openjdk: ubuntu java package has broken cacerts
See https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760
At this time, the latest image id aec8201c9d63 has no /etc/ssl/certs/java/cacerts file:
$ docker run --rm -it java:openjdk-8-jdk ls -al /etc/ssl/certs/java/cacerts
...
ls: cannot access /etc/ssl/certs/java/cacerts: No such file or directory
Note that this is not broken in java 7 $ docker run --rm -it java:openjdk-7-jdk ls -al /etc/ssl/certs/java/cacerts … -rw-r–r-- 1 root root 206373 Jan 1 07:13 /etc/ssl/certs/java/cacerts
This means that https cannot be used in these images (among other issues), which breaks downstream images like maven:3.2-jdk-8 (which is where I discovered the issue).
A workaround (from the linked issue) is to add command to the build, after the apt-get command:
/var/lib/dpkg/info/ca-certificates-java.postinst configure
Note that sudo is left off, as the image doesn’t have sudo, and runs as root anyway.
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 27 (11 by maintainers)
Commits related to this issue
- fixed #19 — committed to sachin2191/java-1 by sachin2191 9 years ago
This is still happening on Debian and the workaround doesn’t fix it
Build your image on top of it.
at 2nd line, it will insert JAVA_HOME with a computed value ( that’s why double quotes not single quotes)
Credits to : https://github.com/jenkinsci/docker/issues/901
Proposal: Add the workaround:
But also add
ca-certificates-javato theapt-get installwith the specific failing version20140324, that way we can update the version and drop theRUNwhen it gets fixed (or just drop both). Either way we get a nice docker cache bust.