Public bug reported:
Hello
Description: Ubuntu Jammy Jellyfish (development branch)
Release: 22.04
apt-cache policy ca-certificates-java
ca-certificates-java:
Installed: 20190909
Candidate: 20190909
Version table:
*** 20190909 500
500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages
100 /var/lib/dpkg/status
what I expect to happen: the package to install reliably in all circonstances
what happens instead: in some circonstances the configure stage crashes.
Detail
as said in the subject, openjdk depends on ca-certificates-java, and ca-
certificates-java depends on java. Usually installing ca-certificates-
java installs automatically openjdk-18 and the config stage is in a good
order: first openjdk, then ca-certificates-java. If one installs
openjdk-18, same scenario so everything is good. Well, no. In fact when
dealing with circular dependencies, the package order is not really
defined.
To test the jitsi-videobridge2 package (jitsi-meet project), here are the
instructions:
curl https://download.jitsi.org/jitsi-key.gpg.key | sudo sh -c 'gpg --dearmor >
/usr/share/keyrings/jitsi-keyring.gpg'
echo 'deb [signed-by=/usr/share/keyrings/jitsi-keyring.gpg]
https://download.jitsi.org stable/' | sudo tee
/etc/apt/sources.list.d/jitsi-stable.list > /dev/null
sudo apt update
Here the package order is different:
sudo apt install --dry-run jitsi-videobridge2:
(...)
Conf ca-certificates-java (20190909 Ubuntu:22.04/jammy [all])
Conf openjdk-18-jre-headless (18~36ea-1 Ubuntu:22.04/jammy [amd64])
to work around this problem, the ca-certificates-java package
maintainers have included a horrendous kludge in the postinstall
package:
for jvm in java-7-openjdk-$arch java-7-openjdk \
oracle-java7-jre-$arch oracle-java7-server-jre-$arch
oracle-java7-jdk-$arch \
(... cut for brevity all other java versions between 7 and 17...)
java-17-openjdk-$arch java-17-openjdk \
oracle-java17-jre-$arch oracle-java17-server-jre-$arch
oracle-java17-jdk-$arch; do
if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
break
fi
done
so that when the installation order is reversed the configuration script
still runs.
However this kludge go only up to Java 17. It is my understanding that
these package are coming from upstream (Debian) and Debian 12 only
include Java 17 for now.
So jitsi-videobridge2 install fine in Bookworm (it pulls Java 17 of course).
However, under Jammy it gives that:
head: cannot open '/etc/ssl/certs/java/cacerts' for reading: No such file or
directory
/var/lib/dpkg/info/ca-certificates-java.postinst: line 101: java: command not
found
dpkg: error processing package ca-certificates-java (--configure):
installed ca-certificates-java package post-installation script subprocess
returned error exit status 127
dpkg: dependency problems prevent configuration of
openjdk-18-jre-headless:amd64:
openjdk-18-jre-headless:amd64 depends on ca-certificates-java (>= 20190405~);
however:
Package ca-certificates-java is not configured yet.
dpkg: error processing package openjdk-18-jre-headless:amd64 (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
ca-certificates-java
openjdk-18-jre-headless:amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
java is not found, because
ls /usr/lib/jvm/
java-1.18.0-openjdk-amd64 java-18-openjdk-amd64
-> java-18-openjdk is available but can't be found.
All these tests have been done on a fresh Jammy container obtained
thanks to St Graber and its LXD band.
So my conclusion: you have to either:
- drop java 18 until Debian adopts it and adapts its package
- convince Debian to add the test for Java 18 in the ca-certificates-java post
install script kludge
- take the responsabilty for ca-certificates-java package yourself and fix it
at the Ubuntu level.
There is of course a fourth option: explain to people complaining that the
jitsi-videobridge2 don't install anymore - it installs fine under Focal - that
it's the Jitsi-meet project's fault. And possibly other projects as well. The
Jitsi-videobridge2 package could probably be modified to fix that, I'll grant
it. I did not test it but I think that if it depended on default-jre instead of
Pre-Depends: java8-runtime-headless | java8-runtime | java11-runtime-headless |
java11-runtime
it would install fine even with the incomplete kludge in the
ca-certificates-java post-install script.
** Affects: openjdk-18 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1965987
Title:
Circular dependency on ca-certificates-java can crash package
configuration
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openjdk-18/+bug/1965987/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
