Bug#1030129: ca-certificates-java - Fails to install with OpenJDK 21: Error loading java.security file

tony mancill tmancill at debian.org
Tue Jun 13 04:22:25 BST 2023 

On Mon, Jun 12, 2023 at 06:55:49AM +0200, Sebastiaan Couwenberg wrote:
> On Tue, 31 Jan 2023 13:56:42 +0100 Bastian Blank <waldi at debian.org> wrote:
> > | dpkg: error processing package openjdk-21-jdk:arm64 (--configure):
> > |  dependency problems - leaving unconfigured
> 
> It also fails to install with openjdk-17:
> 
> Setting up ca-certificates-java (20230103) ...
> Exception in thread "main" java.lang.InternalError: Error loading
> java.security file
>         at java.base/java.security.Security.initialize(Security.java:106)
>         at java.base/java.security.Security$1.run(Security.java:84)
>         at java.base/java.security.Security$1.run(Security.java:82)
>         at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
>         at java.base/java.security.Security.<clinit>(Security.java:82)
>         at
> java.base/sun.security.jca.ProviderList.<init>(ProviderList.java:178)
>         at
> java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:96)
>         at
> java.base/sun.security.jca.ProviderList$2.run(ProviderList.java:94)
>         at java.base/java.security.AccessController.doPrivileged(AccessController.java:318)
>         at java.base/sun.security.jca.ProviderList.fromSecurityProperties(ProviderList.java:93)
>         at java.base/sun.security.jca.Providers.<clinit>(Providers.java:55)
>         at
> java.base/sun.security.jca.GetInstance.getInstance(GetInstance.java:156)
>         at java.base/java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:193)
>         at
> org.debian.security.KeyStoreHandler.<init>(KeyStoreHandler.java:50)
>         at
> org.debian.security.UpdateCertificates.<init>(UpdateCertificates.java:65)
>         at
> org.debian.security.UpdateCertificates.main(UpdateCertificates.java:51)

I am not able to reproduce the failure in a clean unstable
schroot with either openjdk-17 or openjdk-21 yet - for example:

$ sudo sbuild-createchroot --no-deb-src --chroot-mode=schroot --chroot-prefix=test --include=default-jdk unstable /data/chroot/test-amd64-sbuild  

$ schroot -c test-amd64-sbuild -u root --directory /tmp /bin/bash

(test-amd64-sbuild)root at lark:/tmp# dpkg -l | grep -E 'openjdk|ca-cert|default-jdk'
ii  ca-certificates               20230311           all          Common CA certificates
ii  ca-certificates-java          20230103           all          Common CA certificates (JKS keystore)
ii  default-jdk                   2:1.17-74          amd64        Standard Java or Java compatible Development Kit
ii  default-jdk-headless          2:1.17-74          amd64        Standard Java or Java compatible Development Kit (headless)
ii  openjdk-17-jdk:amd64          17.0.7+7-1         amd64        OpenJDK Development Kit (JDK)
ii  openjdk-17-jdk-headless:amd64 17.0.7+7-1         amd64        OpenJDK Development Kit (JDK) (headless)
ii  openjdk-17-jre:amd64          17.0.7+7-1         amd64        OpenJDK Java runtime, using Hotspot JIT
ii  openjdk-17-jre-headless:amd64 17.0.7+7-1         amd64        OpenJDK Java runtime, using Hotspot JIT (headless)

Maybe some environmental difference is causing the failure.  Could it be
that the java.security file has been modified on the systems where the
failure is occurring?  (Just a guess...)  If so, could someone share the
file from a system where the bug manifests?

Thanks,
tony

More information about the pkg-java-maintainers mailing list