Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

keytool -importcert failing on new maven:3.8.5-eclipse-temurin-11 #281

Open
ghost opened this issue May 27, 2022 · 14 comments
Open

keytool -importcert failing on new maven:3.8.5-eclipse-temurin-11 #281

ghost opened this issue May 27, 2022 · 14 comments

Comments

@ghost
Copy link

ghost commented May 27, 2022

I have already opened an issue with the base image repo (eclipse-temurin:11-jdk). See adoptium/containers#215

However, I would like to communicate the issue here as well.

Since the switch to ubuntu jammy I am getting the following error;

RUN keytool -importcert -noprompt -file /usr/local/share/ca-certificates/extra/rootca.crt -cacerts -storepass changeit -alias 'custom root ca'
[0.004s][warning][os,thread] Failed to start thread - pthread_create failed (EPERM) for attributes: stacksize: 1024k, guardsize: 4k, detached.
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Cannot create worker GC thread. Out of system resources.
# An error report file with more information is saved as:
# //hs_err_pid6.log
The command '/bin/sh -c keytool -importcert -noprompt -file /usr/local/share/ca-certificates/extra/rootca.crt -cacerts -storepass changeit -alias 'root ca'' returned a non-zero code: 1
@ghost
Copy link
Author

ghost commented May 27, 2022

Would love it if you could offer a maven:3.8.5-eclipse-temurin-11-focal to offer a transition period. Updating the OS is causing some other breaking changes (I am using an internal mirror for apt packages which is not ready for jammy yet)

This issue also applies to :3.8.5-eclipse-temurin-17

@sjerman
Copy link

sjerman commented May 27, 2022

Hi, I'm also several similar errors...

  • Can't start embedded mongo for tests.
  • Can't run node to build
  • Also get GC errors which didn't happen before.

@carlossg
Copy link
Owner

if you create a PR with 8,11,17,18 -focal dirs following https://github.com/carlossg/docker-maven#adding-new-images those can be added

@carlossg
Copy link
Owner

you can also use the SHAs and prevent these problems

@ghost
Copy link
Author

ghost commented May 27, 2022

Thanks. I do enjoy the auto-updates in non-breaking cases ;)

I will open a PR soon

@carlossg
Copy link
Owner

or use the csanchez/maven or ghcr.io/carlossg/maven which are not yet updated

@ghost
Copy link
Author

ghost commented May 27, 2022

I changed my mind. I will start using the sha256 for now.

Not sure how to find it exactly, but my latest working build using :3.8.5-eclipse-temurin-11 has sha256:00817113dff3ca25a6a79829712653a6b87124a3704bdbb228105a3c9c177192

When updating my Dockerfile to the following everything is working again

# :3.8.5-eclipse-temurin-11 before upgrade to ubuntu jammy
# see https://github.com/carlossg/docker-maven/issues/281
FROM maven@sha256:00817113dff3ca25a6a79829712653a6b87124a3704bdbb228105a3c9c177192

Hopefully adoptium/containers#215 will find a fix for the issues in jammy soon, then I will be happy to upgrade

@ghost
Copy link
Author

ghost commented May 27, 2022

And for jdk17

# :3.8.5-eclipse-temurin-17 before upgrade to ubuntu jammy
# see https://github.com/carlossg/docker-maven/issues/281
FROM maven@sha256:93696354d3a7556ee08145a8975110abacc8966ec3b74699c1c7cee556c28442

@ghost ghost mentioned this issue May 30, 2022
@ghost
Copy link
Author

ghost commented May 30, 2022

@carlossg I am having troubles locating the sha256 of the :3.8.5-eclipse-temurin-8 before the upgrade to jammy, would you know a method to find it? Thanks.

@carlossg
Copy link
Owner

For Docker official images in DockerHub I do not, sorry. Asked in docker-library/official-images#12516 (comment)

For csanchez/maven or ghcr.io/carlossg/maven those are not yet updated so you could use them and also get the sha

@carlossg
Copy link
Owner

The solution is to upgrade Docker, see adoptium/containers#215 (comment)

@carlossg
Copy link
Owner

@bentatham
Copy link
Contributor

For convenience altogether, these are the old digests using focal:

maven:3.8.5-eclipse-temurin-8 sha256:dbed61d12da665aa026c8242def953257df88fc0b7b49bdb63b626e773299f19
maven:3.8.5-eclipse-temurin-11 sha256:00817113dff3ca25a6a79829712653a6b87124a3704bdbb228105a3c9c177192
maven:3.8.5-eclipse-temurin-17 sha256:93696354d3a7556ee08145a8975110abacc8966ec3b74699c1c7cee556c28442

@bentatham
Copy link
Contributor

I can confirm that using docker engine 20.10.15, the problem goes away (at least for the case described in #283 ) (It was failing for us on Bitbucket Pipelines - but, via very efficient support from Bitbucket, they updated the docker engine to 20.10.15 and now our builds pass on the jammy-based images)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants