Ubuntu
tomcat7 package

tomcat7 ftbfs in trusty and vivid (test failures)

Bug #1432715 reported by Matthias Klose
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tomcat7 (Debian)
Fix Released
Unknown
tomcat7 (Ubuntu)
Fix Released
High
Unassigned
Trusty
Fix Released
High
Unassigned
Ubuntu trusty-updates
Vivid
Fix Released
High
Unassigned
Ubuntu ubuntu-15.03

Bug Description

tomcat7 ftbfs in vivd (test failures)

seen in a test rebuild
https://launchpad.net/ubuntu/+archive/test-rebuild-20150202/+build/6847125

Tags: ftbfs
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Interestingly it fails on a debian jessie build machine as well.

Revision history for this message
Matthias Klose (doko) wrote :

this fails on trusty as well, seen in a test rebuild of trusty-security, and confirmed with a clean trusty chroot.

Changed in tomcat7 (Ubuntu Trusty):
importance: Undecided → High
milestone: none → trusty-updates
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in tomcat7 (Debian):
status: Unknown → New
Revision history for this message
Oleg Strikov (strikov-deactivatedaccount) wrote :

It seems that this bug consists of many partially independent bugs.
I found at least two:

(1)
openjdk in vivid has SSLv3 disable but tests try to use it and get 'protocol is disabled or cipher suites are inappropriate'
as a warkaround you may enable sslv3 back by commenting the following line in /etc/java-7-openjdk/security/java.security:
# jdk.tls.disabledAlgorithms=SSLv3

(2)
another issue is that certificates inside the package expired which leads to SSL errors here and there
for example:

$ head test/org/apache/tomcat/util/net/localhost-cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4099 (0x1003)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=US, CN=ca-test.tomcat.apache.org
        Validity
            Not Before: Feb 28 05:28:42 2013 GMT
            Not After : Feb 28 05:28:42 2015 GMT
        Subject: C=US, CN=localhost

Note Feb 28 2015

Revision history for this message
Oleg Strikov (strikov-deactivatedaccount) wrote :

They have updated certs in trunk:
http://mail-archives.apache.org/mod_mbox/tomcat-dev/201502.mbox/%<email address hidden>%3E
We may just pick them up.

Revision history for this message
Oleg Strikov (strikov-deactivatedaccount) wrote :

Some part of bugs disappear when I put updated certs (with expiration date in 2017) from here:
https://github.com/apache/tomcat/test/org/apache/tomcat/util/net/{localhost-cert.pem, localhost-copy1.jks, localhost.jks, localhost-key.pem}

Revision history for this message
Matthias Klose (doko) wrote :

so can we disable the sslv3 tests then? the alternative would be to keep sslv3 enabled in openjdk-7

Bug Watch Updater (bug-watch-updater)
Changed in tomcat7 (Debian):
status: New → Fix Released
Oleg Strikov (strikov-deactivatedaccount)
Changed in tomcat7 (Ubuntu Vivid):
status: Confirmed → Fix Released
Matthias Klose (doko)
summary: - tomcat7 ftbfs in vivd (test failures)
+ tomcat7 ftbfs in trusty and vivid (test failures)
Mathew Hodson (mhodson)
Changed in tomcat7 (Ubuntu):
milestone: ubuntu-15.03 → none
Revision history for this message
Joshua Powers (powersj) wrote :

Trusty is building correctly:
https://launchpad.net/ubuntu/+source/tomcat7/7.0.52-1ubuntu0.10

Changed in tomcat7 (Ubuntu Trusty):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.