11

From Spring Microservices in Action book: I am trying to use the Docker Maven Plugin to build a docker image for deploy a Java microservice as Docker container to the cloud.

Dockerfile:

FROM openjdk:8-jdk-alpine
RUN mkdir -p /usr/local/configserver
ADD jce_policy-8.zip /tmp/
RUN unzip /tmp/jce_policy-8.zip && \
    rm /tmp/jce_policy-8.zip && \
    yes | cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
ADD @project.build.finalName@.jar /usr/local/configserver/
ADD run.sh run.sh
RUN chmod +x run.sh
CMD ./run.sh

Output related to step 4 in Dockerfile:

...

---> Using cache
---> dd33d4c12d29
Step 4/8 : RUN unzip /tmp/jce_policy-8.zip && rm /tmp/jce_policy-8.zip && yes | cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/

---> Running in 1071273ceee5
Archive:  /tmp/jce_policy-8.zip
unzip: short read

Why do I get unzip: short read when I try to build the image?

lcnicolau
  • 3,252
  • 4
  • 36
  • 53
  • 1
    "short read" means that the `read()` syscall was invoked, but less information than requested was returned. Now, that *can* happen completely legitimately, and software that doesn't do another `read()` call to try to get more content (which the standard C library will automate) is buggy, but as an initial question -- is your file *really* intact and as long as it should be? – Charles Duffy Feb 06 '19 at 00:32
  • BTW, re: syscalls on UNIX sometimes exiting without fully completing the requested task and the standard C library containing workarounds for same, you may find https://www.jwz.org/doc/worse-is-better.html an interesting historical read. – Charles Duffy Feb 06 '19 at 00:34
  • Thanks @CharlesDuffy. It was a problem with the [Apache Maven Resources Plugin](https://maven.apache.org/plugins/maven-resources-plugin/) configuration, which was filtering the zip file. I was sure of the integrity of the file, but your comment reminded me that this plugin copies the resources into the directory where the Docker image is built, and there was the problem. – lcnicolau Feb 06 '19 at 14:31

4 Answers4

11

Somehow, curl on alpine linux distro can't set cookie headers correctly while downloading jce zip file. It seems it downloads a zip file but in fact it is an html error page. If you view the file you can see that it is an html file. I've used wget instead of curl and it successfully downloaded file. Then unzip operation worked as expected.

FROM openjdk:8-jdk-alpine
RUN  apk update && apk upgrade && apk add netcat-openbsd
RUN mkdir -p /usr/local/configserver
RUN cd /tmp/ && \
    wget 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' --header "Cookie: oraclelicense=accept-securebackup-cookie" && \
    unzip jce_policy-8.zip && \
    rm jce_policy-8.zip && \
    yes |cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
ADD @project.build.finalName@.jar /usr/local/configserver/
ADD run.sh run.sh
RUN chmod +x run.sh
CMD ./run.sh
cagdas deyirmenci
  • 111
  • 1
  • 3
4

It's possible your jce_policy-8.zip archive is being recognized as a compressed archive and expanded by the ADD instruction. If so, you can skip unzipping on the next line. Or, switch to the COPY instruction, which does no special processing of local archives.

In general, I recommend always using the COPY instruction to bring in files and directories from the build context. Only use ADD when you specifically want the extra unpacking behaviour.

King Chung Huang
  • 5,026
  • 28
  • 24
  • 1
    I would even state that using `COPY` in favor of `ADD`, when simple copy is intended, is an **official** recommendation: https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#add-or-copy – grapes Feb 06 '19 at 06:25
  • Thanks both, I will follow your recommendation. However, _zip_ format is not unpacked by `ADD` instruction. It was a problem with the integrity of the file at the moment of copying it to the build context. – lcnicolau Feb 06 '19 at 15:01
4

I'm find solved link

FROM openjdk:8-jdk-alpine
RUN  apk update && apk upgrade && apk add netcat-openbsd && apk add curl
RUN mkdir -p /usr/local/configserver
RUN cd /tmp/ && \
    **curl -L -b "oraclelicense=a" http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip -O** && \
    unzip jce_policy-8.zip && \
    rm jce_policy-8.zip && \
    yes |cp -v /tmp/UnlimitedJCEPolicyJDK8/*.jar /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/
ADD @project.build.finalName@.jar /usr/local/configserver/
ADD run.sh run.sh
RUN chmod +x run.sh
CMD ./run.sh
nifelee
  • 41
  • 1
  • 3
    Please add an explanation about answer – mastisa Apr 17 '19 at 05:58
  • alpine curl bug(?) another solution ```bash curl -k -LO "http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip" -b 'oraclelicense=accept-securebackup-cookie' ``` – nifelee Apr 18 '19 at 06:04
4

Maybe it is related to the fact that the unzip command in alpine is provided busybox and not the standard unzip tool.

Busybox do have bugs related to this error: https://bugs.busybox.net/show_bug.cgi?id=8821

Here is a related issue with more details: https://github.com/wahern/luaossl/issues/103

As a workaround installing the standard unzip command should work.

mickours
  • 1,113
  • 12
  • 13