[jbosstools-issues] [JBoss JIRA] (JBDS-3002) JBDS 7.1.1 installer contains jars signed by GTECyberTrust, which may not be installed on all linux systems

Denis Golovin (JIRA) issues at jboss.org
Tue Sep 9 14:23:00 EDT 2014 

    [ https://issues.jboss.org/browse/JBDS-3002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13000488#comment-13000488 ] 

Denis Golovin commented on JBDS-3002:
-------------------------------------

Why are you using 8.0.0.beta3 or 7.1.1.GA to verify this, if it is targeted 8.0.0.CR1 release?

{quote}I'm just pointing out that it's an easily reproducible issue requiring zero config.{quote}
How about testing it under Windows or Ubuntu? 

This issues is about installing JBDS with content signed by untrusted certificate. If you are testing it under fedora 20, you have all ready for the test. But under Windows and Ubuntu you have to remove mentioned certificate for store before testing.





> JBDS 7.1.1 installer contains jars signed by GTECyberTrust, which may not be installed on all linux systems
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: JBDS-3002
>                 URL: https://issues.jboss.org/browse/JBDS-3002
>             Project: Developer Studio (JBoss Developer Studio)
>          Issue Type: Bug
>          Components: installer, updatesite
>    Affects Versions: 7.1.1.GA
>            Reporter: Max Rydahl Andersen
>            Assignee: Denis Golovin
>            Priority: Blocker
>              Labels: respin-a
>             Fix For: 8.0.0.CR1
>
>
> We have jars in JBDS 7.1.1.GA which were signed using GTECyberTrust. Some linux installs do not include this root cert, so when installing, p2 rejects the cert:
> {code}One or more certificates rejected. Cannot proceed with installation.{code}
> Full details: https://community.jboss.org/message/866868
> *Platform details:*
> {code}
> Debian Jessie 64 bit
> $ uname -a:
> Linux Name 3.13-1-amd64 #1 SMP Debian 3.13.7-1 (2014-03-25) x86_64 GNU/Linux
> $ java -version
> java version "1.7.0_51"
> OpenJDK Runtime Environment (IcedTea 2.4.5) (7u51-2.4.5-2)
> OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)
> {code}
> Note that Debian 8.0 "Jessie" is not yet released nor has a date for release been announced [0]. The latest stable Debian [1] is 7.4 "Wheezy", released on Feb 8, 2014. [2] The description for "testing" releases like Jessie is "Security updates are irregular and unreliable." [3] So... I don't think we support this OS yet. :)
> [0] http://www.debian.org/releases/jessie/
> [1] http://www.debian.org/releases/
> [2] http://www.debian.org/releases/wheezy/
> [3] https://release.debian.org/
> *Steps to repro on the above platform:*
> 1. Downloaded jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar
> 2. Ran java -jar jbdevstudio-product-eap-universal-7.1.1.GA-v20140314-2145-B688.jar stuck to the defaults and clicked thru
> 3. Install failed with an error re certificates not being trusted
> 4. Log message in ~/jbdevstudio/studio/p2/director/configuration/1396752621141.log  as follows:
> !ENTRY org.eclipse.equinox.p2.engine 8 0 2014-04-06 08:21:42.061
> !MESSAGE One or more certificates rejected. Cannot proceed with installation.



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jbosstools-issues mailing list