Webdav-package compile failure

Submitted by mckelvey on Wed, 23/11/2016 - 14:58

General developer's discussion

Greetings All...

I'm just trying to get a clean compile prior to sorting out my only required code change... to reverse the order of the medical records. Did a fresh download of 1.9 source and have tried to compile with :

mvn -Prelease -DskipTests clean install

I've consistently run into this error however...

(snip)

[INFO] WebDAV Editor Launcher ............................. SUCCESS [ 0.310 s]
[INFO] openvpms-webdav-package ............................ FAILURE [ 0.576 s]
[INFO] OpenVPMS Web App ................................... SKIPPED
[INFO] OpenVPMS Loader Plugin ............................. SKIPPED
[INFO] openvpms-etl-extract ............................... SKIPPED
[INFO] OpenVPMS Release ................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 36.394 s
[INFO] Finished at: 2016-11-22T20:42:39-08:00
[INFO] Final Memory: 388M/3043M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-jarsigner-plugin:1.3.2:sign (sign) on project openvpms-webdav-package: Failed executing '/bin/sh -c cd /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package && /usr/lib/jvm/java-8-openjdk-amd64/jre/../bin/jarsigner -keystore /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/../../src/test/resources/'*****'-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/target/jars/jnlp-api-7.0.jar '*****'-test' - exitcode 1 -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-jarsigner-plugin:1.3.2:sign (sign) on project openvpms-webdav-package: Failed executing '/bin/sh -c cd /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package && /usr/lib/jvm/java-8-openjdk-amd64/jre/../bin/jarsigner -keystore /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/../../src/test/resources/'*****'-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/target/jars/jnlp-api-7.0.jar '*****'-test' - exitcode 1
   at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:216)
   at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
   at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
   at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)

(snip)

Any advice on how to proceed or hints as to what the problem may be?

Thanks,

Sam

Re: Webdav-package compile failure

Submitted by tanderson on Wed, 23/11/2016 - 15:54.

The jar signing of the webdav launcher is failing for some reason.

You should be able to get more details by running the following from the command line:

cd openvpms-web/openvpms-webdav-package
mvn -X -e clean install

Note that you won't be able to use the launcher produced by this step, as by default it uses a self-signed certificate. Java Webstart will refuse to load the launcher unless you are prepared to jump through some hoops.

If you want to use the new External Edit facility, the recommended approach is to re-package OpenVPMS to use the official built jars. There are sample poms for this here: http://www.openvpms.org/forum/custom-release-builds#comment-10613

Re: Webdav-package compile failure

Submitted by mckelvey on Wed, 23/11/2016 - 18:45.

So that successfully builds but when I back out to /openvpms and run 'mvn -Prelease -DskipTests clean install' it fails as above. I do have the IntelliJ build failing at the exact same point as well.

Did I read somewhere we are using Maven2 and not 3? Any other config-sensitive issues I might be having?

Thanks,

Sam

Re: Webdav-package compile failure

Submitted by tanderson on Wed, 23/11/2016 - 20:36.

Sorry - the command should have been:

mvn -Prelease -X -e clean install

Signing only occurs when the release profile is active.

1.9 was built using maven 2.2.1. The next major release will require maven 3.

Re: Webdav-package compile failure

Submitted by mckelvey on Wed, 23/11/2016 - 23:44.

OK... thanks for that...

Looks like things start to go bad around here...

----------

[DEBUG]   (f) workingDirectory = /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package
[DEBUG]   (f) project = MavenProject: org.openvpms:openvpms-webdav-package:1.9-SNAPSHOT @ /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package/pom.xml
[DEBUG]   (f) session = org.apache.maven.execution.MavenSession@989da1
[DEBUG] -- end configuration --
[DEBUG] Unsupported artifact org.openvpms:openvpms-webdav-package:pom:1.9-SNAPSHOT ignored
[DEBUG] Processing /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package/target/jars/jnlp-api-7.0.jar
[DEBUG] /bin/sh -c cd /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package && /usr/lib/jvm/java-8-openjdk-amd64/jre/../bin/jarsigner -keystore /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package/../../src/test/resources/openvpms-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package/target/jars/jnlp-api-7.0.jar openvpms-test
[DEBUG] Executing: /bin/sh -c cd /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package && /usr/lib/jvm/java-8-openjdk-amd64/jre/../bin/jarsigner -keystore /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package/../../src/test/resources/openvpms-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /home/ian/IntelliJ/OpenVPMS-1.9/openvpms-web/openvpms-webdav-package/target/jars/jnlp-api-7.0.jar openvpms-test
[DEBUG] jarsigner error: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.057 s
[INFO] Finished at: 2016-11-23T05:07:32-08:00
[INFO] Final Memory: 17M/607M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-jarsigner-plugin:1.3.2:sign (sign) on project openvpms-webdav-package: Failed executing '/bin/sh -c cd /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package && /usr/lib/jvm/java-8-openjdk-amd64/jre/../bin/jarsigner -keystore /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/../../src/test/resources/'*****'-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/target/jars/jnlp-api-7.0.jar '*****'-test' - exitcode 1 -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.apache.maven.plugins:maven-jarsigner-plugin:1.3.2:sign (sign) on project openvpms-webdav-package: Failed executing '/bin/sh -c cd /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package && /usr/lib/jvm/java-8-openjdk-amd64/jre/../bin/jarsigner -keystore /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/../../src/test/resources/'*****'-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /home/ian/IntelliJ/OpenVPMS-1.9/'*****'-web/'*****'-webdav-package/target/jars/jnlp-api-7.0.jar '*****'-test' - exitcode 1

-------------

So I tried under a different environment... root, using its own fresh copy of the source and Oracle Java instead of OpenJDK hoping that it was permissions thing somewhere, but got the same.

-------------

[DEBUG] /bin/sh -c cd /root/openvpms/openvpms-web/openvpms-webdav-package && /usr/lib/jvm/java-8-oracle/jre/../bin/jarsigner -keystore /root/openvpms/openvpms-web/openvpms-webdav-package/../../src/test/resources/openvpms-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /root/openvpms/openvpms-web/openvpms-webdav-package/target/jars/jnlp-api-7.0.jar openvpms-test
[DEBUG] Executing: /bin/sh -c cd /root/openvpms/openvpms-web/openvpms-webdav-package && /usr/lib/jvm/java-8-oracle/jre/../bin/jarsigner -keystore /root/openvpms/openvpms-web/openvpms-webdav-package/../../src/test/resources/openvpms-certs.keystore -storepass '*****' -storetype JKS -keypass '*****' -tsa https://timestamp.geotrust.com/tsa /root/openvpms/openvpms-web/openvpms-webdav-package/target/jars/jnlp-api-7.0.jar openvpms-test
[DEBUG] jarsigner error: java.security.InvalidKeyException: The security strength of SHA-1 digest algorithm is not sufficient for this key size
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE

--------------

So the only error that means anything to me is the SHA-1 error. I'm using javac 1.8.0_111. With SHA-1 quickly on it's way out, I'm wondering if this is relevant:

I note that under the Bug Fixes for 1.8.0_91 the following:

DSA signature generation is now subject to a key strength check
For signature generation, if the security strength of the digest algorithm is weaker than the security strength of the key used to sign the signature (e.g. using (2048, 256)-bit DSA keys with SHA1withDSA signature), the operation will fail with the error message:

"The security strength of SHA1 digest algorithm is not sufficient for this key size"

Is this the source of the problem? Too new a version of the JDK?

Thanks

Re: Webdav-package compile failure

Submitted by tanderson on Thu, 24/11/2016 - 08:36.

The current test keystore uses a certificate with a SHA1withDSA algorithm. You'll need to replace it with a stronger algorithm.

This can be done by replacing the existing keystore in src/test/resources/openvpms-certs.keystore with one produced using:

keytool -genkey -keyalg RSA -alias openvpms-test -keystore openvpms-certs.keystore  -storepass openvpms -validity 3650 -keysize 2048

This generates a new keystore containing a self-signed certificate with alias openvpms-test.

Re: Webdav-package compile failure

Submitted by mckelvey on Thu, 24/11/2016 - 10:02.

Thanks Tim,

That go it going. I can now do complete recompile from current source (except for having to replace the keystore).

Thanks for your help.

OpenVPMS

Webdav-package compile failure

Comment viewing options

Re: Webdav-package compile failure

Re: Webdav-package compile failure

Re: Webdav-package compile failure

Re: Webdav-package compile failure

Re: Webdav-package compile failure

Re: Webdav-package compile failure