dmikusa
commented
6 months ago This is a known issue, see #344.
Closed MischaFrank closed 6 months ago
dmikusa
commented
6 months ago This is a known issue, see #344.
anthonydahanne
commented
6 months ago can we close as duplicate?
dmikusa
commented
6 months ago I'd say this is basically resolved.
libjvm 1.44.1 has the code fix, bellsoft liberica (and the other JVM provider buildpacks) have 1.44.1 merged in.
We haven't cut a bellsoft release, but that should happen today or tomorrow and we should get the fix out in our Friday release.
anthonydahanne
commented
6 months ago can confirm this was released in latest https://github.com/paketo-buildpacks/bellsoft-liberica/releases/tag/v10.4.5 which is embedded itself in https://github.com/paketo-buildpacks/java/releases/tag/v10.7.0
If we build an image with java 17 (paketo-buildpacks_bellsoft-liberica buildpack) the truststore at runtime contains all certificates that were added before using the ca-certificates buildpack (without cert embedding). The same build with java 21 produces at runtime a truststore without the additional certificates
Expected Behavior
The truststore at runtime in a java 21 application contains the certificates added by the ca-certificates buildpack.
Current Behavior
It seems that the NewPasswordLessPKCS12Keystore is created empty and not as a copy of the truststore from the paketo-buildpacks_bellsoft-liberica/jre layer. keystore.go:
DetectKeystore -> NewPasswordLessPKCS12KeystoreSteps to Reproduce
Motivations
We need our own certificates. As a workaround we can embed the certificates to have them added to the truststore at startup.