[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17513642#comment-17513642 ] Richard N. Hillegas commented on DERBY-7126: I compiled Derby cleanly (including javadoc) using the Open JDK 18 GA build 18+36-2087. Tests passed cleanly using both the classpath and the modulepath. I believe that we can resolve this issue now. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510917#comment-17510917 ] Richard N. Hillegas commented on DERBY-7126: I compiled Derby with JDK 17 (build 17+35-2724) and ran the tests against the classpath and the modulepath, setting -Djava.security.manager=allow. Derby built cleanly (including javadoc). The tests passed. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510773#comment-17510773 ] Richard N. Hillegas commented on DERBY-7126: Thanks for those great suggestions, Bryan. Right. It's true that 10.15 runs on Java 9 and 10 and there's no reason to change that. That is, I see no reason to produce a 10.15 release which compiles into Java 11 byte code. I just thought that for the sake of regularity and simplicity, we only needed to peg ourselves to LTS releases. As far as I know, Java 9 and 10 were brief, transitional platforms, which introduced the module system, but which were not maintained after Java 11 came out. I agree that we should phrase our claims in terms of testing rather than support. Great suggestions for the release note and download page. Thanks. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510692#comment-17510692 ] Bryan Pendleton commented on DERBY-7126: That seems like a great plan! I thought that 10.15 still ran on JDK 9+, but I guess you're saying that JDK 9 and 10 were *not* LTS? The word "support" seems a bit loaded, I guess. Perhaps what we claim is more like "testing"? In the release note, or maybe on [https://db.apache.org/derby/derby_downloads.html,] or maybe in both places, it would be nice to include examples of the error messages that you get if you * Try to run 10.15 or 10.16 on JDK 8 * Try to run 10.16 on JDK 11 > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510686#comment-17510686 ] Richard N. Hillegas commented on DERBY-7126: Hi Brian. I think that's a good idea. Here's what I think the next steps are: 1) I can verify today that Derby builds cleanly with JDK 17 and tests cleanly when -Djava.security.manager=allow is set. 2) Write a release note explaining the deprecation of the SecurityManager. The note should say that when you run the network server on JDK 17 or higher, then you need to set either -Djava.security.manager=allow or -noSecurityManager. 3) Discuss with the community the need to compile 10.16 into JDK 17 byte code so that it won't run on earlier releases. I think that's the way to avoid the problems associated with the changed meaning of -Djava.security.manager. 4) Compile a 10.16 release with JDK 17, vet it, and publish it. Going forward, I don't want to claim support for non LTS Java versions. The association would be 10.14 runs on Java 8. 10.15 runs on Java 11. 10.16 runs on Java 17. What are your thoughts? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510173#comment-17510173 ] Bryan Pendleton commented on DERBY-7126: Hi Rick, I've been starting to see a few questions about the new "deprecated" messages in JDK 17+ Here's an example: [https://stackoverflow.com/questions/71541745/i-keep-getting-this-error-messages-when-try-to-use-javadb] I wonder if we should start planning for releasing a new version that supports JDK 17+? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17485295#comment-17485295 ] ASF subversion and git services commented on DERBY-7126: Commit 1897661 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1897661 ] DERBY-7126: Suppress new build warnings introduced by Open JDK build 18-ea+33-2077; commit derby-7126-05-aa-suppressRemovalWarnings.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17485003#comment-17485003 ] Richard N. Hillegas commented on DERBY-7126: Tests on JDK 18, against the classpath, passed cleanly for me on derby-7126-05-aa-suppressRemovalWarnings.diff, using jars built with JDK 18. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17484899#comment-17484899 ] Richard N. Hillegas commented on DERBY-7126: Attaching derby-7126-05-aa-suppressRemovalWarnings.diff. This patch suppresses new "removal" warnings related to finalization and AccessControllers introduced by Open JDK 18 build 18-ea+33-2077. With this patch, Derby builds cleanly under JDK 11 and JDK 18, including the javadoc. I will run a brief sanity test to verify that these changes have not destabilized the code. Touches the following files: {noformat} M java/org.apache.derby.client/org/apache/derby/client/ClientPooledConnection.java M java/org.apache.derby.client/org/apache/derby/client/am/ClientConnection.java M java/org.apache.derby.client/org/apache/derby/client/am/ClientStatement.java M java/org.apache.derby.client/org/apache/derby/client/am/LogicalConnection.java M java/org.apache.derby.engine/org/apache/derby/iapi/services/cache/ClassSize.java M java/org.apache.derby.engine/org/apache/derby/iapi/services/memory/LowMemory.java M java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedBlob.java M java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedConnection.java M java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedStatement.java M java/org.apache.derby.engine/org/apache/derby/impl/jdbc/LOBStreamControl.java M java/org.apache.derby.engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java M java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/LuceneQueryVTI.java M java/org.apache.derby.server/org/apache/derby/impl/drda/EXTDTAInputStream.java M java/org.apache.derby.server/org/apache/derby/impl/drda/ReEncodedInputStream.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/jdbcapi/AutoGenJDBC30Test.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/jdbcapi/LobStreamsTest.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/Bug5052rtsTest.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/memory/MemoryLeakFixesTest.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/store/BootAllTest.java Suppress new "removal" warnings introduced by Open JDK 18 build 18-ea+33-2077. {noformat} > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17469601#comment-17469601 ] Richard N. Hillegas commented on DERBY-7126: I don't think that many applications use the Java SecurityManager. It is hard to configure and hard to debug. Our opinion certainly wasn't surveyed when Oracle decided to make these changes. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17469432#comment-17469432 ] Bryan Pendleton commented on DERBY-7126: Still seems quite strange to me that none of this is listed on [https://openjdk.java.net/projects/jdk/18/] I guess it just indicates that Derby's codebase has drifted far from the Java mainstream, and the problems that Derby encounters in this Jira issue were not considered very significant. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17452595#comment-17452595 ] ASF subversion and git services commented on DERBY-7126: Commit 1895504 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1895504 ] DERBY-7126: Make tests run cleanly on JDK 11 and JDK18 build 18-ea+23-1525; commit derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17451916#comment-17451916 ] Richard N. Hillegas commented on DERBY-7126: Attaching derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff. This patch adjusts the tests so that they run cleanly on both JDK 11 and 18 build 18-ea+23-1525. With these changes, Derby builds cleanly on both JDK 11 and JDK 18--that includes the javadoc. The chief challenge was that the java.security.manager property has changed meaning between JDK 11 and JDK 18. JDK 11 interprets the property as the name of a user-written class which replaces the SecurityManager. JDK 18 interprets the property as a gate on whether the application is allowed to install a SecurityManager. You CAN'T set that property when running on JDK 11 and you MUST set that property when running on JDK 18. To test these changes, I built Derby with JDK 18 build 18-ea+23-1525 and ran the following tests on JDK 11 and JDK 18: o The old harness tests with both the classpath and the modulepath (from my own scripts, setting java.security.manager=allow only if the platform was JDK 18). o The JUnit tests with both the classpath and the modulepath (from my own scripts, setting java.security.manager=allow only if the platform was JDK 18). o ant junit-all o ant test-derbyall o ant test-derbyall-with-modulepath o ant test-junit-all-with-modulepath I saw one error in XMLBindingTest when running the JUnit tests under ant. The error occurs when you run XMLBindingTest standalone using the junit-single target. The error was not introduced by my changes: it occurs when you run XMLBindingTest under ant on JDK 11 without my changes. This is the error: {noformat} java.sql.SQLDataException: Invalid XML Document: access denied (java.io.FilePermission /Users/rhillegas/derby/mainline/trunk/junit_20211126_1247/extin/personal.dtd read) at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:84) at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:141) at org.apache.derby.impl.jdbc.Util.seeNextException(Util.java:252) at org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(TransactionResourceImpl.java:438) at org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(TransactionResourceImpl.java:360) at org.apache.derby.impl.jdbc.EmbedConnection.handleException(EmbedConnection.java:2405) at org.apache.derby.impl.jdbc.ConnectionChild.handleException(ConnectionChild.java:88) at org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1436) at org.apache.derby.impl.jdbc.EmbedPreparedStatement.executeStatement(EmbedPreparedStatement.java:1709) at org.apache.derby.impl.jdbc.EmbedPreparedStatement.execute(EmbedPreparedStatement.java:1394) at org.apache.derbyTesting.junit.XML.insertDocWithDTD(XML.java:206) at org.apache.derbyTesting.functionTests.tests.lang.XMLBindingTest$XBindTestSetup.setUp(XMLBindingTest.java:306) at junit.extensions.TestSetup$1.protect(TestSetup.java:20) at junit.extensions.TestSetup.run(TestSetup.java:25) at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) Caused by: ERROR 2200M: Invalid XML Document: access denied (java.io.FilePermission /Users/rhillegas/derby/mainline/trunk/junit_20211126_1247/extin/personal.dtd read) at org.apache.derby.shared.common.error.StandardException.newException(StandardException.java:300) at org.apache.derby.impl.jdbc.SQLExceptionFactory.wrapArgsForTransportAcrossDRDA(SQLExceptionFactory.java:170) at org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:75) Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /Users/rhillegas/derby/mainline/trunk/junit_20211126_1247/extin/personal.dtd read) at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:751) at java.base/java.io.File.isDirectory(File.java:860) at
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17448082#comment-17448082 ] ASF subversion and git services commented on DERBY-7126: Commit 1895270 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1895270 ] DERBY-7126: Add an error message mentioning the new security manager property; tests passed cleanly on derby-7126-03-aa-mention-java.security.manager.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17447604#comment-17447604 ] Richard N. Hillegas commented on DERBY-7126: Attaching derby-7126-03-aa-mention-java.security.manager.diff. This patch adds a new server diagnostic message which is raised when the SecurityManager cannot be installed. The message appears when the user tries to boot a server (on JDK 18) according to our current documentation: {noformat} Mon Nov 22 12:01:21 PST 2021 : Could not install a SecurityManager. You may need to set -Djava.security.manager=allow on your java command line: The Security Manager is deprecated and will be removed in a future release {noformat} I will run tests on JDK 11 to make sure that there are no surprises. Touches the following files: {noformat} M java/org.apache.derby.server/org/apache/derby/drda/NetworkServerControl.java M java/org.apache.derby.server/org/apache/derby/loc/drda/messages.properties {noformat} > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446623#comment-17446623 ] Richard N. Hillegas commented on DERBY-7126: I like your idea in general and a new Derby release is a great idea. We should definitely keep 10.14 around for people who are skittish about all the changes from JDK9 onward. I think you're recommending that we steer users toward particular Derby flagship releases, based on the JDK they are using. The download page could be good place to record this advice. A couple points are worth mentioning: o People who don't take our advice are still going to be plagued by surprises when they update their JDK too far but don't upgrade their Derby release. Those surprises may be hard to diagnose. o Even an LTS release like JDK17 is a moving target. Any of the JDK18 regressions could be backported to the next release of JDK17. o The next LTS release is JDK21, targetted for September, 2023, according to https://www.oracle.com/java/technologies/java-se-support-roadmap.html I need to think more about your suggestion. Thanks. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446515#comment-17446515 ] Bryan Pendleton commented on DERBY-7126: It's starting to feel a bit as though JDK 18 will be a watershed release for Derby with some external consequences similar in scope to JDK 9, though internally of course the situation with the two Java releases is very different. I'm wondering if we should lay the groundwork to have a new major release of Derby, just as we did with JDK 9, so we'd have: * People who are still using JDK 8 (yes, amazingly, still a large user base): stick with Derby 10.14 * People who have moved to JDK 9-JDK 17: use Derby 10.15 * People who have moved to JDK 18+: use Derby 10.16 > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446165#comment-17446165 ] Richard N. Hillegas commented on DERBY-7126: According to the Open JDK security experts, the java.security.manager property is read only at boot time. This is a micro-performance optimization implemented as part of https://bugs.openjdk.java.net/browse/JDK-8203316. As a consequence of this change, the Derby server cannot be secure-by-default, starting with JDK 18. It seems that our hand has been forced. We face the following choice: o Don't try to install a SecurityManager if the JVM level is JDK 18 or higher. o Have the network server fail in a visible way if java.security.manager is not set to "allow" on the boot command line and if the -noSecurityManager startup argument is not set. Either option requires documentation changes. Unfortunately, old versions of the Derby server will fail silently when booted on JDK 18 or higher. What a mess. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446072#comment-17446072 ] Richard N. Hillegas commented on DERBY-7126: My naive attempt to workaround the new hurdle introduced by JDK 18 was to programatically set the "java.security.manager" property just before calling System.setSecurityManager()--as we do with the other properties related to the SecurityManager. Unfortunately, this does not allow the SecurityManager to be installed. However, if I set that property on the boot command line, then the SecurityManager can be installed. I have attached a simple program (DERBY_7126_B), which demonstrates this behavior. Here is the output from running the program against JDK 18 WITHOUT setting "java.security.manager": {noformat} mainline (18) > java DERBY_7126_B Exception in thread "main" java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release at java.base/java.lang.System.setSecurityManager(System.java:411) at DERBY_7126_B.main(DERBY_7126_B.java:34) {noformat} And here is the output from running the program against JDK 18 and setting "java.security.manager" on the boot command line: {noformat} mainline (18) > java -Djava.security.manager=allow DERBY_7126_B WARNING: A terminally deprecated method in java.lang.System has been called WARNING: System::setSecurityManager has been called by DERBY_7126_B (file:/Users/rhillegas/src/) WARNING: Please consider reporting this to the maintainers of DERBY_7126_B WARNING: System::setSecurityManager will be removed in a future release {noformat} Looks like another trip to the Open JDK security mailing list is in order. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445981#comment-17445981 ] Richard N. Hillegas commented on DERBY-7126: I agree that the investment in Java seems to be shrinking. I don't understand the value of pushing people to abandon the SecurityManager before a replacement has been found. This will encourage people to write applications with significant attack surfaces. The SecurityManager is the only mechanism which protects arbitrary code from setting sensitive system properties--and that's just one example. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445609#comment-17445609 ] Bryan Pendleton commented on DERBY-7126: I kind of feel increasingly like an outsider in the Java world, and I fear I just haven't been paying much attention. Still, my reaction to all this is: it seems like the Java world has decided that the future does *not* involve System Programming in Java. I'm not sure what use case they feel Java is best suited for, but it certainly doesn't appear to be building a general purpose DBMS engine. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445553#comment-17445553 ] Richard N. Hillegas commented on DERBY-7126: As feared, the Derby tests now fail spectacularly against JDK 18. When I try to run a single JUnit test... {noformat} java junit.textui.TestRunner org.apache.derbyTesting.functionTests.tests.lang.DistinctTest {noformat} ...I get the following error {noformat} Could not create and run test suite: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release {noformat} In addition, under JDK 18 Derby now fails to install a default SecurityManager when the user boots the server. This causes the server to silently fail to boot. {noformat} java -jar /Users/rhillegas/derby/mainline/trunk/jars/sane/derbyrun.jar server start {noformat} According to the email thread mentioned above, to install a SecurityManager, you need to specify the following system property: {noformat} -Djava.security.manager=allow {noformat} I am inclined to make that change to the NetworkServer so that we can continue to limp along until the Open JDK folks figure out their replacement for the SecurityManager. We may want to update the Derby Security Guide to say that this property is required from JDK 18 onward, if you want to run with a SecurityManager. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445552#comment-17445552 ] ASF subversion and git services commented on DERBY-7126: Commit 1895131 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1895131 ] DERBY-7126: Suppress new deprecation warnings introduced by JDK 18; commit derby-7126-02-aa-suppressDeprecationWarnings.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445432#comment-17445432 ] Richard N. Hillegas commented on DERBY-7126: Tests (using the classpath and JDK 11) passed cleanly on derby-7126-02-aa-suppressDeprecationWarnings.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445431#comment-17445431 ] Richard N. Hillegas commented on DERBY-7126: Hi Bryan. No, I don't know which JEP is responsible for the Runtime.exec() deprecation. I couldn't find it in the derby-dev thread titled "JDK 18 Early-Access builds 23 are available". The reasons given for the deprecation (in the JDK 18 javadoc) are related to correctness, not to security. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445385#comment-17445385 ] Bryan Pendleton commented on DERBY-7126: Rick, do you know which JEP is planning to remove Runtime.exec()? Is that also JEP 411? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445339#comment-17445339 ] Richard N. Hillegas commented on DERBY-7126: Attaching derby-7126-02-aa-suppressDeprecationWarnings.diff. This patch suppresses the new deprecation warnings. With this patch, Derby builds cleanly (including javadoc) against both JDK 18 and JDK 11. I will run tests against JDK 11 with the classpath. I don't expect different behavior with the modulepath. I expect that JDK 18 will cause the tests to fail spectacularly because of the additional work on JEP 411. I plan to address those failures with a separate patch. Touches the following files: {noformat} M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/FileCompare.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/RunList.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/UnJar.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/replicationTests/ReplicationRun.java M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/util/JarUtil.java M java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/ij.jj {noformat} > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445307#comment-17445307 ] Richard N. Hillegas commented on DERBY-7126: When I build Derby with JDK build 18-ea+23-1525, I get the following new warnings: {noformat} [javac] /Users/rhillegas/derby/mainline/trunk/generated/java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/ij.java:2776: warning: [deprecation] exec(String) in Runtime has been deprecated [javac] Process p = Runtime.getRuntime().exec(stringValue(cmd.image)); [javac] ^ [javac] 1 warning [javac] /Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/FileCompare.java:279: warning: [deprecation] exec(String) in Runtime has been deprecated [javac] pr = Runtime.getRuntime().exec(diffCmd); [javac] ^ [javac] /Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/RunList.java:647: warning: [deprecation] exec(String) in Runtime has been deprecated [javac] Process prstop = Runtime.getRuntime().exec(stopCmd); [javac] ^ [javac] /Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/UnJar.java:79: warning: [deprecation] exec(String) in Runtime has been deprecated [javac] pr = Runtime.getRuntime().exec(jarCmd); [javac] ^ [javac] /Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/replicationTests/ReplicationRun.java:1509: warning: [deprecation] exec(String) in Runtime has been deprecated [javac] Process proc = rt.exec(localCommand); [javac] ^ [javac] /Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/util/JarUtil.java:59: warning: [deprecation] exec(String) in Runtime has been deprecated [javac] pr = Runtime.getRuntime().exec(jarCmd); [javac] ^ [javac] 5 warnings {noformat} > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17439691#comment-17439691 ] Bryan Pendleton commented on DERBY-7126: It seems to me that you had a nice clean example of a program that used to throw an exception and now does not, and the response was that {quote}Throwing an Exception would be too high of a risk for applications that happen to load signed JARs off the classpath but don't otherwise behave any differently. {quote} I don't oppose the documentation changes that you're proposing. I also am not sure that adding more to the documentation really helps anything at this point. Often, with documentation, more is not necessarily better. Thanks for digging into this and for sharing the results of your investigation! > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17439382#comment-17439382 ] Richard N. Hillegas commented on DERBY-7126: The engineer responsible for the work on https://bugs.openjdk.java.net/browse/JDK-8269039 had this to say about the security regression we stumbled across. It appears that the Open JDK team is not going to fix this behavior: {noformat} Hello Rick, It is behaving as expected. Let me explain in more detail. First, loading a signed JAR off the classpath only verifies the signature and digests of the JAR file. It does not validate the signer's certificate chain or determine if the signer is trusted. The JarFile API class description includes this warning [1]: "Please note that the verification process does not include validating the signer's certificate. A caller should inspect the return value of JarEntry.getCodeSigners() to further determine if the signature can be trusted." Some frameworks such as Web Start have this additional checking built-in. Or, if you run your code with a Security Manager, then additional steps will be performed at run-time to check that the code is signed and that the signer's public key is trusted before granting permissions to that code. If you don't perform these additional steps, then the JAR can be modified without detection. For example, the signature related files could be removed from the JAR (thus making it an unsigned JAR), or the JAR could be modified and then re-signed with a different key. In either of these cases, the JVM would load the JAR without any exception. It is also possible that a JAR signed with a weak or broken algorithm (such as MD5 or SHA-1) could be modified without detection. This is why the JDK implementation supports several security properties which are used to disable cryptographic algorithms and protocols that are weak or broken. This provides out-of-the-box security and is important to safeguard against crypto algorithms that inevitably become weaker over time. One of these properties is "jdk.jar.disabledAlgorithms". The specification of this property defines the behavior if a signed JAR file is signed with an algorithm that is disabled [2]: "JARs signed with any of the disabled algorithms or key sizes will be treated as unsigned." The JDK determined after step 1 of the JAR verification process [3] that the JAR was signed with SHA-1, and therefore stopped further processing. You may ask why we don't throw an Exception in this case. Although this was considered, the compatibility risk was too high. These restrictions are nearly always backported to earlier JDK update releases. Throwing an Exception would be too high of a risk for applications that happen to load signed JARs off the classpath but don't otherwise behave any differently. Our primary focus is to protect applications that verify that the code is signed by someone they trust. Consider updating and re-signing your signed jar with a stronger, non-broken algorithm such as SHA-2. SHA-2 is the default digest algorithm used by jarsigner when the -digestalg option is not specified. I hope this information is useful. I do think this is an area where our javadocs and guides could be improved to provide more information about how signed JARs are verified including more details on the behavior of the JDK implementation with respect to disabled algorithms. We will be working to try to improve the docs for JDK 18. --Sean [1] https://download.java.net/java/early_access/jdk18/docs/api/java.base/java/util/jar/JarFile.html [2] https://github.com/openjdk/jdk/blob/master/src/java.base/share/conf/security/java.security#L667 [3] https://docs.oracle.com/en/java/javase/17/docs/specs/jar/jar.html#signed-jar-file {noformat} I'm not sure how to address the fallout from this change. Here are some ideas: 1) Add a release note about this issue to the next Derby release (maybe update the download pages for the currently mirrored releases 10.15.2.0 and 10.14.2.0). 2) Remove support for signed jars files from our security documentation. I don't think that our support for signed jar files does enough to be worth advertising. The most significant part (verifying the identity of the signer) has always been left to the application. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436351#comment-17436351 ] Richard N. Hillegas commented on DERBY-7126: On the Open JDK security-dev mailing list, I have started a discussion about the suspicious behavior which is bothering Bryan and me. The discussion is titled "previously prevented exploit now possible with JDK 18". If security-dev decides not to address this regression, then we will need to discuss how Derby should work around it. Fortunately, we should have a long runway until an LTS JDK appears which contains the https://bugs.openjdk.java.net/browse/JDK-8269039 changes. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436347#comment-17436347 ] ASF subversion and git services commented on DERBY-7126: Commit 1894633 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1894633 ] DERBY-7126: Update signed jars used by DatabaseClassLoadingTest in order to address the new behavior introduced by https://bugs.openjdk.java.net/browse/JDK-8269039; commit derby-7126-01-aa-regenerateSignedJars.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435718#comment-17435718 ] Richard N. Hillegas commented on DERBY-7126: Attaching dcl_emc2sm.jar, the previous version of the corrupted jar file. The security issue which Bryan and I are concerned about can be seen by running the following command on Java 11 vs. Java 18: {noformat} java DERBY_7126_A dcl_emc2sm.jar {noformat} > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435620#comment-17435620 ] Richard N. Hillegas commented on DERBY-7126: Attaching derby-7126-01-aa-regenerateSignedJars.diff. This patch fixes DatabaseClassLoadingTest so that it runs cleanly on JDK 18. The patch includes corrected/additional header comments explaining how to regenerate the signed jars used by this test. It also includes the regenerated jars produced by following those instructions. The jars are now signed using a DSA cryptographic hash instead of the deprecated SHA-1. With these changes, Derby builds cleanly (including javadoc) under both Java 11 and Java 18. I ran the following tests on jar files built with JDK 18: o The full tests using the classpath run against JDK 11. o The full tests using the modulepath run against JDK 11. o The full tests using the classpath run against JDK 18. o The full tests using the modulepath run against JDK 18. Touches the following files: {noformat} M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java New instructions in the header comments for regenerating the signed jars used by the test. M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar M java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar Regenerated, signed jars. The first jar is an intact, signed jar. The second one is a corrupted jar: a hacked class is poked into the already signed jar. {noformat} > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435618#comment-17435618 ] Richard N. Hillegas commented on DERBY-7126: Hi Bryan, DSA seems to work as a replacement cryptographic hash. I plan to share our experience with the Open JDK security team and hear what they have to say. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435005#comment-17435005 ] Bryan Pendleton commented on DERBY-7126: This is interesting, thanks for posting the details! I assume that JDK 18 is dropping support for SHA1 because they are trying to force everyone to move to something newer and stronger (is there a SHA2?). Assuming there is a newer replacement, probably we need to figure out how to test with that newer replacement I guess? But it also seems like if JDK doesn't support a certain signing level (that is, SHA1), then it should raise an error, not just quietly disregard the signature. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434989#comment-17434989 ] Richard N. Hillegas commented on DERBY-7126: I may have figured out how to simulate the old behavior. I took the regenerated jar file and replaced the emc class with the corrupted version from the old corrupted jar. Then I replaced the old corrupted jar with the result. The result is a hacked jar which does not match its modern certificate. The test now runs cleanly on JDK 18 and JDK 11. But I am still confused about the value of the JDK 18 behavior and the value of Derby's support for signed jars. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434984#comment-17434984 ] Richard N. Hillegas commented on DERBY-7126: DatabaseClassLoader has instructions for signing a jar file used by the test (see the method header for testSignedJar()). The instructions don't work any more but can be fixed thusly: {noformat} keytool -delete -alias emccto -keystore emcks -storepass ab987c keytool -genkey -keyalg "DSA" -validity 2555000 -dname "cn=EMC CTO, ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto -keystore emcks -storepass ab987c keytool -selfcert -alias emccto -validity 36500 -keystore emcks -storepass ab987c jarsigner -keystore emcks -storepass ab987c -signedjar dcl_emc2s.jar dcl_emc2.jar emccto {noformat} With the regenerated jar file, 3 of the 4 failures go away. But one remains: {noformat} There was 1 failure: 1) testHackedJarReplacedClass(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError: procedure call worked on hacked jar at org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.testHackedJarReplacedClass(DatabaseClassLoadingTest.java:585) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:76) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:51) at org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:124) at org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:443) at org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:460) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60) FAILURES!!! Tests run: 31, Failures: 1, Errors: 0 {noformat} This is troubling because it means that Derby no longer detects corrupted/hacked jar files. The problem is that Derby is expecting a class loading error on the hacked jar file. But JDK 18 doesn't raise that error. Maybe that is because the jar file was signed with SHA1 and JDK 18 doesn't consider the jar to be signed at all. The following program shows that the corrupted jar file raises class loading errors under Java 11 but not under JDK 18 (see the attached DERBY_7126_A program): {noformat} import java.io.File; import java.net.URL; import java.net.URLClassLoader; public class DERBY_7126_A { private static final String CLASS_NAME = "org.apache.derbyTesting.databaseclassloader.emc"; public static void main(String... args) throws Exception { String fileName = args[0]; URL fileURL = (new File(fileName)).toURI().toURL(); println(fileURL.toString()); println("Try to load a class from a corrupted jar file..."); try { URLClassLoader urlClassLoader = new URLClassLoader( new URL[] { fileURL } ); Class sampleClass = urlClassLoader.loadClass(CLASS_NAME); println("Oops, unexpectedly loaded class " + sampleClass.getName()); } catch (SecurityException se) { println("Class correctly failed to load: " + se.toString()); } } private static void println(String text) { System.out.println(text); } } {noformat} When I run this program thusly... {noformat} java DERBY_7126_A /Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar {noformat} ...I get the following output under Java 11... {noformat} Try to load a class from a corrupted jar file... Class correctly failed to load: java.lang.SecurityException: SHA1 digest error for org/apache/derbyTesting/databaseclassloader/emc.class {noformat} ...and the following output under Java 18: {noformat} Try to load a class from a corrupted jar file... Oops, unexpectedly loaded class org.apache.derbyTesting.databaseclassloader.emc {noformat} I am confused about how to proceed: 1) I don't see any instructions for regenerating the hacked jar file so that the test will do what it used to do. 2) I have misgivings about the JDK 18 behavior. I think that it would be better for the JDK to raise an error when it encounters a jar file which was signed with an SHA1 crytographic hash. Silently accepting a badly signed file
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434535#comment-17434535 ] Richard N. Hillegas commented on DERBY-7126: One problem seems to be that a null list of signers is coming back when we ask a class for its signers. This is probably due to changes made in build 17 of JDK 18 under issue https://bugs.openjdk.java.net/browse/JDK-8269039 (Disable SHA-1 Signed JARs). The fix might be to regenerate the affected jar files and sign them with a supported cryptographic hash function. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434529#comment-17434529 ] Richard N. Hillegas commented on DERBY-7126: When I build Derby with JDK 18 and run DatabaseClassLoadingTest (with the classpath) against JDK 18, I see the following errors: {noformat} There were 4 failures: 1) testSignedJar(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError: Column value mismatch @ column '1', row 1: Expected: >CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US< Found:>null< 1 - [null] at org.apache.derbyTesting.junit.BaseTestCase.newAssertionFailedError(BaseTestCase.java:1283) at org.apache.derbyTesting.junit.JDBC.addRsToReport(JDBC.java:1993) at org.apache.derbyTesting.junit.JDBC.assertRowInResultSet(JDBC.java:1492) at org.apache.derbyTesting.junit.JDBC.assertRowInResultSet(JDBC.java:1390) at org.apache.derbyTesting.junit.JDBC.assertFullResultSetMinion(JDBC.java:1252) at org.apache.derbyTesting.junit.JDBC.assertFullResultSet(JDBC.java:1163) at org.apache.derbyTesting.junit.JDBC.assertFullResultSet(JDBC.java:1120) at org.apache.derbyTesting.junit.JDBC.assertFullResultSet(JDBC.java:1078) at org.apache.derbyTesting.junit.JDBC.assertSingleValueResultSet(JDBC.java:1063) at org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.signersTests(DatabaseClassLoadingTest.java:556) at org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.testSignedJar(DatabaseClassLoadingTest.java:546) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:76) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:51) at org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:124) at org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:443) at org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:460) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60) Caused by: junit.framework.AssertionFailedError: Column value mismatch @ column '1', row 1: Expected: >CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US< Found:>null< at org.apache.derbyTesting.junit.JDBC.assertRowInResultSet(JDBC.java:1487) ... 35 more 2) testHackedJarReplacedClass(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError: procedure call worked on hacked jar at org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.testHackedJarReplacedClass(DatabaseClassLoadingTest.java:585) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:76) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:51) at org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:124) at org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:443) at org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:460) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24) at junit.extensions.TestSetup$1.protect(TestSetup.java:21) at junit.extensions.TestSetup.run(TestSetup.java:25) at org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60) 3) testDatabaseInJar(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError: Column value mismatch @ column '1', row 1: Expected: >CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US< Found:>null< 1 - [null] at org.apache.derbyTesting.junit.BaseTestCase.newAssertionFailedError(BaseTestCase.java:1283) at