search

ibmruntimes / openj9-openjdk-jdk17

Extensions for OpenJDK 17 for Eclipse OpenJ9
GNU General Public License v2.0
23 stars 53 forks source link

Update RestrictedSecurity flags, alter debug comments and profile name #287

Closed KostasTsiounis closed 9 months ago

KostasTsiounis commented 9 months ago

The original flag to enable FIPS (i.e., -Dsemeru.fips=true) remains the same, but the one allowing a user to set a custom profile is changed to -Dsemeru.customprofile=<profile.version>.

The debug messages have been altered a bit to only be enabled using the already known and used by similar components -Djava.security.auth.debug flag. The information for available profiles, as well as the profile used in the particular run, is printed as part of the debug messages, instead of specifying additional properties in the custom profile flag.

Further checks are added to ensure solutions are supported in the running platform and the profile is marked as FIPS compliant.

The flag for the custom profile allows the user to either specify the full name of the profile to be used (e.g., -Dsemeru.customprofile=NSS.FIPS140-2), or specify the solution to be used (e.g., -Dsemeru.customprofile=NSS) and allow RestrictedSecurity to pick the default profile for that.

The naming of profiles has, also, been altered to abide by the <solution.version> template (e.g., NSS.FIPS140-2), instead of an integer.

Back-ported from: https://github.com/ibmruntimes/openj9-openjdk-jdk/pull/701

Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com

pshipton commented 9 months ago

jenkins compile amac jdk17