Bug 682021

Summary: pkisilent needs xml-commons-apis.jar in it's classpath
Product: Red Hat Enterprise Linux 6 Reporter: John Dennis <jdennis>
Component: pki-coreAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.1CC: benl, dpal, jgalipea, mharmsen, nsoman
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-9.0.3-7.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 682013 Environment:
Last Closed: 2011-05-19 13:44:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 682013    
Bug Blocks:    
Attachments:
Description Flags
Patch + spec file changes awnuk: review+

Description John Dennis 2011-03-03 22:47:26 UTC 
+++ This bug was initially created as a clone of Bug #682013 +++

We recently added xml-commons-apis.jar to the location searched by the webapp classloader because it's needed by xerces-j2 in bug #680420, this is setup by pkicreate.

pkisilent also uses xerces-j2 and hence must also have xml-commons-apis.jar in it's classpath in /usr/bin/pkisilent

xerces-j2 depends on both xml-commons-apis.jar and xml-commons-resolver.jar. pkisilent already had xml-commons-resolver.jar but was missing xml-commons-apis.jar. On the otherhand the tomcat webapps setup by pkicreate currently just adds xml-commons-apis.jar, xml-commons-resolver should also be in the class library location.

The patch which will follow will do the following:

1) add xml-commons-apis.jar to the classpath of pkisilent

2) add xml-commons-resolver.jar to the webapp lib location set up by pkicreate

3) add the dependencies to the pkicore.spec file.

--- Additional comment from jdennis on 2011-03-03 17:07:10 EST ---

Created attachment 482168 [details]
add xml-commons-apis.jar to pkisilent and xml-commons-resolver.jar to pkicreate

--- Additional comment from jdennis on 2011-03-03 17:27:43 EST ---

Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 1874.
Comment 2 Matthew Harmsen 2011-03-04 18:14:26 UTC 
IPA_v2_RHEL_6_1_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M       base/silent/scripts/pkisilent
M       base/setup/pkicreate

# svn commit base/silent/scripts/pkisilent base/setup/pkicreate
Sending        base/setup/pkicreate
Sending        base/silent/scripts/pkisilent
Transmitting file data ..
Committed revision 1879.
Comment 3 Matthew Harmsen 2011-03-04 18:27:13 UTC 
Extrapolating from Bugzilla Bug #681367:

    ./pki/scripts/pki_patch_maker 1876 1879 pki-core 9.0.3
        pki-core-9.0.3-r1879.patch
Comment 4 Matthew Harmsen 2011-03-04 18:36:38 UTC 
Created attachment 482345 [details]
Patch + spec file changes
Comment 5 Matthew Harmsen 2011-03-04 18:43:51 UTC 
IPA_v2_RHEL_6_1_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
A       patches/pki-core-9.0.3-r1879.patch
M       specs/pki-core.spec

# svn commit
Adding         patches/pki-core-9.0.3-r1879.patch
Sending        specs/pki-core.spec
Transmitting file data ..
Committed revision 1880.
Comment 6 Matthew Harmsen 2011-03-04 19:35:41 UTC 
Published patch to http://pki.fedoraproject.org/pki/sources/pki-core/
Comment 8 Namita Soman 2011-04-28 15:01:06 UTC 
Using:
ipa-server-2.0.0-23.el6.x86_64

Can successfully install ipa server.

ipa-server-install makes a call to pkicreate as part of its step:
[2/17]: creating pki-ca instance

and calls pkisilent as part of its step:
[4/17]: configuring certificate server instance

.... these installs are successful.

Does that mean pkisilent has xml-commons-apis.jar in it's classpath?
Comment 9 John Dennis 2011-04-28 15:41:01 UTC 
> Does that mean pkisilent has xml-commons-apis.jar in it's classpath?

Not necessarily, Java classes are loaded in a lazy manner, a class is only loaded when it is first referenced. If the run time execution does not make a reference to the class you won't hit the NoClassDef exception.

That said it's likely that IPA's use of the CA is sufficient to cause a reference to the class. But perhaps a better test might be to remove the jar from the class loader path, if it's getting referenced it should fail. Now you know a reference was made. Then put the jar back, it should succeed. That would be a positive test.

The jars appear in the class path via the presence of symbolic link in one of the lib directories under instance directory, the symlink points to the system copy of the jar. You need to find which directory the link is in, remove it, test, set it back, test again. For the CA the two directories where the links appear are:

/var/lib/pki-ca/webapps/ca/WEB-INF/lib
/var/lib/pki-ca/common/lib
Comment 10 Chandrasekar Kannan 2011-04-29 00:37:44 UTC 
I verified this today. 

It turned out that I had to yank out symlink /usr/share/java/xml-common-api.jar from the CLASSPATH as that's the one mentioned in /usr/bin/pkisilent. 

If I remove it, pkisilent does not work.
If I put it back in place, pkisilent works fine to create/configure the CA.

marking bug verified.
Comment 11 errata-xmlrpc 2011-05-19 13:44:09 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHEA-2011-0627.html