Am Sonntag, den 27.10.2019, 02:59 +0000 schrieb DJ Lucas via blfs- support: > > On 10/26/2019 5:26 PM, Thomas Trepl via blfs-support wrote: > > Hi all, > > > > i have for some reason to use openjdk8 for which i used the > > instructions just like if would be jdk-12. Java (jdk8) works pretty > > fine so far. > > > > Now i wanted to build ant (as a prerequisite to Tomcat) but failed at > > the > > $ bootstrap/bin/ant -Ddest=optional -f fetch.xml > > command. It reports an error which has something to do with SSL: > > > > ... > > $ bootstrap/bin/ant -Ddest=optional -f fetch.xml > > Buildfile: /home/lfs/apache-ant-1.10.7/fetch.xml > > > > pick-dest: > > [echo] Downloading to /home/lfs/apache-ant-1.10.7/lib/optional > > > > probe-m2: > > > > download-m2: > > [echo] Downloading to /home/lfs/apache-ant-1.10.7/lib/optional > > [get] Getting: > > https://archive.apache.org/dist/maven/ant-tasks/2.1.3/binaries/maven-ant-tasks-2.1.3.jar > > [get] To: /home/lfs/apache-ant-1.10.7/lib/optional/maven-ant- > > tasks-2.1.3.jar > > [get] Error getting > > https://archive.apache.org/dist/maven/ant-tasks/2.1.3/binaries/maven-ant-tasks-2.1.3.jar > > to /home/lfs/apache-ant-1.10.7/lib/optional/maven-ant-tasks-2.1.3.jar > > > > BUILD FAILED > > /home/lfs/apache-ant-1.10.7/get-m2.xml:85: javax.net.ssl.SSLException: > > java.lang.RuntimeException: Unexpected error: > > java.security.InvalidAlgorithmParameterException: the trustAnchors > > parameter must be non-empty > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) <snip> > > ... > > > > Unfortunatly, i'm a real expert in SSL and certificate stuff so i've > > no clue what to do and where to look, got stuck here. > > Would you mind to point me in a direction to have look? > > > > Btw, its a LFS-9.0 build, make-ca-1.5. > > > > Any ideas on how that could be fixed? Thank you! > > > It's using the wrong invocation of java (might be able to fix it in the > build, but I really don't remember how). It might be as simple as > symlinking /etc/pki/tls/java/cacerts to /opt/jdk/jre/lib/cacerts or > /opt/jdk/lib/cacerts. The first one was it (with using /opt/jdk/jre/lib/*security*/cacerts as target) Thank you DJ! That was easy, oh damn, i'm so lost in ssl/cert space...
I once again reviewed my instructions i executed and checked again what happend. Looks like i missed to handle some errors: When doing the binary install, book says to continue with setup and in the "Setting up the Certificate Authority Certificates for Java" section it talks about /etc/ssl/java/cacerts but that file does not exists and make-ca-1.5 seems not creating it. And there is a instruction "ln -sfv /etc/pki/tls/java/cacerts /opt/jdk/lib/security/cacerts" while /opt/jdk/lib/security does not exist. The security directory only exists in jre. Next, "keytool -list -cacerts" results in error "Illegal option: -cacerts" -cacerts seems to not a valid option (at least not in jdk8). > Optionally, you can look at the get-m2.xml file > (or loop through it) and manually download the files and just drop them > into lib/optional/ so that the build script doesn't try to do it for > you. Honestly, the best option is probably to drop back to an earlier > ant version to build Tomcat with JDK-8 . Then export the JDK8 and old > ant environment only in the Tomcat environment (just source the > environment files (not in profile.d) directly from the startup script) - > that way you can use newer java and ant for the rest of the system. Yeah, I'll have a look on that in order to move on to jdk12 later. I have already created a "select-java [8|12]" script which sets the environment per session proper to the selected jdk. -- Thomas -- http://lists.linuxfromscratch.org/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
