[ca-certificates-java] 04/58: Replace old inconsistent keystore aliases. (Closes: #623888)

Emmanuel Bourg ebourg-guest at moszumanska.debian.org
Wed May 31 13:13:14 UTC 2017 

This is an automated email from the git hooks/post-receive script.

ebourg-guest pushed a commit to branch master
in repository ca-certificates-java.

commit bf3f9c96fcbc7e59edf462a40860443b1561de9b
Author: Torsten Werner <twerner at debian.org>
Date:   Sun Apr 24 23:18:33 2011 +0000

    Replace old inconsistent keystore aliases. (Closes: #623888)
---
 debian/changelog |  3 ++-
 debian/postinst  | 80 +++++++++++++-------------------------------------------
 2 files changed, 20 insertions(+), 63 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ab2066b..c76e608 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,8 +4,9 @@ ca-certificates-java (20110425) unstable; urgency=low
   * Add Java code to update the keystore. (Closes: #623671)
   * Change Maintainer to Debian Java Maintainers and add myself to Uploaders.
   * Update Build-Depends.
+  * Replace old inconsistent keystore aliases. (Closes: #623888)
 
- -- Torsten Werner <twerner at debian.org>  Mon, 25 Apr 2011 00:29:23 +0200
+ -- Torsten Werner <twerner at debian.org>  Mon, 25 Apr 2011 01:17:00 +0200
 
 ca-certificates-java (20100412) unstable; urgency=low
 
diff --git a/debian/postinst b/debian/postinst
index 5261208..7cb7d52 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -2,8 +2,6 @@
 
 set -e
 
-KEYSTORE=/etc/ssl/certs/java/cacerts
-
 storepass='changeit'
 if [ -f /etc/default/cacerts ]; then
     . /etc/default/cacerts
@@ -11,8 +9,8 @@ fi
 
 setup_path()
 {
-    for jvm in java-6-openjdk java-6-sun; do
-	if [ -x /usr/lib/jvm/$jvm/bin/keytool ]; then
+    for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
+	if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
 	    break
 	fi
     done
@@ -22,64 +20,17 @@ setup_path()
 
 first_install()
 {
-    cacertdir=/usr/share/ca-certificates
-    log=$(tempfile)
-
-    # aliases of pregenerated files
-    pregenerated=$(tempfile)
-    LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
-	| awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
-	| sort > $pregenerated
-
-    grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
-    errors=0
-    while read line; do
-	pem=${line#!*}
-	alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+    find /etc/ssl/certs -name \*.pem | \
+    while read filename; do
+	alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
 	alias=${alias%*_}
-	case "$line" in
-	    !*)
-	        # remove untrusted certificate
-		if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
-		    -storepass "$storepass" -alias "$alias" >/dev/null
-		then
-		    echo "  removed untrusted certificate $pem"
-		else
-		    # not (anymore) in keystore
-		    :
-		fi;;
-	    *)
-	        # add certificate not yet in keystore
-		if [ ! -f "$cacertdir/$pem" ]; then
-		    echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
-		    echo >&2 "warning:   but $cacertdir/$pem does not exist."
-		    continue
-		fi
-		if ! grep -q "^${alias}$" $pregenerated; then
-		  if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
-			-noprompt -storepass "$storepass" \
-			-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
-		  then
-		      echo "  added certificate $pem"
-		  elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
-		        -providerClass sun.security.pkcs11.SunPKCS11 \
-		        -providerArg '${java.home}/lib/security/nss.cfg' \
-			-noprompt -storepass "$storepass" \
-			-alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
-		  then
-		      echo "  added certificate $pem (using NSS provider)"
-		  elif grep -q 'Signature not available' $log; then
-		      echo "  ignored import, signature not available: ${line#+*}"
-		      sed -e 's/^/   -> /' $log
-		  else
-		      echo >&2 "  error adding ${line#+*}"
-		      errors=$(expr $errors + 1)
-		  fi
-		fi
-	esac
-    done
-    rm -f $log
-    rm -f $pregenerated
+        if [ -n "$FIXOLD" ]; then
+            echo "-${alias}"
+            echo "-${alias}_pem"
+        fi
+        echo "+${filename}"
+    done | \
+    java UpdateCertificates -storepass "$storepass"
     if [ $errors -gt 0 ]; then
 	echo >&2 "failed (VM used: $jvm)."
 	[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
@@ -91,9 +42,14 @@ first_install()
 
 case "$1" in
     configure)
-        if [ -z "$2" ]; then
+        if dpkg --compare-versions "$2" le "20100412"; then
+            FIXOLD="true"
+            cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
+        fi
+        if [ -z "$2" -o -n "$FIXOLD" ]; then
 	    setup_path
 
+            # TODO: check if we really need it
 	    if ! mountpoint -q /proc; then
 		echo >&2 "the keytool command requires a mounted proc fs (/proc)."
 		exit 1

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/ca-certificates-java.git

More information about the pkg-java-commits mailing list