search

cloudfoundry / apt-buildpack

MIT License
31 stars 48 forks source link

openjdk-8-jre-headless symlinks point to wrong files. #72

Closed zukuzu closed 1 year ago

zukuzu commented 2 years ago

What version of Cloud Foundry and CF CLI are you using? (i.e. What is the output of running cf curl /v2/info && cf version?

{
   "name": "VMware Tanzu Application Service",
   "build": "2.10.20-build.17",
   "support": "https://support.pivotal.io",
   "version": 0,
   "min_cli_version": "6.23.0",
   "min_recommended_cli_version": "6.23.0",
   "app_ssh_oauth_client": "ssh-proxy",
   "api_version": "2.150.0",
   "osbapi_version": "2.15",
}
cf version 7.2.0+be4a5ce2b.2020-12-10

What version of the buildpack you are using? Every >=0.2.6

If you were attempting to accomplish a task, what was it you were attempting to do? Install openjdk-8-jre-headless

What did you expect to happen? Symlinks in /home/vcap/deps/0/lib/jvm/java-8-openjdk-amd64/jre/lib/security point to right files so that SSL is possible.

What was the actual behavior? The symlinks point to non-existing files and SSL is not working because of that.

ls -l /home/vcap/deps/0/lib/jvm/java-8-openjdk-amd64/jre/lib/security
lrwxrwxrwx 1 vcap vcap 46 Apr 21 2021 blacklisted.certs -> /etc/java-8-openjdk/security/blacklisted.certs
lrwxrwxrwx 1 vcap vcap 27 Apr 21 2021 cacerts -> /etc/ssl/certs/java/cacerts
lrwxrwxrwx 1 vcap vcap 40 Apr 21 2021 java.policy -> /etc/java-8-openjdk/security/java.policy
lrwxrwxrwx 1 vcap vcap 42 Apr 21 2021 java.security -> /etc/java-8-openjdk/security/java.security
lrwxrwxrwx 1 vcap vcap 36 Apr 21 2021 nss.cfg -> /etc/java-8-openjdk/security/nss.cfg
drwxr-xr-x 4 vcap vcap 38 Apr 21 2021 policy
ls -l /etc/java-8-openjdk
ls: cannot access '/etc/java-8-openjdk': No such file or directory
ls -l /etc/ssl/certs/java/cacerts
ls: cannot access '/etc/ssl/certs/java/cacerts': No such file or directory

security folder is actually here:

ls -l /home/vcap/deps/0/apt/etc/java-8-openjdk/security
-rw-r--r-- 1 vcap vcap 2488 Apr 21 2021 blacklisted.certs
-rw-r--r-- 1 vcap vcap 4499 Apr 21 2021 java.policy
-rw-r--r-- 1 vcap vcap 51111 Apr 21 2021 java.security
-rw-r--r-- 1 vcap vcap 106 Apr 21 2021 nss.cfg

But cacerts can't be found anywhere.

Please confirm where necessary:

arjun024 commented 1 year ago

Hi @zukuzu, sorry for taking a long time to respond!

I decided to take a crack at this today. First, to set expectations correctly: this is an experimental buildpack and therefore please do not expect quick support. The buildpack is also designed to work for just simple packages, as the behavior of apt is not that easy to reliably deal with all cases. We try our best effort to support it, but a lower priority compared to other buildpacks.

The reason that this buildpack uses a non-standard etc dir like /home/vcap/deps/0/apt is because the buildpack does not have the privilege to run as root (a requirement for apt-install). It mocks this by extracting the archive to this location and setting up common env variables. Hence the reasoning that it doesn't work for just simple packages.

As far as this app is concerned, you will have to try doing the missing steps for this package yourself. I was able to get java just working by setting JAVA_HOME=/home/vcap/deps/0/apt/usr/lib/jvm/java-8-openjdk-amd64 and adding $JAVA_HOME/bin in the container. Now to get those symlinks working, you will have similarly rewire those symlinks yourself. You can utilize the .profile script to do the necessary changes. Unfortunately, supporting this package out-of-box wouldn't be in the scope of this buildpack.

Doing a little web search, I found a very similar issue addressed at https://github.com/GSA/data.gov/issues/2917#issuecomment-946392501. Please take a look. I'm not very unfamiliar with the java domain, but please checkout if you can utilize the Java buildpack for your use case.

arjun024 commented 1 year ago

I'm closing this issue. Please reopen if you like to continue the conversation