openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #04927
Bug#602636: ca-certificates-java does not install in pbuilder
More information ...
On Sat, Nov 06, 2010 at 02:54:22PM -0500, Steve M. Robbins wrote:
> > failed (VM used: java-6-openjdk).
> > dpkg: error processing ca-certificates-java (--configure):
> > subprocess installed post-installation script returned error exit status 1
> > configured to not write apport reports
I did a little digging into the post-install script. It
is failing on the "keytool" invocation, as follows:
if ! grep -q "^${alias}$" $pregenerated; then
if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
-noprompt -storepass "$storepass" \
-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
then
echo " added certificate $pem"
elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
-providerClass sun.security.pkcs11.SunPKCS11 \
-providerArg '${java.home}/lib/security/nss.cfg' \
-noprompt -storepass "$storepass" \
-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
then
echo " added certificate $pem (using NSS provider)"
elif grep -q 'Signature not available' $log; then
echo " ignored import, signature not available: ${line#+*}"
sed -e 's/^/ -> /' $log
else
echo >&2 " error adding ${line#+*}"
errors=$(expr $errors + 1)
fi
fi
Note that there are two attempts at "keytool", the difference is only
that the second attempt adds "-providerClass" and "-providerArg"
options.
Keytool is obviously failing both times since I see the "error adding
..." output. By adding a "-v" option to keytool and "type $log" at
the appropriate places, I captured the following output from keytool.
First keytool attempt
---------------------
keytool error: java.security.ProviderException: Could not initialize NSS
java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
at sun.security.jca.ProviderList.getService(ProviderList.java:330)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
at java.security.Security.getImpl(Security.java:696)
at java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:130)
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:121)
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:381)
at sun.security.x509.X509Key.parse(X509Key.java:168)
at sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:107)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:763)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1201)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:647)
at sun.security.tools.KeyTool.run(KeyTool.java:194)
at sun.security.tools.KeyTool.main(KeyTool.java:188)
Caused by: java.io.IOException: NSS initialization failed
at sun.security.pkcs11.Secmod.initialize(Secmod.java:216)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:197)
... 32 more
Second keytool attempt
----------------------
keytool error: java.lang.reflect.InvocationTargetException
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:538)
at sun.security.tools.KeyTool.run(KeyTool.java:194)
at sun.security.tools.KeyTool.main(KeyTool.java:188)
Caused by: java.security.ProviderException: Could not initialize NSS
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
... 7 more
Caused by: java.io.IOException: NSS initialization failed
at sun.security.pkcs11.Secmod.initialize(Secmod.java:216)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:197)
... 8 more
I still have no root cause, but am hoping this information may trigger
a memory in you, dear reader.
Thanks,
-Steve
Attachment:
signature.asc
Description: Digital signature