Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use install_tool_name and codesign to patch id of shaded library #11734

Merged
merged 3 commits into from
Oct 7, 2021
Merged

Use install_tool_name and codesign to patch id of shaded library #11734

merged 3 commits into from
Oct 7, 2021

Conversation

normanmaurer
Copy link
Member

Motivation:

How we did patch the id of the shaded library could lead to JVM crashes if signature validation was used on macOS. This is the case on m1 for example.

Modifications:

  • Replace our "hand-rolled" way of patching the id with using install_tool_name
  • Re-sign the library after patching the id

Result:

No more crashes due adjusted id on m1 when shading is used

@normanmaurer
Use install_tool_name and codesign to patch id of shaded library
8838990 
Motivation:

How we did patch the id of the shaded library could lead to JVM crashes if signature validation was used on macOS. This is the case on m1 for example.

Modifications:

- Replace our "hand-rolled" way of patching the id with using install_tool_name
- Re-sign the library after patching the id

Result:

No more crashes due adjusted id on m1 when shading is used
@normanmaurer
Copy link
Member Author

I am not really happy that we need to call external programs but there seems to be no C API we can use to-resign the lib on macOS :/

@normanmaurer normanmaurer added this to the 4.1.69.Final milestone Oct 5, 2021
@normanmaurer
Copy link
Member Author

Looking into alternative ways how to fix this atm

@normanmaurer
Copy link
Member Author

I have no better way :( I am open for any ideas tho.

@normanmaurer
Copy link
Member Author

normanmaurer commented Oct 6, 2021
edited

Before the last commit (77b95b5) the build always passed even tho the loading of the JNI lib actually crashed the JVM on M1:

14:35:07.189 [main] DEBUG shaded2.io.netty.util.internal.PlatformDependent - -Dio.netty.uninitializedArrayAllocationThreshold: -1
14:35:07.189 [main] DEBUG shaded2.io.netty.util.internal.CleanerJava9 - java.nio.ByteBuffer.cleaner(): available
14:35:07.189 [main] DEBUG shaded2.io.netty.util.internal.PlatformDependent - -Dio.netty.noPreferDirect: false
14:35:07.191 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.workdir: /var/folders/j2/kd787fjs0cx38nqhyl81pgw00000gn/T (io.netty.tmpdir)
14:35:07.191 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.deleteLibAfterLoading: true
14:35:07.191 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.tryPatchShadedId: true
14:35:07.199 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - Found the ID of the shaded native library shaded2_netty_transport_native_kqueue_aarch_64. Replacing ID part netty_transport_native_kqueue_aarch_64 with 7TMWpTkpWQrMyuOTtVzbHVdbbmkUhkirSRj5X9
[INFO]
[INFO] Results:
[INFO]
[INFO] Tests run: 0, Failures: 0, Errors: 0, Skipped: 0
[INFO]
[INFO]
[INFO] --- maven-jar-plugin:3.0.2:test-jar (default) @ netty-testsuite-shading ---
[INFO] Building jar: /Users/norman/Documents/workspace/netty/testsuite-shading/target/netty-testsuite-shading-4.1.69.Final-SNAPSHOT-tests.jar

After the config change:

14:35:57.986 [main] DEBUG shaded2.io.netty.util.internal.PlatformDependent - -Dio.netty.maxDirectMemory: -1 bytes
14:35:57.986 [main] DEBUG shaded2.io.netty.util.internal.PlatformDependent - -Dio.netty.uninitializedArrayAllocationThreshold: -1
14:35:57.987 [main] DEBUG shaded2.io.netty.util.internal.CleanerJava9 - java.nio.ByteBuffer.cleaner(): available
14:35:57.987 [main] DEBUG shaded2.io.netty.util.internal.PlatformDependent - -Dio.netty.noPreferDirect: false
14:35:57.988 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.workdir: /var/folders/j2/kd787fjs0cx38nqhyl81pgw00000gn/T (io.netty.tmpdir)
14:35:57.988 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.deleteLibAfterLoading: true
14:35:57.988 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - -Dio.netty.native.tryPatchShadedId: true
14:35:57.990 [main] DEBUG shaded2.io.netty.util.internal.NativeLibraryLoader - Found the ID of the shaded native library shaded2_netty_transport_native_kqueue_aarch_64. Replacing ID part netty_transport_native_kqueue_aarch_64 with J0Mn40hYHBEq3PCLdAyEs2qo5DHESMGO4xh7Pv
[1]    12483 killed     ./mvnw clean install -Pboringssl -pl testsuite-shading

@normanmaurer normanmaurer merged commit bc13595 into 4.1 Oct 7, 2021
@normanmaurer normanmaurer deleted the resign_shade branch October 7, 2021 08:54
normanmaurer added a commit that referenced this pull request Oct 7, 2021
@normanmaurer
Use install_tool_name and codesign to patch id of shaded library (#11734
c194995 
)

Motivation:

How we did patch the id of the shaded library could lead to JVM crashes if signature validation was used on macOS. This is the case on m1 for example.

Modifications:

- Replace our "hand-rolled" way of patching the id with using install_tool_name
- Re-sign the library after patching the id

Result:

No more crashes due adjusted id on m1 when shading is used
laosijikaichele pushed a commit to laosijikaichele/netty that referenced this pull request Dec 16, 2021
@normanmaurer @laosijikaichele
Use install_tool_name and codesign to patch id of shaded library (net…
434c579 
…ty#11734)


Motivation:

How we did patch the id of the shaded library could lead to JVM crashes if signature validation was used on macOS. This is the case on m1 for example.

Modifications:

- Replace our "hand-rolled" way of patching the id with using install_tool_name
- Re-sign the library after patching the id

Result:

No more crashes due adjusted id on m1 when shading is used
laosijikaichele pushed a commit to laosijikaichele/netty that referenced this pull request Dec 16, 2021
@normanmaurer @laosijikaichele
Use install_tool_name and codesign to patch id of shaded library (net…
58a0a93 
…ty#11734)


Motivation:

How we did patch the id of the shaded library could lead to JVM crashes if signature validation was used on macOS. This is the case on m1 for example.

Modifications:

- Replace our "hand-rolled" way of patching the id with using install_tool_name
- Re-sign the library after patching the id

Result:

No more crashes due adjusted id on m1 when shading is used
raidyue pushed a commit to raidyue/netty that referenced this pull request Jul 8, 2022
@normanmaurer
Use install_tool_name and codesign to patch id of shaded library (net…
84a5e17 
…ty#11734)


Motivation:

How we did patch the id of the shaded library could lead to JVM crashes if signature validation was used on macOS. This is the case on m1 for example.

Modifications:

- Replace our "hand-rolled" way of patching the id with using install_tool_name
- Re-sign the library after patching the id

Result:

No more crashes due adjusted id on m1 when shading is used
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrisvest chrisvest chrisvest approved these changes

@NiteshKant NiteshKant Awaiting requested review from NiteshKant

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.1.69.Final
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@normanmaurer @chrisvest