Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updating Eclipse Adoptium to version 11.0.20.8 from 11.0.19.7 (Windows Server 2016) #880

Closed
Andy-Techical opened this issue Aug 18, 2023 · 6 comments
Closed

Updating Eclipse Adoptium to version 11.0.20.8 from 11.0.19.7 (Windows Server 2016) #880

Andy-Techical opened this issue Aug 18, 2023 · 6 comments
Assignees
@gdams
Labels
wontfix This will not be worked on

Comments

@Andy-Techical
Copy link

Hi Support

We installed the latest Eclipise Adoptium update - 11.0.20.8 on our Windows Agent Servers. The previous version installed was 11.0.19.7

We noticed that version 11.0.19.7 was overwritten in C:\Program Files\Eclipse Adoptium by version 11.0.20.8 (rightly so)

However, within C:\Program Files\Eclipse Adoptium\jre-11.0.19.7-hotspot\lib\security is our "CACERTS" file which was also overwritten.
This meant that the new version didn't contain our CACERTS in C:\Program Files\Eclipse Adoptium\jre-11.0.20.8-hotspot\lib\security meaning our Jenkins agent service failed to start as it needed the CACERTS from C:\Program Files\Eclipse Adoptium\jre-11.0.19.7-hotspot\lib\security which was overwritten.

Is this expected behaviour? Is there a way for the CACERTS to remain when a version is updated?

Thanks
@karianna
Copy link
Contributor

@Andy-Techical Which particular certificate are you missing? Was it a custom one you added in that location or one that was part of 11.0.19 and no longer there in 11.0.20?

@Andy-Techical
Copy link
Author

Thanks @karianna

I believe the issue is similar to this one : #236

So although the CACERTS file is still present in C:\Program Files\Eclipse Adoptium\jre-11.0.20.8-hotspot\lib\security when the version gets updated from 11.0.19.7 to 11.0.20.8, the Jenkins slave service fails to start up. I believe this may be because the CACERTS file that gets added as part of the upgrade overwrites the existing CACERTS file which has our own certs added to that.

Not sure if there will be a way around this apart from us having to have a step to add our own certs back in post upgrade to version 11.0.20.8 ?

Thanks

@karianna
Copy link
Contributor

Hmm, this is interesting, we recently changed the ability for Linux installers to be more flexible. I'll need to take this to the installer team

@jerboaa
Copy link

jerboaa commented Aug 21, 2023

Hmm, this is interesting, we recently changed the ability for Linux installers to be more flexible. I'll need to take this to the installer team

You might be confusing this with the changed containers (on Linux) to support custom certificates?

@Andy-Techical
Copy link
Author

Hi @karianna @jerboaa

Just to confirm, this installation is on Windows Server 2016.

Thanks

@tellison
Copy link
Contributor

The cacerts will be overwritten each time (that feature version of) Java is installed, i.e. including patch updates.
The preferred way to use a custom cacerts store for your application is to launch Java with the parameters:

-Djavax.net.ssl.trustStore=custompath/cacerts -Djavax.net.ssl.trustStorePassword=changeit

Replace the path and password as required.

@karianna karianna added wontfix This will not be worked on and removed Waiting on OP labels Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gdams gdams

Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@karianna @jerboaa @tellison @gdams @Andy-Techical