Is openJdk upgrading to 8u292 break my aosp build system?

Asked 30/4, 2021 at 8:21 Answered 4/5, 2021 at 12:42

Software environment:

Ubuntu 20.04 LTS server;
Android AOSP 8.0;
OpenJDK 8;

It works very well util yesterday I upgraded my OpenJDK from 8u282 to 8u292. Now the broken building log says:

Ensuring Jack server is installed and started
FAILED: setup-jack-server
/bin/bash -c "(prebuilts/sdk/tools/jack-admin install-server prebuilts/sdk/tools/jack-launcher.jar prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar  2>&1 || (exit 0) ) && (JACK_SERVER_VM_ARGUMENTS=\"-Dfile.encoding=UTF-8 -XX:+TieredCompilation\" prebuilts/sdk/tools/jack-admin start-server 2>&1 ||
 exit 0 ) && (prebuilts/sdk/tools/jack-admin update server prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar 4.11.ALPHA 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-4.32.CANDIDATE.jar 4.32.CANDIDATE || exit 47 )"
Jack server already installed in "~/.jack-server"
Launching Jack server java -XX:MaxJavaStackTraceDepth=-1 -Djava.io.tmpdir=/tmp -Dfile.encoding=UTF-8 -XX:+TieredCompilation -cp ~/.jack-server/launcher.jar com.android.jack.launcher.ServerLauncher
Jack server failed to (re)start, try 'jack-diagnose' or see Jack server log
SSL error when connecting to the Jack server. Try 'jack-diagnose'
SSL error when connecting to the Jack server. Try 'jack-diagnose'
ninja: build stopped: subcommand failed.
10:11:50 ninja failed with: exit status 1

I checked the log in ~/.jack-server/log/xxxx-0-0.log. It has nothing about error.

I use curl command to connect to the server, it says:

$ curl https://127.0.0.1:8076/jack
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076

I changed the script in prebuilts/sdk/tools/jack-admin to print the $CURL_CODE, samed as my shell curl command, report error code 35.

This url discussed about samliar problem: https://forums.gentoo.org/viewtopic-t-1060536-start-0.html

But I am not sure.

Here is the source script link which prompts the above error: https://android-opengrok.bangnimang.net/android-8.1.0_r81/xref/prebuilts/sdk/tools/jack-admin?r=692a2a62#89

Crockett answered 30/4, 2021 at 8:21 Comment(0)

I have same issue and it was fixed by removing "TLSv1, TLSv1.1" in jdk.tls.disabledAlgorithms configuration in file /etc/java-8-openjdk/security/java.security.

Orpheus answered 1/5, 2021 at 0:21 Comment(1)

Yea ... but I think that's what you want to avoid doing, since you are reducing security for your Java installation. (And you will most likely have to repeat this each time you update the installation.) – Alroy 1/5, 2021 at 1:14

I think that there is a good chance that it is this:

https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343

Basically, they have turned off (default) support for TLS 1.0 and 1.1, starting in 8u291. These versions of TLS are old, insecure and deprecated; see https://en.wikipedia.org/wiki/Transport_Layer_Security

This is mentioned in the 8u291 release notes.

My advice would be to find out why your build system is not using TLS 1.2 or later. Then upgrade / fix that.

You can test if this is the problem by running curl with the --tlsv1.2 option.

Alroy answered 30/4, 2021 at 8:57 Comment(3)

$ curl -vv 127.0.0.1:8076/jack --tlsv1.2 * Trying 127.0.0.1:8076... * TCP_NODELAY set * Connected to 127.0.0.1 (127.0.0.1) port 8076 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * TLSv1.3 (OUT), TLS handshake, Client hello (1): * OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076 * Closing connection 0 curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076 – Crockett 30/4, 2021 at 12:32

$ curl -Version curl 7.68.0 (x86_64-pc-linux-gnu) libcurl/7.68.0 OpenSSL/1.1.1f zlib/1.2.11 brotli/1.0.7 libidn2/2.2.0 libpsl/0.21.0 (+libidn2/2.2.0) libssh/0.9.3/openssl/zlib nghttp2/1.40.0 librtmp/2.3 Release-Date: 2020-01-08 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets – Crockett 30/4, 2021 at 12:51

Maybe try --tlsv1.3? If that fails, try turning on SSL debugging on the server side to get clues as to why the server is disconnecting during the negotiation. – Alroy 30/4, 2021 at 23:30

removing "TLSv1, TLSv1.1" in jdk.tls.disabledAlgorithms configuration in file /etc/java-8-openjdk/security/java.security.

It work for me.

Ubuntu update jdk 8u292 background, so it hard related to jdk .

Firsty, Some info link to change Jack port , I had change Jack port but it doesnot work.

Secondly, I have try update ubuntu16.04.2 and ubuntu16.04.7. but error of "SSL error when connecting to the Jack server. Try 'jack-diagnose'" still occurs.

Thanks @Guillaume P a lot.

Lanky answered 4/5, 2021 at 12:42 Comment(0)

Recommended topics

Hot tags