Alexey Serbin has submitted this change and it was merged. ( http://gerrit.cloudera.org:8080/20128 )
Change subject: Fix master_hms-itest on RHEL9 ...................................................................... Fix master_hms-itest on RHEL9 Tests in master_hms-itest are failing on RHEL9 with the following error: "Algorithm constraints check failed on keysize limits: RSA 768 bit key used with certificate: CN=kudu-ipki-ca ... (DisabledAlgorithmConstraints.java:887)". This is not expected as we already relax some constraints in mini_hms.cc [1]. As it turns out there is a property in java.security properties file [2]: \# Determines whether this properties file will be appended to \# using the system properties file stored at \# /etc/crypto-policies/back-ends/java.config \# \security.useSystemPropertiesFile=true If we take a look inside the above mentioned java.config file we can find the source of the test errors (RSA keySize < 2048): jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=DH keySize < 2048, TLSv1.1, TLSv1, SSLv3, ... jdk.tls.legacyAlgorithms= This patch sets security.useSystemPropertiesFile=false in mini_hms.cc to make all the tests in master_hms-itest work on RHEL9. [1] https://github.com/apache/kudu/blob/\ master/src/kudu/hms/mini_hms.cc#L226-L228 [2] location: ${JAVA_HOME}/jre/lib/security/java.security Change-Id: I1906a1f79af62557a922348dcc64da9c788a9422 Reviewed-on: http://gerrit.cloudera.org:8080/20128 Tested-by: Kudu Jenkins Reviewed-by: Alexey Serbin <[email protected]> --- M src/kudu/hms/mini_hms.cc 1 file changed, 4 insertions(+), 0 deletions(-) Approvals: Kudu Jenkins: Verified Alexey Serbin: Looks good to me, approved -- To view, visit http://gerrit.cloudera.org:8080/20128 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: kudu Gerrit-Branch: master Gerrit-MessageType: merged Gerrit-Change-Id: I1906a1f79af62557a922348dcc64da9c788a9422 Gerrit-Change-Number: 20128 Gerrit-PatchSet: 2 Gerrit-Owner: Marton Greber <[email protected]> Gerrit-Reviewer: Alexey Serbin <[email protected]> Gerrit-Reviewer: Attila Bukor <[email protected]> Gerrit-Reviewer: Kudu Jenkins (120) Gerrit-Reviewer: Marton Greber <[email protected]> Gerrit-Reviewer: Zoltan Chovan <[email protected]>
