Your message dated Fri, 22 Jul 2016 01:19:18 +0000
with message-id <e1bqp7w-00043t...@franck.debian.org>
and subject line Bug#832023: Removed package(s) from unstable
has caused the Debian Bug report #649046,
regarding tomcat6: openjdk + TOMCAT6_SECURITY=yes => failed start
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
649046: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649046
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: tomcat6
Version: 6.0.32-7
Severity: important

The debian OpenJDK has broken out common files into 
/usr/lib/jvm/java-6-openjdk-common. This includes it's own jre/lib/ext 
directory and is the location of sunpkcs11.jar which is apparently needed by 
tomcat at start up. Although /usr/lib/jvm/java6-openjdk-common/jre/lib/ext is 
included in /usr/lib/jvm/java-6-openjdk-amd64/jre/lib/security/java.policy it 
is not included in the policy files that tomcat is using. The result of using 
openjdk and TOMCAT6_SECURITY=yes is the following exception at start time:

# /etc/init.d/tomcat6 start
Starting Tomcat servlet engine: 
tomcat6java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:616)
        at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.ExceptionInInitializerError
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
        at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
        at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:262)
        at sun.security.jca.ProviderConfig$3.run(ProviderConfig.java:244)
        at java.security.AccessController.doPrivileged(Native Method)
        at 
sun.security.jca.ProviderConfig.doLoadProvider(ProviderConfig.java:244)
        at sun.security.jca.ProviderConfig.getProvider(ProviderConfig.java:224)
        at sun.security.jca.ProviderList.loadAll(ProviderList.java:281)
        at sun.security.jca.ProviderList.removeInvalid(ProviderList.java:298)
        at sun.security.jca.Providers.getFullProviderList(Providers.java:170)
        at java.security.Security.getProviders(Security.java:457)
        at 
org.apache.catalina.core.JreMemoryLeakPreventionListener.lifecycleEvent(JreMemoryLeakPreventionListener.java:293)
        at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at 
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:813)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
        at org.apache.catalina.startup.Catalina.load(Catalina.java:562)
        ... 6 more
Caused by: java.security.AccessControlException: access denied 
(java.lang.RuntimePermission accessClassInPackage.sun.security.util)
        at 
java.security.AccessControlContext.checkPermission(AccessControlContext.java:393)
        at 
java.security.AccessController.checkPermission(AccessController.java:553)
        at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
        at 
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1529)
        at java.lang.ClassLoader$1.run(ClassLoader.java:345)
        at java.security.AccessController.doPrivileged(Native Method)
        at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:343)
        at sun.security.pkcs11.SunPKCS11.<clinit>(SunPKCS11.java:63)
        ... 24 more
 failed!

A trivial work around is to add 

grant codeBase "file:/usr/lib/jvm/java-6-openjdk-common/jre/lib/ext/*" {
        permission java.security.AllPermission;
};

to a file in /etc/tomcat6/policy.d.

Although the above works as a workaround it is not very elegant and adds JVM 
specifics to the tomcat package.  I am unsure of whether this is technically a 
bug in the packaging of tomcat or openjdk as it could be seen as a non-standard 
JRE layout in openjdk. I'm filing it against tomcat as the default policy for 
openjdk does include the above grant.

Thank you.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tomcat6 depends on:
ii  adduser                3.113      
ii  debconf [debconf-2.0]  1.5.41     
ii  tomcat6-common         6.0.32-7   
ii  ucf                    3.0025+nmu2

Versions of packages tomcat6 recommends:
ii  authbind  1.2.0

Versions of packages tomcat6 suggests:
pn  libtcnative-1     <none>
pn  tomcat6-admin     <none>
pn  tomcat6-docs      <none>
pn  tomcat6-examples  <none>
pn  tomcat6-user      <none>

-- Configuration Files:
/etc/logrotate.d/tomcat6 changed [not included]
/etc/tomcat6/server.xml changed [not included]

-- debconf information:
* tomcat6/javaopts: -Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC
* tomcat6/groupname: tomcat6
* tomcat6/username: tomcat6



--- End Message ---
--- Begin Message ---
Version: 6.0.45+dfsg-1+rm

Dear submitter,

as the package tomcat6 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/832023

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to