Problem with certificate while trying to compile with Gradle

Question

I've been desperately trying to use ROS2 and PX4, but I can't compile all of the necessary packages: Fast-RTPS-Gen

For people to know PX4:

I am using Gradle version 6.3 installed with sdk, as explained on the PX4 website.
I have download the version 1.0.4 from the Fast-RTPS-Gen repository

When I try to compile it with Gradle, I have a certificate (see end of question).

My question is: how can I bypass this? Since I'm not gonna develop anything on Java, I just really need this one thing to compile, I'm really interested in the quickest, dirtiest way I can bypass this certificate check. I have tried adding a certificate from the Maven repo with keystool but I just can't get it to work.

> Task :buildIDLParser FAILED

FAILURE: Build failed with an exception.

* Where:
Build file '/home/evandro/Fast-RTPS-Gen/thirdparty/idl-parser/idl.gradle' line: 89

* What went wrong:
Could not determine the dependencies of task ':idl-parser:jar'.
> Could not resolve all files for configuration ':idl-parser:compile'.
   > Could not resolve org.antlr:antlr4:4.5.
     Required by:
         project :idl-parser
      > Could not resolve org.antlr:antlr4:4.5.
         > Could not get resource 'https://repo.maven.apache.org/maven2/org/antlr/antlr4/4.5/antlr4-4.5.pom'.
            > Could not GET 'https://repo.maven.apache.org/maven2/org/antlr/antlr4/4.5/antlr4-4.5.pom'.
               > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   > Could not resolve org.antlr:antlr4:4.5.
     Required by:
         project :idl-parser
      > Could not resolve org.antlr:antlr4:4.5.
         > Could not get resource 'https://repo.maven.apache.org/maven2/org/antlr/antlr4/4.5/antlr4-4.5.pom'.
            > Could not GET 'https://repo.maven.apache.org/maven2/org/antlr/antlr4/4.5/antlr4-4.5.pom'.
               > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   > Could not resolve org.antlr:stringtemplate:3.2.
     Required by:
         project :idl-parser
      > Could not resolve org.antlr:stringtemplate:3.2.
         > Could not get resource 'https://repo.maven.apache.org/maven2/org/antlr/stringtemplate/3.2/stringtemplate-3.2.pom'.
            > Could not GET 'https://repo.maven.apache.org/maven2/org/antlr/stringtemplate/3.2/stringtemplate-3.2.pom'.
               > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. Run with --scan to get full insights.

* Get more help at https://help.gradle.org

Deprecated Gradle features were used in this build, making it incompatible with Gradle 7.0.
Use '--warning-mode all' to show the individual deprecation warnings.
See https://docs.gradle.org/6.4/userguide/command_line_interface.html#sec:command_line_warnings

BUILD FAILED in 653ms
4 actionable tasks: 2 executed, 2 up-to-date

GreenSaguaro · Answer 1 · 2022-01-03T17:46:20.650

5

As far as I am aware, it is not possible to disable JVM cert validation by configuration. As you are getting a cert validation failure for https://repo.maven.apache.org, which should not happen on most systems, I am going to guess that you are behind a corporate firewall.

If you are on Windows, try setting the environment variable JAVA_TOOL_OPTIONS to (exactly):

-Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL

If you are on Mac, try setting it to:

-Djavax.net.ssl.trustStoreType=KeychainStore -Djavax.net.ssl.trustStore=/dev/null

If none of those work, you can copy the existing keystore of your JVM, and add your corporate certs to it using keytool, which is easy enough to look up with Google. In this case you would use these settings in the env var:

-Djavax.net.ssl.trustStore=/my/trust_store -Djavax.net.ssl.trustStorePassword=my_password

edited Jan 03 '22 at 17:46

answered Jan 03 '22 at 17:01

GreenSaguaro

2,968
2
22
41

I'm actually on a university, and on Linux! What would the equivalent be for Linux? – ebernardes Jan 03 '22 at 19:56
On a quick Google search, nothing immediately popped up, but I did find this that I think might be helpful: https://marschall.github.io/2018/11/23/java-native-truststore-types.html. With that you can list the available providers, and perhaps in that list will be one for Linux. – GreenSaguaro Jan 03 '22 at 22:34
1

You are a lifesaver. Whatever this is fixed my problems. Added my certs to all cacerts files and tried to set it everywhere, but nothing would get my gradle build to work. – polyglot Jul 29 '22 at 09:47

score 0 · Answer 2 · answered Jan 04 '22 at 09:05

0

Managed to solve it by compiling with sudo:

sudo env "PATH=$PATH" gradle assemble

Took me the whole day since I know nothing about gradle, and it ended up just being a stupid simple solution. I proposed to add this as a note on the PX4 install guide.

answered Jan 04 '22 at 09:05

ebernardes

129
1
12

Problem with certificate while trying to compile with Gradle

2 Answers2