I'm trying to resolve canonical paths for all the files in a folder tree, but for some reason it will not resolve them (and intermittently the JVM security code will resolve the symlink properly within the FilePermission and cause a security error).
Env:
$ java -version
java version "1.6.0_23"
OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2)
OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
A known symlink in the system is /usr/share/java/gnome-java-bridge.jar:
$ ls -l /usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar
lrwxrwxrwx 1 root root 50 2012-02-24 13:39 /usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar -> ../../../../../../share/java/gnome-java-bridge.jar
The following code should resolve this known symlink:
String symlinkedFilePath =
"/usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar";
File symlinkedFile = new File(symlinkedFilePath);
System.out.println(symlinkedFile.getAbsolutePath());
System.out.println(symlinkedFile.getCanonicalPath());
but produces:
/usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar
/usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar
A further test, using the following code, will sometimes return true for the permission check, but sometimes will return false:
String symlinkedFilePath =
"/usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar";
File symlinkedFile = new File(symlinkedFilePath);
FilePermission recursivePermission = new FilePermission(
symlinkedFile.getParentFile().getParent() + "/-", "read");
FilePermission filePermission = new FilePermission(
symlinkedFile.getAbsolutePath(), "read");
System.out.println(recursivePermission);
System.out.println(filePermission);
System.out.println(
"Can read symlink: " + recursivePermission.implies(filePermission));
The typical result is:
(java.io.FilePermission /usr/lib/jvm/java-6-openjdk/jre/lib/- read)
(java.io.FilePermission /usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar read)
Can read symlink: true
but when debugging, if I step through the creation of the FilePermission on the target file, internally the path is resolved to the symlink, and the output results in:
(java.io.FilePermission /usr/lib/jvm/java-6-openjdk/jre/lib/- read)
(java.io.FilePermission /usr/lib/jvm/java-6-openjdk/jre/lib/ext/gnome-java-bridge.jar read)
Can read symlink: false
The problem is that within the context of the app in which the permission checking actually takes place, the symlink is always resolved by the FilePermission object, but never by my own calls to file.getCanonicalPath() as demonstrated above.
Does this make sense to anyone?
A colleague of mine confirmed the issue on OpenJDK 6u23, but not on any prior or following versions. That being said, since the issue has
A) a work around in the form of the system property
-Dsun.io.useCanonCaches=false
OR
-Dsun.io.useCanonPrefixCache=false
B) appears to be resolved in the later build (u24)
there appears to be little motivation to dig any deeper.
In Unix a symlink is a "special" file, with its own permissions.
The fact that you have read permission on the symbolic link doesn't imply you'll have it for the file linked.
My guess here is that you are running your program as an user that can read the symlink but not the actual file.
When entering debug mode you trigger the call to some method that change the internal state of the FilePermission object making it resolve to the actual file and thus returning you "false".
When you get "true" it's just telling you that you can read the symbolic link.
In your place, I'll check permission on this file:
- /usr/share/java/gnome-java-bridge.jar
and to the two directories:
- /usr/share
- /usr/share/java
Related
We've installed Sybase 16 Express in our Linux box, it was able to startup right after the installation. When we recently try restarting it with the startserver -f RUN_FILE command, it failed to find the libsapcrypto.so file.
~/sap/ASE-16_0/bin> ../sap/ASE-16_0/bin/dataserver: error while loading shared libraries: libsapcrypto.so: cannot open shared object file: No such file or directory
We searched this file, multiple matches presented in the following paths:
./DM/OCS-16_0/lib3p/libsapcrypto.so
./DM/OCS-16_0/lib3p64/libsapcrypto.so
./DM/OCS-16_0/devlib3p64/libsapcrypto.so
./DM/OCS-16_0/devlib3p/libsapcrypto.so
./DM/REP-16_0/lib64/libsapcrypto.so
./DataAccess/ODBC/lib/libsapcrypto.so
./DataAccess64/ODBC/lib/libsapcrypto.so
./OCS-16_0/lib3p/libsapcrypto.so
./OCS-16_0/lib3p64/libsapcrypto.so
./OCS-16_0/devlib3p64/libsapcrypto.so
./OCS-16_0/devlib3p/libsapcrypto.so
Since this hasn't been answered yet, running this command worked for me:
. /opt/sap/SYBASE.sh
Note the different syntax to make sure the environment variables are set in the terminal session, as opposed to using this syntax:
/opt/sap/SYBASE.sh
We have an application that makes a backup of a configuration file by copying it to a sub-folder (see log file entry below) using the following command:-
BOOL b = MoveFileEx(ExistingFileSpec, NewFileSpec, MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH | MOVEFILE_COPY_ALLOWED);
This appears to work as expected on most systems but on two we get the following warning in our log file:-
11 Jun 2018 10:58:05.437 W. COMMON WARNING MoveFile failed on C:\Program Files\Configuration\Stores.xml to C:\Program Files\Configuration\Backup\Stores.xml LastError=183
Lasterror =183 means "ERROR_ALREADY_EXISTS"
This is odd since MOVEFILE_REPLACE_EXISTING is specifically meant to enable this command to work when the target file exists.
This is happening on Win7 x86 machines.
In a previous version of the code MoveFile was used but with a DeleteFile call immediately prior to ensure the target file did not exist. When the code was rolled back to this version it works.
Any suggestions?
here is the command I use on WIndows 10 command shell :
java
-cp .\soot-2.5.0.jar soot.Main
-cp ".;R:\...\OCLRuler\lib;C:\...\jdk1.8.0_144\bin"
-pp -process-dir R:\...\OCLRuler\src\
-src-prec java
-d R:\...\test\soot
-allow-phantom-refs
-main-class OCLRuler
When I execute it, I get the following output:
Soot started on Tue Sep 26 13:28:32 EDT 2017
Warning: java.dyn.InvokeDynamic is a phantom class!
Warning: Main is a phantom class!
Warning: MainMulti is a phantom class!
Warning: oclruler.a_test.MainRawTesting is a phantom class!
... all of them (100+ lines)...
Warning: oclruler.utils.ToolBox is a phantom class!
OCLRuler.java: Class "oclruler.genetics.EvaluatorOCL" not found.
OCLRuler.java: Class "oclruler.genetics.EvaluatorOCL" not found.
Exception in thread "main" soot.CompilationDeathException: Could not compile
at soot.javaToJimple.JavaToJimple.compile(JavaToJimple.java:104)
at soot.javaToJimple.InitialResolver.formAst(InitialResolver.java:117)
at soot.JavaClassSource.resolve(JavaClassSource.java:54)
at soot.SootResolver.bringToHierarchy(SootResolver.java:215)
at soot.SootResolver.bringToSignatures(SootResolver.java:239)
at soot.SootResolver.processResolveWorklist(SootResolver.java:154)
at soot.SootResolver.resolveClass(SootResolver.java:124)
at soot.Scene.loadClass(Scene.java:448)
at soot.Scene.loadClassAndSupport(Scene.java:433)
at soot.Scene.loadNecessaryClasses(Scene.java:1076)
at soot.Main.run(Main.java:167)
at soot.Main.main(Main.java:141)
All libs used in the OCLRUler project are included in OCLRUler/lib and all sources in OCLRuler/src. The output directory is not included in the soot directory. Also, the project does compile (I'm working on and with it). The . directory contains all soot/jasmin/heros jars.
Still, all classes are considered phantoms, and Soot compilation abords because (I guess) it lacks bodies from these classes. I mean that "EvaluatorOCL" (i.e., still guessing, the source of the CompilationDeathException) is a "Phantom class".
What's wrong ?
SHould I add all and every packages in Soot's classpath ?
I've tried all sorts of command line expressions - until I got profundly lost. Anybody has a clue on the matter ?
Thanks a lot.
Edouard
Changed the -pp -process-dir R:\...\OCLRuler\src\ argument for -pp -process-dir R:\...\OCLRuler\
and it seems to work fine... The phantoms are still strolling around, but there are result files in the output folder!
[edit:]
Oups, this is gona become a new question... The ouput files are... EMPTY !!!
As I said, there are still warnings about phantoms and outputs are generated for all files (java and class alike)
Why are they empty ??
[/edit]
This might well be a problem with Soot's source-code frontend, which is heavily outdated by now. I would recommend compiling the .java files to .class and then giving those to Soot.
Update 2
I think #faré is right, it's an output translation problem.
So I declared the evironment variable ASDF_OUTPUT_TRANSLATIONS and set it to E:/. Now (asdf:require-system "my-system") yields a different error: Uneven number of components in source to destination mapping: "E:/" which led me to this SO-topic.
Unfortunately, his solution doesn't work for me. So I tried the other answer and set ASDF_OUTPUT_TRANSLATIONS to (:output-translations (t "E:/")). Now I get yet another error:
Invalid source registry (:OUTPUT-TRANSLATIONS (T "E:/")).
One and only one of
:INHERIT-CONFIGURATION or
:IGNORE-INHERITED-CONFIGURATION
is required.
(will be skipped)
Original Posting
I have a simple system definition but can't get ASDF to load it.
(asdf-version 3.1.5, sbcl 1.3.12 (upgraded to 1.3.18 AMD64), slime 2.19, Windows 10)
What I have tried so far
Following the ASDF manual: "4.1 Configuring ASDF to find your systems"
There it says:
For Windows users, and starting with ASDF 3.1.5, start from your
%LOCALAPPDATA%, which is usually ~/AppData/Local/ (but you can ask in
a CMD.EXE terminal echo %LOCALAPPDATA% to make sure) and underneath
create a subpath config/common-lisp/source-registry.conf.d/
That's exactly what I did:
Echoing %LOCALAPPDATA% which evaluates to C:\Users\my-username\AppData\Local
Underneath I created the subfolders config\common-lisp\source-registry.conf.d\ (In total: C:\Users\my-username\AppData\Local\config\common-lisp\source-registry.conf.d\
The manual continues:
there create a file with any name of your choice but with the type conf, for instance 50-luser-lisp.conf; in this file, add the following line to tell ASDF to recursively scan all the subdirectories under /home/luser/lisp/ for .asd files: (:tree "/home/luser/lisp/")
That’s enough. You may replace /home/luser/lisp/ by wherever you want to install your source code.
In the source-registry.conf.d folder I created the file my.conf and put in it (:tree "C:/Users/my-username/my-systems/"). This folder contains a my-system.asd.
And here comes the weird part:
If I now type (asdf:require-system "my-system") in the REPL I get the following error:
Can't create directory C:\Users\my-username\AppData\Local\common-lisp\sbcl-1.3.12-win-x86\C\Users\my-username\my-systems\C:\
So the problem is not that ASDF doesn't find the file, it does -- but (whatever the reason) it tries to create a really weird subfolder hierarchy which ultimately fails because at the end it tries to create the folder C: but Windows doesn't allow foldernames containing a colon.
Another approach: (push path asdf:*central-registry*)
If I try
> (push #P"C:/Users/my-username/my-systems/" asdf:*central-registry*)
(#P"C:/Users/my-username/my-systems/"
#P"C:/Users/my-username/AppData/Roaming/quicklisp/quicklisp/")
> (asdf:require-system "my-system")
I get the exact same error.
I don't know what to do.
Update
Because of the nature of the weird path ASDF was trying to create I thought maybe I could bypass the problem by specifying a relative path instead of an absolute one.
So I tried
(:tree "\\Users\\my-username\\my-systems")
in my conf file. Still the same error.
Ahem. It looks like an output-translations problem.
I don't have a Windows machine right now, but this all used to work last time I tried.
Can you setup some ad hoc output-translations for now that will make it work?
I double checked all settings but did not find the issue and that's why I try to get help here.
Let me show the configuration:
puppet.conf:
[...]
[master]
environmentpath = $confdir/environments/
hiera_config = $confdir/environments/production/sites/xy/config/hiera.yaml
default_manifest = ./sites/xy/config/
environment_timeout = 0
fileserver.conf:
[...]
[sites]
path /etc/puppet/environments/production/sites/
allow *
auth.conf:
[...]
# extra mountpoint
path /sites
allow *
[...]
Now whenever I run Puppet and it tries to implement a specific file I get this:
Error: Could not retrieve catalog from remote server: Error 400 on SERVER: Could not find any files from puppet:///sites/xy/files/xy/xy.key.pub at /etc/puppet/environments/production/modules/xy/manifests/xy.pp:88 on node xy
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Note that I had to replace sensitive information by xy but for debugging purposes I try to give every detail where possible.
So /sites points to /etc/puppet/environments/production/sites/ according to fileserver.conf and the directory exists like this (with correct permissions imho):
/etc/puppet % ls -ld /etc/puppet/environments/production/sites/
drwxr-xr-x 8 root puppet 4096 Oct 7 12:46 /etc/puppet/environments/production/sites/
The mentioned file puppet:///sites/xy/files/xy/xy.key.pub should therefore be located in /etc/puppet/environments/production/sites/xy/files/xy/xy.key.pub which looks like this:
/etc/puppet % ls -l /etc/puppet/environments/production/sites/*/files/*/*.key.pub
-rw-r--r-- 1 root puppet 725 Oct 7 12:46 /etc/puppet/environments/production/sites/xy/files/xy/xy.key.pub
And the in the error message mentioned line 88 of the module which loads the file it looks like this:
$sshpubkey = file("puppet:///${sitefiles}/xy/${s0_pubkey}")
where $s0_pubkey is xy.key.pub and ${sitefiles} is sites/$site/files which leads to the evaluated path of the requested file like this: puppet:///sites/xy/files/xy/xy.key.pub
The function file() in Puppet can not handle Puppet mountpoints with puppet://. The official docs at https://docs.puppet.com/puppet/latest/reference/function.html#file don't mention it specifically but obviously without mentioning it it means it can't handle extra mountpoints and wants to load files from a modules files directory.
My solution: I will use a variable which declares the absolute path to my "sites files" like this: $sitefiles_absolute = "/etc/puppet/environments/${environment}/sites/xy/files/" which will never change or at least not very often. And with keeping it in the site.pp file it can be used on every node and module.