You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@accumulo.apache.org by haydenmarchant <gi...@git.apache.org> on 2014/07/01 14:20:25 UTC
[GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures where no RNG ...
GitHub user haydenmarchant opened a pull request:
https://github.com/apache/accumulo/pull/11
ACCUMULO-2943 Fixing failures where no RNG "SUN" provider
Both org.apache.accumulo.core.security.crypto.CrypoTest &
org.apache.accumulo.core.file.rfile.RFileTest have lots of failures
due to calls to SecureRandom with Random Number Generator Provider
hard-coded as Sun. The IBM JVM has it's own built in RNG Provider
called IBMJCE. 2 issues - hard-coded calls to
SecureRandom.getInstance(<algo>,"SUN") and also default value in
Property class is "SUN".
Most failures are due to the CryptoModuleParameters instance being
populated with default value of Crypto Secure RNG Provider, in
particular, the following line from CryptoModelFactory.fillParamsObjectFromStringMap():
params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
Since the default as described in Property class for RNG provider
is "SUN", I have made an override mechanism in which a default
property can be overidden by passing System property of same name.
Any property with annotation @SystemOverride has this functionality
enabled. So, when using a JVM which does not have the "SUN" RNG
Provider, a system property (-Dcrypto.secure.rng.provider={provname})
can be added to the parent pom.xml in the surefire plugin definition
(same location as the max memory for tests).
In addition, CryptoTest.testCryptoModuleParamsParsing() has been
changed to read from a separate config file since it just focuses on
parsing of params and not the actual instantiation of providers etc...
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/haydenmarchant/accumulo ACCUMULO-2943
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/accumulo/pull/11.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #11
----
commit cc9ab93aa31f517fca4fe7ccfd7caf7160e07603
Author: haydenmarchant <ha...@gmail.com>
Date: 2014-07-01T12:12:32Z
ACCUMULO-2943 Fixing failures where no RNG "SUN" provider
Both org.apache.accumulo.core.security.crypto.CrypoTest &
org.apache.accumulo.core.file.rfile.RFileTest have lots of failures
due to calls to SecureRandom with Random Number Generator Provider
hard-coded as Sun. The IBM JVM has it's own built in RNG Provider
called IBMJCE. 2 issues - hard-coded calls to
SecureRandom.getInstance(<algo>,"SUN") and also default value in
Property class is "SUN".
Most failures are due to the CryptoModuleParameters instance being
populated with default value of Crypto Secure RNG Provider, in
particular, the following line from CryptoModelFactory.fillParamsObjectFromStringMap():
params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
Since the default as described in Property class for RNG provider
is "SUN", I have made an override mechanism in which a default
property can be overidden by passing System property of same name.
Any property with annotation @SystemOverride has this functionality
enabled. So, when using a JVM which does not have the "SUN" RNG
Provider, a system property (-Dcrypto.secure.rng.provider={provname})
can be added to the parent pom.xml in the surefire plugin definition
(same location as the max memory for tests).
In addition, CryptoTest.testCryptoModuleParamsParsing() has been
changed to read from a separate config file so the on/off variants,
since it just focuses on parsing of params.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
Re: [GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures
where no RNG ...
Posted by Eric Newton <er...@gmail.com>.
I'm confused... the diff contains updates to the pom for newer dependencies
(jetty, log4j). Is the patch against 1.6 or master?
I'm not a regular github user (and my git knowledge consists of a bunch of
questions to [~elserj]). It looks like the patch contains some changes not
strictly related to the RNG provider.
-Eric
On Tue, Jul 1, 2014 at 8:20 AM, haydenmarchant <gi...@git.apache.org> wrote:
> GitHub user haydenmarchant opened a pull request:
>
> https://github.com/apache/accumulo/pull/11
>
> ACCUMULO-2943 Fixing failures where no RNG "SUN" provider
>
> Both org.apache.accumulo.core.security.crypto.CrypoTest &
> org.apache.accumulo.core.file.rfile.RFileTest have lots of failures
> due to calls to SecureRandom with Random Number Generator Provider
> hard-coded as Sun. The IBM JVM has it's own built in RNG Provider
> called IBMJCE. 2 issues - hard-coded calls to
> SecureRandom.getInstance(<algo>,"SUN") and also default value in
> Property class is "SUN".
>
> Most failures are due to the CryptoModuleParameters instance being
> populated with default value of Crypto Secure RNG Provider, in
> particular, the following line from
> CryptoModelFactory.fillParamsObjectFromStringMap():
>
>
> params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
>
> Since the default as described in Property class for RNG provider
> is "SUN", I have made an override mechanism in which a default
> property can be overidden by passing System property of same name.
> Any property with annotation @SystemOverride has this functionality
> enabled. So, when using a JVM which does not have the "SUN" RNG
> Provider, a system property (-Dcrypto.secure.rng.provider={provname})
> can be added to the parent pom.xml in the surefire plugin definition
> (same location as the max memory for tests).
>
> In addition, CryptoTest.testCryptoModuleParamsParsing() has been
> changed to read from a separate config file since it just focuses on
> parsing of params and not the actual instantiation of providers etc...
>
> You can merge this pull request into a Git repository by running:
>
> $ git pull https://github.com/haydenmarchant/accumulo ACCUMULO-2943
>
> Alternatively you can review and apply these changes as the patch at:
>
> https://github.com/apache/accumulo/pull/11.patch
>
> To close this pull request, make a commit to your master/trunk branch
> with (at least) the following in the commit message:
>
> This closes #11
>
> ----
> commit cc9ab93aa31f517fca4fe7ccfd7caf7160e07603
> Author: haydenmarchant <ha...@gmail.com>
> Date: 2014-07-01T12:12:32Z
>
> ACCUMULO-2943 Fixing failures where no RNG "SUN" provider
>
> Both org.apache.accumulo.core.security.crypto.CrypoTest &
> org.apache.accumulo.core.file.rfile.RFileTest have lots of failures
> due to calls to SecureRandom with Random Number Generator Provider
> hard-coded as Sun. The IBM JVM has it's own built in RNG Provider
> called IBMJCE. 2 issues - hard-coded calls to
> SecureRandom.getInstance(<algo>,"SUN") and also default value in
> Property class is "SUN".
>
> Most failures are due to the CryptoModuleParameters instance being
> populated with default value of Crypto Secure RNG Provider, in
> particular, the following line from
> CryptoModelFactory.fillParamsObjectFromStringMap():
>
>
> params.setRandomNumberGeneratorProvider(cryptoOpts.get(Property.CRYPTO_SECURE_RNG_PROVIDER.getKey()));
>
> Since the default as described in Property class for RNG provider
> is "SUN", I have made an override mechanism in which a default
> property can be overidden by passing System property of same name.
> Any property with annotation @SystemOverride has this functionality
> enabled. So, when using a JVM which does not have the "SUN" RNG
> Provider, a system property (-Dcrypto.secure.rng.provider={provname})
> can be added to the parent pom.xml in the surefire plugin definition
> (same location as the max memory for tests).
>
> In addition, CryptoTest.testCryptoModuleParamsParsing() has been
> changed to read from a separate config file so the on/off variants,
> since it just focuses on parsing of params.
>
> ----
>
>
> ---
> If your project is set up for it, you can reply to this email and have your
> reply appear on GitHub as well. If your project does not have this feature
> enabled and wishes so, or if the feature is enabled but not working, please
> contact infrastructure at infrastructure@apache.org or file a JIRA ticket
> with INFRA.
> ---
>
[GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures where no RNG ...
Posted by madrob <gi...@git.apache.org>.
Github user madrob commented on a diff in the pull request:
https://github.com/apache/accumulo/pull/11#discussion_r14403671
--- Diff: core/src/main/java/org/apache/accumulo/core/conf/Property.java ---
@@ -504,7 +508,11 @@ public boolean isDeprecated() {
}
public boolean isSensitive() {
- return hasAnnotation(Sensitive.class) || hasPrefixWithAnnotation(getKey(), Sensitive.class);
+ return hasAnnotation(Sensitive.class) || hasPrefixWithAnnotation(getKey(), Sensitive.class);
--- End diff --
Please try to minimize your patch set to only the affected lines. If there are outstanding formatting issues, we can address those in another patch.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures where no RNG ...
Posted by busbey <gi...@git.apache.org>.
Github user busbey commented on the pull request:
https://github.com/apache/accumulo/pull/11#issuecomment-47675001
please make sure your commit is against the current head of the earliest dev branch the jira is filed against. It looks like some of your pom changes are out of date.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures where no RNG ...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/accumulo/pull/11
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] accumulo pull request: ACCUMULO-2943 Fixing failures where no RNG ...
Posted by haydenmarchant <gi...@git.apache.org>.
Github user haydenmarchant commented on the pull request:
https://github.com/apache/accumulo/pull/11#issuecomment-48521194
rebased with latest 1.6.1-SNAPSHOT, and removed pom.xml that accidentally sneaked into previous commit.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---