[ca-certificates-java] 22/58: * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around since it is no longer needed. * debian/postinst: don't put a symlink in / if jvm doesn't contain nss configuration. (Closes: #665754, #665749). * debian/postinst: force migration to new alias names again. The migration was supposed to occur on upgrades to Oneiric, but failed because of an NSS error. * debian/postinst: forcibly remove diginotar cert. It could be left behind under certain circumstances. (LP: #920758) * debian/postinst: also look for jvm in multiarch locations (LP: #962378) * debian/postinst: retrigger first_install to properly get cert store. * d/rules: Ensure java is built with source/target == 1.6 for backwards compatibility with openjdk-6. * Sync handling of nss.cfg between debian/jks-keystore.hook.in and debian/postinst.in. * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). * Improve handling of certificate with UTF-8 filenames: - UpdateCertificates: Force read System.in with UTF-8 - debian/postinst: Set LC_CTYPE to C.UTF-8
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Wed May 31 13:13:16 UTC 2017
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to branch master
in repository ca-certificates-java.
commit c499319ffd7d98e6111d905bab81c31d837e7eea
Author: Damien Raude-Morvan <drazzib at debian.org>
Date: Thu May 24 20:17:42 2012 +0000
* debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around
since it is no longer needed.
* debian/postinst: don't put a symlink in / if jvm doesn't contain nss
configuration. (Closes: #665754, #665749).
* debian/postinst: force migration to new alias names again. The
migration was supposed to occur on upgrades to Oneiric, but failed
because of an NSS error.
* debian/postinst: forcibly remove diginotar cert. It could be left
behind under certain circumstances. (LP: #920758)
* debian/postinst: also look for jvm in multiarch locations (LP: #962378)
* debian/postinst: retrigger first_install to properly get cert store.
* d/rules: Ensure java is built with source/target == 1.6 for backwards
compatibility with openjdk-6.
* Sync handling of nss.cfg between debian/jks-keystore.hook.in and
debian/postinst.in.
* Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers).
* Improve handling of certificate with UTF-8 filenames:
- UpdateCertificates: Force read System.in with UTF-8
- debian/postinst: Set LC_CTYPE to C.UTF-8
---
UpdateCertificates.java | 3 +-
debian/changelog | 29 +++++++++++++++
debian/jks-keystore.hook.in | 35 ++++++++++--------
debian/postinst.in | 90 ++++++++++++++++++++++++---------------------
debian/preinst | 13 -------
debian/rules | 2 +-
6 files changed, 100 insertions(+), 72 deletions(-)
diff --git a/UpdateCertificates.java b/UpdateCertificates.java
index 7bce46a..7eb0a42 100644
--- a/UpdateCertificates.java
+++ b/UpdateCertificates.java
@@ -50,7 +50,8 @@ public class UpdateCertificates {
password = passwordString.toCharArray();
keystore = createKeyStore();
certFactory = CertificateFactory.getInstance("X.509");
- processChanges(new InputStreamReader(System.in));
+ // Force reading of inputstream int UTF-8
+ processChanges(new InputStreamReader(System.in, "UTF8"));
writeKeyStore();
}
diff --git a/debian/changelog b/debian/changelog
index fd7bfde..0782a22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,32 @@
+ca-certificates-java (20120524) unstable; urgency=low
+
+ [ Marc Deslauriers ]
+ * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around
+ since it is no longer needed.
+ * debian/postinst: don't put a symlink in / if jvm doesn't contain nss
+ configuration. (Closes: #665754, #665749).
+ * debian/postinst: force migration to new alias names again. The
+ migration was supposed to occur on upgrades to Oneiric, but failed
+ because of an NSS error.
+ * debian/postinst: forcibly remove diginotar cert. It could be left
+ behind under certain circumstances. (LP: #920758)
+ * debian/postinst: also look for jvm in multiarch locations (LP: #962378)
+ * debian/postinst: retrigger first_install to properly get cert store.
+
+ [ James Page ]
+ * d/rules: Ensure java is built with source/target == 1.6 for backwards
+ compatibility with openjdk-6.
+
+ [ Damien Raude-Morvan ]
+ * Sync handling of nss.cfg between debian/jks-keystore.hook.in and
+ debian/postinst.in.
+ * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers).
+ * Improve handling of certificate with UTF-8 filenames:
+ - UpdateCertificates: Force read System.in with UTF-8
+ - debian/postinst: Set LC_CTYPE to C.UTF-8
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Tue, 22 May 2012 23:41:41 +0200
+
ca-certificates-java (20120225) unstable; urgency=low
[ Steve Langasek ]
diff --git a/debian/jks-keystore.hook.in b/debian/jks-keystore.hook.in
index 4e4d534..362364a 100644
--- a/debian/jks-keystore.hook.in
+++ b/debian/jks-keystore.hook.in
@@ -1,4 +1,4 @@
-#! /bin/sh
+#!/bin/sh
set -e
@@ -12,6 +12,8 @@ if [ -f /etc/default/cacerts ]; then
. /etc/default/cacerts
fi
+arch=`dpkg --print-architecture`
+
echo ""
if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
echo "updates of cacerts keystore disabled."
@@ -23,31 +25,32 @@ if ! mountpoint -q /proc; then
exit 1
fi
-for jdir in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
- if [ -x $jdir/bin/java ]; then
- break
- fi
+for jvm in java-6-openjdk-$arch java-6-openjdk \
+ java-7-openjdk-$arch java-7-openjdk java-6-sun; do
+if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ break
+fi
done
-export JAVA_HOME=$jdir
+export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
temp_jvm_cfg=
-if [ ! -f /etc/$jvm/jvm.cfg ]; then
+if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
# the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/$jvm/jvm.cfg
- mkdir -p /etc/$jvm
+ temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
+ mkdir -p /etc/${jvm%-$arch}
printf -- "-server KNOWN\n" > $temp_jvm_cfg
fi
if dpkg-query --version >/dev/null; then
nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
- nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $jdir/jre/lib/security/nss.cfg)
- if [ "$nsspkg" != "$nssjdk" ]; then
- ln -sf $nsspkg/libnss3.so $nssjdk/
+ nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg)
+ if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then
+ ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
fi
softokn3pkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p')
- if [ "$softokn3pkg" != "$nssjdk" ]; then
- ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/
+ if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] && [ "$softokn3pkg" != "$nssjdk" ]; then
+ ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/libsoftokn3.so
fi
fi
@@ -56,12 +59,12 @@ do_cleanup()
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
then
- rm -f $nssjdk/libnss3.so
+ rm -f $nssjdk/libnss3.so
fi
if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \
&& [ "$softokn3pkg" != "$nssjdk" ]
then
- rm -f $nssjdk/libsoftokn3.so
+ rm -f $nssjdk/libsoftokn3.so
fi
}
diff --git a/debian/postinst.in b/debian/postinst.in
index e104456..d247697 100644
--- a/debian/postinst.in
+++ b/debian/postinst.in
@@ -2,26 +2,27 @@
set -e
-# Disable a critically buggy hook script during upgrade; to be removed
-# after oneiric release
-if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ]
-then
- chmod +x /etc/ca-certificates/update.d/jks-keystore
-fi
+# use the locale C.UTF-8
+unset LC_ALL
+LC_CTYPE=C.UTF-8
+export LC_CTYPE
storepass='changeit'
if [ -f /etc/default/cacerts ]; then
. /etc/default/cacerts
fi
+arch=`dpkg --print-architecture`
+
setup_path()
{
- for JAVA_HOME in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
- if [ -x $JAVA_HOME/bin/java ]; then
- break
+ for jvm in java-6-openjdk-$arch java-6-openjdk \
+ java-7-openjdk-$arch java-7-openjdk java-6-sun; do
+ if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ break
fi
done
- jvm=$(basename $JAVA_HOME | sed 's,-openjdk-.*,-openjdk,') # multiarch fixup
+ export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
CLASSPATH=/usr/share/ca-certificates-java
@@ -31,17 +32,23 @@ setup_path()
first_install()
{
if which dpkg-query --version >/dev/null; then
- nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
- nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/$jvm/security/nss.cfg)
- if [ "$nsspkg" != "$nssjdk" ]; then
- ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
- fi
+ nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
+ nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg)
+ if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then
+ ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
+ fi
+ fi
+
+ # Forcibly remove diginotar cert (LP: #920758)
+ if [ -n "$FIXOLD" ]; then
+ echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \
+ java UpdateCertificates -storepass "$storepass"
fi
find /etc/ssl/certs -name \*.pem | \
while read filename; do
- alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
- alias=${alias%*_}
+ alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
if [ -n "$FIXOLD" ]; then
echo "-${alias}"
echo "-${alias}_pem"
@@ -57,41 +64,42 @@ do_cleanup()
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
then
- rm -f $nssjdk/libnss3.so
+ rm -f $nssjdk/libnss3.so
fi
}
case "$1" in
configure)
- if dpkg --compare-versions "$2" le "20100412"; then
+ if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then
FIXOLD="true"
if [ -e /etc/ssl/certs/java/cacerts ]; then
cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
fi
fi
if [ -z "$2" -o -n "$FIXOLD" ]; then
- setup_path
-
- if ! mountpoint -q /proc; then
- echo >&2 "the keytool command requires a mounted proc fs (/proc)."
- exit 1
- fi
-
- if [ ! -f /etc/$jvm/jvm.cfg ]; then
- # the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/$jvm/jvm.cfg
- mkdir -p /etc/$jvm
- printf -- "-server KNOWN\n" > $temp_jvm_cfg
- fi
-
- if first_install; then
- do_cleanup
- else
- do_cleanup
- exit 1
- fi
- fi
- chmod 600 /etc/default/cacerts || true
+ setup_path
+
+ if ! mountpoint -q /proc; then
+ echo >&2 "the keytool command requires a mounted proc fs (/proc)."
+ exit 1
+ fi
+
+ temp_jvm_cfg=
+ if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
+ # the jre is not yet configured, but jvm.cfg is needed to run it
+ temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
+ mkdir -p /etc/${jvm%-$arch}
+ printf -- "-server KNOWN\n" > $temp_jvm_cfg
+ fi
+
+ if first_install; then
+ do_cleanup
+ else
+ do_cleanup
+ exit 1
+ fi
+ fi
+ chmod 600 /etc/default/cacerts || true
;;
abort-upgrade|abort-remove|abort-deconfigure)
diff --git a/debian/preinst b/debian/preinst
deleted file mode 100644
index 2356c9a..0000000
--- a/debian/preinst
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Disable a critically buggy hook script during upgrade; to be removed
-# after oneiric release
-if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ]
-then
- chmod -x /etc/ca-certificates/update.d/jks-keystore
-fi
-
-#DEBHELPER#
-
diff --git a/debian/rules b/debian/rules
index c9aa538..ca02808 100755
--- a/debian/rules
+++ b/debian/rules
@@ -21,7 +21,7 @@ build-indep: build
build: build-stamp
build-stamp:
dh_testdir
- $(JAVA_HOME)/bin/javac UpdateCertificates.java
+ $(JAVA_HOME)/bin/javac -source 1.6 -target 1.6 UpdateCertificates.java
touch $@
clean:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/ca-certificates-java.git
More information about the pkg-java-commits
mailing list