll" + addConfigureArg "--with-vcruntime-1-dll=" "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}/${dll_arch}/vcruntime140_1.dll" + addConfigureArg "--with-msvcp-dll=" "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}/${dll_arch}/msvcp140.dll" + else + addConfigureArg "--with-devkit=" "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}" + fi fi } diff --git a/sbin/prepareWorkspace.sh b/sbin/prepareWorkspace.sh index 30ad58f46..81c9e4263 100644 --- a/sbin/prepareWorkspace.sh +++ b/sbin/prepareWorkspace.sh @@ -37,6 +37,8 @@ ALSA_LIB_CHECKSUM=${ALSA_LIB_CHECKSUM:-5f2cd274b272cae0d0d111e8a9e363f0878332915 ALSA_LIB_GPGKEYID=${ALSA_LIB_GPGKEYID:-A6E59C91} FREETYPE_FONT_SHARED_OBJECT_FILENAME="libfreetype.so*" +# sha256 of https://github.com/adoptium/devkit-binaries/releases/tag/vs2022_redist_14.40.33807_10.0.26100.0 +WINDOWS_REDIST_CHECKSUM="a29ada15d941a7b2065e9a4273fd6b97df44d089ed2b9f860ded442f7fe69767" copyFromDir() { echo "Copying OpenJDK source from ${BUILD_CONFIG[OPENJDK_LOCAL_SOURCE_ARCHIVE_ABSPATH]} to $(pwd)/${BUILD_CONFIG[OPENJDK_SOURCE_DIR]} to be built" @@ -669,14 +671,8 @@ setupGpg() { echo "GNUPGHOME=$GNUPGHOME" } -# Download the required DevKit if necessary and not available in /usr/local/devkit -downloadDevkit() { - if [[ -n "${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" ]]; then - rm -rf "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" - mkdir -p "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" - - BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]="" - +# Download the required Linux DevKit if necessary and not available in /usr/local/devkit +downloadLinuxDevkit() { local devkit_target="${BUILD_CONFIG[OS_ARCHITECTURE]}-linux-gnu" local USR_LOCAL_DEVKIT="/usr/local/devkit/${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" @@ -733,6 +729,77 @@ downloadDevkit() { BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" fi +} + +# Download the required Windows DevKit if necessary and not available in c:/openjdk/devkit +# For the moment this is just support for Windows Redist DLLs +downloadWindowsDevkit() { + local WIN_LOCAL_DEVKIT="/cygdrive/C/openjdk/devkit/${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" + if [[ -d "${WIN_LOCAL_DEVKIT}" ]]; then + local winLocalDevkitInfo="${WIN_LOCAL_DEVKIT}/devkit.info" + if ! grep "ADOPTIUM_DEVKIT_RELEASE=${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" "${winLocalDevkitInfo}"; then + echo "WARNING: Devkit ${winLocalDevkitInfo} does not match required release:" + echo " Required: ADOPTIUM_DEVKIT_RELEASE=${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" + echo " ${WIN_LOCAL_DEVKIT}: $(grep ADOPTIUM_DEVKIT_RELEASE= "${winLocalDevkitInfo}")" + echo "Attempting to download the required DevKit instead" + else + # Found a matching DevKit + echo "Using matching DevKit from location ${WIN_LOCAL_DEVKIT}" + BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]="${WIN_LOCAL_DEVKIT}" + fi + fi + + # Download from adoptium/devkit-runtimes if we have not found a matching one locally + if [[ -z "${BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]}" ]]; then + local devkit_zip="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit/devkit.zip" + + # Determine DevKit zip to download for this release + local devkitUrl="https://github.com/adoptium/devkit-binaries/releases/download/${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" + local devkit="${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}.zip" + + # Download zip + echo "Downloading DevKit : ${devkitUrl}/${devkit}" + curl -L --fail --silent --show-error -o "${devkit_zip}" "${devkitUrl}/${devkit}" + + # Verify checksum + local expectedChecksum="${WINDOWS_REDIST_CHECKSUM}" + local actualChecksum=$(sha256File "${devkit_zip}") + if [ "${actualChecksum}" != "${expectedChecksum}" ]; then + echo "Failed to verify checksum on ${devkit_zip}" + + echo "Expected ${expectedChecksum} got ${actualChecksum}" + exit 1 + fi + + unzip "${devkit_zip}" -d "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" + rm "${devkit_zip}" + + # Validate devkit.info matches value passed in + local devkitInfo="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit/devkit.info" + if ! grep "ADOPTIUM_DEVKIT_RELEASE=${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" "${devkitInfo}"; then + echo "ERROR: Devkit does not match required release:" + echo " Required: ADOPTIUM_DEVKIT_RELEASE=${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" + echo " Downloaded: $(grep ADOPTIUM_DEVKIT_RELEASE= "${devkitInfo}")" + exit 1 + fi + + BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]="${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" + fi +} + +# Download the required DevKit if necessary and not available in /usr/local/devkit +downloadDevkit() { + if [[ -n "${BUILD_CONFIG[USE_ADOPTIUM_DEVKIT]}" ]]; then + rm -rf "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" + mkdir -p "${BUILD_CONFIG[WORKSPACE_DIR]}/${BUILD_CONFIG[WORKING_DIR]}/devkit" + + BUILD_CONFIG[ADOPTIUM_DEVKIT_LOCATION]="" + + if [ "${BUILD_CONFIG[OS_KERNEL_NAME]}" == "linux" ]; then + downloadLinuxDevkit + elif [[ "$OSTYPE" == "cygwin" ]] || [[ "$OSTYPE" == "msys" ]]; then + downloadWindowsDevkit + fi fi } diff --git a/security/certdata.txt b/security/certdata.txt index d58e9eded..110a81471 100644 --- a/security/certdata.txt +++ b/security/certdata.txt @@ -3645,7 +3645,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\006\040\006\005\026\160\002 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -7252,7 +7252,7 @@ CKA_SERIAL_NUMBER MULTILINE_OCTAL \002\010\136\303\267\246\103\177\244\340 END CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR -CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE @@ -25489,3 +25489,761 @@ CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE +# +# Certificate "TWCA CYBER Root CA" +# +# Issuer: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:3c:f2:c6 +# Subject: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:54:29 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3F:63:BB:28:14:BE:17:4E:C8:B6:43:9C:F0:8D:6D:56:F0:B7:C4:05:88:3A:56:48:A3:34:42:4D:6B:3E:C5:58 +# Fingerprint (SHA1): F6:B1:1C:1A:83:38:E9:7B:DB:B3:A8:C8:33:24:E0:2D:9C:7F:26:66 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA CYBER Root CA" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\074 +\362\306 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\215\060\202\003\165\240\003\002\001\002\002\020\100 +\001\064\214\302\000\000\000\000\000\000\000\001\074\362\306\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\120 +\061\013\060\011\006\003\125\004\006\023\002\124\127\061\022\060 +\020\006\003\125\004\012\023\011\124\101\111\127\101\116\055\103 +\101\061\020\060\016\006\003\125\004\013\023\007\122\157\157\164 +\040\103\101\061\033\060\031\006\003\125\004\003\023\022\124\127 +\103\101\040\103\131\102\105\122\040\122\157\157\164\040\103\101 +\060\036\027\015\062\062\061\061\062\062\060\066\065\064\062\071 +\132\027\015\064\067\061\061\062\062\061\065\065\071\065\071\132 +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101\060\202\002\042\060\015\006\011\052\206\110\206\367\015 +\001\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202 +\002\001\000\306\370\312\036\331\011\040\176\035\154\116\316\217 +\343\107\063\104\234\307\311\151\252\072\133\170\356\160\322\222 +\370\004\263\122\122\035\147\162\050\241\337\213\135\225\012\376 +\352\315\355\367\051\316\360\157\177\254\315\075\357\263\034\105 +\152\367\050\220\361\141\127\305\014\304\243\120\135\336\324\265 +\313\031\312\200\271\165\316\051\316\322\205\042\354\002\143\314 +\104\060\040\332\352\221\133\126\346\035\034\325\235\146\307\077 +\337\206\312\113\123\304\331\215\262\035\352\370\334\047\123\243 +\107\341\141\314\175\265\260\370\356\163\221\305\316\163\157\316 +\356\020\037\032\006\317\351\047\140\305\117\031\344\353\316\042 +\046\105\327\140\231\335\316\117\067\340\177\347\143\255\260\270 +\131\270\320\006\150\065\140\323\066\256\161\103\004\361\151\145 +\170\174\363\037\363\312\050\237\132\040\225\146\264\315\267\356 +\217\170\244\105\030\351\046\057\215\233\051\050\261\244\267\072 +\155\271\324\034\070\162\105\130\261\136\353\360\050\233\267\202 +\312\375\317\326\063\017\237\373\227\236\261\034\234\236\352\137 +\136\333\252\335\124\351\060\041\050\155\216\171\363\165\222\214 +\046\376\334\305\366\303\260\337\104\131\103\243\266\003\050\366 +\010\060\252\015\063\341\357\234\251\007\042\343\131\133\100\217 +\332\210\267\151\010\250\267\043\056\104\011\131\067\133\307\343 +\027\362\042\353\156\071\122\305\336\124\247\230\311\113\040\225 +\334\106\211\137\264\022\371\205\051\216\353\310\047\025\040\300 +\113\324\314\174\014\154\064\014\046\233\046\061\246\074\247\366 +\331\320\113\242\144\377\073\231\101\162\301\340\160\227\361\044 +\273\053\304\164\042\261\254\153\042\062\044\323\170\052\300\300 +\241\057\361\122\005\311\077\357\166\146\342\105\330\015\075\255 +\225\310\307\211\046\310\017\256\247\003\056\373\301\137\372\040 +\341\160\255\260\145\040\067\063\140\260\325\257\327\014\034\302 +\220\160\327\112\030\274\176\001\260\260\353\025\036\104\006\315 +\244\117\350\014\321\303\040\020\341\124\145\236\266\121\320\032 +\166\153\102\132\130\166\064\352\267\067\031\256\056\165\371\226 +\345\301\131\367\224\127\051\045\215\072\114\253\115\232\101\320 +\137\046\003\002\003\001\000\001\243\143\060\141\060\016\006\003 +\125\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003 +\125\035\023\001\001\377\004\005\060\003\001\001\377\060\037\006 +\003\125\035\043\004\030\060\026\200\024\235\205\141\024\174\301 +\142\157\227\150\344\117\067\100\341\255\340\015\126\067\060\035 +\006\003\125\035\016\004\026\004\024\235\205\141\024\174\301\142 +\157\227\150\344\117\067\100\341\255\340\015\126\067\060\015\006 +\011\052\206\110\206\367\015\001\001\014\005\000\003\202\002\001 +\000\144\217\172\304\142\016\265\210\314\270\307\206\016\241\112 +\026\315\160\013\267\247\205\013\263\166\266\017\247\377\010\213 +\013\045\317\250\324\203\165\052\270\226\210\266\373\337\055\055 +\264\151\123\041\065\127\326\211\115\163\277\151\217\160\243\141 +\314\232\333\036\232\340\040\370\154\273\233\042\235\135\204\061 +\232\054\212\335\152\241\327\050\151\312\376\166\125\172\106\147 +\353\314\103\210\026\242\003\326\271\027\370\031\154\155\043\002 +\177\361\137\320\012\051\043\073\321\252\012\355\251\027\046\124 +\012\115\302\245\115\370\305\375\270\201\317\053\054\170\243\147 +\114\251\007\232\363\337\136\373\174\365\211\315\164\227\141\020 +\152\007\053\201\132\322\216\267\347\040\321\040\156\044\250\204 +\047\241\127\254\252\125\130\057\334\331\312\372\150\004\236\355 +\104\044\371\164\100\073\043\063\253\203\132\030\046\102\266\155 +\124\265\026\140\060\154\261\240\370\270\101\240\135\111\111\322 +\145\005\072\352\376\235\141\274\206\331\277\336\323\272\072\261 +\177\176\222\064\216\311\000\156\334\230\275\334\354\200\005\255 +\002\075\337\145\355\013\003\367\367\026\204\004\061\272\223\224 +\330\362\022\370\212\343\277\102\257\247\324\315\021\027\026\310 +\102\035\024\250\102\366\322\100\206\240\117\043\312\226\105\126 +\140\006\315\267\125\001\246\001\224\145\376\156\005\011\272\264 +\244\252\342\357\130\276\275\047\126\330\357\163\161\133\104\063 +\362\232\162\352\260\136\076\156\251\122\133\354\160\155\265\207 +\217\067\136\074\214\234\316\344\360\316\014\147\101\314\316\366 +\200\253\116\314\114\126\365\301\141\131\223\264\076\246\332\270 +\067\022\237\052\062\343\213\270\041\354\303\053\145\014\357\042 +\336\210\051\073\114\327\372\376\267\341\107\276\234\076\076\203 +\373\121\135\365\150\367\056\041\205\334\277\361\132\342\174\327 +\305\344\203\301\152\353\272\200\132\336\134\055\160\166\370\310 +\345\207\207\312\240\235\241\345\042\022\047\017\104\075\035\154 +\352\324\302\213\057\157\171\253\177\120\246\304\031\247\241\172 +\267\226\371\301\037\142\132\242\103\007\100\136\046\306\254\355 +\256\160\026\305\252\312\162\212\115\260\317\001\213\003\077\156 +\327 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "TWCA CYBER Root CA" +# Issuer: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:3c:f2:c6 +# Subject: CN=TWCA CYBER Root CA,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:54:29 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3F:63:BB:28:14:BE:17:4E:C8:B6:43:9C:F0:8D:6D:56:F0:B7:C4:05:88:3A:56:48:A3:34:42:4D:6B:3E:C5:58 +# Fingerprint (SHA1): F6:B1:1C:1A:83:38:E9:7B:DB:B3:A8:C8:33:24:E0:2D:9C:7F:26:66 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA CYBER Root CA" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\366\261\034\032\203\070\351\173\333\263\250\310\063\044\340\055 +\234\177\046\146 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\013\063\240\227\122\225\324\251\375\273\333\156\243\125\133\121 +END +CKA_ISSUER MULTILINE_OCTAL +\060\120\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\033\060\031\006\003\125\004\003\023\022 +\124\127\103\101\040\103\131\102\105\122\040\122\157\157\164\040 +\103\101 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\074 +\362\306 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "TWCA Global Root CA G2" +# +# Issuer: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:97:58:f4 +# Subject: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:42:21 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3A:00:72:D4:9F:FC:04:E9:96:C5:9A:EB:75:99:1D:3C:34:0F:36:15:D6:FD:4D:CE:90:AC:0B:3D:88:EA:D4:F4 +# Fingerprint (SHA1): 73:FE:92:2F:83:63:91:FF:C8:C6:C4:DA:D6:20:2F:6B:07:2E:7F:1B +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA Global Root CA G2" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\124\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\037\060\035\006\003\125\004\003\023\026 +\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 +\040\103\101\040\107\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\124\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\037\060\035\006\003\125\004\003\023\026 +\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 +\040\103\101\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\227 +\130\364 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\225\060\202\003\175\240\003\002\001\002\002\020\100 +\001\064\214\302\000\000\000\000\000\000\000\001\227\130\364\060 +\015\006\011\052\206\110\206\367\015\001\001\014\005\000\060\124 +\061\013\060\011\006\003\125\004\006\023\002\124\127\061\022\060 +\020\006\003\125\004\012\023\011\124\101\111\127\101\116\055\103 +\101\061\020\060\016\006\003\125\004\013\023\007\122\157\157\164 +\040\103\101\061\037\060\035\006\003\125\004\003\023\026\124\127 +\103\101\040\107\154\157\142\141\154\040\122\157\157\164\040\103 +\101\040\107\062\060\036\027\015\062\062\061\061\062\062\060\066 +\064\062\062\061\132\027\015\064\067\061\061\062\062\061\065\065 +\071\065\071\132\060\124\061\013\060\011\006\003\125\004\006\023 +\002\124\127\061\022\060\020\006\003\125\004\012\023\011\124\101 +\111\127\101\116\055\103\101\061\020\060\016\006\003\125\004\013 +\023\007\122\157\157\164\040\103\101\061\037\060\035\006\003\125 +\004\003\023\026\124\127\103\101\040\107\154\157\142\141\154\040 +\122\157\157\164\040\103\101\040\107\062\060\202\002\042\060\015 +\006\011\052\206\110\206\367\015\001\001\001\005\000\003\202\002 +\017\000\060\202\002\012\002\202\002\001\000\252\016\325\040\222 +\001\255\202\371\014\010\221\064\153\212\026\320\106\026\377\003 +\270\330\215\352\223\064\373\377\053\275\375\156\252\334\233\362 +\206\201\125\365\211\034\304\215\165\152\130\170\221\023\036\002 +\023\160\075\357\276\012\347\000\217\270\061\345\164\305\060\276 +\377\175\326\231\345\302\102\243\317\041\326\263\010\177\221\325 +\141\346\242\225\020\015\357\136\227\013\111\070\325\042\260\327 +\213\131\157\237\065\233\177\322\221\314\172\177\273\240\237\336 +\125\063\366\113\215\012\352\175\011\300\171\334\275\104\342\376 +\034\347\144\041\050\317\004\112\342\264\277\206\171\052\273\016 +\223\311\217\136\254\060\071\122\220\007\271\352\234\046\102\024 +\304\147\106\376\321\032\150\241\076\120\031\243\046\012\047\051 +\220\302\366\264\353\163\232\170\036\341\230\364\145\014\065\041 +\006\370\013\336\142\345\115\301\263\135\331\271\372\141\227\052 +\343\352\307\104\125\044\222\376\022\247\077\304\167\340\055\002 +\201\007\325\373\175\346\020\236\072\264\250\357\354\373\120\352 +\065\317\314\176\273\102\271\104\154\122\351\277\052\162\037\077 +\336\233\160\351\334\132\305\073\273\277\360\131\205\257\057\301 +\260\024\171\005\254\165\237\045\365\021\047\006\140\041\307\155 +\145\276\250\211\234\345\254\106\337\370\135\104\003\215\140\275 +\367\261\015\314\057\357\101\124\057\356\153\225\271\116\174\064 +\337\073\371\167\235\175\315\007\075\034\006\063\022\200\354\162 +\234\362\055\202\332\325\073\304\307\371\004\303\144\002\174\365 +\065\140\247\264\106\051\056\033\357\245\130\200\056\172\211\121 +\070\066\074\375\241\167\270\200\060\320\212\336\215\247\064\046 +\354\043\273\030\125\030\066\105\356\355\001\006\252\115\277\144 +\014\312\230\227\032\061\002\146\370\170\150\133\210\337\011\250 +\347\233\372\064\155\160\034\041\255\010\213\362\241\266\254\166 +\152\277\361\200\045\000\276\074\036\115\256\271\074\266\225\143 +\275\153\176\107\022\220\125\105\021\215\354\027\037\301\276\047 +\201\223\127\143\151\000\046\167\213\303\131\345\173\321\015\104 +\362\250\360\367\205\232\005\367\302\056\160\232\223\205\330\225 +\220\061\220\124\246\354\013\237\067\105\017\002\003\001\000\001 +\243\143\060\141\060\016\006\003\125\035\017\001\001\377\004\004 +\003\002\001\006\060\017\006\003\125\035\023\001\001\377\004\005 +\060\003\001\001\377\060\037\006\003\125\035\043\004\030\060\026 +\200\024\222\214\324\066\321\133\107\123\304\161\015\204\335\144 +\052\365\066\144\100\347\060\035\006\003\125\035\016\004\026\004 +\024\222\214\324\066\321\133\107\123\304\161\015\204\335\144\052 +\365\066\144\100\347\060\015\006\011\052\206\110\206\367\015\001 +\001\014\005\000\003\202\002\001\000\045\374\113\332\220\264\332 +\165\347\101\072\201\321\246\376\240\152\363\030\161\142\152\044 +\010\213\251\172\115\311\125\316\317\020\050\056\004\031\226\005 +\317\135\002\040\052\073\263\125\077\001\315\102\315\262\167\355 +\377\165\363\174\167\333\226\245\317\214\147\006\364\244\233\162 +\366\041\111\011\230\243\062\136\167\132\143\011\357\142\103\227 +\002\070\265\352\074\030\120\150\374\131\133\331\171\324\361\344 +\126\110\023\126\330\323\161\013\136\170\224\070\021\105\372\005 +\027\365\016\165\036\142\122\141\106\272\056\031\255\206\264\210 +\017\261\120\346\100\000\064\032\225\235\223\340\121\371\324\125 +\106\351\225\074\045\206\056\227\327\001\061\030\104\354\034\140 +\351\175\151\257\062\370\227\100\045\044\266\215\032\125\074\305 +\267\367\274\006\122\073\161\060\160\076\161\027\176\361\146\004 +\136\135\274\212\061\103\246\222\035\173\124\322\245\066\213\157 +\215\326\136\332\324\303\056\035\337\071\125\140\202\060\236\047 +\377\216\200\335\143\114\246\125\065\330\320\063\251\200\155\076 +\136\235\314\250\147\200\146\372\231\127\014\122\312\031\165\260 +\070\065\125\052\201\305\214\036\126\327\137\220\362\040\330\332 +\340\146\161\351\262\170\253\147\271\044\156\153\066\162\374\157 +\215\375\177\162\071\050\147\122\221\005\037\127\145\322\243\247 +\015\141\372\241\347\325\065\106\225\311\006\207\366\060\354\062 +\121\251\254\126\300\041\116\243\024\164\005\072\274\343\277\155 +\075\116\077\136\245\244\155\051\277\204\121\165\123\216\206\032 +\365\121\160\052\015\034\116\100\341\375\243\343\245\053\147\220 +\222\307\154\256\205\277\072\233\027\025\312\234\052\223\324\115 +\071\015\274\040\010\243\215\210\154\011\015\214\256\104\041\115 +\311\161\354\330\046\327\027\236\055\021\030\074\243\042\175\270 +\047\124\277\150\310\073\102\314\217\136\116\347\334\302\305\372 +\152\104\017\215\126\210\172\337\211\204\154\240\263\076\075\361 +\145\000\011\210\352\052\353\100\316\263\135\254\062\027\256\301 +\233\351\320\301\365\111\224\335\247\316\174\132\007\353\256\040 +\234\027\060\222\151\223\162\363\232\133\161\233\376\152\337\172 +\060\151\216\263\056\333\017\054\335 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "TWCA Global Root CA G2" +# Issuer: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Serial Number:40:01:34:8c:c2:00:00:00:00:00:00:00:01:97:58:f4 +# Subject: CN=TWCA Global Root CA G2,OU=Root CA,O=TAIWAN-CA,C=TW +# Not Valid Before: Tue Nov 22 06:42:21 2022 +# Not Valid After : Fri Nov 22 15:59:59 2047 +# Fingerprint (SHA-256): 3A:00:72:D4:9F:FC:04:E9:96:C5:9A:EB:75:99:1D:3C:34:0F:36:15:D6:FD:4D:CE:90:AC:0B:3D:88:EA:D4:F4 +# Fingerprint (SHA1): 73:FE:92:2F:83:63:91:FF:C8:C6:C4:DA:D6:20:2F:6B:07:2E:7F:1B +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "TWCA Global Root CA G2" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\163\376\222\057\203\143\221\377\310\306\304\332\326\040\057\153 +\007\056\177\033 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\023\215\135\372\031\265\346\253\144\173\020\164\160\032\043\056 +END +CKA_ISSUER MULTILINE_OCTAL +\060\124\061\013\060\011\006\003\125\004\006\023\002\124\127\061 +\022\060\020\006\003\125\004\012\023\011\124\101\111\127\101\116 +\055\103\101\061\020\060\016\006\003\125\004\013\023\007\122\157 +\157\164\040\103\101\061\037\060\035\006\003\125\004\003\023\026 +\124\127\103\101\040\107\154\157\142\141\154\040\122\157\157\164 +\040\103\101\040\107\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\020\100\001\064\214\302\000\000\000\000\000\000\000\001\227 +\130\364 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SecureSign Root CA12" +# +# Issuer: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:66:f9:c7:c1:af:ec:c2:51:b4:ed:53:97:e6:e6:82:c3:2b:1c:90:16 +# Subject: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 05:36:46 2020 +# Not Valid After : Sun Apr 08 05:36:46 2040 +# Fingerprint (SHA-256): 3F:03:4B:B5:70:4D:44:B2:D0:85:45:A0:20:57:DE:93:EB:F3:90:5F:CE:72:1A:CB:C7:30:C0:6D:DA:EE:90:4E +# Fingerprint (SHA1): 7A:22:1E:3D:DE:1B:06:AC:9E:C8:47:70:16:8E:3C:E5:F7:6B:06:F4 +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA12" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\062 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\146\371\307\301\257\354\302\121\264\355\123\227\346\346 +\202\303\053\034\220\026 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\003\162\060\202\002\132\240\003\002\001\002\002\024\146 +\371\307\301\257\354\302\121\264\355\123\227\346\346\202\303\053 +\034\220\026\060\015\006\011\052\206\110\206\367\015\001\001\013 +\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\112 +\120\061\043\060\041\006\003\125\004\012\023\032\103\171\142\145 +\162\164\162\165\163\164\040\112\141\160\141\156\040\103\157\056 +\054\040\114\164\144\056\061\035\060\033\006\003\125\004\003\023 +\024\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164 +\040\103\101\061\062\060\036\027\015\062\060\060\064\060\070\060 +\065\063\066\064\066\132\027\015\064\060\060\064\060\070\060\065 +\063\066\064\066\132\060\121\061\013\060\011\006\003\125\004\006 +\023\002\112\120\061\043\060\041\006\003\125\004\012\023\032\103 +\171\142\145\162\164\162\165\163\164\040\112\141\160\141\156\040 +\103\157\056\054\040\114\164\144\056\061\035\060\033\006\003\125 +\004\003\023\024\123\145\143\165\162\145\123\151\147\156\040\122 +\157\157\164\040\103\101\061\062\060\202\001\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\001\017\000 +\060\202\001\012\002\202\001\001\000\272\071\301\067\172\150\105 +\053\024\264\353\344\023\353\127\165\043\115\217\044\055\026\350 +\256\216\311\175\244\127\073\052\166\045\063\203\154\352\062\212 +\224\233\116\074\226\344\375\121\277\231\311\223\176\277\371\255 +\247\262\110\053\007\034\047\365\114\274\160\022\167\244\205\124 +\265\375\220\172\344\243\344\121\130\003\315\020\171\171\356\153 +\223\037\144\216\153\144\253\243\023\343\161\376\175\253\234\335 +\047\123\067\263\252\030\302\131\046\354\133\037\322\346\145\174 +\357\223\275\330\130\134\013\300\343\145\157\074\307\312\131\343 +\376\156\137\254\203\276\375\135\045\116\052\051\073\326\013\253 +\027\062\170\244\341\076\224\106\276\142\156\233\336\106\250\261 +\026\347\205\156\364\010\100\105\021\240\236\124\104\204\367\330 +\066\316\365\120\107\334\054\060\233\356\300\365\226\322\376\011 +\206\307\006\131\256\117\256\216\021\230\173\363\013\122\252\142 +\046\252\041\337\216\045\063\171\227\026\111\215\365\076\325\107 +\237\067\061\111\063\162\005\115\014\266\125\214\361\127\217\212 +\207\321\255\305\021\022\071\240\255\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\127\064 +\363\164\317\004\113\325\045\346\361\100\266\054\114\331\055\351 +\240\255\060\015\006\011\052\206\110\206\367\015\001\001\013\005 +\000\003\202\001\001\000\076\273\333\027\026\322\362\024\001\040 +\054\070\203\113\255\276\312\205\172\232\266\233\153\246\341\374 +\245\072\254\255\264\050\072\257\327\001\203\111\053\143\242\335 +\232\144\016\230\134\157\335\216\273\212\124\042\055\112\023\363 +\256\100\103\333\117\221\267\206\032\354\000\264\101\201\244\117 +\372\152\213\210\263\166\010\162\052\111\100\303\323\303\205\211 +\230\020\245\235\157\031\267\273\317\172\145\125\333\067\353\074 +\212\162\062\227\036\232\051\076\255\215\346\243\033\155\365\165 +\032\346\260\150\271\133\242\356\151\107\047\065\241\206\231\200 +\363\063\113\341\153\244\046\303\357\164\131\154\172\242\144\266 +\036\104\303\120\340\017\071\075\251\063\361\245\363\322\275\142 +\204\254\216\034\251\315\132\275\067\073\156\012\042\264\364\025 +\347\221\130\305\072\104\323\225\050\331\300\145\351\162\312\320 +\017\275\037\263\025\331\251\343\244\107\011\236\340\313\067\373 +\375\275\227\325\276\030\032\151\242\071\201\331\032\365\253\177 +\310\343\342\147\013\235\364\014\352\124\337\322\262\257\261\042 +\361\040\337\274\104\034 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SecureSign Root CA12" +# Issuer: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:66:f9:c7:c1:af:ec:c2:51:b4:ed:53:97:e6:e6:82:c3:2b:1c:90:16 +# Subject: CN=SecureSign Root CA12,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 05:36:46 2020 +# Not Valid After : Sun Apr 08 05:36:46 2040 +# Fingerprint (SHA-256): 3F:03:4B:B5:70:4D:44:B2:D0:85:45:A0:20:57:DE:93:EB:F3:90:5F:CE:72:1A:CB:C7:30:C0:6D:DA:EE:90:4E +# Fingerprint (SHA1): 7A:22:1E:3D:DE:1B:06:AC:9E:C8:47:70:16:8E:3C:E5:F7:6B:06:F4 +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA12" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\172\042\036\075\336\033\006\254\236\310\107\160\026\216\074\345 +\367\153\006\364 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\306\211\312\144\102\233\142\010\111\013\036\177\351\007\075\350 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\062 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\146\371\307\301\257\354\302\121\264\355\123\227\346\346 +\202\303\053\034\220\026 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SecureSign Root CA14" +# +# Issuer: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:64:db:5a:0c:20:4e:e8:d7:29:77:c8:50:27:a2:5a:27:dd:2d:f2:cb +# Subject: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 07:06:19 2020 +# Not Valid After : Sat Apr 08 07:06:19 2045 +# Fingerprint (SHA-256): 4B:00:9C:10:34:49:4F:9A:B5:6B:BA:3B:A1:D6:27:31:FC:4D:20:D8:95:5A:DC:EC:10:A9:25:60:72:61:E3:38 +# Fingerprint (SHA1): DD:50:C0:F7:79:B3:64:2E:74:A2:B8:9D:9F:D3:40:DD:BB:F0:F2:4F +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA14" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\064 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\144\333\132\014\040\116\350\327\051\167\310\120\047\242 +\132\047\335\055\362\313 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\005\162\060\202\003\132\240\003\002\001\002\002\024\144 +\333\132\014\040\116\350\327\051\167\310\120\047\242\132\047\335 +\055\362\313\060\015\006\011\052\206\110\206\367\015\001\001\014 +\005\000\060\121\061\013\060\011\006\003\125\004\006\023\002\112 +\120\061\043\060\041\006\003\125\004\012\023\032\103\171\142\145 +\162\164\162\165\163\164\040\112\141\160\141\156\040\103\157\056 +\054\040\114\164\144\056\061\035\060\033\006\003\125\004\003\023 +\024\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164 +\040\103\101\061\064\060\036\027\015\062\060\060\064\060\070\060 +\067\060\066\061\071\132\027\015\064\065\060\064\060\070\060\067 +\060\066\061\071\132\060\121\061\013\060\011\006\003\125\004\006 +\023\002\112\120\061\043\060\041\006\003\125\004\012\023\032\103 +\171\142\145\162\164\162\165\163\164\040\112\141\160\141\156\040 +\103\157\056\054\040\114\164\144\056\061\035\060\033\006\003\125 +\004\003\023\024\123\145\143\165\162\145\123\151\147\156\040\122 +\157\157\164\040\103\101\061\064\060\202\002\042\060\015\006\011 +\052\206\110\206\367\015\001\001\001\005\000\003\202\002\017\000 +\060\202\002\012\002\202\002\001\000\305\322\172\241\326\212\277 +\026\061\320\230\321\072\224\374\132\270\156\042\301\142\367\247 +\012\047\357\120\366\056\261\236\150\022\360\154\044\143\071\361 +\360\337\020\306\336\267\122\040\325\122\133\102\231\236\363\240 +\276\122\037\137\314\147\155\247\056\120\242\301\227\215\266\370 +\225\365\260\272\334\235\340\276\313\337\367\070\362\107\365\246 +\232\222\225\052\142\131\120\013\242\261\065\347\145\262\141\262 +\352\222\161\151\344\051\360\117\201\201\004\074\262\245\133\324 +\305\250\131\147\173\125\034\111\253\172\235\302\347\163\115\357 +\315\011\302\304\127\022\333\001\016\043\171\011\007\073\242\350 +\374\212\317\217\300\106\044\234\070\047\340\203\235\033\240\277 +\170\025\020\353\206\116\012\132\375\337\332\054\202\176\356\312 +\366\051\341\372\161\241\367\210\150\234\234\360\215\276\017\111 +\221\330\352\072\371\375\320\150\161\333\351\265\053\116\202\222 +\157\146\037\340\360\334\114\354\312\321\352\272\164\006\371\263 +\204\220\224\321\137\216\163\031\020\135\002\345\160\245\300\020 +\320\020\174\157\305\130\111\264\260\156\232\332\175\225\365\314 +\332\002\257\270\054\175\171\217\276\103\361\371\050\050\215\011 +\103\370\010\335\153\310\213\054\044\261\215\122\007\275\170\233 +\313\312\150\262\244\335\014\114\171\140\306\231\321\223\361\060 +\032\007\323\256\042\302\352\316\361\204\011\314\340\024\156\177 +\077\176\322\202\205\254\334\251\026\116\205\240\140\313\366\234 +\327\310\263\216\355\306\233\230\165\015\125\350\137\345\225\213 +\002\244\256\103\051\050\021\244\346\022\060\001\113\165\153\036 +\146\235\171\057\245\166\057\035\100\264\155\311\175\171\010\354 +\321\152\266\135\052\262\245\146\275\153\205\364\164\126\303\365 +\347\165\122\050\054\245\377\146\107\245\324\376\376\236\124\277 +\145\176\001\326\060\217\245\066\234\242\120\034\356\070\200\001 +\110\306\307\164\364\306\254\303\100\111\026\141\164\054\257\214 +\157\065\355\173\030\000\133\066\074\234\120\015\312\222\063\020 +\361\046\111\155\337\165\044\067\202\042\327\350\226\375\025\113 +\002\226\076\007\162\225\176\253\075\114\056\327\312\360\337\340 +\130\077\055\057\004\232\070\243\001\002\003\001\000\001\243\102 +\060\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003 +\001\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003 +\002\001\006\060\035\006\003\125\035\016\004\026\004\024\006\223 +\243\012\136\050\151\067\252\141\035\353\353\374\055\157\043\344 +\363\240\060\015\006\011\052\206\110\206\367\015\001\001\014\005 +\000\003\202\002\001\000\226\200\162\011\006\176\234\314\223\004 +\026\273\240\072\215\222\116\267\021\032\012\161\161\020\315\004 +\255\177\245\105\120\020\146\116\112\101\242\003\331\021\117\172 +\067\271\113\342\306\217\062\146\165\045\373\353\316\077\003\051 +\046\215\270\026\035\366\037\063\156\110\346\350\370\127\262\033 +\171\337\073\207\012\342\144\272\000\312\154\357\176\320\043\353 +\170\217\377\144\233\064\067\237\065\145\242\244\000\075\022\043 +\226\130\135\312\143\207\306\243\007\210\115\347\151\166\212\123 +\315\361\117\354\102\362\223\343\231\244\067\074\207\270\142\333 +\360\354\037\067\077\067\137\103\314\121\235\265\360\227\302\267 +\205\152\150\013\104\036\345\121\356\223\316\113\156\206\301\322 +\014\044\131\066\032\237\054\221\217\343\030\333\224\225\012\355 +\221\252\016\231\334\226\123\343\141\203\306\026\272\043\272\334 +\335\176\032\306\173\102\266\331\132\005\334\232\137\325\337\270 +\332\107\175\332\070\333\254\071\325\036\153\154\052\027\214\141 +\315\261\155\162\001\303\303\040\000\142\150\026\061\325\166\252 +\206\273\016\252\236\306\371\360\331\370\015\041\002\344\305\050 +\026\131\021\271\331\151\163\052\222\170\270\222\127\233\010\362 +\072\345\057\225\260\130\267\153\040\024\155\024\357\012\274\176 +\330\125\330\210\332\057\372\031\245\373\213\340\177\071\365\162 +\053\205\304\054\254\357\031\105\222\114\263\141\007\334\115\037 +\156\322\201\023\134\232\363\022\147\203\317\233\077\213\237\235 +\244\271\250\226\003\172\305\356\040\336\063\332\057\236\032\172 +\164\036\341\356\314\132\072\004\335\263\032\004\250\024\143\254 +\267\107\022\203\232\154\365\346\351\025\025\221\032\204\031\016 +\224\104\347\022\216\045\133\200\147\031\334\143\223\020\013\145 +\056\212\372\011\232\116\332\206\050\175\252\141\065\330\016\247 +\050\032\273\122\340\170\370\154\272\154\260\156\271\207\136\351 +\231\065\067\361\075\144\053\251\240\064\223\317\143\057\325\201 +\337\256\143\047\245\036\116\215\334\051\170\131\370\371\241\040 +\214\247\046\100\156\202\162\315\170\262\310\217\074\036\163\347 +\301\037\277\317\316\245\052\233\333\104\144\062\240\273\177\134 +\045\023\110\265\177\222 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SecureSign Root CA14" +# Issuer: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:64:db:5a:0c:20:4e:e8:d7:29:77:c8:50:27:a2:5a:27:dd:2d:f2:cb +# Subject: CN=SecureSign Root CA14,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 07:06:19 2020 +# Not Valid After : Sat Apr 08 07:06:19 2045 +# Fingerprint (SHA-256): 4B:00:9C:10:34:49:4F:9A:B5:6B:BA:3B:A1:D6:27:31:FC:4D:20:D8:95:5A:DC:EC:10:A9:25:60:72:61:E3:38 +# Fingerprint (SHA1): DD:50:C0:F7:79:B3:64:2E:74:A2:B8:9D:9F:D3:40:DD:BB:F0:F2:4F +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA14" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\335\120\300\367\171\263\144\056\164\242\270\235\237\323\100\335 +\273\360\362\117 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\161\015\162\372\222\031\145\136\211\004\254\026\063\360\274\325 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\064 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\144\333\132\014\040\116\350\327\051\167\310\120\047\242 +\132\047\335\055\362\313 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE + +# +# Certificate "SecureSign Root CA15" +# +# Issuer: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:16:15:c7:c3:d8:49:a7:be:69:0c:8a:88:ed:f0:70:f9:dd:b7:3e:87 +# Subject: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 08:32:56 2020 +# Not Valid After : Sat Apr 08 08:32:56 2045 +# Fingerprint (SHA-256): E7:78:F0:F0:95:FE:84:37:29:CD:1A:00:82:17:9E:53:14:A9:C2:91:44:28:05:E1:FB:1D:8F:B6:B8:88:6C:3A +# Fingerprint (SHA1): CB:BA:83:C8:C1:5A:5D:F1:F9:73:6F:CA:D7:EF:28:13:06:4A:07:7D +CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA15" +CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509 +CKA_SUBJECT MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\065 +END +CKA_ID UTF8 "0" +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\026\025\307\303\330\111\247\276\151\014\212\210\355\360 +\160\371\335\267\076\207 +END +CKA_VALUE MULTILINE_OCTAL +\060\202\002\043\060\202\001\251\240\003\002\001\002\002\024\026 +\025\307\303\330\111\247\276\151\014\212\210\355\360\160\371\335 +\267\076\207\060\012\006\010\052\206\110\316\075\004\003\003\060 +\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061\043 +\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164\162 +\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040\114 +\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123\145 +\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103\101 +\061\065\060\036\027\015\062\060\060\064\060\070\060\070\063\062 +\065\066\132\027\015\064\065\060\064\060\070\060\070\063\062\065 +\066\132\060\121\061\013\060\011\006\003\125\004\006\023\002\112 +\120\061\043\060\041\006\003\125\004\012\023\032\103\171\142\145 +\162\164\162\165\163\164\040\112\141\160\141\156\040\103\157\056 +\054\040\114\164\144\056\061\035\060\033\006\003\125\004\003\023 +\024\123\145\143\165\162\145\123\151\147\156\040\122\157\157\164 +\040\103\101\061\065\060\166\060\020\006\007\052\206\110\316\075 +\002\001\006\005\053\201\004\000\042\003\142\000\004\013\120\164 +\215\144\062\231\231\263\322\140\010\270\042\216\106\164\054\170 +\300\053\104\055\155\137\035\311\256\113\122\040\203\075\270\024 +\155\123\207\140\236\137\154\205\333\006\024\225\340\307\050\377 +\235\137\344\252\361\263\213\155\355\117\057\113\311\112\224\221 +\144\165\376\001\354\301\330\353\172\224\170\126\030\103\137\153 +\201\313\366\274\332\264\014\266\051\223\010\151\217\243\102\060 +\100\060\017\006\003\125\035\023\001\001\377\004\005\060\003\001 +\001\377\060\016\006\003\125\035\017\001\001\377\004\004\003\002 +\001\006\060\035\006\003\125\035\016\004\026\004\024\353\101\310 +\256\374\325\236\121\110\365\275\213\364\207\040\223\101\053\323 +\364\060\012\006\010\052\206\110\316\075\004\003\003\003\150\000 +\060\145\002\061\000\331\056\211\176\136\116\244\021\007\275\131 +\302\007\336\253\062\070\123\052\106\104\006\027\172\316\121\351 +\340\377\146\055\011\116\340\117\364\005\321\205\366\065\140\334 +\365\162\263\106\175\002\060\104\230\106\032\202\205\036\141\151 +\211\113\007\113\146\265\236\252\272\240\036\101\331\001\164\072 +\156\105\072\211\200\031\173\062\230\125\143\253\353\143\156\223 +\155\253\033\011\140\061\116 +END +CKA_NSS_MOZILLA_CA_POLICY CK_BBOOL CK_TRUE +CKA_NSS_SERVER_DISTRUST_AFTER CK_BBOOL CK_FALSE +CKA_NSS_EMAIL_DISTRUST_AFTER CK_BBOOL CK_FALSE + +# Trust for "SecureSign Root CA15" +# Issuer: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Serial Number:16:15:c7:c3:d8:49:a7:be:69:0c:8a:88:ed:f0:70:f9:dd:b7:3e:87 +# Subject: CN=SecureSign Root CA15,O="Cybertrust Japan Co., Ltd.",C=JP +# Not Valid Before: Wed Apr 08 08:32:56 2020 +# Not Valid After : Sat Apr 08 08:32:56 2045 +# Fingerprint (SHA-256): E7:78:F0:F0:95:FE:84:37:29:CD:1A:00:82:17:9E:53:14:A9:C2:91:44:28:05:E1:FB:1D:8F:B6:B8:88:6C:3A +# Fingerprint (SHA1): CB:BA:83:C8:C1:5A:5D:F1:F9:73:6F:CA:D7:EF:28:13:06:4A:07:7D +CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST +CKA_TOKEN CK_BBOOL CK_TRUE +CKA_PRIVATE CK_BBOOL CK_FALSE +CKA_MODIFIABLE CK_BBOOL CK_FALSE +CKA_LABEL UTF8 "SecureSign Root CA15" +CKA_CERT_SHA1_HASH MULTILINE_OCTAL +\313\272\203\310\301\132\135\361\371\163\157\312\327\357\050\023 +\006\112\007\175 +END +CKA_CERT_MD5_HASH MULTILINE_OCTAL +\023\060\374\304\142\246\251\336\265\301\150\257\265\322\061\107 +END +CKA_ISSUER MULTILINE_OCTAL +\060\121\061\013\060\011\006\003\125\004\006\023\002\112\120\061 +\043\060\041\006\003\125\004\012\023\032\103\171\142\145\162\164 +\162\165\163\164\040\112\141\160\141\156\040\103\157\056\054\040 +\114\164\144\056\061\035\060\033\006\003\125\004\003\023\024\123 +\145\143\165\162\145\123\151\147\156\040\122\157\157\164\040\103 +\101\061\065 +END +CKA_SERIAL_NUMBER MULTILINE_OCTAL +\002\024\026\025\307\303\330\111\247\276\151\014\212\210\355\360 +\160\371\335\267\076\207 +END +CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR +CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST +CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE diff --git a/test/functional/buildAndPackage/src/net/adoptium/test/VerifyCACertsTest.java b/test/functional/buildAndPackage/src/net/adoptium/test/VerifyCACertsTest.java index 1fc39e44d..1c4d3a19a 100644 --- a/test/functional/buildAndPackage/src/net/adoptium/test/VerifyCACertsTest.java +++ b/test/functional/buildAndPackage/src/net/adoptium/test/VerifyCACertsTest.java @@ -40,7 +40,7 @@ public class VerifyCACertsTest { private static final JdkVersion JDK_VERSION = new JdkVersion(); // Expect matching certs number - private static final int EXPECTED_COUNT = 148; + private static final int EXPECTED_COUNT = 152; /* TODO: add up to 141 certs private static final Map EXPFP_MAP = new HashMap<>() { diff --git a/test/system/reproducibleCompare/build.xml b/test/system/reproducibleCompare/build.xml index 015fbacad..75db0f1d9 100644 --- a/test/system/reproducibleCompare/build.xml +++ b/test/system/reproducibleCompare/build.xml @@ -65,6 +65,7 @@ + diff --git a/test/system/reproducibleCompare/playlist.xml b/test/system/reproducibleCompare/playlist.xml index c3c61ba26..9fd60ce40 100644 --- a/test/system/reproducibleCompare/playlist.xml +++ b/test/system/reproducibleCompare/playlist.xml @@ -60,4 +60,25 @@ os.win + + Rebuild_Same_JDK_Reproducibility_Test_Mac + unset SPEC;\ + ls -l $(TEST_ROOT)$(D)system$(D)reproducibleCompare$(D);\ + $(TEST_ROOT)$(D)system$(D)reproducibleCompare$(D)macos_repro_build_compare.sh $(SBOM_FILE) $(JDK_FILE) $(REPORTDIR); \ + $(TEST_STATUS) + + + dev + + + system + + + eclipse + + + 21+ + + os.osx,arch.aarch64 + \ No newline at end of file diff --git a/test/system/reproducibleCompare/reproducible.mk b/test/system/reproducibleCompare/reproducible.mk index 34b3b0342..e6fbfb2a1 100644 --- a/test/system/reproducibleCompare/reproducible.mk +++ b/test/system/reproducibleCompare/reproducible.mk @@ -16,6 +16,7 @@ ifndef SBOM_FILE SBOM_FILE := $(TEST_ROOT)/../jdkbinary/$(SBOM_FILE) endif ifndef JDK_FILE + JDK_FILE := $(shell find $(TEST_ROOT)/../jdkbinary/ -type f -name '*-jdk_*.tar.gz') ifneq (,$(findstring win,$(SPEC))) JDK_FILE := $(shell find $(TEST_ROOT)/../jdkbinary/ -type f -name '*-jdk_*.zip') endif diff --git a/tooling/reproducible/comparable_patch.sh b/tooling/reproducible/comparable_patch.sh index 8f776f1d3..d04ff8f23 100755 --- a/tooling/reproducible/comparable_patch.sh +++ b/tooling/reproducible/comparable_patch.sh @@ -338,7 +338,8 @@ echo "Successfully removed all Signatures from ${JDK_DIR}" removeExcludedFiles # Needed due to vendor variation in jmod re-packing after signing, putting attributes in different order -processModuleInfo +# Comparable patch, as per read-me, requires java on path +processModuleInfo "${JDK_DIR}" "${OS}" "$(dirname "$(dirname "$(readlink -f "$(which java)")")")" # Patch Windows VS_VERSION_INFO[COMPANY_NAME] if [[ "$OS" =~ CYGWIN* ]] && [[ "$PATCH_VS_VERSION_INFO" = true ]]; then @@ -348,7 +349,7 @@ fi if [[ "$OS" =~ CYGWIN* ]] || [[ "$OS" =~ Darwin* ]]; then # SystemModules$*.class's differ due to hash differences from Windows COMPANY_NAME and Signatures - removeSystemModulesHashBuilderParams + removeSystemModulesHashBuilderParams "${JDK_DIR}" fi if [[ "$OS" =~ CYGWIN* ]]; then diff --git a/tooling/reproducible/macos_repro_build_compare.sh b/tooling/reproducible/macos_repro_build_compare.sh index edf0f7562..4831c76c5 100755 --- a/tooling/reproducible/macos_repro_build_compare.sh +++ b/tooling/reproducible/macos_repro_build_compare.sh @@ -46,16 +46,11 @@ REPORT_DIR="$3" # The Defaults Below Are Suitable For An Adoptium Mac OS X Build Environment # Which Has Been Created Via The Ansible Infrastructure Playbooks -WORK_DIR=~/comp-jdk-build +WORK_DIR=$(realpath "$(dirname "$0")")/comp-jdk-build MAC_COMPILER_BASE=/Applications MAC_COMPILER_APP_PREFIX=Xcode MAC_SDK_LOCATION=/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk -# These 3 variables dictate which parameters passed to makejdk_any_platform.sh are config arguments, build arguments or should be ignored. -CONFIG_ARGS=("--disable-warnings-as-errors" "--openjdk-target" "--with-sysroot" "--with-extra-cxxflags='" "--enable-dtrace" "--with-version-opt") -NOTUSE_ARGS=("--assemble-exploded-image" "--configure-args") -FINAL_ARG=("--build-variant") - # These variables relate to the pre-requisite ant installation ANT_VERSION="1.10.5" ANT_CONTRIB_VERSION="1.0b3" @@ -76,17 +71,6 @@ is_url() { fi } -# Function to check if a value is in the array -containsElement () { - local e - for e in "${@:2}"; do - if [ "$e" == "$1" ]; then - return 0 # Match found - fi - done - return 1 # No match found -} - Create_WorkDir() { # Check if the folder exists & remove if it does echo "Checking If Working Directory: $WORK_DIR Exists" @@ -371,13 +355,13 @@ Check_And_Install_Ant() { echo "Ant Doesnt Exist At The Correct Version - Installing" # Ant Version Not Found... Check And Create Paths echo Downloading ant for SBOM creation: - curl https://archive.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.zip > $WORK_DIR/apache-ant-${ANT_VERSION}-bin.zip - (cd $WORK_DIR && unzip -qn ./apache-ant-${ANT_VERSION}-bin.zip) - rm $WORK_DIR/apache-ant-${ANT_VERSION}-bin.zip + curl https://archive.apache.org/dist/ant/binaries/apache-ant-${ANT_VERSION}-bin.zip > "${WORK_DIR}"/apache-ant-${ANT_VERSION}-bin.zip + (cd "$WORK_DIR" && unzip -qn ./apache-ant-${ANT_VERSION}-bin.zip) + rm "$WORK_DIR"/apache-ant-${ANT_VERSION}-bin.zip echo Downloading ant-contrib-${ANT_CONTRIB_VERSION}: - curl -L https://sourceforge.net/projects/ant-contrib/files/ant-contrib/${ANT_CONTRIB_VERSION}/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip > $WORK_DIR/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip - (unzip -qnj $WORK_DIR/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip ant-contrib/ant-contrib-${ANT_CONTRIB_VERSION}.jar -d $WORK_DIR/apache-ant-${ANT_VERSION}/lib) - rm $WORK_DIR/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip + curl -L https://sourceforge.net/projects/ant-contrib/files/ant-contrib/${ANT_CONTRIB_VERSION}/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip > "$WORK_DIR"/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip + (unzip -qnj "$WORK_DIR"/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip ant-contrib/ant-contrib-${ANT_CONTRIB_VERSION}.jar -d "$WORK_DIR"/apache-ant-${ANT_VERSION}/lib) + rm "$WORK_DIR"/ant-contrib-${ANT_CONTRIB_VERSION}-bin.zip else echo "Ant Version: $ANT_VERSION Is Already Installed" fi @@ -441,118 +425,24 @@ Prepare_Env_For_Build() { echo "Setting Variables" export BOOTJDK_HOME=$WORK_DIR/jdk-${bootJDK}/Contents/Home - echo "Parsing Make JDK Any Platform ARGS For Build" - # Split the string into an array of words - IFS=' ' read -ra words <<< "$buildArgs" - - # Add The Build Time Stamp In Case It Wasnt In The SBOM ARGS - words+=( " --build-reproducible-date \"$buildStamp\"" ) - - # Initialize variables - param="" - value="" - params=() - - # Loop through the words - for word in "${words[@]}"; do - # Check if the word starts with '--' - if [[ $word == --* ]] || [[ $word == -b* ]]; then - # If a parameter already exists, store it in the params array - if [[ -n $param ]]; then - params+=("$param $value") - fi - # Reset variables for the new parameter - param="$word" - value="" - else - value+=" $word" - fi - done - - # Add the last parameter to the array - params+=("$param $value") - - # Loop Through The Parameters And Reformat Appropriately - export fixed_param="" - export fixed_value="" - export fixed_params=() - export new_params="" - CONFIG_ARRAY=() - BUILD_ARRAY=() - FINAL_ARRAY=() - for element in "${params[@]}"; do - IFS=' ' read -ra parts <<< "$element" - prepped_part0=${parts[0]} - prepped_part1=${parts[1]} - prepped_part2=${parts[2]} - - fixed_param="$prepped_part0" - fixed_value="$prepped_part1 $prepped_part2" - - # Handle Special Parameters ( overrides and = seperated ) - if [ "$fixed_param" == "--jdk-boot-dir" ]; then fixed_value=" $BOOTJDK_HOME " ; fi - if [[ "$fixed_param" == "--with-sysroot="* ]]; then - IFS='=' read -r split_param split_value <<< "$fixed_param" - fixed_param="$split_param" - fixed_value="=$MAC_SDK_LOCATION " ; - fi - if [[ "$fixed_param" == "--openjdk-target="* ]]; then - IFS='=' read -r split_param split_value <<< "$fixed_param" - fixed_param="$split_param" - fixed_value="=$split_value " - fi - if [[ "$fixed_param" == "--with-version-opt="* ]]; then - IFS='=' read -r split_param split_value <<< "$fixed_param" - fixed_param="$split_param" - fixed_value="=$split_value" - fi - if [ "$fixed_param" == "--tag" ]; then fixed_param="-b" fixed_value=" $fixed_value" ; fi - if [ "$fixed_param" == "--target-file-name" ]; then - target_file="$(echo -e "${fixed_value}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" - fixed_value=" $fixed_value" - fi - if [ "$fixed_param" == "--freetype-dir" ]; then fixed_value=" $fixed_value" ; fi - if [ "$fixed_param" == "--user-openjdk-build-root-directory" ]; then fixed_value=" $WORK_DIR/temurin-build/workspace/build/openjdkbuild/ " ; fi - if [ "$fixed_param" == "--build-variant" ]; then fixed_value=" $fixed_value " ; fi - if [ "$fixed_param" == "--build-reproducible-date" ]; then fixed_value=" $fixed_value" ; fi - - if containsElement "$fixed_param" "${CONFIG_ARGS[@]}"; then - # Check if fixed_param is in CONFIG_ARGS - STRINGTOADD="$fixed_param$fixed_value" - CONFIG_ARRAY+=("$STRINGTOADD") - elif containsElement "$fixed_param" "${NOTUSE_ARGS[@]}"; then - # Check if fixed_param is in NOTUSE_ARGS - STRINGTOADD="$fixed_param$fixed_value" - IGNORED_ARRAY+=("$STRINGTOADD") - elif containsElement "$fixed_param" "${FINAL_ARG[@]}"; then - # Check if parameter should be at the end, usually just version & variant - STRINGTOADD="$fixed_param$fixed_value" - FINAL_ARRAY+=("$STRINGTOADD") - else - # Neither Config Or Ignore, so Build - STRINGTOADD="$fixed_param$fixed_value" - BUILD_ARRAY+=("$STRINGTOADD") - fi - done - - # Construct Final Parameter String - for element in "${BUILD_ARRAY[@]}"; do - build_string+="$element" - done - - for element in "${CONFIG_ARRAY[@]}"; do - config_string+="$element" - done - - for element in "${FINAL_ARRAY[@]}"; do - final_string+="$element" - done - - final_params="$build_string --configure-args \"$config_string\" $final_string" + # set --build-reproducible-date if not yet + if [[ "${buildArgs}" != *"--build-reproducible-date"* ]]; then + buildArgs="--build-reproducible-date \"${buildStamp}\" ${buildArgs}" + fi + # reset --jdk-boot-dir + # shellcheck disable=SC2001 + buildArgs="$(echo "$buildArgs" | sed -e "s|--jdk-boot-dir [^ ]*|--jdk-boot-dir ${BOOTJDK_HOME}|")" + # shellcheck disable=SC2001 + buildArgs="$(echo "$buildArgs" | sed -e "s|--with-sysroot=[^ ]*|--with-sysroot=${MAC_SDK_LOCATION}|")" + # shellcheck disable=SC2001 + buildArgs="$(echo "$buildArgs" | sed -e "s|--user-openjdk-build-root-directory [^ ]*|--user-openjdk-build-root-directory ${WORK_DIR}/temurin-build/workspace/build/openjdkbuild/|")" + # remove ingored options + buildArgs=${buildArgs/--assemble-exploded-image /} + buildArgs=${buildArgs/--enable-sbom-strace /} -echo "" + echo "" echo "Make JDK Any Platform Argument List = " - echo "$final_params" + echo "$buildArgs" echo "" echo "Parameters Parsed Successfully" } @@ -562,79 +452,57 @@ Build_JDK() { # Trigger Build cd "$WORK_DIR" - echo "cd temurin-build && ./makejdk-any-platform.sh $final_params 2>&1 | tee build.$$.log" | sh + echo "cd temurin-build && ./makejdk-any-platform.sh $buildArgs 2>&1 | tee build.$$.log" | sh # Copy The Built JDK To The Working Directory - cp $WORK_DIR/temurin-build/workspace/target/"$target_file" $WORK_DIR/reproJDK.tar.gz + cp "$WORK_DIR"/temurin-build/workspace/target/OpenJDK*-jdk_*tar.gz "$WORK_DIR"/reproJDK.tar.gz } Compare_JDK() { echo "Comparing JDKs" echo "" mkdir "$WORK_DIR/compare" - cp $WORK_DIR/src_jdk_dist.tar.gz $WORK_DIR/compare - cp $WORK_DIR/reproJDK.tar.gz $WORK_DIR/compare - - - # Check The Comparison Scripts Are Present And Copy To The Working Directory + cp "$WORK_DIR"/src_jdk_dist.tar.gz "$WORK_DIR"/compare + cp "$WORK_DIR"/reproJDK.tar.gz "$WORK_DIR"/compare + cp "$(dirname "$0")"/repro_*.sh "$WORK_DIR"/compare/ - if [ -f ./repro_common.sh ]; then - cp ./repro_common.sh $WORK_DIR/compare/repro_common.sh - else - wget -O "$WORK_DIR/compare/repro_common.sh" "https://raw.githubusercontent.com/adoptium/temurin-build/master/tooling/reproducible/repro_common.sh" - fi - if [ -f ./repro_compare.sh ]; then - cp ./repro_compare.sh $WORK_DIR/compare/repro_compare.sh - else - wget -O "$WORK_DIR/compare/repro_compare.sh" "https://raw.githubusercontent.com/adoptium/temurin-build/master/tooling/reproducible/repro_compare.sh" - fi - if [ -f ./repro_process.sh ]; then - cp ./repro_process.sh $WORK_DIR/compare/repro_process.sh - else - wget -O "$WORK_DIR/compare/repro_process.sh" "https://raw.githubusercontent.com/adoptium/temurin-build/master/tooling/reproducible/repro_process.sh" - fi - # Set Permissions chmod +x "$WORK_DIR/compare/"*sh cd "$WORK_DIR/compare" # Unzip And Rename The Source JDK echo "Unzip Source" - tar xvfz src_jdk_dist.tar.gz + tar xfz src_jdk_dist.tar.gz original_directory_name=$(find . -maxdepth 1 -type d | tail -1) mv "$original_directory_name" src_jdk #Unzip And Rename The Target JDK echo "Unzip Target" - tar xvfz reproJDK.tar.gz + tar xfz reproJDK.tar.gz original_directory_name=$(find . -maxdepth 1 -type d | grep -v src_jdk | tail -1) mv "$original_directory_name" tar_jdk # Ensure Java Home Is Set export JAVA_HOME=$BOOTJDK_HOME export PATH=$JAVA_HOME/bin:$PATH - echo "cd $WORK_DIR/compare && ./repro_compare.sh temurin src_jdk/Contents/Home temurin tar_jdk/Contents/Home Darwin 2>&1" | sh & - wait - rc=$? - set -e + rc=0 + ./repro_compare.sh temurin src_jdk/Contents/Home temurin tar_jdk/Contents/Home Darwin 2>&1 || rc=$? cd "$WORK_DIR" - # Display The Content Of reprotest.diff - echo "" - echo "---------------------------------------------" - echo "Output From JDK Comparison Script" - echo "---------------------------------------------" - cat $WORK_DIR/compare/reprotest.diff - echo "" - echo "---------------------------------------------" - echo "Copying Output To $(dirname "$0")" - cp $WORK_DIR/compare/reprotest.diff $WORK_DIR/reprotest.diff - + + if [ $rc -eq 0 ]; then + echo "Compare identical !" + else + echo "Differences found..., logged in: reprotest.diff" + fi + if [ -n "$REPORT_DIR" ]; then echo "Copying Output To $REPORT_DIR" - cp $WORK_DIR/compare/reprotest.diff "$REPORT_DIR" - cp $WORK_DIR/reproJDK.tar.gz "$REPORT_DIR" + cp "$WORK_DIR"/compare/reprotest.diff "$REPORT_DIR" + cp "$WORK_DIR"/reproJDK.tar.gz "$REPORT_DIR" fi - + Clean_Up_Everything + exit $rc } + # Clean_Up_Everything() { # Remove Working Directorys @@ -674,6 +542,3 @@ echo "---------------------------------------------" Build_JDK echo "---------------------------------------------" Compare_JDK -echo "---------------------------------------------" -Clean_Up_Everything -exit $rc diff --git a/tooling/reproducible/repro_common.sh b/tooling/reproducible/repro_common.sh index 8f7ca2942..5648fef81 100755 --- a/tooling/reproducible/repro_common.sh +++ b/tooling/reproducible/repro_common.sh @@ -89,23 +89,23 @@ function removeSystemModulesHashBuilderParams() { moduleHashesFunction="// Method jdk/internal/module/ModuleHashes\$Builder.hashForModule:(Ljava/lang/String;[B)Ljdk/internal/module/ModuleHashes\$Builder;" moduleString="// String " virtualFunction="invokevirtual" - local JDK_DIR="$1" systemModules="SystemModules\$0.class SystemModules\$all.class SystemModules\$default.class" + local JDK_DIR="$1" + local OS="$2" + local work_JDK="$3" for systemModule in $systemModules do FILES=$(find "${JDK_DIR}" -type f -name "$systemModule") for f in $FILES do + ff=$f if [[ "$OS" =~ CYGWIN* ]]; then ff=$(cygpath -w $f) - else - ff=$f fi - javap -v -sysinfo -l -p -c -s -constants "$ff" > "$f.javap.tmp" - rm "$f" - + "${work_JDK}"/bin/javap -v -sysinfo -l -p -c -s -constants "$ff" > "$f.javap.tmp" + # Remove "instruction number:" prefix, so we can just match code - if [[ $(uname) =~ Darwin* ]]; then + if [[ "$OS" =~ Darwin* ]]; then sed -i "" -E 's/^[[:space:]]+[0-9]+:(.*)/\1/' "$f.javap.tmp" else sed -i -E 's/^[[:space:]]+[0-9]+:(.*)/\1/' "$f.javap.tmp" @@ -137,6 +137,7 @@ function removeSystemModulesHashBuilderParams() { rm "$f.javap.tmp" grep -v "Last modified\|Classfile\|SHA-256 checksum" "$f.javap.tmp2" > "$f.javap" rm "$f.javap.tmp2" + rm "$f" done done @@ -153,7 +154,6 @@ function removeSystemModulesHashBuilderParams() { # reprohex - A hex UUID to identify the binary version, again generated from binary content function removeWindowsNonComparableData() { echo "Removing EXE/DLL timestamps, CRC and debug repro hex from ${JDK_DIR}" - # We need to do this for all executables if patching VS_VERSION_INFO if [[ "$PATCH_VS_VERSION_INFO" = true ]]; then FILES=$(find "${JDK_DIR}" -type f -path '*.exe' && find "${JDK_DIR}" -type f -path '*.dll') @@ -223,7 +223,7 @@ function removeWindowsNonComparableData() { # See https://github.com/adoptium/temurin-build/issues/2899#issuecomment-1153757419 function removeMacOSNonComparableData() { echo "Removing MacOS dylib non-comparable UUID from ${JDK_DIR}" - + MAC_JDK_ROOT="${JDK_DIR}/../../Contents" FILES=$(find "${MAC_JDK_ROOT}" \( -type f -and -path '*.dylib' -or -path '*/bin/*' -or -path '*/lib/jspawnhelper' -not -path '*/modules_extracted/*' -or -path '*/jpackageapplauncher*' \)) for f in $FILES do @@ -251,80 +251,77 @@ function removeMacOSNonComparableData() { # java.base also requires the dependent module "hash:" values to be excluded # as they differ due to the Signatures function processModuleInfo() { - if [[ "$OS" =~ CYGWIN* ]] || [[ "$OS" =~ Darwin* ]]; then - echo "Normalizing ModuleAttributes order in module-info.class, converting to javap" - - moduleAttr="ModuleResolution ModuleTarget" + local JDK_DIR="$1" + local OS="$2" + local work_JDK="$3" + echo "process Module Info from ${JDK_DIR}" + echo "Normalizing ModuleAttributes order in module-info.class, converting to javap" + moduleAttr="ModuleResolution ModuleTarget" + FILES=$(find "${JDK_DIR}" -type f -name "module-info.class") + for f in $FILES + do + ff=$f + if [[ "$OS" =~ CYGWIN* ]]; then + ff=$(cygpath -w $f) + fi + "${work_JDK}"/bin/javap -v -sysinfo -l -p -c -s -constants "$ff" > "$f.javap.tmp" + cc=99 + foundAttr=false + attrName="" + # Clear any attr tmp files + for attr in $moduleAttr + do + rm -f "$f.javap.$attr" + done - FILES=$(find "${JDK_DIR}" -type f -name "module-info.class") - for f in $FILES + while IFS= read -r line do - if [[ "$OS" =~ CYGWIN* ]]; then - ff=$(cygpath -w $f) - else - ff=$f + cc=$((cc+1)) + + # Module attr have only 1 line definition + if [[ "$foundAttr" = true ]] && [[ "$cc" -gt 1 ]]; then + foundAttr=false + attrName="" fi - javap -v -sysinfo -l -p -c -s -constants "$ff" > "$f.javap.tmp" - rm "$f" - cc=99 - foundAttr=false - attrName="" - # Clear any attr tmp files - for attr in $moduleAttr - do - rm -f "$f.javap.$attr" - done - - while IFS= read -r line - do - cc=$((cc+1)) - - # Module attr have only 1 line definition - if [[ "$foundAttr" = true ]] && [[ "$cc" -gt 1 ]]; then - foundAttr=false - attrName="" - fi - - # If not processing an attr then check for attr - if [[ "$foundAttr" = false ]]; then - for attr in $moduleAttr - do - if [[ "$line" =~ .*"$attr:".* ]]; then - cc=0 - foundAttr=true - attrName="$attr" - fi - done - fi - - # Echo attr to attr tmp file, otherwise to tmp2 - if [[ "$foundAttr" = true ]]; then - echo "$line" >> "$f.javap.$attrName" - else - echo "$line" >> "$f.javap.tmp2" - fi - done < "$f.javap.tmp" - rm "$f.javap.tmp" - - # Remove javap Classfile and timestamp and SHA-256 hash - if [[ "$f" =~ .*"java.base".* ]]; then - grep -v "Last modified\|Classfile\|SHA-256 checksum\|hash:" "$f.javap.tmp2" > "$f.javap" + # If not processing an attr then check for attr + if [[ "$foundAttr" = false ]]; then + for attr in $moduleAttr + do + if [[ "$line" =~ .*"$attr:".* ]]; then + cc=0 + foundAttr=true + attrName="$attr" + fi + done + fi + + # Echo attr to attr tmp file, otherwise to tmp2 + if [[ "$foundAttr" = true ]]; then + echo "$line" >> "$f.javap.$attrName" else - grep -v "Last modified\|Classfile\|SHA-256 checksum" "$f.javap.tmp2" > "$f.javap" + echo "$line" >> "$f.javap.tmp2" fi - rm "$f.javap.tmp2" - - # Append any ModuleAttr tmp files - for attr in $moduleAttr - do - if [[ -f "$f.javap.$attr" ]]; then - cat "$f.javap.$attr" >> "$f.javap" - fi - rm -f "$f.javap.$attr" - done + done < "$f.javap.tmp" + rm "$f.javap.tmp" + rm "$f" + # Remove javap Classfile and timestamp and SHA-256 hash + if [[ "$f" =~ .*"java.base".* ]]; then + grep -v "Last modified\|Classfile\|SHA-256 checksum\|hash:" "$f.javap.tmp2" > "$f.javap" + else + grep -v "Last modified\|Classfile\|SHA-256 checksum" "$f.javap.tmp2" > "$f.javap" + fi + rm "$f.javap.tmp2" + + # Append any ModuleAttr tmp files + for attr in $moduleAttr + do + if [[ -f "$f.javap.$attr" ]]; then + cat "$f.javap.$attr" >> "$f.javap" + fi + rm -f "$f.javap.$attr" done - fi + done } # Remove windowns generate classes jdk/bin/server/classes.jsa & jdk/bin/server/classes_nocoops.jsa diff --git a/tooling/reproducible/repro_compare.sh b/tooling/reproducible/repro_compare.sh index dd707fa87..2ee8616fb 100755 --- a/tooling/reproducible/repro_compare.sh +++ b/tooling/reproducible/repro_compare.sh @@ -13,7 +13,7 @@ # ******************************************************************************** # shellcheck disable=SC1091 -source repro_common.sh +source "$(dirname "$0")"/repro_common.sh BLD_TYPE1="$1" JDK_DIR1="$2" @@ -21,6 +21,10 @@ BLD_TYPE2="$3" JDK_DIR2="$4" OS="$5" +mkdir "${JDK_DIR}_BK" +cp -R "${JDK_DIR1}"/* "${JDK_DIR}"_BK +BK_JDK_DIR=$(realpath "${JDK_DIR}"_BK/) + JDK_DIR_Arr=("${JDK_DIR1}" "${JDK_DIR2}") for JDK_DIR in "${JDK_DIR_Arr[@]}" do @@ -32,7 +36,7 @@ do echo "Pre-processing ${JDK_DIR}" rc=0 - source ./repro_process.sh "${JDK_DIR}" "${OS}" || rc=$? + source "$(dirname "$0")"/repro_process.sh "${JDK_DIR}" "${OS}" || rc=$? if [ $rc != 0 ]; then echo "Pre-process of ${JDK_DIR} ${OS} failed" exit 1 @@ -46,12 +50,11 @@ do cleanTemurinBuildInfo "${JDK_DIR}" if [[ "$OS" =~ CYGWIN* ]] || [[ "$OS" =~ Darwin* ]]; then - removeSystemModulesHashBuilderParams "${JDK_DIR}" + removeSystemModulesHashBuilderParams "${JDK_DIR}" "${OS}" "${BK_JDK_DIR}" + processModuleInfo "${JDK_DIR}" "${OS}" "${BK_JDK_DIR}" fi - processModuleInfo done - files1=$(find "${JDK_DIR1}" -type f | wc -l) echo "Number of files: ${files1}" rc=0 diff --git a/tooling/reproducible/repro_process.sh b/tooling/reproducible/repro_process.sh index 92b246f2a..d44f9ac8b 100755 --- a/tooling/reproducible/repro_process.sh +++ b/tooling/reproducible/repro_process.sh @@ -13,7 +13,7 @@ # ******************************************************************************** # shellcheck disable=SC1091 -source repro_common.sh +source "$(dirname "$0")"/repro_common.sh JDK_DIR="$1" OS="$2"