Description of problem: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/lib/sa-jdi.jar has incorrect permissions and is only readable by root. This breaks tools like jstack Version-Release number of selected component (if applicable): java-1.7.0-openjdk-devel-1.7.0.6-2.3.1.fc17.2.x86_64 How reproducible: Every time Steps to Reproduce: 1. Install java-1.7.0-openjdk-devel 2. ls -l /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/lib/sa-jdi.jar Actual results: -rw-------. 1 root root 2605360 Aug 31 11:08 sa-jdi.jar Expected results: -rw-r--r--. 1 root root 2605360 Aug 31 11:08 sa-jdi.jar Additional info: This also breaks jstack: $ jps 8805 Jps 8479 Pause $ gdb --pid=8479 (gdb) gcore Saved corefile core.8479 (gdb) detach Detaching from program: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.6.x86_64/jre/bin/java, process 8479 (gdb) q $ jstack /usr/lib/jvm/java/bin/java core.8479 Usage: jstack [-l] <pid> (to connect to running process) Options: -l long listing. Prints additional information about locks -h or -help to print this help message # chmod ugo+r sa-jdi.jar # fix permissions on sa-jdi.jar $ jstack /usr/lib/jvm/java/bin/java core.8479 Attaching to core core.8479 from executable /usr/lib/jvm/java/bin/java, please wait... Debugger attached successfully. Server compiler detected. JVM version is 23.2-b09 Deadlock Detection: No deadlocks found. Thread 8535: (state = BLOCKED) Thread 8488: (state = BLOCKED) Thread 8487: (state = BLOCKED) - java.lang.Object.wait(long) @bci=0 (Interpreted frame) - java.lang.ref.ReferenceQueue.remove(long) @bci=44, line=135 (Interpreted frame) - java.lang.ref.ReferenceQueue.remove() @bci=2, line=151 (Interpreted frame) - java.lang.ref.Finalizer$FinalizerThread.run() @bci=3, line=177 (Interpreted frame) Thread 8486: (state = BLOCKED) - java.lang.Object.wait(long) @bci=0 (Interpreted frame) - java.lang.Object.wait() @bci=2, line=503 (Interpreted frame) - java.lang.ref.Reference$ReferenceHandler.run() @bci=46, line=133 (Interpreted frame) Thread 8480: (state = BLOCKED) - java.lang.Thread.sleep(long) @bci=0 (Interpreted frame) - Pause.main(java.lang.String[]) @bci=30, line=14 (Interpreted frame)
Thanx for reporting! I can fix this in rpm, by hardcode permissions, but imho this should be fixed in upstream (as also direct icedtea7-forest build is affected) and as it is regression (u3 have correct permissions, u5 have not, u4 was never packed, both architectures affected). Only sun.com packages are inside this jar, so they are not covered by usual tests. Can this be connected to recent tmp-permissions fix, which caused similar permissions for gnome-bridge? (but IMHO is not, because release with this fix was u3, which is not affected, but maybe later was build of this jar moved to tmp and so affected later)
(In reply to comment #1) > Only sun.com packages are inside this jar, so they are not covered by usual > tests. Would it make sense to add tests that ensure binaries (like 'java', 'javac', and 'jstack') are working to the usual tests?
Yes, I think it makes sense to add this check to our test toolset (together with debuginfo test etc.)
This is fixed by: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7175845 which is in 2.3.x and has now been backported to 1.10.x, 1.11.x, 2.1.x and 2.2.x with this release: http://blog.fuseyism.com/index.php/2012/10/19/security-icedtea-1-10-10-1-11-15-2-1-3-2-2-3-2-3-3-released/ So builds done with the patched JDK will have an sa-jdi.jar with the correct permissions. You can also achieve this by doing a full bootstrap.
Permissions are fixed with java-1.7.0-openjdk-1.7.0.9-2.3.3.fc17