← Back to team overview

openjdk team mailing list archive

[Bug 1953121] Re: jks-keystore hook fails with "java: not found" during package install

 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: ca-certificates-java (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1953121

Title:
  jks-keystore hook fails with "java: not found" during package install

Status in ca-certificates-java package in Ubuntu:
  Confirmed

Bug description:
  This is a fresh report of
  https://bugs.launchpad.net/ubuntu/+source/ca-certificates-
  java/+bug/1406483 with same steps to reproduce. Currently it can be
  reproduced in both impish and jammy.

  ca-certificates-java installs /etc/ca-certificates/update.d/jks-
  keystore that's being run as part of package installation. The hook is
  run before update-alternatives installs /usr/bin/java. The script
  modifies its own PATH by looking for known JRE (or JDK) installs in
  /usr/lib/jvm. However, the list of known JREs is hardcoded and
  outdated. When ca-certificatges-java is installed as a dependency of
  openjdk-17-jre-headless, no known JRE is found, and PATH is unchanged,
  so there's no java in PATH when this is first JRE being installed on
  the system.

  The fix in linked bug synced from Debian just adds paths of newer JREs
  to check. Currently paths up to Java 11 are checked. This issue will
  keep resurfacing unless ca-certificates-java is kept up to date with
  latest JRE in archives, or the search for JRE is changed.

  Steps to reproduce in official Docker jammy image (where no JRE is installed):
  $ sudo docker run ubuntu:impish bash -c 'apt-get update && apt-get install -y openjdk-17-jre-headless'

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1953121/+subscriptions



References