Ensure TemurinGenSOM.java build with jdk-17+ for openkeystore support

[andrew-m-leonard]

Fix build.sh to build TemurinGenSOM.java with jdk-17+ as openkeystore won't compile.

Fixes up: #3209

Signed-off-by: Andrew Leonard [email protected]

[andrew-m-leonard]

Test builds:

• https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk19u/job/jdk19u-linux-x64-temurin/76/
• https://ci.adoptopenjdk.net/job/build-scripts/job/jobs/job/jdk11u/job/jdk11u-linux-x64-temurin/205/

[smlambert]

👍

[sxa]

Do we really need to do this? Most of our build machines have java 17 installed in a known location so downloading it every time seems a bit over the top.
Also does this process run on Solaris too?

[zdtsw]

Solaris is a valid point.

[andrew-m-leonard]

@sxa What environment would point at it?
Also, the above is generic for user of this script

[andrew-m-leonard]

Yeah thought about Solaris, not sure what we do there....yet

[andrew-m-leonard]

I'd like to just get some thing building rather than none :-)

[sxa]

@sxa What environment would point at it?

Do you mean which path? /usr/lib/jvm/jdk-XX on linux for example - we create equivalent locations elsewhere.

Also, the above is generic for user of this script

Yes but "if it's not in our location, do the download" would seem a sensible thing to do (and the fewer things we download during the process the better and more secure we will be)

[andrew-m-leonard]

So openkeystore is not going to build on Solaris, so I think we're going to have to re-factor that code out of TemurinGenSBOM and into another signing app, called in a standalone job

[andrew-m-leonard]

@sxa in fact i'm thinking refactor the whole class into a separate invoked build-farm job, a bit like GPG signing. Trying to perform at the end of the build is troublsome

[andrew-m-leonard]

Needs re-working with thought on jdk8 Solaris and possibly other issues..