3

On Ubuntu, gradle version 2.10

I downloaded elasticsearch and would like to build

gradle build

Result:

A problem occurred configuring root project 'buildSrc'.
> Could not resolve all dependencies for configuration ':classpath'.
   > Could not resolve com.bmuschko:gradle-nexus-plugin:2.3.1.
     Required by:
         :buildSrc:unspecified
      > Could not resolve com.bmuschko:gradle-nexus-plugin:2.3.1.
         > Could not get resource 'https://jcenter.bintray.com/com/bmuschko/gradle-nexus-plugin/2.3.1/gradle-nexus-plugin-2.3.1.pom'.
            > Could not GET 'https://jcenter.bintray.com/com/bmuschko/gradle-nexus-plugin/2.3.1/gradle-nexus-plugin-2.3.1.pom'.
               > peer not authenticated

If I just try to download this pom via browser or wget, there is no problem accessing it.

I found many similar questions/posts to this kind of error but so far I am unable to resolve this. What do I have to do to resolve this?

tokosh
  • 1,772
  • 3
  • 20
  • 37
  • Can you show your `build.gradle`? It looks like you need to add credentials to the nexus plugin repository – TheoKanning Jan 22 '16 at 04:09
  • The `build.gradle` is from here: https://github.com/elastic/elasticsearch/blob/master/build.gradle. It doesn't sound right that it is required to use credentials to access the plugin. Also as mentioned above `wget`-ing works without. – tokosh Jan 22 '16 at 05:35
  • Are you behind a proxy? – RaGe Jan 22 '16 at 16:13

2 Answers2

1

The error peer not authenticated means that https certificate verification failed. Not unlike how your browser warns you about failed certificate verification. For example:

enter image description here

This in the real world is supposed to mean that the authenticity of the website you're downloading dependencies from cannot be verified and there is a possibility that you could be downloading doctored or malicious content.

In practice though you're more likely to see this error because you're behind a corp proxy that likes to tamper with https certificates in order to inspect all traffic. If your error is due to a corp proxy, the correct way to fix it is to import your proxy certificate into your truststore using the keytool utility distributed with JDK. See here and here.

If it is not due to a corp proxy, you should investigate why your certificate validation is failing. Maybe your certifying authority list is outdated. Maybe someone really is trying a Man In The Middle attack on you. Maybe the certificate for the site you're trying to reach has expired and they haven't renewed it yet (Very unlikely for highly visible public sites, but can happen)

The workaround is to disable security checks or give up security altogether and fall back to http. To draw a silly analogy, this is like firing your bodyguard because they said you shouldn't go into this shady looking area. However, I must concede that this is still useful in certain circumstances. So with the same caveat that the image above throws: "You should not proceed":

Luckily for you, jCenter is still available over plain old http. In buildSrc/build.gradle change your repository definition from

jCenter()

to

jcenter {
    url "http://jcenter.bintray.com/"
}

You should primarily do this on line #25 in the buildScript section to get rid of your plugins download error, but you should really also make this change in line #50 as well for the code dependencies.

Community
  • 1
  • 1
RaGe
  • 22,696
  • 11
  • 72
  • 104
  • Wow thanks for the details. That solved indeed the retrieval of that plugin. But it is probably something that you suggested, the same problem occurs again for different packages. I'll have to do more research on that. – tokosh Jan 26 '16 at 02:14
1

In my specific case (Ubuntu) this error could be solved by

sudo update-ca-certificates -f

I have found this suggestion on a different problem on the elastic-discussion-board (thanks to vincent)

tokosh
  • 1,772
  • 3
  • 20
  • 37