Possible to install (and trigger postinstall) of ca-certificates-java before Java has been installed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
One Hundred Papercuts |
Fix Released
|
High
|
Unassigned | ||
ca-certificates-java (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
1. Steps to reproduce:
Depending on which packages you select for installation, it is possible the postinstall and trigger for ca-certificates
$ sudo apt install maven openjdk-8-jdk
where the issue is reproducible. Running this on an out-of-the-box system, for instance a VM will trigger the issue.
See installation.txt for the full output of running this command, but the important section is this one:
Setting up ca-certificates
/var/lib/
/var/lib/
done.
(...)
Processing triggers for ca-certificates (20141019) ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-
/etc/ca-
E: /etc/ca-
done.
Setting up openjdk-
update-
update-
2. Expected behaviour:
Packages are installed in the correct order so that they can assume their dependencies are present when for instance attempting to run postinstall. (So I don't really know whether this issue is truly caused by ca-certificates
3. Actual behaviour:
As we see both the postinstall and trigger is attempted run before java has been installed, which results in /etc/ssl/certs/java being an empty directory. Effectively this means Java doesn't know any certificates so for instance creating a connection to an HTTPS-url will fail.
4. Attempted workaround:
As a workaround, I figured I could reinstall ca-certificates
$ sudo apt install ca-certificates --reinstall
(...)
Processing triggers for ca-certificates (20141019) ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-
done.
While this gives me the cacerts file at /etc/ssl/
$ keytool -list -keystore /etc/ssl/
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries
(The default keystore password is of course "changeit")
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: ca-certificates
ProcVersionSign
Uname: Linux 3.16.0-28-generic x86_64
ApportVersion: 2.15.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Dec 30 10:18:52 2014
InstallationDate: Installed on 2014-12-19 (10 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20141211)
PackageArchitec
SourcePackage: ca-certificates
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
Changed in ca-certificates-java (Ubuntu): | |
importance: | Undecided → High |
Changed in hundredpapercuts: | |
status: | New → Confirmed |
importance: | Undecided → High |
I briefly tried to see if I could reproduce this on Debian too, but on my Debian testing system I found Java was installed by default and thus set up in the right way out of the box. :/
I also found some variations in bug 983302 and bug 1396760 which ended up in the same situation as this issue.