gu install tries to write to /var/tmp, causing AccessDeniedException when running as non-root user

[lestephane]

Problem

Trying to install native-image as a non-root user, I get an error, since it tries to write to a weird location. At the very least, the error message makes no sense until one turns on --debug (see below).

Can I override this /var/tmp location setting using an environment variable?
If so, which one? I need it to point at /tmp or some other location in my $HOME...

Reproduction

$ sdk install java 19.2.0.1-grl
$ gu install native-image
Downloading: Component catalog from www.graalvm.org
Error: Error downloading component catalog from https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties: /var/tmp/graalvm_install7203749700295865578. 
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
$ gu --verbose install native-image
Downloading: Component catalog (source: https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties)
Receiving 123 kB: Error: Error downloading component catalog from https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties: /var/tmp/graalvm_install5621595539507288769. 
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
$ gu --debug --verbose install native-image
Downloading: Component catalog (source: https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties)
Receiving 123 kB: Error: Error downloading component catalog from https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties: /var/tmp/graalvm_install7299625528287643190. 
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
org.graalvm.component.installer.FailedOperationException: Error downloading component catalog from https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties: /var/tmp/graalvm_install7299625528287643190. 
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
	at org.graalvm.component.installer.Environment$1.failure(Environment.java:313)
	at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:116)
	at org.graalvm.component.installer.remote.MergeStorage.listComponentIDs(MergeStorage.java:65)
	at org.graalvm.component.installer.model.CatalogContents.getComponentIDs(CatalogContents.java:209)
	at org.graalvm.component.installer.model.CatalogContents.findAbbreviatedId(CatalogContents.java:219)
	at org.graalvm.component.installer.model.CatalogContents.doLoadComponents(CatalogContents.java:256)
	at org.graalvm.component.installer.model.CatalogContents.findComponent(CatalogContents.java:165)
	at org.graalvm.component.installer.remote.CatalogIterable$It.next(CatalogIterable.java:136)
	at org.graalvm.component.installer.remote.CatalogIterable$It.next(CatalogIterable.java:110)
	at org.graalvm.component.installer.commands.InstallCommand.prepareInstallation(InstallCommand.java:199)
	at org.graalvm.component.installer.commands.InstallCommand.executeStep(InstallCommand.java:259)
	at org.graalvm.component.installer.commands.InstallCommand.execute(InstallCommand.java:148)
	at org.graalvm.component.installer.ComponentInstaller.processCommand(ComponentInstaller.java:280)
	at org.graalvm.component.installer.ComponentInstaller.run(ComponentInstaller.java:406)
	at org.graalvm.component.installer.ComponentInstaller.main(ComponentInstaller.java:440)
Caused by: java.nio.file.AccessDeniedException: /var/tmp/graalvm_install7299625528287643190
	at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
	at java.nio.file.Files.createDirectory(Files.java:674)
	at java.nio.file.TempFileHelper.create(TempFileHelper.java:136)
	at java.nio.file.TempFileHelper.createTempDirectory(TempFileHelper.java:173)
	at java.nio.file.Files.createTempDirectory(Files.java:991)
	at org.graalvm.component.installer.remote.FileDownloader.createTempDir(FileDownloader.java:119)
	at org.graalvm.component.installer.remote.FileDownloader.download(FileDownloader.java:346)
	at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:110)
	... 13 more

[sdedic]

Gu is actually using Files.createTempDirectory to create a temporary directory for downloads - that should work on any platform. If the JDK fails to write to the default temp dir, you'll probably face worse problems than just gu ;)

Tempdir can be passed as a system property, but gu is compiled using native-image in the distribution, so you need to pass the parameter in appropriate way to the launcher. Use --vm.Djava.io.tmpdir=/the/temp/directory to override the default one.

[sdedic]

BWT what's your OS flavour/distribution/version ?

[lestephane]

Sorry for the delay. The info you requested.

$ lsb_release  --all
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 16.04.3 LTS
Release:	16.04
Codename:	xenial

$ java -version
openjdk version "1.8.0_232"
OpenJDK Runtime Environment (build 1.8.0_232-20191008104205.buildslave.jdk8u-src-tar--b07)
OpenJDK 64-Bit GraalVM CE 19.2.1 (build 25.232-b07-jvmci-19.2-b03, mixed mode)

I don't remember when I installed my OS, it's been in use for a looong time. But I install the JDK through sdkman to not mess up the host system, I doubt my system is corrupted, as far as Java goes.

/tmp is the value of java.io.tmpdir regrdless of whether I use GraalVM or OpenJDK (See below).

So I don't understand why it's still attempting to download something to /var/tmp

GraalVM 19.2.1 property dump

java.io.tmpdir: /tmp
java.vm.info: mixed mode
java.vm.name: OpenJDK 64-Bit GraalVM CE 19.2.1
java.vm.specification.name: Java Virtual Machine Specification
java.vm.specification.vendor: Oracle Corporation
java.vm.specification.version: 1.8
java.vm.vendor: Oracle Corporation
java.vm.version: 25.232-b07-jvmci-19.2-b03

Here is the same using OpenJDK 12

java.io.tmpdir: /tmp
java.vm.compressedOopsMode: Zero based
java.vm.info: mixed mode, sharing
java.vm.name: OpenJDK 64-Bit Server VM
java.vm.specification.name: Java Virtual Machine Specification
java.vm.specification.vendor: Oracle Corporation
java.vm.specification.version: 12
java.vm.vendor: Oracle Corporation
java.vm.version: 12.0.2+10

Still failing in 19.2.1

$ gu --debug --verbose install native-image
Downloading: Component catalog (source: https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties)
Receiving 131 kB: Error: Error downloading component catalog from https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties: /var/tmp/graalvm_install2140517582811800329. 
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
org.graalvm.component.installer.FailedOperationException: Error downloading component catalog from https://www.graalvm.org/component-catalog/graal-updater-component-catalog.properties: /var/tmp/graalvm_install2140517582811800329. 
Please check your connection and proxy settings. If your machine is behind a proxy, environment variables (http_proxy, https_proxy, ...) must be set appropriately.
	at org.graalvm.component.installer.Environment$1.failure(Environment.java:313)
	at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:116)
	at org.graalvm.component.installer.remote.MergeStorage.listComponentIDs(MergeStorage.java:65)
	at org.graalvm.component.installer.model.CatalogContents.getComponentIDs(CatalogContents.java:209)
	at org.graalvm.component.installer.model.CatalogContents.findAbbreviatedId(CatalogContents.java:219)
	at org.graalvm.component.installer.model.CatalogContents.doLoadComponents(CatalogContents.java:256)
	at org.graalvm.component.installer.model.CatalogContents.findComponent(CatalogContents.java:165)
	at org.graalvm.component.installer.remote.CatalogIterable$It.next(CatalogIterable.java:136)
	at org.graalvm.component.installer.remote.CatalogIterable$It.next(CatalogIterable.java:110)
	at org.graalvm.component.installer.commands.InstallCommand.prepareInstallation(InstallCommand.java:199)
	at org.graalvm.component.installer.commands.InstallCommand.executeStep(InstallCommand.java:259)
	at org.graalvm.component.installer.commands.InstallCommand.execute(InstallCommand.java:148)
	at org.graalvm.component.installer.ComponentInstaller.processCommand(ComponentInstaller.java:280)
	at org.graalvm.component.installer.ComponentInstaller.run(ComponentInstaller.java:406)
	at org.graalvm.component.installer.ComponentInstaller.main(ComponentInstaller.java:440)
Caused by: java.nio.file.AccessDeniedException: /var/tmp/graalvm_install2140517582811800329
	at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
	at java.nio.file.Files.createDirectory(Files.java:674)
	at java.nio.file.TempFileHelper.create(TempFileHelper.java:136)
	at java.nio.file.TempFileHelper.createTempDirectory(TempFileHelper.java:173)
	at java.nio.file.Files.createTempDirectory(Files.java:991)
	at org.graalvm.component.installer.remote.FileDownloader.createTempDir(FileDownloader.java:119)
	at org.graalvm.component.installer.remote.FileDownloader.download(FileDownloader.java:346)
	at org.graalvm.component.installer.ce.WebCatalog.getStorage(WebCatalog.java:110)
	... 13 more

[sdedic]

This is strange (I have an Ubunut too ;) and here the writes go to the /tmp as usual). You can see on the stacktrace yourself that there's no black magic: only prefix is passed on FileDownloader:119 not the target directory.

Does java.io.tmpdir work if you pass it through that explicit commandline option to gu ?

[lestephane]

I'm unable to pass java.io.tmpdir to gu install

$ gu install --vm.Djava.io.tmpdir=/tmp native-image
Command install does not support option -vm.Djava.io.tmpdir=/tmp
$ gu install --vm-Djava.io.tmpdir=/tmp native-image
Command install does not support option -vm-Djava.io.tmpdir=/tmp
$ gu install -h
Usage:
gu add [-0cfFinorvyxY] param [param ...]

Options:
	--dry-run
	-0        dry run, do not change anything
	--catalog
	-c      treat parameters as component IDs from catalog of GraalVM components. This is the default.
	--file
	-F      treat parameters as filenames of packaged components.
	--force
	-f        force overwrite, bypass version checks.
	-fail-existing
	-i        fail on existing component.
	--no-progress
	-n        do not display download progress.
	--overwrite
	-o    overwrite different files.
	--replace
	-r        replace existing components.
	--url
	-u      interpret parameters as URLs of packaged components.
	--verbose
	-v      be verbose. Prints versions and dependency info.
	--ignore
	-x        ignore failures.
	--only-validate
	-y        do not install, just check compatibility and conflicting files.
	--validate-before
	-Y        downloads, verifies, checks file conflict before any disk change is made.

[sdedic]

Oops. Apologies, my big mistake: I wasn't testing on a pristine install, so bash launcher for GU was present and I didn't notice that. It seems that a wrapper interpreting --vm.* is not being compiled in at all - should be fixed in GU, independently of the root "/var/tmp" issue.
Sorry for the confusion.

With a pristine installation, it's obvious that native-imaged GU indeed writes into a different directory (/var/tmp) than when launched with good old java (/tmp), which may or may not be desirable, will check.

[danielkec]

We have ran in to the same issue on Ubuntu:

TempReproducer.java:

import java.nio.file.Files;
import java.nio.file.Path;
public final class TempReproducer {
    public static void main(String[] args) {
        try {
            Path tempPath = Files.createTempFile("helidon-large", ".tmp");
            System.out.println("Temp file: " + tempPath.toAbsolutePath().toString());
        } catch (java.io.IOException e) {
            throw new RuntimeException("Failed to open temporary file", e);
        }
    }
}

kec@vulcan:~/tmp/native-temp$ javac TempReproducer.java
kec@vulcan:~/tmp/native-temp$ native-image --no-server TempReproducer
kec@vulcan:~/tmp/native-temp$ java TempReproducer 
Temp file: /tmp/helidon-large9059398991885025175.tmp
kec@vulcan:~/tmp/native-temp$ ./tempreproducer 
Exception in thread "main" java.lang.RuntimeException: Failed to open temporary file
	at TempReproducer.main(TempReproducer.java:9)
Caused by: java.nio.file.AccessDeniedException: /var/tmp/helidon-large17658088856362561823.tmp

Linux vulcan 5.3.0-51-generic #44~18.04.2-Ubuntu SMP Thu Apr 23 14:27:18 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
kec@vulcan:~/tmp/native-temp$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.4 LTS
Release:	18.04
Codename:	bionic
kec@vulcan:~/tmp/native-temp$ native-image --version
GraalVM Version 20.0.1 EE

[christianwimmer]

I think this issue has been fixed in the last months. If it is still reproducible, please re-open the issue.