ant-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <rick.hille...@gmail.com>
Subject Re: new warnings produced by <java> task under Open JDK 17-ea+28-2534
Date Tue, 29 Jun 2021 15:44:51 GMT
Thanks, Jaikiran, for taking this issue to security-dev and for making 
changes to ant to reduce the amount of noise.

On 6/28/21 10:22 AM, Jaikiran Pai wrote:
> I spent some time on this today and experimented with some sample 
> build scripts and I noticed that these warning messages are a lot more 
> intrusive in their current form than what I had initially thought or 
> noticed.
>
> Based on your and one other user's inputs so far, I've raised a 
> discussion in security-dev mailing list of OpenJDK, explaining how 
> this is currently impacting Ant project and some potential ways to 
> reduce this impact. The discussion thread is here 
> https://mail.openjdk.java.net/pipermail/security-dev/2021-June/026660.html
>
> -Jaikiran
>
>
> On 28/06/21 8:22 pm, Rick Hillegas wrote:
>> Thanks for that explanation, Jaikiran.
>>
>> On 6/27/21 8:29 PM, Jaikiran Pai wrote:
>>> Hello Rick,
>>>
>>> Thank you for this report. We have been watching this area and have 
>>> been aware of this issue, including one other user report[1]. I'm 
>>> just waiting for things to become a bit more clear on this front 
>>> before coming up with any proposal in the Ant project on how to deal 
>>> with this. Clearly our permissions[2] type and the whole security 
>>> manager based implementation will be impacted and needs a rethink.
>>>
>>> For the java task, we by default apply certain permissions when run 
>>> without "fork". That's what is triggering this warning. It has been 
>>> there in the build 26 EA of JDK 17 as well - of course, that version 
>>> didn't include the exact class which was calling the 
>>> System.setSecurityManager. That additional detail got included 
>>> recently[3].
>>>
>>>
>>> [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=65381
>>>
>>> [2] http://ant.apache.org/manual/Types/permissions.html
>>>
>>> [3] https://github.com/openjdk/jdk17/pull/13
>>>
>>> -Jaikiran
>>>
>>> On 27/06/21 11:22 pm, Rick Hillegas wrote:
>>>> Open JDK 17 build 17-ea+28-2534 causes the ant 1.10.6 <java> task 
>>>> to produce the following warnings when you DON'T fork the JVM:
>>>>
>>>> WARNING: A terminally deprecated method in java.lang.System has 
>>>> been called
>>>> WARNING: System::setSecurityManager has been called by 
>>>> org.apache.tools.ant.types.Permissions (file:/opt/ant/lib/ant.jar)
>>>>
>>>> For more information, see 
>>>> https://issues.apache.org/jira/browse/DERBY-7110?focusedCommentId=17370259&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17370259

>>>> and 
>>>> https://issues.apache.org/jira/browse/DERBY-7110?focusedCommentId=17370302&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-17370302
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
>>>> For additional commands, e-mail: dev-help@ant.apache.org
>>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
>> For additional commands, e-mail: dev-help@ant.apache.org
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ant.apache.org
For additional commands, e-mail: dev-help@ant.apache.org


Mime
View raw message