I'm no longer able to trigger this issue with ca-certificates-java
20160321 on Ubuntu 16.04.
** Changed in: hundredpapercuts
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1406483
Title:
Possible to install (and trigger postinstall) of ca-certificates-java
before Java has been installed
Status in One Hundred Papercuts:
Fix Released
Status in ca-certificates-java package in Ubuntu:
Fix Released
Bug description:
1. Steps to reproduce:
Depending on which packages you select for installation, it is possible the
postinstall and trigger for ca-certificates-java run before Java has been
installed. This may be possible to trigger with more combinations, but I've
found
$ sudo apt install maven openjdk-8-jdk
where the issue is reproducible. Running this on an out-of-the-box system,
for instance a VM will trigger the issue.
See installation.txt for the full output of running this command, but the
important section is this one:
Setting up ca-certificates-java (20140324) ...
/var/lib/dpkg/info/ca-certificates-java.postinst: line 53: java: command not
found
/var/lib/dpkg/info/ca-certificates-java.postinst: line 66: java: command not
found
done.
(...)
Processing triggers for ca-certificates (20141019) ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
/etc/ca-certificates/update.d/jks-keystore: 82:
/etc/ca-certificates/update.d/jks-keystore: java: not found
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.
Setting up openjdk-8-jre-headless:amd64 (8u40~b09-1) ...
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/rmid to
provide /usr/bin/rmid (rmid) in auto mode
update-alternatives: using /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java to
provide /usr/bin/java (java) in auto mode
2. Expected behaviour:
Packages are installed in the correct order so that they can assume their
dependencies are present when for instance attempting to run postinstall. (So I
don't really know whether this issue is truly caused by ca-certificates-java or
by the priority/order of packages assigned by apt or something else.)
3. Actual behaviour:
As we see both the postinstall and trigger is attempted run before java has
been installed, which results in /etc/ssl/certs/java being an empty directory.
Effectively this means Java doesn't know any certificates so for instance
creating a connection to an HTTPS-url will fail.
4. Attempted workaround:
As a workaround, I figured I could reinstall ca-certificates-java and maybe
that would work.
$ sudo apt install ca-certificates --reinstall
(...)
Processing triggers for ca-certificates (20141019) ...
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
done.
While this gives me the cacerts file at /etc/ssl/certs/java/cacerts we can
see that it contains no certificates:
$ keytool -list -keystore /etc/ssl/certs/java/cacerts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 0 entries
(The default keystore password is of course "changeit")
ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: ca-certificates-java 20140324
ProcVersionSignature: Ubuntu 3.16.0-28.38-generic 3.16.7-ckt1
Uname: Linux 3.16.0-28-generic x86_64
ApportVersion: 2.15.1-0ubuntu1
Architecture: amd64
CurrentDesktop: Unity
Date: Tue Dec 30 10:18:52 2014
InstallationDate: Installed on 2014-12-19 (10 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Alpha amd64 (20141211)
PackageArchitecture: all
SourcePackage: ca-certificates-java
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.cacerts: [inaccessible: [Errno 13] Permission
denied: '/etc/default/cacerts']
To manage notifications about this bug go to:
https://bugs.launchpad.net/hundredpapercuts/+bug/1406483/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~openjdk
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openjdk
More help : https://help.launchpad.net/ListHelp
