Build JDKs once, repack everywhere
Summary
This is the last step in https://fedoraproject.org/wiki/MoveFedoraJDKsToBecomePortableJDKs effort. JDKs in fedora are already static, and we repack portable tarballs into RPMs. Currently, the portable tarball is built for each Fedora and EPEL version. Goal here is to build each JDK (8,11,17,21,latest (20)) only once, in oldest live Fedora repack in all live Fedoras. If jdk is buitl in epel, it will be built in oldest possible epel and repacked in newer live epels.
Owner
- Name: Jiri Vanek
- Email: jvanek@redhat.com
Current status
- Targeted release: Fedora Linux 40
- Last updated: 2024-10-19
- Original devel thread
- Updated proposal devel thread
- FESCo issue: #3035
- Initial FESCo issue (archived): #3008
- Tracker bug: #2233283
- Release notes tracker: #1012
Detailed Description
As described in https://fedoraproject.org/wiki/MoveFedoraJDKsToBecomePortableJDKs ; during last year, packaging of JDKs had changed dramatically. As described in the same wiki page and in individual sub changes and devel threads, the primary reason for this is to lower maintenance and still keep Fedora Java friendly.
- In the first system wide change, we have changed the JDKs to build properly as standalone, portable JDK - the way JDK is supposed to be built. I repeat, we spent ten years by patching JDK to become properly dynamic against system libs, and all patches went upstream, but this has become a fight which can not be won.
- As a second step we introduced portable RPMs, which do not have any system integration, only build JDK and pack the final tarball in RPM for Fedora use.
- In third step - without any noise, just verified with fesco - https://pagure.io/fesco/issue/2907 - we stopped building JDK in fully integrated RPMs. Instead of this, normal RPMs BUildRequire portable RPMs and just unpack it, and repack it.
Now last step is ahead - to build portable LTS JDKs 8,11,17 and 21 in oldest live Fedora, and repack everywhere. java-latest-openjdk, which contains latests STS JDK - currently 20, soon briefly 21 and a bit after 22... If we would built java-latest-openjdk in oldest live EPEL - epel8 now, we have verified, that such repacked JDKs works fine, however repack from epel seem to not be acceptable, thus ajva-latest-openjdk will be built twice - one in oldest live fedora, and once in oldest live epel. Build forme oldest possible epel will be repacked to that one or newer epels, and build from oldest live fedroa to all fedoras.
theoretical tagging solution
fN-openjdk tags requested and created via: https://pagure.io/releng/issue/11830
0. if possible, request fN-openjdk protected permanent tags 1. use tag from 0 or request side tags for all releases 2. build the java-xy-openjdk-portable in the side tag for the oldest thing 3. tag the result of (2) to all side tags from (1) 4. waitrepo them (note, that since f39 you must '--request' the repo regeneration 5. build the java-xy-openjdk pkgs by repacking java-xy-openjdk-portable pkgs in all the side tags from (1) 6. it may be needed to untag the result of (2) from all the side tags from (1) 7. ship bodhi updates of java-xy-openjdk-portable from side tags (and delete the side tags) Where xy stands for 1.8.0, 11, 17 and latest.
The build from (2) will be eventually garbage collected. To prevent that, it might be re-tagged regularly. This is where releng might be able to help by creating a long lived tag to tag this into for preserving.
Include the config in dist-git repos, so fedpkg knows the target tag without user input
including portable srpms in release (improving of steps 2+6)
To include portable rpms in all live Fedoras is currently not possible. Best solution would be simply make and bodhi update of one portable rpm to all live fedoras. Bodhi is currenlty not capable to do so, issue was raised: https://github.com/fedora-infra/bodhi/issues/5387 investigating possibility to deliver single build as update to several releases.
"..It's not possible ATM, it would require a heavy rewrite of the code, starting from the database structure (every build is now related to a single release)..." Maybe on long run..."
On long run, if bodhi will allow this, that will be way to go. On short run, there are following options:
a) ask releng to tag the portables directly - this needs manual approach of rare humans, thus no go unless strictly enforced by unpredicted conditions - this walks around whole testing repos. For portables tarballs, as nothing should depend on them, and are tested indirectly after repack, this should be technically ok, but is heavily discouraged in principle. b) build portable for all OSes, but do not ship them (don't do bodhi update) - this would probably work for all frontiers, only the real repacked JDK will be different - pros is, that we will be sure that portables builds on live fedoras - cons is, that the portable JDK will not be available by dnf install anyway c) build portable for all OSes, including bodhi update - pros is, that we will be sure that portables builds on live fedoras - another pros is that the portable JDK will be available by dnf install anyway - there may be clash during the build which will cause to repack wrong (newer, non certified) portables d) include SRPM_REBUILD.readme in srpm and generated PORTABLES_INSTALL.readme in RPMs, which will ideally at least contain: - instruction why you need portables - instruction how to find the portables - from SRPM_REBUILD.readme pointing to PORTABLES_INSTALL.readme - generated link to the koji, allowing to download the SRPM - generated link to the koji, allowing to download the binaries - generated instruction how to dnf install used portables
I would currently vote for d). If there will be complains about broken SRPM rebuild, or need to install portables without hacking, then fall-back a, b or c via Change Proposal. Once Bodhi allows single build to be tagged to several release, I will move to that.
Feedback
Benefit to Fedora
Java maintainers will finally have some free time... No kidding - maintenance and *certification* of so much supported JDKs on so much Fedora versions is brutal. By building once, and repack, we will regain cycles to continue support Fedora with all LTS and one STS JDK.
If we fail to build once and repack everywhere, Java maintainers will most likely need to lower the number of JDKs in fedora to system one only.
Scope
- Proposal owners: Technically all JDKs (except 8, where some more tuning is needed, and EPEL for java-latest) are prepared, as they have a portable version, and RPMs just repack it. Except tuning up the JDK8 and EPEL for latest, scope owners are done.
- Other developers: There will be needed significant support from RCM and maybe senior Fedora leadership to help to finish the build in oldest and enable to repack everywhere
- Release engineering: #11438 There will be needed significant support from RCM, where I'm actually unsure what they will have to do to enable this. The mas rebuild will not be needed.
- Policies and guidelines: AFAIK none (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Community Initiatives: All supported JDKs will remain in Fedora in highest possible quality with full QA and certification, and its packagers will not lose their minds. Note that QA will still run on all live Fedoras, not only on the builder one.
Upgrade/compatibility impact
The change should be completely transparent to any user.
How To Test
sudo dnf update/install "java*"
will install expected set of working packages.
SRPM rebuild of both portables (which were built once) and of any rpms (from this freshly rebuild portbales) have to remain possible
User Experience
The change should be absolutely transparent to any user.
Dependencies
To finish this we will need heavy support from RCM, and maybe others. Although there are precedents with such pacakge, they all bites. From SW point of view, the dependece chain is normal RPMs build requires portable RPMs
and thats all.
Contingency Plan
- Contingency mechanism: Even if It should be straight forward to revert back to building per OS, it may be impossible for current maintainers to save time for it. If this change is approved, we will be building 4-5 (jdk8,11,17,sts and 21) builds for all fedoras. If this change is not finished in time, we may need to orphan some of the JDKs. In better case, we will be able to keep living one LTS as system JDK, and java-latest-openjdk as future system JDK. That is 2*(3-5) builds (rawhide, (forked,), latest live, oldest live (oldest not yet dropped)). In worst case, we may be able to maintain only java-latest-openjdk. On long run changing it to rolling system JDK, which are the expected 3-5 builds.
- Contingency deadline: N/A
- Blocks release? No. The change can be introduced even on the fly to live distributions.
Documentation
N/A (not a System Wide Change)
Release Notes
Packagers and comaintainers tutorial
Releasing openjdks in fedora with this feature on follows https://fedoraproject.org/wiki/Changes/BuildJdkOncePackEverywhere#theoretical_tagging_solution ; here are actual steps for java-latest-openjdk(-portable), which are directly reusable for 1.8.0, 11, 17, 21...:
System jdk
During all the merges of rpms
dont forget in which fedora is what jdk system jdk. You can not merge from fedora where some java is sytem JDK to fedora where it is not system. You have to cherry-pick
and double check is_system_jdk
macro that it is what it should be
portables
- apply all patches to rawhide and do usual,
git commit
git push
andfedpkg build
as usually in all branches. - once done,
git merge
rawhide to latest fedora , then latest to latest-1 and so on to the oldest live - in each of them
fedpkg build
to ensure jdk is buildable (not that it really meter at the end) - tag the build from oldest fedora to all fedoras fX-openjdk tags
- tag the build from oldest fedora to rawhide update candidate, so the NVR is not going to be garbage-collected (it tags itself automatically to protected tag fX-updates, but only rawhide!)
- eg when rawhide was f41 and oldest live fedora f39
- eg:
for x in f41-openjdk f40-openjdk f39-openjdk f41-updates-candidate ; do koji tag $x java-11-openjdk-portable-11.0.23.0.9-1.fc38 ; done
waitrepo it
koji wait-repo f40-openjdk --build=java-11-openjdk-portable-11.0.23.0.9-1.fc38 --request
- Once you are done you mau
koji untag epelX-testing-candidate NVR
andkoji untag fX-updates-candidate NVR
of the builds which are not used.- note, that also in rawhide, because you build in
fxy-openjdk
tag, you build against correct 'from oldest' portables, even if the rawhide's original portables were tagged to stable.
- note, that also in rawhide, because you build in
rpms
- keep tuning and building repacking rpms in rawhide
- feel free to build also branches, but the override dance is usually not worhty
- merge rawhide to all live branches. If you were building non-rawhides, bump rpmrelease
- be aware! If the system jdk changed, double check, that the corresponding fedoras have proper system jdk!
git push
the live fedoras- build to proper tags from relevant branches (mainly because of the system jdk threat)
git checkout rawhide
&&fedpkg build --target=f41-openjdk
(optional)git checkout f40
&&git merge rawhide && git push
&&fedpkg build --target=f40-openjdk
git checkout f39
&&git merge f40 && git push
&&fedpkg build --target=f39-openjdk
- ...
- then do a bodhi updtae via gui/cli as usually
- eg for above builds:
koji tag f39-updates-candidate java-1.8.0-openjdk-1.8.0.392.b08-7.fc39
koji tag f40-updates-candidate java-1.8.0-openjdk-1.8.0.392.b08-7.fc40
- eg for above builds:
epel and STSs
For rolling package of java-lates-openjdk(-portable) which si packed for epels, above is applicable. Shortened shortcut:
portables
- ensure you have all necessary sidetags - https://pagure.io/releng/issue/11848
- merge rawhide to newest epel
- in java-lates-openjdk-portable merge newst epel to epel-1 ... down to lastest live epel
- epel7 have lack of aarch64, so it is no longer used
- scratch build for each epel where you merge
fedpkg build
oldest epel- tag the build from oldest epel to all your sidetags
koji tag el8-openjdk java-latest-openjdk-portable-21.0.1.0.12-4.rolling.el8
(epel8 was oldest live rhel in time of writing this)koji tag el9-openjdk java-latest-openjdk-portable-21.0.1.0.12-4.rolling.el8
- waitrepo them all
rpms
- adjust java-lates-openjdk rpms in all epels as neessary
- usually simple merge rawhide to epelN then epelN to epelN-1.. down to bottom do not work, the integrations usually differs
- in corresponding branches fedpkg build to proper targets:
- in epel9 branch:
fedpkg build --target=el9-openjdk
- in epel8 branch:
fedpkg build --target=el8-openjdk
- in epel9 branch:
- tag the rpmbuilds to updates
koji tag epel8-testing-candidate java-latest-openjdk-21.0.1.0.12-4.rolling.el8
koji tag epel9-testing-candidate java-latest-openjdk-21.0.1.0.12-4.rolling.el9
- do gui/cli updates
fedpkg update
from proper branch verified to work
shortuct of shortcuts
- You can
git commit
git push
git merge
andfedpkg build
as usually in all branches. - Once you are done
koji untag epelX-testing-candidate NVR
andkoji untag fX-updates-candidate NVR
so they do not mess with future tagged build koji tag elX-openjdk NV.oldestR
the desired build(s) to all el*-openjdk tagskoji tag fX-openjdk NV.oldestR
the desired build(s) to all f*-openjdk tags- wait repo them
- do rpms and updates as in previous steps
koji tag epelX-testing-candidate NV.oldestR
andkoji tag fX-updates-candidate NV.oldestR
to all and especially rawhide.- do not do updates of this portable (well of no portabales)
- update will happen automagically in rawhide, and the portables will not be garbage collected
- the tag will properly serve for SRPM rebuild
- from time to time between CPUs, it is worthy to do a portable fedora updates (once build per fedora) so the portables are at least semifresh
- note - if you keep wondering why we simply do not tag oldest rpms to all live fedoras:
- bodhi is unable to do update of one pkg to multiple OSes!
- and als integration changes and system jdk changes