Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-3002

JBDS 7.1.1 installer contains jars signed by GTECyberTrust, which may not be installed on all linux systems

    XMLWordPrintable

Details

    • Hide
      1. EXEC: cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security
      2. EXEC: mv cacerts cacerts.bak
      3. EXEC: Run installer as 
        /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -jar installer.jar
      4. ASSERT: Installation phase ended without errors
      Show
      EXEC: cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security EXEC: mv cacerts cacerts.bak EXEC: Run installer as /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -jar installer.jar ASSERT: Installation phase ended without errors
    • Workaround Exists
    • Hide

      As root:

      cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/
      mv cacerts oldcacertsold
      cp /etc/ssl/certs/java/cacerts .
      keytool -keystore /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts -importcert -alias GTECyberTrustGlobalRoot -file /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt

      As user, you should then be able to install JBDS 7.1.1.GA

      Show
      As root: cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/ mv cacerts oldcacertsold cp /etc/ssl/certs/java/cacerts . keytool -keystore /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts -importcert -alias GTECyberTrustGlobalRoot -file /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt As user, you should then be able to install JBDS 7.1.1.GA
    • NEW

    Description

      We have jars in JBDS 7.1.1.GA which were signed using GTECyberTrust. Some linux installs do not include this root cert, so when installing, p2 rejects the cert:

      One or more certificates rejected. Cannot proceed with installation.

      Full details: https://community.jboss.org/message/866868

      Platform details:

      Debian Jessie 64 bit
$ uname -a:
Linux Name 3.13-1-amd64 #1 SMP Debian 3.13.7-1 (2014-03-25) x86_64 GNU/Linux
$ java -version
java version "1.7.0_51"
OpenJDK Runtime Environment (IcedTea 2.4.5) (7u51-2.4.5-2)
OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)

      Note that Debian 8.0 "Jessie" is not yet released nor has a date for release been announced [0]. The latest stable Debian [1] is 7.4 "Wheezy", released on Feb 8, 2014. [2] The description for "testing" releases like Jessie is "Security updates are irregular and unreliable." [3] So... I don't think we support this OS yet.

      [0] http://www.debian.org/releases/jessie/
      [1] http://www.debian.org/releases/
      [2] http://www.debian.org/releases/wheezy/
      [3] https://release.debian.org/

      Steps to repro on the above platform:

      1. Downloaded jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar
      2. Ran java -jar jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar stuck to the defaults and clicked thru
      3. Install failed with an error re certificates not being trusted
      4. Log message in ~/jbdevstudio/studio/p2/director/configuration/1396752621141.log as follows:

      !ENTRY org.eclipse.equinox.p2.engine 8 0 2014-04-06 08:21:42.061
      !MESSAGE One or more certificates rejected. Cannot proceed with installation.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. JBDS-3012 JBDS 7.1.1 installer contains jars signed by GTECyberTrust, which may not be installed on all linux systems

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is related to

          Sub-task - The sub-task of the issue JBDS-2978 Monitor WTP issue re: nested packed jars

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Feature Request - Feature requests from customers and/or users JBDS-3144 Support warnings/requests about signed untrusted and unsigned content in JBDS universal installer the same way as eclipse does

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Open

          Bug - A problem that impairs or prevents the functions of the product. JBDS-2977 internal error occurred installing JBDS 8.0.0.Beta1

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              nivologd@gmail.com Denis Golovin (Inactive)
              manderse@redhat.com Max Andersen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: