search

ibmruntimes / openj9-openjdk-jdk11

Extensions for OpenJDK 11 for Eclipse OpenJ9
GNU General Public License v2.0
31 stars 112 forks source link

Allow extension of RestrictedSecurity profiles #788

Closed KostasTsiounis closed 4 months ago

KostasTsiounis commented 4 months ago

RestrictedSecurity profiles sometimes share a lot of duplicate settings with only minor differences. With these changes the extension, similar to object-orientation, of profiles becomes possible.

More specifically, a profile A can extend another a profile B, using RestrictedSecurity.<profile A name>.extends = RestrictedSecurity.<profile B name>. This allows profile A to inherit all of profile B's properties. One can add additional properties to profile A, or amend some of the existing ones. That includes overriding, appending or removing from a property (wherever that's applicable).

An additional property is introduced. The RestrictedSecurity.<profile name>.desc.hash = <hash algorithm>:<hash> is used to ensure the profile hasn't been unintentionally altered. The profile's properties are hashed using the selected <hash algorithm>, and the result is compared to the <hash> provided through the property. This property is mandatory for base profiles (i.e., profiles that are not extending anything), and optional for the rest.

Back-ported from: https://github.com/ibmruntimes/openj9-openjdk-jdk/pull/793

Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com

KostasTsiounis commented 4 months ago

FYI @keithc-ca

keithc-ca commented 4 months ago

Jenkins test sanity xlinux jdk11

keithc-ca commented 4 months ago

Jenkins test sanity xlinux jdk11

keithc-ca commented 4 months ago

Restarting the part of testing that failed to fetch from artifactory...

keithc-ca commented 4 months ago

The rest of the tests passed on a different system in https://openj9-jenkins.osuosl.org/job/Test_openjdk11_j9_sanity.functional_x86-64_linux_Personal_testList_1/341.