Fork me on GitHub
#portkey
<
2017-10-06
>
cgrand12:10:18

Ok, it’s time for an update on “why does it take so long to fix this problem?”

cgrand12:10:06

As an appetizer: kryo vs collections.

cgrand12:10:53

When kryo serializes a map, it writes its class id followed by keys and values interleaved.

cgrand12:10:19

Upon deserialization, it instanciates the class and then call .put for each entry

cgrand12:10:15

This fails when the map is immutable since .put mutates (and is optional). That’s why we teach it to deal with IPersistentMap differently

cgrand12:10:49

the other asumption is that from the class alone it can recreate an empty collection.

cgrand12:10:15

Alas for some classes there’s no default constructor (not even a private one)

cgrand12:10:54

so objenesis performs a bare allocation were all fields are uninitialized

cgrand12:10:52

is created as a bare object

cgrand12:10:29

but then .put is called and what this object does is that it delegates to one of its field which is... uninitialized.

cgrand12:10:12

so I fixed this by “when no 0-arg ctor, uses field-by-field serialization”

cgrand12:10:35

</appetizer>

cgrand12:10:52

The current problem root are org.apache.http.config.Registry instances defined by clj-http

cgrand12:10:30

which transitively refers many classes, especially in sun.security.*

cgrand12:10:18

which have to be serialized field by field but apparently they differ between AWS and my JDK

viesti13:10:39

didn’t yet read your response, but thinking that we don’t have SLA for fixes, working in a way that doesn’t put too much stress 🙂

viesti13:10:08

aws lambda uses amazon linux ami

viesti13:10:07

not the latest AMI apparently, at least on the box that the above lambda lives

viesti13:10:21

meh, unable to run “java -version” subprocess, apparently

cgrand13:10:08

not going down this path

viesti13:10:30

yeah well, just remembered that was playing with the above lambda

cgrand13:10:35

maybe sane serialization can occur at a coarser level for all these security objects

viesti13:10:14

would one have to write a Serializer for each class individually?