Re: [ee4j-build] GF merge job & trust anchors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ee4j-build] GF merge job & trust anchors

From: Romain Grecourt <romain.grecourt@xxxxxxxxxx>
Date: Fri, 30 Nov 2018 11:10:45 -0800
Delivered-to: ee4j-build@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/ee4j-build>
List-help: <mailto:ee4j-build-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/ee4j-build>, <mailto:ee4j-build-request@eclipse.org?subject=unsubscribe>
Organization: Oracle Coporation
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.3.1

On 11/30/18 10:17 AM, arjan tijms wrote:

Hi,

When doing a PR against GlassFish, it runs into the dreaded trust anchors issue:

Failed to execute goal on project jsf-connector: Could not resolve dependencies for project org.glassfish.main.web:jsf-connector:glassfish-jar:5.0.1-SNAPSHOT: Failed to collect dependencies at org.glassfish:jakarta.faces:jar:2.3.9: Failed to read artifact descriptor for org.glassfish:jakarta.faces:jar:2.3.9: Could not transfer artifact org.glassfish:jakarta.faces:pom:2.3.9 from/to sonatype-nexus-staging (https://oss.sonatype.org/content/repositories/staging): java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

This is probably a setup issue.

Can someone perhaps make the trust anchors non-empty? (most often can be solved by either pointing the JDK explicitly to a trust store, or simply by resuming the build).

See: https://github.com/eclipse-ee4j/glassfish/pull/22644

Here is the state of my current investigations...

JDK1.8u181 does bundle a cacerts file that does not include amazon root ca certificates.
Both oss.sonatype.org and maven.java.net are signed by amazon.
Note that the docker image has updated cacerts, see https://github.com/docker-library/openjdk/blob/7a33416016b60c045cf0ba99e82617ed6c130595/8/jdk/Dockerfile

The issue does *only* occur in some part of the Maven reactor.
Using "dependency:get" before the build just works...

It does work when setting -Djavax.net.ssl.trustStore=$JAVA_HOME/jre/lib/security/cacerts in MAVEN_OPTS.
It does also work when using -DskipTests.
This makes me think that this is caused by some test that's running in the same JVM as Maven.

There are ugly workarounds we could use right now to un-block this, like settings -Djavax.net.ssl.trustStore or refresh the cacerts in the workspace.
I'd prefer to get to the bottom of this and identify the real culprit.

Kind regards,

Arjan

_______________________________________________
ee4j-build mailing list
ee4j-build@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/ee4j-build

Follow-Ups:
- Re: [ee4j-build] GF merge job & trust anchors
  - From: Romain Grecourt

References:
- [ee4j-build] GF merge job & trust anchors
  - From: arjan tijms

Prev by Date: Re: [ee4j-build] 2018-11-28 Meeting Notes
Next by Date: Re: [ee4j-build] GF merge job & trust anchors
Previous by thread: [ee4j-build] GF merge job & trust anchors
Next by thread: Re: [ee4j-build] GF merge job & trust anchors
Index(es):
- Date
- Thread

Breadcrumbs