Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
FWIW, I can still reproduce the problem with Debian 10 (yeah I know, I should upgrade :), by attempting to install build-essential and openjdk-11-jre-headless in one apt-get invocation. E.g. using a simple Dockerfile: == FROM debian:10 RUN DEBIAN_FRONTEND=noninteractive apt-get -q -y update RUN DEBIAN_FRONTEND=noninteractive apt-get -q -y upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -q -y install build-essential openjdk-11-jre-headless == Results in: == ... #7 21.52 Setting up ca-certificates-java (20190405) ... #7 21.55 head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or directory #7 21.62 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 21.62at java.base/java.security.Security.initialize(Security.java:94) #7 21.62at java.base/java.security.Security$1.run(Security.java:79) #7 21.62at java.base/java.security.Security$1.run(Security.java:77) #7 21.62at java.base/java.security.AccessController.doPrivileged(Native Method) #7 21.62at java.base/java.security.Security.(Security.java:77) #7 21.62at java.base/sun.security.jca.ProviderList.(ProviderList.java:176) #7 21.62at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 21.62at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:92) #7 21.62at java.base/java.security.AccessController.doPrivileged(Native Method) #7 21.62at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:91) #7 21.62at java.base/sun.security.jca.Providers.(Providers.java:54) #7 21.62at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 21.62at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 21.62at org.debian.security.KeyStoreHandler.(KeyStoreHandler.java:50) #7 21.62at org.debian.security.UpdateCertificates.(UpdateCertificates.java:65) #7 21.62at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 21.64 dpkg: error processing package ca-certificates-java (--configure): #7 21.64 installed ca-certificates-java package post-installation script subprocess returned error exit status 1 #7 21.64 dpkg: dependency problems prevent configuration of openjdk-11-jre-headless:amd64: #7 21.64 openjdk-11-jre-headless:amd64 depends on ca-certificates-java (>= 20190405~); however: #7 21.64 Package ca-certificates-java is not configured yet. #7 21.64 #7 21.64 dpkg: error processing package openjdk-11-jre-headless:amd64 (--configure): #7 21.64 dependency problems - leaving unconfigured #7 21.64 Processing triggers for libc-bin (2.28-10+deb10u2) ... #7 21.66 Processing triggers for ca-certificates (20200601~deb10u2) ... #7 21.67 Updating certificates in /etc/ssl/certs... #7 22.04 0 added, 0 removed; done. #7 22.04 Running hooks in /etc/ca-certificates/update.d... #7 22.04 #7 22.12 Exception in thread "main" java.lang.InternalError: Error loading java.security file #7 22.12at java.base/java.security.Security.initialize(Security.java:94) #7 22.12at java.base/java.security.Security$1.run(Security.java:79) #7 22.12at java.base/java.security.Security$1.run(Security.java:77) #7 22.12at java.base/java.security.AccessController.doPrivileged(Native Method) #7 22.12at java.base/java.security.Security.(Security.java:77) #7 22.12at java.base/sun.security.jca.ProviderList.(ProviderList.java:176) #7 22.12at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) #7 22.12at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:92) #7 22.12at java.base/java.security.AccessController.doPrivileged(Native Method) #7 22.12at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:91) #7 22.12at java.base/sun.security.jca.Providers.(Providers.java:54) #7 22.12at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) #7 22.12at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) #7 22.12at org.debian.security.KeyStoreHandler.(KeyStoreHandler.java:50) #7 22.12at org.debian.security.UpdateCertificates.(UpdateCertificates.java:65) #7 22.12at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) #7 22.13 E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. #7 22.13 done. #7 22.15 Errors were encountered while processing: #7 22.15 ca-certificates-java #7 22.15 openjdk-11-jre-headless:amd64 #7 22.17 E: Sub-process /usr/bin/dpkg returned an error code (1)
Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
my apologies if this doesn't post correctly, ive not posted here before. I am just trying to help how i can, to give visibility into the current state This appears to build properly for me. # debian-12.2.0-amd64-netinst.iso# Clean Install via VMware VM: EFI+Secure boot# apt-get update && apt-get upgrade -y# apt-get install -y openjdk-17-jre-headless git ca-certificates-java #apt-get update && apt-get upgrade -yHit:1 http://security.debian.org/debian-security bookworm-security InReleaseHit:2 http://http.us.debian.org/debian bookworm InReleaseHit:3 http://http.us.debian.org/debian bookworm-updates InReleaseReading package lists... DoneReading package lists... DoneBuilding dependency tree... DoneReading state information... DoneCalculating upgrade... Done0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.# apt-get install -y openjdk-17-jre-headless git ca-certificates-javaReading package lists... DoneBuilding dependency tree... DoneReading state information... DoneThe following additional packages will be installed: alsa-topology-conf alsa-ucm-conf git-man java-common libasound2 libasound2-data libavahi-client3 libavahi-common-data libavahi-common3 libcups2 liberror-perl libgraphite2-3 libharfbuzz0b liblcms2-2 libnspr4 libnss3 libpcsclite1Suggested packages: git-daemon-run | git-daemon-sysvinit git-doc git-email git-gui gitk gitweb git-cvs git-mediawiki git-svn default-jre libasound2-plugins alsa-utils cups-common liblcms2-utils pcscd libnss-mdns fonts-dejavu-extra fonts-ipafont-gothic fonts-ipafont-mincho fonts-wqy-microhei | fonts-wqy-zenhei fonts-indicThe following NEW packages will be installed: alsa-topology-conf alsa-ucm-conf ca-certificates-java git git-man java-common libasound2 libasound2-data libavahi-client3 libavahi-common-data libavahi-common3 libcups2 liberror-perl libgraphite2-3 libharfbuzz0b liblcms2-2 libnspr4 libnss3 libpcsclite1 openjdk-17-jre-headless0 upgraded, 20 newly installed, 0 to remove and 0 not upgraded.Need to get 57.6 MB of archives.After this operation, 253 MB of additional disk space will be used.Get:1 http://http.us.debian.org/debian bookworm/main amd64 alsa-topology-conf all 1.2.5.1-2 [15.2 kB]Get:2 http://http.us.debian.org/debian bookworm/main amd64 libasound2-data all 1.2.8-1 [20.5 kB]Get:3 http://http.us.debian.org/debian bookworm/main amd64 libasound2 amd64 1.2.8-1+b1 [362 kB]Get:4 http://http.us.debian.org/debian bookworm/main amd64 alsa-ucm-conf all 1.2.8-1 [51.7 kB]Get:5 http://http.us.debian.org/debian bookworm/main amd64 java-common all 0.74 [6,388 B]Get:6 http://http.us.debian.org/debian bookworm/main amd64 libavahi-common-data amd64 0.8-10 [107 kB]Get:7 http://http.us.debian.org/debian bookworm/main amd64 libavahi-common3 amd64 0.8-10 [41.6 kB]Get:8 http://http.us.debian.org/debian bookworm/main amd64 libavahi-client3 amd64 0.8-10 [45.5 kB]Get:9 http://http.us.debian.org/debian bookworm/main amd64 libcups2 amd64 2.4.2-3+deb12u4 [244 kB]Get:10 http://http.us.debian.org/debian bookworm/main amd64 liblcms2-2 amd64 2.14-2 [154 kB]Get:11 http://http.us.debian.org/debian bookworm/main amd64 libnspr4 amd64 2:4.35-1 [113 kB]Get:12 http://http.us.debian.org/debian bookworm/main amd64 libnss3 amd64 2:3.87.1-1 [1,331 kB]Get:13 http://http.us.debian.org/debian bookworm/main amd64 libgraphite2-3 amd64 1.3.14-1 [81.2 kB]Get:14 http://http.us.debian.org/debian bookworm/main amd64 libharfbuzz0b amd64 6.0.0+dfsg-3 [1,945 kB]Get:15 http://http.us.debian.org/debian bookworm/main amd64 libpcsclite1 amd64 1.9.9-2 [49.7 kB]Get:16 http://http.us.debian.org/debian bookworm/main amd64 openjdk-17-jre-headless amd64 17.0.8+7-1~deb12u1 [43.8 MB]Get:17 http://http.us.debian.org/debian bookworm/main amd64 ca-certificates-java all 20230620~deb12u1 [11.6 kB]Get:18 http://http.us.debian.org/debian bookworm/main amd64 liberror-perl all 0.17029-2 [29.0 kB]Get:19 http://http.us.debian.org/debian bookworm/main amd64 git-man all 1:2.39.2-1.1 [2,049 kB]Get:20 http://http.us.debian.org/debian bookworm/main amd64 git amd64 1:2.39.2-1.1 [7,171 kB]Fetched 57.6 MB in 42s (1,365 kB/s)Selecting previously unselected package alsa-topology-conf.(Reading database ... 37816 files and directories currently installed.)Preparing to unpack .../00-alsa-topology-conf_1.2.5.1-2_all.deb ...Unpacking alsa-topology-conf (1.2.5.1-2) ...Selecting previously unselected package libasound2-data.Preparing to unpack .../01-libasound2-data_1.2.8-1_all.deb ...Unpacking libasound2-data (1.2.8-1) ...Selecting previously unselected package libasound2:amd64.Preparing to unpack .../02-libasound2_1.2.8-1+b1_amd64.deb ...Unpacking libasound2:amd64 (1.2.8-1+b1) ...Selecting previously unselected package alsa-ucm-conf.Preparing to unpack .../03-alsa-ucm-conf_1.2.8-1_all.deb ...Unpacking alsa-ucm-conf (1.2.8-1) ...Selecting previously unselected package java-common.Preparing to unpack .../04-java-common_0.74_all.deb ...Unpacking java-common (0.74)
Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
I haven't been able to reproduce this on a Debian 12 container. For those that are still seeing this problem, is it always reproducible? If there is a race, is there a way to force this (e.g. via apt settings or manual package install ordering with dpkg etc.)? Thanks, Tim.
Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
The fixed version has been in Testing for over a week now. Does another step remain in order to get it into Stable or Backports? This is blocking the installation of the java runtime on Bookworm systems (unless, presumably, they upgraded from Bullseye and already had it).
Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
hi, On Wed, Jul 12, 2023 at 01:21:26PM +, Sijmen Mulder wrote: > Should this ben in stable yet? Running > > apt-get update && > apt-get upgrade -y && > apt-get install -y openjdk-17-jre-headless git > > on a fresh debian:12 container yields > > ... > Setting up git (1:2.39.2-1.1) ... > Setting up ca-certificates-java (20230103) ... > Exception in thread "main" java.lang.InternalError: Error loading > java.security file same here, our internal CI tests fail due to a package pulling JRE and failure during install: > [2023-07-12 15:10:21] default: Setting up ca-certificates-java (20230103) > ... > [2023-07-12 15:10:21] default: Exception in thread "main" > java.lang.InternalError: Error loading java.security file > [2023-07-12 15:10:21] default:at > java.base/java.security.Security.initialize(Security.java:106) > [2023-07-12 15:10:21] default:at > java.base/java.security.Security$1.run(Security.java:84) > [2023-07-12 15:10:21] default:at > java.base/java.security.Security$1.run(Security.java:82) > [2023-07-12 15:10:21] default:at > java.base/java.security.AccessController.doPrivileged(AccessController.java:318) > [2023-07-12 15:10:21] default:at > java.base/java.security.Security.(Security.java:82) > [2023-07-12 15:10:21] default:at > java.base/sun.security.jca.ProviderList.(ProviderList.java:178) > [2023-07-12 15:10:21] default:at > java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) > [2023-07-12 15:10:21] default:at > java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) > [2023-07-12 15:10:21] default:at > java.base/java.security.AccessController.doPrivileged(AccessController.java:318) > [2023-07-12 15:10:21] default:at > java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) > [2023-07-12 15:10:21] default:at > java.base/sun.security.jca.Providers.(Providers.java:55) > [2023-07-12 15:10:21] default:at > java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) > [2023-07-12 15:10:21] default:at > java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) > [2023-07-12 15:10:21] default:at > org.debian.security.KeyStoreHandler.(KeyStoreHandler.java:50) > [2023-07-12 15:10:21] default:at > org.debian.security.UpdateCertificates.(UpdateCertificates.java:65) > [2023-07-12 15:10:21] default:at > org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) > [2023-07-12 15:10:21] default: dpkg: error processing package > ca-certificates-java (--configure): > [2023-07-12 15:10:21] default: installed ca-certificates-java package > post-installation script subprocess returned error exit status 1 > [2023-07-12 15:10:21] default: dpkg: dependency problems prevent > configuration of openjdk-17-jre-headless:amd64: > [2023-07-12 15:10:21] default: openjdk-17-jre-headless:amd64 depends on > ca-certificates-java (>= 20190405~); however: > [2023-07-12 15:10:21] default: Package ca-certificates-java is not > configured yet. bye, - michael
Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
Hi, On Wed, 12 Jul 2023 12:00:50 +0200 Matthias Klose wrote: > Version: 20230710 > > should be fixed now. Should this ben in stable yet? Running apt-get update && apt-get upgrade -y && apt-get install -y openjdk-17-jre-headless git on a fresh debian:12 container yields ... Setting up git (1:2.39.2-1.1) ... Setting up ca-certificates-java (20230103) ... Exception in thread "main" java.lang.InternalError: Error loading java.security file at java.base/java.security.Security.initialize(Security.java:106) at java.base/java.security.Security$1.run(Security.java:84) at java.base/java.security.Security$1.run(Security.java:82) at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) at java.base/java.security.Security.(Security.java:82) at java.base/sun.security.jca.ProviderList.(ProviderList.java:178) at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96) at java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94) at java.base/java.security.AccessController.doPrivileged(AccessController.java:318) at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93) at java.base/sun.security.jca.Providers.(Providers.java:55) at java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156) at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193) at org.debian.security.KeyStoreHandler.(KeyStoreHandler.java:50) at org.debian.security.UpdateCertificates.(UpdateCertificates.java:65) at org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51) dpkg: error processing package ca-certificates-java (--configure): installed ca-certificates-java package post-installation script subprocess returned error exit status 1 This is my minimal repro, these two packages together. Installing just ca-certificates-java by itself doesn't yield the issue. Sijmen smime.p7s Description: S/MIME cryptographic signature
Bug#1030129: ca-certificates-java - Fails to install: Error loading java.security file
Version: 20230710 should be fixed now.
