Re: Chapman Flack 2018-11-07 <5BE32DAE.7090508@anastigmatix.net>
> > There's still a problem, though. Jessie, 9.3, OpenJDK 7:
> >
> > ERROR: java.lang.SecurityException: read on /usr/share/javazi/Europe/Prague
> > STATEMENT: SELECT sqlj.install_jar('file:/usr/share/postgresql/9.3/pljava/pljava-examples-1.5.2.jar', 'examples',
true)
>
> Hmm. Does that happen only on Jessie? Is there a debianism where zoneinfo
> files for Java are distributed in this other location instead of under
> $JAVA_HOME ?
Trusty has the same problem.
Both ship with a "tzdata-java" package that has timezone info in that
location. Newer Java apparently use the standard TZ database in
/usr/share/zoneinfo/. (The only java-specific thing I could find was
-rw-r--r-- 1 root root 105882 Okt 17 09:31 /usr/lib/jvm/java-11-openjdk-amd64/lib/tzdb.dat )
> At present, the security manager for "trusted" PL/Java doesn't offer any
> easy way to configure additional filesystem locations that are ok to read
> from. I'm working on that for a future version, but that doesn't help here.
>
> I suspect it could be made to work by adding
> trust=org.postgresql.pljava.annotation.Function.Trust.UNSANDBOXED
> in the @Function annotation on the issue199() method in
> pljava-examples/src/main/java/org/postgresql/pljava/example/annotation/PreJSR310.java
>
> However, it is only a regression test, and it is probably simpler just to
> build with a patch to not run it (say, by removing the @SQLAction annotation
> at the top of that file). That's preferable to adding UNSANDBOXED willy
> nilly to things in the examples jar that people may casually install.
Hmm, just not building pljava on the older dists looks more and more
attractive...
> This is good for me to know about, as I was thinking of changing PL/Java's
> behavior in a future release to set Java's timezone to match the PG
> session's by default. Now I know not to do that until there is a way to
> accommodate zoneinfo from atypical locations.
Well, the location is typical for Java 7 on Debian. If it's still a
problem with Java 8+, I'd claim Java should be patched to recognize it
as "normal".
Christoph