native-image execution within a dev container - fails with security error

[ddobrin]

Local env:
OpenJDK Runtime Environment GraalVM CE 21.1.0 (build 11.0.11+8-jvmci-21.1-b05)
OpenJDK 64-Bit Server VM GraalVM CE 21.1.0 (build 11.0.11+8-jvmci-21.1-b05, mixed mode, sharing)

Running a dev container:
https://github.com/spring-projects-experimental/spring-native/blob/main/run-dev-container.sh

./run-dev-container.sh
GraalVM 21.1.0 Java 11 CE (Java Version 11.0.11+8-jvmci-21.1-b05)

Executing native-image is successful on MacBook with 21.1 installed is fine

Error occurs when running in container:
native-image fails with a security error as listed below:

native-image Helloworkshop
Exception in thread "main" java.lang.ExceptionInInitializerError
at com.oracle.svm.core.classinitialization.ClassInitializationInfo.initialize(ClassInitializationInfo.java:315)
at java.nio.file.Files.createTempFile(Files.java:913)
at com.oracle.svm.driver.NativeImage.createImageBuilderArgumentFile(NativeImage.java:1403)
at com.oracle.svm.driver.NativeImage.buildImage(NativeImage.java:1442)
at com.oracle.svm.driver.NativeImageServer.buildImage(NativeImageServer.java:761)
at com.oracle.svm.driver.NativeImage.completeImageBuild(NativeImage.java:1271)
at com.oracle.svm.driver.NativeImage.build(NativeImage.java:1510)
at com.oracle.svm.driver.NativeImage.performBuild(NativeImage.java:1480)
at com.oracle.svm.driver.NativeImage.main(NativeImage.java:1467)
at com.oracle.svm.driver.NativeImage$JDK9Plus.main(NativeImage.java:1959)
Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: NativePRNG, provider: SUN, class: sun.security.provider.NativePRNG)
at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:294)
at java.security.SecureRandom.(SecureRandom.java:219)
at java.nio.file.TempFileHelper.(TempFileHelper.java:55)
at com.oracle.svm.core.classinitialization.ClassInitializationInfo.invokeClassInitializer(ClassInitializationInfo.java:375)
at com.oracle.svm.core.classinitialization.ClassInitializationInfo.initialize(ClassInitializationInfo.java:295)
... 9 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: NativePRNG, provider: SUN, class: sun.security.provider.NativePRNG)
at java.security.Provider$Service.newInstance(Provider.java:1901)
at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:290)
... 13 more
Caused by: java.lang.AssertionError: NativePRNG not available
at sun.security.provider.NativePRNG.(NativePRNG.java:207)
at java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at java.security.Provider.newInstanceUtil(Provider.java:176)
at java.security.Provider$Service.newInstance(Provider.java:1894)
... 14 more

Code:
`import java.lang.reflect.InvocationTargetException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;

public class Helloworkshop {
private static final String USER_HOME = System.getProperty("user.home");

public static void main(String[] args) throws NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException, ClassNotFoundException {
    System.out.println("\n***** Hello, Workshop Participants! *****");

    DateTimeFormatter dtf = DateTimeFormatter.ofPattern("uuuu/MM/dd HH:mm:ss");
    LocalDateTime now = LocalDateTime.now();
    System.out.println("Today's date: " + dtf.format(now));

    System.out.println("\n***** Java Vendor version *****");
    Properties props = System.getProperties();
    props.keySet().stream()
            .filter(key -> key.toString().startsWith("java.vendor"))
            .map(key -> key + ": " + props.getProperty(key.toString()))
            .forEach(System.out::println);

    System.out.println("\n***** Java VM version *****");
    props.keySet().stream()
            .filter(key -> key.toString().startsWith("java.vm"))
            .map(key -> key + ": " + props.getProperty(key.toString()))
            .forEach(System.out::println);

    System.out.println("\n***** Java Runtime Version *****");
    Runtime.Version version = java.lang.Runtime.version();
    System.out.println("Java Version = "+version);
    System.out.println("Java Version Feature Element = "+version.feature());
    System.out.println("Java Version Interim Element = "+version.interim());
    System.out.println("Java Patch Element Version = "+version.patch());
    System.out.println("Java Update Element Version = "+version.update());
    System.out.println("Java Version Build = "+version.build().get());
    System.out.println("Java Pre-Release Info = "+version.pre().orElse("NA"));

    System.out.println("USER_HOME = " + USER_HOME);
}

}
`

[oubidar-Abderrahim]

Hi, thank you for reporting this.

Unfortunately I could not reproduce this issue. I used the run-dev-conatiner.sh to build a docker container in which I generated a native-image for the Helloworkshop.java example you provided using GraalVM java11 CE 21.1.0 and run it without issues. Is there a missing step?

[ddobrin]

Thank you for testing it out @oubidar-Abderrahim - could there be a difference that I am running on a MacBook Pro and use Docker 3.3.0?.

The test is correct, certainly, a simple app.

[oubidar-Abderrahim]

I was also able to create the native-image inside the container on top of macOS

[oubidar-Abderrahim]

What is the output of docker --version?

[ddobrin]

docker --version
Docker version 20.10.5, build 55c4c88

Version: 3.3.0

[oubidar-Abderrahim]

That is the same docker version I'm using, I will describe the steps I took to reproduce and compare them to what you do

1. git clone https://github.com/spring-projects-experimental/spring-native.git

2.  ./run-dev-container.sh
GraalVM 21.1.0 Java 11 CE (Java Version 11.0.11+8-jvmci-21.1-b05)

3. Create (outside the container) Helloworkshop.java with:

import java.lang.reflect.InvocationTargetException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Map;
import java.util.Properties;
import java.util.UUID;

public class Helloworkshop {
private static final String USER_HOME = System.getProperty("user.home");

public static void main(String[] args) throws NoSuchMethodException, InvocationTargetException, InstantiationException, IllegalAccessException, ClassNotFoundException {
    System.out.println("\n***** Hello, Workshop Participants! *****");

    DateTimeFormatter dtf = DateTimeFormatter.ofPattern("uuuu/MM/dd HH:mm:ss");
    LocalDateTime now = LocalDateTime.now();
    System.out.println("Today's date: " + dtf.format(now));

    System.out.println("\n***** Java Vendor version *****");
    Properties props = System.getProperties();
    props.keySet().stream()
            .filter(key -> key.toString().startsWith("java.vendor"))
            .map(key -> key + ": " + props.getProperty(key.toString()))
            .forEach(System.out::println);

    System.out.println("\n***** Java VM version *****");
    props.keySet().stream()
            .filter(key -> key.toString().startsWith("java.vm"))
            .map(key -> key + ": " + props.getProperty(key.toString()))
            .forEach(System.out::println);

    System.out.println("\n***** Java Runtime Version *****");
    Runtime.Version version = java.lang.Runtime.version();
    System.out.println("Java Version = "+version);
    System.out.println("Java Version Feature Element = "+version.feature());
    System.out.println("Java Version Interim Element = "+version.interim());
    System.out.println("Java Patch Element Version = "+version.patch());
    System.out.println("Java Update Element Version = "+version.update());
    System.out.println("Java Version Build = "+version.build().get());
    System.out.println("Java Pre-Release Info = "+version.pre().orElse("NA"));

    System.out.println("USER_HOME = " + USER_HOME);
}
}

4. In order to copy Helloworkshop.java inside the container I use docker ps to get the container short Id (ex: 2c8e887cf737) and then use docker inspect -f '{{.Id}}' 2c8e887cf737 to get the complete Id of the container then I do the copying with docker cp ./Helloworkshop.java complete-docker-container-id:/home/aoubidar/spring-native/Helloworkshop.java (you can get the path inside the container using pwd command)
5. From inside the container I compile using javac Helloworkshop.java then run native-image Helloworkshop which generate the executable
6. Running the executable gives the following output

***** Hello, Workshop Participants! *****
Today's date: 2021/07/05 09:26:50
***** Java Vendor version *****
java.vendor.url: https://www.graalvm.org/
java.vendor: Oracle Corporation
***** Java VM version *****
java.vm.vendor: Oracle Corporation
java.vm.name: Substrate VM
java.vm.specification.version: 11
java.vm.specification.name: Java Virtual Machine Specification
java.vm.specification.vendor: Oracle Corporation
java.vm.version: GraalVM 21.1.0 Java 11 CE
***** Java Runtime Version *****
Java Version = 11.0.11+8-jvmci-21.1-b05
Java Version Feature Element = 11
Java Version Interim Element = 0
Java Patch Element Version = 0
Java Update Element Version = 11
Java Version Build = 8
Java Pre-Release Info = NA
USER_HOME = /home/aoubidar

[oubidar-Abderrahim]

I tried to be as detailed as possible on the steps, I tested this on both Linux Ubuntu 18.04 and macOS Catalina 10.15.7

Could you please try again by following these steps

[ddobrin]

Thank you for the detailed steps @oubidar-Abderrahim , this is what I did.
Running MacOS Catalina 10.15.7 (19H15)

Same result:

• executed native-image Helloworkshop
• executed native-image Helloworkshop --enable-all-security-services (thought that this might be a helping buildArg)

The only option I could see is deleting Docker altogether and reinstalling, or updating to the new(er) 3.5.1

---

Exception in thread "main" java.lang.ExceptionInInitializerError
at com.oracle.svm.core.classinitialization.ClassInitializationInfo.initialize(ClassInitializationInfo.java:315)
at java.nio.file.Files.createTempFile(Files.java:913)
at com.oracle.svm.driver.NativeImage.createImageBuilderArgumentFile(NativeImage.java:1403)
at com.oracle.svm.driver.NativeImage.buildImage(NativeImage.java:1442)
at com.oracle.svm.driver.NativeImageServer.buildImage(NativeImageServer.java:761)
at com.oracle.svm.driver.NativeImage.completeImageBuild(NativeImage.java:1271)
at com.oracle.svm.driver.NativeImage.build(NativeImage.java:1510)
at com.oracle.svm.driver.NativeImage.performBuild(NativeImage.java:1480)
at com.oracle.svm.driver.NativeImage.main(NativeImage.java:1467)
at com.oracle.svm.driver.NativeImage$JDK9Plus.main(NativeImage.java:1959)
Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: NativePRNG, provider: SUN, class: sun.security.provider.NativePRNG)
at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:294)
at java.security.SecureRandom.(SecureRandom.java:219)
at java.nio.file.TempFileHelper.(TempFileHelper.java:55)
at com.oracle.svm.core.classinitialization.ClassInitializationInfo.invokeClassInitializer(ClassInitializationInfo.java:375)
at com.oracle.svm.core.classinitialization.ClassInitializationInfo.initialize(ClassInitializationInfo.java:295)
... 9 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: NativePRNG, provider: SUN, class: sun.security.provider.NativePRNG)
at java.security.Provider$Service.newInstance(Provider.java:1901)
at java.security.SecureRandom.getDefaultPRNG(SecureRandom.java:290)
... 13 more
Caused by: java.lang.AssertionError: NativePRNG not available
at sun.security.provider.NativePRNG.(NativePRNG.java:207)
at java.lang.reflect.Constructor.newInstance(Constructor.java:490)
at java.security.Provider.newInstanceUtil(Provider.java:176)
at java.security.Provider$Service.newInstance(Provider.java:1894)
... 14 more

[oubidar-Abderrahim]

If the issue is still occurring on the latest build 22.1.0, please reopen this issue.