Bug#1041419: ca-certificates-java: circular dependencies

[Terje Røsten]

This seems to be a real issue and a duplicate of Ubuntu bug:

  https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2019908

The root cause is that java binary requires file 
/etc/$jdk/security/java.security to be present, if this
file is not present, java will fail immediately with error:

  Exception in thread "main" java.lang.InternalError: Error loading 
java.security file

This is new behavior in Java 17+.

The current problem in ca-certificates-java is that the postinst script 
requires a working
java binary to create the very java.security file (java.security is 
create from shipped java.security.dpkg-new),
hence we have a circular problem. openjdk packages needs 
ca-certificates-java to work, while postinst of
ca-certificates-java needs working java binary.

The fix from Ubuntu is to copy required file into place in the postinst 
script
before running commands  further down which uses java binary, something 
like this:

                 # copy java.security to allow import to function
security_conf=/etc/java-${version}-openjdk/security
                 if [ -f ${security_conf}/java.security.dpkg-new ] \
                     && [ ! -f ${security_conf}/java.security ]; then
                         cp ${security_conf}/java.security.dpkg-new \
                             ${security_conf}/java.security
                 fi

This is not very elegant, however seems to work.

Could you please consider to apply this or other solution to fix this 
problem?

  - Terje