Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update RestrictedSecurity flags, alter debug comments and profile name #83

Merged
merged 1 commit into from
Nov 30, 2023

Conversation

KostasTsiounis
Copy link
Contributor

The original flag to enable FIPS (i.e., -Dsemeru.fips=true) remains the same, but the one allowing a user to set a custom profile is changed to -Dsemeru.customprofile=<profile.version>.

The debug messages have been altered a bit to only be enabled using the already known and used by similar components -Djava.security.auth.debug flag. The information for available profiles, as well as the profile used in the particular run, is printed as part of the debug messages, instead of specifying additional properties in the custom profile flag.

Further checks are added to ensure solutions are supported in the running platform and the profile is marked as FIPS compliant.

The flag for the custom profile allows the user to either specify the full name of the profile to be used (e.g., -Dsemeru.customprofile=NSS.FIPS140-2), or specify the solution to be used (e.g., -Dsemeru.customprofile=NSS) and allow RestrictedSecurity to pick the default profile for that.

The naming of profiles has, also, been altered to abide by the <solution.version> template (e.g., NSS.FIPS140-2), instead of an integer.

Back-ported from: ibmruntimes/openj9-openjdk-jdk#701

Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com

@pshipton
Copy link
Member

jenkins compile amac jdk21

@pshipton pshipton merged commit ef7a615 into ibmruntimes:openj9 Nov 30, 2023
4 checks passed
@KostasTsiounis KostasTsiounis deleted the rs_flags branch May 16, 2024 18:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants