On 1/18/23 18:29, Jiri Vanek wrote:
 We are using frozen solr 8.8.2 for jdk11 and jdk8. Jdk11 keeps being ok, but jdk8 **{*}RPMS{*}** got broken:
 [http://hydra.brq.redhat.com:8080/job/lucene-jp8-ojdk8~rpms-el8z.aarch64-release.sdk-el8z.aarch64.beaker-x11.defaultgc.legacy.lnxagent.jfroff/168/java-reports/]
 Note, that  > Most of the traces are "wrongly Strightforward": as

{code}
 Suppressed: java.lang.NoClassDefFoundError: Could not initialize class sun.security.ssl.TrustStoreManager$TrustStoreDescriptor
 at sun.security.ssl.TrustStoreManager.getTrustedCerts(TrustStoreManager.java:56)
 at sun.security.ssl.TrustManagerFactoryImpl.engineInit(TrustManagerFactoryImpl.java:49)
 at javax.net.ssl.TrustManagerFactory.init(TrustManagerFactory.java:250)
 at sun.security.ssl.SSLContextImpl.engineInit(SSLContextImpl.java:89)
 at javax.net.ssl.SSLContext.init(SSLContext.java:282)
 at org.apache.http.ssl.SSLContextBuilder.initSSLContext(SSLContextBuilder.java:377)
 at org.apache.http.ssl.SSLContextBuilder.build(SSLContextBuilder.java:391)
 at org.apache.solr.util.SSLTestConfig$2.createContextFactory(SSLTestConfig.java:227)
 at org.apache.solr.client.solrj.embedded.SSLConfig.createContextFactory(SSLConfig.java:92)
 at org.apache.solr.client.solrj.embedded.JettySolrRunner.init(JettySolrRunner.java:281)
 at org.apache.solr.client.solrj.embedded.JettySolrRunner.<init>(JettySolrRunner.java:258)
 at org.apache.solr.client.solrj.embedded.JettySolrRunner.<init>(JettySolrRunner.java:230)
 at org.apache.solr.cloud.MiniSolrCloudCluster.startJettySolrRunner(MiniSolrCloudCluster.java:474)
 at org.apache.solr.cloud.MiniSolrCloudCluster.lambda$new$0(MiniSolrCloudCluster.java:301)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at org.apache.solr.common.util.ExecutorUtil$MDCAwareThreadPoolExecutor.lambda$execute$0(ExecutorUtil.java:218)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 ... 1 more
{code}
>
 But some of them are actually showing (maybe) cause:
{code}
 Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read")
 at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
 at java.security.AccessController.checkPermission(AccessController.java:886)
 at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
 at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
 at java.io.File.exists(File.java:825)
 at sun.security.tools.KeyStoreUtil.getCacertsKeyStoreFile(KeyStoreUtil.java:141)
 at sun.security.ssl.TrustStoreManager$TrustStoreDescriptor.<clinit>(TrustStoreManager.java:80)
{code}

one more noticable exception is:
{code}
Caused by: java.lang.RuntimeException: Unable to initialize 'Default' SSLContext Algorithm, JVM is borked
at org.apache.solr.cloud.TestMiniSolrCloudClusterSSL.<clinit>(TestMiniSolrCloudClusterSSL.java:75)
... 44 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Provider.java:1617)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:96)
at org.apache.solr.cloud.TestMiniSolrCloudClusterSSL.<clinit>(TestMiniSolrCloudClusterSSL.java:72)
... 44 more
Caused by: java.lang.NoClassDefFoundError: Could not initialize class sun.security.ssl.SSLContextImpl$DefaultManagersHolder
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(SSLContextImpl.java:1227)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at java.security.Provider$Service.newInstance(Provider.java:1595)
... 49 more
{code}
But afaik goes back to the java.security.AccessControlException: access denied ("java.io.FilePermission" "/etc/pki/java/cacerts" "read")

Note, that you need (acording to
at java.security.AccessController.checkPermission(AccessController.java:886)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
) security manager on.

It may be, that Severin's patch for secure random: https://issues.redhat.com/browse/OPENJDK-1357
May be the same thing.

 All traces are visible here: [http://hydra.brq.redhat.com:9090/diff.html?generated-part=+-view%3Dhide-positives+++-view%3Dinfo-problems+++-view%3Dinfo-summary+++-view%3Dinfo-summary-suites+++-output%3Dhtml++&custom-part=lucene-jp8-ojdk8%7Erpms-el8z.aarch64-release.sdk-el8z.aarch64.beaker-x11.defaultgc.legacy.lnxagent.jfroff+168]

 **important note** PORTABLE jdk8 IS NOT, repeat NOT affected so issue is by my guess at one of the few differences:
 [https://pkgs.devel.redhat.com/cgit/rpms/java-1.8.0-openjdk/tree/java-1.8.0-openjdk.spec?h=openjdk-portable-rhel-7#n1040]
 x
 [https://pkgs.devel.redhat.com/cgit/rpms/java-11-openjdk/tree/java-11-openjdk.spec?h=rhel-8.7.0#n2053]

 and its implementation in jdk8 compared to 11, as 11 rpms are ok.