openjdk-17-jre-headless:arm64 Package ca-certificates-java is not configured yet
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ca-certificates-java (Ubuntu) |
Fix Released
|
Undecided
|
Vladimir Petko |
Bug Description
[Impact]
Due to OpenJDK changes[1] it is impossible to install JRE 17 in supported releases below Lunar (Kinetic, Jammy, Focal, Bionic) on amd64, arm64 platform due to the configuration order (see comment)
A system with a pre-installed default JRE (e.g. JRE 11 in Jammy) is not affected.
[Suggested Fix]
Immediate fix:
- copy java.security.
Long term fix:
Backport
- https:/
This merge proposal:
- removes dependency on JRE
- fixes command line for keytool call
- add autopkgtests
[Test Plan]
- autopkgtests must pass for all platforms
- Test package install in lxc container and ensure that race condition is reproduced for each release - ca-certificates java are configured before openjdk
-------
for release in bionic focal jammy kinetic; do
echo !!!!!!!
lxc launch images:
lxc exec lp2019908 -- apt install software-
lxc exec lp2019908 -- add-apt-repository ppa:vpa1977/
lxc exec lp2019908 -- apt-get update
lxc exec lp2019908 -- apt-get -y install openjdk-
lxc stop lp2019908
lxc delete lp2019908
echo !!!!!!TEST DONE for ${release}!!!!!!!!!
done
-------
[Where problems could occur]
The fix copies java.security but do not touch other files.
While this release can be tested, we are not protected from similiar regressions.
[Original report]
From May-16 below is failing:
RUN apt-get update && \
DEBIAN_
openjdk-
#7 111.8 head: cannot open '/etc/ssl/
#7 111.9 Exception in thread "main" java.lang.
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at java.base/
#7 111.9 at org.debian.
#7 111.9 at org.debian.
#7 111.9 at org.debian.
#7 111.9 dpkg: error processing package ca-certificates
#7 111.9 installed ca-certificates
#7 111.9 dpkg: dependency problems prevent configuration of openjdk-
#7 111.9 openjdk-
#7 111.9 Package ca-certificates
#7 111.9
#7 111.9 dpkg: error processing package openjdk-
#7 111.9 dependency problems - leaving unconfigured
#7 111.9 Processing triggers for libc-bin (2.35-0ubuntu3.1) ...
#7 111.9 Processing triggers for ca-certificates (20211016ubuntu
#7 111.9 Updating certificates in /etc/ssl/certs...
#7 112.2 0 added, 0 removed; done.
#7 112.2 Running hooks in /etc/ca-
#7 112.2
#7 112.2 Exception in thread "main" java.lang.
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at java.base/
#7 112.2 at org.debian.
#7 112.2 at org.debian.
#7 112.2 at org.debian.
#7 112.2 E: /etc/ca-
#7 112.2 done.
#7 112.3 Errors were encountered while processing:
#7 112.3 ca-certificates
#7 112.3 openjdk-
#7 112.3 E: Sub-process /usr/bin/dpkg returned an error code (1)
=======
looks like packages are updated on May-16 http://
and its causing issues
description: | updated |
description: | updated |
Changed in ca-certificates-java (Ubuntu): | |
assignee: | nobody → Vladimir Petko (vpa1977) |
description: | updated |
description: | updated |
The failure is caused by the order of package configuration: -java tries to run postinstallation script which requires a working java.
- openjdk-17 is unpacked but properties files still have dpkg_new extensions
- ca-certificates
- openjdk 17 now requires java.security file present (presently it was silently ignoring it) to intialise Security.
See: /bugs.launchpad .net/ubuntu/ +source/ ca-certificates -java/+ bug/2003822
- https:/
I will discuss today and convert this one or LP: #2003750 to SRU format to deploy the fix.