trying to connect to netbeans plugin portal (via netbeans) gives the following error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty I assume some setting is not applied to connect to the remote host
Summary: Connection error to netbeans portal => Java: Connection error to netbeans portal
Thank you for the report. Assigning to Java people with no further questions!
Assignee: bugsquad => java
This is a fairly well-known problem, but it involves a Java setting with which I am not familiar. https://www.google.com/search?client=firefox-b-1-e&q=%22the+trustAnchors+parameter+must+be+non-empty%22 Depending on which reply you read, it may be that we are providing an empty version of a file that shouldn't be empty, or it may be that it's an OpenJDK bug that has since been fixed. Or, it may be that the data it wants is part of some other rpm package and we don't list that package as a requirement. It has something to do with encryption certificates, and it shows up in several other distros as well as native installs of OpenJDK.
CC: (none) => ftg
@Frank I think I found the answer: ls -la /usr/lib/jvm/java-11-openjdk-11.0.13.0.8-2.1.mga8.x86_64/lib/security/cacerts lrwxrwxrwx 1 root root 38 Dez 5 17:54 /usr/lib/jvm/java-11-openjdk-11.0.13.0.8-2.1.mga8.x86_64/lib/security/cacerts -> ../../../../../../etc/pki/java/cacerts ls -la /etc/pki/java/cacerts ls: Zugriff auf '/etc/pki/java/cacerts' nicht möglich: Datei oder Verzeichnis nicht gefunden so, the file is not installed. After installing rootcerts-java all works - but this dependancy should be added, if this is needed for ssl connections, as almost every website uses ssl .
It's strange. rootcerts-java was not installed on my system, but ... # urpmq --whatrequires rootcerts-java |sort -u java-11-openjdk-headless java-11-openjdk-headless-fastdebug java-11-openjdk-headless-slowdebug java-1.8.0-openjdk-headless java-1.8.0-openjdk-headless-fastdebug java-1.8.0-openjdk-headless-slowdebug # rpm -qa|grep openjdk|sort java-11-openjdk-11.0.13.0.8-2.1.mga8 java-11-openjdk-headless-11.0.13.0.8-2.1.mga8 java-1.8.0-openjdk-1.8.0.312.b07-2.1.mga8 java-1.8.0-openjdk-headless-1.8.0.312.b07-2.1.mga8 So the dependency is there. Checking my upgrade log, rootcerts-java-20210525.00-1.mga8.noarch.rpm was installed when I upgraded from Mageia 7 to 8. I just installed rootcerts-java-20220208.00-1.mga8 and it installed cleanly. Something caused it to be removed, but I have no idea what. My journal only goes back about a month.
CC: (none) => davidwhodgins
Ahh. urpmq is showning that it used to be required. # rpm -q --requires java-11-openjdk-headless|grep cert ca-certificates So it's no longer required. # tree -ifa /etc/pki|grep java|grep cert /etc/pki/ca-trust/extracted/java/cacerts /etc/pki/java/cacerts -> ../../../etc/pki/ca-trust/extracted/java/cacerts Marc, does netbeans work if the link is changed to poing to /etc/pki/ca-trust/extracted/java/cacerts and rootcerts-java removed?
s /poing/pointing/
Sorry, I've forgotten to answer: changing the link /usr/lib/jvm/java-11-openjdk-11.0.13.0.8-2.1.mga8.x86_64/lib/security/cacerts to point to /etc/pki/ca-trust/extracted/java/cacerts works!
Please show the output of "rpm -qa --last|grep java" and "journalctl --no-h|grep java".
rpm -qa --last|grep java lib64javascriptcore-gir4.0-2.34.6-1.mga8.x86_64 Fr 18 Feb 2022 14:16:27 CET lib64javascriptcoregtk4.0_18-2.34.6-1.mga8.x86_64 Fr 18 Feb 2022 14:16:24 CET java-11-openjdk-11.0.13.0.8-2.1.mga8.x86_64 Do 09 Dez 2021 14:35:51 CET java-11-openjdk-headless-11.0.13.0.8-2.1.mga8.x86_64 Do 09 Dez 2021 14:35:40 CET java-latest-openjdk-16.0.0.0.36-0.rolling.1.mga8.x86_64 Mo 08 Mär 2021 10:33:12 CET java-latest-openjdk-headless-16.0.0.0.36-0.rolling.1.mga8.x86_64 Mo 08 Mär 2021 10:33:09 CET timezone-java-2021a-1.mga8.noarch Sa 06 Feb 2021 15:19:30 CET javapackages-tools-5.3.0-14.mga8.noarch Sa 06 Feb 2021 15:18:24 CET javapackages-filesystem-5.3.0-14.mga8.noarch Sa 06 Feb 2021 15:18:10 CET journalctl --no-h|grep java > no output
Looks like rootcerts-java has been removed, and aged out of the journal, so no way now to figure out why it had been installed on that system, yet no one else has reported a similar problem. On my system, when rootcerts-java was removed, the symlink /etc/pki/ca-trust/extracted/java/cacerts was updated as part of the installation of the rootcerts package. I have no idea why this situation arose, or how to further debug it. I'm going to close this bug as worksforme. Feel free to reopen it if more info to identify what caused it comes to light, and it's something that can be fixed now.
Resolution: (none) => WORKSFORMEStatus: NEW => RESOLVED
@Dave: I installed rootcerts-java, to solve the problem. But after uninstall the path was not corrected. I had to do it by hand.
Status: RESOLVED => REOPENEDResolution: WORKSFORME => (none)
In normal cases, the symlink would have been replaced when the rootcerts update was installed, that dropped the use of the rootcerts-java package. Manually reinstalling the rootcerts-java package undoes that change. The part that isn't clear is what happened in terms of rootcerts and rootcerts-java packages being installed on that system, that caused the mess.
Running "urpmi --replacepkgs --replacefiles rootcerts" shows it does update the symlink.
hmm. I'm not sure. That system was updated (like most of my systems) since mga 4 - so I assume rootcerts-java was once installed. And uninstalled as it was not used anymore. It is ok for me, to close it. I will open a new bug, if I can reproduce it or it happens again.
Status: REOPENED => RESOLVEDResolution: (none) => INVALID
The install I'm currently using started as Mageia 3, upgraded each release.
Blocks: (none) => 28070