Closed
Bug 718069
Opened 12 years ago
Closed 12 years ago
Install Java unlimited strength jurisdiction files on Jenkins server
Categories
(mozilla.org Graveyard :: Server Operations, task)
mozilla.org Graveyard
Server Operations
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: gps, Assigned: fox2mike)
References
Details
When compiling Android Sync on ci.jenkins.org, we're getting a bunch of errors in the Java crypto stack as seen at https://ci.mozilla.org/job/sync-android/org.mozilla.gecko$android-sync/28/testReport/org.mozilla.android.sync.test/TestCollectionKeys/testSetKeysFromWBO/ Internet sleuthing has revealed that the problem is that Sun^H^H^HOracle's Java crypto libraries are handicapped by default to satisfy ancient export laws. And, Sync's crypto is beyond this threshold. To work around this, you need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files available from http://www.oracle.com/technetwork/java/javase/downloads/index.html. Basically, copy the files from the downloaded archive into $JAVA_HOME/jre/lib/security (likely overwriting existing files). I'm not sure if RHEL has a package to manage this. Alternatively, you may consider changing the Java install on the Jenkins server to one of the open source ones. You will likely be doing this in the next few months anyway, as Java SE from Oracle won't be free after July this year. Whatever you do, Jenkins will probably require a restart to pick up the changes.
Assignee | ||
Comment 1•12 years ago
|
||
(In reply to Gregory Szorc [:gps] from comment #0) > Alternatively, you may consider changing the Java install on the Jenkins > server to one of the open source ones. You will likely be doing this in the > next few months anyway, as Java SE from Oracle won't be free after July this > year. We already run openjdk, I'm not sure which version(s) you were referring to. [root@jenkins1.dmz.phx1 ~]# java -version java version "1.6.0_22" Java(TM) SE Runtime Environment (build 1.6.0_22-b04) Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode) [root@jenkins1.dmz.phx1 ~]# rpm -qa | grep -i java java-1.6.0-openjdk-devel-1.6.0.0-1.42.1.10.4.el6_2.x86_64 java-1.6.0-sun-devel-1.6.0.22-1jpp.1.el6.x86_64 java-1.6.0-openjdk-1.6.0.0-1.42.1.10.4.el6_2.x86_64 java-1.5.0-gcj-1.5.0.0-29.1.el6.x86_64 java_cup-0.10k-5.el6.x86_64 java-1.6.0-sun-1.6.0.22-1jpp.1.el6.x86_64 tzdata-java-2011h-3.el6.noarch So it seems like we have the openjdk and the sun jre installed. I'm not sure don't know who added the jre to the machine...
Assignee: server-ops → shyam
Reporter | ||
Comment 2•12 years ago
|
||
https://ci.mozilla.org/systemInfo seems to indicate Sun JRE is in use by Jenkins.
Reporter | ||
Comment 3•12 years ago
|
||
Is there an ETA on this bug? The current state is leading to false test failures in the Android Sync project and makes it difficult to diagnose regressions.
Assignee | ||
Comment 4•12 years ago
|
||
Sorry, I was away travelling and on PTO. I dug around some more and found some interesting stuff. 1) /usr/bin/java was a symlink to /etc/alternatives/java and 2) [root@jenkins1.dmz.phx1 ~]# alternatives --display java java - status is auto. link currently points to /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java - priority 16000 slave javaws: (null) slave keytool: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/keytool slave orbd: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/orbd slave pack200: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/pack200 slave policytool: (null) slave rmid: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/rmid slave rmiregistry: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/rmiregistry slave servertool: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/servertool slave tnameserv: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/tnameserv slave unpack200: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/unpack200 slave jre_exports: /usr/lib/jvm-exports/jre-1.6.0-openjdk.x86_64 slave jre: /usr/lib/jvm/jre-1.6.0-openjdk.x86_64 slave java.1.gz: /usr/share/man/man1/java-java-1.6.0-openjdk.1.gz slave javaws.1.gz: (null) slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.6.0-openjdk.1.gz slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.6.0-openjdk.1.gz slave pack200.1.gz: /usr/share/man/man1/pack200-java-1.6.0-openjdk.1.gz slave policytool.1.gz: (null) slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.6.0-openjdk.1.gz slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.6.0-openjdk.1.gz slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.6.0-openjdk.1.gz slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.6.0-openjdk.1.gz slave unpack200.1.gz: /usr/share/man/man1/unpack200-java-1.6.0-openjdk.1.gz /usr/lib/jvm/jre-1.5.0-gcj/bin/java - priority 1500 slave javaws: (null) slave keytool: /usr/lib/jvm/jre-1.5.0-gcj/bin/keytool slave orbd: (null) slave pack200: (null) slave policytool: (null) slave rmid: (null) slave rmiregistry: /usr/lib/jvm/jre-1.5.0-gcj/bin/rmiregistry slave servertool: (null) slave tnameserv: (null) slave unpack200: (null) slave jre_exports: /usr/lib/jvm-exports/jre-1.5.0-gcj slave jre: /usr/lib/jvm/jre-1.5.0-gcj slave java.1.gz: (null) slave javaws.1.gz: (null) slave keytool.1.gz: (null) slave orbd.1.gz: (null) slave pack200.1.gz: (null) slave policytool.1.gz: (null) slave rmid.1.gz: (null) slave rmiregistry.1.gz: (null) slave servertool.1.gz: (null) slave tnameserv.1.gz: (null) slave unpack200.1.gz: (null) /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java - priority 160022 slave javaws: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/javaws slave keytool: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/keytool slave orbd: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/orbd slave pack200: (null) slave policytool: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/policytool slave rmid: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/rmid slave rmiregistry: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/rmiregistry slave servertool: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/servertool slave tnameserv: /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/tnameserv slave unpack200: (null) slave jre_exports: /usr/lib/jvm-exports/jre-1.6.0-sun.x86_64 slave jre: /usr/lib/jvm/jre-1.6.0-sun.x86_64 slave java.1.gz: /usr/share/man/man1/java-java-1.6.0-sun.x86_64.1.gz slave javaws.1.gz: /usr/share/man/man1/javaws-java-1.6.0-sun.1.gz slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.6.0-sun.x86_64.1.gz slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.6.0-sun.x86_64.1.gz slave pack200.1.gz: (null) slave policytool.1.gz: /usr/share/man/man1/policytool-java-1.6.0-sun.x86_64.1.gz slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.6.0-sun.x86_64.1.gz slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.6.0-sun.x86_64.1.gz slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.6.0-sun.x86_64.1.gz slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.6.0-sun.x86_64.1.gz slave unpack200.1.gz: (null) Current `best' version is /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java. Which is why we had the jre running instead of the jdk. I then did the following : [root@jenkins1.dmz.phx1 ~]# alternatives --config java There are 3 programs which provide 'java'. Selection Command ----------------------------------------------- 1 /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java 2 /usr/lib/jvm/jre-1.5.0-gcj/bin/java *+ 3 /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java Enter to keep the current selection[+], or type selection number: 1 [root@jenkins1.dmz.phx1 ~]# alternatives --config java There are 3 programs which provide 'java'. Selection Command ----------------------------------------------- + 1 /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java 2 /usr/lib/jvm/jre-1.5.0-gcj/bin/java * 3 /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java Enter to keep the current selection[+], or type selection number: [root@jenkins1.dmz.phx1 ~]# alternatives --display java java - status is manual. link currently points to /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java So it's now pointed back at the jdk. I've since forced jenkins to use this jdk and not be intelligent and pick it's own :) Jenkins has been restarted and now shows openjdk in use. Let me know if this fixes the issue for you, please feel free to reopen if it doesn't. Sorry this took a bit to get to :)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
Product: mozilla.org → mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•