[pkg-java] r16063 - in trunk/ca-certificates-java: . debian
Damien Raude-Morvan
drazzib at alioth.debian.org
Thu May 24 20:17:43 UTC 2012
Author: drazzib
Date: 2012-05-24 20:17:42 +0000 (Thu, 24 May 2012)
New Revision: 16063
Removed:
trunk/ca-certificates-java/debian/preinst
Modified:
trunk/ca-certificates-java/UpdateCertificates.java
trunk/ca-certificates-java/debian/changelog
trunk/ca-certificates-java/debian/jks-keystore.hook.in
trunk/ca-certificates-java/debian/postinst.in
trunk/ca-certificates-java/debian/rules
Log:
* debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around
since it is no longer needed.
* debian/postinst: don't put a symlink in / if jvm doesn't contain nss
configuration. (Closes: #665754, #665749).
* debian/postinst: force migration to new alias names again. The
migration was supposed to occur on upgrades to Oneiric, but failed
because of an NSS error.
* debian/postinst: forcibly remove diginotar cert. It could be left
behind under certain circumstances. (LP: #920758)
* debian/postinst: also look for jvm in multiarch locations (LP: #962378)
* debian/postinst: retrigger first_install to properly get cert store.
* d/rules: Ensure java is built with source/target == 1.6 for backwards
compatibility with openjdk-6.
* Sync handling of nss.cfg between debian/jks-keystore.hook.in and
debian/postinst.in.
* Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers).
* Improve handling of certificate with UTF-8 filenames:
- UpdateCertificates: Force read System.in with UTF-8
- debian/postinst: Set LC_CTYPE to C.UTF-8
Modified: trunk/ca-certificates-java/UpdateCertificates.java
===================================================================
--- trunk/ca-certificates-java/UpdateCertificates.java 2012-05-24 15:25:32 UTC (rev 16062)
+++ trunk/ca-certificates-java/UpdateCertificates.java 2012-05-24 20:17:42 UTC (rev 16063)
@@ -50,7 +50,8 @@
password = passwordString.toCharArray();
keystore = createKeyStore();
certFactory = CertificateFactory.getInstance("X.509");
- processChanges(new InputStreamReader(System.in));
+ // Force reading of inputstream int UTF-8
+ processChanges(new InputStreamReader(System.in, "UTF8"));
writeKeyStore();
}
Modified: trunk/ca-certificates-java/debian/changelog
===================================================================
--- trunk/ca-certificates-java/debian/changelog 2012-05-24 15:25:32 UTC (rev 16062)
+++ trunk/ca-certificates-java/debian/changelog 2012-05-24 20:17:42 UTC (rev 16063)
@@ -1,3 +1,32 @@
+ca-certificates-java (20120524) unstable; urgency=low
+
+ [ Marc Deslauriers ]
+ * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around
+ since it is no longer needed.
+ * debian/postinst: don't put a symlink in / if jvm doesn't contain nss
+ configuration. (Closes: #665754, #665749).
+ * debian/postinst: force migration to new alias names again. The
+ migration was supposed to occur on upgrades to Oneiric, but failed
+ because of an NSS error.
+ * debian/postinst: forcibly remove diginotar cert. It could be left
+ behind under certain circumstances. (LP: #920758)
+ * debian/postinst: also look for jvm in multiarch locations (LP: #962378)
+ * debian/postinst: retrigger first_install to properly get cert store.
+
+ [ James Page ]
+ * d/rules: Ensure java is built with source/target == 1.6 for backwards
+ compatibility with openjdk-6.
+
+ [ Damien Raude-Morvan ]
+ * Sync handling of nss.cfg between debian/jks-keystore.hook.in and
+ debian/postinst.in.
+ * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers).
+ * Improve handling of certificate with UTF-8 filenames:
+ - UpdateCertificates: Force read System.in with UTF-8
+ - debian/postinst: Set LC_CTYPE to C.UTF-8
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Tue, 22 May 2012 23:41:41 +0200
+
ca-certificates-java (20120225) unstable; urgency=low
[ Steve Langasek ]
Modified: trunk/ca-certificates-java/debian/jks-keystore.hook.in
===================================================================
--- trunk/ca-certificates-java/debian/jks-keystore.hook.in 2012-05-24 15:25:32 UTC (rev 16062)
+++ trunk/ca-certificates-java/debian/jks-keystore.hook.in 2012-05-24 20:17:42 UTC (rev 16063)
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
set -e
@@ -12,6 +12,8 @@
. /etc/default/cacerts
fi
+arch=`dpkg --print-architecture`
+
echo ""
if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
echo "updates of cacerts keystore disabled."
@@ -23,31 +25,32 @@
exit 1
fi
-for jdir in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
- if [ -x $jdir/bin/java ]; then
- break
- fi
+for jvm in java-6-openjdk-$arch java-6-openjdk \
+ java-7-openjdk-$arch java-7-openjdk java-6-sun; do
+if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ break
+fi
done
-export JAVA_HOME=$jdir
+export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
temp_jvm_cfg=
-if [ ! -f /etc/$jvm/jvm.cfg ]; then
+if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
# the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/$jvm/jvm.cfg
- mkdir -p /etc/$jvm
+ temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
+ mkdir -p /etc/${jvm%-$arch}
printf -- "-server KNOWN\n" > $temp_jvm_cfg
fi
if dpkg-query --version >/dev/null; then
nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
- nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $jdir/jre/lib/security/nss.cfg)
- if [ "$nsspkg" != "$nssjdk" ]; then
- ln -sf $nsspkg/libnss3.so $nssjdk/
+ nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg)
+ if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then
+ ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
fi
softokn3pkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p')
- if [ "$softokn3pkg" != "$nssjdk" ]; then
- ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/
+ if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] && [ "$softokn3pkg" != "$nssjdk" ]; then
+ ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/libsoftokn3.so
fi
fi
@@ -56,12 +59,12 @@
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
then
- rm -f $nssjdk/libnss3.so
+ rm -f $nssjdk/libnss3.so
fi
if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \
&& [ "$softokn3pkg" != "$nssjdk" ]
then
- rm -f $nssjdk/libsoftokn3.so
+ rm -f $nssjdk/libsoftokn3.so
fi
}
Modified: trunk/ca-certificates-java/debian/postinst.in
===================================================================
--- trunk/ca-certificates-java/debian/postinst.in 2012-05-24 15:25:32 UTC (rev 16062)
+++ trunk/ca-certificates-java/debian/postinst.in 2012-05-24 20:17:42 UTC (rev 16063)
@@ -2,26 +2,27 @@
set -e
-# Disable a critically buggy hook script during upgrade; to be removed
-# after oneiric release
-if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ]
-then
- chmod +x /etc/ca-certificates/update.d/jks-keystore
-fi
+# use the locale C.UTF-8
+unset LC_ALL
+LC_CTYPE=C.UTF-8
+export LC_CTYPE
storepass='changeit'
if [ -f /etc/default/cacerts ]; then
. /etc/default/cacerts
fi
+arch=`dpkg --print-architecture`
+
setup_path()
{
- for JAVA_HOME in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
- if [ -x $JAVA_HOME/bin/java ]; then
- break
+ for jvm in java-6-openjdk-$arch java-6-openjdk \
+ java-7-openjdk-$arch java-7-openjdk java-6-sun; do
+ if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ break
fi
done
- jvm=$(basename $JAVA_HOME | sed 's,-openjdk-.*,-openjdk,') # multiarch fixup
+ export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=/usr/share/ca-certificates-java
@@ -31,17 +32,23 @@
first_install()
{
if which dpkg-query --version >/dev/null; then
- nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
- nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/$jvm/security/nss.cfg)
- if [ "$nsspkg" != "$nssjdk" ]; then
- ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
- fi
+ nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
+ nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg)
+ if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then
+ ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
fi
+ fi
+ # Forcibly remove diginotar cert (LP: #920758)
+ if [ -n "$FIXOLD" ]; then
+ echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \
+ java UpdateCertificates -storepass "$storepass"
+ fi
+
find /etc/ssl/certs -name \*.pem | \
while read filename; do
- alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
- alias=${alias%*_}
+ alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
if [ -n "$FIXOLD" ]; then
echo "-${alias}"
echo "-${alias}_pem"
@@ -57,41 +64,42 @@
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
then
- rm -f $nssjdk/libnss3.so
+ rm -f $nssjdk/libnss3.so
fi
}
case "$1" in
configure)
- if dpkg --compare-versions "$2" le "20100412"; then
+ if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then
FIXOLD="true"
if [ -e /etc/ssl/certs/java/cacerts ]; then
cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
fi
fi
if [ -z "$2" -o -n "$FIXOLD" ]; then
- setup_path
+ setup_path
- if ! mountpoint -q /proc; then
- echo >&2 "the keytool command requires a mounted proc fs (/proc)."
- exit 1
- fi
+ if ! mountpoint -q /proc; then
+ echo >&2 "the keytool command requires a mounted proc fs (/proc)."
+ exit 1
+ fi
- if [ ! -f /etc/$jvm/jvm.cfg ]; then
- # the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/$jvm/jvm.cfg
- mkdir -p /etc/$jvm
- printf -- "-server KNOWN\n" > $temp_jvm_cfg
- fi
+ temp_jvm_cfg=
+ if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
+ # the jre is not yet configured, but jvm.cfg is needed to run it
+ temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
+ mkdir -p /etc/${jvm%-$arch}
+ printf -- "-server KNOWN\n" > $temp_jvm_cfg
+ fi
- if first_install; then
- do_cleanup
- else
- do_cleanup
- exit 1
- fi
- fi
- chmod 600 /etc/default/cacerts || true
+ if first_install; then
+ do_cleanup
+ else
+ do_cleanup
+ exit 1
+ fi
+ fi
+ chmod 600 /etc/default/cacerts || true
;;
abort-upgrade|abort-remove|abort-deconfigure)
Deleted: trunk/ca-certificates-java/debian/preinst
===================================================================
--- trunk/ca-certificates-java/debian/preinst 2012-05-24 15:25:32 UTC (rev 16062)
+++ trunk/ca-certificates-java/debian/preinst 2012-05-24 20:17:42 UTC (rev 16063)
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Disable a critically buggy hook script during upgrade; to be removed
-# after oneiric release
-if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ]
-then
- chmod -x /etc/ca-certificates/update.d/jks-keystore
-fi
-
-#DEBHELPER#
-
Modified: trunk/ca-certificates-java/debian/rules
===================================================================
--- trunk/ca-certificates-java/debian/rules 2012-05-24 15:25:32 UTC (rev 16062)
+++ trunk/ca-certificates-java/debian/rules 2012-05-24 20:17:42 UTC (rev 16063)
@@ -21,7 +21,7 @@
build: build-stamp
build-stamp:
dh_testdir
- $(JAVA_HOME)/bin/javac UpdateCertificates.java
+ $(JAVA_HOME)/bin/javac -source 1.6 -target 1.6 UpdateCertificates.java
touch $@
clean:
More information about the pkg-java-commits
mailing list