openjdk team mailing list archive

Thread
Date

[Bug 664412] Re: ca-certificates-jave fails to add certificates from TU Berlin

To: openjdk@xxxxxxxxxxxxxxxxxxx
From: Tim Cutts <tim@xxxxxxxxxxxx>
Date: Mon, 09 May 2011 13:45:28 -0000
Reply-to: Bug 664412 <664412@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Also on lucid, I see something like this on our Ubuntu machines at the
Sanger Institute; we have our own local CA, and the keytool invocation
in the postinst script which attempts to add the certificate fails.  I
edited the postinst script to include set -x so that I could get
something out of it, and noticed (1) that the init script deletes the
temporary output file even if the script fails, which means that you
can't see the errors.  So, I changed it so that it doesn't delete the
tempfile if there are errors, and this then showed me that the following
part of the script execution path shows the error being generated:


+ LANG=C
+ LC_ALL=C
+ keytool -importcert -trustcacerts -keystore /etc/ssl/certs/java/cacerts -providerClass sun.security.pkcs11.SunPKCS11 -providerArg '${java.home}/lib/security/nss.cfg' -noprompt -storepass changeit -alias genome_research_ltd_certificate_authority_cert_pem -file /usr/share/ca-certificates/sanger.ac.uk/Genome_Research_Ltd_Certificate_Authority-cert.pem
+ grep -q 'Signature not available' /tmp/fileW2Zx2A
+ echo '  error adding sanger.ac.uk/Genome_Research_Ltd_Certificate_Authority-cert.pem'
  error adding sanger.ac.uk/Genome_Research_Ltd_Certificate_Authority-cert.pem
++ expr 0 + 1
+ errors=1

and the log entry says:

keytool error: java.security.ProviderException: Secmod module already
configured

Google doesn't have much to say about this particular error.  This is
causing us serious issues, since it's causing dpkg and aptitude to fall
over on most machines, perpetually trying to run the ca-certificates-
java postinst script.

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/664412

Title:
  ca-certificates-jave fails to add certificates from TU Berlin

Status in “ca-certificates-java” package in Ubuntu:
  New

Bug description:
  Binary package hint: ca-certificates-java

  happens since I added cert files from TU-Berlin ( http://www.tubit.tu-
  berlin.de/wlan/zugang_und_anleitungen/eduroam_mit_linux_gnome/ )

  Link to Cert File http://www.tubit.tu-
  berlin.de/fileadmin/a40000000/tubIT/Trustcenter/TU-
  Berlin_Zertifikatkette.pem

  Recommende Installation for Ubuntu 10.04 (I'm using 10.10 Netbook
  Edition)

  wget www.tubit.tu-berlin.de/fileadmin/a40000000/tubIT/Trustcenter/TU-
  Berlin_Zertifikatkette.pem

  mkdir -p /usr/share/ca-certificates/tu-berlin.de

  mv TU-Berlin_Zertifikatkette.pem /usr/share/ca-certificates/tu-
  berlin.de/TU-Berlin_Zertifikatkette.pem

  echo tu-berlin.de/TU-Berlin_Zertifikatkette.pem >> /etc/ca-
  certificates.conf

  update-ca-certificates

  ProblemType: Package
  DistroRelease: Ubuntu 10.10
  Package: ca-certificates-java 20100412
  ProcVersionSignature: Ubuntu 2.6.35-22.35-generic 2.6.35.4
  Uname: Linux 2.6.35-22-generic i686
  Architecture: i386
  Date: Thu Oct 21 08:36:21 2010
  ErrorMessage: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück
  InstallationMedia: Ubuntu-Netbook 10.04 "Lucid Lynx" - Release i386 (20100429.4)
  PackageArchitecture: all
  SourcePackage: ca-certificates-java
  Title: package ca-certificates-java 20100412 failed to install/upgrade: Unterprozess installiertes post-installation-Skript gab den Fehlerwert 1 zurück

References

[Bug 664412] [NEW] ca-certificates-jave fails to add certificates from TU Berlin
From: FFischer, 2010-10-21