Open LeonCloudEndure opened 6 years ago
This looks like an issue with the openjdk installation. I feel like I've seen similar things around certificates and openjdk while learning about getting all the docker stuff setup for the Binder repo.
Potentially related is docker-library/openjdk#145. See also https://github.com/mikaelhg/broken-docker-jdk9-cacerts for a more detailed explanation and some potential fixes (please let me know if you try any that work for you). That repository I linked also explicitly mentions Ubuntu 18.04 and says that the problem exists from >=jdk9.
I would like to leave this open even if you find a workaround that works in case others come across the problem. Thanks for the report!
```
P.S. For multi-line code blocks, use an opening and closing triple backtick each on their own line
or indent the whole block with 4 spaces. :)
```
That is a crazy coincidence, I usually don't work with java at all. But the two last tasks in my Work, and here are all related to the exact same thing :P
Anyway this workaround worked perfectly:
/usr/bin/printf '\xfe\xed\xfe\xed\x00\x00\x00\x02\x00\x00\x00\x00\xe2\x68\x6e\x45\xfb\x43\xdf\xa4\xd9\x92\xdd\x41\xce\xb6\xb2\x1c\x63\x30\xd7\x92' > /etc/ssl/certs/java/cacerts /var/lib/dpkg/info/ca-certificates-java.postinst configure
But this workaround is bad for anything that is not a test machine since it overwrites the cacerts file.
From what I understand from the second link and from my limited knowledge on the cacerts file, all you need to change is for the relevant code to either run with:
-Djavax.net.ssl.trustStorePassword=changeit
or inside the code itself do:
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
at the very beginning.
This should work for both old and new java versions.
Yes it is not the nicest workaround. I believe what is going on now is just waiting for a version bump in the debian package as it is only a problem on openjdk for linux x64 (https://bugs.java.com/view_bug.do?bug_id=8189357). There was a pretty quick EOL for java 9 and we are on 10 currently but it looks like 11 is the planned long term support release (along with 8 as it was before jigsaw). I've had luck with 10 so far which maybe I should include in the readme in case users are only installing a newer jdk to try the project.
Thanks for the update!
I really think you should add -Djavax.net.ssl.trustStorePassword=changeit to the build since it should still solve the issue, and if changeit is set to a var that a user can change it will also allow people with custom java stores to be able to work with IJava as well. If I will have time I will try to check this option and submit a fix.
A quick fix I did (I assume that is not the proper way to do it, so I am just showing this as a proof of concept, or another potential workaround)
git diff
diff --git a/gradlew b/gradlew
old mode 100644
new mode 100755
index cccdd3d..0ff933c
--- a/gradlew
+++ b/gradlew
@@ -28,7 +28,7 @@ APP_NAME="Gradle"
APP_BASE_NAME=`basename "$0"`
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
+DEFAULT_JVM_OPTS="-Djavax.net.ssl.trustStorePassword=changeit"
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD="maximum"
Right now it fails due to a new issue (maybe its something temporary) but it fails with the previous workaround as well so its unrelated:
./gradlew installKernel
Starting a Gradle Daemon, 1 incompatible Daemon could not be reused, use --status for details
FAILURE: Build failed with an exception.
* Where:
Build file '/home/ubuntu/IJava/build.gradle' line: 4
* What went wrong:
Error resolving plugin [id: 'com.github.hierynomus.license', version: '0.14.0']
> Could not resolve all dependencies for configuration 'detachedConfiguration1'.
> Could not determine artifacts for com.github.hierynomus.license:com.github.hierynomus.license.gradle.plugin:0.14.0
> Could not get resource 'https://plugins.gradle.org/m2/com/github/hierynomus/license/com.github.hierynomus.license.gradle.plugin/0.14.0/com.github.hierynomus.license.gradle.plugin-0.14.0.jar'.
> Could not HEAD 'https://plugins.gradle.org/m2/com/github/hierynomus/license/com.github.hierynomus.license.gradle.plugin/0.14.0/com.github.hierynomus.license.gradle.plugin-0.14.0.jar'.
> Read timed out
* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.
* Get more help at https://help.gradle.org
BUILD FAILED in 40s
I solved this problem by switching the operating system to Ubuntu 18.10. If you'r in a container just change the dockerfile to: FROM ubuntu:18.10 Ubuntu 18.04 seems like have a problem with java certificates just like said in https://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty/25188331#25188331
`./gradlew installKernel Downloading https://services.gradle.org/distributions/gradle-4.2.1-bin.zip
Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214) at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1974) at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1926) at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1909) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245) at org.gradle.wrapper.Download.downloadInternal(Download.java:66) at org.gradle.wrapper.Download.download(Download.java:51) at org.gradle.wrapper.Install$1.call(Install.java:62) at org.gradle.wrapper.Install$1.call(Install.java:48) at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:69) at org.gradle.wrapper.Install.createDist(Install.java:48) at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:107) at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:61) Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.base/sun.security.validator.PKIXValidator.(PKIXValidator.java:89)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947)
at java.base/sun.security.ssl.ClientHandshaker.certificateStatus(ClientHandshaker.java:1798)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:276)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429)
... 14 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.(PKIXValidator.java:86)
... 29 more
`