IcedTea6 build failed for b41a73ca64e6 (--enable-nss)

Andrew Hughes ahughes at redhat.com
Thu Aug 16 04:02:17 PDT 2012 


----- Original Message -----
> Hi Andrew,
> 
> I am trying to figure out what goes wrong with this build, but don't
> really understand the nss stuff. See below some analysis. I assume
> some
> file names are wrong, but I don't know which.
> 
> On Thu, 2012-08-16 at 06:37 +0000, Mark Wielaard wrote:
> > The current IcedTea6 build fails.
> > 
> > More info at http://builder.wildebeest.org/icedtea/icedtea6/
> 
> Note that this is a build using configure --enable-nss
> 
> > cp -v /usr/local/build/icedtea6-build/zerovm/nss.cfg \
> > 	  /usr/local/build/icedtea6-build/zerovm/openjdk.build/j2sdk-image/jre/lib/security
> > `/usr/local/build/icedtea6-build/zerovm/nss.cfg' ->
> > `/usr/local/build/icedtea6-build/zerovm/openjdk.build/j2sdk-image/jre/lib/security'
> > cp -v /usr/local/build/icedtea6-build/zerovm/nss.cfg \
> > 	  /usr/local/build/icedtea6-build/zerovm/openjdk.build/j2re-image/lib/security
> > `/usr/local/build/icedtea6-build/zerovm/nss.cfg' ->
> > `/usr/local/build/icedtea6-build/zerovm/openjdk.build/j2re-image/lib/security'
> 
> So here we copy nss.cfg to the file security under
> j2sdk-image/jre/lib/security and j2re-image/lib/security
> 
> > rm -f stamps/add-nss.stamp.tmp
> > touch stamps/add-nss.stamp.tmp
> > all_patches_ok=yes; \
> > 	for dir in
> > 	/usr/local/build/icedtea6-build/zerovm/openjdk.build/{j2sdk-image/jre,j2re-image}
> > 	; \
> > 	do \
> > 	  pushd $dir ; \
> > 	  cp -v $dir/lib/security/java.security{,.old} ; \
> > 	  for p in patches/nss-config.patch ; \
> > 	  do \
> > 	    if test x${all_patches_ok} = "xyes" \
> > 	      && echo Checking $p \
> > 	      && /usr/bin/patch -l -p0 --dry-run -s -t -f -F0 \
> > 	        < /usr/local/build/icedtea6/$p ; \
> > 	    then \
> > 	      echo Applying $p ; \
> > 	      /usr/bin/patch -l -p0 -F0 < /usr/local/build/icedtea6/$p ; \
> > 	      if ! grep "^\* $(basename $p)"
> > 	      /usr/local/build/icedtea6/HACKING \
> > 	        >> /usr/local/build/icedtea6-build/zerovm/stamps/add-nss.stamp.tmp
> > 	        >> ; \
> > 	      then \
> > 	        echo "* $(basename $p): UNDOCUMENTED" \
> > 	          >> /usr/local/build/icedtea6-build/zerovm/stamps/add-nss.stamp.tmp
> > 	          >> ; \
> > 	      fi ; \
> > 	    else \
> > 	      test x${all_patches_ok} = "xyes" && all_patches_ok=$p ; \
> > 	    fi ; \
> > 	  done ; \
> > 	  popd ; \
> > 	done ; \
> > 	mv stamps/add-nss.stamp.tmp stamps/add-nss.stamp ; \
> > 	if ! test x${all_patches_ok} = "xyes"; then \
> > 	  echo ERROR patch ${all_patches_ok} FAILED! ; \
> > 	  echo WARNING make clean-add-nss before retrying a fix ; \
> > 	  exit 2; \
> > 	fi
> > /usr/local/build/icedtea6-build/zerovm/openjdk.build/j2sdk-image/jre
> > /usr/local/build/icedtea6-build/zerovm
> > cp: accessing
> > `/usr/local/build/icedtea6-build/zerovm/openjdk.build/j2sdk-image/jre/lib/security/java.security.old':
> > Not a directory
> 
> But here we seem to want to copy a file called java.security which we
> expect to be under the directory lib/security. But above we just
> created
> that lib/security as file, so it isn't an directory under which other
> files can be.
> 
> > Checking patches/nss-config.patch
> > 1 out of 1 hunk FAILED -- saving rejects to file
> > lib/security/java.security.rej
> > /usr/local/build/icedtea6-build/zerovm
> > /usr/local/build/icedtea6-build/zerovm/openjdk.build/j2re-image
> > /usr/local/build/icedtea6-build/zerovm
> > cp: accessing
> > `/usr/local/build/icedtea6-build/zerovm/openjdk.build/j2re-image/lib/security/java.security.old':
> > Not a directory
> > /usr/local/build/icedtea6-build/zerovm
> > ERROR patch patches/nss-config.patch FAILED!
> 
> And then we try to patch and cp again the file
> lib/security/java.security that doesn't exists.
> 
> Do you know what the intention is, which file should be called what
> and
> be under which directory?

Something about your build is borked.  lib/security or jre/lib/security should be produced by the
build before these rules run.  From a plain JDK build (OpenJDK8 tl in this case):

$ ls /mnt/builder/tl/j2sdk-image/jre/lib/security
cacerts  java.policy  java.security  local_policy.jar  US_export_policy.jar

$ ls /mnt/builder/tl/j2re-image/lib/security
cacerts  java.policy  java.security  local_policy.jar  US_export_policy.jar

So is your OpenJDK build failing earlier on?  And if it is, why are these rules being run?

Things work fine here:

$ cat /mnt/builder/logs/icedtea6.sh.errors |grep nss\.cfg
config.status: creating nss.cfg
cp -v /home/andrew/builder/icedtea6/nss.cfg \
‘/home/andrew/builder/icedtea6/nss.cfg’ -> ‘/home/andrew/builder/icedtea6/openjdk.build-ecj/j2sdk-image/jre/lib/security/nss.cfg’
cp -v /home/andrew/builder/icedtea6/nss.cfg \
‘/home/andrew/builder/icedtea6/nss.cfg’ -> ‘/home/andrew/builder/icedtea6/openjdk.build-ecj/j2re-image/lib/security/nss.cfg’
cp -v /home/andrew/builder/icedtea6/nss.cfg \
‘/home/andrew/builder/icedtea6/nss.cfg’ -> ‘/home/andrew/builder/icedtea6/openjdk.build/j2sdk-image/jre/lib/security/nss.cfg’
cp -v /home/andrew/builder/icedtea6/nss.cfg \
‘/home/andrew/builder/icedtea6/nss.cfg’ -> ‘/home/andrew/builder/icedtea6/openjdk.build/j2re-image/lib/security/nss.cfg’

That's what you should be seeing.

It looks like your build has always been broken, but has only now come to light due to recent changes.
Nothing new has been added.  The patching of java.security has merely been moved from before the build
to afterwards, so that the build itself doesn't have an PKCS11 provider configured with a missing
configuration file.

> 
> Thanks,
> 
> Mark
> 

-- 
Andrew :)

Free Java Software Engineer
Red Hat, Inc. (http://www.redhat.com)

PGP Key: 248BDC07 (https://keys.indymedia.org/)
Fingerprint = EC5A 1F5E C0AD 1D15 8F1F  8F91 3B96 A578 248B DC07

More information about the distro-pkg-dev mailing list