Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1gKs51-0000P1-Eu
	for pgsql-pkg-debian@arkaria.postgresql.org; Thu, 08 Nov 2018 21:43:11 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1gKs4y-00076c-Nq
	for pgsql-pkg-debian@arkaria.postgresql.org; Thu, 08 Nov 2018 21:43:08 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <cb@df7cb.de>)
	id 1gKs4y-00073s-8o; Thu, 08 Nov 2018 21:43:08 +0000
Received: from feynman.df7cb.de ([195.49.152.168])
	by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <cb@df7cb.de>)
	id 1gKs4q-0003YH-8E; Thu, 08 Nov 2018 21:43:06 +0000
Received: from msg.df7cb.de (unknown
 [IPv6:2a02:908:1470:e5c0:76e5:bff:fef3:7e00])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client did not present a certificate)
	by feynman.df7cb.de (Postfix) with ESMTPSA id 42rcG916h6z3F0Q;
	Thu,  8 Nov 2018 22:42:57 +0100 (CET)
Date: Thu, 8 Nov 2018 22:42:56 +0100
From: Christoph Berg <myon@debian.org>
To: Chapman Flack <chap@anastigmatix.net>
Cc: pgsql-pkg-debian@postgresql.org, pgsql-pkg-yum@postgresql.org
Subject: Re: PL/Java 1.5.2 - fixes one regression in date conversion in 1.5.1
Message-ID: <20181108214256.GC21984@msg.df7cb.de>
Mail-Followup-To: Christoph Berg <myon@debian.org>,
	Chapman Flack <chap@anastigmatix.net>,
	pgsql-pkg-debian@postgresql.org, pgsql-pkg-yum@postgresql.org
References: <5BE08D74.2060207@anastigmatix.net>
 <20181106074931.GB3898@msg.df7cb.de>
 <5BE18B2F.9030805@anastigmatix.net>
 <20181106145659.GC13511@msg.df7cb.de>
 <5BE32DAE.7090508@anastigmatix.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5BE32DAE.7090508@anastigmatix.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
List-Id: <pgsql-pkg-debian.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-debian@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-debian-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-debian>
Precedence: bulk

Re: Chapman Flack 2018-11-07 <5BE32DAE.7090508@anastigmatix.net>
> > There's still a problem, though. Jessie, 9.3, OpenJDK 7:
> > 
> > ERROR:  java.lang.SecurityException: read on /usr/share/javazi/Europe/Prague
> > STATEMENT:  SELECT sqlj.install_jar('file:/usr/share/postgresql/9.3/pljava/pljava-examples-1.5.2.jar', 'examples', true)
> 
> Hmm. Does that happen only on Jessie? Is there a debianism where zoneinfo
> files for Java are distributed in this other location instead of under
> $JAVA_HOME ?

Trusty has the same problem.

Both ship with a "tzdata-java" package that has timezone info in that
location. Newer Java apparently use the standard TZ database in
/usr/share/zoneinfo/. (The only java-specific thing I could find was
-rw-r--r-- 1 root root 105882 Okt 17 09:31 /usr/lib/jvm/java-11-openjdk-amd64/lib/tzdb.dat )

> At present, the security manager for "trusted" PL/Java doesn't offer any
> easy way to configure additional filesystem locations that are ok to read
> from. I'm working on that for a future version, but that doesn't help here.
> 
> I suspect it could be made to work by adding
> trust=org.postgresql.pljava.annotation.Function.Trust.UNSANDBOXED
> in the @Function annotation on the issue199() method in
> pljava-examples/src/main/java/org/postgresql/pljava/example/annotation/PreJSR310.java
> 
> However, it is only a regression test, and it is probably simpler just to
> build with a patch to not run it (say, by removing the @SQLAction annotation
> at the top of that file). That's preferable to adding UNSANDBOXED willy
> nilly to things in the examples jar that people may casually install.

Hmm, just not building pljava on the older dists looks more and more
attractive...

> This is good for me to know about, as I was thinking of changing PL/Java's
> behavior in a future release to set Java's timezone to match the PG
> session's by default. Now I know not to do that until there is a way to
> accommodate zoneinfo from atypical locations.

Well, the location is typical for Java 7 on Debian. If it's still a
problem with Java 8+, I'd claim Java should be patched to recognize it
as "normal".

Christoph