search

sous-chefs / java

Development repository for the java cookbook
https://supermarket.chef.io/cookbooks/java
Apache License 2.0
387 stars 636 forks source link

Adoptium Temurin JDK 11 is breaking certificate install #679

Open joaoafonso11 opened 1 year ago

joaoafonso11 commented 1 year ago

:speaking_head: Foreword

Installing Adoptium Temurin JDK 11 is breaking the certificate install when using the java_certificate resource.

:ghost: Brief Description

When using Adoptium Temurin JDK 11 the java_certificate resource is trying to use an incorrect path to locate the keystore: It should be $JAVA_HOME/lib/security/cacerts, instead it's using $JAVA_HOME/jre/lib/security/cacerts

It appears there is no jre folder for this Java distribution/version.

:pancakes: Cookbook version

11.1.1

:woman_cook: Chef-Infra Version

16.1.16

:tophat: Platform details

Test Kitchen version 3.5.0 Vagrant 2.3.4 CentOS Linux release 7.5.1804 (Core)

Steps To Reproduce

Steps to reproduce the behavior:

  1. Install Adoptium Temurin JDK 11: 
    adoptopenjdk_install '11' do
variant 'hotspot'
url 'https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.17%2B8/OpenJDK11U-jdk_x64_linux_hotspot_11.0.17_8.tar.gz'
checksum 'b8d46ed08ef4859476fe6421a7690d899ed83dce63f13fd894f994043177ef3c'
java_home node['java']['java_home']
default true
end
  2. Install a certificate using java_certificate: 
    java_certificate 'Install Crowd certificate' do
cert_alias 'crowd'
ssl_endpoint "crowd.example.com:443"
action :install
end
  3. The error will show up: 
    STDOUT: keytool error: java.lang.Exception: Keystore file does not exist: /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts
   java.lang.Exception: Keystore file does not exist: /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts
    at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:902)
    at java.base/sun.security.tools.keytool.Main.run(Main.java:412)
    at java.base/sun.security.tools.keytool.Main.main(Main.java:405)
   STDERR:
   ---- End output of /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/bin/keytool -list -keystore /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts -storepass changeit -v ----
   Ran /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/bin/keytool -list -keystore /usr/lib/jvm/java-11-adoptopenjdk-hotspot/jdk-11.0.17+8/jre/lib/security/cacerts -storepass changeit -v returned 1
   [2023-01-16T05:50:59+00:00] FATAL: Error querying keystore for existing certificate: 1
  4. As a workaround the keystore_path can be defined like so: 
    keystore_path "#{node['java']['java_home']}/lib/security/cacerts"

    :police_car: Expected behavior

A certificate should be installed using the correct path to the keystore.

damacus commented 1 year ago

Thanks for raising the issue, and you might have guessed. This cookbook doesn't support the newer variants, yet.

I'm going to reignite my PR this week and see if I can't get through the back log of java releases