环境:gradle6.2.2 + jdk9 + jenkins2.204.5 + docker19.03.8
服务器:aliyun ecs centos8
核心错误:the trustAnchors parameter must be non-empty
jenkins服务器invoke gradle script报错如下:
Caused by: org.gradle.internal.resource.transport.http.HttpRequestException: Could not HEAD 'https://maven.aliyun.com/repository/spring-plugin/org/springframework/boot/spring-boot-dependencies/2.2.5.RELEASE/spring-boot-dependencies-2.2.5.RELEASE.pom'.
at org.gradle.internal.resource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:101)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performRawHead(HttpClientHelper.java:76)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performHead(HttpClientHelper.java:80)
at org.gradle.internal.resource.transport.http.HttpResourceAccessor.getMetaData(HttpResourceAccessor.java:66)
at org.gradle.internal.resource.transfer.DefaultExternalResourceConnector.getMetaData(DefaultExternalResourceConnector.java:63)
at org.gradle.internal.resource.transfer.AccessorBackedExternalResource.getMetaData(AccessorBackedExternalResource.java:201)
at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator$1.call(BuildOperationFiringExternalResourceDecorator.java:61)
at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator$1.call(BuildOperationFiringExternalResourceDecorator.java:58)
at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:416)
at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:406)
at org.gradle.internal.operations.DefaultBuildOperationExecutor$1.execute(DefaultBuildOperationExecutor.java:165)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:250)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:158)
at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:102)
at org.gradle.internal.operations.DelegatingBuildOperationExecutor.call(DelegatingBuildOperationExecutor.java:36)
at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator.getMetaData(BuildOperationFiringExternalResourceDecorator.java:58)
at org.gradle.internal.resource.transfer.DefaultCacheAwareExternalResourceAccessor.lambda$getResource$1(DefaultCacheAwareExternalResourceAccessor.java:104)
at org.gradle.cache.internal.ProducerGuard$AdaptiveProducerGuard.guardByKey(ProducerGuard.java:97)
at org.gradle.internal.resource.transfer.DefaultCacheAwareExternalResourceAccessor.getResource(DefaultCacheAwareExternalResourceAccessor.java:86)
at org.gradle.api.internal.artifacts.repositories.resolver.DefaultExternalResourceArtifactResolver.downloadByCoords(DefaultExternalResourceArtifactResolver.java:139)
... 316 more
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1969)
at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:141)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:117)
at org.gradle.internal.resource.transport.http.HttpClientHelper.executeGetOrHead(HttpClientHelper.java:106)
at org.gradle.internal.resource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:97)
... 335 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89)
at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1825)
at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1655)
at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:260)
at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1086)
at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1020)
at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429)
... 351 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86)
... 366 more
idea报错报错如下:
FAILURE: Build failed with an exception.
* What went wrong:
A problem occurred configuring root project 'jdk9gradle'.
> Could not resolve all artifacts for configuration ':classpath'.
> Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
Required by:
project :
> Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
> Could not get resource 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> Could not GET 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
> Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
> Could not get resource 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> Could not GET 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
> java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
出现该错误主要是因为使用jdk9导致,jdk9之前默认在安装目录/lib/security/cacerts包含证书信息,centos6.5上是指向/etc/pki/java/cacerts的软连接, 访问https时,使用里面的证书访问https网站。
jdk9 安装方式采用的压缩包解压安装,jdk9安装目录/lib/security/cacerts文件内不包含证书信息,所以在jdk9环境下访问https网站出现:the trustAnchors parameter must be non-empty
可以通过:keytool -list -keystore cacerts -storepass changeit 查看cacerts内包含的证书,jdk9的cacerts包含0个证书
在使用gradle构建过程中,默认使用JAVA_HOME的jdk内的cacerts,在jenkins环境上挂载的宿主机jdk9为压缩包形式安装,当使用jenkins + jdk9 + gradle6构建java项目时,由于证书问题,在从仓库(https://maven.aliyun.com/nexus/content/groups/public/ 、https://repo.maven.apache.org/maven2/)上下载依赖包时出现上述错误。
解决方法:
centos8 的cacerts在:/etc/pki/ca-trust/extracted/java/cacerts , 可以将该cacert拷贝到jdk9/lib/security/内,也可以创建一个软连接,这样方式只能解决在宿主机上访问https的问题,在docker上访问jdk9内创建的软连接无法使用,所以可以创建一个硬链接,ln /etc/pki/ca-trust/extracted/java/cacerts /usr/local/jdk9/lib/security/cacerts , 然后在invoke gradle script的task输入框填写参数: -Djavax.net.ssl.trustStore=/usr/local/jdk9/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStoreType=jks 保存, 再次执行jenkins的gradle构建即可成功。
构建过程中还出现无法访问或者访问超时现象,因为mavenCentral()默认地址为:https://repo.maven.apache.org/maven2/
经常出现超时或者依赖下载失败问题,可以使用阿里云的仓库解决访问失败问题:替换默认仓库
repositories {
mavenCentral name: "MavenRepo", artifactUrls: [
"https://maven.aliyun.com/nexus/content/groups/public/",
"https://maven.aliyun.com/repository/central",
"https://maven.aliyun.com/repository/public",
]
jcenter {
artifactUrls = ["https://maven.aliyun.com/repository/jcenter"]
}
maven { url "https://maven.aliyun.com/repository/spring-plugin"}
maven { url 'https://maven.aliyun.com/repository/gradle-plugin'}
}