Re: 2.1 distributions pre-release build review, take two
I built 'develop' according to your instructions on Mac OSX and that worked fine. I unzipped the source output artifact and built on Mac OSX and that worked fine. I copied the source output artifact to a very blank server of mine, and the problem shown below happened. It is obviously a Gradle issue, perhaps even a Java installation problem. But we should be prepared if someone is raising this. niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ ./gradlew -Dversion=2.1-RC0 assemble -x signArchives Downloading https://services.gradle.org/distributions/gradle-2.5-all.zip Exception in thread main java.lang.RuntimeException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:78) at org.gradle.wrapper.Install.createDist(Install.java:44) at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:126) at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:55) Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1894) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1877) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1398) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.gradle.wrapper.Download.downloadInternal(Download.java:56) at org.gradle.wrapper.Download.download(Download.java:42) at org.gradle.wrapper.Install$1.call(Install.java:57) at org.gradle.wrapper.Install$1.call(Install.java:44) at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:65) ... 3 more Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.init(PKIXValidator.java:90) at sun.security.validator.Validator.getInstance(Validator.java:179) at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ... 14 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at java.security.cert.PKIXParameters.init(PKIXParameters.java:120) at java.security.cert.PKIXBuilderParameters.init(PKIXBuilderParameters.java:104) at sun.security.validator.PKIXValidator.init(PKIXValidator.java:88) ... 26 more niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ java -version openjdk version 1.8.0_45-internal OpenJDK Runtime Environment (build 1.8.0_45-internal-b14) OpenJDK 64-Bit Server VM (build 25.45-b02, mixed mode) niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ uname -a Linux node1 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt9-3~deb8u1 (2015-04-24) x86_64 GNU/Linux On Thu, Jul 23, 2015 at 7:51 PM, Paul Merlin p...@nosphere.org wrote: Gang, I think we are almost ready to cut a first Apache release. Before going down the Apache release way, I'd like to get some preliminary review of the Apache Zest distributions. We won't do this for future releases but I think it's worthwile doing it before the first one. So, please checkout the `develop`
Re: 2.1 distributions pre-release build review, take two
Hey Niclas, Niclas Hedhman a écrit : I built 'develop' according to your instructions on Mac OSX and that worked fine. I unzipped the source output artifact and built on Mac OSX and that worked fine. I copied the source output artifact to a very blank server of mine, and the problem shown below happened. It is obviously a Gradle issue, perhaps even a Java installation problem. But we should be prepared if someone is raising this. niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ ./gradlew -Dversion=2.1-RC0 assemble -x signArchives Downloading https://services.gradle.org/distributions/gradle-2.5-all.zip Exception in thread main java.lang.RuntimeException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Wow. I just ran SSL-Labs on services.gradle.org and this is not pretty but may be mandatory to support 'legacy' clients: https://www.ssllabs.com/ssltest/analyze.html?d=services.gradle.org BUT, it could also be a client JVM setup issue like missing/unreadable truststore etc.. Could you try again, with -Djavax.net.debug=ssl:handshake enabled so we can track it down? /Paul at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:78) at org.gradle.wrapper.Install.createDist(Install.java:44) at org.gradle.wrapper.WrapperExecutor.execute(WrapperExecutor.java:126) at org.gradle.wrapper.GradleWrapperMain.main(GradleWrapperMain.java:55) Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1894) at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1877) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1398) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254) at org.gradle.wrapper.Download.downloadInternal(Download.java:56) at org.gradle.wrapper.Download.download(Download.java:42) at org.gradle.wrapper.Install$1.call(Install.java:57) at org.gradle.wrapper.Install$1.call(Install.java:44) at org.gradle.wrapper.ExclusiveFileAccessManager.access(ExclusiveFileAccessManager.java:65) ... 3 more Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.init(PKIXValidator.java:90) at sun.security.validator.Validator.getInstance(Validator.java:179) at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:312) at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:171) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:184) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ... 14 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) at java.security.cert.PKIXParameters.init(PKIXParameters.java:120) at java.security.cert.PKIXBuilderParameters.init(PKIXBuilderParameters.java:104) at sun.security.validator.PKIXValidator.init(PKIXValidator.java:88) ... 26 more niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ java -version openjdk version 1.8.0_45-internal OpenJDK Runtime Environment (build 1.8.0_45-internal-b14) OpenJDK 64-Bit Server VM (build 25.45-b02, mixed mode)
Re: 2.1 distributions pre-release build review, take two
Hey Tibor, Thanks for the feedback. Tibor Mlynarik a écrit : Hi , website task failed for me : :org.qi4j.manual:website I/O error : Attempt to load network entity http://docbook.sourceforge.net/release/xsl/current/xhtml/chunkfast.xsl warning: failed to load external entity http://docbook.sourceforge.net/release/xsl/current/xhtml/chunkfast.xsl; compilation error: file src/docs/website/xsl/chunked.xsl line 29 element import xsl:import : unable to load http://docbook.sourceforge.net/release/xsl/current/xhtml/chunkfast.xsl :org.qi4j.manual:website FAILED when I removed --nonet switch from xsltproc command ( Documentation.groovy) it passed. You need to install docbook-xsl so that the asciidoc installation is complete. Some platforms install docbook-xsl when you ask for asciidoc, some don't ... I'll add a note about this in the README. Cheers /Paul
Re: 2.1 distributions pre-release build review, take two
Paul Merlin a écrit : Hey Niclas, Niclas Hedhman a écrit : I built 'develop' according to your instructions on Mac OSX and that worked fine. I unzipped the source output artifact and built on Mac OSX and that worked fine. I copied the source output artifact to a very blank server of mine, and the problem shown below happened. It is obviously a Gradle issue, perhaps even a Java installation problem. But we should be prepared if someone is raising this. niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ ./gradlew -Dversion=2.1-RC0 assemble -x signArchives Downloading https://services.gradle.org/distributions/gradle-2.5-all.zip Exception in thread main java.lang.RuntimeException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Wow. I just ran SSL-Labs on services.gradle.org and this is not pretty but may be mandatory to support 'legacy' clients: https://www.ssllabs.com/ssltest/analyze.html?d=services.gradle.org BUT, it could also be a client JVM setup issue like missing/unreadable truststore etc.. Could you try again, with -Djavax.net.debug=ssl:handshake enabled so we can track it down? Or your setup sets a custom javax.net.ssl.trustStore that point to a truststore that misses the DigiCert CA used to sign the Gradle's certificate.
Re: 2.1 distributions pre-release build review, take two
I ran as suggested, and put the output here; https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee So, this box is a rented server, with more or less a default Debian install and everything running on it has been via Docker containers, so the original environment is pretty clean, and except for a handful of these kinds of tests and builds, nothing has run there. Niclas On Fri, Jul 24, 2015 at 3:44 PM, Paul Merlin p...@nosphere.org wrote: Paul Merlin a écrit : Hey Niclas, Niclas Hedhman a écrit : I built 'develop' according to your instructions on Mac OSX and that worked fine. I unzipped the source output artifact and built on Mac OSX and that worked fine. I copied the source output artifact to a very blank server of mine, and the problem shown below happened. It is obviously a Gradle issue, perhaps even a Java installation problem. But we should be prepared if someone is raising this. niclas@node1:~/temp/apache-zest-java-2.1-RC0-src$ ./gradlew -Dversion=2.1-RC0 assemble -x signArchives Downloading https://services.gradle.org/distributions/gradle-2.5-all.zip Exception in thread main java.lang.RuntimeException: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty Wow. I just ran SSL-Labs on services.gradle.org and this is not pretty but may be mandatory to support 'legacy' clients: https://www.ssllabs.com/ssltest/analyze.html?d=services.gradle.org BUT, it could also be a client JVM setup issue like missing/unreadable truststore etc.. Could you try again, with -Djavax.net.debug=ssl:handshake enabled so we can track it down? Or your setup sets a custom javax.net.ssl.trustStore that point to a truststore that misses the DigiCert CA used to sign the Gradle's certificate. -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: 2.1 distributions pre-release build review, take two
Niclas Hedhman a écrit : I ran as suggested, and put the output here; https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee So, this box is a rented server, with more or less a default Debian install and everything running on it has been via Docker containers, so the original environment is pretty clean, and except for a handful of these kinds of tests and builds, nothing has run there. So: trustStore is: No File Available, using empty keystore. https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee#file-sslproblem-bash-L8 Looks like your java installation as NO truststore and can't trust anyone :) How did you install your JDK? debian package, webupd8 apt sources, manually ? Could you please retry after doing : `update-ca-certificates -f`. /Paul
Re: 2.1 distributions pre-release build review, take two
Niclas Hedhman a écrit : That command is not present, but package ca-certificates-java is installed. Looks like this package was a bit buggy in debian. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775775 FWIW, the update-ca-certificates command is in /usr/sbin on a Debian 7. No idea... We can leave it, unless you want a(nother) Linux build verification. Yeah, we can leave it. I already tried on 3 linux distributions without any issue. Cheers /Paul
Re: 2.1 distributions pre-release build review, take two
That command is not present, but package ca-certificates-java is installed. No idea... We can leave it, unless you want a(nother) Linux build verification. On Fri, Jul 24, 2015 at 6:34 PM, Niclas Hedhman nic...@hedhman.org wrote: Only use apt-get On Fri, Jul 24, 2015 at 6:17 PM, Paul Merlin p...@nosphere.org wrote: Niclas Hedhman a écrit : I ran as suggested, and put the output here; https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee So, this box is a rented server, with more or less a default Debian install and everything running on it has been via Docker containers, so the original environment is pretty clean, and except for a handful of these kinds of tests and builds, nothing has run there. So: trustStore is: No File Available, using empty keystore. https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee#file-sslproblem-bash-L8 Looks like your java installation as NO truststore and can't trust anyone :) How did you install your JDK? debian package, webupd8 apt sources, manually ? Could you please retry after doing : `update-ca-certificates -f`. /Paul -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: 2.1 distributions pre-release build review, take two
Only use apt-get On Fri, Jul 24, 2015 at 6:17 PM, Paul Merlin p...@nosphere.org wrote: Niclas Hedhman a écrit : I ran as suggested, and put the output here; https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee So, this box is a rented server, with more or less a default Debian install and everything running on it has been via Docker containers, so the original environment is pretty clean, and except for a handful of these kinds of tests and builds, nothing has run there. So: trustStore is: No File Available, using empty keystore. https://gist.github.com/niclash/9ee4e5c2e1f97e2e7dee#file-sslproblem-bash-L8 Looks like your java installation as NO truststore and can't trust anyone :) How did you install your JDK? debian package, webupd8 apt sources, manually ? Could you please retry after doing : `update-ca-certificates -f`. /Paul -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: 2.1 distributions pre-release build review, take two
Ok, so after login as root and running the update-ca-certificates, the build started. On Fri, Jul 24, 2015 at 6:40 PM, Paul Merlin p...@nosphere.org wrote: Niclas Hedhman a écrit : That command is not present, but package ca-certificates-java is installed. Looks like this package was a bit buggy in debian. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775775 FWIW, the update-ca-certificates command is in /usr/sbin on a Debian 7. No idea... We can leave it, unless you want a(nother) Linux build verification. Yeah, we can leave it. I already tried on 3 linux distributions without any issue. Cheers /Paul -- Niclas Hedhman, Software Developer http://zest.apache.org - New Energy for Java
Re: 2.1 distributions pre-release build review, take two
Hi Paul, confirmation - works for me.. but I;m using Java 1.8. Cheers, Jiri 2015-07-23 13:51 GMT+02:00 Paul Merlin p...@nosphere.org: Gang, I think we are almost ready to cut a first Apache release. Before going down the Apache release way, I'd like to get some preliminary review of the Apache Zest distributions. We won't do this for future releases but I think it's worthwile doing it before the first one. So, please checkout the `develop` branch and: ./gradlew -Dversion=2.1-RC0 assemble -x signArchives Then check the Source and Binary Distributions in build/distributions/ Passing a non-0 and non-SNAPSHOT version to the build is mandatory so that ReleaseSpecification is applied to the distributions and to the generated manual. Please use a recent JDK 7 and note that you'll need a valid Asciidoc installation to build the manual. If you want to skip this last step, add `-PskipAsciidocIfAbsent=true` to the build command line. The manual will then be missing from the Binary Distribution. Here are some checks to do: - inclusion of releasable modules only - licensing issues (see http://www.apache.org/dev/licensing-howto.html) - build from the source distribution, see README - manual in the binary distribution - goOffline helpers in the binary distribution - use jars from the binary distribution Thanks in advance for your feedback! Cheers /Paul
