Bug 939336

Summary:	dev-java/openjdk-bin 17 and 21: link to cacerts file not correct
Product:	Gentoo Linux	Reporter:	kjjalmgu
Component:	Current packages	Assignee:	Java team <java>
Status:	UNCONFIRMED ---
Severity:	normal	CC:	kjjalmgu
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	emerge --info cacert screenshot

Description kjjalmgu 2024-09-08 16:56:42 UTC

In 
/usr/lib/jvm/openjdk-bin-17/lib/security
and
/usr/lib/jvm/openjdk-bin-21/lib/security

the link to the cacert file is set to 

cacerts -> ../../../../etc/ssl/certs/java/cacerts

which points to 
/usr/lib/etc/ssl/certs/java/cacerts

The real path for the cacert file is obviously:
/etc/ssl/certs/java/cacerts

When staarting a program in user space which relies on the cacerts it reurns:

[...]
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 
[...]

After fixing the link:
ln -s /etc/ssl/certs/java/cacerts ./cacerts in that directories it works fine.

Comment 1 Volkmar W. Pogatzki 2024-09-09 07:04:46 UTC

How to reproduce? Please describe step-by-step.

Comment 2 Sam James archtester

2024-09-09 11:22:52 UTC

For me, the symlink is corrrect.

$ ls -hal /usr/lib/jvm/openjdk-bin-21/lib/security
total 244K
drwxr-xr-x 2 root root   94 Jul 24 12:56 .
drwxr-xr-x 5 root root 4.0K Jul 24 12:56 ..
-rw-r--r-- 1 root root 2.5K Jul 17 00:40 blocked.certs
lrwxrwxrwx 1 root root   38 Jul 24 12:42 cacerts -> ../../../../etc/ssl/certs/java/cacerts
-rw-r--r-- 1 root root  11K Jul 17 00:40 default.policy
-rw-r--r-- 1 root root 224K Jul 17 00:40 public_suffix_list.dat

$ realpath /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts
/etc/ssl/certs/java/cacerts

Please include emerge --info.

Comment 3 Sam James archtester

2024-09-09 11:24:02 UTC

The ebuild does:

        local dest="/opt/${P}"
        local ddest="${ED}/${dest#/}"
[...]
        dosym -r /etc/ssl/certs/java/cacerts "${dest}"/lib/security/cacerts

which looks a bit odd but not necessarily wrong. More information is needed.

Comment 4 kjjalmgu 2024-09-09 16:58:23 UTC

Created attachment 902447 [details]
emerge --info

Comment 5 kjjalmgu 2024-09-09 17:34:42 UTC

Created attachment 902484 [details]
cacert screenshot

Comment 6 kjjalmgu 2024-09-09 17:35:30 UTC

readlink -f /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts > empty


realpath /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts
realpath: /usr/lib/jvm/openjdk-bin-21/lib/security/cacerts: No such file or directory

Comment 7 kjjalmgu 2024-09-09 17:48:05 UTC

> ls -hal /usr/lib/jvm/openjdk-bin-21/lib/security

total 248K
drwxr-xr-x 2 root root 4,0K Sep  9 19:29 .
drwxr-xr-x 5 root root 4,0K Sep  9 19:29 ..
-rw-r--r-- 1 root root 2,5K Jul 17 01:40 blocked.certs
lrwxrwxrwx 1 root root   38 Sep  9 19:28 cacerts -> ../../../../etc/ssl/certs/java/cacerts
-rw-r--r-- 1 root root  11K Jul 17 01:40 default.policy
-rw-r--r-- 1 root root 224K Jul 17 01:40 public_suffix_list.da


which is the same as your output. But if my math is correct the link goes 4 nodes up which is security => lib => openjdk-bin-21 => jvm, so /usr/lib still remains, doesn't it? Is your /etc in /usr/lib or linked in it?

Comment 8 kjjalmgu 2024-09-09 17:59:05 UTC

OK, got it. 
I moved opt to another drive and linked it to /home/opt/

> realpath /opt/
/home/opt

That's why the link isn't working anymore. If i move it back to /opt it works fine. 

Is it possible to fix that linking?