[Git][java-team/ca-certificates-java][master] revert Vladimir's changes
Matthias Klose (@doko)
gitlab at salsa.debian.org
Wed Jun 14 17:53:07 BST 2023
Matthias Klose pushed to branch master at Debian Java Maintainers / ca-certificates-java
Commits:
1d366c43 by Matthias Klose at 2023-06-14T18:51:34+02:00
revert Vladimir's changes
- - - - -
9 changed files:
- debian/ca-certificates-java.postinst
- debian/ca-certificates-java.triggers
- debian/changelog
- debian/control
- − debian/tests/can-convert-keystore
- − debian/tests/can-install-jre
- − debian/tests/can-install-libreoffice
- − debian/tests/can-install-multiple-jdks
- − debian/tests/control
Changes:
=====================================
debian/ca-certificates-java.postinst
=====================================
@@ -18,6 +18,30 @@ LOCALCERTSDIR=/usr/local/share/ca-certificates
ETCCERTSDIR=/etc/ssl/certs
CACERTS=$ETCCERTSDIR/java/cacerts
+setup_path()
+{
+ for version in 8 9 10 11 12 13 14 15 16 17 18 19 20 21 ; do
+ for jvm in \
+ java-${version}-openjdk-${arch} \
+ java-${version}-openjdk \
+ oracle-java${version}-jre-${arch} \
+ oracle-java${version}-server-jre-${arch} \
+ oracle-java${version}-jdk-${arch}
+ do
+ if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ export JAVA_HOME=/usr/lib/jvm/$jvm
+ PATH=$JAVA_HOME/bin:$PATH
+ break 2
+ fi
+ done
+ done
+
+ if ! which java >/dev/null; then
+ echo "No JRE found. Skipping Java certificates setup."
+ exit 0
+ fi
+}
+
check_proc()
{
if ! mountpoint -q /proc; then
@@ -66,10 +90,7 @@ update_cacerts()
exit 0
fi
- if ! which java >/dev/null; then
- echo "No JRE found. Skipping Java certificates setup."
- exit 0
- fi
+ setup_path
if [ -f /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks ]; then
convert_pkcs12_keystore_to_jks
@@ -82,17 +103,7 @@ update_cacerts()
if [ -f "$CACERTS" ]; then
check_proc
-
- # Java 8 does not have -cacerts option
- if java -version 2>&1 | grep "1.8" > /dev/null ;
- then
- castore="-keystore ${CACERTS}"
- else
- castore="-cacerts"
- fi
-
- cacerts_aliases=$(keytool ${castore} -storepass "$storepass" -list -rfc | sed -n 's/^Alias name: *debian://ip' | tr '\n' ' ')
-
+ cacerts_aliases=$(keytool -cacerts -storepass "$storepass" -list -rfc | sed -n 's/^Alias name: *debian://ip' | tr '\n' ' ')
etc_ssl_certs_aliases=$(for pem in $pem_files ; do echo -n "$(basename "$pem" | tr A-Z a-z) "; done)
for alias in $cacerts_aliases ; do
case " $etc_ssl_certs_aliases " in
@@ -166,9 +177,5 @@ if [ "$1" = "triggered" ]; then
;;
esac
- if [ ! -f $CACERTS ]; then
- touch /var/lib/ca-certificates-java/fresh
- fi
-
update_cacerts
fi
=====================================
debian/ca-certificates-java.triggers
=====================================
@@ -1,2 +1,3 @@
-interest-await update-ca-certificates-java
-interest-await update-ca-certificates-java-fresh
+interest update-ca-certificates-java
+interest update-ca-certificates-java-fresh
+interest /usr/lib/jvm
=====================================
debian/changelog
=====================================
@@ -1,21 +1,5 @@
ca-certificates-java (20230614) UNRELEASED; urgency=medium
- [ Vladimir Petko ]
- * Resolve circular JRE dependency (LP: #2003750, LP: #1999103, LP: #2004061)
- Closes: #1030129, #1037478, #1023748.
- - debian/ca-certificates-java.postinst: remove setup_path from "configure"
- stage.
- - debian/ca-certificates-java.postinst: do "fresh" update if cacerts file is
- not found. Certificates are refreshed only in response to the trigger
- activated by OpenJDK packages.
- - debian/ca-certificates-java.postinst: fix cacert enumeration command for
- Java 8. Closes: #1015771.
- - debian/control: remove JRE dependency.
- - debian/control: add Breaks condition.
- - debian/tests: add smoke tests.
- - debian/ca-certificates-java.triggers: remove file trigger /usr/jvm,
- explicitly declare triggers as -await.
-
[ Matthias Klose ]
* Bump standards version.
* Build-depend on default-jdk-headless instead of default-jdk.
=====================================
debian/control
=====================================
@@ -20,13 +20,7 @@ Multi-Arch: foreign
Depends:
ca-certificates (>= 20210120),
${misc:Depends},
-Breaks: openjdk-8-jre-headless (<<8u372-ga-2~),
- openjdk-11-jre-headless (<<11.0.18+10-0ubuntu3~),
- openjdk-17-jre-headless (<<17.0.6+10-1ubuntu1~),
- openjdk-18-jre-headless (<<18.0.2+9-2ubuntu1~),
- openjdk-19-jre-headless (<<19.0.2+7-0ubuntu4~),
- openjdk-20-jre-headless (<<20~26ea-1ubuntu1~),
- openjdk-21-jre-headless (<<21~7ea-1ubuntu1~)
+ default-jre-headless (>= 2:1.8) | java8-runtime-headless,
Description: Common CA certificates (JKS keystore)
This package uses the hooks of the ca-certificates package to update the
cacerts JKS keystore used for many java runtimes.
=====================================
debian/tests/can-convert-keystore deleted
=====================================
@@ -1,24 +0,0 @@
-#!/bin/bash
-set -e
-# GIVEN a PKCS12 Java keystore
-ETCCERTSDIR=/etc/ssl/certs
-CACERTS=$ETCCERTSDIR/java/cacerts
-rm $CACERTS
-keytool -importcert -noprompt -alias Amazon -file /etc/ssl/certs/Amazon_Root_CA_1.pem -trustcacerts -storepass changeit -storetype PKCS12 -keystore test.store 2> /dev/null
-apt-get remove -y ca-certificates-java
-
-mkdir -p /etc/ssl/certs/java/
-mkdir -p /var/lib/ca-certificates-java/
-mv test.store $CACERTS
-# WHEN ca-certificates-java is requested to convert the keystore
-touch /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks
-
-# THEN conversion is successful
-output=`mktemp`
-apt-get install -y openjdk-8-jre-headless | tee ${output}
-
-if [[ $(grep -L "Entry for alias amazon successfully imported." ${output}) ]];
-then
- echo "Certificates were not imported !!!"
- exit 255
-fi
=====================================
debian/tests/can-install-jre deleted
=====================================
@@ -1,26 +0,0 @@
-#!/bin/bash
-set -e
-versions=$(apt-cache search jre-headless | awk '{print $1}')
-for version in ${versions}
-do
-# WHEN openjdk-jre-headless package is installed from scratch
-
- # Java 18 is EOL 09.2022 but is present in Lunar so that we could do clean
- # builds. Ignore it in certificate tests
- if [[ ${version} == "openjdk-18-jre-headless" ]];
- then
- continue
- fi
- output=`mktemp`
- echo "installing ${version}"
- apt-get install -y ${version} | tee ${output}
-# THEN installation is successfull
-# AND certificates are updated
- if [[ $(grep -L "Adding debian:Amazon_Root_CA_1.pem" ${output}) ]]; then
- echo "Certificates were not imported !!!"
- exit 255
- fi
- rm $output
- # purge in order to remove keytstore
- apt-get purge -y ca-certificates-java ${version}
-done
\ No newline at end of file
=====================================
debian/tests/can-install-libreoffice deleted
=====================================
@@ -1,4 +0,0 @@
-#!/bin/bash
-set -e
-
-apt-get install -y libreoffice
\ No newline at end of file
=====================================
debian/tests/can-install-multiple-jdks deleted
=====================================
@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-output=`mktemp`
-# WHEN multiple JDKs are installed
-apt-get install -y openjdk-11-jdk openjdk-17-jdk openjdk-8-jdk | tee ${output}
-
-# THEN installation is successful
-if [[ $(grep -L "Adding debian:Amazon_Root_CA_1.pem" ${output}) ]]; then
- echo "Certificates were not imported !!!"
- exit 255
-fi
-rm $output
=====================================
debian/tests/control deleted
=====================================
@@ -1,9 +0,0 @@
-Tests: can-convert-keystore
-Depends: default-jre-headless
-Restrictions: needs-root
-
-Tests: can-install-jre, can-install-multiple-jdks, can-install-libreoffice
-# No depends, this is a test for a clean install
-Depends:
-Restrictions: needs-root
-
View it on GitLab: https://salsa.debian.org/java-team/ca-certificates-java/-/commit/1d366c4304d34432ed57b34feb9a51cba43fde01
--
View it on GitLab: https://salsa.debian.org/java-team/ca-certificates-java/-/commit/1d366c4304d34432ed57b34feb9a51cba43fde01
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230614/5a2892bb/attachment.htm>
More information about the pkg-java-commits
mailing list