-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improvements to Java certificates store creation (#300)
Even though the base images intentionally don't ship with a JRE, we include the Java certificates store in the image, so that the JVM buildpacks can configure Java apps to use it instead of the one that ships in each JRE release. This allows the Java certs store to be updated via base image updates, like the non-Java `ca-certificates` package. For older Ubuntu versions, the `ca-certificates-java` package explicitly depended on a JRE, meaning we had to install both a JRE and `ca-certificates-java`, then remove both in a way that left the certs store (which is generated via a post-install trigger) behind. This leaves the package in a "removed but not purged" state, which can be seen via the `package status: config-files` in `installed-packages*.txt`. However, as of Ubuntu 24.04, the `ca-certificates-java` package no longer has an explicit dependency on a JRE, meaning we can remove the JRE without causing `ca-certificates-java` to be uninstalled transitively. As such for Heroku-24, the `apt-get remove ca-certificates-java` step can be removed. In addition, the upstream java certs store JKS vs PKCS12 format bug (that was the reason the JRE version was pinned to v8) has long since been fixed (in 2018), so for Heroku-24 we can safely switch back to using `default-jre-headless` (which for Ubuntu 24.04 maps to JRE v21). Lastly, for Heroku-20/22 I've backported some of the no-op comment /command streamlining improvements (but otherwise the changes there are a no-op). GUS-W-15713117.
- Loading branch information
Showing
7 changed files
with
41 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters