Closed xbotuk closed 3 years ago
Documentation for how to install language components manually or how to setup a proxy is available here https://www.graalvm.org/docs/reference-manual/graal-updater/ Let us know if this did not work for you.
I have this issue also, though my proxy is set up correctly. I need a custom cert bundle too, which is also set up (though maybe not in a way gu checks), could that be an issue? I can't find any docs on configuring gu for a https intercepting proxy. Some logs:
$ ~/apps/graalvm-ce-19.0.0/bin/gu available -v --debug
Downloading: Component catalog (source: https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties)
Error: Component catalog is unreachable.
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
org.graalvm.component.installer.FailedOperationException: Component catalog is unreachable.
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
at org.graalvm.component.installer.Environment$1.failure(Environment.java:312)
at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:116)
at org.graalvm.component.installer.remote.MergeStorage.listComponentIDs(MergeStorage.java:65)
at org.graalvm.component.installer.model.CatalogContents.getComponentIDs(CatalogContents.java:209)
at org.graalvm.component.installer.commands.ListInstalledCommand.findComponentIds(ListInstalledCommand.java:78)
at org.graalvm.component.installer.commands.ListInstalledCommand.process(ListInstalledCommand.java:129)
at org.graalvm.component.installer.commands.ListInstalledCommand.execute(ListInstalledCommand.java:111)
at org.graalvm.component.installer.ComponentInstaller.processCommand(ComponentInstaller.java:273)
at org.graalvm.component.installer.ComponentInstaller.run(ComponentInstaller.java:350)
at org.graalvm.component.installer.ComponentInstaller.main(ComponentInstaller.java:384)
Caused by: java.net.ConnectException: Timeout while connecting to https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties
at org.graalvm.component.installer.remote.ProxyConnectionFactory$ConnectionContext.getConnectException(ProxyConnectionFactory.java:189)
at org.graalvm.component.installer.remote.ProxyConnectionFactory.openConnectionWithProxies(ProxyConnectionFactory.java:342)
at org.graalvm.component.installer.remote.ProxyConnectionFactory.openConnection(ProxyConnectionFactory.java:120)
at org.graalvm.component.installer.remote.ProxyConnectionFactory.createConnection(ProxyConnectionFactory.java:356)
at org.graalvm.component.installer.remote.FileDownloader.download(FileDownloader.java:334)
at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:114)
... 8 more
$ env |grep -i proxy
HTTPS_PROXY=http://localhost:3128
HTTP_PROXY=http://localhost:3128
http_proxy=http://localhost:3128
https_proxy=http://localhost:3128
$ env |grep -i cert
REQUESTS_CA_BUNDLE=/etc/pki/tls/certs/ca-bundle.crt
SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt
$ curl https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties
# 1.0.0-RC1 release
org.graalvm.1.0.0-rc1_linux_amd64=GraalVM 1.0.0-rc1 linux/amd64
org.graalvm.1.0.0-rc1_darwin_amd64=GraalVM 1.0.0-rc1 darwin/amd64
<snip>
Any tips would be appreciated!
I have the same issue with the last version. The information in the documentation is not working at all:
If GraalVM Updater needs to reach the component catalog, or download a component package, it may need to pass through the HTTP/HTTPS proxy, if the network uses one. On macOS, the proxy settings are automatically obtained from the OS. On Linux, ensure that the http_proxy and https_proxy environment variables are set appropriately before launching the gu tool. Refer to the distribution and/or desktop environment documentation for the details.
$> env | grep proxy
https_proxy=http://login:password@proxy:port
http_proxy=http://login:password@proxy:port
$> wget google.com
--2020-09-18 11:57:21-- http://google.com/
Connexion à proxy:port⊠connecté.
requĂȘte Proxy transmise, en attente de la rĂ©ponse⊠301 Moved Permanently
Emplacement : http://www.google.com/ [suivant]
--2020-09-18 11:57:21-- http://www.google.com/
RĂ©utilisation de la connexion existante Ă proxy:port.
requĂȘte Proxy transmise, en attente de la rĂ©ponse⊠200 OK
Taille : non indiqué [text/html]
Sauvegarde en : « index.html »
index.html [ <=> ] 11,71K --.-KB/s ds 0,007s
2020-09-18 11:57:22 (1,71 MB/s) - « index.html » sauvegardé [11995]
$> ./gu -v --debug install python
Downloading: Component catalog (source: https://www.graalvm.org/component-catalog/graal-updater-component-catalog-java8.properties)
Error: Component catalog is unreachable.
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
org.graalvm.component.installer.FailedOperationException: Component catalog is unreachable.
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
at org.graalvm.component.installer.Environment$1.failure(Environment.java:322)
at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:134)
at org.graalvm.component.installer.remote.MergeStorage.listComponentIDs(MergeStorage.java:99)
at org.graalvm.component.installer.model.CatalogContents.getComponentIDs(CatalogContents.java:245)
at org.graalvm.component.installer.remote.CatalogIterable$It.expandId(CatalogIterable.java:133)
at org.graalvm.component.installer.remote.CatalogIterable$It.next(CatalogIterable.java:186)
at org.graalvm.component.installer.remote.CatalogIterable$It.next(CatalogIterable.java:116)
at org.graalvm.component.installer.commands.InstallCommand.processComponents(InstallCommand.java:460)
at org.graalvm.component.installer.commands.InstallCommand.prepareInstallation(InstallCommand.java:497)
at org.graalvm.component.installer.commands.InstallCommand.executeStep(InstallCommand.java:535)
at org.graalvm.component.installer.commands.InstallCommand.execute(InstallCommand.java:191)
at org.graalvm.component.installer.ComponentInstaller.doProcessCommand(ComponentInstaller.java:439)
at org.graalvm.component.installer.ComponentInstaller.processCommand(ComponentInstaller.java:453)
at org.graalvm.component.installer.ComponentInstaller.run(ComponentInstaller.java:563)
at org.graalvm.component.installer.ComponentInstaller.main(ComponentInstaller.java:616)
Caused by: java.net.ConnectException: Timeout while connecting to https://www.graalvm.org/component-catalog/graal-updater-component-catalog-java8.properties
at org.graalvm.component.installer.remote.ProxyConnectionFactory$ConnectionContext.getConnectException(ProxyConnectionFactory.java:238)
at org.graalvm.component.installer.remote.ProxyConnectionFactory.openConnectionWithProxies(ProxyConnectionFactory.java:411)
at org.graalvm.component.installer.remote.ProxyConnectionFactory.openConnection(ProxyConnectionFactory.java:162)
at org.graalvm.component.installer.remote.ProxyConnectionFactory.createConnection(ProxyConnectionFactory.java:430)
at org.graalvm.component.installer.remote.FileDownloader.download(FileDownloader.java:309)
at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:132)
... 13 more
Could you please reopen the issue or fix the documentation? Do we have to pass options to the JVM?
What is the OS you are running it on? Linux in VM or on host?
Could you perform some more tests ? Try to run gu
in JVM mode (so we can rule out potential issues with AOT-built binary: Run it as gu --jvm <the rest of commandline as usual>
.
The default delay before giving up in proxy environment is set to 10secs, so it shoudl satisfy even slow proxies.
How to set window proxy? I didn't find it in document. And the manual download from oracle does not have component I think.
On windows proxy can be set as:
set http_proxy=<proxy_server_name>
gu install python
GraalPython is available at CE https://github.com/graalvm/graalpython/releases and also EE OTN license: https://www.oracle.com/downloads/graalvm-downloads.html
Sorry window proxy does not work with me, I set a not exist proxy 192.168.2.111:7980, gu still can download, but very slow and connection will broke.
PS C:\Users\Nillouise\Desktop\tool\graalvm-ce-java11-windows-amd64-20.3.0\graalvm-ce-java11-20.3.0\bin> set https_proxy=192.168.2.111:7980
PS C:\Users\Nillouise\Desktop\tool\graalvm-ce-java11-windows-amd64-20.3.0\graalvm-ce-java11-20.3.0\bin> set http_proxy=192.168.2.111:7980
PS C:\Users\Nillouise\Desktop\tool\graalvm-ce-java11-windows-amd64-20.3.0\graalvm-ce-java11-20.3.0\bin> .\gu install native-image
Downloading: Component catalog from www.graalvm.org
Processing Component: Native Image
Downloading: Component native-image: Native Image from github.com
[### ]
I have try a exist proxy yet, but I watch proxy didn't have network traffic when gu begin to download.
I'm afraid I ran out of ideas. Originally you asked how to set proxy on Windows, right? Looks like connectivity works but connection is slow or there is a big packet loss.
GU is a super-simple utility; and does not do inetnum matching as regular utilities do, to process e.g. no_proxy
env variables. A very simple (and stupid) approach was taken: GU tries to connect through the proxy and without the proxy in parallell. If a direct connect succeeds, it will be preferred (to that authority) even though a proxy connect succeeds. If all three (http proxy, https proxy, direct) fail to connect before timeout elapses, the connection fails.
So if you have a working drect connection, it is likely that GU will connect through that direct connection. I recommend to specify a working proxy first, before trying the hardcore approach below.
Broken or flaky connection is out of GU's scope - that's a matter of quality of you wifi, LAN, ISP, network in general.
There's yet another way which basically circumvents application-level (GU) logic and will use Java's bultin proxy support:
gu --vm.Dhttp.proxyHost=192.168.2.111 --vm.Dhttp.proxyPort=7980 --vm.Dhttps.proxyHost=192.168.2.111 --vm.Dhttps.proxyPort=7980 install native-image
Note:
--jvm
); but on my machine even the AOTed "binary" gu processes those system properties.Thank you, the Java's bultin proxy support is work for me. My area's network environment is bad, direct to connect to Github often broken by GFW when downloading compoenent, so I have to force gu use the proxy.
I'm closing this one: @Nillouise's problem seems to be "flaky" (sorry ;)) unproxied connection, which the autodetection has no chance to asses. The other reporters (@danmur and @mathbagu ) were silent from September.
Reopen if another similar issue occurs, please do remember to include your environment (http_*) settings and also try another tool (verify its proxy settings !) like curl
to reach the "unreachable" URLs.
Documentation for how to install language components manually or how to setup a proxy is available here https://www.graalvm.org/docs/reference-manual/graal-updater/ Let us know if this did not work for you. use Configure Proxies # is helpful
I am facing a very similar (if not the same problem - apart of the fact I am trying to install native-image component rather than Python). I am running on a Mac. I've tried to install the certs manually in cacerts for GraalVM JDK, the first one (when trying to retrieve the catalog from GraalVM.org) - after a manual installation of the certificate - worked fine, however, for some reason now it is not working for this one (check the stacktrace):
gu --jvm -v --debug install native-image
Downloading: Component catalog (source: https://www.graalvm.org/component-catalog/v2/graal-updater-component-catalog-java11.properties) Receiving 164 kB: Done. Processing Component: Native Image Preparing to install Native Image, contains org.graalvm.native-image, version 21.2.0 (org.graalvm.native-image) Checking requirements of component Native Image (native-image), version 21.2.0 Requires Graal Version = 21.2.0, GraalVM provides: 21.2.0 Requires Java Version = 11, GraalVM provides: 11 Requires Architecture = amd64, GraalVM provides: amd64 Requires Operating System = macos, GraalVM provides: macos Downloading: Component native-image: Native Image (source: https://github.com/graalvm/graalvm-ce-builds/releases/download/vm-21.2.0/native-image-installable-svm-java11-darwin-amd64-21.2.0.jar) I/O error occurred: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426) at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:572) at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:197) at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect0(HttpURLConnection.java:2783) at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect(HttpURLConnection.java:2695) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1854) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520) at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334) at org.graalvm.component.installer.remote.ProxyConnectionFactory$Connector.runWithContext(ProxyConnectionFactory.java:370) at org.graalvm.component.installer.remote.ProxyConnectionFactory$Connector.run(ProxyConnectionFactory.java:348) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) at java.base/sun.security.validator.Validator.validate(Validator.java:264) at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313) at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222) at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) ... 26 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ... 32 more
My machine is not behind a proxy.
I've tried to install the certs manually in cacerts for GraalVM JDK, the first one (when trying to retrieve the catalog from GraalVM.org) - after a manual installation of the certificate - worked fine, however, for some reason now it is not working for this one
@Capalupo: Did you install the root and intermediate certificates, or the specific server certificate for graalvm.org
and github.com
? Server certificates are unreliable because they require importing certificates for each website and node (if it's load-balanced), whereas root & intermediate certificates will implicitly trust all domains and nodes signed by that authority.
Another common cause of the "unable to find valid certification path to requested target" error on Mac is that Homebrew and sdkman will upgrade the JDK and replace your cacerts
with a 'fresh' file.
(I'm sure you were able to resolve this issue; I wanted to add my 2 cents for posterity.)
@sdedic: My company has an internal proxy & certificate authority. I was able to consistently reproduce the error, despite the same operation working with cURL:
# Proxy is set
$ printenv | grep proxy
no_proxy=127.0.0.*,10.*,172.*,192.168.*,localhost
all_proxy=http://localhost:3128
http_proxy=http://localhost:3128
https_proxy=http://localhost:3128
ftp_proxy=http://localhost:3128
# cURL works
$ curl https://www.graalvm.org/component-catalog/v2/graal-updater-component-catalog-java11.properties
# 21.0.0 Release
org.graalvm.macos_amd64/21.0.0.0=GraalVM 21.0.0.0 macos/amd64
...
# gu doesn't work
$ gu install native-image --debug
Downloading: Release index file from oca.opensource.oracle.com
Downloading: Component catalog from www.graalvm.org
Error: Error downloading component catalog from https://www.graalvm.org/component-catalog/v2/graal-updater-component-catalog-java11.properties: Connection reset.
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
# ...
Using the JVM options lead to the SSLHandshakeException
error described above:
$ gu --debug --jvm --vm.Dhttp.proxyHost=127.0.0.1 --vm.Dhttp.proxyPort=3128 --vm.Dhttps.proxyHost=127.0.0.1 --vm.Dhttps.proxyPort=3128 install native-image
Downloading: Release index file from oca.opensource.oracle.com
Downloading: Component catalog from www.graalvm.org
Error: Error downloading component catalog from https://www.graalvm.org/component-catalog/v2/graal-updater-component-catalog-java11.properties: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
After adding our root & intermediate certificates to GraalVM's truststore, both the 'regular' and JVM form of gu install worked without issue. This leads me to believe that â â at least in my case â â the issue was caused by untrusted SSL certificates, and not gu's proxy handling logic. Hopefully there's a way for the non-JVM version to propagate the underlying cause, as the current error message can be misleading.
This conclusion may already be known/documented, but as with above I wanted to share for anyone else who stumbles across this issue.
My PC is behind a proxy and it seems that the GU command does not support proxy properly. Can you help please? Also, is there a manual way to install these if I download the jar file manually? Here are the debug information:
~$ gu install python Downloading: Component catalog Processing component archive: Component python Downloading: Component python I/O error occured: Timeout while connecting to https://github.com/graalvm/graalpython/releases/download/vm-1.0.0-rc5/python-installable-ce-1.0.0-rc5-linux-amd64.jar