Error on installing XNAT pipeline using gradle
Shuai Liang
FAILURE: Build failed with an exception.
* Where:
Build file '.../pipeline/xnat-pipeline-engine-master/build.gradle' line: 188
* What went wrong:
A problem occurred evaluating root project 'pipeline'.
> Could not resolve all dependencies for configuration ':detachedConfiguration1'.
> Could not resolve org.nrg:parent:1.7.4.
Required by:
project :
> Could not resolve org.nrg:parent:1.7.4.
> Could not get resource 'https://jcenter.bintray.com/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Could not GET 'https://jcenter.bintray.com/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Remote host closed connection during handshake
> Could not resolve org.nrg:parent:1.7.4.
> Could not get resource 'https://repo1.maven.org/maven2/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Could not GET 'https://repo1.maven.org/maven2/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Received fatal alert: protocol_version
> Could not resolve org.nrg:parent:1.7.4.
> Could not get resource 'http://www.dcm4che.org/maven2/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Could not GET 'http://www.dcm4che.org/maven2/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
> Could not resolve org.nrg:parent:1.7.4.
> Could not get resource 'https://nrgxnat.jfrog.io/nrgxnat/libs-release/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Could not GET 'https://nrgxnat.jfrog.io/nrgxnat/libs-release/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Remote host closed connection during handshake
> Could not resolve org.nrg:parent:1.7.4.
> Could not get resource 'https://nrgxnat.jfrog.io/nrgxnat/libs-snapshot/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Could not GET 'https://nrgxnat.jfrog.io/nrgxnat/libs-snapshot/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Remote host closed connection during handshake
> Could not resolve org.nrg:parent:1.7.4.
> Could not get resource 'https://nrgxnat.jfrog.io/nrgxnat/ext-release/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Could not GET 'https://nrgxnat.jfrog.io/nrgxnat/ext-release/org/nrg/parent/1.7.4/parent-1.7.4.pom'.
> Remote host closed connection during handshake
Daniel Beasley
Herrick, Rick
Well, I started to answer this, then realized I was answering the wrong question. I thought jcenter was failing, but now I see that the other configured repositories were failing as well (or, really, that the calls to the repositories were failing). Since I did answer that question you didn’t ask, I’m going to leave it on here for reference, but it probably won’t solve your problem (give a try though ☺).
I think you’re seeing an issue with recent changes in TLS requirements for initiating SSL handshakes with servers. You’re probably using Java 7, which defaults to using TLS 1.0. That protocol was recently deprecated and support discontinued for most browsers, sites, and SSL certificate issuers. The upshot of this is that calls using TLS 1.0 will be rejected. That’s the “Remote host closed connection during handshake” message: you showed up at the door with your hand outstretched, but holding a TLS 1.0 cert in it. The server looked at your certificate, looked at you, and slammed the door in your face.
Luckily, this should be fairly easy to fix: just add the https.protocols JVM parameter to your Gradle command:
$ ./gradlew -Dhttps.protocols=TLSv1.1,TLSv1.2
That forces Java 7 to use those protocols rather than the default TLS 1.0. The other option, not necessarily as easy, would be to upgrade to Java 8 (XNAT and Tomcat 7 run with no issues on Java 8 even though the code is Java 7 compatible).
HTH…
Answer to the question you didn’t ask
That looks like the jcenter repo was down. It should normally return a 404 but something when wrong while trying to establish the SSL handshake. Gradle doesn’t seem to be smart enough to treat a failure like that the same as a 404 and so it errors out rather than moving onto the next repository candidate. I tried to configure the build so that it would skip over failed repository calls but wasn’t ever able to get it working.
I’d guess that it would work if you tried it again. I was just able to run this on a clean machine (i.e. there were no cached libraries so it retrieved everything from one of the configured repositories and jcenter didn’t block it). That said, if and when you do run into this again, you can edit the file build.gradle in your pipeline installer folder. Look for this block:
repositories {
mavenLocal()
maven {
url "http://maven.imagej.net/content/groups/public"
name "ImageJ Maven Repository"
}
jcenter()
mavenCentral()
maven {
url "https://nrgxnat.jfrog.io/nrgxnat/libs-release"
name "XNAT Release Repository"
}
maven {
url "https://nrgxnat.jfrog.io/nrgxnat/libs-snapshot"
name "XNAT Snapshot Repository"
}
}
Just remove the definition of the repository that’s causing trouble, so in this case jcenter().
Note also that there are TWO separate repositories elements, one with the buildscript configuration (this element basically configures the environment in which Gradle runs, so sets up repositories for plugins and the like to be available to the script as it executes) and one in the main project body. Depending on what’s failing, you may need to edit both of those elements, but I think 90% of the time you’d only need to edit the configuration for the main project.
--
Rick Herrick
Sr. Programmer/Analyst
Neuroinformatics Research Group
Washington University School of Medicine
Phone: +1 (314) 273-1645
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.
Shuai Liang
Herrick, Rick
Try running with the --debug flag and capturing the output, something like this:
$ ./gradlew --debug -Dhttps.protocols=TLSv1.1,TLSv1.2 | tee build.log
At some point you’ll see something like “Performing HTTP GET” in the log and that’s where things should get interesting. A successful transaction looks something like this:
15:50:15.371 [DEBUG] [org.gradle.internal.resource.transport.http.HttpClientHelper] Performing HTTP GET: https://jcenter.bintray.com/io/spring/...1.0.3.RELEASE.pom
15:50:15.697 [DEBUG] [org.apache.http.client.protocol.RequestAddCookies] CookieSpec selected: default
15:50:15.709 [DEBUG] [org.apache.http.client.protocol.RequestAuthCache] Auth cache not set in the context
15:50:15.721 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection request: [route: {s}->https://jcenter.bintray.com:443][total kept alive: 0; route allocated: 0 of 20; total allocated: 0 of 20]
15:50:15.759 [DEBUG] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager] Connection leased: [id: 0][route: {s}->https://jcenter.bintray.com:443][total kept alive: 0; route allocated: 1 of 20; total allocated: 1 of 20]
15:50:15.760 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Opening connection {s}->https://jcenter.bintray.com:443
15:50:15.789 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connecting to jcenter.bintray.com/108.168.243.150:443
15:50:15.789 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Connecting socket to jcenter.bintray.com/108.168.243.150:443 with timeout 0
15:50:15.868 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
15:50:15.869 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, … lots of stuff…]
15:50:15.869 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Starting handshake
15:50:16.102 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] Secure session established
15:50:16.102 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] negotiated protocol: TLSv1.2
15:50:16.102 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
15:50:16.102 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] peer principal: CN=*.bintray.com
15:50:16.102 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] peer alternative names: [*.bintray.com, bintray.com]
15:50:16.102 [DEBUG] [org.apache.http.conn.ssl.SSLConnectionSocketFactory] issuer principal: CN=GeoTrust DV SSL CA - G3, OU=Domain Validated SSL, O=GeoTrust Inc., C=US
15:50:16.104 [DEBUG] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator] Connection established 10.0.2.15:57830<->108.168.243.150:443
15:50:16.104 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Executing request GET /io/spring/gradle/dependency-management-plugin/1.0.3.RELEASE/dependency-management-plugin-1.0.3.RELEASE.pom HTTP/1.1
15:50:16.104 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Target auth state: UNCHALLENGED
15:50:16.104 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Proxy auth state: UNCHALLENGED
15:50:16.201 [DEBUG] [org.apache.http.impl.execchain.MainClientExec] Connection can be kept alive indefinitely
Let’s see what you’re getting in there.
Another option is to install Java 8 and try running with that as your active JVM for the pipeline installation (you can run Tomcat 7 and XNAT with Java 8 as well).
--
Rick Herrick
Sr. Programmer/Analyst
Neuroinformatics Research Group
Washington University School of Medicine
Phone: +1 (314) 273-1645
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To post to this group, send email to
xnat_di...@googlegroups.com.
Visit this group at https://groups.google.com/group/xnat_discussion.
For more options, visit https://groups.google.com/d/optout.
Shuai Liang
Nic Ovrn
Selection Path Priority Status
------------------------------------------------------------
0 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1101 auto mode
1 /usr/lib/jvm/java-11-openjdk-amd64/bin/java 1101 manual mode
* 2 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode
3 /usr/local/java/jdk1.7.0_80/bin/java 1 manual mode
Op donderdag 16 augustus 2018 19:56:23 UTC+2 schreef Shuai Liang:
Nic Ovrn
Op donderdag 16 augustus 2018 19:56:23 UTC+2 schreef Shuai Liang:
OK, confirmed Java 7 refuses to use the specified https protocol, but it's working with Java 8. Rick, thanks a lot!
