OS X Port Fails to Build
John Yeary
johnyeary at gmail.com
Sun Jul 3 06:17:05 PDT 2011
Hello David,
It is interesting that the issue has not arisen before. I did a build the
day before. The only thing that has changed was the new update from Apple
for Java 6 Update 26. I have found some issues with the update.
bluelotus:security jyeary$ ls -l
total 24
-rw-r--r-- 1 root wheel 2469 Jun 17 18:45 US_export_policy.jar
lrwxr-xr-x 1 root wheel 79 Jun 29 09:46 blacklist ->
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/blacklist
lrwxr-xr-x 1 root wheel 81 Jun 29 09:46 cacerts ->
/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security/cacerts
-rw-r--r-- 1 root wheel 3443 Jun 17 18:46 java.policy
-rw-r--r-- 1 root wheel 10273 Jun 17 18:46 java.security
-rw-r--r-- 1 root wheel 2486 Jun 17 18:45 local_policy.jar
-rw-r--r-- 1 root wheel 347 Jun 17 18:46 sunpkcs11-macosx.cfg
lrwxr-xr-x 1 root wheel 87 Jun 29 09:46 trusted.libraries ->
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/trusted.libraries
bluelotus:security jyeary$ ls -l
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/blacklist
ls:
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/blacklist:
No such file or directory
bluelotus:security jyeary$ ls -l
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts
ls:
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/cacerts:
No such file or directory
bluelotus:security jyeary$ ls -l
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/trusted.libraries
ls:
/System/Library/Java/Support/Deploy.bundle/Contents/Home/lib/security/trusted.libraries:
No such file or directory
The links are broken. That would explain why it worked one day, and not the
next day.
John
On Sat, Jul 2, 2011 at 2:49 AM, David Schlosnagle <schlosna at gmail.com>wrote:
> On Fri, Jul 1, 2011 at 8:28 PM, John Yeary <johnyeary at gmail.com> wrote:
> > -jaf_src-url-bundle:
> > [echo] Downloading from
> https://java.net/downloads/jax-ws/JDK7/jdk7-jaf-2010_08_19.zip
> > [get] Getting:
> https://java.net/downloads/jax-ws/JDK7/jdk7-jaf-2010_08_19.zip
> > [get] To:
> /Users/jyeary/Downloads/OpenJDK/macosx-port/build/macosx-universal/jaxws/drop/bundles/jdk7-jaf-2010_08_19.zip.temp
> > [get] Error getting
> https://java.net/downloads/jax-ws/JDK7/jdk7-jaf-2010_08_19.zip to
> /Users/jyeary/Downloads/OpenJDK/macosx-port/build/macosx-universal/jaxws/drop/bundles/jdk7-jaf-2010_08_19.zip.temp
> >
> > BUILD FAILED
> >
> /Users/jyeary/Downloads/OpenJDK/macosx-port/build/macosx-universal/jaxws/build/xml_generated/build-drop-jaf_src.xml:96:
> javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error:
> java.security.InvalidAlgorithmParameterException: the trustAnchors parameter
> must be non-empty
>
> John,
>
> The JDK you are using as your BOOTDIR likely has an empty cacerts, so
> ant cannot download the
> https://java.net/downloads/jax-ws/JDK7/jdk7-jaf-2010_08_19.zip file.
> There are several ways to solve this problem:
>
> Option 1) Use HTTP rather than HTTPS to download the
> jdk7-jaf-2010_08_19.zip. Here's a quick patch for the jaxws repo to do
> just that. I'm wondering if this is something that would make sense to
> push to macosx-port and even upstream.
>
> diff --git a/jaxws.properties b/jaxws.properties
> --- a/jaxws.properties
> +++ b/jaxws.properties
> @@ -36,1 +36,1 @@
> -jaf_src.master.bundle.url.base=https://java.net/downloads/jax-ws/JDK7
> +jaf_src.master.bundle.url.base=http://java.net/downloads/jax-ws/JDK7
>
>
>
> Option 2) Create a drops directory and manually download the necessary
> JAXP and JAX-WS dependencies, and then pass the full path to the
> directory via ALT_DROPS_DIR [1]. This has the nice side effect that
> you can then run offline builds (ALLOW_DOWNLOADS=false) once your
> drops directory is setup. To setup you drop directory:
> cd $YOUR_OPENJDK_REPO
> mkdir drop && \
> cd drop && \
> curl -L -O http://download.java.net/jaxp/1.4.5/jaxp145_01.zip && \
> curl -L -O
>
> http://download.java.net/glassfish/components/jax-ws/openjdk/jdk7/jdk7-jaxws2_2_4-b03-2011_05_27.zip
> && \
> curl -L -O
> http://java.net/downloads/jax-ws/JDK7/jdk7-jaf-2010_08_19.zip
>
> Then when you're building include the following ALT_DROPS_DIR as a
> make argument:
> make \
> ALLOW_DOWNLOADS=false \
> ALT_DROPS_DIR=/full/path/to/your/openjdk/drop \
> ... other options ...
>
>
> Option 3) Pass the path to a valid trust keystore as a system property
> via ANT_OPTS environment variable and set the make flag
> ALLOW_DOWNLOADS=true to download the dependencies at build time. For
> example, assuming you want to use the cacerts from the Apple JDK 6
> [2]:
>
> APPLE_JAVA_6_HOME=`/usr/libexec/java_home -v 1.6`
> CACERTS_FILE=${APPLE_JAVA_6_HOME}/lib/security/cacerts
> unset LC_ALL LANG CLASSPATH JAVA_HOME LD_LIBRARY_PATH;
> cd $YOUR_OPENJDK_REPO
> env -i \
> PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin \
> ANT_OPTS="-Djavax.net.ssl.trustStore=${CACERTS_FILE}" \
> make \
> ALLOW_DOWNLOADS=true \
> ... other options ...
>
> Option 4) Use keytool to fix your trust keystore for your boot JDK by
> importing the proper trusted certificate authorities so that the
> java.net SSL cert can be validated.
>
> Hope that helps. For reference, I've shared my compile.sh that I use
> to build macosx-port.
>
> - Dave
>
> [1]:
> http://hg.openjdk.java.net/jdk7/build/raw-file/tip/README-builds.html#drops
> [2]:
> http://hg.openjdk.java.net/jdk7/build/raw-file/tip/README-builds.html#cacerts
> [3]: https://gist.github.com/1059756
>
--
John Yeary
--
http://javaevangelist.blogspot.com
http://www.johnyeary.com
*@jyeary*
"Far better it is to dare mighty things, to win glorious triumphs, even
though checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray twilight
that knows not victory nor defeat."
-- Theodore Roosevelt
More information about the macosx-port-dev
mailing list