RPM Build to Include Fix 337

[eagle-rr]

As we just upgraded to Java 11.x (per security requirement); I came across the bug for:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by retrofit2.Platform (file:/var/lib/rundeck-cli/rd-cli-tool-shadow-1.3.4/lib/rundeck-cli-1.3.4-all.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of retrofit2.Platform
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Is there a plan to build a new rpm version to include the fix included in #337 ? Or should I get the fix via another method?

[gschueler]

@eagle-rr I believe that fix did not solve that problem as it was reported again after release 1.3.4, so it is not fixed apparently

[gschueler]

if you have the same warning in release 1.3.9, can you include the command you are running?

[EmFl]

Hello,
Getting this on debian with 1.3.10 as well, let me know if you need me to open a debian specific issue or if here is fine to track this.

java -version
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment AdoptOpenJDK-11.0.11+9 (build 11.0.11+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK-11.0.11+9 (build 11.0.11+9, mixed mode)

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector (file:/var/lib/rundeck-cli/rd-cli-tool-shadow-1.3.10/lib/rundeck-cli-1.3.10-all.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

When running:

rd keys create --path "$RD_PROJECT/$RD_JOB/$FUNCTIONNAME" --type password -f $TMPFILE
rd jobs load -f ${{parameters.rundeckjobfile}} --project $RD_PROJECT --format yaml --remove-uuids --verbose

[ShepTeck]

I get this warning for any command I run with rd.bat
java -version
openjdk version "11.0.14" 2022-01-18 LTS
OpenJDK Runtime Environment Corretto-11.0.14.9.1 (build 11.0.14+9-LTS)
OpenJDK 64-Bit Server VM Corretto-11.0.14.9.1 (build 11.0.14+9-LTS, mixed mode)

OS: Windows Server 2016
APIVERSION : 40
BASE : /Apache/webapps/rundeck/rundeck
BUILD : 3.4.10-20220118
BUILDGIT : v3.4.10-0-g01b8e84
NODE : localhost
VERSION : 3.4.10-20220118

I even added these to the rd file but no dice:

# Add default JVM options here. You can also use JAVA_OPTS and RD_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS=""
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang.invoke=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang.invoke=retrofit2"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.io=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
JAVA_OPTS="$JAVA_OPTS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.lang=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.io=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.util=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.base/java.util.concurrent=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED"
JDK_JAVA_OPTIONS="$JDK_JAVA_OPTIONS --add-opens java.base/java.lang.invoke=retrofit2"

this is thd rd.conf file:

export RD_TOKEN=my_token

# or

#export RD_USER=username
#export RD_PASSWORD=password

export RD_URL=${RD_URL:-http://my-ip:8080/rundeck/}

export RD_INSECURE_SSL_NO_WARN=true

export JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang.invoke=ALL-UNNAMED"

OpenJDK 64-Bit Server VM warning: Ignoring option MaxPermSize; support was removed in 8.0
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by retrofit2.Platform (file://Apache/webapps/rundeck/rundeck/cli/rd-1.3.11/lib/retr
ofit-2.9.0.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)
WARNING: Please consider reporting this to the maintainers of retrofit2.Platform
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

[Daryes]

I've also got the problem with rd-cli 2.0.4 after switching to OpenJDK11

$ java --version
openjdk 11.0.18 2023-01-17
OpenJDK Runtime Environment (build 11.0.18+10-post-Ubuntu-0ubuntu118.04.1)
OpenJDK 64-Bit Server VM (build 11.0.18+10-post-Ubuntu-0ubuntu118.04.1, mixed mode, sharing)

The error :

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by retrofit2.Platform (file:/server/rundeck/releases/rd-cli-2.0.4/lib/retrofit-2.9.0.jar) to constructor java.lang.invoke.MethodHandles$Lookup(java.lang.Class,int)

rd-cli is installed using the zip file.

While the errors are for now just an information message, it is possible to hide them with :
(Taken from the thread in KeycloakAuthenticator )

export JAVA_OPTS="$JAVA_OPTS --add-opens=java.base/java.lang.invoke=ALL-UNNAMED"

To have it working, this line must be in the running environment calling rd-cli
I didn't test much with the rc.conf file, as I'm not using it.