openjdk team mailing list archive

Thread
Date

Bug#540490: Missleading error message

To: 540490@xxxxxxxxxxxxxxx
From: Frank Lin PIAT <fpiat@xxxxxxxx>
Date: Sun, 04 Oct 2009 13:01:00 +0200
Reply-to: Frank Lin PIAT <fpiat@xxxxxxxx>, 540490@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Sun, 04 Oct 2009 11:09:01 +0000
Resent-date: Sun, 04 Oct 2009 11:09:03 +0000
Resent-from: Frank Lin PIAT <fpiat@xxxxxxxx>
Resent-message-id: <handler.540490.B540490.12546540182185@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx

Hello,

I was a bit confused about this error message:

$aptitude install ... ca-certificates-java ... 
> [..]
> Setting up ca-certificates-java (20090629) ...
> creating /etc/ssl/certs/java/cacerts...
> [..]
>   removed untrusted certificate cacert.org/class3.crt
>   removed untrusted certificate cacert.org/root.crt
>   added certificate mozilla/Equifax_Secure_Global_eBusiness_CA.crt
>   removed untrusted certificate quovadis.bm/QuoVadis_Root_Certification_Authority.crt
>   ignored import, signature not available: mozilla/COMODO_ECC_Certification_Authority.crt
> keytool error: java.security.NoSuchAlgorithmException: SHA384withECDSA Signature not available

I think that the "error" would be very much easier to understand if the
"keytool error" was above "ignore import", or if the log message was
idented, like:


>   removed untrusted certificate quovadis.bm/QuoVadis_Root_Certification_Authority.crt
> keytool error: java.security.NoSuchAlgorithmException: SHA384withECDSA Signature not available
>   ignored import, signature not available: mozilla/COMODO_ECC_Certification_Authority.crt

or like:
>   removed untrusted certificate quovadis.bm/QuoVadis_Root_Certification_Authority.crt
>   ignored import, signature not available: mozilla/COMODO_ECC_Certification_Authority.crt
>   -> keytool error: java.security.NoSuchAlgorithmException: SHA384withECDSA Signature not available

See the sample patch below (not actually tested;)

Thanks,

Franklin

--- ca-certificates-java.postinst.orig	2009-10-04 12:46:17.000000000 +0200
+++ ca-certificates-java.postinst	2009-10-04 12:56:46.000000000 +0200
@@ -63,7 +63,7 @@
 		      echo "  added certificate $pem"
 		  elif grep -q 'Signature not available' $log; then
 		      echo "  ignored import, signature not available: ${line#+*}"
-		      cat $log
+		      sed -e 's/^/   -> /' $log
 		  else
 		      echo >&2 "  error adding ${line#+*}"
 		      errors=$(expr $errors + 1)

--- ca-certificates-java.postinst.orig	2009-10-04 12:46:17.000000000 +0200
+++ ca-certificates-java.postinst	2009-10-04 12:46:22.000000000 +0200
@@ -62,8 +62,8 @@
 		  then
 		      echo "  added certificate $pem"
 		  elif grep -q 'Signature not available' $log; then
+		      cat $log
 		      echo "  ignored import, signature not available: ${line#+*}"
-		      cat $log
 		  else
 		      echo >&2 "  error adding ${line#+*}"
 		      errors=$(expr $errors + 1)