openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #14274
[Bug 1953121] Re: jks-keystore hook fails with "java: not found" during package install
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: ca-certificates-java (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1953121
Title:
jks-keystore hook fails with "java: not found" during package install
Status in ca-certificates-java package in Ubuntu:
Confirmed
Bug description:
This is a fresh report of
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-
java/+bug/1406483 with same steps to reproduce. Currently it can be
reproduced in both impish and jammy.
ca-certificates-java installs /etc/ca-certificates/update.d/jks-
keystore that's being run as part of package installation. The hook is
run before update-alternatives installs /usr/bin/java. The script
modifies its own PATH by looking for known JRE (or JDK) installs in
/usr/lib/jvm. However, the list of known JREs is hardcoded and
outdated. When ca-certificatges-java is installed as a dependency of
openjdk-17-jre-headless, no known JRE is found, and PATH is unchanged,
so there's no java in PATH when this is first JRE being installed on
the system.
The fix in linked bug synced from Debian just adds paths of newer JREs
to check. Currently paths up to Java 11 are checked. This issue will
keep resurfacing unless ca-certificates-java is kept up to date with
latest JRE in archives, or the search for JRE is changed.
Steps to reproduce in official Docker jammy image (where no JRE is installed):
$ sudo docker run ubuntu:impish bash -c 'apt-get update && apt-get install -y openjdk-17-jre-headless'
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1953121/+subscriptions
References