2023-05-17 01:12:36 |
Eswar |
bug |
|
|
added bug |
2023-05-17 02:28:27 |
Vladimir Petko |
attachment added |
|
ca-certificates-fail.log https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673408/+files/ca-certificates-fail.log |
|
2023-05-17 02:29:26 |
Vladimir Petko |
tags |
|
fr-4364 |
|
2023-05-17 02:48:32 |
Vladimir Petko |
description |
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
|
2023-05-17 02:51:27 |
Vladimir Petko |
description |
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
|
2023-05-17 02:51:56 |
Vladimir Petko |
ca-certificates-java (Ubuntu): assignee |
|
Vladimir Petko (vpa1977) |
|
2023-05-17 04:19:07 |
Launchpad Janitor |
ca-certificates-java (Ubuntu): status |
New |
Confirmed |
|
2023-05-17 04:48:21 |
Vladimir Petko |
description |
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
|
2023-05-17 06:56:37 |
Vladimir Petko |
description |
[Impact]
Due to OpenJDK changes it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
|
2023-05-17 09:49:22 |
Jan Stürtz |
bug |
|
|
added subscriber Jan Stürtz |
2023-05-17 11:18:11 |
mbentley |
bug |
|
|
added subscriber mbentley |
2023-05-17 22:51:14 |
Vladimir Petko |
description |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
[Where problems could occur]
A java version which does not contain a call to ca-certificates-java trigger will not update/refresh certificates.
Those are 13(focal), 16 (focal) 18 (jammy and up), 19 (jammy and up). They are no longer supported and this behaviour can be ignored.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
- Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk
----------------------cut------------------------------------
for release in bionic focal jammy kinetic; do
echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!
lxc launch images:ubuntu/${release} lp2019908
lxc exec lp2019908 -- apt install software-properties-common
lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch
lxc exec lp2019908 -- apt-get update
lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless
lxc stop lp2019908
lxc delete lp2019908
echo !!!!!!TEST DONE for ${release}!!!!!!!!!
done
----------------------cut------------------------------------
[Where problems could occur]
The fix copies java.security but do not touch other files.
While this release can be tested, we are not protected from similiar regressions.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
|
2023-05-17 22:52:34 |
Vladimir Petko |
attachment added |
|
ca-certificates-java-jammy.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673653/+files/ca-certificates-java-jammy.patch |
|
2023-05-17 22:58:58 |
Vladimir Petko |
attachment added |
|
ca-certificates-java-jammy.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673654/+files/ca-certificates-java-jammy.patch |
|
2023-05-17 23:02:59 |
Vladimir Petko |
attachment added |
|
ca-certificates-java-kinetic.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673669/+files/ca-certificates-java-kinetic.patch |
|
2023-05-17 23:07:11 |
Vladimir Petko |
attachment added |
|
ca-certificates-java-focal.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673670/+files/ca-certificates-java-focal.patch |
|
2023-05-17 23:11:29 |
Vladimir Petko |
attachment added |
|
ca-certificates-java-bionic.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673671/+files/ca-certificates-java-bionic.patch |
|
2023-05-17 23:11:50 |
Vladimir Petko |
attachment added |
|
ca-certificates-java-bionic.patch https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673672/+files/ca-certificates-java-bionic.patch |
|
2023-05-17 23:15:56 |
Vladimir Petko |
attachment added |
|
focal.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673674/+files/focal.txt |
|
2023-05-17 23:16:11 |
Vladimir Petko |
attachment added |
|
jammy.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673675/+files/jammy.txt |
|
2023-05-17 23:16:56 |
Vladimir Petko |
description |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
- Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk
----------------------cut------------------------------------
for release in bionic focal jammy kinetic; do
echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!
lxc launch images:ubuntu/${release} lp2019908
lxc exec lp2019908 -- apt install software-properties-common
lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch
lxc exec lp2019908 -- apt-get update
lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless
lxc stop lp2019908
lxc delete lp2019908
echo !!!!!!TEST DONE for ${release}!!!!!!!!!
done
----------------------cut------------------------------------
[Where problems could occur]
The fix copies java.security but do not touch other files.
While this release can be tested, we are not protected from similiar regressions.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Immediate fix:
- copy java.security.dpkg-new to java.security if .dpkg-new file is present but java.security is not.
Long term fix:
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
- Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk
----------------------cut------------------------------------
for release in bionic focal jammy kinetic; do
echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!
lxc launch images:ubuntu/${release} lp2019908
lxc exec lp2019908 -- apt install software-properties-common
lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch
lxc exec lp2019908 -- apt-get update
lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless
lxc stop lp2019908
lxc delete lp2019908
echo !!!!!!TEST DONE for ${release}!!!!!!!!!
done
----------------------cut------------------------------------
[Where problems could occur]
The fix copies java.security but do not touch other files.
While this release can be tested, we are not protected from similiar regressions.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
|
2023-05-17 23:17:10 |
Vladimir Petko |
description |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Immediate fix:
- copy java.security.dpkg-new to java.security if .dpkg-new file is present but java.security is not.
Long term fix:
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
- Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk
----------------------cut------------------------------------
for release in bionic focal jammy kinetic; do
echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!
lxc launch images:ubuntu/${release} lp2019908
lxc exec lp2019908 -- apt install software-properties-common
lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch
lxc exec lp2019908 -- apt-get update
lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless
lxc stop lp2019908
lxc delete lp2019908
echo !!!!!!TEST DONE for ${release}!!!!!!!!!
done
----------------------cut------------------------------------
[Where problems could occur]
The fix copies java.security but do not touch other files.
While this release can be tested, we are not protected from similiar regressions.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Immediate fix:
- copy java.security.dpkg-new to java.security if .dpkg-new file is present but java.security is not.
Long term fix:
Backport
- https://code.launchpad.net/~vpa1977/ubuntu/+source/ca-certificates-java/+git/ca-certificates-java/+merge/438150
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
- Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk
----------------------cut------------------------------------
for release in bionic focal jammy kinetic; do
echo !!!!!!!!!!!!!!${release}!!!!!!!!!!!!!!!!!!!!
lxc launch images:ubuntu/${release} lp2019908
lxc exec lp2019908 -- apt install software-properties-common
lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/ca-certificates-java-patch
lxc exec lp2019908 -- apt-get update
lxc exec lp2019908 -- apt-get -y install openjdk-17-jre-headless
lxc stop lp2019908
lxc delete lp2019908
echo !!!!!!TEST DONE for ${release}!!!!!!!!!
done
----------------------cut------------------------------------
[Where problems could occur]
The fix copies java.security but do not touch other files.
While this release can be tested, we are not protected from similiar regressions.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install --yes --no-install-recommends \
openjdk-17-jre-headless
#7 111.8 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory
#7 111.9 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 111.9 at java.base/java.security.Security.initialize(Security.java:106)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:84)
#7 111.9 at java.base/java.security.Security$1.run(Security.java:82)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 111.9 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 111.9 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 111.9 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 111.9 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 111.9 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 111.9 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 111.9 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 111.9 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 111.9 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 111.9 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 111.9 dpkg: error processing package ca-certificates-java (--configure):
#7 111.9 installed ca-certificates-java package post-installation script subprocess returned error exit status 1
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-17-jre-headless:arm64:
#7 111.9 openjdk-17-jre-headless:arm64 depends on ca-certificates-java (>= 20190405~); however:
#7 111.9 Package ca-certificates-java is not configured yet.
#7 111.9
#7 111.9 dpkg: error processing package openjdk-17-jre-headless:arm64 (--configure):
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu0.22.04.1) ...
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-certificates/update.d...
#7 112.2
#7 112.2 Exception in thread "main" java.lang.InternalError: Error loading java.security file
#7 112.2 at java.base/java.security.Security.initialize(Security.java:106)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:84)
#7 112.2 at java.base/java.security.Security$1.run(Security.java:82)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/java.security.Security.<clinit>(Security.java:82)
#7 112.2 at java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
#7 112.2 at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
#7 112.2 at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
#7 112.2 at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
#7 112.2 at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
#7 112.2 at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
#7 112.2 at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
#7 112.2 at org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
#7 112.2 at org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
#7 112.2 at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)
#7 112.2 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates-java
#7 112.3 openjdk-17-jre-headless:arm64
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
========================
looks like packages are updated on May-16 http://security.ubuntu.com/ubuntu/pool/universe/o/openjdk-17/
and its causing issues
[1] https://github.com/openjdk/jdk17u/commit/4be52ee572e4fd65f2ac66d5e78c711c8eb6a61e#diff-4d6411695be3dc177d5f0e85c5051c7cfca24c54e22518281b7d26fd858d1893 |
|
2023-05-17 23:17:29 |
Vladimir Petko |
attachment added |
|
kinetic.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673676/+files/kinetic.txt |
|
2023-05-18 00:06:39 |
Vladimir Petko |
attachment added |
|
bionic.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673677/+files/bionic.txt |
|
2023-05-18 00:15:51 |
Ubuntu Foundations Team Bug Bot |
tags |
fr-4364 |
fr-4364 patch |
|
2023-05-18 00:15:58 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Sponsors Team |
2023-05-18 02:32:36 |
Steve Beattie |
ca-certificates-java (Ubuntu): status |
Confirmed |
In Progress |
|
2023-05-18 03:31:50 |
Vladimir Petko |
attachment added |
|
test-all.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673712/+files/test-all.txt |
|
2023-05-18 05:25:53 |
Vladimir Petko |
attachment added |
|
bionic.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673742/+files/bionic.txt |
|
2023-05-18 06:59:17 |
Vladimir Petko |
attachment added |
|
all-upgrade.txt https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908/+attachment/5673751/+files/all-upgrade.txt |
|
2023-05-18 14:26:54 |
Launchpad Janitor |
ca-certificates-java (Ubuntu): status |
In Progress |
Fix Released |
|
2023-05-18 14:26:54 |
Launchpad Janitor |
ca-certificates-java (Ubuntu): status |
In Progress |
Fix Released |
|
2023-05-18 14:26:55 |
Launchpad Janitor |
ca-certificates-java (Ubuntu): status |
In Progress |
Fix Released |
|