[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17513642#comment-17513642 ] Richard N. Hillegas commented on DERBY-7126: I compiled Derby cleanly (including javadoc) using the Open JDK 18 GA build 18+36-2087. Tests passed cleanly using both the classpath and the modulepath. I believe that we can resolve this issue now. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510917#comment-17510917 ] Richard N. Hillegas commented on DERBY-7126: I compiled Derby with JDK 17 (build 17+35-2724) and ran the tests against the classpath and the modulepath, setting -Djava.security.manager=allow. Derby built cleanly (including javadoc). The tests passed. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510773#comment-17510773 ] Richard N. Hillegas commented on DERBY-7126: Thanks for those great suggestions, Bryan. Right. It's true that 10.15 runs on Java 9 and 10 and there's no reason to change that. That is, I see no reason to produce a 10.15 release which compiles into Java 11 byte code. I just thought that for the sake of regularity and simplicity, we only needed to peg ourselves to LTS releases. As far as I know, Java 9 and 10 were brief, transitional platforms, which introduced the module system, but which were not maintained after Java 11 came out. I agree that we should phrase our claims in terms of testing rather than support. Great suggestions for the release note and download page. Thanks. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510692#comment-17510692 ] Bryan Pendleton commented on DERBY-7126: That seems like a great plan! I thought that 10.15 still ran on JDK 9+, but I guess you're saying that JDK 9 and 10 were *not* LTS? The word "support" seems a bit loaded, I guess. Perhaps what we claim is more like "testing"? In the release note, or maybe on [https://db.apache.org/derby/derby_downloads.html,] or maybe in both places, it would be nice to include examples of the error messages that you get if you * Try to run 10.15 or 10.16 on JDK 8 * Try to run 10.16 on JDK 11 > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510686#comment-17510686 ] Richard N. Hillegas commented on DERBY-7126: Hi Brian. I think that's a good idea. Here's what I think the next steps are: 1) I can verify today that Derby builds cleanly with JDK 17 and tests cleanly when -Djava.security.manager=allow is set. 2) Write a release note explaining the deprecation of the SecurityManager. The note should say that when you run the network server on JDK 17 or higher, then you need to set either -Djava.security.manager=allow or -noSecurityManager. 3) Discuss with the community the need to compile 10.16 into JDK 17 byte code so that it won't run on earlier releases. I think that's the way to avoid the problems associated with the changed meaning of -Djava.security.manager. 4) Compile a 10.16 release with JDK 17, vet it, and publish it. Going forward, I don't want to claim support for non LTS Java versions. The association would be 10.14 runs on Java 8. 10.15 runs on Java 11. 10.16 runs on Java 17. What are your thoughts? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17510173#comment-17510173 ] Bryan Pendleton commented on DERBY-7126: Hi Rick, I've been starting to see a few questions about the new "deprecated" messages in JDK 17+ Here's an example: [https://stackoverflow.com/questions/71541745/i-keep-getting-this-error-messages-when-try-to-use-javadb] I wonder if we should start planning for releasing a new version that supports JDK 17+? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17485295#comment-17485295 ] ASF subversion and git services commented on DERBY-7126: Commit 1897661 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1897661 ] DERBY-7126: Suppress new build warnings introduced by Open JDK build 18-ea+33-2077; commit derby-7126-05-aa-suppressRemovalWarnings.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17485003#comment-17485003 ] Richard N. Hillegas commented on DERBY-7126: Tests on JDK 18, against the classpath, passed cleanly for me on derby-7126-05-aa-suppressRemovalWarnings.diff, using jars built with JDK 18. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff, > derby-7126-05-aa-suppressRemovalWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17484899#comment-17484899
]
Richard N. Hillegas commented on DERBY-7126:
Attaching derby-7126-05-aa-suppressRemovalWarnings.diff. This patch suppresses
new "removal" warnings related to finalization and AccessControllers introduced
by Open JDK 18 build 18-ea+33-2077. With this patch, Derby builds cleanly under
JDK 11 and JDK 18, including the javadoc. I will run a brief sanity test to
verify that these changes have not destabilized the code.
Touches the following files:
{noformat}
M
java/org.apache.derby.client/org/apache/derby/client/ClientPooledConnection.java
M
java/org.apache.derby.client/org/apache/derby/client/am/ClientConnection.java
M
java/org.apache.derby.client/org/apache/derby/client/am/ClientStatement.java
M
java/org.apache.derby.client/org/apache/derby/client/am/LogicalConnection.java
M
java/org.apache.derby.engine/org/apache/derby/iapi/services/cache/ClassSize.java
M
java/org.apache.derby.engine/org/apache/derby/iapi/services/memory/LowMemory.java
M java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedBlob.java
M
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedConnection.java
M
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/EmbedStatement.java
M
java/org.apache.derby.engine/org/apache/derby/impl/jdbc/LOBStreamControl.java
M
java/org.apache.derby.engine/org/apache/derby/impl/sql/conn/GenericLanguageConnectionContext.java
M
java/org.apache.derby.optionaltools/org/apache/derby/optional/lucene/LuceneQueryVTI.java
M
java/org.apache.derby.server/org/apache/derby/impl/drda/EXTDTAInputStream.java
M
java/org.apache.derby.server/org/apache/derby/impl/drda/ReEncodedInputStream.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/jdbcapi/AutoGenJDBC30Test.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/jdbcapi/LobStreamsTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/Bug5052rtsTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/memory/MemoryLeakFixesTest.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/store/BootAllTest.java
Suppress new "removal" warnings introduced by Open JDK 18 build 18-ea+33-2077.
{noformat}
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff,
> derby-7126-02-aa-suppressDeprecationWarnings.diff,
> derby-7126-03-aa-mention-java.security.manager.diff,
> derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff,
> derby-7126-05-aa-suppressRemovalWarnings.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17469601#comment-17469601 ] Richard N. Hillegas commented on DERBY-7126: I don't think that many applications use the Java SecurityManager. It is hard to configure and hard to debug. Our opinion certainly wasn't surveyed when Oracle decided to make these changes. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17469432#comment-17469432 ] Bryan Pendleton commented on DERBY-7126: Still seems quite strange to me that none of this is listed on [https://openjdk.java.net/projects/jdk/18/] I guess it just indicates that Derby's codebase has drifted far from the Java mainstream, and the problems that Derby encounters in this Jira issue were not considered very significant. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17452595#comment-17452595 ] ASF subversion and git services commented on DERBY-7126: Commit 1895504 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1895504 ] DERBY-7126: Make tests run cleanly on JDK 11 and JDK18 build 18-ea+23-1525; commit derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff, > derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17451916#comment-17451916
]
Richard N. Hillegas commented on DERBY-7126:
Attaching derby-7126-04-aa-makeTestsRunOnJDK11andJDK18.diff. This patch adjusts
the tests so that they run cleanly on both JDK 11 and 18 build 18-ea+23-1525.
With these changes, Derby builds cleanly on both JDK 11 and JDK 18--that
includes the javadoc.
The chief challenge was that the java.security.manager property has changed
meaning between JDK 11 and JDK 18. JDK 11 interprets the property as the name
of a user-written class which replaces the SecurityManager. JDK 18 interprets
the property as a gate on whether the application is allowed to install a
SecurityManager. You CAN'T set that property when running on JDK 11 and you
MUST set that property when running on JDK 18.
To test these changes, I built Derby with JDK 18 build 18-ea+23-1525 and ran
the following tests on JDK 11 and JDK 18:
o The old harness tests with both the classpath and the modulepath (from my own
scripts, setting java.security.manager=allow only if the platform was JDK 18).
o The JUnit tests with both the classpath and the modulepath (from my own
scripts, setting java.security.manager=allow only if the platform was JDK 18).
o ant junit-all
o ant test-derbyall
o ant test-derbyall-with-modulepath
o ant test-junit-all-with-modulepath
I saw one error in XMLBindingTest when running the JUnit tests under ant. The
error occurs when you run XMLBindingTest standalone using the junit-single
target. The error was not introduced by my changes: it occurs when you run
XMLBindingTest under ant on JDK 11 without my changes. This is the error:
{noformat}
java.sql.SQLDataException:
Invalid XML Document: access denied (java.io.FilePermission
/Users/rhillegas/derby/mainline/trunk/junit_20211126_1247/extin/personal.dtd
read)
at
org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:84)
at
org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:141)
at org.apache.derby.impl.jdbc.Util.seeNextException(Util.java:252)
at
org.apache.derby.impl.jdbc.TransactionResourceImpl.wrapInSQLException(TransactionResourceImpl.java:438)
at
org.apache.derby.impl.jdbc.TransactionResourceImpl.handleException(TransactionResourceImpl.java:360)
at
org.apache.derby.impl.jdbc.EmbedConnection.handleException(EmbedConnection.java:2405)
at
org.apache.derby.impl.jdbc.ConnectionChild.handleException(ConnectionChild.java:88)
at
org.apache.derby.impl.jdbc.EmbedStatement.executeStatement(EmbedStatement.java:1436)
at
org.apache.derby.impl.jdbc.EmbedPreparedStatement.executeStatement(EmbedPreparedStatement.java:1709)
at
org.apache.derby.impl.jdbc.EmbedPreparedStatement.execute(EmbedPreparedStatement.java:1394)
at org.apache.derbyTesting.junit.XML.insertDocWithDTD(XML.java:206)
at
org.apache.derbyTesting.functionTests.tests.lang.XMLBindingTest$XBindTestSetup.setUp(XMLBindingTest.java:306)
at junit.extensions.TestSetup$1.protect(TestSetup.java:20)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
Caused by: ERROR 2200M: Invalid XML Document: access denied
(java.io.FilePermission
/Users/rhillegas/derby/mainline/trunk/junit_20211126_1247/extin/personal.dtd
read)
at
org.apache.derby.shared.common.error.StandardException.newException(StandardException.java:300)
at
org.apache.derby.impl.jdbc.SQLExceptionFactory.wrapArgsForTransportAcrossDRDA(SQLExceptionFactory.java:170)
at
org.apache.derby.impl.jdbc.SQLExceptionFactory.getSQLException(SQLExceptionFactory.java:75)
Caused by: java.security.AccessControlException: access denied
(java.io.FilePermission
/Users/rhillegas/derby/mainline/trunk/junit_20211126_1247/extin/personal.dtd
read)
at
java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485)
at
java.base/java.security.AccessController.checkPermission(AccessController.java:1068)
at
java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:411)
at
java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:751)
at java.base/java.io.File.isDirectory(File.java:860)
at
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17448082#comment-17448082 ] ASF subversion and git services commented on DERBY-7126: Commit 1895270 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1895270 ] DERBY-7126: Add an error message mentioning the new security manager property; tests passed cleanly on derby-7126-03-aa-mention-java.security.manager.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff, > derby-7126-03-aa-mention-java.security.manager.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17447604#comment-17447604
]
Richard N. Hillegas commented on DERBY-7126:
Attaching derby-7126-03-aa-mention-java.security.manager.diff. This patch adds
a new server diagnostic message which is raised when the SecurityManager cannot
be installed. The message appears when the user tries to boot a server (on JDK
18) according to our current documentation:
{noformat}
Mon Nov 22 12:01:21 PST 2021 : Could not install a SecurityManager. You may
need to set -Djava.security.manager=allow on your java command line:
The Security Manager is deprecated and will be removed in a future release
{noformat}
I will run tests on JDK 11 to make sure that there are no surprises.
Touches the following files:
{noformat}
M
java/org.apache.derby.server/org/apache/derby/drda/NetworkServerControl.java
M
java/org.apache.derby.server/org/apache/derby/loc/drda/messages.properties
{noformat}
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff,
> derby-7126-02-aa-suppressDeprecationWarnings.diff,
> derby-7126-03-aa-mention-java.security.manager.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446623#comment-17446623 ] Richard N. Hillegas commented on DERBY-7126: I like your idea in general and a new Derby release is a great idea. We should definitely keep 10.14 around for people who are skittish about all the changes from JDK9 onward. I think you're recommending that we steer users toward particular Derby flagship releases, based on the JDK they are using. The download page could be good place to record this advice. A couple points are worth mentioning: o People who don't take our advice are still going to be plagued by surprises when they update their JDK too far but don't upgrade their Derby release. Those surprises may be hard to diagnose. o Even an LTS release like JDK17 is a moving target. Any of the JDK18 regressions could be backported to the next release of JDK17. o The next LTS release is JDK21, targetted for September, 2023, according to https://www.oracle.com/java/technologies/java-se-support-roadmap.html I need to think more about your suggestion. Thanks. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446515#comment-17446515 ] Bryan Pendleton commented on DERBY-7126: It's starting to feel a bit as though JDK 18 will be a watershed release for Derby with some external consequences similar in scope to JDK 9, though internally of course the situation with the two Java releases is very different. I'm wondering if we should lay the groundwork to have a new major release of Derby, just as we did with JDK 9, so we'd have: * People who are still using JDK 8 (yes, amazingly, still a large user base): stick with Derby 10.14 * People who have moved to JDK 9-JDK 17: use Derby 10.15 * People who have moved to JDK 18+: use Derby 10.16 > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446165#comment-17446165 ] Richard N. Hillegas commented on DERBY-7126: According to the Open JDK security experts, the java.security.manager property is read only at boot time. This is a micro-performance optimization implemented as part of https://bugs.openjdk.java.net/browse/JDK-8203316. As a consequence of this change, the Derby server cannot be secure-by-default, starting with JDK 18. It seems that our hand has been forced. We face the following choice: o Don't try to install a SecurityManager if the JVM level is JDK 18 or higher. o Have the network server fail in a visible way if java.security.manager is not set to "allow" on the boot command line and if the -noSecurityManager startup argument is not set. Either option requires documentation changes. Unfortunately, old versions of the Derby server will fail silently when booted on JDK 18 or higher. What a mess. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17446072#comment-17446072
]
Richard N. Hillegas commented on DERBY-7126:
My naive attempt to workaround the new hurdle introduced by JDK 18 was to
programatically set the "java.security.manager" property just before calling
System.setSecurityManager()--as we do with the other properties related to the
SecurityManager. Unfortunately, this does not allow the SecurityManager to be
installed. However, if I set that property on the boot command line, then the
SecurityManager can be installed. I have attached a simple program
(DERBY_7126_B), which demonstrates this behavior.
Here is the output from running the program against JDK 18 WITHOUT setting
"java.security.manager":
{noformat}
mainline (18) > java DERBY_7126_B
Exception in thread "main" java.lang.UnsupportedOperationException: The
Security Manager is deprecated and will be removed in a future release
at java.base/java.lang.System.setSecurityManager(System.java:411)
at DERBY_7126_B.main(DERBY_7126_B.java:34)
{noformat}
And here is the output from running the program against JDK 18 and setting
"java.security.manager" on the boot command line:
{noformat}
mainline (18) > java -Djava.security.manager=allow DERBY_7126_B
WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by DERBY_7126_B
(file:/Users/rhillegas/src/)
WARNING: Please consider reporting this to the maintainers of DERBY_7126_B
WARNING: System::setSecurityManager will be removed in a future release
{noformat}
Looks like another trip to the Open JDK security mailing list is in order.
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff,
> derby-7126-02-aa-suppressDeprecationWarnings.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445981#comment-17445981 ] Richard N. Hillegas commented on DERBY-7126: I agree that the investment in Java seems to be shrinking. I don't understand the value of pushing people to abandon the SecurityManager before a replacement has been found. This will encourage people to write applications with significant attack surfaces. The SecurityManager is the only mechanism which protects arbitrary code from setting sensitive system properties--and that's just one example. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445609#comment-17445609 ] Bryan Pendleton commented on DERBY-7126: I kind of feel increasingly like an outsider in the Java world, and I fear I just haven't been paying much attention. Still, my reaction to all this is: it seems like the Java world has decided that the future does *not* involve System Programming in Java. I'm not sure what use case they feel Java is best suited for, but it certainly doesn't appear to be building a general purpose DBMS engine. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445553#comment-17445553
]
Richard N. Hillegas commented on DERBY-7126:
As feared, the Derby tests now fail spectacularly against JDK 18. When I try to
run a single JUnit test...
{noformat}
java junit.textui.TestRunner
org.apache.derbyTesting.functionTests.tests.lang.DistinctTest
{noformat}
...I get the following error
{noformat}
Could not create and run test suite: java.lang.UnsupportedOperationException:
The Security Manager is deprecated and will be removed in a future release
{noformat}
In addition, under JDK 18 Derby now fails to install a default SecurityManager
when the user boots the server. This causes the server to silently fail to boot.
{noformat}
java -jar /Users/rhillegas/derby/mainline/trunk/jars/sane/derbyrun.jar server
start
{noformat}
According to the email thread mentioned above, to install a SecurityManager,
you need to specify the following system property:
{noformat}
-Djava.security.manager=allow
{noformat}
I am inclined to make that change to the NetworkServer so that we can continue
to limp along until the Open JDK folks figure out their replacement for the
SecurityManager. We may want to update the Derby Security Guide to say that
this property is required from JDK 18 onward, if you want to run with a
SecurityManager.
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff,
> derby-7126-02-aa-suppressDeprecationWarnings.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445552#comment-17445552 ] ASF subversion and git services commented on DERBY-7126: Commit 1895131 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1895131 ] DERBY-7126: Suppress new deprecation warnings introduced by JDK 18; commit derby-7126-02-aa-suppressDeprecationWarnings.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445432#comment-17445432 ] Richard N. Hillegas commented on DERBY-7126: Tests (using the classpath and JDK 11) passed cleanly on derby-7126-02-aa-suppressDeprecationWarnings.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445431#comment-17445431 ] Richard N. Hillegas commented on DERBY-7126: Hi Bryan. No, I don't know which JEP is responsible for the Runtime.exec() deprecation. I couldn't find it in the derby-dev thread titled "JDK 18 Early-Access builds 23 are available". The reasons given for the deprecation (in the JDK 18 javadoc) are related to correctness, not to security. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445385#comment-17445385 ] Bryan Pendleton commented on DERBY-7126: Rick, do you know which JEP is planning to remove Runtime.exec()? Is that also JEP 411? > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff, > derby-7126-02-aa-suppressDeprecationWarnings.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445339#comment-17445339
]
Richard N. Hillegas commented on DERBY-7126:
Attaching derby-7126-02-aa-suppressDeprecationWarnings.diff. This patch
suppresses the new deprecation warnings. With this patch, Derby builds cleanly
(including javadoc) against both JDK 18 and JDK 11. I will run tests against
JDK 11 with the classpath. I don't expect different behavior with the
modulepath. I expect that JDK 18 will cause the tests to fail spectacularly
because of the additional work on JEP 411. I plan to address those failures
with a separate patch.
Touches the following files:
{noformat}
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/FileCompare.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/RunList.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/UnJar.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/replicationTests/ReplicationRun.java
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/util/JarUtil.java
M java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/ij.jj
{noformat}
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff,
> derby-7126-02-aa-suppressDeprecationWarnings.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17445307#comment-17445307
]
Richard N. Hillegas commented on DERBY-7126:
When I build Derby with JDK build 18-ea+23-1525, I get the following new
warnings:
{noformat}
[javac]
/Users/rhillegas/derby/mainline/trunk/generated/java/org.apache.derby.tools/org/apache/derby/impl/tools/ij/ij.java:2776:
warning: [deprecation] exec(String) in Runtime has been deprecated
[javac] Process p =
Runtime.getRuntime().exec(stringValue(cmd.image));
[javac] ^
[javac] 1 warning
[javac]
/Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/FileCompare.java:279:
warning: [deprecation] exec(String) in Runtime has been deprecated
[javac] pr = Runtime.getRuntime().exec(diffCmd);
[javac] ^
[javac]
/Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/RunList.java:647:
warning: [deprecation] exec(String) in Runtime has been deprecated
[javac] Process prstop = Runtime.getRuntime().exec(stopCmd);
[javac] ^
[javac]
/Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/harness/UnJar.java:79:
warning: [deprecation] exec(String) in Runtime has been deprecated
[javac] pr = Runtime.getRuntime().exec(jarCmd);
[javac] ^
[javac]
/Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/replicationTests/ReplicationRun.java:1509:
warning: [deprecation] exec(String) in Runtime has been deprecated
[javac] Process proc = rt.exec(localCommand);
[javac] ^
[javac]
/Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/util/JarUtil.java:59:
warning: [deprecation] exec(String) in Runtime has been deprecated
[javac] pr = Runtime.getRuntime().exec(jarCmd);
[javac] ^
[javac] 5 warnings
{noformat}
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17439691#comment-17439691
]
Bryan Pendleton commented on DERBY-7126:
It seems to me that you had a nice clean example of a program that used to
throw an exception and now does not, and the response was that
{quote}Throwing an Exception would be too high of a risk for applications that
happen to load signed JARs off the classpath but don't otherwise behave any
differently.
{quote}
I don't oppose the documentation changes that you're proposing. I also am not
sure that adding more to the documentation really helps anything at this point.
Often, with documentation, more is not necessarily better.
Thanks for digging into this and for sharing the results of your investigation!
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17439382#comment-17439382
]
Richard N. Hillegas commented on DERBY-7126:
The engineer responsible for the work on
https://bugs.openjdk.java.net/browse/JDK-8269039 had this to say about the
security regression we stumbled across. It appears that the Open JDK team is
not going to fix this behavior:
{noformat}
Hello Rick,
It is behaving as expected. Let me explain in more detail.
First, loading a signed JAR off the classpath only verifies the
signature and digests of the JAR file. It does not validate the signer's
certificate chain or determine if the signer is trusted. The JarFile API
class description includes this warning [1]:
"Please note that the verification process does not include validating
the signer's certificate. A caller should inspect the return value of
JarEntry.getCodeSigners() to further determine if the signature can be
trusted."
Some frameworks such as Web Start have this additional checking
built-in. Or, if you run your code with a Security Manager, then
additional steps will be performed at run-time to check that the code is
signed and that the signer's public key is trusted before granting
permissions to that code.
If you don't perform these additional steps, then the JAR can be
modified without detection. For example, the signature related files
could be removed from the JAR (thus making it an unsigned JAR), or the
JAR could be modified and then re-signed with a different key. In either
of these cases, the JVM would load the JAR without any exception.
It is also possible that a JAR signed with a weak or broken algorithm (such as
MD5 or SHA-1) could be modified without detection.
This is why the JDK implementation supports several security
properties which are used to disable cryptographic algorithms and
protocols that are weak or broken. This provides out-of-the-box security
and is important to safeguard against crypto algorithms that inevitably
become weaker over time. One of these properties is
"jdk.jar.disabledAlgorithms". The specification of this property defines
the behavior if a signed JAR file is signed with an algorithm that is
disabled [2]:
"JARs signed with any of the disabled algorithms or key sizes will be
treated as unsigned."
The JDK determined after step 1 of the JAR verification process [3] that
the JAR was signed with SHA-1, and therefore stopped further processing.
You may ask why we don't throw an Exception in this case. Although this
was considered, the compatibility risk was too high. These
restrictions are nearly always backported to earlier JDK update
releases. Throwing an Exception would be too high of a risk for
applications that happen to load signed JARs off the classpath but don't
otherwise behave any differently. Our primary focus is to protect
applications that verify that the code is signed by someone they trust.
Consider updating and re-signing your signed jar with a stronger, non-broken
algorithm such as SHA-2. SHA-2 is the default digest algorithm used by
jarsigner when the -digestalg option is not specified.
I hope this information is useful. I do think this is an area where our
javadocs and guides could be improved to provide more information about
how signed JARs are verified including more details on the behavior of
the JDK implementation with respect to disabled algorithms. We will be
working to try to improve the docs for JDK 18.
--Sean
[1]
https://download.java.net/java/early_access/jdk18/docs/api/java.base/java/util/jar/JarFile.html
[2]
https://github.com/openjdk/jdk/blob/master/src/java.base/share/conf/security/java.security#L667
[3]
https://docs.oracle.com/en/java/javase/17/docs/specs/jar/jar.html#signed-jar-file
{noformat}
I'm not sure how to address the fallout from this change. Here are some ideas:
1) Add a release note about this issue to the next Derby release (maybe update
the download pages for the currently mirrored releases 10.15.2.0 and 10.14.2.0).
2) Remove support for signed jars files from our security documentation. I
don't think that our support for signed jar files does enough to be worth
advertising. The most significant part (verifying the identity of the signer)
has always been left to the application.
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff
>
>
> Releases of Open JDK 18 can be found
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436351#comment-17436351 ] Richard N. Hillegas commented on DERBY-7126: On the Open JDK security-dev mailing list, I have started a discussion about the suspicious behavior which is bothering Bryan and me. The discussion is titled "previously prevented exploit now possible with JDK 18". If security-dev decides not to address this regression, then we will need to discuss how Derby should work around it. Fortunately, we should have a long runway until an LTS JDK appears which contains the https://bugs.openjdk.java.net/browse/JDK-8269039 changes. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17436347#comment-17436347 ] ASF subversion and git services commented on DERBY-7126: Commit 1894633 from Richard N. Hillegas in branch 'code/trunk' [ https://svn.apache.org/r1894633 ] DERBY-7126: Update signed jars used by DatabaseClassLoadingTest in order to address the new behavior introduced by https://bugs.openjdk.java.net/browse/JDK-8269039; commit derby-7126-01-aa-regenerateSignedJars.diff. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java, dcl_emc2sm.jar, > derby-7126-01-aa-regenerateSignedJars.diff > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435718#comment-17435718
]
Richard N. Hillegas commented on DERBY-7126:
Attaching dcl_emc2sm.jar, the previous version of the corrupted jar file. The
security issue which Bryan and I are concerned about can be seen by running the
following command on Java 11 vs. Java 18:
{noformat}
java DERBY_7126_A dcl_emc2sm.jar
{noformat}
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435620#comment-17435620
]
Richard N. Hillegas commented on DERBY-7126:
Attaching derby-7126-01-aa-regenerateSignedJars.diff. This patch fixes
DatabaseClassLoadingTest so that it runs cleanly on JDK 18. The patch includes
corrected/additional header comments explaining how to regenerate the signed
jars used by this test. It also includes the regenerated jars produced by
following those instructions. The jars are now signed using a DSA cryptographic
hash instead of the deprecated SHA-1.
With these changes, Derby builds cleanly (including javadoc) under both Java 11
and Java 18.
I ran the following tests on jar files built with JDK 18:
o The full tests using the classpath run against JDK 11.
o The full tests using the modulepath run against JDK 11.
o The full tests using the classpath run against JDK 18.
o The full tests using the modulepath run against JDK 18.
Touches the following files:
{noformat}
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/DatabaseClassLoadingTest.java
New instructions in the header comments for regenerating the signed jars used
by the test.
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2s.jar
M
java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar
Regenerated, signed jars. The first jar is an intact, signed jar. The second
one is a corrupted jar: a hacked class is poked into the already signed jar.
{noformat}
> Make it possible to build and test Derby cleanly with OpenJDK 18
>
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
>Affects Versions: 10.16.0.0
>Reporter: Richard N. Hillegas
>Assignee: Richard N. Hillegas
>Priority: Major
> Attachments: DERBY_7126_A.java,
> derby-7126-01-aa-regenerateSignedJars.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435618#comment-17435618 ] Richard N. Hillegas commented on DERBY-7126: Hi Bryan, DSA seems to work as a replacement cryptographic hash. I plan to share our experience with the Open JDK security team and hear what they have to say. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17435005#comment-17435005 ] Bryan Pendleton commented on DERBY-7126: This is interesting, thanks for posting the details! I assume that JDK 18 is dropping support for SHA1 because they are trying to force everyone to move to something newer and stronger (is there a SHA2?). Assuming there is a newer replacement, probably we need to figure out how to test with that newer replacement I guess? But it also seems like if JDK doesn't support a certain signing level (that is, SHA1), then it should raise an error, not just quietly disregard the signature. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434989#comment-17434989 ] Richard N. Hillegas commented on DERBY-7126: I may have figured out how to simulate the old behavior. I took the regenerated jar file and replaced the emc class with the corrupted version from the old corrupted jar. Then I replaced the old corrupted jar with the result. The result is a hacked jar which does not match its modern certificate. The test now runs cleanly on JDK 18 and JDK 11. But I am still confused about the value of the JDK 18 behavior and the value of Derby's support for signed jars. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > Attachments: DERBY_7126_A.java > > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434984#comment-17434984
]
Richard N. Hillegas commented on DERBY-7126:
DatabaseClassLoader has instructions for signing a jar file used by the test
(see the method header for testSignedJar()). The instructions don't work any
more but can be fixed thusly:
{noformat}
keytool -delete -alias emccto -keystore emcks -storepass ab987c
keytool -genkey -keyalg "DSA" -validity 2555000 -dname "cn=EMC CTO,
ou=EMC APP, o=Easy Mail Company, c=US" -alias emccto -keystore emcks -storepass
ab987c
keytool -selfcert -alias emccto -validity 36500 -keystore emcks
-storepass ab987c
jarsigner -keystore emcks -storepass ab987c -signedjar dcl_emc2s.jar
dcl_emc2.jar emccto
{noformat}
With the regenerated jar file, 3 of the 4 failures go away. But one remains:
{noformat}
There was 1 failure:
1)
testHackedJarReplacedClass(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError:
procedure call worked on hacked jar
at
org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.testHackedJarReplacedClass(DatabaseClassLoadingTest.java:585)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:76)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:51)
at
org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:124)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:443)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:460)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60)
FAILURES!!!
Tests run: 31, Failures: 1, Errors: 0
{noformat}
This is troubling because it means that Derby no longer detects
corrupted/hacked jar files. The problem is that Derby is expecting a class
loading error on the hacked jar file. But JDK 18 doesn't raise that error.
Maybe that is because the jar file was signed with SHA1 and JDK 18 doesn't
consider the jar to be signed at all.
The following program shows that the corrupted jar file raises class loading
errors under Java 11 but not under JDK 18 (see the attached DERBY_7126_A
program):
{noformat}
import java.io.File;
import java.net.URL;
import java.net.URLClassLoader;
public class DERBY_7126_A
{
private static final String CLASS_NAME =
"org.apache.derbyTesting.databaseclassloader.emc";
public static void main(String... args) throws Exception
{
String fileName = args[0];
URL fileURL = (new File(fileName)).toURI().toURL();
println(fileURL.toString());
println("Try to load a class from a corrupted jar file...");
try
{
URLClassLoader urlClassLoader = new URLClassLoader( new URL[] {
fileURL } );
Class sampleClass = urlClassLoader.loadClass(CLASS_NAME);
println("Oops, unexpectedly loaded class " + sampleClass.getName());
} catch (SecurityException se)
{
println("Class correctly failed to load: " + se.toString());
}
}
private static void println(String text) { System.out.println(text); }
}
{noformat}
When I run this program thusly...
{noformat}
java DERBY_7126_A
/Users/rhillegas/derby/mainline/trunk/java/org.apache.derby.tests/org/apache/derbyTesting/functionTests/tests/lang/dcl_emc2sm.jar
{noformat}
...I get the following output under Java 11...
{noformat}
Try to load a class from a corrupted jar file...
Class correctly failed to load: java.lang.SecurityException: SHA1 digest error
for org/apache/derbyTesting/databaseclassloader/emc.class
{noformat}
...and the following output under Java 18:
{noformat}
Try to load a class from a corrupted jar file...
Oops, unexpectedly loaded class org.apache.derbyTesting.databaseclassloader.emc
{noformat}
I am confused about how to proceed:
1) I don't see any instructions for regenerating the hacked jar file so that
the test will do what it used to do.
2) I have misgivings about the JDK 18 behavior. I think that it would be better
for the JDK to raise an error when it encounters a jar file which was signed
with an SHA1 crytographic hash. Silently accepting a badly signed file
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[ https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434535#comment-17434535 ] Richard N. Hillegas commented on DERBY-7126: One problem seems to be that a null list of signers is coming back when we ask a class for its signers. This is probably due to changes made in build 17 of JDK 18 under issue https://bugs.openjdk.java.net/browse/JDK-8269039 (Disable SHA-1 Signed JARs). The fix might be to regenerate the affected jar files and sign them with a supported cryptographic hash function. > Make it possible to build and test Derby cleanly with OpenJDK 18 > > > Key: DERBY-7126 > URL: https://issues.apache.org/jira/browse/DERBY-7126 > Project: Derby > Issue Type: Task > Components: Build tools >Affects Versions: 10.16.0.0 >Reporter: Richard N. Hillegas >Assignee: Richard N. Hillegas >Priority: Major > > Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should > adjust Derby as necessary so that it builds cleanly (including javadoc) and > tests cleanly with this version of the platform. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Commented] (DERBY-7126) Make it possible to build and test Derby cleanly with OpenJDK 18
[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17434529#comment-17434529
]
Richard N. Hillegas commented on DERBY-7126:
When I build Derby with JDK 18 and run DatabaseClassLoadingTest (with the
classpath) against JDK 18, I see the following errors:
{noformat}
There were 4 failures:
1)
testSignedJar(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError:
Column value mismatch @ column '1', row 1:
Expected: >CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US<
Found:>null<
1
-
[null]
at
org.apache.derbyTesting.junit.BaseTestCase.newAssertionFailedError(BaseTestCase.java:1283)
at org.apache.derbyTesting.junit.JDBC.addRsToReport(JDBC.java:1993)
at
org.apache.derbyTesting.junit.JDBC.assertRowInResultSet(JDBC.java:1492)
at
org.apache.derbyTesting.junit.JDBC.assertRowInResultSet(JDBC.java:1390)
at
org.apache.derbyTesting.junit.JDBC.assertFullResultSetMinion(JDBC.java:1252)
at
org.apache.derbyTesting.junit.JDBC.assertFullResultSet(JDBC.java:1163)
at
org.apache.derbyTesting.junit.JDBC.assertFullResultSet(JDBC.java:1120)
at
org.apache.derbyTesting.junit.JDBC.assertFullResultSet(JDBC.java:1078)
at
org.apache.derbyTesting.junit.JDBC.assertSingleValueResultSet(JDBC.java:1063)
at
org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.signersTests(DatabaseClassLoadingTest.java:556)
at
org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.testSignedJar(DatabaseClassLoadingTest.java:546)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:76)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:51)
at
org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:124)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:443)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:460)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60)
Caused by: junit.framework.AssertionFailedError: Column value mismatch @ column
'1', row 1:
Expected: >CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US<
Found:>null<
at
org.apache.derbyTesting.junit.JDBC.assertRowInResultSet(JDBC.java:1487)
... 35 more
2)
testHackedJarReplacedClass(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError:
procedure call worked on hacked jar
at
org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest.testHackedJarReplacedClass(DatabaseClassLoadingTest.java:585)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:76)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:51)
at
org.apache.derbyTesting.junit.BaseTestCase.runBare(BaseTestCase.java:124)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBareOverridable(BaseJDBCTestCase.java:443)
at
org.apache.derbyTesting.junit.BaseJDBCTestCase.runBare(BaseJDBCTestCase.java:460)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at junit.extensions.TestDecorator.basicRun(TestDecorator.java:24)
at junit.extensions.TestSetup$1.protect(TestSetup.java:21)
at junit.extensions.TestSetup.run(TestSetup.java:25)
at
org.apache.derbyTesting.junit.BaseTestSetup.run(BaseTestSetup.java:60)
3)
testDatabaseInJar(org.apache.derbyTesting.functionTests.tests.lang.DatabaseClassLoadingTest)junit.framework.AssertionFailedError:
Column value mismatch @ column '1', row 1:
Expected: >CN=EMC CTO, OU=EMC APP, O=Easy Mail Company, C=US<
Found:>null<
1
-
[null]
at
org.apache.derbyTesting.junit.BaseTestCase.newAssertionFailedError(BaseTestCase.java:1283)
at
