← Back to team overview

openjdk team mailing list archive

[Bug 2019908] Re: openjdk-17-jre-headless:arm64 Package ca-certificates-java is not configured yet

 

** Description changed:

+ [Impact]
+ 
+ Due to OpenJDK changes it is impossible to install JRE 17 in supported
+ releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform
+ due to configuration order (see comment)
+ 
+ A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not
+ affected.
+ 
+ [Suggested Fix]
+ 
+ Backport 
+  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 
+  
+ This merge proposal:
+  - removes dependency on JRE
+  - fixes command line for keytool call
+  - add autopkgtests
+ 
+ [Test Plan]
+ 
+  - autopkgtests must pass for all platforms
+ 
+ [Where problems could occur]
+ 
+  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates. 
+  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
+ 
+ 
+ [Original report]
+ 
  From May-16 below is failing:
  RUN apt-get update &&  \
-     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
-     openjdk-17-jre-headless 
+     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
+     openjdk-17-jre-headless
  
  #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
  #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
  #7 111.9 	at java.base/java.security.Security.initialize(Security.java:106)
  #7 111.9 	at java.base/java.security.Security$1.run(Security.java:84)
  #7 111.9 	at java.base/java.security.Security$1.run(Security.java:82)
  #7 111.9 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 111.9 	at java.base/java.security.Security.<clinit>(Security.java:82)
  #7 111.9 	at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
  #7 111.9 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
  #7 111.9 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
  #7 111.9 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 111.9 	at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
  #7 111.9 	at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
  #7 111.9 	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
  #7 111.9 	at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
  #7 111.9 	at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
  #7 111.9 	at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
  #7 111.9 	at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
  #7 111.9 dpkg: error processing package ca-certificates-java (--configure):
  #7 111.9  installed ca-certificates-java package post-installation script subprocess returned error exit status 1
  #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
  #7 111.9  openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
  #7 111.9   Package ca-certificates-java is not configured yet.
- #7 111.9 
+ #7 111.9
  #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
  #7 111.9  dependency problems - leaving unconfigured
  #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
  #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
  #7 111.9 Updating certificates in /etc/ssl/certs...
  #7 112.2 0 added, 0 removed; done.
  #7 112.2 Running hooks in /etc/ca-certificates/update.d...
- #7 112.2 
+ #7 112.2
  #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
  #7 112.2 	at java.base/java.security.Security.initialize(Security.java:106)
  #7 112.2 	at java.base/java.security.Security$1.run(Security.java:84)
  #7 112.2 	at java.base/java.security.Security$1.run(Security.java:82)
  #7 112.2 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 112.2 	at java.base/java.security.Security.<clinit>(Security.java:82)
  #7 112.2 	at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
  #7 112.2 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
  #7 112.2 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
  #7 112.2 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 112.2 	at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
  #7 112.2 	at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
  #7 112.2 	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
  #7 112.2 	at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
  #7 112.2 	at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
  #7 112.2 	at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
  #7 112.2 	at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
  #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
  #7 112.2 done.
  #7 112.3 Errors were encountered while processing:
  #7 112.3  ca-certificates-java
  #7 112.3  openjdk-17-jre-headless:arm64
  #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
  
- 
  ========================
  
  looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
  and its causing issues

** Description changed:

  [Impact]
  
  Due to OpenJDK changes it is impossible to install JRE 17 in supported
  releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform
- due to configuration order (see comment)
+ due to the configuration order (see comment)
  
  A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not
  affected.
  
  [Suggested Fix]
  
- Backport 
-  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 
-  
+ Backport
+  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
+ 
  This merge proposal:
-  - removes dependency on JRE
-  - fixes command line for keytool call
-  - add autopkgtests
+  - removes dependency on JRE
+  - fixes command line for keytool call
+  - add autopkgtests
  
  [Test Plan]
  
-  - autopkgtests must pass for all platforms
+  - autopkgtests must pass for all platforms
  
  [Where problems could occur]
  
-  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates. 
-  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
- 
+  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
+  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
  
  [Original report]
  
  From May-16 below is failing:
  RUN apt-get update &&  \
      DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
      openjdk-17-jre-headless
  
  #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
  #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
  #7 111.9 	at java.base/java.security.Security.initialize(Security.java:106)
  #7 111.9 	at java.base/java.security.Security$1.run(Security.java:84)
  #7 111.9 	at java.base/java.security.Security$1.run(Security.java:82)
  #7 111.9 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 111.9 	at java.base/java.security.Security.<clinit>(Security.java:82)
  #7 111.9 	at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
  #7 111.9 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
  #7 111.9 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
  #7 111.9 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 111.9 	at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
  #7 111.9 	at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
  #7 111.9 	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
  #7 111.9 	at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
  #7 111.9 	at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
  #7 111.9 	at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
  #7 111.9 	at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
  #7 111.9 dpkg: error processing package ca-certificates-java (--configure):
  #7 111.9  installed ca-certificates-java package post-installation script subprocess returned error exit status 1
  #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
  #7 111.9  openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
  #7 111.9   Package ca-certificates-java is not configured yet.
  #7 111.9
  #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
  #7 111.9  dependency problems - leaving unconfigured
  #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
  #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
  #7 111.9 Updating certificates in /etc/ssl/certs...
  #7 112.2 0 added, 0 removed; done.
  #7 112.2 Running hooks in /etc/ca-certificates/update.d...
  #7 112.2
  #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
  #7 112.2 	at java.base/java.security.Security.initialize(Security.java:106)
  #7 112.2 	at java.base/java.security.Security$1.run(Security.java:84)
  #7 112.2 	at java.base/java.security.Security$1.run(Security.java:82)
  #7 112.2 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 112.2 	at java.base/java.security.Security.<clinit>(Security.java:82)
  #7 112.2 	at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
  #7 112.2 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
  #7 112.2 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
  #7 112.2 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 112.2 	at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
  #7 112.2 	at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
  #7 112.2 	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
  #7 112.2 	at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
  #7 112.2 	at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
  #7 112.2 	at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
  #7 112.2 	at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
  #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
  #7 112.2 done.
  #7 112.3 Errors were encountered while processing:
  #7 112.3  ca-certificates-java
  #7 112.3  openjdk-17-jre-headless:arm64
  #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
  
  ========================
  
  looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
  and its causing issues

** Changed in: ca-certificates-java (Ubuntu)
     Assignee: (unassigned) => Vladimir Petko (vpa1977)

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/2019908

Title:
  openjdk-17-jre-headless:arm64 Package ca-certificates-java is not
  configured yet

Status in ca-certificates-java package in Ubuntu:
  New

Bug description:
  [Impact]

  Due to OpenJDK changes it is impossible to install JRE 17 in supported
  releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform
  due to the configuration order (see comment)

  A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is
  not affected.

  [Suggested Fix]

  Backport
   - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150

  This merge proposal:
   - removes dependency on JRE
   - fixes command line for keytool call
   - add autopkgtests

  [Test Plan]

   - autopkgtests must pass for all platforms

  [Where problems could occur]

   A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
   Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.

  [Original report]

  From May-16 below is failing:
  RUN apt-get update &&  \
      DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
      openjdk-17-jre-headless

  #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
  #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
  #7 111.9 	at java.base/java.security.Security.initialize(Security.java:106)
  #7 111.9 	at java.base/java.security.Security$1.run(Security.java:84)
  #7 111.9 	at java.base/java.security.Security$1.run(Security.java:82)
  #7 111.9 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 111.9 	at java.base/java.security.Security.<clinit>(Security.java:82)
  #7 111.9 	at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
  #7 111.9 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
  #7 111.9 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
  #7 111.9 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 111.9 	at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
  #7 111.9 	at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
  #7 111.9 	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
  #7 111.9 	at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
  #7 111.9 	at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
  #7 111.9 	at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
  #7 111.9 	at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
  #7 111.9 dpkg: error processing package ca-certificates-java (--configure):
  #7 111.9  installed ca-certificates-java package post-installation script subprocess returned error exit status 1
  #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
  #7 111.9  openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
  #7 111.9   Package ca-certificates-java is not configured yet.
  #7 111.9
  #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
  #7 111.9  dependency problems - leaving unconfigured
  #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
  #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
  #7 111.9 Updating certificates in /etc/ssl/certs...
  #7 112.2 0 added, 0 removed; done.
  #7 112.2 Running hooks in /etc/ca-certificates/update.d...
  #7 112.2
  #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
  #7 112.2 	at java.base/java.security.Security.initialize(Security.java:106)
  #7 112.2 	at java.base/java.security.Security$1.run(Security.java:84)
  #7 112.2 	at java.base/java.security.Security$1.run(Security.java:82)
  #7 112.2 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 112.2 	at java.base/java.security.Security.<clinit>(Security.java:82)
  #7 112.2 	at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
  #7 112.2 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
  #7 112.2 	at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
  #7 112.2 	at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
  #7 112.2 	at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
  #7 112.2 	at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
  #7 112.2 	at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
  #7 112.2 	at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
  #7 112.2 	at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
  #7 112.2 	at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
  #7 112.2 	at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
  #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
  #7 112.2 done.
  #7 112.3 Errors were encountered while processing:
  #7 112.3  ca-certificates-java
  #7 112.3  openjdk-17-jre-headless:arm64
  #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)

  ========================

  looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
  and its causing issues

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+subscriptions



References