From 641aa9e27db6ac58c5693324d3f2693c8b3f83ce Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Fri, 19 Mar 2021 16:36:28 +0100 Subject: adoptopenjdk-{13,14}: mark insecure --- pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix | 3 ++- pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix | 3 ++- pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix | 8 ++++---- pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix | 8 ++++---- 12 files changed, 44 insertions(+), 42 deletions(-) diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix index 31a7346108e..0bcfcafaae1 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix @@ -1,4 +1,4 @@ -sourcePerArch: +{ sourcePerArch, knownVulnerabilities ? [] }: { swingSupport ? true # not used for now , lib, stdenv @@ -48,6 +48,7 @@ let cpuName = stdenv.hostPlatform.parsed.cpu.name; description = "AdoptOpenJDK, prebuilt OpenJDK binary"; platforms = [ "x86_64-darwin" ]; # some inherit jre.meta.platforms maintainers = with lib.maintainers; [ taku0 ]; + inherit knownVulnerabilities; }; }; in result diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix index ed8935b0042..95e72facaee 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix @@ -1,4 +1,4 @@ -sourcePerArch: +{ sourcePerArch, knownVulnerabilities ? [] }: { stdenv , lib @@ -107,6 +107,7 @@ let result = stdenv.mkDerivation rec { description = "AdoptOpenJDK, prebuilt OpenJDK binary"; platforms = lib.mapAttrsToList (arch: _: arch + "-linux") sourcePerArch; # some inherit jre.meta.platforms maintainers = with lib.maintainers; [ taku0 ]; + inherit knownVulnerabilities; }; }; in result diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix index d1db77215d1..7fec8fd3ff6 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk11.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jdk.hotspot; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jre.hotspot; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jdk.openj9; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix index 755ffaab271..e802e2eea52 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk11.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk11.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk11.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk11.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jdk.hotspot; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jre.hotspot; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jdk.openj9; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix index 48806143c87..2654c4f9e72 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk13.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk13.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk13.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk13.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix index 1bd7bb88448..c33d6afad10 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk13.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk13.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk13.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk13.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix index e440903ad52..6941a6dd0dd 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk14.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk14.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk14.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk14.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix index 90ae65ba970..756b419434d 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk14.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk14.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk14.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk14.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix index b9b67f271ac..d627fd9311f 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk15.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk15.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk15.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk15.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jdk.hotspot; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jre.hotspot; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jdk.openj9; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix index d48f9312dd6..6663d9778bc 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk15.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk15.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk15.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk15.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jdk.hotspot; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jre.hotspot; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jdk.openj9; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix index a170e0141cf..5e2d42276ce 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk8.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk8.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk8.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk8.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jdk.hotspot; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jre.hotspot; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jdk.openj9; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix index 4937eace490..c2a4085f730 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk8.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk8.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk8.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk8.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jdk.hotspot; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jre.hotspot; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jdk.openj9; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jre.openj9; }; } -- cgit 1.4.1