Description of problem: I just updated to java-1.8.0-openjdk-headless-1.8.0.131-1.b12.fc25.x86_64 and now gradle cannot download dependencies any more due to missing cacerts: $ gradle [...] :compileTestJava FAILURE: Build failed with an exception. * What went wrong: Could not resolve all dependencies for configuration ':testCompileClasspath'. > Could not resolve junit:junit:4.+. Required by: :libtalque-java:1.0 > Could not resolve junit:junit:4.+. > Failed to list versions for junit:junit. > Unable to load Maven meta-data from https://repo1.maven.org/maven2/junit/junit/maven-metadata.xml. > org.apache.http.ssl.SSLInitializationException: /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-1.b12.fc25.x86_64/jre/lib/security/cacerts (No such file or directory) This definitely worked before the update. The issue seems to be the removal of the cacerts symlink in http://pkgs.fedoraproject.org/cgit/rpms/java-1.8.0-openjdk.git/commit/?id=4821c37ebebfb8c8d5837258b968356dfe689d25 Somebody opened a bug with gradle: https://github.com/gradle/gradle/issues/1782 Version-Release number of selected component (if applicable): java-1.8.0-openjdk-headless-1.8.0.131-1.b12.fc25.x86_64 How reproducible: Add junit dependency to build.gradle, and then try to test: dependencies { testCompile group: 'junit', name: 'junit', version: '4.+' }
I think this is caused by change in java.security. Old https algorithms are no longer supported
Thsi time md5sum was removed, so also all MD5withRSA were canceled. If you change yours /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-1.b12.fc24.x86_64/jre/lib/security/java.security jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ and jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \ to jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, \ and jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768, \ It should work. If so,please clsoe this. But COnsider this as only tmp solution and get rid of it as soon as possible
We can add back the symlink, but this shouldn't be necessary. The Apache code shouldn't be hardcoding internal JDK paths. That's likely to break with OpenJDK 9 as well.
(In reply to jiri vanek from comment #2) > Thsi time md5sum was removed, so also all MD5withRSA were canceled. > > If you change yours > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-1.b12.fc24.x86_64/jre/lib/security/ > java.security > > > jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ > and > jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \ > > to > jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024, \ > and > jdk.tls.disabledAlgorithms=SSLv3, RC4, DH keySize < 768, \ > > > It should work. If so,please clsoe this. But COnsider this as only tmp > solution and get rid of it as soon as possible It has nothing to do with this. Please don't suggest rolling back a security update without good cause.
This has been fixed since this sync with the RHEL version: http://pkgs.fedoraproject.org/rpms/java-1.8.0-openjdk/c/928912572e0b93fe1eb252bfe86d3fa4d78846a0?branch=f25