Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8219823

SIGSEGV error when adding to cacerts keyfile

    Details

      Description

      ADDITIONAL SYSTEM INFORMATION :
      # JRE version: Java(TM) SE Runtime Environment (11.0.2+9) (build 11.0.2+9-LTS)
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.0.2+9-LTS, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)

      A DESCRIPTION OF THE PROBLEM :
      During a docker build, Call a script that: Run command: /usr/bin/keytool -import -file $FILES/$f -alias $f -keystore $JAVA_HOME/lib/security/cacerts -noprompt -storepass changeit -trustcacerts to add our ca-certificates to the cacerts keystore.
      Processing tgt-ca-bundle.crt file...
      Warning: use -cacerts option to access cacerts keystore
      Certificate was added to keystore
      #
      [thread 14 also had an error]
      # A fatal error has been detected by the Java Runtime Environment:
      #
      Processing tgt-ca-bundle.crt file...
      Warning: use -cacerts option to access cacerts keystore
      Certificate was added to keystore


      # SIGSEGV (0xb)[thread 15 also had an error]
       at pc=0x00007fdc05a14ba1, pid=9, tid=24.....[thread 12 also had an error]
      # Problematic frame:
      # C [libc.so.6+0x117ba1]

      ERROR MESSAGES/STACK TRACES THAT OCCUR :
      Step 5/6 : COPY jdk-11/importCertsJDK.sh /tmp/importCertsJDK.sh
       ---> 09c0c0dd119d
      Step 6/6 : RUN chmod 755 /tmp/importCertsJDK.sh && sleep 1 && /tmp/importCertsJDK.sh
       ---> Running in 735ac0a7543d
      Processing tgt-ca-bundle.crt file...
      Warning: use -cacerts option to access cacerts keystore
      Certificate was added to keystore
      #
      [thread 14 also had an error]
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGSEGV (0xb)[thread 15 also had an error]
       at pc=0x00007fdc05a14ba1, pid=9, tid=24
      #
      # JRE version: Java(TM) SE Runtime Environment (11.0.2+9) (build 11.0.2+9-LTS)
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.0.2+9-LTS, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
      [thread 12 also had an error]
      # Problematic frame:
      # C [libc.so.6+0x117ba1]
      #
      # No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
      #
      # An error report file with more information is saved as:
      # //hs_err_pid9.log
      #
      # If you would like to submit a bug report, please visit:
      # http://bugreport.java.com/bugreport/crash.jsp
      #
      Aborted
      The command '/bin/sh -c chmod 755 /tmp/importCertsJDK.sh && sleep 1 && /tmp/importCertsJDK.sh' returned a non-zero code: 134

      REGRESSION : Last worked in version 11.0.2

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Docker build starting with alpine3:3.9. Installed Oracle JDK - ENV JAVA_VERSION=11 \
          JAVA_UPDATE=0 \
          JAVA_UPDATE2=0.2 \
          JAVA_BUILD=2+9 \
          JAVA_PATH=f51449fcd52f4d52b93a989c5c56ed3c \
          LANG=C.UTF-8 \
          JAVA_HOME="/usr/lib/jvm/default-jvm"
      Runs script:
      FILES="/usr/local/share/ca-certificates"

      for f in $(ls $FILES);
      do
        echo "Processing $f file..."
        # take action on each file. $f store current file name
        # cat $FILES/$f

        /usr/bin/keytool -import -file $FILES/$f -alias $f -keystore $JAVA_HOME/lib/security/cacerts -noprompt -storepass changeit -trustcacerts
      done


      ACTUAL -
      Processing tgt-ca-bundle.crt file...
      Warning: use -cacerts option to access cacerts keystore
      Certificate was added to keystore
      #
      [thread 14 also had an error]
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGSEGV (0xb)[thread 15 also had an error]
       at pc=0x00007fdc05a14ba1, pid=9, tid=24
      #
      # JRE version: Java(TM) SE Runtime Environment (11.0.2+9) (build 11.0.2+9-LTS)
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (11.0.2+9-LTS, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
      [thread 12 also had an error]
      # Problematic frame:
      # C [libc.so.6+0x117ba1]
      #
      # No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
      #
      # An error report file with more information is saved as:
      # //hs_err_pid9.log
      #
      # If you would like to submit a bug report, please visit:
      # http://bugreport.java.com/bugreport/crash.jsp
      #
      Aborted
      The command '/bin/sh -c chmod 755 /tmp/importCertsJDK.sh && sleep 1 && /tmp/importCertsJDK.sh' returned a non-zero code: 134

      ---------- BEGIN SOURCE ----------
      FROM docker.target.com/edabi-infra/edabi-base-alpine3:3.9 *** Image from docker hub

      # First add glibc
      RUN ALPINE_GLIBC_BASE_URL="https://github.com/sgerrand/alpine-pkg-glibc/releases/download" && \
          ALPINE_GLIBC_PACKAGE_VERSION="2.28-r0" && \
          ALPINE_GLIBC_BASE_PACKAGE_FILENAME="glibc-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
          ALPINE_GLIBC_BIN_PACKAGE_FILENAME="glibc-bin-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
          ALPINE_GLIBC_I18N_PACKAGE_FILENAME="glibc-i18n-$ALPINE_GLIBC_PACKAGE_VERSION.apk" && \
          apk add --no-cache --virtual=.build-dependencies wget ca-certificates && \
          echo \
              "-----BEGIN PUBLIC KEY-----\
              MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ2u1KJKUu/fW4A25y9m\
              y70AGEa/J3Wi5ibNVGNn1gT1r0VfgeWd0pUybS4UmcHdiNzxJPgoWQhV2SSW1JYu\
              tOqKZF5QSN6X937PTUpNBjUvLtTQ1ve1fp39uf/lEXPpFpOPL88LKnDBgbh7wkCp\
              m2KzLVGChf83MS0ShL6G9EQIAUxLm99VpgRjwqTQ/KfzGtpke1wqws4au0Ab4qPY\
              KXvMLSPLUp7cfulWvhmZSegr5AdhNw5KNizPqCJT8ZrGvgHypXyiFvvAH5YRtSsc\
              Zvo9GI2e2MaZyo9/lvb+LbLEJZKEQckqRj4P26gmASrZEPStwc+yqy1ShHLA0j6m\
              1QIDAQAB\
              -----END PUBLIC KEY-----" | sed 's/ */\n/g' > "/etc/apk/keys/sgerrand.rsa.pub" && \
          wget \
              "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
              "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
              "$ALPINE_GLIBC_BASE_URL/$ALPINE_GLIBC_PACKAGE_VERSION/$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \
          apk add --no-cache \
              "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
              "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
              "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME" && \
          \
          rm "/etc/apk/keys/sgerrand.rsa.pub" && \
          /usr/glibc-compat/bin/localedef --force --inputfile POSIX --charmap UTF-8 "$LANG" || true && \
          echo "export LANG=$LANG" > /etc/profile.d/locale.sh && \
          \
          apk del glibc-i18n && \
          \
          rm "/root/.wget-hsts" && \
          apk del .build-dependencies && \
          rm \
              "$ALPINE_GLIBC_BASE_PACKAGE_FILENAME" \
              "$ALPINE_GLIBC_BIN_PACKAGE_FILENAME" \
              "$ALPINE_GLIBC_I18N_PACKAGE_FILENAME"

      # Install Oracle JDK
      ENV JAVA_VERSION=11 \
          JAVA_UPDATE=0 \
          JAVA_UPDATE2=0.2 \
          JAVA_BUILD=2+9 \
          JAVA_PATH=f51449fcd52f4d52b93a989c5c56ed3c \
          LANG=C.UTF-8 \
          JAVA_HOME="/usr/lib/jvm/default-jvm"

      RUN apk add --no-cache --virtual=build-dependencies unzip && \
          cd "/tmp" && \
          wget --header "Cookie: oraclelicense=accept-securebackup-cookie;" \
              "http://download.oracle.com/otn-pub/java/jdk/${JAVA_VERSION}.${JAVA_UPDATE}.${JAVA_BUILD}/${JAVA_PATH}/jdk-${JAVA_VERSION}.${JAVA_UPDATE2}_linux-x64_bin.tar.gz" && \
          tar -xzf "jdk-${JAVA_VERSION}.${JAVA_UPDATE2}_linux-x64_bin.tar.gz" && \
          mkdir -p "/usr/lib/jvm" && \
          mv "/tmp/jdk-${JAVA_VERSION}.${JAVA_UPDATE2}" "/usr/lib/jvm/java-${JAVA_VERSION}-oracle" && \
          ln -s "java-${JAVA_VERSION}-oracle" "$JAVA_HOME" && \
          ln -s "$JAVA_HOME/bin/"* "/usr/bin/" && \
          rm -rf "$JAVA_HOME/"*src.zip && \
          rm -rf "$JAVA_HOME/lib/missioncontrol" \
                 "$JAVA_HOME/lib/visualvm" \
                 "$JAVA_HOME/lib/"*javafx* \
                 "$JAVA_HOME/jre/lib/plugin.jar" \
                 "$JAVA_HOME/jre/lib/ext/jfxrt.jar" \
                 "$JAVA_HOME/jre/bin/javaws" \
                 "$JAVA_HOME/jre/lib/javaws.jar" \
                 "$JAVA_HOME/jre/lib/desktop" \
                 "$JAVA_HOME/jre/plugin" \
                 "$JAVA_HOME/jre/lib/"deploy* \
                 "$JAVA_HOME/jre/lib/"*javafx* \
                 "$JAVA_HOME/jre/lib/"*jfx* \
                 "$JAVA_HOME/jre/lib/amd64/libdecora_sse.so" \
                 "$JAVA_HOME/jre/lib/amd64/"libprism_*.so \
                 "$JAVA_HOME/jre/lib/amd64/libfxplugins.so" \
                 "$JAVA_HOME/jre/lib/amd64/libglass.so" \
                 "$JAVA_HOME/jre/lib/amd64/libgstreamer-lite.so" \
                 "$JAVA_HOME/jre/lib/amd64/"libjavafx*.so \
                 "$JAVA_HOME/jre/lib/amd64/"libjfx*.so && \
          rm -rf "$JAVA_HOME/jre/bin/jjs" \
                 "$JAVA_HOME/jre/bin/keytool" \
                 "$JAVA_HOME/jre/bin/orbd" \
                 "$JAVA_HOME/jre/bin/pack200" \
                 "$JAVA_HOME/jre/bin/policytool" \
                 "$JAVA_HOME/jre/bin/rmid" \
                 "$JAVA_HOME/jre/bin/rmiregistry" \
                 "$JAVA_HOME/jre/bin/servertool" \
                 "$JAVA_HOME/jre/bin/tnameserv" \
                 "$JAVA_HOME/jre/bin/unpack200" \
                 "$JAVA_HOME/jre/lib/ext/nashorn.jar" \
                 "$JAVA_HOME/jre/lib/jfr.jar" \
                 "$JAVA_HOME/jre/lib/jfr" \
                 "$JAVA_HOME/jre/lib/oblique-fonts" && \
        # wget --header "Cookie: oraclelicense=accept-securebackup-cookie;" \
        # "http://download.oracle.com/otn-pub/java/jce/${JAVA_VERSION}/jce_policy-${JAVA_VERSION}.zip" && \
        # unzip -jo -d "${JAVA_HOME}/jre/lib/security" "jce_policy-${JAVA_VERSION}.zip" && \
        # rm "${JAVA_HOME}/jre/lib/security/README.txt" && \
          apk del build-dependencies && \
          rm "/tmp/"*

      # Import Target CA Certs into Java keystore
      COPY jdk-11/importCertsJDK.sh /tmp/importCertsJDK.sh
      RUN chmod 755 /tmp/importCertsJDK.sh \
       && sleep 1 \
       && /tmp/importCertsJDK.sh
      ---------- END SOURCE ----------

      FREQUENCY : always


        Attachments

          Activity

            People

            • Assignee:
              psonal Pallavi Sonal (Inactive)
              Reporter:
              webbuggrp Webbug Group
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: