Make sure `net.i2p.crypto:eddsa` is native-friendly

[gastaldi]

While building a native image using this extension, I get the following error:

Caused by: com.oracle.graal.pointsto.constraints.UnsupportedFeatureException: Discovered unresolved type during parsing: sun.security.x509.X509Key. This error is reported at image build time because class net.i2p.crypto.eddsa.EdDSAEngine is registered for linking at image build time by command line and command line.
Error encountered while parsing net.i2p.crypto.eddsa.EdDSAEngine.engineInitVerify(EdDSAEngine.java:147)
Parsing context:
   at java.security.Signature$Delegate.engineInitVerify(Signature.java:1333)
   at java.security.Signature.initVerify(Signature.java:505)
   at root method.(Unknown Source)

Detailed message:

    at org.graalvm.nativeimage.pointsto/com.oracle.graal.pointsto.constraints.UnsupportedFeatures.report(UnsupportedFeatures.java:126)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.NativeImageGenerator.runPointsToAnalysis(NativeImageGenerator.java:809)
    ... 6 more
Caused by: com.oracle.graal.pointsto.constraints.UnresolvedElementException: Discovered unresolved type during parsing: sun.security.x509.X509Key. This error is reported at image build time because class net.i2p.crypto.eddsa.EdDSAEngine is registered for linking at image build time by command line and command line.
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.reportUnresolvedElement(SharedGraphBuilderPhase.java:550)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.reportUnresolvedElement(SharedGraphBuilderPhase.java:544)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.handleUnresolvedType(SharedGraphBuilderPhase.java:436)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.handleUnresolvedInstanceOf(SharedGraphBuilderPhase.java:318)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.genInstanceOf(BytecodeParser.java:4564)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.genInstanceOf(BytecodeParser.java:4557)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.processBytecode(BytecodeParser.java:5450)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.iterateBytecodesForBlock(BytecodeParser.java:3431)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.iterateBytecodesForBlock(SharedGraphBuilderPhase.java:743)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.handleBytecodeBlock(BytecodeParser.java:3391)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.processBlock(BytecodeParser.java:3233)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.build(BytecodeParser.java:1137)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase$SharedBytecodeParser.build(SharedGraphBuilderPhase.java:162)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.BytecodeParser.buildRootMethod(BytecodeParser.java:1029)
    at jdk.internal.vm.compiler/org.graalvm.compiler.java.GraphBuilderPhase$Instance.run(GraphBuilderPhase.java:101)
    at org.graalvm.nativeimage.builder/com.oracle.svm.hosted.phases.SharedGraphBuilderPhase.run(SharedGraphBuilderPhase.java:116)
    at jdk.internal.vm.compiler/org.graalvm.compiler.phases.Phase.run(Phase.java:49)
    at jdk.internal.vm.compiler/org.graalvm.compiler.phases.BasePhase.apply(BasePhase.java:434)
    at jdk.internal.vm.compiler/org.graalvm.compiler.phases.Phase.apply(Phase.java:42)
    at jdk.internal.vm.compiler/org.graalvm.compiler.phases.Phase.apply(Phase.java:38)

[appiepollo14]

@gastaldi see this reference for spring native compilation. I believe this is applicable to sshd as well right? https://docs.spring.io/spring-cloud-config/reference/server/aot-and-native-image-support.html Is this a workaround or can this be. solved in the project?

[gastaldi]

If the intention is to depend on this library, then yes, this may be a potential solution

[erik-wramner]

What happened with this?

[appiepollo14]

@erik-wramner nothing by me. Would love to solve enabling sshd in native compiled Quarkus apps but don't know where to start. Any pointers @gastaldi ?

[gastaldi]

I'll try to submit a PR once I reproduce it in a test

[appiepollo14]

@gastaldi Can the related issues reproducer be of any assistance? https://github.com/quarkiverse/quarkus-jgit/issues/121#issuecomment-2037899769

[gastaldi]

@appiepollo14 maybe, can you confirm it is reproducible using Quarkus 3.11.3?

[appiepollo14]

@gastaldi The reproducer mixes different changes. Namely your draft pr https://github.com/quarkiverse/quarkus-jgit/issues/122 I will do some refactoring to removes such variables from the reproducer and report back on this issue.

[appiepollo14]

@gastaldi Updatet the reproducer to the latest Quarkus release. Still depending on the jgit 999 version to use the sshd implemention. When executing quarkus build --native the error will occur.

p.s. the code is not able to succesfully do a git checkout because of authentication. Did not manage to fix this in time.

[erik-wramner]

Not sure how feasible it would be, but Quarkus uses modern Java versions (17 and 21) that support EDDSA without external dependencies. If we could get Apache's SSH library to use that instead or inject changes to that effect we would be able to drop the problematic dependency.

We went for another library, so unfortunately I won't have time to help.