Open Nick1497 opened 3 months ago
Two questions for you:
What does this query returns when run on your system?
With JAVA_PTF_GROUP as (
SELECT PTF_GROUP_TARGET_RELEASE OS,
Case PTF_GROUP_TARGET_RELEASE
When 'V7R4M0' Then 'SF99665'
When 'V7R3M0' Then 'SF99725'
When 'V7R2M0' Then 'SF99716'
When 'V7R1M0' Then 'SF99572' End PTF_GROUP
FROM QSYS2.GROUP_PTF_INFO
WHERE PTF_GROUP_DESCRIPTION = 'TECHNOLOGY REFRESH'
AND PTF_GROUP_STATUS = 'INSTALLED'
LIMIT 1)
Select Max(OS) OS,
PTF_GROUP_NAME,
Max(PTF_GROUP_LEVEL) "CURRENT LEVEL"
From QSYS2.GROUP_PTF_INFO
Inner Join JAVA_PTF_GROUP On PTF_GROUP = PTF_GROUP_NAME
Group by PTF_GROUP_NAME;
What's the output of java -version
when run in batch?
Return of query:
The system is running 11.0.8 but JAVA_HOME that the debugger is referencing is java version 1.8.0_341
This links seems like it may be useful https://www.ibm.com/support/pages/support-hmacpbesha256-algorithm-app-connect-enterprise. Will investigate this to see if it will assist.
I looked into this a bit and every time, it boils down to "Java doesn't support this algorithm". I would understand if the keystore was generated by Java, but we use openssl
to generate it; and it worked fine on every LPAR I tried it on (i.e. Java 8 had no issue opening the keystore).
What's the output of these commands for you?
openssl version
which openssl
Our test system is down for the next 3 days. Will check this out when it is back up.
IBM i Debug v2.0.1 was just released. Debug v2 uses Java 11 instead of Java 8. This Java 8 specific error is unlikely to happen in Java 11.
Nice, when the system is back up I will give this a go! Updates to come.
I've updated to IBM i Debug v2.0.1 but, when I boot up the system and such the debugger still says 1.0.0:
Any way to get it to use the new version?
I've updated to IBM i Debug v2.0.1 but, when I boot up the system and such the debugger still says 1.0.0:
Any way to get it to use the new version?
You need to install the host update too to get Debugger v2.
And now that I think about it, the debug service configuration will have to be updated to use Java 11, too.
Noted, I will look into getting the new PTF next week, and will also change the debugger config. Updates to come.
Noted, I will look into getting the new PTF next week, and will also change the debugger config. Updates to come.
Nice! To update the configuration, open it from the Debugger view:
Then scroll down and update the JAVA_HOME variable Change it to:
JAVA_HOME=/QOpenSys/QIBM/ProdData/JavaVM/jdk11/64bit
Save the configuration and you should be good to go. Alternatively, you can delete the existing certificate and let Code for IBM i create a new one; it will update the configuration as well.
@sebjulliand to answer your question:
I looked into this a bit and every time, it boils down to "Java doesn't support this algorithm". I would understand if the keystore was generated by Java, but we use
openssl
to generate it; and it worked fine on every LPAR I tried it on (i.e. Java 8 had no issue opening the keystore).What's the output of these commands for you?
openssl version
which openssl
Openssl version: OpenSSL 3.0.10 1 Aug 2023 (Library: OpenSSL 3.0.10 1 Aug 2023)
which openssl: /QOpenSys/usr/bin/openssl
Our system hardware was upgraded and there has been some issues, so for the time being I am not able to apply the new PTF to allow me to use the new debugger (2.0). Would be nice if I could get version 1.0 working while I wait.
Maybe the output from which openssl
is a good hint. Your openssl version seems OK but which
points to /QOpenSys/usr/bin
instead of /QOpenSys/pkgs/bin
.
Can you check your PATH variable?
echo $PATH
I assume that /QOpenSys/usr/bin
must appear before /QOpenSys/pkgs/bin
. If it's the case, then try to put /QOpenSys/pkgs/bin
in first position in the .bashrc
file in your home directory.
Then re-open a shell session and check that which openssl
answers /QOpenSys/pkgs/bin/openssl
this time.
Then generate the certificate again.
If it still doesn't work, I'll have one more trick up my sleeve (or maybe two...).
echo $PATH ouput: /usr/bin:.:/QOpenSys/usr/bin
And when I check my .bashrc in the following directory /home/myProfileName it has the current contents:
Generated by Code for IBM i export PATH=/QOpenSys/pkgs/bin:$PATH
So it seems like it is already setup how it should be?
Try this now:
Download this zip: code-for-ibmi-2.11.4-dev.0.vsix.zip
Unzip it
Install the vsix found inside. It's a special build that includes the -legacy
flag when openssl
is invoked to generate the PKCS12 file.
Connect to your LPAR
Delete any existing certificate
Generate a new one
Start the debug service
I tried it on my system and it worked (with or without the -legacy
flag).
Let me know how it goes for you after you generated a certificate with this 2.11.4-dev.0
build.
I installed the vsix file and removed the certificates. When trying to re-generate them I get this error (where the blacked out portion is the DNS for our system):
After having a close look, it turns out your PATH
makes you use openssl
provided by yum instead of /QOpenSys/usr/bin/openssl
. This causes some issues, obviously 😅
Here is another vsix generated from this PR: https://github.com/codefori/vscode-ibmi/pull/2151 code-for-ibmi-2.11.5-dev.0.vsix.zip
It will force the use of /QOpenSys/usr/bin/openssl
when generating the certificates. This should take care of your issue once and for all.
Let me know how it goes!
Installed it and while the certificates could be generated this time. The original error still persists (I do enjoy how you added the output of the error message to VS Code!):
I'll need to check two thing related to your environment:
/QOpenSys/QIBM/ProdData/JavaVM/jdk80/64bit/jre/lib/security/java.security
fileenv
command when run in a PASE terminalAlso, while we're at it, from a PASE terminal, run this:
/QOpenSys/usr/bin/openssl genrsa -out test_cert.key 2048 && /QOpenSys/usr/bin/openssl req -new -key test_cert.key -out test_cert.csr -subj '/CN=localhost' && /QOpenSys/usr/bin/openssl x509 -req -in test_cert.csr -signkey test_cert.key -out test_cert.crt -days 1095 -sha256 -req && /QOpenSys/usr/bin/openssl pkcs12 -export -out test_keystore.pfx -inkey test_cert.key -in test_cert.crt -password pass:password && rm test_cert.*
This will create a test_keystore.pfx file in the current directory on the IFS. Please retrieve it, put it in a zip file and attach it in a reply.
Thanks!
Env Command: (blacked out company/personal info) test_keystore.zip
Any updates on this @sebjulliand?
No...I compared your file with the ones I have on two LPAR running the service and couldn't spot any difference. Nothing useful in the env output either.
The only thing I can say is that on the 7.3 box that runs the service, current level is 28 - yours is 27:
If you can, ask to update SF99725 to the latest level. It shouldn't hurt and it may solve this issue.
Also, if you can, attach these files if they exist.
Debug service log: /QIBM/UserData/IBMIDEBUGSERVICE/DebugService_log.txt
Debug service Eclipse instance log: /QIBM/UserData/IBMIDEBUGSERVICE/startDebugService_workspace/.metadata/.log
Thanks!
I will look into upgrading the version you mentioned. I did not see anything for the Debug Service Log but here is the other .log file: .log
Yeah our team can't really apply any PTFs right now, so upgrading the version won't be possible currently. When we are able to apply PTFs I will get the ones that allow me to use V2 of the debugger.
Type: Bug
Connect to IBM i system > Start the debug server > Attempt to start the debug service in which the issue occurs at this step. It is affecting my entire team who use this tool, we all receive the same error message as well.
Opened new issue as I did not see any option to re-open the old one. The first suggestion in #2110 was to wipe the certs and generate new ones and that did not fix the problem. The second troubleshooting step had an unrelated error message to mine. Seeing if anyone has any other suggestions.
Extension version: 2.10.1 VS Code version: Code 1.90.0 (89de5a8d4d6205e5b11647eb6a74844ca23d2573, 2024-06-04T19:33:54.889Z) OS version: Windows_NT x64 10.0.19045 Modes:
System Info
|Item|Value| |---|---| |CPUs|AMD Ryzen 5 PRO 7530U with Radeon Graphics (12 x 1996)| |GPU Status|2d_canvas: enabledcanvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: enabled| |Load (avg)|undefined| |Memory (System)|15.31GB (5.00GB free)| |Process Argv|--crash-reporter-id f363ceb0-20c6-49c7-80ad-3a25bbb3f05d| |Screen Reader|no| |VM|0%|
A/B Experiments
``` vsliv368cf:30146710 vspor879:30202332 vspor708:30202333 vspor363:30204092 vscoreces:30445986 vscod805cf:30301675 binariesv615:30325510 vsaa593cf:30376535 py29gd2263:31024239 c4g48928:30535728 azure-dev_surveyone:30548225 a9j8j154:30646983 962ge761:30959799 pythongtdpath:30769146 welcomedialog:30910333 pythonidxpt:30866567 pythonnoceb:30805159 asynctok:30898717 pythontestfixt:30902429 pythonregdiag2:30936856 pythonmypyd1:30879173 2e7ec940:31000449 pythontbext0:30879054 accentitlementst:30995554 dsvsc016:30899300 dsvsc017:30899301 dsvsc018:30899302 cppperfnew:31000557 dsvsc020:30976470 pythonait:31006305 jchc7451:31067544 chatpanelc:31048052 dsvsc021:30996838 bdiig495:31013172 pythoncenvpt:31062603 a69g1124:31058053 dvdeprecation:31068756 pythonprt:31056678 dwnewjupytercf:31046870 26j00206:31048877 ```