Solved how to get JAVA_VERSION=7 on 13.1? (openjdk-7 marked broken)

Trying to upgrade my desktop to 13.1, I was hit by this error:

openjdk-7.261.02.1,1 is marked as broken on FreeBSD 13.1

Consequentially I found this message: https://forums.freebsd.org/threads/...-02-1-1-is-marked-as-broken.84923/post-564702

Now this looks like real pain, because without Java 7 I cannot access my servers. They are core-i v1+2 and perfectly fine, but they use a thing called IDRAC, and that requires Java 7, and, according to some hard-to-find online discussions, it cannot or won't be upgraded.

I have no idea about Java - this is one of the things I never looked into. Obviousely the provider of these servers was of no help - they might understand that one does run FreeBSD on the servers themselves, but they won't understand why anybody would run FreeBSD (and FreeBSD only) on the desktop.
Then I found a port called icedtea, which should work, but didn't. I figured about the requirement of version 7 - and it didn't seem possible to build icedtea with anything but version 8.
Then I found that the process would download a file avctKVM.jar from the hoster, and somewhere I found a commandline JAVA_VERSION=7 java -cp ./avctKVM.jar com.avocent.idrac.kvm.Main (plus the site-specific data), and then the thing opens a window with the full-featured server console, all bios accessible. I have no idea what this does and how it works, but it does work, and it's what I need.

So what do I do now, when I want to run my desktop on 13.1? Sure, I could run some jail or bhyve on Rel.12 - for as long as 12 may exist. And then? Because for certain I will keep these servers for as long as the hoster does offer them - they are reliable, they are cheap and they are real metal, and half of them already support UG - and I don't know of any newer hardware feature that one would essentially need.
I really don't see why I should pay twice or thrice as much for newer metal only because some java decides to be no longer supported. :(
 
What version of Java are you using on 12? Try java -version. What version are the .class files in avctKVM.jar? Jar files are just zip files, and the jar(1) tool takes options similar to tar(1). You can look for the bytecode version using file(1) as discussed in this Stackoverflow answer:
 
OP
PMc

PMc

What version of Java are you using on 12?
The one that gets installed from java/openjdk7 from quarterly. Currently (as of 2022Q2) it reports:
Code:
$ JAVA_VERSION=7 java -version
openjdk version "1.7.0_261"
OpenJDK Runtime Environment (build 1.7.0_261-b)
OpenJDK 64-Bit Server VM (build 24.95-b-internal, mixed mode)

What version are the .class files in avctKVM.jar? Jar files are just zip files, and the jar(1) tool takes options similar to tar(1). You can look for the bytecode version using file(1) as discussed in this Stackoverflow answer:
Code:
$ file com/avocent/idrac/kvm/Main.class 
com/avocent/idrac/kvm/Main.class:  [64-bit architecture=12810] [architecture=327735] [architecture=3803648] [architecture=16128] [architecture=655429]

$ JAVA_VERSION=7 javap -v com/avocent/idrac/kvm/Main.class |  grep major
  major version: 50

$ head META-INF/MANIFEST.MF
Manifest-Version: 1.0
Build-Time: ${DSTAMP} ${TSTAMP}
Ant-Version: Apache Ant 1.6.5
Implementation-Title: ${ComponentName}
Implementation-Version: ${BuildVersion}
Built-By: Avocent Corporation
Permissions: all-permissions
Created-By: 23.25-b01 (Sun Microsystems Inc.)
 

SirDice

Administrator
Staff member
Administrator
Moderator
Now this looks like real pain, because without Java 7 I cannot access my servers. They are core-i v1+2 and perfectly fine, but they use a thing called IDRAC, and that requires Java 7, and, according to some hard-to-find online discussions, it cannot or won't be upgraded.
What exactly is the error you're getting if you try to use Java 8? I have a bunch of old SuperMicro servers that require Java for their IPMI access. But I have to enable a couple of legacy encryption algorithms. Newer versions of Java 8 disabled a bunch of the old SSLv1, v2, v3 and TLS1.0 algorithms, but these old beasts are still using those. Can't upgrade the IPMI firmware anymore either.
 
  • Thanks
Reactions: PMc
OP
PMc

PMc

What exactly is the error you're getting if you try to use Java 8?
Connection failed.
It's no useful information, I get the same when the firewall blocks. I looked into tcpdump, it starts talking, sends a few "P" packets, gets a few replies, and then the connection is closed again.

I have a bunch of old SuperMicro servers that require Java for their IPMI access. But I have to enable a couple of legacy encryption algorithms. Newer versions of Java 8 disabled a bunch of the old SSLv1, v2, v3 and TLS1.0 algorithms, but these old beasts are still using those. Can't upgrade the IPMI firmware anymore either.
Wow. That is plausible. Would You tell me how You do that, for Java?
 
$ JAVA_VERSION=7 javap -v com/avocent/idrac/kvm/Main.class | grep major
major version: 50
Ugh, so it's actually a Java 6 binary. You might be out of luck.

The fact that it does send some packets suggets SirDice might be on to something. I hope enabling the old TLS versions works for you!
 
OP
PMc

PMc

What exactly is the error you're getting if you try to use Java 8? I have a bunch of old SuperMicro servers that require Java for their IPMI access. But I have to enable a couple of legacy encryption algorithms. Newer versions of Java 8 disabled a bunch of the old SSLv1, v2, v3 and TLS1.0 algorithms, but these old beasts are still using those. Can't upgrade the IPMI firmware anymore either.
This was a wonderful idea, I would never have imagined that, and it indeed works. Thanks a lot!

But I just disabled that whole jdk.tls.disabledAlgorithms line. Not very secure obviously, so be careful when using that Java for other purposes.
I tried to improve this. In my case what IDRAC needs enabled is RC4.

And, this can be configured individually from the commandline for only the current invocation. It's explained here: https://dzone.com/articles/how-override-java-security

What I did not manage to achieve is icedtea. It should work with Java-8, but I could not find a place where to put the extra commandline option in.
 
This is the trick I used: https://www.qvera.com/kb/index.php/2689/how-to-re-enable-tlsv1-and-tlsv1-1-in-java-8

But I just disabled that whole jdk.tls.disabledAlgorithms line. Not very secure obviously, so be careful when using that Java for other purposes.
Would you mind sharing your setup for accessing supermicro hosts with iKVM.jar? I know I had iKVM working previously, but I had attempted so many different things, I didn't bother to track which one worked.. now I'm pulling my hair out trying to get back to a remote datacenter.... I'm nearing installation of Windows XP just to get the shitty old JRE installed that works..

Current state of things:
  • Native pkg installed openjdk 8, 11, and 17 have issues with libm.so.6 that if I provide proper linkage, breaks libc linkage...
  • openjdk7 appears to no longer be available.
  • I have the ikvm package installed in /compat/linux/opt/IPMIView... and tried using the provided jre.. with and without a chroot, the java executable just halts... no response, no error... ctrl-c breaks out.
  • Tried manually updated the port to install jre 8u351 (8u241 is whats in the tree today) in /usr/local/linux-oracle-jre18 ... java provides no response just like with iKVM packaged jre
I'm banging my head against the wall here... I am almost certain I had this working inside the linuxulator using the builtin jre on 12.1-RELEASE. The lack of response from both the oracle.com sourced linux JRE and the inbuilt one has me very curious something else outside of my vision is causing me fits. Any help is appreciated.
 
I'm banging my head against the wall here... I am almost certain I had this working inside the linuxulator using the builtin jre on 12.1-RELEASE. The lack of response from both the oracle.com sourced linux JRE and the inbuilt one has me very curious something else outside of my vision is causing me fits. Any help is appreciated.

Alright, to follow up on my own post, IPMIView2 appears to work with the following configuration on FreeBSD 13.1:

Download IPMIView_2.18.0_build.201007_bundleJRE_Linux_x64.tar.gz
Bash:
pkg install openjdk17-jre
vim /usr/local/openjdk17-jre/conf/security/java.security    # and comment out the line starting with "jdk.tls.disabledAlgorithms"
tar xvf IPMIView_2.18.0_build.201007_bundleJRE_Linux_x64.tar.gz
cd IPMIView2
java -Djava.library.path=. -jar IPMIView.jar
I still can't get iKVM.jar to work.. it fails with an error about libiKVM64.so not being able to resolve a dependancy on libm.so.6. But this got me back in business, so I figured I would share.

Also, if after I posted this, I read up on ipmitool (which is in the pkg management system on fbsd.) Nearly all my sessions are textual in nature and so the need for a graphics session via KVM is almost non-existant (except in scenarios where you want to modify BIOS maybe?) Anyhow, the following is how to attach to the console via impitool's sol (serial over lan) connection.

Bash:
ipmitool -I lanplus -H ${IP} -U ${USER} sol activate

when presented with a password prompt, login with the same credential as if you were logging into the IPMI interface in the web browser. Glorious it is!
 
Top