search

ibmruntimes / openj9-openjdk-jdk17

Extensions for OpenJDK 17 for Eclipse OpenJ9
GNU General Public License v2.0
23 stars 53 forks source link

Allow extension of RestrictedSecurity profiles #359

Closed KostasTsiounis closed 2 months ago

KostasTsiounis commented 2 months ago

RestrictedSecurity profiles sometimes share a lot of duplicate settings with only minor differences. With these changes the extension, similar to object-orientation, of profiles becomes possible.

More specifically, a profile A can extend another a profile B, using RestrictedSecurity.<profile A name>.extends = RestrictedSecurity.<profile B name>. This allows profile A to inherit all of profile B's properties. One can add additional properties to profile A, or amend some of the existing ones. That includes overriding, appending or removing from a property (wherever that's applicable).

An additional property is introduced. The RestrictedSecurity.<profile name>.desc.hash = <hash algorithm>:<hash> is used to ensure the profile hasn't been unintentionally altered. The profile's properties are hashed using the selected <hash algorithm>, and the result is compared to the <hash> provided through the property. This property is mandatory for base profiles (i.e., profiles that are not extending anything), and optional for the rest.

Back-ported from: https://github.com/ibmruntimes/openj9-openjdk-jdk/pull/793

Signed-off by: Kostas Tsiounis kostas.tsiounis@ibm.com

KostasTsiounis commented 2 months ago

FYI @keithc-ca

keithc-ca commented 2 months ago

Jenkins test sanity zlinux jdk17

keithc-ca commented 2 months ago

Jenkins test sanity plinux jdk17

keithc-ca commented 2 months ago

POWER Linux build systems are still unavailable.

keithc-ca commented 2 months ago

Jenkins test sanity amac jdk17