https://pantsbuild.org/ logo
Join Slack
Powered by
Started learning how to use Pants with Scala/Java ...
# general
n
Started learning how to use Pants with Scala/Java projects today and ran into a setup snag. It seems the Coursier standalone launcher (the one Pants expects) uses its own JRE for commands like 
cs fetch
, leading to TLS/SSL issues when trying to download 
nailgun
from our Maven repository for instance (running 
pants packcage
):
Copy code
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
The issue is documented at https://github.com/coursier/coursier/issues/1977 and the suggested workaround is to use the JAR launcher instead: 
java -jar coursier.jar fetch ...
. When I do that, the 
cs fetch
command Pants was trying to run works fine, since it's using the intended JRE with the necessary keystore/truststore. Note that this problem arises even when Coursier also knows about the correct JRE (
cs java-home
or 
cs java -version
all report the expected JRE, but it's not using this for 
fetch
, etc.). I guess my question is 1) Does anyone know how to fix this with Coursier itself (in such a way that is compatible with Pants' current usage/invocations) or 2) Is it possible to make Pants use the JAR launcher approach?
I was able to resolve the issue with the Coursier launcher itself by passing 
-J-<Java Option>
s to the 
fetch
commands, which are apparently passed to its internal JRE. It doesn’t look like Pant’s Coursier backend supports passing custom args; could that feature be added (or a configuration specifically for passing 
-J-Djavax.net.ssl.trustStore
and related options)? In the meantime I’ll see how far I get by trying to abuse the known versions configuration and point Pants to a script that adds these options to its Coursier calls.
I managed to get past all this by pex’ing Coursier and its wrapper script into a single tool and telling pants it’s a known version of Coursier.
b
Sorry for the trouble. Is that workaround good enough for now?
n
Yah, it works fine for now. But see my other post, which is where we're currently stuck 😩
Open in Slack
PreviousNext
Powered by