Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openjdk17 is having trouble with SSL #370

Open
vkz opened this issue Nov 23, 2023 · 0 comments
Open

openjdk17 is having trouble with SSL #370

vkz opened this issue Nov 23, 2023 · 0 comments

Comments

@vkz
Copy link

vkz commented Nov 23, 2023

Affected images:

  • base-64-lts
  • base-64-trunk

Likely culprit

openjdk17 but opnejdk11 appears to work just fine

Gist of it:

when Java attempts to transfer artifacts from https://repo1.maven.org/maven2/ getting this error
javax.net.ssl.SSLException: Received fatal alert: bad_record_mac

Full Stacktrace 
Error building classpath. Failed to read artifact descriptor for org.clojure:clojure:jar:1.11.1
org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for org.clojure:clojure:jar:1.11.1
        at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:255)
        at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:171)
        at org.eclipse.aether.internal.impl.DefaultRepositorySystem.readArtifactDescriptor(DefaultRepositorySystem.java:263)
        at clojure.tools.deps.alpha.extensions.maven$read_descriptor.invokeStatic(maven.clj:115)
        at clojure.tools.deps.alpha.extensions.maven$fn__1137.invokeStatic(maven.clj:143)
        at clojure.tools.deps.alpha.extensions.maven$fn__1137.invoke(maven.clj:143)
        at clojure.lang.MultiFn.invoke(MultiFn.java:244)
        at clojure.tools.deps.alpha$expand_deps$children_task__773$fn__775$fn__776.invoke(alpha.clj:405)
        at clojure.tools.deps.alpha.util.concurrent$submit_task$task__481.invoke(concurrent.clj:35)
        at clojure.lang.AFn.call(AFn.java:18)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
        at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.clojure:clojure:pom:1.11.1 from/to central (https://repo1.maven.org/maven2/): Received fatal alert: bad_record_mac
        at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:431)
        at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:235)
        at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:212)
        at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:240)
        ... 13 more
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.clojure:clojure:pom:1.11.1 from/to central (https://repo1.maven.org/maven2/): Received fatal alert: bad_record_mac
        at org.eclipse.aether.connector.basic.ArtifactTransportListener.transferFailed(ArtifactTransportListener.java:52)
        at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:401)
        at org.eclipse.aether.util.concurrency.RunnableErrorForwarder.lambda$wrap$0(RunnableErrorForwarder.java:73)
        at org.eclipse.aether.connector.basic.BasicRepositoryConnector$DirectExecutor.execute(BasicRepositoryConnector.java:669)
        at org.eclipse.aether.connector.basic.BasicRepositoryConnector.get(BasicRepositoryConnector.java:290)
        at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:520)
        at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:408)
        ... 16 more
Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_record_mac
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:358)
        at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
        at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1505)
        at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1420)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
        at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376)
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
        at org.eclipse.aether.transport.http.HttpTransporter.execute(HttpTransporter.java:359)
        at org.eclipse.aether.transport.http.HttpTransporter.implGet(HttpTransporter.java:294)
        at org.eclipse.aether.spi.connector.transport.AbstractTransporter.get(AbstractTransporter.java:72)
        at org.eclipse.aether.connector.basic.BasicRepositoryConnector$GetTaskRunner.runTask(BasicRepositoryConnector.java:496)
        at org.eclipse.aether.connector.basic.BasicRepositoryConnector$TaskRunner.run(BasicRepositoryConnector.java:396)
        ... 21 more

Detailed steps

pkgin up
pkgin upgrade
pkgin in clojure
# ^^ depends on openjdk17
# try it
clojure
# or start a repl
clj

and you get the above stacktrace.

What happens? Clojure attempts to build classpath and pull packages it needs from Maven Central. Looks to me like Java blows up during SSL handshake or exchange or establishing a protocol.

Just to be sure I confirmed that Maven responds with TLSv1.2:

curl -vvvv -k https://repo1.maven.org/maven2/  |  head

Tried forcing Java's hand with esoteric nonsense like:

JAVA_OPTS="-Dhttps.protocols=TLSv1.2 -Djavax.net.debug=all -Djdk.tls.client.protocols=TLSv1.2" && clojure

which had no effect whatsoever, so I'm thinking problem is fundamental to openjdk17 build.

openjdk11 works or how to fix clojure package

$ which clojure
/opt/local/bin/clojure

is just a bash script that hardcodes on L181

JAVA_CMD=${JAVA_CMD:-$(type -p /opt/local/java/openjdk17/bin/java)}

which we can change by hand

JAVA_CMD=${JAVA_CMD:-$(type -p /opt/local/java/openjdk11/bin/java)}

now pkgin in openjdk11 and clojure works.

What are the chances of this being fixed?

I'm new here and don't know how active people are fixing and contributing. What are the chances that openjdk17 gets fixed and subsequent versions become available in packages?

Thank you
jperkin pushed a commit that referenced this issue Feb 23, 2024
devel/git-cliff: update to 2.0.2
94f8ddc 
✨ Read the highlights of this release: https://git-cliff.org/blog/2.0.0
⛰️ Features
    (args) Add --no-exec flag for skipping command execution (#458) - (7ae77ff)
    (args) Add -x short argument for --context - (327512a)
    (args) Support initialization with built-in templates (#370) - (4bee628)
    (args) Allow returning the bumped version (#362) - (5e01e4c)
    (args) Set CHANGELOG.md as default missing value for output option (#354) - (04d149e)
    (changelog) Set the timestamp of the previous release - (d408e63)
    (changelog) Improve skipping via .cliffignore and --skip-commit (#413) - (faa00c6)
    (changelog) Support tag prefixes with --bump (#347) - (2399e57)
    (changelog) [breaking] Set tag to 0.0.1 via --bump if no tags exist - (3291eb9)
    (changelog) [breaking] Support templating in the footer (#369) - (0945fa8)
    (commit) Add merge_commit flag to the context (#389) - (dd27a9a)
    (github) [breaking] Support integration with GitHub repos (#363) - (5238326)
    (parser) Support using SHA1 of the commit (#385) - (1039f85)
    (parser) Support using regex scope values (#372) - (19e65c2)
    (template) Support using PR labels in the GitHub template (#467) - (30d15bb)
    (template) Support using PR title in the GitHub template (#418) - (6f32f33)
    (website) Add search bar to the website - (2d30491)

🐛 Bug Fixes
    (cd) Use workaround for linux-arm64-glibc maturin builds - (dc79ed5)
    (cd) Disable PyPI publish for linux-arm64-glibc - (e24af12)
    (cd) Avoid creating artifacts with the same name - (1647fd8)
    (cd) Fix embedding examples for crates.io release - (46b7d88)
    (changelog) Fix previous version links (#364) - (44c93b7)
    (changelog) Set the correct previous tag when a custom tag is given - (6203f77)
    (ci) Update cargo-msrv arguments - (131dd10)
    (cli) Fix broken pipe when stdout is interrupted (#407) - (bdce4b5)
    (commit) Trim the trailing newline from message (#403) - (514ca4b)
    (git) Sort commits in topological order (#415) - (29bf355)
    (links) Skip checking the GitHub commit URLs - (273d6dc)
    (website) Use node version 18 - (46dcce3)
    (website) Use prism-react-renderer v2 with docusaurus - (664ff9b)
    Allow version bump with a single previous release - (d65aec9)

🚜 Refactor
    (changelog) Support --bump for processed releases (#408) - (89e4c72)
    (ci) Use hardcoded workspace members for cargo-msrv command - (ec6035a)
    (ci) Simplify cargo-msrv installation - (f04bf6e)
    (clippy) Apply clippy suggestions - (b23dd3e)
    (clippy) Apply clippy suggestions - (a38c3fa)
    (config) Use postprocessors for checking the typos - (764e858)
    (config) Remove unnecessary newline from configs - (8edec7f)

📚 Documentation
    (configuration) Fix typo (#466) - (34a58e6)
    (fixtures) Add instructions for adding new fixtures - (8290769)
    (readme) Mention RustLab 2023 talk - (668a957)
    (readme) Use the raw link for the animation - (2c524b8)
    (security) Update security policy - (fcaa502)
    (website) Add highlights for 2.0.0 (#504) - (49684d0)
    (website) Improve matching gitmoji tip (#486) - (0731646)
    (website) Add tips and tricks section - (82e93c2)
    (website) Add tip about link parsers - (4bd47a6)
    (website) Add git-cliff animation to the website (#404) - (0561124)
    (website) Split the configuration section - (67486cc)
    (website) Add installation instructions for Homebrew (#357) - (b2f8091)

🎨 Styling
    (website) Add GitHub logo to the header - (1da7cac)
    (website) [breaking] Use dark theme as default - (dcc5116)

🧪 Testing
    (changelog) Use the correct version for missing tags - (0ca4cdb)
    (fixture) Update the date for example test fixture - (991a035)
    (fixture) Add test fixture for bumping version - (c94cb6a)
    (fixtures) Update the bumped value output to add prefix - (f635bae)

⚙️ Miscellaneous Tasks
    (changelog) Disable the default behavior of next-version (#343) - (4eef684)
    (changelog) Use 0.1.0 as default next release if no tag is found - (3123fd2)
    (command) Explicitly set the directory of command to current dir - (722efd6)
    (config) Skip dependabot commits for dev updates - (7f89160)
    (config) Revamp the configuration files - (9500bf8)
    (config) Use postprocessors for checking the typos - (5212cc9)
    (dependabot) Group the dependency updates for creating less PRs - (c6a92bf)
    (docker) Update versions in Dockerfile - (51198a5)
    (embed) Do not allow missing docs - (7754cab)
    (example) Use full links in GitHub templates (#503) - (a521891)
    (example) Remove limited commits example - (8e1e0d7)
    (github) Update templates about GitHub integration - (3f5107a)
    (mergify) Don't update PRs for the main branch - (96a220c)
    (project) Add readme to core package - (9e6bad2)
    (project) Bump MSRV to 1.74.1 - (bd5e4d2)
    (project) Update copyright years - (edc6bc0)
    (website) Fix URLs in navigation bar (#438) - (70cab99)
    (website) Rename the header for GitHub integration - (3fd9476)
    (website) Fix broken anchors - (34593dd)
    (website) Bump docusaurus to 3.1.0 - (af4482b)
    (website) Update the titles for distro installations - (ff2881b)
    (website) Add Mastodon link to the website - (2e761c9)
jperkin pushed a commit that referenced this issue Mar 4, 2024
audio/spotify-player: update to 0.17.0
0239294 
v0.17.0 is a new release with a lot of features, bug fixes, and specifically a
patch fixing a very annoying Spotify API bug.

This release also marks a big milestone for the project: 1k ⭐ 🥳🥳🥳 .
Thanks everyone for contributing, using, and starring the project!

What's Changed
    Add custom text input widget with cursor, to use in search page by @micleo2 in #329
    chore: update github actions by @LucasFA in #339
    reset buffered playback upon handling GetCurrentPlayback request by @aome510 in #341
    docs: fixes keymap command name by @massivebird in #342
    chore(docs): Remove unneeded explicit link by @LucasFA in #344
    Wait for the copy command to exit. by @Fuyukai in #346
    build: use cross for cross-compilation, locally and in CD by @LucasFA in #343
    feat: Souvlaki 0.7.0 and Linux Dbus volume control support by @LucasFA in #348
    extend capabilities for ShowActionsOn* commands by @aome510 in #352
    handle title padding with hidden borders by @aome510 in #351
    update dependencies, bump lyric_finder to v0.1.5 by @aome510 in #353
    Add miscellaneous UI code changes by @aome510 in #354
    update issue templates by @aome510 in #366
    fix clippy warning by @aome510 in #367
    re-create a new session when restarting the integrated client by @aome510 in #370
    Don't create streaming connections for non-streaming instances by @Schnouki in #371
    Remove winit from compilation on Linux by @LucasFA in #372
    Explicit cargo-binstall support by @LucasFA in #377
    Add popup for creating new playlist by @aome510 in #379
    Make Daemon feature imply streaming feature by @LucasFA in #376
    use liked icon's length to configure the column's width by @aome510 in #380
    Patch spotify API bugs by @aome510 in #386
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vkz