You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We use a customized version of the java offline buildpack with Oracle Java instead of OpenJDK. The buildpack fails to stage since we upgraded from version 3.12 to 3.15
-----> Downloading Container Certificate Trust Store 2.0.0_RELEASE from https://java-buildpack.cloudfoundry.org/container-certificate-trust-store/container-certificate-trust-store-2.0.0_RELEASE.jar (found in cache)
Adding certificates to .java-buildpack/container_certificate_trust_store/truststore.jks
Command '/tmp/app/.java-buildpack/oracle_jre/bin/java -jar /tmp/app/.java-buildpack/container_certificate_trust_store/container_certificate_trust_store-2.0.0_RELEASE.jar --container-source /etc/ssl/certs/ca-certificates.crt --destination /tmp/app/.java-buildpack/container_certificate_trust_store/truststore.jks --destination-password java-buildpack-trust-store-password --jre-source /tmp/app/.java-buildpack/oracle_jre/lib/security/cacerts --jre-source-password changeit' has failed
STDOUT:
STDERR: Exception in thread "main" java.nio.file.NoSuchFileException: /tmp/app/.java-buildpack/oracle_jre/lib/security/cacerts
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
at java.nio.file.Files.newInputStream(Files.java:152)
at org.cloudfoundry.certificate.ContainerCertificateTrustStoreBuilder.addJreCertificates(ContainerCertificateTrustStoreBuilder.java:55)
at org.cloudfoundry.certificate.ContainerCertificateTrustStoreBuilder.createTrustStore(ContainerCertificateTrustStoreBuilder.java:72)
at org.cloudfoundry.certificate.ContainerCertificateTrustStoreBuilder.main(ContainerCertificateTrustStoreBuilder.java:36)
[Buildpack] ERROR Compile failed with exception RuntimeError
Failed to compile droplet
I would say this was introduced with JRE truststore inclusion in 3.13
Oracle places cacerts in jre/lib/security instead of lib/security.
The buildpack code is missing to things:
an alternate cacerts location for Oracle java
an error handling when it cannot find the cacerts file instead of failing the whole staging process
Our current workaround extracts the cacerts file from Oracle Java and places it into the buildpack filesystem overlay for lib/security.
The text was updated successfully, but these errors were encountered:
The problem is that you've customized your version of the buildpack to use the Oracle JDK, not the Oracle JRE. The buildpack has only ever supported the JRE (specifically excluding compilation abilities in the container). If you provide a JRE instead of a JDK this will work.
I'll keep this issue open to improve the failure mode, but I do plan to continue to fail staging on a missing JRE_ROOT/lib/security/cacerts.
Good point. We are using Oracle Server JRE which uses the same directory structure as the JDK. I've just checked all three variants for comparison (latest Java 8 U131):
JRE: lib/security/cacerts
Server-JRE: jre/lib/security/cacerts
JDK: jre/lib/security/cacerts
The documentation gave no hint the server jre is not supported. It is specially mentioned for the JCE Unlimited Strengh JARs. Although this special directory structure is missing in the paragraph for including the cacerts file.
Previously, that JRE source was a required parameter to the application. A
recent problem where the JRE source could not be found in its usual place
(because it was a server JRE) indicated that staging should no fail completely
if a JRE source can't be found. This change makes that parameter optional so
that staging can progress even in the face of a missing JRE source.
[cloudfoundry/java-buildpack#415]
We use a customized version of the java offline buildpack with Oracle Java instead of OpenJDK. The buildpack fails to stage since we upgraded from version 3.12 to 3.15
I would say this was introduced with JRE truststore inclusion in 3.13
Oracle places cacerts in jre/lib/security instead of lib/security.
The buildpack code is missing to things:
Our current workaround extracts the cacerts file from Oracle Java and places it into the buildpack filesystem overlay for lib/security.
The text was updated successfully, but these errors were encountered: