Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Nix: Amazon Corretto install on arm #4560

Closed
dougch opened this issue May 16, 2024 · 0 comments · Fixed by #4561
Closed

Nix: Amazon Corretto install on arm #4560

dougch opened this issue May 16, 2024 · 0 comments · Fixed by #4561
Assignees
@dougch
Labels
s2n-core team type/nix related to nix

Comments

@dougch
Copy link
Contributor

dougch commented May 16, 2024

Security issue notifications

If you discover a potential security issue in s2n we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

For the nix install of Corretto on aarch64, we're not fixing up the interpreter path, resulting in a cryptic File not found error when running java.

[nix openssl-3.0] bash-5.1# java -version
bash: /nix/store/pgvb0dbji6k89z1g7099px0cn2jam872-amazon-corretto-17/bin/java: No such file or directory
[nix openssl-3.0] bash-5.1# ldd $(which java)
        linux-vdso.so.1 (0x0000faddc9171000)
        libjli.so => /nix/store/pgvb0dbji6k89z1g7099px0cn2jam872-amazon-corretto-17/bin/../lib/libjli.so (0x0000faddc90d0000)
        libpthread.so.0 => /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/libpthread.so.0 (0x0000faddc90a0000)
        libdl.so.2 => /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/libdl.so.2 (0x0000faddc9070000)
        libc.so.6 => /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/libc.so.6 (0x0000faddc8ec0000)
        /lib/ld-linux-aarch64.so.1 => /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/ld-linux-aarch64.so.1 (0x0000faddc9134000)
[nix openssl-3.0] bash-5.1# ls -al /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/ld-linux-aarch64.so.1
-r-xr-xr-x 1 root root 232792 Jan  1  1970 /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/ld-linux-aarch64.so.1
[nix openssl-3.0] bash-5.1# patchelf --print-interpreter $(which java)
/lib/ld-linux-aarch64.so.1
[nix openssl-3.0] bash-5.1# patchelf --print-rpath $(which java)
$ORIGIN:$ORIGIN/../lib

Note: if you're on a NixOS instance, /lib/ld-linux-aarch64.so.1 doesn't exist, but on say Ubuntu22 it does- and this issue won't reproduce.

Additional reading:

Solution:

fixing this up by hand:

[nix openssl-3.0] bash-5.1# patchelf --set-interpreter /nix/store/r0aclnvj3xz61pqvdbd4l57z714ybywa-glibc-2.35-224/lib/ld-linux-aarch64.so.1 $(which java)
[nix openssl-3.0] bash-5.1# java -version
openjdk version "17.0.7" 2023-04-18 LTS
OpenJDK Runtime Environment Corretto-17.0.7.7.1 (build 17.0.7+7-LTS)
OpenJDK 64-Bit Server VM Corretto-17.0.7.7.1 (build 17.0.7+7-LTS, mixed mode, sharing)

But this needs to be flake-ified.

Requirements / Acceptance Criteria:

Amazon corrette java should execute on aarch64.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dougch dougch

Labels
s2n-core team type/nix related to nix
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

bug(nix:corretto): use autoPatchelfHook on all systems and ignore als… dougch/s2n-tls
2 participants
@dougch @WesleyRosenblum