Packaging of openjdk-11-jre, ca-certificates-java (and possibly other)
Hello,
The packages openjdk-11-jre and ca-certificates-java (at least) state in their
postinst, that java needs a mounted /proc to run and then fail.
That is not quite true though: If the lib/jli subdirectory of the jvm base
directory (i.e. /usr/lib/jvm/java-11-openjdk-amd64) is added to
LD_LIBRARY_PATH, java runs just fine without a mounted /proc.
Now the openjdk-11-jre just knows where the jvm base directory is, and could
simply add a:
LD_LIBRARY_PATH=$basedir/lib/jli:$LD_LIBRARY_PATH
export LD_LIBRARY_PATH
to run the java binary. Similar for ca-certificates-java that needs to run java
in its postinst.
Background is that I install the openjdk-11-jre in a chrooted environment where
no /proc is available. This only produces the final system as a tarball though.
If you prefer to keep the check for the mounted /proc, to point people in the
right direction, could the check be switched off by people like me who know
what they are doing? E.g. by
running_in_chroot() {
type systemd-detect-virt >/dev/null 2>&1 && systemd-detect-virt --chroot
}
and then changing the test to
if ! running_in_chroot && ! mountpoint -q /proc; then...
Best regards, Nils Rennebarth
--
Dipl. Math Nils Rennebarth
Senior Berater Entwicklung
Division Network & Client security
secunet Security Networks AG
Tel.: +49 201 5454-3976
Fax: +49 711 900300-90
Mobil: +49 174 9750449
E-Mail: nils.renneba...@secunet.com
Neue Brücke 3
70173 Stuttgart
www.secunet.com
__
Sitz: Kurfürstenstraße 58, 45138 Essen, Deutschland
Amtsgericht Essen HRB 13615
Vorstand: Axel Deininger (Vors.), Torsten Henn, Dr. Kai Martius, Thomas Pleines
Aufsichtsratsvorsitzender: Ralf Wintergerst
__
OpenPGP_signature
Description: OpenPGP digital signature
Re: Packaging of openjdk-11-jre, ca-certificates-java (and possibly other)
On Mon, 25 Oct 2021, Nils Rennebarth wrote:
> Background is that I install the openjdk-11-jre in a chrooted
> environment where no /proc is available. This only produces the final
> system as a tarball though.
I’d argue that this is likely to be a problem in many more places,
though; making /proc, /sys, /dev{,/shm,/pts} etc. available for such
isn’t that much of a hardship.
This can only be changed in openjdk-17 for the next release anyway,
according to normal stable rules I think, so you might probably wish
to nevertheless invest in mounting procfs.
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
╳ HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
