Ubuntu
ca-certificates-java package

  1. Bug #2019908
  2. Activity log

Activity log for bug #2019908

Date Who What changed Old value New value Message
2023-05-17 01:12:36 Eswar bug added bug
2023-05-17 02:28:27 Vladimir Petko attachment added ca-certificates-fail.log https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673408/+files/ca-certificates-fail.log
2023-05-17 02:29:26 Vladimir Petko tags fr-4364
2023-05-17 02:48:32 Vladimir Petko description From May-16 below is failing: RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \ openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [Impact] Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal: - removes dependency on JRE - fixes command line for keytool call - add autopkgtests [Test Plan] - autopkgtests must pass for all platforms [Where problems could occur] A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates. Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues
2023-05-17 02:51:27 Vladimir Petko description [Impact] Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal: - removes dependency on JRE - fixes command line for keytool call - add autopkgtests [Test Plan] - autopkgtests must pass for all platforms [Where problems could occur] A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates. Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [Impact] Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms [Where problems could occur]  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues
2023-05-17 02:51:56 Vladimir Petko ca-certificates-java (Ubuntu): assignee Vladimir Petko (vpa1977)
2023-05-17 04:19:07 Launchpad Janitor ca-certificates-java (Ubuntu): status New Confirmed
2023-05-17 04:48:21 Vladimir Petko description [Impact] Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms [Where problems could occur]  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [Impact] Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms [Where problems could occur]  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues
2023-05-17 06:56:37 Vladimir Petko description [Impact] Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms [Where problems could occur]  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms [Where problems could occur]  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893
2023-05-17 09:49:22 Jan Stürtz bug added subscriber Jan Stürtz
2023-05-17 11:18:11 mbentley bug added subscriber mbentley
2023-05-17 22:51:14 Vladimir Petko description [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms [Where problems could occur]  A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.  Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms - Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk ----------------------cut------------------------------------ for release in bionic focal jammy kinetic; do echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!! lxc launch images:ubuntu/${release} lp2019908 lxc exec lp2019908 -- apt install software-properties-common lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch lxc exec lp2019908 -- apt-get update lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless lxc stop lp2019908 lxc delete lp2019908 echo !!!!!!TEST DONE for ${release}!!!!!!!!! done ----------------------cut------------------------------------ [Where problems could occur]  The fix copies java.security but do not touch other files. While this release can be tested, we are not protected from similiar regressions. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893
2023-05-17 22:52:34 Vladimir Petko attachment added ca-certificates-java-jammy.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673653/+files/ca-certificates-java-jammy.patch
2023-05-17 22:58:58 Vladimir Petko attachment added ca-certificates-java-jammy.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673654/+files/ca-certificates-java-jammy.patch
2023-05-17 23:02:59 Vladimir Petko attachment added ca-certificates-java-kinetic.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673669/+files/ca-certificates-java-kinetic.patch
2023-05-17 23:07:11 Vladimir Petko attachment added ca-certificates-java-focal.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673670/+files/ca-certificates-java-focal.patch
2023-05-17 23:11:29 Vladimir Petko attachment added ca-certificates-java-bionic.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673671/+files/ca-certificates-java-bionic.patch
2023-05-17 23:11:50 Vladimir Petko attachment added ca-certificates-java-bionic.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673672/+files/ca-certificates-java-bionic.patch
2023-05-17 23:15:56 Vladimir Petko attachment added focal.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673674/+files/focal.txt
2023-05-17 23:16:11 Vladimir Petko attachment added jammy.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673675/+files/jammy.txt
2023-05-17 23:16:56 Vladimir Petko description [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms - Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk ----------------------cut------------------------------------ for release in bionic focal jammy kinetic; do echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!! lxc launch images:ubuntu/${release} lp2019908 lxc exec lp2019908 -- apt install software-properties-common lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch lxc exec lp2019908 -- apt-get update lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless lxc stop lp2019908 lxc delete lp2019908 echo !!!!!!TEST DONE for ${release}!!!!!!!!! done ----------------------cut------------------------------------ [Where problems could occur]  The fix copies java.security but do not touch other files. While this release can be tested, we are not protected from similiar regressions. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Immediate fix: - copy java.security.dpkg-new to java.security if .dpkg-new file is present but java.security is not. Long term fix: Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms  - Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk ----------------------cut------------------------------------ for release in bionic focal jammy kinetic; do     echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!     lxc launch images:ubuntu/${release} lp2019908     lxc exec lp2019908 -- apt install software-properties-common     lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch     lxc exec lp2019908 -- apt-get update     lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless     lxc stop lp2019908     lxc delete lp2019908     echo !!!!!!TEST DONE for ${release}!!!!!!!!! done ----------------------cut------------------------------------ [Where problems could occur]  The fix copies java.security but do not touch other files.  While this release can be tested, we are not protected from similiar regressions. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893
2023-05-17 23:17:10 Vladimir Petko description [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Immediate fix: - copy java.security.dpkg-new to java.security if .dpkg-new file is present but java.security is not. Long term fix: Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms  - Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk ----------------------cut------------------------------------ for release in bionic focal jammy kinetic; do     echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!     lxc launch images:ubuntu/${release} lp2019908     lxc exec lp2019908 -- apt install software-properties-common     lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch     lxc exec lp2019908 -- apt-get update     lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless     lxc stop lp2019908     lxc delete lp2019908     echo !!!!!!TEST DONE for ${release}!!!!!!!!! done ----------------------cut------------------------------------ [Where problems could occur]  The fix copies java.security but do not touch other files.  While this release can be tested, we are not protected from similiar regressions. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 [Impact] Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment) A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected. [Suggested Fix] Immediate fix:  - copy java.security.dpkg-new to java.security if .dpkg-new file is present but java.security is not. Long term fix: Backport  - https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150 This merge proposal:  - removes dependency on JRE  - fixes command line for keytool call  - add autopkgtests [Test Plan]  - autopkgtests must pass for all platforms  - Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk ----------------------cut------------------------------------ for release in bionic focal jammy kinetic; do     echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!     lxc launch images:ubuntu/${release} lp2019908     lxc exec lp2019908 -- apt install software-properties-common     lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch     lxc exec lp2019908 -- apt-get update     lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless     lxc stop lp2019908     lxc delete lp2019908     echo !!!!!!TEST DONE for ${release}!!!!!!!!! done ----------------------cut------------------------------------ [Where problems could occur]  The fix copies java.security but do not touch other files.  While this release can be tested, we are not protected from similiar regressions. [Original report] From May-16 below is failing: RUN apt-get update && \     DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \     openjdk-17-jre-headless #7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 111.9 at java.base/java.security.Security.initialize(Security.java:106) #7 111.9 at java.base/java.security.Security$1.run(Security.java:84) #7 111.9 at java.base/java.security.Security$1.run(Security.java:82) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82) #7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 111.9 dpkg: error processing package ca-certificates-java (--configure): #7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64: #7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however: #7 111.9 Package ca-certificates-java is not configured yet. #7 111.9 #7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure): #7 111.9 dependency problems - leaving unconfigured #7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ... #7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ... #7 111.9 Updating certificates in /etc/ssl/certs... #7 112.2 0 added, 0 removed; done. #7 112.2 Running hooks in /etc/ca-certificates/update.d... #7 112.2 #7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 112.2 at java.base/java.security.Security.initialize(Security.java:106) #7 112.2 at java.base/java.security.Security$1.run(Security.java:84) #7 112.2 at java.base/java.security.Security$1.run(Security.java:82) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82) #7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) #7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) #7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) #7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55) #7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50) #7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65) #7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 112.2 done. #7 112.3 Errors were encountered while processing: #7 112.3 ca-certificates-java #7 112.3 openjdk-17-jre-headless:arm64 #7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1) ======================== looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/ and its causing issues [1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893
2023-05-17 23:17:29 Vladimir Petko attachment added kinetic.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673676/+files/kinetic.txt
2023-05-18 00:06:39 Vladimir Petko attachment added bionic.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673677/+files/bionic.txt
2023-05-18 00:15:51 Ubuntu Foundations Team Bug Bot tags fr-4364 fr-4364 patch
2023-05-18 00:15:58 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Sponsors Team
2023-05-18 02:32:36 Steve Beattie ca-certificates-java (Ubuntu): status Confirmed In Progress
2023-05-18 03:31:50 Vladimir Petko attachment added test-all.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673712/+files/test-all.txt
2023-05-18 05:25:53 Vladimir Petko attachment added bionic.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673742/+files/bionic.txt
2023-05-18 06:59:17 Vladimir Petko attachment added all-upgrade.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673751/+files/all-upgrade.txt
2023-05-18 14:26:54 Launchpad Janitor ca-certificates-java (Ubuntu): status In Progress Fix Released
2023-05-18 14:26:54 Launchpad Janitor ca-certificates-java (Ubuntu): status In Progress Fix Released
2023-05-18 14:26:55 Launchpad Janitor ca-certificates-java (Ubuntu): status In Progress Fix Released