keycloak: CRC errors on keycloak 17.0.1

[RaitoBezarius]

Describe the bug

It is impossible to enable Keycloak ≥ 17.0.1 at the moment with the NixOS module, as the confFile seems to introduce CRC errors after Quarkus augmentation process.

Steps To Reproduce

Steps to reproduce the behavior:

1. services.keycloak.enable = true;
2. nixos-rebuild switch
3. failure.

Expected behavior

Building Keycloak with the configuration file should not introduce CRC errors.

Screenshots

2022-04-26 23:22:29,709 INFO  [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 41351ms
building '/nix/store/g4ly72sp0qrh72g0f0vk1mwwnxdfz311-stage-2-init.sh.drv'...
ERROR: Failed to run 'build' command.
ERROR: Failed to update server configuration.
ERROR: Failed to load persisted properties from /build/source/bin/../lib/quarkus/generated-bytecode.jar
ERROR: invalid entry CRC (expected 0x6480a055 but got 0xda0e3380)
For more details run the same command passing the '--verbose' option. Also you can use '--help' to see the details about the usage of the particular command.
error: builder for '/nix/store/h0fc0f8b2hh1xmwbv5d30si2lx5f71a3-keycloak-17.0.1.drv' failed with exit code 1
error: 1 dependencies of derivation '/nix/store/zrzjbw3agf1vy9193wrmlv7qjsmw6nql-system-path.drv' failed to build
error (ignored): error: cannot unlink '/tmp/nix-build-acme-dns-0.8.drv-3/go-build3786141733': Directory not empty
error: 1 dependencies of derivation '/nix/store/h5sc8gg3i90vi047zcwlmj7mk69h1x7s-unit-keycloak.service.drv' failed to build
error: 1 dependencies of derivation '/nix/store/wjgjk18p8i5cg4i2hmj4n2ydrf8d6g0q-nixos-system-core-services-01-22.05.git.7f4a8f37d46.drv' failed to build

is quite precise.

Additional context

This might be related to some JRE runtimes issues with some precise Java versions, I'm trying the "default" one on nixpkgs-unstable-small and adoptjdk-open-jre (v11), and will try more in the future.

Notify maintainers

@talyz

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"x86_64-linux"`
 - host os: `Linux 5.15.34, NixOS, 22.05 (Quokka), 22.05pre369756.75ad56bdc92`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.8.0pre20220411_f7276bc`
 - channels(root): `"home-manager, nixos, sops-nix"`
 - channels(raito): `"home-manager, nixgl, nixpkgs-21.11pre319254.b5182c214fa"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Not relevant to this problem as this is on a target server, the right nixpkgs revision is: 7f4a8f37d4621b27fc0c4eeb3880ecf1cb055371

[RaitoBezarius]

Hm, I'm able to reproduce the tests, trying on the target server to understand better.
It seems like my precise configuration is preventing the package to be built.

EDIT: can reproduce the test on the server too…

[RaitoBezarius]

Minimized the issue to the missing parameters sslCertificate and sslCertificateKey, when they are missing, it fails with the error above.

This can be reproduced with: https://clbin.com/bMYYg by doing nix-build thisfile.nix -A postgres where thisfile.nix is the file containing the previous paste.

[RaitoBezarius]

Here's a more complete stacktrace with --verbose:

2022-04-27 00:48:55,877 INFO  [io.quarkus.deployment.QuarkusAugmentor] (main) Quarkus augmentation completed in 12812ms
ERROR: Failed to run 'build' command.
Error details:
picocli.CommandLine$ExecutionException: Failed to update server configuration.
        at org.keycloak.quarkus.runtime.Messages.cliExecutionError(Messages.java:51)
        at org.keycloak.quarkus.runtime.cli.command.AbstractCommand.executionError(AbstractCommand.java:36)
        at org.keycloak.quarkus.runtime.cli.command.Build.run(Build.java:83)
        at picocli.CommandLine.executeUserObject(CommandLine.java:1939)
        at picocli.CommandLine.access$1300(CommandLine.java:145)
        at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(CommandLine.java:2358)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2352)
        at picocli.CommandLine$RunLast.handle(CommandLine.java:2314)
        at picocli.CommandLine$AbstractParseResultHandler.execute(CommandLine.java:2179)
        at picocli.CommandLine$RunLast.execute(CommandLine.java:2316)
        at picocli.CommandLine.execute(CommandLine.java:2078)
        at org.keycloak.quarkus.runtime.cli.Picocli.parseAndRun(Picocli.java:88)
        at org.keycloak.quarkus.runtime.KeycloakMain.main(KeycloakMain.java:77)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:568)
        at io.quarkus.bootstrap.runner.QuarkusEntryPoint.doRun(QuarkusEntryPoint.java:60)
        at io.quarkus.bootstrap.runner.QuarkusEntryPoint.main(QuarkusEntryPoint.java:31)
Caused by: java.lang.ExceptionInInitializerError
        at org.keycloak.quarkus.runtime.configuration.Configuration.getRawPersistedProperty(Configuration.java:73)
        at org.keycloak.quarkus.runtime.configuration.Configuration.getBuildTimeProperty(Configuration.java:53)
        at org.keycloak.quarkus.runtime.Environment.isDevMode(Environment.java:140)
        at org.keycloak.quarkus.runtime.cli.command.Build.run(Build.java:78)
        ... 16 more
Caused by: java.lang.RuntimeException: Failed to load persisted properties from /build/source/bin/../lib/quarkus/generated-bytecode.jar
        at org.keycloak.quarkus.runtime.configuration.PersistedConfigSource.loadPersistedConfig(PersistedConfigSource.java:120)
        at org.keycloak.quarkus.runtime.configuration.PersistedConfigSource.readProperties(PersistedConfigSource.java:72)
        at org.keycloak.quarkus.runtime.configuration.PersistedConfigSource.<init>(PersistedConfigSource.java:47)
        at org.keycloak.quarkus.runtime.configuration.PersistedConfigSource.<clinit>(PersistedConfigSource.java:44)
        ... 20 more
Caused by: java.util.zip.ZipException: invalid entry CRC (expected 0x87e87309 but got 0x3966e0dc)
        at java.base/java.util.zip.ZipInputStream.readEnd(ZipInputStream.java:409)
        at java.base/java.util.zip.ZipInputStream.read(ZipInputStream.java:198)
        at java.base/java.util.zip.ZipInputStream.closeEntry(ZipInputStream.java:142)
        at java.base/java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:120)
        at org.keycloak.quarkus.runtime.configuration.PersistedConfigSource.loadPersistedConfig(PersistedConfigSource.java:114)
        ... 23 more

[talyz]

I'm not able to reproduce this in nixos-unstable, but it looks like this issue was/is caused by madler/zlib#618 and could be fixed by madler/zlib@ec3df00. Are you still experiencing this? If so, we should try pulling in the patch.

[RaitoBezarius]

@talyz I confirm I still run into this bug.

[talyz]

Okay, with what nixpkgs commit? Can you update the reproducer config to trigger the failure once again?

[RaitoBezarius]

Okay, with what nixpkgs commit? Can you update the reproducer config to trigger the failure once again?

• https://drone.rz.ens.wtf/Klub-RZ/infrastructure/60 (22.11 - f6c4da4)
• https://drone.rz.ens.wtf/Klub-RZ/infrastructure/59 (22.05 release)

I will try to minimize the issue again, but I tried quickly, to no avail recently so for now, I will try the zlib patch.
Then, if it fixes it, I will try to minimize the issue and produce an unexpected failing test.

[RaitoBezarius]

Okay, it does look like the zlib patch fixes the issue, though I cannot build the closure, I have failures on… some derivation, which is difficult to read due to the way nix-build output logs.

FIX: that was a temporary issue due to resource exhaustion, it completely fixes my issue.

[talyz]

Okay, great! Can you prepare a PR applying the patch?

[RaitoBezarius]

Closed in #177053 and its backports variants.