Closed
Description
Hello,
I have a docker file that builds openjdk:8-jdk-alpine based images. When updating the image internally (from the docker file) using apk update && apk upgrade
, and running my (spring-boot) app, it throws java.io.IOException: Error loading shared library libnss3.so: No such file or directory
. However; after removing the apk update && apk upgrade
and building the image again, the app runs smoothly.
I have logged into my images in both cases, and made sure that the file wasn't there on the first case, and was there after removing apk update && apk upgrade
. In the later case, it was located in /usr/lib/
Is this a bug, or can you please inform me of what I might be missing ?
Activity
gato commentedon Mar 17, 2019
same here
mike-treadway commentedon Mar 18, 2019
I'm basing my image on
node:10-alpine
, which is based onalpine:3.9
. Neither my docker file nor thenode:10-alpine
are doing anapk update
and I'm still having this problem.It's unclear what the work around is at this point. I hope this gets fixed soon.
gato commentedon Mar 18, 2019
so far i've have fixed the issue by doing
on my Dockerfile, that install the missing .so file, but i don't know why it was present before and not now
danielgrant commentedon Mar 18, 2019
We've also just been hit with this. We execute an
apk update && apk upgrade
during each build of our image, and today we've started getting the following error during start up of our Tomcat application:The root cause appears to be the PostgreSQL driver establishing an SSL connection to an RDS endpoint.
Here's the output from our
apk upgrade
:I'm not sure which of the upgraded packages is causing APK to purge
nss
, but following up withapk add --no-cache nss
seems to bring it back.Edit: should probably add that we're targeting
openjdk:8-alpine
, which is pullingsha256:d2e2716147d1f7fe73b1a9f72a9cff7a7aa92d32eb8de4fffbfddc596e004984
.wglambert commentedon Mar 18, 2019
Looks like someone filed a bug upstream about this https://bugs.alpinelinux.org/issues/10126
wglambert commentedon Mar 18, 2019
Probing the issue; I'm not so sure this is a bug with
apk
, perhaps something withopenjdk8-jre-base
dependenciesAs a side note doing an
apk upgrade
goes against best practices for a couple reasons; it's reproducibility is temporally dependent, and it can yield unpredictable results without knowledge of what each package is updating or perhaps deprecating, which goes against the container's immutability.mohannadj commentedon Mar 19, 2019
Thank you guys for your feedback,
@wglambert , The problem is that we are updating
apk
; expecting that it wouldn't remove a system file that is required by whatever underlying system that might be using it, hence the bug. Didn't test it yet, but using theunzip
tool also seemed to be affected by the upgrade.I think the safest approach for now is to follow @gato 's recommendation, or find the last working openjdk image as what @danielgrant has mentioned. I remember pulling the latest (upgraded) working image around last Friday, maybe I'll start there.
Saying that, I don't think that this is a solution; but rather a workaround. Since this is my first time logging an issue here, do you think that we should close this one as it was already logged upstream ?
wunderkind2k1 commentedon Mar 19, 2019
Just want to say having had the same problem this solution worked perfectly for us.
danielgrant commentedon Mar 19, 2019
Taking a quick look between version
8.201.08-r0
ofopenjdk8-jre-base
that is currently being installed byapk upgrade
(https://pkgs.alpinelinux.org/package/v3.6/community/x86_64/openjdk8-jre-base) and version8.181.13-r0
(https://pkgs.alpinelinux.org/package/v3.5/community/x86_64/openjdk8-jre-base), it looks likenss
was dropped from the list of dependencies - you can see this by expanding out "Dependencies" on those pages.I wonder if this was caused by increasing the version of IcedTea from
3.10.0
to3.11.0
, I'm looking specifically at this entry the changelog (https://mail.openjdk.java.net/pipermail/distro-pkg-dev/2019-March/041223.html):Fix missing NSS file in alpine docker - based on the issue found here:
Fix bug: Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so (
Quick fix for docker-library/openjdk#289 (comment)
20 remaining items