Jenkins install LTS 2.77 TLS error

Just tried an install of 2.77 LTS into a Centos 7 VM.

When it started up, failed due to PXIX TLS error. Huh? On the plugin update.

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
...
Caused: javax.net.ssl.SSLHandshakeException
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
...
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)

The Manage Jenkins > Manage Plugins > Advanced tab shows the update URL. Try it.

$ curl -v https://updates.jenkins.io/update-center.json
 * About to connect() to updates.jenkins.io port 443 (#0)
 * Trying 52.202.51.185...
 * Connected to updates.jenkins.io (52.202.51.185) port 443 (#0)
 * Initializing NSS with certpath: sql:/etc/pki/nssdb
 * CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
 * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 * Server certificate:
 * subject: CN=updates.jenkins.io
 * start date: Aug 05 00:55:00 2017 GMT
 * expire date: Nov 03 00:55:00 2017 GMT
 * common name: updates.jenkins.io
 * issuer: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US
 > GET /update-center.json HTTP/1.1
 > User-Agent: curl/7.29.0
 > Host: updates.jenkins.io
 > Accept: */*
 >
 < HTTP/1.1 301 Moved Permanently
 < Date: Fri, 15 Sep 2017 13:39:15 GMT
 < Server: Apache/2.4.7 (Ubuntu)
 < Location: https://updates.jenkins.io/current/update-center.json
 < Content-Length: 261
 < Content-Type: text/html; charset=iso-8859-1
 <
 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
 <html><head>
 <title>301 Moved Permanently</title>
 </head><body>
 <h1>Moved Permanently</h1>
 <p>The document has moved <a href="https://updates.jenkins.io/current/update-center.json">here</a>.</p>
 </body></html>
 * Connection #0 to host updates.jenkins.io left intact

After some looking, I was running Java8 v74. The Cert was issued by Let’s Encrypt.

The article Does Java support Let’s Encrypt certificates? indicated, no, older JDK8s did not have the root CA cert for Let’s Encrypt.

Fix it.

$ alternatives --config java
There are 4 programs which provide 'java'.
Selection Command
-----------------------------------------------
* 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre/bin/java)
 2 java-1.7.0-openjdk.x86_64 (/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64/jre/bin/java)
 3 /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java
 + 4 /usr/java/jdk1.8.0_74/jre/bin/java
Enter to keep the current selection[+], or type selection number: ^C

root@VM101037-CTS70 /usr/java
$ alternatives --install /usr/bin/java java /usr/java/jdk1.8.0_144/bin/java 5

root@VM101037-CTS70 /usr/java
$ alternatives --config java

There are 5 programs which provide 'java'.

Selection Command
-----------------------------------------------
* 1 java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.131-3.b12.el7_3.x86_64/jre/bin/java)
 2 java-1.7.0-openjdk.x86_64 (/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.141-2.6.10.1.el7_3.x86_64/jre/bin/java)
 3 /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java
 + 4 /usr/java/jdk1.8.0_74/jre/bin/java
 5 /usr/java/jdk1.8.0_144/bin/java

Enter to keep the current selection[+], or type selection number: 5

root@VM101037-CTS70 /usr/java
$ systemctl restart jenkins

Bam!

Posted in Computers, howto, Software | Tagged , , , , , , | Leave a comment

WordPress Update Fun

Time to update WordPress to 4.7.3. I used the SVN method.
I was using an older version of SVN and required me to update the local checkout.
$ svn upgrade

Fine. Did it.

$ svn sw https://core.svn.wordpress.org/tags/4.7.3/ .
svn: E155025: 'svn switch' does not support switching a working copy to a different repository
svn: E155025: 'http://core.svn.wordpress.org/tags/4.4'
is not the same repository as
'https://core.svn.wordpress.org'
What?
$ svn info

Path: .
Working Copy Root Path: /.../blogs/chwalisz
URL: http://core.svn.wordpress.org/tags/4.4
Relative URL: ^/tags/4.4
Repository Root: http://core.svn.wordpress.org
Repository UUID: 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Revision: 36122
Smells like I need to relocate, like I did when they moved from the automattic svn repo.  See codex Relocating From The Old svn.automattic.com
First see what it SHOULD be:
$ svn co https://core.svn.wordpress.org/tags/4.7.3 new-chwalisz-test
A    new-chwalisz-test/index.php
A    new-chwalisz-test/wp-config-sample.php
...

^new-chwalisz-test$ svn info
Working Copy Root Path: /.../new-chwalisz-test
URL: https://core.svn.wordpress.org/tags/4.7.3
Relative URL: ^/tags/4.7.3
Repository Root: https://core.svn.wordpress.org
Repository UUID: 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Revision: 40218
Note the change:
Repository Root: http://core.svn.wordpress.org
to
Repository Root: https://core.svn.wordpress.org
Try?
svn switch --relocate http://core.svn.wordpress.org/tags/4.7.3 https://core.svn.wordpress.org/tags/4.7.3/
BUT — svn 1.7 supports the relocate option.
so maybe….
instead of
$ svn relocate http://svn.company.com/repos/trunk
we use
$ svn relocate https://core.svn.wordpress.org/tags/4.7.3/
Let’s try!
/blogs/chwalisz$ svn relocate https://core.svn.wordpress.org/tags/4.4
/blogs/chwalisz$ svn info
Path: .
Working Copy Root Path: /.../blogs/chwalisz
URL: https://core.svn.wordpress.org/tags/4.4
Relative URL: ^/tags/4.4
Repository Root: https://core.svn.wordpress.org
Repository UUID: 1a063a9b-81f0-0310-95a4-ce76da25c4cd
Revision: 36122
So does it blend?
$ svn sw https://core.svn.wordpress.org/tags/4.7.3/ .
NOW we have some conflicts. I did not mark as resolved – maybe should have…
/blogs/chwalisz/wp-content/themes$ svn st
D C twentyten/404.php
 > local file unversioned, incoming file add upon switch
D C twentyten/archive.php
 > local file unversioned, incoming file add upon switch
...
D twentyten/images/headers
D twentyten/images/headers/berries-thumbnail.jpg
...
Summary of conflicts:
 Tree conflicts: 138
/blogs/chwalisz/wp-content/themes$ cd twentyten/
/blogs/chwalisz/wp-content/themes/twentyten$ svn st
D C 404.php
 > local file unversioned, incoming file add upon switch
D C archive.php
 > local file unversioned, incoming file add upon switch
...
D images/headers 
D images/headers/berries-thumbnail.jpg
...
Summary of conflicts:
 Tree conflicts: 30
/blogs/chwalisz/wp-content/themes/twentyten$ svn revert --recursive .
Reverted 'archive.php'
Reverted 'single.php'
...
Reverted 'images/headers/berries.jpg' 
Reverted 'images/headers/path.jpg'
...
/blogs/chwalisz/wp-content/themes/twentyten$ svn st
/blogs/chwalisz/wp-content/themes/twentyten$ <nothing!!!>
Repeat until bored…
svn st is now clean, except for my manually edited themes.
Now visit the usual wp-admin/upgrade.php URL
Done!
Posted in Computers, howto, Software | Tagged , | Leave a comment