Ubuntu
ca-certificates-java package

Error adding certificates to the keystore on the first install

Bug #289934 reported by Matthias Klose
36
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ca-certificates-java (Ubuntu)
Fix Released
Low
Matthias Klose
Intrepid
Fix Released
Low
Matthias Klose

Bug Description

Binary package hint: ca-certificates-java

New problem filed in fixed report; continuing in a new report.
https://bugs.edge.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/289091/comments/5

Configuro ca-certificates-java (20080712ubuntu3) ...
creating /etc/ssl/certs/java/cacerts...
Errore keytool: java.lang.Exception: Impossibile importare il certificato, l'alias <brasil_gov_br> è già esistente
  error adding brasil.gov.br/brasil.gov.br.crt
Errore keytool: java.lang.Exception: Impossibile importare il certificato, l'alias <abaecom_sub_am_bankers_assn_root_ca> è già esistente
  error adding mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt
Errore keytool: java.lang.Exception: Impossibile importare il certificato, l'alias <aol_time_warner_root_certification_authority_1> è già esistente
  error adding mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt

Revision history for this message
Matthias Klose (doko) wrote :

That is something else; the original report was about missing certificate files on the file system, but (still) mentioned in /etc/ca-certificates.conf.

please could you attach the files /etc/ssl/certs/java/cacerts and /etc/ca-certificates.conf ?

Changed in ca-certificates-java:
importance: Undecided → High
status: New → Incomplete
assignee: nobody → doko
milestone: none → ubuntu-8.10
Revision history for this message
Luca Carrogu (motoplux) wrote :

my /etc/ca-certificates.conf

Revision history for this message
Luca Carrogu (motoplux) wrote :

my /etc/ssl/certs/java/cacerts

Revision history for this message
Matthias Klose (doko) wrote :

can't reproduce this behaviour; the postinst uses a fresh (pregenerated) cacerts file, and the postinst succeeds with your ca-certificates.conf. Did you change anything in /etc/default/cacerts ?

Revision history for this message
Luca Carrogu (motoplux) wrote :

my /etc/default/cacerts.
I didn't change anything. All happened since the #289091 bug was filled, that's why I wrote there. I thought it was my same problem

Revision history for this message
Matthias Klose (doko) wrote :

please could you check out the following:

 - save your existing config:
   sudo tar cfz ~/saved-caconfig.tar.gz /etc/default/cacerts* /etc/ssl/certs/java /etc/ca-certificates.conf

- purge the ca-certificates and ca-certificates-java packages:
  sudo dpkg -P --force-depends ca-certificates ca-certificates-java

- reinstall these packages:
  sudo apt-get -f install

and report, if the install succeeds?

Revision history for this message
Luca Carrogu (motoplux) wrote :

no way. still the same:
Configuro ca-certificates (20080514-0ubuntu1) ...
Updating certificates in /etc/ssl/certs....done.
Running hooks in /etc/ca-certificates/update.d....done.

Configuro ca-certificates-java (20080712ubuntu3) ...
creating /etc/ssl/certs/java/cacerts...
Errore keytool: java.lang.Exception: Impossibile importare il certificato, l'alias <brasil_gov_br> è già esistente
  error adding brasil.gov.br/brasil.gov.br.crt
... and so on...

Revision history for this message
Matthias Klose (doko) wrote :

turns out, that the user has set LC_ALL=it_IT.UTF-8 for the root account, which is not done by us. The keytool command can be prefixed with LC_ALL=C to workaround this, but maybe it's not necessary to do this before release, because it only affects people with this "custom" setting.

Changed in ca-certificates-java:
status: Incomplete → Triaged
Matthias Klose (doko)
Changed in ca-certificates-java:
importance: High → Low
milestone: ubuntu-8.10 → none
Revision history for this message
Nikolaus Filus (nfilus) wrote :

I had the same problem, but my root account has only:

 LANG="en_US.UTF-8"
 LANGUAGE="en_US:en_GB:en"
 LC_CTYPE="de_DE.UTF8"
 LC_TIME="de_DE.UTF8"

setting LC_ALL=C and re-runing "dpkg --configure -a" solved my problem.

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in ca-certificates-java:
status: Triaged → Fix Committed
Revision history for this message
Sven Hoffmeister (schaumkeks) wrote :

ca-certificates-java 20080712ubuntu4 fixed the issue for me

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ca-certificates-java - 20081028

---------------
ca-certificates-java (20081028) unstable; urgency=low

  * Ignore LANG and LC_ALL setting when running keytool. LP: #289934.

ca-certificates-java (20081027) unstable; urgency=medium

  * Merge from Ubuntu:
    - Don't try to import certificates, which are listed in
      /etc/ca-certificates.conf, but not available on the system.
      Just warn about those. LP: #289091.
    - Need to run keytool, when the jre is unpacked, but not yet configured.
      Create a temporary jvm.cfg for the time in that postinst and the
      jks-keystore.hook are run, and remove it afterwards. LP: #289199.

ca-certificates-java (20081024) unstable; urgency=low

  * Install /etc/default/cacerts with mode 600.

ca-certificates-java (20081022) unstable; urgency=low

  * debian/jks-keystore.hook:
    - Don't stop after first error during the update. LP: #244412.
      Closes: #489748.
    - Call keytool with -noprompt.
  * On initial install, add locally added certificates. LP: #244410.
    Closes: #489748.
  * Install /etc/default/cacerts to set options:
    - storepass, holding the password for the keystore.
    - updates, to enable/disable updates of the keystore.
  * Only use the keytool command from OpenJDK or Sun Java. Closes: #496587.

 -- Matthias Klose <email address hidden> Wed, 05 Nov 2008 16:02:56 +0000

Changed in ca-certificates-java:
status: Triaged → Fix Released
Revision history for this message
Matthias Klose (doko) wrote :

checked that 20080712ubuntu4 ignores the locale setting and works despite the locale set by the user.

Revision history for this message
seenxu (seenxu) wrote :

It seems that in the 8.10 repositroy, still don't have ca-certificates-java (20081028) fix, but Nikolaus's method works for me.

thx

Revision history for this message
Matteo Scotuzzi (matteo.s) wrote :

as seen_xu@... wrote the package in 8.10 repositroy still doesn't work but Nikolaus's method works

Do you think that rolling back LC_ALL to the previous value will break something?

Revision history for this message
seenxu (seenxu) wrote :

@scotu

I don't think so, but to make sure, after you correct it, reboot your pc, and the temporary LC_ALL value will be removed and back to normal.

Revision history for this message
Andreas Wenning (andreas-wenning) wrote :

The 20080712ubuntu4 version in intrepid-proposed works. Having LC_ALL=de_DE.UTF-8 and the installation will fail using 20080712ubuntu3; with 20080712ubuntu4 it works despite the locale setting.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ca-certificates-java - 20080712ubuntu4

---------------
ca-certificates-java (20080712ubuntu4) intrepid-proposed; urgency=low

  * Ignore LANG and LC_ALL setting when running keytool. LP: #289934.

 -- Matthias Klose <email address hidden> Sat, 01 Nov 2008 13:32:42 +0100

Changed in ca-certificates-java:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.