Uploaded image for project: 'Red Hat CodeReady Studio (devstudio)'
  1. Red Hat CodeReady Studio (devstudio)
  2. JBDS-3012

JBDS 7.1.1 installer contains jars signed by GTECyberTrust, which may not be installed on all linux systems

XMLWordPrintable

    • Sprint 20141112, Sprint to CR1 Release, Sprint #2 April 2015
    • 3
    • Hide
      1. EXEC: cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security
      2. EXEC: mv cacerts cacerts.bak
      3. EXEC: Run installer as
        /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -jar installer.jar
      4. ASSERT: Installation phase ended without errors
      Show
      EXEC: cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security EXEC: mv cacerts cacerts.bak EXEC: Run installer as /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java -jar installer.jar ASSERT: Installation phase ended without errors
    • Workaround Exists
    • Hide

      As root:

      cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/
      mv cacerts oldcacertsold
      cp /etc/ssl/certs/java/cacerts .
      keytool -keystore /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts -importcert -alias GTECyberTrustGlobalRoot -file /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt

      As user, you should then be able to install JBDS 7.1.1.GA

      Show
      As root: cd /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/ mv cacerts oldcacertsold cp /etc/ssl/certs/java/cacerts . keytool -keystore /usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/cacerts -importcert -alias GTECyberTrustGlobalRoot -file /usr/share/ca-certificates/mozilla/GTE_CyberTrust_Global_Root.crt As user, you should then be able to install JBDS 7.1.1.GA
    • NEW

      We have jars in JBDS 7.1.1.GA which were signed using GTECyberTrust. Some linux installs do not include this root cert, so when installing, p2 rejects the cert:

      One or more certificates rejected. Cannot proceed with installation.

      Full details: https://community.jboss.org/message/866868

      Platform details:

      Debian Jessie 64 bit
      $ uname -a:
      Linux Name 3.13-1-amd64 #1 SMP Debian 3.13.7-1 (2014-03-25) x86_64 GNU/Linux
      $ java -version
      java version "1.7.0_51"
      OpenJDK Runtime Environment (IcedTea 2.4.5) (7u51-2.4.5-2)
      OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
      

      Note that Debian 8.0 "Jessie" is not yet released nor has a date for release been announced [0]. The latest stable Debian [1] is 7.4 "Wheezy", released on Feb 8, 2014. [2] The description for "testing" releases like Jessie is "Security updates are irregular and unreliable." [3] So... I don't think we support this OS yet.

      [0] http://www.debian.org/releases/jessie/
      [1] http://www.debian.org/releases/
      [2] http://www.debian.org/releases/wheezy/
      [3] https://release.debian.org/

      Steps to repro on the above platform:

      1. Downloaded jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar
      2. Ran java -jar jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar stuck to the defaults and clicked thru
      3. Install failed with an error re certificates not being trusted
      4. Log message in ~/jbdevstudio/studio/p2/director/configuration/1396752621141.log as follows:

      !ENTRY org.eclipse.equinox.p2.engine 8 0 2014-04-06 08:21:42.061
      !MESSAGE One or more certificates rejected. Cannot proceed with installation.

              nivologd@gmail.com Denis Golovin (Inactive)
              manderse@redhat.com Max Andersen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: