Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gradlew fails to download gradle due to an SSLException on jdk-11 on ubuntu 18.04 #19

Open
LeonCloudEndure opened this issue Jun 20, 2018 · 6 comments
Open

gradlew fails to download gradle due to an SSLException on jdk-11 on ubuntu 18.04 #19

LeonCloudEndure opened this issue Jun 20, 2018 · 6 comments

Comments

@LeonCloudEndure
Copy link

`./gradlew installKernel
Downloading https://services.gradle.org/distributions/gradle-4.2.1-bin.zip

Exception in thread "main" javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1974)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1926)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1909)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:567)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1581)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1509)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:245)
at org.gradle.wrapper.Download.downloadInternal(Download.java:66)
at org.gradle.wrapper.Download.download(Download.java:51)
at org.gradle.wrapper.Install$1.call(Install.java:62)
at org.gradle.wrapper.Install$1.call(Install.java:48)
at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:69)
at org.gradle.wrapper.Install.createDist(Install.java:48)
at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:107)
at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:61)
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.validator.PKIXValidator.(PKIXValidator.java:89)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1947)
at java.base/sun.security.ssl.ClientHandshaker.certificateStatus(ClientHandshaker.java:1798)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:276)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1098)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1026)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429)
... 14 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.(PKIXValidator.java:86)
... 29 more
`
@SpencerPark
Copy link
Owner

SpencerPark commented Jun 30, 2018
edited
Loading

This looks like an issue with the openjdk installation. I feel like I've seen similar things around certificates and openjdk while learning about getting all the docker stuff setup for the Binder repo.

Potentially related is docker-library/openjdk#145. See also https://github.com/mikaelhg/broken-docker-jdk9-cacerts for a more detailed explanation and some potential fixes (please let me know if you try any that work for you). That repository I linked also explicitly mentions Ubuntu 18.04 and says that the problem exists from >=jdk9.

I would like to leave this open even if you find a workaround that works in case others come across the problem. Thanks for the report!

```
P.S. For multi-line code blocks, use an opening and closing triple backtick each on their own line
or indent the whole block with 4 spaces. :)
```

@LeonCloudEndure
Copy link
Author

That is a crazy coincidence, I usually don't work with java at all. But the two last tasks in my Work, and here are all related to the exact same thing :P

Anyway this workaround worked perfectly:
/usr/bin/printf '\xfe\xed\xfe\xed\x00\x00\x00\x02\x00\x00\x00\x00\xe2\x68\x6e\x45\xfb\x43\xdf\xa4\xd9\x92\xdd\x41\xce\xb6\xb2\x1c\x63\x30\xd7\x92' > /etc/ssl/certs/java/cacerts /var/lib/dpkg/info/ca-certificates-java.postinst configure

But this workaround is bad for anything that is not a test machine since it overwrites the cacerts file.
From what I understand from the second link and from my limited knowledge on the cacerts file, all you need to change is for the relevant code to either run with:
-Djavax.net.ssl.trustStorePassword=changeit
or inside the code itself do:
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
at the very beginning.
This should work for both old and new java versions.

@SpencerPark
Copy link
Owner

SpencerPark commented Jul 3, 2018
edited
Loading

Yes it is not the nicest workaround. I believe what is going on now is just waiting for a version bump in the debian package as it is only a problem on openjdk for linux x64 (https://bugs.java.com/view_bug.do?bug_id=8189357). There was a pretty quick EOL for java 9 and we are on 10 currently but it looks like 11 is the planned long term support release (along with 8 as it was before jigsaw). I've had luck with 10 so far which maybe I should include in the readme in case users are only installing a newer jdk to try the project.

Thanks for the update!

@LeonCloudEndure
Copy link
Author

I really think you should add -Djavax.net.ssl.trustStorePassword=changeit to the build since it should still solve the issue, and if changeit is set to a var that a user can change it will also allow people with custom java stores to be able to work with IJava as well.
If I will have time I will try to check this option and submit a fix.

@LeonCloudEndure
Copy link
Author

A quick fix I did (I assume that is not the proper way to do it, so I am just showing this as a proof of concept, or another potential workaround)

git diff
diff --git a/gradlew b/gradlew
old mode 100644
new mode 100755
index cccdd3d..0ff933c
--- a/gradlew
+++ b/gradlew
@@ -28,7 +28,7 @@ APP_NAME="Gradle"
 APP_BASE_NAME=`basename "$0"`
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
-DEFAULT_JVM_OPTS=""
+DEFAULT_JVM_OPTS="-Djavax.net.ssl.trustStorePassword=changeit"
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD="maximum"

Right now it fails due to a new issue (maybe its something temporary) but it fails with the previous workaround as well so its unrelated:

./gradlew installKernel
Starting a Gradle Daemon, 1 incompatible Daemon could not be reused, use --status for details

FAILURE: Build failed with an exception.

* Where:
Build file '/home/ubuntu/IJava/build.gradle' line: 4

* What went wrong:
Error resolving plugin [id: 'com.github.hierynomus.license', version: '0.14.0']
> Could not resolve all dependencies for configuration 'detachedConfiguration1'.
   > Could not determine artifacts for com.github.hierynomus.license:com.github.hierynomus.license.gradle.plugin:0.14.0
      > Could not get resource 'https://plugins.gradle.org/m2/com/github/hierynomus/license/com.github.hierynomus.license.gradle.plugin/0.14.0/com.github.hierynomus.license.gradle.plugin-0.14.0.jar'.
         > Could not HEAD 'https://plugins.gradle.org/m2/com/github/hierynomus/license/com.github.hierynomus.license.gradle.plugin/0.14.0/com.github.hierynomus.license.gradle.plugin-0.14.0.jar'.
            > Read timed out

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

BUILD FAILED in 40s

@HelderGualberto
Copy link

I solved this problem by switching the operating system to Ubuntu 18.10.
If you'r in a container just change the dockerfile to: FROM ubuntu:18.10
Ubuntu 18.04 seems like have a problem with java certificates just like said in
https://stackoverflow.com/questions/6784463/error-trustanchors-parameter-must-be-non-empty/25188331#25188331

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@HelderGualberto @SpencerPark @LeonCloudEndure