Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove -Djava.security.manager=allow from the products #2673

Merged
merged 1 commit into from
Dec 18, 2024
Merged

Remove -Djava.security.manager=allow from the products #2673

merged 1 commit into from
Dec 18, 2024

Conversation

merks
Copy link
Contributor

@merks merks commented Dec 17, 2024

  • Define an unconfigure touchpoint to remove -Djava.security.manager=allow from the eclipse.ini which is done to ensure that updates will leave installations in a state that can run with Java 24.
  • Do the above for both products and ensure that both products specify -Dosgi.requiredJavaVersion=21

#2623

@merks
Copy link
Contributor Author

merks commented Dec 17, 2024

This approach is an alternative to just removing the -Djava.security.manager=allow from the products which would leave existing updated installations forever with that option in their eclipse.ini, eventually failing to start with Java 24. It's also an alternative to setting -Djava.security.manager=disallow in the product which might cause problems immediately (though ones that will definitely happen with Java 24 eventually), and that being said, the default for Java 21 is dissallow so setting it to that explicitly would maybe be fine too. I'm not sure how others @HannesWell @laeubi @akurtakov @jonahgraham @iloveeclipse feel about this?

An unconfigure is used because the existing product IUs' p2 metadata looks like this:

<instruction key="configure">
...;addJvmArg(jvmArg:-Djava.security.manager=allow);...
</instruction>
<instruction key="unconfigure">
...;removeJvmArg(jvmArg:-Djava.security.manager=allow);...
</instruction>

akurtakov
akurtakov approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@akurtakov akurtakov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like the correct thing to do (removing setting to default value that we know will break soon )

@merks
Copy link
Contributor Author

merks commented Dec 17, 2024

I'll leave this open for 24 hours for anyone else to comment.

laeubi
laeubi approved these changes Dec 17, 2024
View reviewed changes
Copy link
Contributor

@laeubi laeubi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with that even though I probably would not have came up with such an sophisticated approach :-)

@merks merks force-pushed the pr-cleanup-security-allow branch 2 times, most recently from 12120f8 to b61ea6e Compare December 17, 2024 12:16
@merks
Copy link
Contributor Author

merks commented Dec 17, 2024

Thanks @laeubi for pointing out that there were two separate instructions.configure properties!

@merks
Copy link
Contributor Author

merks commented Dec 17, 2024

Darn, now there are two commits. I will force push again...

@merks merks force-pushed the pr-cleanup-security-allow branch from e27bb85 to d3c19d3 Compare December 17, 2024 12:24
@merks
Copy link
Contributor Author

merks commented Dec 17, 2024

@akurtakov

An earlier build passed all the tests but now the license Java 21 issue appears to be back. Do you have idea of why that might be?

@akurtakov
Copy link
Member

I rerun it (just in case :) and it failed again. Looking into it.

@merks @akurtakov
Remove -Djava.security.manager=allow from the products
a44c18b 
- Define an unconfigure touchpoint to remove
-Djava.security.manager=allow from the eclipse.ini which is done to
ensure that updates will leave installations in a state that can run
with Java 24.
- Do the above for both products and ensure that both products specify
-Dosgi.requiredJavaVersion=21

eclipse-platform#2623
@akurtakov akurtakov force-pushed the pr-cleanup-security-allow branch from d3c19d3 to a44c18b Compare December 17, 2024 13:05
@akurtakov
Copy link
Member

@merks Fixed via #2674 .
Until eclipse-dash/dash-licenses#423 is applied projects will have to apply similar change to keep licensecheck working for them.

@merks
Copy link
Contributor Author

merks commented Dec 17, 2024

Oh joy:

14:27:29  Caused by: java.lang.OutOfMemoryError: Java heap space
14:27:29      at org.codehaus.plexus.archiver.zip.ByteArrayOutputStream.needNewBuffer (ByteArrayOutputStream.java:153)

Repeating builds doesn't warm my heart but the warms the planet.

HannesWell
HannesWell approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@HannesWell HannesWell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for working out the details.
Removing existing java.security.manager=allow is probably the best we can do, because not everyone can consider changed defaults:
#2659 (comment)

jonahgraham
jonahgraham approved these changes Dec 18, 2024
View reviewed changes
Copy link
Contributor

@jonahgraham jonahgraham left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll pick up the same changes for the EPP products when I do the following for 2025-03 M1 eclipse-packaging/packages#251

  • Synchronize the following - Remember to check branch, these links are to master, but around RC2 master may be setup for next release already
  • Synchronize any changes to platform.product into all the epp.product files.
  • Synchronize any changes to platform.p2.inf into all the *.product/p2.inf files.

@merks
Copy link
Contributor Author

merks commented Dec 18, 2024

Thanks everyone for the feedback! 💞

@merks merks merged commit 4206508 into eclipse-platform:master Dec 18, 2024
4 checks passed
@merks merks deleted the pr-cleanup-security-allow branch December 18, 2024 06:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HannesWell HannesWell HannesWell approved these changes

@laeubi laeubi laeubi approved these changes

@jonahgraham jonahgraham jonahgraham approved these changes

@akurtakov akurtakov akurtakov approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@merks @akurtakov @jonahgraham @laeubi @HannesWell