Skip to content

Use a safer way to create the temporary access filter file#852

Merged
jormundur00 merged 1 commit into
graalvm:masterfrom
sschuberth:safe-tmpfile
Mar 25, 2026
Merged

Use a safer way to create the temporary access filter file#852
jormundur00 merged 1 commit into
graalvm:masterfrom
sschuberth:safe-tmpfile

Conversation

@sschuberth

@sschuberth sschuberth commented Mar 18, 2026

Copy link
Copy Markdown
Contributor

This should fix #653 (and #626) for good.

@oracle-contributor-agreement oracle-contributor-agreement Bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Mar 18, 2026
@sschuberth sschuberth mentioned this pull request Mar 18, 2026
Closed
@sschuberth

sschuberth commented Mar 18, 2026

Copy link
Copy Markdown
Contributor Author

@fniephaus, mind having a look maybe?

@fniephaus

fniephaus commented Mar 18, 2026

Copy link
Copy Markdown
Member

Sure, will take a look tomorrow.

fniephaus
fniephaus reviewed Mar 19, 2026
View reviewed changes

@fniephaus fniephaus left a comment
edited
Loading

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Looks good to me. Replacing the manually constructed temp filename with Files.createTempFile(...) fixes the collision behind #653 and #626, and keeping the existing ATOMIC_MOVE + FileAlreadyExistsException handling preserves the intended race behavior when multiple processes initialize the shared access filter at once.

@fniephaus fniephaus requested a review from vjovanov March 19, 2026 07:50
@vjovanov vjovanov requested a review from jormundur00 March 19, 2026 08:13
@jormundur00

jormundur00 commented Mar 19, 2026

Copy link
Copy Markdown
Member

LGTM, I'd just wait for the 1.0-M1 release PRs to merge first, so we can keep a consistent timeline in our commits.

@fniephaus

fniephaus commented Mar 19, 2026

Copy link
Copy Markdown
Member

@jormundur00 sounds good to me. Could you please merge this once the other PR has landed? Thanks!

@jormundur00 jormundur00 merged commit 395f3b2 into graalvm:master Mar 25, 2026
283 checks passed
@sschuberth sschuberth deleted the safe-tmpfile branch March 25, 2026 07:19
@sschuberth

sschuberth commented Mar 25, 2026

Copy link
Copy Markdown
Contributor Author

LGTM, I'd just wait for the 1.0-M1 release PRs to merge first, so we can keep a consistent timeline in our commits.

Oh, I though this fix would still make it into the 1.0.0 final release. But it seems it unfortunately didn't 😞

@jormundur00

jormundur00 commented Mar 25, 2026

Copy link
Copy Markdown
Member

LGTM, I'd just wait for the 1.0-M1 release PRs to merge first, so we can keep a consistent timeline in our commits.

Oh, I though this fix would still make it into the 1.0.0 final release. But it seems it unfortunately didn't 😞

Due to company policy, we had to rename the 1.0-M1 release to 1.0.0 (meaning 1.0-M2 will be 1.0.1). As this release is more of a re-release of 1.0-M1, I didn't want to add anything new in it. This PR will be present in the 1.0.1 release, while what we previously labeled as the 1.0.0 final release will most likely be 1.1.0 now.

@sschuberth

sschuberth commented Mar 25, 2026

Copy link
Copy Markdown
Contributor Author

Weird, but thanks 😄 Any timeline for the 1.0.1 release with this fix?

@jormundur00

jormundur00 commented Mar 25, 2026

Copy link
Copy Markdown
Member

Weird, but thanks 😄 Any timeline for the 1.0.1 release with this fix?

I believe 1.0.1 is scheduled for mid-april. My apologies for the inconvenience, I hope this issue isn't blocking you anywhere.

@sschuberth

sschuberth commented Mar 25, 2026

Copy link
Copy Markdown
Contributor Author

I hope this issue isn't blocking you anywhere.

We do see intermittent CI failures on Windows due to this. But we'll continue to retrigger these tests like we did in the past for the time being then 😉

mergify Bot added a commit to robfrank/linklift that referenced this pull request May 3, 2026
@mergify
chore(deps): bump org.graalvm.buildtools:native-maven-plugin from 0.1…
2b9978c 
…1.5 to 1.1.0 [skip ci]

Bumps [org.graalvm.buildtools:native-maven-plugin](https://github.com/graalvm/native-build-tools) from 0.11.5 to 1.1.0.
Release notes

*Sourced from [org.graalvm.buildtools:native-maven-plugin's releases](https://github.com/graalvm/native-build-tools/releases).*

> 1.1.0
> -----
>
> What's Changed
> --------------
>
> * Release 1.0.0 by [`@​graalvmbot`](https://github.com/graalvmbot) in [graalvm/native-build-tools#857](https://redirect.github.com/graalvm/native-build-tools/pull/857)
> * Bump version to 1.0.1-SNAPSHOT by [`@​graalvmbot`](https://github.com/graalvmbot) in [graalvm/native-build-tools#858](https://redirect.github.com/graalvm/native-build-tools/pull/858)
> * Use a safer way to create the temporary access filter file by [`@​sschuberth`](https://github.com/sschuberth) in [graalvm/native-build-tools#852](https://redirect.github.com/graalvm/native-build-tools/pull/852)
> * Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.132.Final in /samples/metadata-repo-integration by [`@​dependabot`](https://github.com/dependabot)[bot] in [graalvm/native-build-tools#859](https://redirect.github.com/graalvm/native-build-tools/pull/859)
> * Add class introduced in 5.14.1/6.0.1 by [`@​marcphilipp`](https://github.com/marcphilipp) in [graalvm/native-build-tools#794](https://redirect.github.com/graalvm/native-build-tools/pull/794)
> * Reduce CI usage by running CI only on "pull\_request" and running only the latest gradle version (except when creating a new release) by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#861](https://redirect.github.com/graalvm/native-build-tools/pull/861)
> * Update latest docs symlink and improve 1.0.0 release notes by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#866](https://redirect.github.com/graalvm/native-build-tools/pull/866)
> * Fix early classpath resolution in GenerateDynamicAccessMetadata by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#868](https://redirect.github.com/graalvm/native-build-tools/pull/868)
> * Bump reachability metadata version to 1.0.0 by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#879](https://redirect.github.com/graalvm/native-build-tools/pull/879)
> * Add listLibrariesMissingMetadata task/goal for Gradle and Maven by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#877](https://redirect.github.com/graalvm/native-build-tools/pull/877)
>
> **Full Changelog**: <graalvm/native-build-tools@1.0.0...1.1.0>
>
> 1.0.0
> -----
>
> Breaking Changes
> ----------------
>
> * Native Build Tools 1.0.0 moves to the `1.0-M1` release of the reachability metadata repository, which uses the new `reachability-metadata.json` metadata format and no longer uses the global `metadata/index.json`.
> * This may require dependency and metadata updates in downstream projects; some stacks can regress until they adapt.
>
> What's Changed
> --------------
>
> * Fix broken JavaApplicationFunctionalTest due to using a removed feature by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#850](https://redirect.github.com/graalvm/native-build-tools/pull/850)
> * Remove the usage of the global metadata/index.json from the nbt plugins by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#829](https://redirect.github.com/graalvm/native-build-tools/pull/829)
> * Add reachability-metadata-schema cross-validation by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#840](https://redirect.github.com/graalvm/native-build-tools/pull/840)
> * Merge 1.0-M1 branch to master by [`@​jormundur00`](https://github.com/jormundur00) in [graalvm/native-build-tools#848](https://redirect.github.com/graalvm/native-build-tools/pull/848)
>
> **Full Changelog**: <graalvm/native-build-tools@0.11.5...1.0.0>


Commits

* [`84cc046`](graalvm/native-build-tools@84cc046) Release 1.1.0
* [`95512d0`](graalvm/native-build-tools@95512d0) Add listLibrariesMissingMetadata task/goal for Gradle and Maven ([#877](https://redirect.github.com/graalvm/native-build-tools/issues/877))
* [`0dcda78`](graalvm/native-build-tools@0dcda78) Merge pull request [#879](https://redirect.github.com/graalvm/native-build-tools/issues/879) from jormundur00/bump-metadata-repository-1.0.0
* [`e5b90f0`](graalvm/native-build-tools@e5b90f0) Bump reachability metadata version to 1.0.0
* [`05f45d3`](graalvm/native-build-tools@05f45d3) Fix early classpath resolution in GenerateDynamicAccessMetadata ([#868](https://redirect.github.com/graalvm/native-build-tools/issues/868))
* [`4d614c7`](graalvm/native-build-tools@4d614c7) Update latest docs symlink and improve 1.0.0 release notes ([#866](https://redirect.github.com/graalvm/native-build-tools/issues/866))
* [`ee1351d`](graalvm/native-build-tools@ee1351d) Reduce CI usage by running CI only on "pull\_request" and running only the lat...
* [`c6f3674`](graalvm/native-build-tools@c6f3674) Add class introduced in 5.14.1/6.0.1 ([#794](https://redirect.github.com/graalvm/native-build-tools/issues/794))
* [`5bc69bd`](graalvm/native-build-tools@5bc69bd) Bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.132.Final in /sample...
* [`395f3b2`](graalvm/native-build-tools@395f3b2) Use a safer way to create the temporary access filter file ([#852](https://redirect.github.com/graalvm/native-build-tools/issues/852))
* Additional commits viewable in [compare view](graalvm/native-build-tools@0.11.5...1.1.0)
  
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=org.graalvm.buildtools:native-maven-plugin&package-manager=maven&previous-version=0.11.5&new-version=1.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
  
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show  ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vjovanov vjovanov vjovanov approved these changes

@fniephaus fniephaus fniephaus approved these changes

@jormundur00 jormundur00 jormundur00 approved these changes

Assignees

@sschuberth sschuberth

@fniephaus fniephaus

Labels

OCA Verified All contributors have signed the Oracle Contributor Agreement.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Sporadic Gradle failure: access-filter.json already exists (still exist in 0.10.4)

4 participants

@sschuberth @fniephaus @jormundur00 @vjovanov