環境:gradle6.2.2 + jdk9 + jenkins2.204.5 + docker19.03.8
服務器:aliyun ecs centos8
核心錯誤:the trustAnchors parameter must be non-empty
jenkins服務器invoke gradle script報錯如下:
Caused by: org.gradle.internal.resource.transport.http.HttpRequestException: Could not HEAD 'https://maven.aliyun.com/repository/spring-plugin/org/springframework/boot/spring-boot-dependencies/2.2.5.RELEASE/spring-boot-dependencies-2.2.5.RELEASE.pom'.
at org.gradle.internal.resource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:101)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performRawHead(HttpClientHelper.java:76)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performHead(HttpClientHelper.java:80)
at org.gradle.internal.resource.transport.http.HttpResourceAccessor.getMetaData(HttpResourceAccessor.java:66)
at org.gradle.internal.resource.transfer.DefaultExternalResourceConnector.getMetaData(DefaultExternalResourceConnector.java:63)
at org.gradle.internal.resource.transfer.AccessorBackedExternalResource.getMetaData(AccessorBackedExternalResource.java:201)
at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator$1.call(BuildOperationFiringExternalResourceDecorator.java:61)
at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator$1.call(BuildOperationFiringExternalResourceDecorator.java:58)
at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:416)
at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:406)
at org.gradle.internal.operations.DefaultBuildOperationExecutor$1.execute(DefaultBuildOperationExecutor.java:165)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:250)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:158)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:102)
at org.gradle.internal.operations.DelegatingBuildOperationExecutor.call(DelegatingBuildOperationExecutor.java:36)
at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator.getMetaData(BuildOperationFiringExternalResourceDecorator.java:58)
at org.gradle.internal.resource.transfer.DefaultCacheAwareExternalResourceAccessor.lambda$getResource$1(DefaultCacheAwareExternalResourceAccessor.java:104)
at org.gradle.cache.internal.ProducerGuard$AdaptiveProducerGuard.guardByKey(ProducerGuard.java:97)
at org.gradle.internal.resource.transfer.DefaultCacheAwareExternalResourceAccessor.getResource(DefaultCacheAwareExternalResourceAccessor.java:86)
at org.gradle.api.internal.artifacts.repositories.resolver.DefaultExternalResourceArtifactResolver.downloadByCoords(DefaultExternalResourceArtifactResolver.java:139)
... 316 more
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1969)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:141)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:117)
at org.gradle.internal.resource.transport.http.HttpClientHelper.executeGetOrHead(HttpClientHelper.java:106)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:97)
... 335 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1825)
at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1655)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:260)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1086)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1020)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429)
... 351 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86)
... 366 more
idea報錯報錯如下:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'jdk9gradle'.
> Could not resolve all artifacts for configuration ':classpath'.
> Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
Required by:
project :
> Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
> Could not get resource 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> Could not GET 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
> Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
> Could not get resource 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> Could not GET 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
出現該錯誤主要是因爲使用jdk9導致,jdk9之前默認在安裝目錄/lib/security/cacerts包含證書信息,centos6.5上是指向/etc/pki/java/cacerts的軟連接, 訪問https時,使用裏面的證書訪問https網站。
jdk9 安裝方式採用的壓縮包解壓安裝,jdk9安裝目錄/lib/security/cacerts文件內不包含證書信息,所以在jdk9環境下訪問https網站出現:the trustAnchors parameter must be non-empty
可以通過:keytool -list -keystore cacerts -storepass changeit 查看cacerts內包含的證書,jdk9的cacerts包含0個證書
在使用gradle構建過程中,默認使用JAVA_HOME的jdk內的cacerts,在jenkins環境上掛載的宿主機jdk9爲壓縮包形式安裝,當使用jenkins + jdk9 + gradle6構建java項目時,由於證書問題,在從倉庫(https://maven.aliyun.com/nexus/content/groups/public/ 、https://repo.maven.apache.org/maven2/)上下載依賴包時出現上述錯誤。
解決方法:
centos8 的cacerts在:/etc/pki/ca-trust/extracted/java/cacerts , 可以將該cacert拷貝到jdk9/lib/security/內,也可以創建一個軟連接,這樣方式只能解決在宿主機上訪問https的問題,在docker上訪問jdk9內創建的軟連接無法使用,所以可以創建一個硬鏈接,ln /etc/pki/ca-trust/extracted/java/cacerts /usr/local/jdk9/lib/security/cacerts , 然後在invoke gradle script的task輸入框填寫參數: -Djavax.net.ssl.trustStore=/usr/local/jdk9/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStoreType=jks 保存, 再次執行jenkins的gradle構建即可成功。
構建過程中還出現無法訪問或者訪問超時現象,因爲mavenCentral()默認地址爲:https://repo.maven.apache.org/maven2/
經常出現超時或者依賴下載失敗問題,可以使用阿里雲的倉庫解決訪問失敗問題:替換默認倉庫
repositories {
mavenCentral name: "MavenRepo", artifactUrls: [
"https://maven.aliyun.com/nexus/content/groups/public/",
"https://maven.aliyun.com/repository/central",
"https://maven.aliyun.com/repository/public",
]
jcenter {
artifactUrls = ["https://maven.aliyun.com/repository/jcenter"]
}
maven { url "https://maven.aliyun.com/repository/spring-plugin"}
maven { url 'https://maven.aliyun.com/repository/gradle-plugin'}
}