gcj seem to not install needed ca-certificates When running an application just compiled with gcj: java.lang.RuntimeException: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory) at javax.net.ssl.SSLSocketFactory$ErrorSocketFactory.createSocket(libgcj.so.10) at gnu.java.net.protocol.http.HTTPConnection.getSocket(libgcj.so.10) at gnu.java.net.protocol.http.HTTPConnection.getOutputStream(libgcj.so.10) at gnu.java.net.protocol.http.Request.dispatch(libgcj.so.10) at gnu.java.net.protocol.http.HTTPURLConnection.connect(libgcj.so.10) at [application] The application works fine using the sun jre and icedtea (bin and src as well). Symlinking the cacerts from either of those packages doesn't work either: java.lang.RuntimeException: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic Reproducible: Always
should probably change it to point to /etc/ssl/certs can you provide a simple example we can compile & run to reproduce on our side ?
can you post an example program so i can test things ? the code seems to have paths semi-hardcoded: libjava/classpath/tools/gnu/classpath/tools/keytool/ImportCmd.java private static final String LIB = "lib"; //$NON-NLS-1$ private static final String SECURITY = "security"; //$NON-NLS-1$ private static final String CACERTS = "cacerts"; //$NON-NLS-1$ ... String javaHome = SystemProperties.getProperty("java.home"); jksCaCertsPathName = new StringBuilder(javaHome).append(fs) .append(LIB).append(fs) .append(SECURITY).append(fs) .append(CACERTS).toString(); ...
This might not matter in the long run as gcj is supposedly going away.
Anyway a simple testcase would be nice.
Sorry for not replying earlier, didn't notice the question for an example. Obviously, for this problem, no example source is needed, because the problen obviously resides in a broken installation, but since you're explicitly asking, I provide one anyways. OpenJDK responds not very well to this example but expected (NullPointerException). gcj however fails because of missing certs and doesn't even get to the point, where the null pointer matters: $ cat Gentoo385087.java class Gentoo385087 { static public void main(java.lang.String argv[]) throws java.io.IOException { ((javax.net.ssl.SSLSocketFactory)javax.net.ssl.SSLSocketFactory.getDefault()).createSocket(null, "", 0, false); } } $ java -version openjdk version "1.8.0_131" OpenJDK Runtime Environment (IcedTea 3.4.0) (Gentoo icedtea-3.4.0) OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode) $ javac Gentoo385087.java && java Gentoo385087 Exception in thread "main" java.lang.NullPointerException at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:566) at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:110) at Gentoo385087.main(Gentoo385087.java:10) $ gcj --version gcj (Gentoo 5.4.0-r3 p1.3, pie-0.6.5) 5.4.0 Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. $ gcj Gentoo385087.java -o Gentoo385087 --main=Gentoo385087 && ./Gentoo385087 Exception in thread "main" java.lang.RuntimeException: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory) at javax.net.ssl.SSLSocketFactory$ErrorSocketFactory.createSocket(libgcj.so.16) at Gentoo385087.main(Gentoo385087.java:10) Caused by: java.lang.RuntimeException: error instantiating default socket factory: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory) at javax.net.ssl.SSLSocketFactory.getDefault(libgcj.so.16) ...1 more Caused by: java.security.KeyManagementException: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory) at gnu.javax.net.ssl.provider.SSLContextImpl.defaultTrustManager(libgcj.so.16) at gnu.javax.net.ssl.provider.SSLContextImpl.engineInit(libgcj.so.16) at javax.net.ssl.SSLContext.init(libgcj.so.16) at javax.net.ssl.SSLSocketFactory.getDefault(libgcj.so.16) ...1 more Caused by: java.security.KeyStoreException: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory) at gnu.javax.net.ssl.provider.X509TrustManagerFactory.engineInit(libgcj.so.16) at javax.net.ssl.TrustManagerFactory.init(libgcj.so.16) at gnu.javax.net.ssl.provider.SSLContextImpl.defaultTrustManager(libgcj.so.16) ...4 more Caused by: java.io.FileNotFoundException: /usr/lib/security/cacerts (No such file or directory) at gnu.java.nio.channels.FileChannelImpl.open(libgcj.so.16) at gnu.java.nio.channels.FileChannelImpl.<init>(libgcj.so.16) at gnu.java.nio.channels.FileChannelImpl.create(libgcj.so.16) at java.io.FileInputStream.<init>(libgcj.so.16) at java.io.FileInputStream.<init>(libgcj.so.16) at gnu.javax.net.ssl.provider.X509TrustManagerFactory.engineInit(libgcj.so.16) ...6 more
Okay but gcj is now definitely going away. The unstable amd64 profile already masks gcc <6. Upstream didn't drop gcj until gcc 7 but the Gentoo toolchain team dropped it early. In any case, we haven't supported doing anything with gcj other than building icedtea for years. Sorry.