Update RestrictedSecurity flags, alter debug comments and profile name #733
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
jenkins compile amac jdk11 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The original flag to enable FIPS (i.e.,
-Dsemeru.fips=true) remains the same, but the one allowing a user to set a custom profile is changed to-Dsemeru.customprofile=<profile.version>.The debug messages have been altered a bit to only be enabled using the already known and used by similar components
-Djava.security.auth.debugflag. The information for available profiles, as well as the profile used in the particular run, is printed as part of the debug messages, instead of specifying additional properties in the custom profile flag.Further checks are added to ensure solutions are supported in the running platform and the profile is marked as FIPS compliant.
The flag for the custom profile allows the user to either specify the full name of the profile to be used (e.g.,
-Dsemeru.customprofile=NSS.FIPS140-2), or specify the solution to be used (e.g.,-Dsemeru.customprofile=NSS) and allowRestrictedSecurityto pick the default profile for that.The naming of profiles has, also, been altered to abide by the
<solution.version>template (e.g.,NSS.FIPS140-2), instead of an integer.Back-ported from: ibmruntimes/openj9-openjdk-jdk#701
Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com