openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #14559
[Bug 2019908] Re: openjdk-17-jre-headless:arm64 Package ca-certificates-java is not configured yet
** Description changed:
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported
- releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform
- due to the configuration order (see comment)
+ releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64
+ platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not
affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/2019908
Title:
openjdk-17-jre-headless:arm64 Package ca-certificates-java is not
configured yet
Status in ca-certificates-java package in Ubuntu:
Confirmed
Bug description:
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported
releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64
platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is
not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+subscriptions
References