You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Peter Schuller (JIRA)" <ji...@apache.org> on 2010/10/04 22:29:34 UTC
[jira] Created: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
suggest avoiding broken openjdk6 on Debian as build-dep
-------------------------------------------------------
Key: CASSANDRA-1575
URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
Project: Cassandra
Issue Type: Bug
Components: Packaging
Affects Versions: 0.7 beta 2
Environment: Debian lenny
Reporter: Peter Schuller
Priority: Minor
Attachments: trunk-1575.txt
I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
The effect is that when ant tries to download files over SSL, it fails complaining about:
"java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Eric Evans (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Evans resolved CASSANDRA-1575.
-----------------------------------
Resolution: Fixed
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Environment: Debian lenny
> Reporter: Peter Schuller
> Assignee: Eric Evans
> Priority: Minor
> Fix For: 0.6.6, 0.7.0
>
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Peter Schuller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12917782#action_12917782 ]
Peter Schuller commented on CASSANDRA-1575:
-------------------------------------------
And I should stress that this will presumably only help normalized build environments that install build dependencies as required. It doesn't help a user trying to 'ant build', nor a user trying to 'debuild' and happens to have other JDK:s installed, but I'm not sure how to address that in a clean fashion.
Maybe add a note under "requirements" in the README?
(I realize this is catering to a very specific platform, but lenny is presumably pretty common.)
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Environment: Debian lenny
> Reporter: Peter Schuller
> Assignee: Eric Evans
> Priority: Minor
> Fix For: 0.6.6, 0.7.0
>
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Peter Schuller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Schuller updated CASSANDRA-1575:
--------------------------------------
Attachment: trunk-1575.txt
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Affects Versions: 0.7 beta 2
> Environment: Debian lenny
> Reporter: Peter Schuller
> Priority: Minor
> Attachments: trunk-1575.txt
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Jonathan Ellis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Ellis updated CASSANDRA-1575:
--------------------------------------
Reviewer: urandom
Affects Version/s: (was: 0.7 beta 2)
Fix Version/s: 0.7.0
0.6.6
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Environment: Debian lenny
> Reporter: Peter Schuller
> Priority: Minor
> Fix For: 0.6.6, 0.7.0
>
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Peter Schuller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Schuller updated CASSANDRA-1575:
--------------------------------------
Attachment: Trunk1575Test.java
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Affects Versions: 0.7 beta 2
> Environment: Debian lenny
> Reporter: Peter Schuller
> Priority: Minor
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Peter Schuller (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918712#action_12918712 ]
Peter Schuller commented on CASSANDRA-1575:
-------------------------------------------
Sounds reasonable.
That said, maybe the set of people who would try 'ant build' on lenny is significantly larger than those building Debian packages with debuild. For those, a note in README might be helpful.
But again I realize this is catering to a very specific problem. Maybe it's just not worth it.
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Environment: Debian lenny
> Reporter: Peter Schuller
> Assignee: Eric Evans
> Priority: Minor
> Fix For: 0.6.6, 0.7.0
>
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Eric Evans (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12918691#action_12918691 ]
Eric Evans commented on CASSANDRA-1575:
---------------------------------------
First off, thanks for the report, and the background research on it.
To summarize this issue for others, the openjdk-6 package in Lenny is missing the cacerts keystore needed to establish "trust" with SSL enabled servers. I'm guessing this is because it was stripped from Sun's original code dump, because later versions of the package depend on ca-certificates-java which simply maintains a keystore made up of the Debian installed CAs.
Where this creates a problem for Cassandra is in the retrieval of build dependencies with Ivy, where those deps are located on SSL-enabled remote servers. This _only_ occurs on Lenny though, later versions are fine.
As to the attached patch, I'm not convinced that the cure here isn't worse than the disease. Here' s why:
* The problem is only with building a Debian source package, and only on Lenny. I believe this to be a small subset of all users.
* The situation isn't impossible for those that want to build the source package on Lenny. They simply need to install sun-java6 first (or set it to default using update-alternatives if openjdk-6 is already installed).
* The attached patch will result in an uninstallable package for anyone who doesn't have the non-free repository enabled. This is everyone who went through the default installation process.
* Unattended installs of sun-java6 (think chef, puppet, et. al.) are difficult at best because the package prompts for user acceptance of the license.
* If possible, we want to use the same packaging for all versions of Debian and derivatives, and there has been a lot of talk of removing the sun packages from archives.
I think it'd be better to simply document this at http://wiki.apache.org/cassandra/DebianPackaging and leave things as they are. If you disagree, feel free to reopen the report.
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Environment: Debian lenny
> Reporter: Peter Schuller
> Assignee: Eric Evans
> Priority: Minor
> Fix For: 0.6.6, 0.7.0
>
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (CASSANDRA-1575) suggest avoiding broken openjdk6
on Debian as build-dep
Posted by "Eric Evans (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CASSANDRA-1575?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Evans reassigned CASSANDRA-1575:
-------------------------------------
Assignee: Eric Evans
> suggest avoiding broken openjdk6 on Debian as build-dep
> -------------------------------------------------------
>
> Key: CASSANDRA-1575
> URL: https://issues.apache.org/jira/browse/CASSANDRA-1575
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Environment: Debian lenny
> Reporter: Peter Schuller
> Assignee: Eric Evans
> Priority: Minor
> Fix For: 0.6.6, 0.7.0
>
> Attachments: trunk-1575.txt, Trunk1575Test.java
>
>
> I ran into this myself and then today someone was reporting having the same problem on IRC; there is a packaging bug in openjdk6 in lenny:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501487
> The effect is that when ant tries to download files over SSL, it fails complaining about:
> "java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty"
> It turns out this works fine with the Sun JVM. I'm attaching a patch which makes Cassandra build on both lenny and squeeze; however, I am not sure whether other platforms may be negatively affected. The patch just requires an openjdk sufficiently new that the lenny openjdk won't quality. If there are other platforms where we do want an older openjdk, this patch might break that.
> In addition, I removed the "java6-sdk" as a sufficient dependency because that resolved to openjdk-6-jdk on lenny.
> I think it's a good idea to consider changing this just to decrease the initial threshold of adoption for those trying to build from source.
> So: This does fix the build issue on lenny, and doesn't seem to break squeeze, but I cannot promise anything about e.g. ubuntu.
> For the record, I'm also attaching a small self-contained test case which, when run, tries to download one of the offending pom files. It can be used to easily test weather the SSL download with work with a particular JVM.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.