Thanks for the explanation, it makes reviewing much easier.
I can see the additional types in the changeset for 8005523, so it looks good to me.
If possible, it would be nice if that anyone touching source that effects jsse.jar could also check the profiles target. That said, I wasn't aware of this dependency until now. Anyway, I think you're right Alan, it remains to be seen how much of a chore this becomes.
-Chris. On 28/04/2013 22:04, Alan Bateman wrote:
I need a reviewer for a small update to the "refs.allowed" file used by the dependency checking tool in the profiles build. To re-cap, the profiles build does not subset jsse.jar even though there is JSSE code that references Kerberos classes that do not exist in compact1 and compact2 builds. These references aren't a problem at runtime because the support for Kerberos cipher suites is predicated on Kerberos being present. However for static analysis tools (including CheckDeps) then it means there are references to Kerberos clsses that do not exist. To avoid the tool flagging these references and failing the build, the tool has refs.allowed to allow for a small set of "allowed references". To date we have not needed to touch this but the recent push of 8005523 to jdk8/tl/jdk introduces new references that are currently causing the profiles build to fail. It remains to seen whether maintaining this list will be maintenance chore. If it proves to be then we may just have to do something special for jsse.jar to avoid needing to update the file when new dependencies are introduced. For now I propose to just update refs.allowed to get the profile build working again. The proposed diffs are attached. -Alan diff --git a/make/tools/src/build/tools/deps/refs.allowed b/make/tools/src/build/tools/deps/refs.allowed --- a/make/tools/src/build/tools/deps/refs.allowed +++ b/make/tools/src/build/tools/deps/refs.allowed @@ -13,10 +13,11 @@ javax.security.auth.kerberos.KerberosKey=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 javax.security.auth.kerberos.KerberosPrincipal=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 javax.security.auth.kerberos.KerberosTicket=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2 +javax.security.auth.kerberos.KeyTab=sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 javax.security.auth.kerberos.ServicePermission=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 sun.security.jgss.GSSCaller=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 sun.security.jgss.krb5.Krb5Util=sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 -sun.security.jgss.krb5.ServiceCreds=sun.security.ssl.krb5.Krb5ProxyImpl,compact1,compact2 +sun.security.jgss.krb5.ServiceCreds=sun.security.ssl.krb5.Krb5ProxyImpl,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2 sun.security.krb5.EncryptedData= sun.security.ssl.krb5.KerberosPreMasterSecret,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2 sun.security.krb5.EncryptionKey=sun.security.ssl.krb5.KerberosPreMasterSecret,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2 sun.security.krb5.internal.crypto.KeyUsage=sun.security.ssl.krb5.KerberosPreMasterSecret,sun.security.ssl.krb5.KerberosClientKeyExchangeImpl,compact1,compact2
