Monday Mar 21, 2011

Some Kerberos Compiler Warnings on Windows

There is a rather old bug on native code compiler warnings on Windows. I have been the responsible engineer for some time but never really started working on it. Unfortunately, some warnings result in a real runtime error now. Sorry.

Here is the changeset for it.

As you can see, we used the swprintf function in a not-so-standard way. The correct signature of the function is swprintf(buffer, size, format, args...) but we didn't provide the size argument. In the age of VC++ 2003, there were already warnings, but the runtime accepted this "overloaded" form and it ran fine. Starting from jdk7b108, we start using VC++ 2010 to build jdk7, the same warnings still show, but this time the runtime does not accept the form anymore, and a JVM crash is observed.

The lesson is never ignore compiler warnings.

The fix would be integrated in jdk7 builds in several weeks, and I've uploaded a copy here (32 bit build) in case anyone wants to try it out. I build it in a VirtualBox guest and hope it contains no virus.

Friday Mar 18, 2011

Jarsigner with Timestamping Behind a Firewall

We've supported timestamping in jarsigner for a long time. By providing a -tsa option to the command when signing a jar file, a timestamping block will be added to the signed jar. This makes an application to be accepted by Java Plugin in a future time when the signer's certificate already expires.

In a lot of enterprise environments, you need to go through a firewall to access the Internet, here, the TSA (Time Stamping Authority). We've noticed this some time ago. Therefore, when a connection to the TSA is not available, jarsigner would print out a message like this:

jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall then an HTTP proxy may need to be specified. Supply the following options to jarsigner:
We thought this is very helpful, but there are still some customer feedbacks saying it does not work. It turns out that when a TSA server provides its service through an HTTPS website, in order to specify the proxy setting, you should use another pair of system property names:
Detailed of proxy support in Java can be found here.

In order for people using other languages to reach this page, here are the same messages in Simplified Chinese and Japanese:

jarsigner: 无法对 jar 进行签名: 时间戳颁发机构没有响应。 如果要从防火墙后面连接, 则可能需要指定 HTTP 代理。请为 jarsigner 提供以下选项:
jarsigner: jarに署名できません: タイムスタンプ局からのレスポンスがありません。 ファイアウォールを介して接続するときは、必要に応じてHTTPプロキシを指定してください。 jarsignerに次のオプションを指定してください:
(Best wishes for people in Japan. Hope this earthquake/tsunami/nuclear crisis can be over soon.)

Wednesday Mar 16, 2011

Fixed-width Font Widened on Bold

So here is a screenshot of a JDK source file I am working on now, in NetBeans:

It seems there is an extra space before the "// ok" comment on line 52 which makes the comments non-aligned. So I removed it. But then when I read the diff, it shows:

@@ -49,7 +49,7 @@
      \* Constructs an AS-REQ message.
                                                 // Can be null? has default?
-    public KrbAsReq(EncryptionKey pakey,        // ok
+    public KrbAsReq(EncryptionKey pakey,       // ok
                       KDCOptions options,       // ok, new KDCOptions()
                       PrincipalName cname,      // NO and must have realm
                       PrincipalName sname,      // ok, krgtgt@CREALM
Bad, so they were aligned, but after my change, they are not.

I am really confused by this. Is there anything wrong with the hg repository? or the diff command? or my console? Or, is there a hidden TAB character? I checked and checked but nothing seems wrong.

Finally I have to count the spaces one by one. Good heavens! It turns out that the font used in NetBeans — Lucida Sans Typewriter — has different widths between normal and bold typefaces.

Isn't this ridiculous? A fixed-width font's width should be fixed whenever it's shown in normal, or bold, or italic. I believe all modern IDEs use these styles to show different types of source tokens.

Anyway, I changed the font to the simple "monospaced" and everything looks normal now. Maybe the Lucida Sans Typewriter font is not fixed-width at all, it just looks like one.

Monday Mar 14, 2011

Cool Mercurial Bundles

Although OpenJDK is mostly in open source state but there are still some code repositories closed. When I work from home and need to update these repositories, I'll have to connect to the Oracle VPN to access them. I always hesitate to use VPN at home because I won't be able to see other machines on the LAN (especially, VirtualBox guests using this machine as the host) and I don't like accessing the Internet using the Oracle proxy servers. My solution is to create a VirtualBox guest for VPN exclusively.

But then I see a problem, there is a VirtualBox bug saying that symlinks in a shared folder shows incorrectly inside the guest. Now I share the OpenJDK forest in read-write mode to the guest, when trying to run hg pull -R jdk/src/closed inside the guest, it would complain

abort: Is a directory: /mnt/root/openjdk7/jdk/src/closed/.hg/wlock
This is bad.

So I go take a look at the Mercurial commands and notice this cool feature: bundles. A bundle looks like a code repository as a single file, which can contain the whole history or only part of it. Now in the guest I would call

hg inc -R jdk/src/closed --bundle jsc
to create a bundle file to contain all incoming changesets of the jdk/src/closed repo. Note that there is no problem creating a normal file from within the guest in a shared folder. Then I can go back to the host machine, and call this
hg fetch -R jdk/src/closed bundle://jsc
Cool, a bundle-schemed URI. In fact, I can now make the shared folder as read-only, and create another another smaller read-write shared folder only for file transmission from guest to host. Mecurial has dedicated commands like bundle and unbundle to deal with bundles, but I'm not eager to look into their details now.

Something else to say, I wrap the calls into a script, and it's a single script that can be called on both guest and host. In fact, this script does not perform any real mercurial/file actions, all it does is to iterate thru repository names and call echo to output command lines on the screen (plus #comments). I often write scripts in this way so that I can take a second look at the output commands for safety. After making sure they are OK I can simply copy and paste (drag thru and middle-click) lines I want to run to execute them. In this case, I run the "hg inc" lines on the guest and "hg fetch" lines on the host.


This blog has a comments managing system that requires me to approve each comment manually. Please do not re-post and I will reply it (if I have an answer) when I get pinged.


Top Tags
« March 2011 »