keytool -importcert failing on new maven:3.8.5-eclipse-temurin-11
gmolkvk opened this issue · 14 comments
I have already opened an issue with the base image repo (eclipse-temurin:11-jdk). See adoptium/containers#215
However, I would like to communicate the issue here as well.
Since the switch to ubuntu jammy I am getting the following error;
RUN keytool -importcert -noprompt -file /usr/local/share/ca-certificates/extra/rootca.crt -cacerts -storepass changeit -alias 'custom root ca'
[0.004s][warning][os,thread] Failed to start thread - pthread_create failed (EPERM) for attributes: stacksize: 1024k, guardsize: 4k, detached.
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Cannot create worker GC thread. Out of system resources.
# An error report file with more information is saved as:
# //hs_err_pid6.log
The command '/bin/sh -c keytool -importcert -noprompt -file /usr/local/share/ca-certificates/extra/rootca.crt -cacerts -storepass changeit -alias 'root ca'' returned a non-zero code: 1
Would love it if you could offer a maven:3.8.5-eclipse-temurin-11-focal to offer a transition period. Updating the OS is causing some other breaking changes (I am using an internal mirror for apt packages which is not ready for jammy yet)
This issue also applies to :3.8.5-eclipse-temurin-17
Hi, I'm also several similar errors...
- Can't start embedded mongo for tests.
- Can't run node to build
- Also get GC errors which didn't happen before.
if you create a PR with 8,11,17,18 -focal dirs following https://github.com/carlossg/docker-maven#adding-new-images those can be added
you can also use the SHAs and prevent these problems
Thanks. I do enjoy the auto-updates in non-breaking cases ;)
I will open a PR soon
or use the csanchez/maven or ghcr.io/carlossg/maven which are not yet updated
I changed my mind. I will start using the sha256 for now.
Not sure how to find it exactly, but my latest working build using :3.8.5-eclipse-temurin-11 has sha256:00817113dff3ca25a6a79829712653a6b87124a3704bdbb228105a3c9c177192
When updating my Dockerfile to the following everything is working again
# :3.8.5-eclipse-temurin-11 before upgrade to ubuntu jammy
# see https://github.com/carlossg/docker-maven/issues/281
FROM maven@sha256:00817113dff3ca25a6a79829712653a6b87124a3704bdbb228105a3c9c177192
Hopefully adoptium/containers#215 will find a fix for the issues in jammy soon, then I will be happy to upgrade
And for jdk17
# :3.8.5-eclipse-temurin-17 before upgrade to ubuntu jammy
# see https://github.com/carlossg/docker-maven/issues/281
FROM maven@sha256:93696354d3a7556ee08145a8975110abacc8966ec3b74699c1c7cee556c28442
@carlossg I am having troubles locating the sha256 of the :3.8.5-eclipse-temurin-8 before the upgrade to jammy, would you know a method to find it? Thanks.
For Docker official images in DockerHub I do not, sorry. Asked in docker-library/official-images#12516 (comment)
For csanchez/maven or ghcr.io/carlossg/maven those are not yet updated so you could use them and also get the sha
The solution is to upgrade Docker, see adoptium/containers#215 (comment)
Looks like you can find the previous shas here
https://github.com/docker-library/repo-info/commits/master/repos/maven/remote/3.8.5-eclipse-temurin-8.md
For convenience altogether, these are the old digests using focal:
maven:3.8.5-eclipse-temurin-8 sha256:dbed61d12da665aa026c8242def953257df88fc0b7b49bdb63b626e773299f19
maven:3.8.5-eclipse-temurin-11 sha256:00817113dff3ca25a6a79829712653a6b87124a3704bdbb228105a3c9c177192
maven:3.8.5-eclipse-temurin-17 sha256:93696354d3a7556ee08145a8975110abacc8966ec3b74699c1c7cee556c28442
I can confirm that using docker engine 20.10.15, the problem goes away (at least for the case described in #283 ) (It was failing for us on Bitbucket Pipelines - but, via very efficient support from Bitbucket, they updated the docker engine to 20.10.15 and now our builds pass on the jammy-based images)