939336 – dev-java/openjdk-bin 17 and 21: link to cacerts file not correct

Bug 939336 - dev-java/openjdk-bin 17 and 21: link to cacerts file not correct

Summary: dev-java/openjdk-bin 17 and 21: link to cacerts file not correct

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Java team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2024-09-08 16:56 UTC by kjjalmgu
Modified:	2024-09-09 19:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge --info (emerge.info,6.27 KB, text/plain) 2024-09-09 16:58 UTC, kjjalmgu	Details
cacert screenshot (cacert.png,9.78 KB, image/png) 2024-09-09 17:34 UTC, kjjalmgu	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description kjjalmgu 2024-09-08 16:56:42 UTC

In 
/usr/lib/jvm/openjdk-bin-17/lib/security
and
/usr/lib/jvm/openjdk-bin-21/lib/security

the link to the cacert file is set to 

cacerts -> ../../../../etc/ssl/certs/java/cacerts

which points to 
/usr/lib/etc/ssl/certs/java/cacerts

The real path for the cacert file is obviously:
/etc/ssl/certs/java/cacerts

When staarting a program in user space which relies on the cacerts it reurns:

[...]
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 
[...]

After fixing the link:
ln -s /etc/ssl/certs/java/cacerts ./cacerts in that directories it works fine.

Comment 1 Volkmar W. Pogatzki 2024-09-09 07:04:46 UTC

How to reproduce? Please describe step-by-step.

Comment 2 Sam James archtester

2024-09-09 11:22:52 UTC

For me, the symlink is corrrect.

$ ls -hal /usr/lib/jvm/openjdk-bin-21/lib/security
total 244K
drwxr-xr-x 2 root root   94 Jul 24 12:56 .
drwxr-xr-x 5 root root 4.0K Jul 24 12:56 ..
-rw-r--r-- 1 root root 2.5K Jul 17 00:40 blocked.certs
lrwxrwxrwx 1 root root   38 Jul 24 12:42 cacerts -> ../../../../etc/ssl/certs/java/cacerts
-rw-r--r-- 1 root root  11K Jul 17 00:40 default.policy
-rw-r--r-- 1 root root 224K Jul 17 00:40 public_suffix_list.dat

$ realpath /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts
/etc/ssl/certs/java/cacerts

Please include emerge --info.

Comment 3 Sam James archtester

2024-09-09 11:24:02 UTC

The ebuild does:

        local dest="/opt/${P}"
        local ddest="${ED}/${dest#/}"
[...]
        dosym -r /etc/ssl/certs/java/cacerts "${dest}"/lib/security/cacerts

which looks a bit odd but not necessarily wrong. More information is needed.

Comment 4 kjjalmgu 2024-09-09 16:58:23 UTC

Created attachment 902447 [details]
emerge --info

Comment 5 kjjalmgu 2024-09-09 17:34:42 UTC

Created attachment 902484 [details]
cacert screenshot

Comment 6 kjjalmgu 2024-09-09 17:35:30 UTC

readlink -f /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts > empty


realpath /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts
realpath: /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts: No such file or directory

Comment 7 kjjalmgu 2024-09-09 17:48:05 UTC

> ls -hal /usr/lib/jvm/openjdk-bin-21/lib/security

total 248K
drwxr-xr-x 2 root root 4,0K Sep  9 19:29 .
drwxr-xr-x 5 root root 4,0K Sep  9 19:29 ..
-rw-r--r-- 1 root root 2,5K Jul 17 01:40 blocked.certs
lrwxrwxrwx 1 root root   38 Sep  9 19:28 cacerts -> ../../../../etc/ssl/certs/java/cacerts
-rw-r--r-- 1 root root  11K Jul 17 01:40 default.policy
-rw-r--r-- 1 root root 224K Jul 17 01:40 public_suffix_list.da


which is the same as your output. But if my math is correct the link goes 4 nodes up which is security => lib => openjdk-bin-21 => jvm, so /usr/lib still remains, doesn't it? Is your /etc in /usr/lib or linked in it?

Comment 8 kjjalmgu 2024-09-09 17:59:05 UTC

OK, got it. 
I moved opt to another drive and linked it to /home/opt/

> realpath /opt/
/home/opt

That's why the link isn't working anymore. If i move it back to /opt it works fine. 

Is it possible to fix that linking?