Closed MischaFrank closed 6 months ago
This is a known issue, see #344.
can we close as duplicate?
I'd say this is basically resolved.
libjvm 1.44.1 has the code fix, bellsoft liberica (and the other JVM provider buildpacks) have 1.44.1 merged in.
We haven't cut a bellsoft release, but that should happen today or tomorrow and we should get the fix out in our Friday release.
can confirm this was released in latest https://github.com/paketo-buildpacks/bellsoft-liberica/releases/tag/v10.4.5 which is embedded itself in https://github.com/paketo-buildpacks/java/releases/tag/v10.7.0
If we build an image with java 17 (paketo-buildpacks_bellsoft-liberica buildpack) the truststore at runtime contains all certificates that were added before using the ca-certificates buildpack (without cert embedding). The same build with java 21 produces at runtime a truststore without the additional certificates
Expected Behavior
The truststore at runtime in a java 21 application contains the certificates added by the ca-certificates buildpack.
Current Behavior
It seems that the NewPasswordLessPKCS12Keystore is created empty and not as a copy of the truststore from the paketo-buildpacks_bellsoft-liberica/jre layer. keystore.go:
DetectKeystore -> NewPasswordLessPKCS12Keystore
Steps to Reproduce
Motivations
We need our own certificates. As a workaround we can embed the certificates to have them added to the truststore at startup.