Bug#635571: marked as done (ca-certificates-java: Fails in update-ca-certificates hook)

Tue, 16 Aug 2011 02:18:43 -0700 

Your message dated Tue, 16 Aug 2011 09:17:18 +0000
with message-id <[email protected]>
and subject line Bug#635571: fixed in ca-certificates-java 20110816
has caused the Debian Bug report #635571,
regarding ca-certificates-java: Fails in update-ca-certificates hook
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
635571: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635571
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ca-certificates-java
Version: 20110531
Severity: normal


A recent dist-upgrade caused my update-ca-certificates to fail:

# update-ca-certificates
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
Exception in thread "main" java.security.ProviderException: Could not 
initialize NSS
          at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
          at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
Method)
          at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
          at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
          at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
          at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
          at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
          at java.security.AccessController.doPrivileged(Native Method)
          at 
sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
          at 
sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
          at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
          at sun.security.jca.ProviderList.getService(ProviderList.java:330)
          at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
          at java.security.Security.getImpl(Security.java:696)
          at 
java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:130)
          at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:121)
          at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
          at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:381)
          at sun.security.x509.X509Key.parse(X509Key.java:168)
          at 
sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
          at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
          at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
          at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
          at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
          at 
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:107)
          at 
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
          at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:763)
          at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
          at java.security.KeyStore.load(KeyStore.java:1201)
          at UpdateCertificates.createKeyStore(UpdateCertificates.java:65)
          at UpdateCertificates.main(UpdateCertificates.java:51)
Caused by: java.io.FileNotFoundException: /usr/lib/libnss3.so
       at sun.security.pkcs11.Secmod.initialize(Secmod.java:186)
       at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:197)
       ... 31 more
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.

Symlinking /usr/lib/i386-linux-gnu/libnss3.so to /usr/lib changes the error:

Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....
Exception in thread "main" java.security.ProviderException: Could not 
initialize NSS
          at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:201)
          at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
Method)
          at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
          at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
          at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
          at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
          at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
          at java.security.AccessController.doPrivileged(Native Method)
          at 
sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
          at 
sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
          at sun.security.jca.ProviderList.getProvider(ProviderList.java:232)
          at sun.security.jca.ProviderList.getService(ProviderList.java:330)
          at sun.security.jca.GetInstance.getInstance(GetInstance.java:157)
          at java.security.Security.getImpl(Security.java:696)
          at 
java.security.AlgorithmParameters.getInstance(AlgorithmParameters.java:130)
          at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:121)
          at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
          at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:381)
          at sun.security.x509.X509Key.parse(X509Key.java:168)
          at 
sun.security.x509.CertificateX509Key.<init>(CertificateX509Key.java:75)
          at sun.security.x509.X509CertInfo.parse(X509CertInfo.java:705)
          at sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169)
          at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1747)
          at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
          at 
sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:107)
          at 
java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:322)
          at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:763)
          at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
          at java.security.KeyStore.load(KeyStore.java:1201)
          at UpdateCertificates.createKeyStore(UpdateCertificates.java:65)
          at UpdateCertificates.main(UpdateCertificates.java:51)
Caused by: java.io.IOException: NSS initialization failed
       at sun.security.pkcs11.Secmod.initialize(Secmod.java:216)
       at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:197)
       ... 31 more
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.

Downgrading to ca-certificates-java_20100412_all makes the problem go
away.  Note that I previously had some problems with the
ca-certificates.crt file (see Bug#635570) but I believe that should be
fixed at this point (at least, other things that were causing me
problems seem happy now).

I had previously installed the "Java Cryptography Extension" to use a
4096 bit key (no idea if that is related).

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ca-certificates-java depends on:
ii  ca-certificates             20110502     Common CA certificates
ii  default-jre-headless [java6 1:1.6-40     Standard Java or Java compatible R
ii  openjdk-6-jre-headless [jav 6b18-1.8.7-5 OpenJDK Java runtime, using Hotspo
ii  sun-java6-jre [java6-runtim 6.26-1       Sun Java(TM) Runtime Environment (

Versions of packages ca-certificates-java recommends:
ii  libnss3-1d                    3.12.10-3  Network Security Service libraries

ca-certificates-java suggests no packages.

-- Configuration Files:
/etc/default/cacerts [Errno 13] Permission denied: u'/etc/default/cacerts'

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: ca-certificates-java
Source-Version: 20110816

We believe that the bug you reported is fixed in the latest version of
ca-certificates-java, which is due to be installed in the Debian FTP archive:

ca-certificates-java_20110816.dsc
  to main/c/ca-certificates-java/ca-certificates-java_20110816.dsc
ca-certificates-java_20110816.tar.gz
  to main/c/ca-certificates-java/ca-certificates-java_20110816.tar.gz
ca-certificates-java_20110816_all.deb
  to main/c/ca-certificates-java/ca-certificates-java_20110816_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Torsten Werner <[email protected]> (supplier of updated ca-certificates-java 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 16 Aug 2011 11:00:33 +0200
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source all
Version: 20110816
Distribution: unstable
Urgency: low
Maintainer: Debian Java Maintainers 
<[email protected]>
Changed-By: Torsten Werner <[email protected]>
Description: 
 ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 635571
Changes: 
 ca-certificates-java (20110816) unstable; urgency=low
 .
   * Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch
     changes. (Closes: #635571)
   * Use the locale C.UTF-8 for the hook script to be more robust.
Checksums-Sha1: 
 c11e7ab4a47f19a62fae81d1465afcc573ad2e5d 1054 ca-certificates-java_20110816.dsc
 b518726726b5a8513f185acde41cfb2f5401aa11 6562 
ca-certificates-java_20110816.tar.gz
 7c4e7f96c24fac75b5296ba70a8f9ec072a31a42 8536 
ca-certificates-java_20110816_all.deb
Checksums-Sha256: 
 7880443469d6814b7190af9dac706b27b25503a40c7e12531f382666b78b29d0 1054 
ca-certificates-java_20110816.dsc
 63a36c4bde238aef2a01a3e2dc2331960432af2f8010e9dbd474bd37b943067a 6562 
ca-certificates-java_20110816.tar.gz
 bb573e8a6cea62b03231e2fc7e096dc5fc9e3e3d627ff4ff337bacd0afd21378 8536 
ca-certificates-java_20110816_all.deb
Files: 
 963112cf125a000071861b903364b081 1054 java optional 
ca-certificates-java_20110816.dsc
 489ffd28f8e0b1f6317d92d445af7248 6562 java optional 
ca-certificates-java_20110816.tar.gz
 7af38cf5a536f45f742eb5a7ad698275 8536 java optional 
ca-certificates-java_20110816_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk5KMjUACgkQfY3dicTPjsMloACfQRdLiAyZF7vtZs1O7gsojvWa
ePAAn1lE0/2YWwf251za3LVQHh6+oW5D
=Oks/
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to