Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Building on JDK 11 fails with "No password supplied for PKCS#12" #5808

Open
Confusion opened this issue Aug 1, 2019 · 4 comments

Comments

@Confusion
Copy link

commented Aug 1, 2019

I believe this has happened before and was solved, but I can't find an actual solution. As far as I know I have a default JDK 11 install on my Ubuntu 18.04.3 and am bootstrapping the clone of this repo.

Environment

jruby 9.2.8.0-SNAPSHOT (2.5.3) 2019-08-01 5627c8f OpenJDK 64-Bit Server VM 11.0.4+11-post-Ubuntu-1ubuntu218.04.3 on 11.0.4+11-post-Ubuntu-1ubuntu218.04.3 +jit [linux-x86_64]

Edit: observed same behavior on 19.04
jruby 9.2.8.0-SNAPSHOT (2.5.3) 2019-08-04 dc64294 OpenJDK 64-Bit Server VM 11.0.4+11-post-Ubuntu-1ubuntu219.04 on 11.0.4+11-post-Ubuntu-1ubuntu219.04 +jit [linux-x86_64]

Expected Behavior

mvn -Pbootstrap passes

Actual Behavior

After a successful ./mvnw, mvn -Pbootstrap fails with:

[..snip..]
[INFO] -----------------------< org.jruby:jruby-tests >------------------------
[INFO] Building JRuby Integration Tests 9.2.8.0-SNAPSHOT                  [4/4]
[INFO] --------------------------------[ jar ]---------------------------------
Downloading from mavengems: mavengem:http://rubygems.org/rubygems/rspec/3.7.0/rspec-3.7.0.pom
OpenSSL::X509::StoreError: setting default path failed: No password supplied for PKCS#12 KeyStore.
  set_default_paths at org/jruby/ext/openssl/X509Store.java:165
         SSLContext at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/jopenssl19/openssl/ssl-internal.rb:31
[..snip..]
/kernel_require.rb:53
             (root) at uri:classloader:/META-INF/jruby.home/lib/ruby/shared/rubygems/security.rb:11
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for JRuby 9.2.8.0-SNAPSHOT:
[INFO] 
[INFO] JRuby .............................................. SUCCESS [  0.262 s]
[INFO] JRuby Core ......................................... SUCCESS [  6.820 s]
[INFO] JRuby Lib Setup .................................... SUCCESS [  2.146 s]
[INFO] JRuby Integration Tests ............................ FAILURE [  2.715 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  14.974 s
[INFO] Finished at: 2019-08-01T08:24:00+02:00
[INFO] ------------------------------------------------------------------------
---------------------------------------------------
[..snip list of constituents..]
---------------------------------------------------
Exception in thread "main" java.lang.ExceptionInInitializerError
	at org.torquebox.mojo.mavengem.wagon.MavenGemWagon.rubygemsFactory(MavenGemWagon.java:88)
[..snip..]
Caused by: org.jruby.exceptions.RaiseException: (OpenSSL::X509::StoreError) setting default path failed: No password supplied for PKCS#12 KeyStore.
	at org.jruby.ext.openssl.X509Store.set_default_paths(org/jruby/ext/openssl/X509Store.java:165)
[..snip..]

@Confusion Confusion changed the title Building HEAD @ JDK 11 fails with "No password supplied for PKCS#12" Building on JDK 11 fails with "No password supplied for PKCS#12" Aug 4, 2019

@headius

This comment has been minimized.

Copy link
Member

commented Aug 5, 2019

I believe this is related: https://bugs.openjdk.java.net/browse/JDK-8194702

This appears to have a fix in Java 14, but I thought I saw this starting to get backported to earlier versions: https://bugs.openjdk.java.net/browse/JDK-8162628

And there's a workaround here you might try: robolectric/robolectric#5115 (comment)

To set that property at a JRuby command line use something like this:

jruby -J-Djavax.net.ssl.trustStore=NONE ...

Or put the -D.... part in env JAVA_OPTS.

Sorry to see you've run into this but it seems like a JDK issue and we've never found a clean workaround we can do on the JRuby side.

@Confusion

This comment has been minimized.

Copy link
Author

commented Aug 15, 2019

That workaround doesn't seem to work for me, with either Java 11 or Java 13:

JAVA_OPTS="-Djavax.net.ssl.trustStore=NONE" mvn -Pbootstrap

still fails in the same way.

Another workaround, from one of the issues you linked, which is to use

JAVA_OPTS="-Djavax.net.ssl.trustStorePassword=changeit"

also doesn't work. I've also tried exporting the JAVA_OPTS so different JVM invocations would all pick them up.

A workaround that does work is to simply switch to Java 8, run mvn -Pbootstrap so everything is installed, then switch back to Java 11 or 13. The problem seems to be only with fetching gems, though I suspect attempts at accessing any https URL from a JRuby program may fail.

My current versions:

openjdk version "11.0.4" 2019-07-16
OpenJDK Runtime Environment (build 11.0.4+11-post-Ubuntu-1ubuntu219.04)
OpenJDK 64-Bit Server VM (build 11.0.4+11-post-Ubuntu-1ubuntu219.04, mixed mode, sharing)

and

openjdk version "13" 2019-09-17
OpenJDK Runtime Environment (build 13+13-Ubuntu-0ubunt1)
OpenJDK 64-Bit Server VM (build 13+13-Ubuntu-0ubunt1, mixed mode, sharing)
@headius

This comment has been minimized.

Copy link
Member

commented Aug 19, 2019

Ok I'll spend some time today trying to figure out a better workaround.

@headius

This comment has been minimized.

Copy link
Member

commented Aug 19, 2019

You know it occurs to me that this is happening during gem installs during our build, which is done using an earlier JRuby version. I think we have worked around this issue in recent JRuby releases, since I can't reproduce by installing gems at a command line.

I will confer with @mkristian on that angle and see if we can do another upgrade of the "mavengem" plugin and other build-time uses of JRuby.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.