From dev-return-126105-archive-asf-public=cust-asf.ponee.io@maven.apache.org Tue May 22 08:23:31 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 7E842180638 for ; Tue, 22 May 2018 08:23:30 +0200 (CEST) Received: (qmail 38707 invoked by uid 500); 22 May 2018 06:23:28 -0000 Mailing-List: contact dev-help@maven.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Help: List-Post: List-Id: "Maven Developers List" Reply-To: "Maven Developers List" Delivered-To: mailing list dev@maven.apache.org Received: (qmail 38679 invoked by uid 99); 22 May 2018 06:23:27 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 May 2018 06:23:27 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id C562B1A297E for ; Tue, 22 May 2018 06:23:26 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.379 X-Spam-Level: ** X-Spam-Status: No, score=2.379 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, KAM_NUMSUBJECT=0.5, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id UeEsLm97YjpW for ; Tue, 22 May 2018 06:23:23 +0000 (UTC) Received: from mail-lf0-f50.google.com (mail-lf0-f50.google.com [209.85.215.50]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 68F705F232 for ; Tue, 22 May 2018 06:23:22 +0000 (UTC) Received: by mail-lf0-f50.google.com with SMTP id l6-v6so785282lfc.3 for ; Mon, 21 May 2018 23:23:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=INDWbgu8cfdMR1X4PlEHt+53C/l3TEQiMRTjLgPh56c=; b=PZKfdlcOOPQw6CleJ8ePS/I7jbnxst8/uI3Hfv7RqVJgbRg0r+T5wwbiKg9AkVRHW3 wW65I1nDjq9a71OBmNQGE2wro7mtQ4YoOPIO+guy2AP5ZLy8/CJ9bIXRd2TUFd1+WWe4 k+IujAVShnao/9SPZ+TO/eTKjI/IAeuqEtq3pugY8y33o4aaZI/RM+IN1bEwpKxKMfjm fUAS0b6axgZ6dz1S/s9nUvIIo0EBez97/ZIYSmRNd+GnyvP5f3lopGkFtqTBpSml4Kfr LupKgcz9soxEEjPE0bD/Kmtig3wfi2wBPxGDSjk5/bfJXOlgI53996zo+P6tuljEaVYb 9tKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=INDWbgu8cfdMR1X4PlEHt+53C/l3TEQiMRTjLgPh56c=; b=WW7kUYvjY7WYEq3gNw3OLWoq8/n9U108Sy+mx3l6dzL3Abegr4N+ScOtntHMoWddYU DXTWu/j3K683oqU+NBGw7a6H04Cu671s3sEJoiP+jykBXJ0LdJR0Xm+390Z9l+FDi8jt C1Bya2OFW516bbsgOVgfGyPDy7vD5eqCAEHL+RfED+1Mh1h/QozswwQXjpTUwbTxUINC 4g2czs2GX5hRpT1p0TgL3lx56qrM0DUr+fwsx0xSiQk6gWjYC+EFnZSl7Li6ZBm1VIdf 9pYngPn3Fn4m59BpjUoghV9rCmBPM+MOHORF2gbJ7uwX16ZZzlMpvKUP7/PWIiD1Ex2Z lmtw== X-Gm-Message-State: ALKqPwfCpdZhrghJEYmzUoCy9jcACXU+qygvPWEnMcwJeutHay+flOxb zP5Wcm9ZgfpUHrUsww0veQZKVhlMfUEadMb9IOvbng== X-Google-Smtp-Source: AB8JxZqedCWflpziDsYe3T5xJ4OvsmQu0aabz7cN9SZAe1qwHlji1nQQiTSKja0hZSlcN9OstY7DWtO6q28DnY7OxbA= X-Received: by 2002:a19:d50b:: with SMTP id m11-v6mr2997692lfg.61.1526970200474; Mon, 21 May 2018 23:23:20 -0700 (PDT) MIME-Version: 1.0 References: <425813137.3144.1526252193740.JavaMail.jenkins@jenkins-master.apache.org> <12727978.qeYRQR8gOj@giga> In-Reply-To: <12727978.qeYRQR8gOj@giga> From: Sylwester Lachiewicz Date: Tue, 22 May 2018 08:23:11 +0200 Message-ID: Subject: =?UTF-8?Q?Re=3A_Build_failed_in_Jenkins=3A_Maven_TLP_=C2=BB_maven_=C2=BB_m?= =?UTF-8?Q?aster_=2314?= To: Maven Developers List Content-Type: multipart/alternative; boundary="00000000000061cacc056cc574bc" --00000000000061cacc056cc574bc Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, sorry I was wrong - problem is with something else. I run tests on Windows/Java7 and i think current configuration at www.apache.org allows only the following cipher suites: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 and Java7 is unable to negotiate connection (even with unrestricted policy) because on Java list there are only ciphers with SHA1. java 7 Cipher Suites: [ // short list without SSLv3 and 3DES/RC4 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA ] Quick fix can be MNG-6414 to skip downloading Apache license for dependencies with Apache license. BR Sylwester pon., 21 maj 2018 o 10:35 u=C5=BCytkownik Herv=C3=A9 BOUTEMY napisa=C5=82: > guys, please have a look at the build before extrapolating ideas on what > may fail > > as I wrote, the issue is not with central, it's with > https://www.apache.org/ > > I'll copy/paste the exception: > Caused by: org.codehaus.plexus.resource.loader.ResourceNotFoundException: > Could not find resource 'https://www.apache.org/licenses/LICENSE-2.0.txt'= . > at org.codehaus.plexus.resource.DefaultResourceManager.getResource > (DefaultResourceManager.java:173) > > > I perfectly know that Java 7u131 and more have TLS 1.2 enabled by default > (like Java 8), but before it had to be enabled explicitely: I did the tes= ts > that were used to document the central TLS 1.1 discontinuation announce [= 1] > (and there is still a typo here: the second error message is simply "peer > not authenticated", and you get it with Maven 3.0 and 3.1). > I know the technical details. > > I know we can deal the situation from a pure technical perspective, askin= g > infra to add a Java 7u131+ to the CI server: don't hesitate to go this wa= y > if you want (and ignore that most developers use latest free Oracle JDK, > that is 7u80) > > I also know that: > - we'll switch to Java 8 for 3.6 in a few weeks > - the JDK we are talking about is only used to build Maven: core ITs to > test the binary are executed without any issue with Java 7u80 and Java 8 = on > Linux and Windows > hence the proposal to simply build with Java 8: I don't see what is > technically invalid here. > What I know is that it is the only solution I'll take time to work on, > since I think the other is a waste of my time. > > > Now, don't hesitate: yes, a new Java 7u131+ JDK on the CI server will als= o > fix the issue > Just do it if it's the only option you want. > > Regards, > > Herv=C3=A9 > > [1] > https://central.sonatype.org/articles/2018/May/04/discontinue-support-for= -tlsv11-and-below/ > > Le dimanche 20 mai 2018, 23:09:33 CEST Michael Osipov a =C3=A9crit : > > Am 2018-05-20 um 22:28 schrieb Sylwester Lachiewicz: > > > Hi, > > > Difference between repo1.maven.org and maven.apache.org is that out > site > > > accepts only tlsv1.2 ( > > > https://www.ssllabs.com/ssltest/analyze.html?d=3Dmaven.apache.org) wh= ere > > > Central now accepts tls 1.0, 1.1, 1.2 > > > https://www.ssllabs.com/ssltest/analyze.html?d=3Drepo1.maven.org > > > > > > I think TLSv1.2 can be enabled for client connections > > > https://bugs.openjdk.java.net/browse/JDK-7093640 from Java 1.7u95 onl= y > > > with > > > property jdk.tls.client.protocols. > > > > > > Java 1.7u80 is latest public version available and releases after > 1.7.0_80 > > > are only available to Oracle Customers. I found details here: > > > > https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-htt= p > > > s > > > > > > So I think only option is to switch to Java 8 only and with Maven > Central > > > switch to TLSv1.2 only we can just forget about java 7 for Maven > projects > > > builds.. > > > > > > BR > > > Sylwester > > > > > > sob., 19 maj 2018 o 11:41 u=C5=BCytkownik Herv=C3=A9 Boutemy < > hboutemy@apache.org> > > > > > > napisa=C5=82: > > >> Maven master branch build is failing on ASF Jenkins for one week > > >> > > >> looks related to TLS 1.2 only support on https://www.apache.org/, > when > > >> the build is currently done with JDK 7u80 which has TLS 1.2 disabled > by > > >> default > > >> I tried to enable TLS 1.2 adding > > >> "-Dhttps.protocols=3DTLSv1,TLSv1.1,TLSv1.2" > > >> option, but it does not work (works for dependencies download throug= h > > >> Maven > > >> Artifact Resolver + Wagon, but the failing code uses directly > > >> java.net.URL.openStream() ) > > >> > > >> IMHO, the simplest solution is to update our Maven core Jenkinsfile = to > > >> build with Java 8, since it's completely decoupled from the ITs run > > >> (happening with misc JDK and OSes) > > > > I concur, works for me with https://www.azul.com/downloads/zulu/: > > Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; > > 2018-02-24T20:49:05+01:00) > > Maven home: D:\Entwicklung\Programme\apache-maven-3.5.3\bin\.. > > Java version: 1.7.0_181, vendor: Azul Systems, Inc. > > Java home: C:\Program Files\Zulu\zulu-7\jre > > Default locale: de_DE, platform encoding: Cp1252 > > OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows= " > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org > > For additional commands, e-mail: dev-help@maven.apache.org > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org > For additional commands, e-mail: dev-help@maven.apache.org > > --00000000000061cacc056cc574bc--