openjdk team mailing list archive

Thread
Date

[Bug 1953121] [NEW] jks-keystore hook fails with "java: not found" during package install

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Tomáš Virtus <1953121@xxxxxxxxxxxxxxxxxx>
Date: Fri, 03 Dec 2021 07:27:11 -0000
Reply-to: Bug 1953121 <1953121@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Public bug reported:

This is a fresh report of https://bugs.launchpad.net/ubuntu/+source/ca-
certificates-java/+bug/1406483 with same steps to reproduce. Currently
it can be reproduced in both impish and jammy.

ca-certificates-java installs /etc/ca-certificates/update.d/jks-keystore
that's being run as part of package installation. The hook is run before
update-alternatives installs /usr/bin/java. The script modifies its own
PATH by looking for known JRE (or JDK) installs in /usr/lib/jvm.
However, the list of known JREs is hardcoded and outdated. When ca-
certificatges-java is installed as a dependency of openjdk-17-jre-
headless, no known JRE is found, and PATH is unchanged, so there's no
java in PATH when this is first JRE being installed on the system.

The fix in linked bug synced from Debian just adds paths of newer JREs
to check. Currently paths up to Java 11 are checked. This issue will
keep resurfacing unless ca-certificates-java is kept up to date with
latest JRE in archives, or the search for JRE is changed.

Steps to reproduce in official Docker jammy image (where no JRE is installed):
$ sudo docker run ubuntu:impish bash -c 'apt-get update && apt-get install -y openjdk-17-jre-headless'

** Affects: ca-certificates-java (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: impish jammy

** Description changed:

  This is a fresh report of https://bugs.launchpad.net/ubuntu/+source/ca-
  certificates-java/+bug/1406483 with same steps to reproduce. Currently
  it can be reproduced in both impish and jammy.
  
  ca-certificates-java installs /etc/ca-certificates/update.d/jks-keystore
  that's being run as part of package installation. The hook is run before
  update-alternatives installs /usr/bin/java. The script modifies its own
  PATH by looking for known JRE (or JDK) installs in /usr/lib/jvm.
  However, the list of known JREs is hardcoded and outdated. When ca-
  certificatges-java is installed as a dependency of openjdk-17-jre-
  headless, no known JRE is found, and PATH is unchanged, so there's no
  java in PATH when this is first JRE being installed on the system.
  
- The fix in linked bug synced from Debian just paths of newer JREs to
- check. Currently paths up to Java 11 are checked. This issue will keep
- resurfacing unless ca-certificates-java is kept up to date with latest
- JRE in archives, or the search for JRE is changed.
+ The fix in linked bug synced from Debian just adds paths of newer JREs
+ to check. Currently paths up to Java 11 are checked. This issue will
+ keep resurfacing unless ca-certificates-java is kept up to date with
+ latest JRE in archives, or the search for JRE is changed.
  
  Steps to reproduce in official Docker jammy image (where no JRE is installed):
  $ sudo docker run ubuntu:impish bash -c 'apt-get update && apt-get install -y openjdk-17-jre-headless'

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1953121

Title:
  jks-keystore hook fails with "java: not found" during package install

Status in ca-certificates-java package in Ubuntu:
  New

Bug description:
  This is a fresh report of
  https://bugs.launchpad.net/ubuntu/+source/ca-certificates-
  java/+bug/1406483 with same steps to reproduce. Currently it can be
  reproduced in both impish and jammy.

  ca-certificates-java installs /etc/ca-certificates/update.d/jks-
  keystore that's being run as part of package installation. The hook is
  run before update-alternatives installs /usr/bin/java. The script
  modifies its own PATH by looking for known JRE (or JDK) installs in
  /usr/lib/jvm. However, the list of known JREs is hardcoded and
  outdated. When ca-certificatges-java is installed as a dependency of
  openjdk-17-jre-headless, no known JRE is found, and PATH is unchanged,
  so there's no java in PATH when this is first JRE being installed on
  the system.

  The fix in linked bug synced from Debian just adds paths of newer JREs
  to check. Currently paths up to Java 11 are checked. This issue will
  keep resurfacing unless ca-certificates-java is kept up to date with
  latest JRE in archives, or the search for JRE is changed.

  Steps to reproduce in official Docker jammy image (where no JRE is installed):
  $ sudo docker run ubuntu:impish bash -c 'apt-get update && apt-get install -y openjdk-17-jre-headless'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1953121/+subscriptions

Follow ups

[Bug 1953121] Re: jks-keystore hook fails with "java: not found" during package install
From: Vladimir Petko, 2023-01-08
[Bug 1953121] Re: jks-keystore hook fails with "java: not found" during package install
From: Launchpad Bug Tracker, 2022-06-28