I want to use jTSS on my Ubuntu 14.04 64bits, I have an hardware TPM in version 1.2.
I installed the .deb like said in the section 4.3 http://trustedjava.sourceforge.net/index.php?item=jtss/readme
I started the daemon : jtss (TCS running)
But if I want to run the tests in your packages (run_tests_simple.sh or run_test.sh) I have the error :
"Error! No TSP-TCS binding could be initialized. Both jTSS Wrapper and jTSS were tried. Check the TSP configuration file."
And with this command 'jtt tpm_version', I have the same error :
---------------------
IAIK Java TPM Tools
---------------------
16:34:56:631 [ERROR] TcTcsBindingSoap::connect (116): There seems no TCS running
16:34:56:647 [ERROR] TcTcsBindingSoap::connect (116): There seems no TCS running
iaik.tc.tss.api.exceptions.tsp.TcTspException:
TSS Error:
error layer: 0x3000 (TSP)
error code (without layer): 0x0103
error code (full): 0x3103a
error message: Core Service connection failed.
at iaik.tc.tss.impl.java.tsp.tcsbinding.soapservice.TcTcsBindingSoap.connect(TcTcsBindingSoap.java:117)
at iaik.tc.tss.impl.java.tsp.internal.TcTspInternal.TspContextConnect_Internal(TcTspInternal.java:368)
at iaik.tc.tss.impl.java.tsp.TcContext.connect(TcContext.java:174)
at iaik.tc.apps.jtt.tpm.TpmVersion.execute(TpmVersion.java:68)
at iaik.tc.utils.cmdline.SubCommand.run(SubCommand.java:69)
at iaik.tc.utils.cmdline.SubCommandParser.parse(SubCommandParser.java:41)
at iaik.tc.apps.JTpmTools.main(JTpmTools.java:224)
I removed trousers, but keep in /etc/group : tss:x:126:root,jtss
Maybe your core service daemon was not started properly and isn't running. Have you seen this message on Trustedjava-support mailinglist?
Since you are using Ubuntu 14.04, you will have a jsvc version >= 1.0.11
Try to add the line
-cwd "${ROOT}/soap" \
to the jsvc call in the start() function in /etc/init.d/jtss.
The call should look something like this after editing:
${JSVC_EXECUTABLE} -pidfile "${PIDFILE}" \
-cwd "${ROOT}/soap" \
-outfile "${LOGFILE}" \
-errfile '&1' \
-Djtss.tsp.ini.file="${LIBS}/ini/jtss_tsp.ini" \
-Djtss.tcs.ini.file="${LIBS}/ini/jtss_tcs.ini" \
${USER:+-user "${USER}"} \
-wait ${TIMEOUT} \
-cp ${CLASSPATH_SOAP} ${EXECUTABLE}
Related
I using quarkus 8.3.Final , gradle
Native build always get stucked at
Building native image source jar: /home/runner/work/qu-queue-service/qu-queue-service/build/qu-queue-service-1.0.0-SNAPSHOT-native-image-source-jar/qu-queue-service-1.0.0-SNAPSHOT-runner.jar
Building native image from /home/runner/work/qu-queue-service/qu-queue-service/build/qu-queue-service-1.0.0-SNAPSHOT-native-image-source-jar/qu-queue-service-1.0.0-SNAPSHOT-runner.jar
Using docker to run the native image builder
Checking image status quay.io/quarkus/ubi-quarkus-mandrel:22.0.0.2-Final-java17
22.0.0.2-Final-java17: Pulling from quarkus/ubi-quarkus-mandrel
54e56e6f8572: Pulling fs layer
4f8ddd7f5a75: Pulling fs layer
20939a5b3d59: Pulling fs layer
4f8ddd7f5a75: Verifying Checksum
4f8ddd7f5a75: Download complete
54e56e6f8572: Verifying Checksum
54e56e6f8572: Download complete
54e56e6f8572: Pull complete
20939a5b3d59: Verifying Checksum
20939a5b3d59: Download complete
4f8ddd7f5a75: Pull complete
20939a5b3d59: Pull complete
Digest: sha256:7751b408ac408d6f91a95c864a2b8d85129987c8d5c1fc5356e9940c8e330837
Status: Downloaded newer image for quay.io/quarkus/ubi-quarkus-mandrel:22.0.0.2-Final-java17
quay.io/quarkus/ubi-quarkus-mandrel:22.0.0.2-Final-java17
Running Quarkus native-image plugin on native-image 22.0.0.2-Final Mandrel Distribution (Java Version 17.0.2+8)
docker run --env LANG=C --rm --user 1001:121 -v /home/runner/work/qu-queue-service/qu-queue-service/build/qu-queue-service-1.0.0-SNAPSHOT-native-image-source-jar:/project:z --name build-native-clyaI quay.io/quarkus/ubi-quarkus-mandrel:22.0.0.2-Final-java17 -J-Dsun.nio.ch.maxUpdateArraySize=100 -J-Djava.util.logging.manager=org.jboss.logmanager.LogManager -J-DCoordinatorEnvironmentBean.transactionStatusManagerEnable=false -J-Dcom.sun.xml.bind.v2.bytecode.ClassTailor.noOptimize=true -J-Dvertx.logger-delegate-factory-class-name=io.quarkus.vertx.core.runtime.VertxLogDelegateFactory -J-Dvertx.disableDnsResolver=true -J-Dio.netty.leakDetection.level=DISABLED -J-Dio.netty.allocator.maxOrder=3 -J-Duser.language=en -J-Dfile.encoding=UTF-8 -H:-ParseOnce -J--add-exports=java.security.jgss/sun.security.krb5=ALL-UNNAMED -J--add-opens=java.base/java.text=ALL-UNNAMED -H:InitialCollectionPolicy=com.oracle.svm.core.genscavenge.CollectionPolicy\$BySpaceAndTime -H:+JNI -H:+AllowFoldMethods -J-Djava.awt.headless=true -H:FallbackThreshold=0 -H:+ReportExceptionStackTraces -J-Xmx3G -H:-AddAllCharsets -H:EnableURLProtocols=http,https -H:-UseServiceLoaderFeature -H:+StackTrace qu-queue-service-1.0.0-SNAPSHOT-runner -jar qu-queue-service-1.0.0-SNAPSHOT-runner.jar
========================================================================================================================
GraalVM Native Image: Generating 'qu-queue-service-1.0.0-SNAPSHOT-runner'...
========================================================================================================================
[1/7] Initializing... (13.1s # 0.22GB)
Version info: 'GraalVM 22.0.0.2-Final Java 17 Mandrel Distribution'
8 user-provided feature(s)
- io.quarkus.caffeine.runtime.graal.CacheConstructorsAutofeature
- io.quarkus.hibernate.orm.runtime.graal.DisableLoggingAutoFeature
- io.quarkus.jdbc.postgresql.runtime.graal.SQLXMLFeature
- io.quarkus.runner.AutoFeature
- io.quarkus.runtime.graal.DisableLoggingAutoFeature
- io.quarkus.runtime.graal.ResourcesFeature
- org.hibernate.graalvm.internal.GraalVMStaticAutofeature
- org.hibernate.graalvm.internal.QueryParsingSupport
[2/7] Performing analysis... [**********] (191.2s # 2.47GB)
26,471 (96.76%) of 27,356 classes reachable
45,531 (68.17%) of 66,791 fields reachable
143,995 (80.30%) of 179,318 methods reachable
1,537 classes, 1,795 fields, and 10,535 methods registered for reflection
65 classes, 77 fields, and 55 methods registered for JNI access
[3/7] Building universe... (7.2s # 2.60GB)
[4/7] Parsing methods... [******] (36.8s # 2.34GB)
The last build took 6h on github CI, on my local machine it also stop there while grinding the CPU
Is there any leads I can follow?
As part of my ansible setup I'm currently checking in the VM what is the Java version and if that's not the one expected then download and install that version. I have given the standard regex to find the Java version but that step is getting skipped
- name: "[install] Check for Java install"
shell: "java -version 2>&1 | grep version | awk '{print $3}'"
changed_when: False
register: java_installed
ignore_errors: True
- when: java_installed.stdout != "17.0.2"
block:
- debug:
msg: "Java is not installed"
- name: "[install] Installing Java 17"
become: true
yum:
name: /var/tmp/jdk-17_linux-x64_bin.rpm
state: present
But these steps are getting skipped while executing
TASK [java : [install] Check for Java install] *****************************************************************************************************************************
skipping: [VM name hidden by me ]
TASK [java : debug] ********************************************************************************************************************************************************
skipping: [VM name hidden by me]
TASK [java : [install] Installing Java 17] *********************************************************************************************************************************
skipping: [VM name hidden by me]
when I execute
java -version 2>&1 | grep version | awk '{print $3}'
This is what I get
"1.8.0_312"
Does anyone know why it's getting skipped. Thanks
Note: below is an answer to your direct problem. Meanwhile if java was installed as a system package, I strongly suggest you have a look at the answer by #Jaay to get the version directly from package facts rather than using shell/command
This is what I get
"1.8.0_312"
As you can see, the quotes are part of the output. Hence if you debug java_installed.stdout you get (ran on my local machine with java 11):
TASK [debug] ********************************************************************************************************************
ok: [localhost] => {
"java_installed.stdout": "\"11.0.15\""
}
A simple workaround is to read the incoming value as json. The following does the job (once again customized for my local machine to test and using the version test as good practice)
---
- hosts: localhost
gather_facts: false
tasks:
- name: "[install] Check for Java install"
shell: "java -version 2>&1 | grep version | awk '{print $3}'"
changed_when: false
failed_when: false
register: java_installed
- name: show the raw and refactored captured var
vars:
my_msg:
- "Raw value for version is: {{ java_installed.stdout }}"
- "Refactored value for version is: {{ java_installed.stdout | from_json }}"
debug:
msg: "{{ my_msg }}"
- when: java_installed.stdout | from_json is version("11.0.15", "==")
debug:
msg: "Java 11 is installed"
- when: java_installed.stdout | from_json is not version("17.0.2", "==")
debug:
msg: "Java 17 is not installed"
and gives
PLAY [localhost] ****************************************************************************************************************
TASK [[install] Check for Java install] *****************************************************************************************
ok: [localhost]
TASK [show the raw and refactored captured var] *********************************************************************************
ok: [localhost] => {
"msg": [
"Raw value for version is: \"11.0.15\"",
"Refactored value for version is: 11.0.15"
]
}
TASK [debug] ********************************************************************************************************************
ok: [localhost] => {
"msg": "Java 11 is installed"
}
TASK [debug] ********************************************************************************************************************
ok: [localhost] => {
"msg": "Java 17 is not installed"
}
PLAY RECAP **********************************************************************************************************************
localhost : ok=4 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Not really a big fan of shell command in Ansible, you can use the package facts core plugin to retrieve the installed Java version. This way you should get rid of the outputs problem using shell command
- name: get the rpm or apt package facts
package_facts:
manager: "auto"
- name: show Java version
debug: var=ansible_facts.packages.jdk[0].version
PS: This will work only if java is installed with a package manager (not just copied in your system)
Software environment:
Ubuntu 20.04 LTS server;
Android AOSP 8.0;
OpenJDK 8;
It works very well util yesterday I upgraded my OpenJDK from 8u282 to 8u292. Now the broken building log says:
Ensuring Jack server is installed and started
FAILED: setup-jack-server
/bin/bash -c "(prebuilts/sdk/tools/jack-admin install-server prebuilts/sdk/tools/jack-launcher.jar prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar 2>&1 || (exit 0) ) && (JACK_SERVER_VM_ARGUMENTS=\"-Dfile.encoding=UTF-8 -XX:+TieredCompilation\" prebuilts/sdk/tools/jack-admin start-server 2>&1 ||
exit 0 ) && (prebuilts/sdk/tools/jack-admin update server prebuilts/sdk/tools/jack-server-4.11.ALPHA.jar 4.11.ALPHA 2>&1 || exit 0 ) && (prebuilts/sdk/tools/jack-admin update jack prebuilts/sdk/tools/jacks/jack-4.32.CANDIDATE.jar 4.32.CANDIDATE || exit 47 )"
Jack server already installed in "~/.jack-server"
Launching Jack server java -XX:MaxJavaStackTraceDepth=-1 -Djava.io.tmpdir=/tmp -Dfile.encoding=UTF-8 -XX:+TieredCompilation -cp ~/.jack-server/launcher.jar com.android.jack.launcher.ServerLauncher
Jack server failed to (re)start, try 'jack-diagnose' or see Jack server log
SSL error when connecting to the Jack server. Try 'jack-diagnose'
SSL error when connecting to the Jack server. Try 'jack-diagnose'
ninja: build stopped: subcommand failed.
10:11:50 ninja failed with: exit status 1
I checked the log in ~/.jack-server/log/xxxx-0-0.log. It has nothing about error.
I use curl command to connect to the server, it says:
$ curl https://127.0.0.1:8076/jack
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:8076
I changed the script in prebuilts/sdk/tools/jack-admin to print the $CURL_CODE, samed as my shell curl command, report error code 35.
This url discussed about samliar problem:
https://forums.gentoo.org/viewtopic-t-1060536-start-0.html
But I am not sure.
Here is the source script link which prompts the above error:
https://android-opengrok.bangnimang.net/android-8.1.0_r81/xref/prebuilts/sdk/tools/jack-admin?r=692a2a62#89
I have same issue and it was fixed by removing "TLSv1, TLSv1.1" in jdk.tls.disabledAlgorithms configuration in file /etc/java-8-openjdk/security/java.security.
I think that there is a good chance that it is this:
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8202343
Basically, they have turned off (default) support for TLS 1.0 and 1.1, starting in 8u291. These versions of TLS are old, insecure and deprecated; see https://en.wikipedia.org/wiki/Transport_Layer_Security
This is mentioned in the 8u291 release notes.
My advice would be to find out why your build system is not using TLS 1.2 or later. Then upgrade / fix that.
You can test if this is the problem by running curl with the --tlsv1.2 option.
removing "TLSv1, TLSv1.1" in jdk.tls.disabledAlgorithms configuration in file /etc/java-8-openjdk/security/java.security.
It work for me.
Ubuntu update jdk 8u292 background, so it hard related to jdk .
Firsty, Some info link to change Jack port , I had change Jack port but it doesnot work.
Secondly, I have try update ubuntu16.04.2 and ubuntu16.04.7. but error of "SSL error when connecting to the Jack server. Try 'jack-diagnose'" still occurs.
Thanks #Guillaume P a lot.
I am trying to sign my Java/JavaFX application using codesign with gradle. My gradle code is as following:
exec {
val codeSignArgs = listOf("-s", "'${macSigningKeyDeveloperIdApp}'", "--timestamp", "--options", "runtime", "--entitlements", "../../../entitlements.plist", "--deep", "-f", "--verbose", "UTMCoordinateConverter.app")
logger.quiet("code sign args: $codeSignArgs")
workingDir = macRel
isIgnoreExitValue = true
executable = codeSignTool.absolutePath
args(codeSignArgs)
}
Where codeSignTool is /usr/bin/codesign and macRel is the directory where the app file is, and macSigningKeyDeveloperIdApp is my signing developer id.
Gradle gives me the following output:
> Task :codeSign
Inside codeSign
code sign args: [-s, 'Developer ID Application: Victor Ewert (XXXXXXXXXX)', --timestamp, --options, runtime, --entitlements, ../../../entitlements.plist, --deep, -f, --verbose, UTMCoordinateConverter.app]
BUILD SUCCESSFUL in 1s
1 actionable task: 1 executed
'Developer ID Application: Victor Ewert (XXXXXXXXXX)': no identity found
2:38:26 p.m.: Task execution finished 'codeSign'.
The strange thing is, I can run the (equivalent) command fine, from the command line using:
/usr/bin/codesign -s 'Developer ID Application: Victor Ewert (XXXXXXXXX)' --timestamp --options runtime --entitlements ../../../entitlements.plist --deep -f --verbose UTMCoordinateConverter.app
run from the location of the app file.
I have double and triple checked my Developer ID, and it looks fine (checked using security find-identity -p codesigning -v login.keychain. I have also made sure my login keychain is unlocked. I don't think it is a problem with my Developer ID.
I'm guessing it has something to do with how gradle is executing the command, but I can't figure it out.
I can't define a valid upstart conf script to run a java service using upstart with the following requirements:
I have to specify classpath using folders because I have many jars in multiple folders
I have to listen to the shutdown signal fired by service myservicename stop
Based on that answer, I implemented a shutdown hook listener so I need upstart to send me the termination signal and wait for my application to terminate.
Here is my buggy upstart script:
description "masa"
author "Muhammad Gelbana <m.glba#gmail.com>"
start on runlevel [2345]
stop on shutdown
kill timeout 120
script
LOGS_DIR=/home/mgelbana/services/RealServices/logs
IPK_DB=/home/mgelbana/services/RealServices/config/db-ipk.properties
PRO_DB=/home/mgelbana/services/RealServices/config/db-reporting-engine.properties
MAIN_CLASS=com.sger.masaTA
mkdir -p $LOGS_DIR
CLASSPATH="/home/mgelbana/services/RealServices/masa-RealService-TA.jar"
for i in /home/mgelbana/services/commons/*.jar; do
CLASSPATH="$CLASSPATH:$i"
done
for i in /home/mgelbana/services/RealServices/lib/*.jar; do
CLASSPATH="$CLASSPATH:$i"
done
echo '\n\n\n====================================================='
echo 'Service startup:\t'`date`
echo 'Main class:\t\t'`echo $MAIN_CLASS`
echo 'Logs directory:\t\t'`echo $LOGS_DIR`
echo 'masa database configuration:\t'`echo $IPK_DB`
echo 'Pro configuration file:\t'`echo $PRO_DB`
echo 'Starting engine...'
java -Dta.id=2 -DIPK_DB=$IPK_DB -DPRO_DB=$PRO_DB -cp $CLASSPATH $MAIN_CLASS
end script
The following error is shown in the /var/log/upstart/myservicename.log log:
/proc/self/fd/9: 9: /proc/self/fd/9: Syntax error: word unexpected (expecting "do")
Thank you.