Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 385087 - sys-devel/gcc: gcj seem to not install needed ca-certificates (/usr/lib/security/cacerts)
Summary: sys-devel/gcc: gcj seem to not install needed ca-certificates (/usr/lib/secur...
Status: RESOLVED WONTFIX
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal (vote)
Assignee: Gentoo Toolchain Maintainers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-30 14:15 UTC by Bodo Thiesen
Modified: 2017-11-16 20:43 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bodo Thiesen 2011-09-30 14:15:41 UTC
gcj seem to not install needed ca-certificates

When running an application just compiled with gcj:

java.lang.RuntimeException: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory)

   at javax.net.ssl.SSLSocketFactory$ErrorSocketFactory.createSocket(libgcj.so.10)
   at gnu.java.net.protocol.http.HTTPConnection.getSocket(libgcj.so.10)
   at gnu.java.net.protocol.http.HTTPConnection.getOutputStream(libgcj.so.10)
   at gnu.java.net.protocol.http.Request.dispatch(libgcj.so.10)
   at gnu.java.net.protocol.http.HTTPURLConnection.connect(libgcj.so.10)
   at [application]

The application works fine using the sun jre and icedtea (bin and src as well). Symlinking the cacerts from either of those packages doesn't work either:

java.lang.RuntimeException: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic

Reproducible: Always
Comment 1 SpanKY gentoo-dev 2012-06-28 18:08:58 UTC
should probably change it to point to /etc/ssl/certs

can you provide a simple example we can compile & run to reproduce on our side ?
Comment 2 SpanKY gentoo-dev 2012-09-24 06:08:56 UTC
can you post an example program so i can test things ?  the code seems to have paths semi-hardcoded:

libjava/classpath/tools/gnu/classpath/tools/keytool/ImportCmd.java
  private static final String LIB = "lib"; //$NON-NLS-1$
  private static final String SECURITY = "security"; //$NON-NLS-1$
  private static final String CACERTS = "cacerts"; //$NON-NLS-1$
...
        String javaHome = SystemProperties.getProperty("java.home");
        jksCaCertsPathName = new StringBuilder(javaHome).append(fs)
            .append(LIB).append(fs)
            .append(SECURITY).append(fs)
            .append(CACERTS).toString();
...
Comment 3 James Le Cuirot gentoo-dev 2015-10-22 14:32:07 UTC
This might not matter in the long run as gcj is supposedly going away.
Comment 4 Andreas K. Hüttel gentoo-dev 2017-08-29 19:11:22 UTC
Anyway a simple testcase would be nice.
Comment 5 Bodo Thiesen 2017-11-16 20:27:17 UTC
Sorry for not replying earlier, didn't notice the question for an example.
Obviously, for this problem, no example source is needed, because the problen
obviously resides in a broken installation, but since you're explicitly asking,
I provide one anyways. OpenJDK responds not very well to this example but
expected (NullPointerException). gcj however fails because of missing certs
and doesn't even get to the point, where the null pointer matters:

$ cat Gentoo385087.java
class Gentoo385087 {
        static public void main(java.lang.String argv[]) throws java.io.IOException {
                ((javax.net.ssl.SSLSocketFactory)javax.net.ssl.SSLSocketFactory.getDefault()).createSocket(null, "", 0, false);
        }
}
$ java -version
openjdk version "1.8.0_131"
OpenJDK Runtime Environment (IcedTea 3.4.0) (Gentoo icedtea-3.4.0)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)
$ javac Gentoo385087.java && java Gentoo385087
Exception in thread "main" java.lang.NullPointerException
        at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:566)
        at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:110)
        at Gentoo385087.main(Gentoo385087.java:10)
$ gcj --version
gcj (Gentoo 5.4.0-r3 p1.3, pie-0.6.5) 5.4.0
Copyright (C) 2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

$ gcj Gentoo385087.java -o Gentoo385087 --main=Gentoo385087 && ./Gentoo385087
Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory)
   at javax.net.ssl.SSLSocketFactory$ErrorSocketFactory.createSocket(libgcj.so.16)
   at Gentoo385087.main(Gentoo385087.java:10)
Caused by: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory)
   at javax.net.ssl.SSLSocketFactory.getDefault(libgcj.so.16)
   ...1 more
Caused by: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory)
   at gnu.javax.net.ssl.provider.SSLContextImpl.defaultTrustManager(libgcj.so.16)
   at gnu.javax.net.ssl.provider.SSLContextImpl.engineInit(libgcj.so.16)
   at javax.net.ssl.SSLContext.init(libgcj.so.16)
   at javax.net.ssl.SSLSocketFactory.getDefault(libgcj.so.16)
   ...1 more
Caused by: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory)
   at gnu.javax.net.ssl.provider.X509TrustManagerFactory.engineInit(libgcj.so.16)
   at javax.net.ssl.TrustManagerFactory.init(libgcj.so.16)
   at gnu.javax.net.ssl.provider.SSLContextImpl.defaultTrustManager(libgcj.so.16)
   ...4 more
Caused by: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory)
   at gnu.java.nio.channels.FileChannelImpl.open(libgcj.so.16)
   at gnu.java.nio.channels.FileChannelImpl.<init>(libgcj.so.16)
   at gnu.java.nio.channels.FileChannelImpl.create(libgcj.so.16)
   at java.io.FileInputStream.<init>(libgcj.so.16)
   at java.io.FileInputStream.<init>(libgcj.so.16)
   at gnu.javax.net.ssl.provider.X509TrustManagerFactory.engineInit(libgcj.so.16)
   ...6 more
Comment 6 James Le Cuirot gentoo-dev 2017-11-16 20:43:22 UTC
Okay but gcj is now definitely going away. The unstable amd64 profile already masks gcc <6. Upstream didn't drop gcj until gcc 7 but the Gentoo toolchain team dropped it early. In any case, we haven't supported doing anything with gcj other than building icedtea for years. Sorry.