Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP: Adding secure mode option to build scripting #4076

Draft
wants to merge 42 commits into
base: master
Choose a base branch
from
Draft

WIP: Adding secure mode option to build scripting #4076

Changes from 1 commit
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
3ed9424
Adding secure mode option to build scripting
adamfarley Dec 4, 2024
8d7d369
Adding a download function library plus basic testing
adamfarley Dec 13, 2024
56a5566
Adding info tests and restructuring info
adamfarley Dec 13, 2024
c3d2beb
Adding URL existence tests
adamfarley Dec 13, 2024
3d03e27
Adding licenses and the first draft of the download test
adamfarley Dec 16, 2024
7ca982d
Updating the sample file sha
adamfarley Dec 16, 2024
d887e78
More tests, secure mode, and line endings
adamfarley Dec 16, 2024
ed8f429
Removing debug exit
adamfarley Dec 16, 2024
b57f9a9
Reorganising files and adding git action to run tests
adamfarley Dec 16, 2024
205f41c
Excluding lib from build testing because it has its own tests
adamfarley Dec 16, 2024
ade2985
Temporary exclusion
adamfarley Dec 16, 2024
4b532df
undoing build.yml change
adamfarley Dec 16, 2024
b5c6582
Changing action name
adamfarley Dec 16, 2024
3368073
Fixes for git action
adamfarley Dec 16, 2024
71e0ca2
Removing concurrency from github action
adamfarley Dec 16, 2024
941d220
Fixing typo
adamfarley Dec 16, 2024
154106c
Another typo
adamfarley Dec 16, 2024
338bf68
typo
adamfarley Dec 16, 2024
fa64eb8
Indentation fix
adamfarley Dec 16, 2024
8a796a5
Fixing paths
adamfarley Dec 17, 2024
10a05b2
Adding formatting
adamfarley Dec 17, 2024
d0d920c
debug code
adamfarley Dec 17, 2024
f427311
Typo
adamfarley Dec 17, 2024
4282408
Regex fix
adamfarley Dec 17, 2024
aaa7c1d
regex typo
adamfarley Dec 17, 2024
bdd32c1
bug fix
adamfarley Dec 17, 2024
dc284a0
fix for regex
adamfarley Dec 17, 2024
35021bc
typo fix
adamfarley Dec 17, 2024
e73ce28
debug output
adamfarley Dec 17, 2024
6d0cc98
debug
adamfarley Dec 17, 2024
850f1d2
debug
adamfarley Dec 17, 2024
ab7185e
fixing file locator code
adamfarley Dec 17, 2024
b7efc57
typo
adamfarley Dec 17, 2024
3a7c97a
Replacing pwd with test file directory
adamfarley Dec 17, 2024
2a5c4bd
debug
adamfarley Dec 17, 2024
1a3bff5
debug
adamfarley Dec 17, 2024
b5ff083
debug
adamfarley Dec 17, 2024
864127d
debug
adamfarley Dec 17, 2024
e8b3298
debug
adamfarley Dec 17, 2024
901aa93
debug
adamfarley Dec 17, 2024
3a742dc
fix for sha issue
adamfarley Dec 17, 2024
f8460da
Switching -x checks to -r
adamfarley Dec 17, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions sbin/common/config_init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ DISABLE_ADOPT_BRANCH_SAFETY
DOCKER_FILE_PATH
DOCKER_SOURCE_VOLUME_NAME
ENABLE_SBOM_STRACE
ENABLE_SECURE_MODE
FREETYPE
FREETYPE_DIRECTORY
FREETYPE_FONT_BUILD_TYPE_PARAM
Expand Down Expand Up @@ -299,6 +300,9 @@ function parseConfigurationArguments() {
"--enable-sbom-strace" )
BUILD_CONFIG[ENABLE_SBOM_STRACE]=true;;

"--enable-secure-mode" )
BUILD_CONFIG[ENABLE_SECURE_MODE]=true;;

"--freetype-dir" | "-f" )
BUILD_CONFIG[FREETYPE_DIRECTORY]="$1"; shift;;

Expand Down Expand Up @@ -558,6 +562,9 @@ function configDefaults() {

BUILD_CONFIG[ENABLE_SBOM_STRACE]="false"

# Set default value to "false", for maximum user convenience. "false" enables potentially-insecure functionality, like the dynamic download of boot JDKs.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The boot jdk is one of few downloads, which you must manually force to happen. Eg. alsa is on contrary download without warning. Free type is downloaded as sources? What else is/can be downloaded? /me just curious. Thanx for the downlaod unification effort. Highly appreciated!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mainly boot JDKs. AIX, Alpine Linux, and Mac download boot JDKs if they can't find one locally.

There are also 22 other uses of wget, and many more that are indirect.

e.g. buildDocker.sh and dockerfile-generator wget many things, like the list of available releases and the mkdocker.sh script from openj9.

BUILD_CONFIG[ENABLE_SECURE_MODE]="false"

# The default behavior of whether we want to create a separate source archive
BUILD_CONFIG[CREATE_SOURCE_ARCHIVE]="false"

Expand Down
Loading