Runtime: aspnetcore-runtime-alpine3.7 (no libcurl)- The type initializer for 'Http' threw an exception - Error loading shared library libSystem.Net.Http.Native: No such file or directory
_From @se on May 31, 2018 0:53_
Guys "microsoft/dotnet:2.1-aspnetcore-runtime-alpine3.7" is giving this error;
But when I use "microsoft/dotnet:2.1-aspnetcore-runtime" is OK.
I'm not sure is this the place that I should create an issue.
System.TypeInitializationException: The type initializer for 'Http' threw an exception. ---> System.TypeInitializationException: The type initializer for 'HttpInitializer' threw an exception. ---> System.DllNotFoundException: Unable to load shared library 'System.Net.Http.Native' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: Error loading shared library libSystem.Net.Http.Native: No such file or directory
at Interop.Http.GetSslVersionDescription()
at Interop.HttpInitializer..cctor()
--- End of inner exception stack trace ---
at Interop.Http..cctor()
--- End of inner exception stack trace ---
at Interop.Http.EasyCreate()
at Internal.Cryptography.Pal.CertificateAssetDownloader.DownloadAsset(String uri, TimeSpan& remainingDownloadTime)
at Internal.Cryptography.Pal.CertificateAssetDownloader.DownloadCrl(String uri, TimeSpan& remainingDownloadTime)
at Internal.Cryptography.Pal.CrlCache.DownloadAndAddCrl(X509Certificate2 cert, SafeX509StoreHandle store, TimeSpan& remainingDownloadTime)
at Internal.Cryptography.Pal.CrlCache.AddCrlForCertificate(X509Certificate2 cert, SafeX509StoreHandle store, X509RevocationMode revocationMode, DateTime verificationTime, TimeSpan& remainingDownloadTime)
at Internal.Cryptography.Pal.OpenSslX509ChainProcessor.BuildChain(X509Certificate2 leaf, HashSet`1 candidates, HashSet`1 systemTrusted, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan& remainingDownloadTime)
at Internal.Cryptography.Pal.ChainPal.BuildChain(Boolean useMachineContext, ICertificatePal cert, X509Certificate2Collection extraStore, OidCollection applicationPolicy, OidCollection certificatePolicy, X509RevocationMode revocationMode, X509RevocationFlag revocationFlag, DateTime verificationTime, TimeSpan timeout)
at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate, Boolean throwOnException)
at System.Security.Cryptography.X509Certificates.X509Chain.Build(X509Certificate2 certificate)
at System.Net.Security.CertificateValidation.BuildChainAndVerifyProperties(X509Chain chain, X509Certificate2 remoteCertificate, Boolean checkCertName, String hostName)
at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertValidationCallback remoteCertValidationCallback, ProtocolToken& alertToken)
at System.Net.Security.SslState.CompleteHandshake(ProtocolToken& alertToken)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
at System.Net.Security.SslState.ThrowIfExceptional()
at System.Net.Security.SslState.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslState.EndProcessAuthentication(IAsyncResult result)
at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__46_2(IAsyncResult iar)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at MongoDB.Driver.Core.Connections.SslStreamFactory.CreateStreamAsync(EndPoint endPoint, CancellationToken cancellationToken)
at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at MongoDB.Driver.Core.Connections.BinaryConnection.OpenHelperAsync(CancellationToken cancellationToken)
at MongoDB.Driver.Core.Servers.ServerMonitor.HeartbeatAsync(CancellationToken cancellationToken)" }] }.
at MongoDB.Driver.Core.Clusters.Cluster.ThrowTimeoutException(IServerSelector selector, ClusterDescription description)
at MongoDB.Driver.Core.Clusters.Cluster.WaitForDescriptionChangedHelper.HandleCompletedTask(Task completedTask)
at MongoDB.Driver.Core.Clusters.Cluster.WaitForDescriptionChanged(IServerSelector selector, ClusterDescription description, Task descriptionChangedTask, TimeSpan timeout, CancellationToken cancellationToken)
at MongoDB.Driver.Core.Clusters.Cluster.SelectServer(IServerSelector selector, CancellationToken cancellationToken)
at MongoDB.Driver.MongoClient.AreSessionsSupportedAfterServerSelection(CancellationToken cancellationToken)
at MongoDB.Driver.MongoClient.AreSessionsSupported(CancellationToken cancellationToken)
at MongoDB.Driver.OperationExecutor.StartImplicitSession(CancellationToken cancellationToken)
at MongoDB.Driver.MongoCollectionImpl`1.UsingImplicitSession[TResult](Func`2 func, CancellationToken cancellationToken)
at MongoDB.Driver.MongoCollectionImpl`1.FindSync[TProjection](FilterDefinition`1 filter, FindOptions`2 options, CancellationToken cancellationToken)
at MongoDB.Driver.FindFluent`2.ToCursor(CancellationToken cancellationToken)
at MongoDB.Driver.IAsyncCursorSourceExtensions.ToList[TDocument](IAsyncCursorSource`1 source, CancellationToken cancellationToken)
at MonoSay.Platform.MongoDbXmlRepository.GetAllElements() in /source/Web/MonoSay.Platform/DataProtection/MonoDbXmlRepository.cs:line 23
at Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager.GetAllKeys()
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.CreateCacheableKeyRingCore(DateTimeOffset now, IKey keyJustAdded)
at Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider.GetCurrentKeyRingCore(DateTime utcNow)
_Copied from original issue: dotnet/coreclr#18211_
jkotas
All 24 comments
@wfurt can you please take a look?
karelz
on 31 May 2018
@se do you have a repro we can try in the Docker image?
karelz
on 31 May 2018
are you targeting 2.0 or 2.1 @se in your project? If you target 2.1 HTTP should use managed implementation.
wfurt
on 31 May 2018
System.Security calls curl directly even in 2.1, without going through the managed HTTP stack.
jkotas
on 31 May 2018
ok. I'll take a look. Maybe curl is missing in the docker image.
wfurt
on 31 May 2018
System.Security calls curl directly even in 2.1, without going through the managed HTTP stack.
Oh man...
stephentoub
on 31 May 2018
This is a real problem:
https://github.com/dotnet/corefx/blob/2c58d310d772ed5bed21394590815c4c9fea0bcc/src/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/CertificateAssetDownloader.cs#L85-L120
We don't require libcurl anymore, yet a component depends on it. We need to fix this code to not rely on libcurl.
cc: @bartonjs
stephentoub
on 31 May 2018
running "apk update; apk add curl" inside your docker image will probably workaround it @se.
Also, I did try simple https app in alpine docker image and it run ok.
wfurt
on 31 May 2018
Thank you guys for digging on it.
I will try to update our Docker Image with this workaround and let you know.
se
on 31 May 2018
Crypto can't use the managed stack, because the managed stack uses crypto. Unless we build mscorlib again.
If sockets can be pulled in without a circular dependency, crypto probably only needs HTTP 1.0, and definitely doesn't need TLS.
bartonjs
on 31 May 2018
@bartonjs, what do you think of my reflection-based fix?
https://github.com/dotnet/corefx/pull/30024
stephentoub
on 31 May 2018
@wfurt seems this was overlooked because we have libcurl on our Alpine machines, do you agree? If so can you please drive getting it _off_ our Alpine images, so we protect this fix ?
danmosemsft
on 1 Jun 2018
we still have platform HTTP tests e.g. curl on Unix and WinHTTP on Windows.
We would need to disable them first before removing curl from CI machines.
Also Alpine is easy as it is only supported on 2.1.
We may reuse same images for other ,net versions with different Linux variations.
wfurt
on 2 Jun 2018
Fixed in master
stephentoub
on 6 Jun 2018
@stephentoub When can we expect a release?
andtii
on 11 Jun 2018
When can we expect a release?
The fix is in master, so you can get it from daily builds. There's a PR open to port it to the release/2.1 branch at https://github.com/dotnet/corefx/pull/30033. I expect it'll catch an upcoming servicing release, but I can't speak to which exactly. @danmosemsft may be able to set more precise expectations.
In the meantime, you can work around it by installing libcurl.
stephentoub
on 11 Jun 2018
@leecow if he can share more details about 2.1 servicing plans.
karelz
on 11 Jun 2018
@andtii we expect to have a servicing release (2.1.1) out this month and this just missed it. The next opportunity to service will be later in the summer. Meantime, can you confirm that installing curl avoids the bug?
danmosemsft
on 11 Jun 2018
@danmosemsft I have verified that it works, just thinking that a lot of people will get this issue until fix is out. Maybe add it to the base image until fixed?
andtii
on 11 Jun 2018
@karelz @wfurt thoughts about that? The ones in https://hub.docker.com/r/microsoft/dotnet/tags/.
danmosemsft
on 11 Jun 2018
I'd wait with base image modification for a few reports. If we see it is indeed larger number and the workaround is not reasonable, we can adjust.
karelz
on 11 Jun 2018
Encountered the same error. Adding the following line to the Dockerfile indeed solved the problem (thanks @wfurt ). Would appreciate a fix.
RUN apk update; apk add curl
yellowblood
on 14 Jun 2018
@yellowblood the fix is on its way in servicing release. The only question is if we should modify docker images temporarily until the fix is available.
karelz
on 14 Jun 2018
Fixed in 2.1 servicing in PR dotnet/corefx#30033. Will be part of 2.1.3 release.
karelz
on 8 Jul 2018
Related issues
GitAntoinee
路
3Comments
jchannon
路
3Comments
matty-hall
路
3Comments
btecu
路
3Comments
yahorsi
路
3Comments
Most helpful comment
Fixed in 2.1 servicing in PR dotnet/corefx#30033. Will be part of 2.1.3 release.