[Git][java-team/ca-certificates-java][master] 6 commits: Don't create a jvm-*.cfg file in jks-keystore hook
Emmanuel Bourg
gitlab at salsa.debian.org
Wed May 16 21:58:54 BST 2018
Emmanuel Bourg pushed to branch master at Debian Java Maintainers / ca-certificates-java
Commits:
2504a0a8 by Tiago Stürmer Daitx at 2018-05-16T16:45:33-03:00
Don't create a jvm-*.cfg file in jks-keystore hook
* debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
with the right configuration is already supplied by the openjdk packages.
- - - - -
34609c04 by Tiago Stürmer Daitx at 2018-05-16T16:50:04-03:00
Depend on openjdk-11-jre-headless for Ubuntu and deviratives
[ Matthias Klose ]
* debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
configure.
- - - - -
e37ec9ab by Tiago Stürmer Daitx at 2018-05-16T16:53:53-03:00
Only export JAVA_HOME and update PATH if a jvm is found
* debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
and update PATH if a known jvm was found.
- - - - -
08c6362d by Tiago Stürmer Daitx at 2018-05-16T17:06:27-03:00
Move setup_path function up
- - - - -
73ddff39 by Tiago Stürmer Daitx at 2018-05-16T17:08:36-03:00
Extract the /proc mountpoint check to a check_proc function
- - - - -
813b8c49 by Tiago Stürmer Daitx at 2018-05-16T17:31:09-03:00
Detect and convert PKCS12 cacerts to JKS
* debian/postinst.in: Detect PKCS12 cacert keystore generated by
previous ca-certificates-java and convert them to JKS. (Closes: #898678)
(LP: #1771363)
- - - - -
4 changed files:
- debian/changelog
- debian/jks-keystore.hook.in
- debian/postinst.in
- debian/rules
Changes:
=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+ca-certificates-java (20180516) unstable; urgency=medium
+
+ [ Tiago Stürmer Daitx ]
+ * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
+ with the right configuration is already supplied by the openjdk packages.
+ * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
+ and update PATH if a known jvm was found.
+ * debian/postinst.in: Detect PKCS12 cacert keystore generated by
+ previous ca-certificates-java and convert them to JKS. (Closes: #898678)
+ (LP: #1771363)
+
+ [ Matthias Klose ]
+ * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
+ configure.
+
+ -- Tiago Stürmer Daitx <tiago.daitx at ubuntu.com> Tue, 15 May 2018 02:16:43 +0000
+
ca-certificates-java (20180413) unstable; urgency=medium
* Team upload.
=====================================
debian/jks-keystore.hook.in
=====================================
--- a/debian/jks-keystore.hook.in
+++ b/debian/jks-keystore.hook.in
@@ -45,20 +45,12 @@ for jvm in java-7-openjdk-$arch java-7-openjdk \
oracle-java10-jre-$arch oracle-java10-server-jre-$arch oracle-java10-jdk-$arch \
java-11-openjdk-$arch java-11-openjdk \
oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do
-if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ export JAVA_HOME=/usr/lib/jvm/$jvm
+ PATH=$JAVA_HOME/bin:$PATH
break
-fi
+ fi
done
-export JAVA_HOME=/usr/lib/jvm/$jvm
-PATH=$JAVA_HOME/bin:$PATH
-
-temp_jvm_cfg=
-if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
- # the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
- mkdir -p /etc/${jvm%-$arch}
- printf -- "-server KNOWN\n" > $temp_jvm_cfg
-fi
if dpkg-query --version >/dev/null; then
nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1)
=====================================
debian/postinst.in
=====================================
--- a/debian/postinst.in
+++ b/debian/postinst.in
@@ -35,12 +35,41 @@ setup_path()
oracle-java10-jre-$arch oracle-java10-server-jre-$arch oracle-java10-jdk-$arch \
java-11-openjdk-$arch java-11-openjdk \
oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do
- if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
- break
+ if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+ export JAVA_HOME=/usr/lib/jvm/$jvm
+ PATH=$JAVA_HOME/bin:$PATH
+ break
fi
done
- export JAVA_HOME=/usr/lib/jvm/$jvm
- PATH=$JAVA_HOME/bin:$PATH
+}
+
+check_proc()
+{
+ if ! mountpoint -q /proc; then
+ echo >&2 "the keytool command requires a mounted proc fs (/proc)."
+ exit 1
+ fi
+}
+
+convert_pkcs12_keystore_to_jks()
+{
+ if ! keytool -importkeystore \
+ -srckeystore /etc/ssl/certs/java/cacerts \
+ -destkeystore /etc/ssl/certs/java/cacerts.dpkg-new \
+ -srcstoretype PKCS12 \
+ -deststoretype JKS \
+ -srcstorepass "$storepass" \
+ -deststorepass "$storepass" \
+ -noprompt; then
+ echo "failed to convert PKCS12 keystore to JKS" >&2
+ exit 1
+ fi
+
+ # only update if /etc/default/cacerts allows
+ if [ "$cacerts_updates" = "yes" ]; then
+ mv -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
+ mv -f /etc/ssl/certs/java/cacerts.dpkg-new /etc/ssl/certs/java/cacerts
+ fi
}
first_install()
@@ -91,14 +120,19 @@ case "$1" in
cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
fi
fi
- if [ -z "$2" -o -n "$FIXOLD" ]; then
- setup_path
- if ! mountpoint -q /proc; then
- echo >&2 "the keytool command requires a mounted proc fs (/proc)."
- exit 1
+ setup_path
+
+ if dpkg --compare-versions "$2" lt "20180516"; then
+ if [ -e /etc/ssl/certs/java/cacerts \
+ -a "$(head -c4 /etc/ssl/certs/java/cacerts)" != "$(echo -en '\xfe\xed\xfe\xed')" ]; then
+ check_proc
+ convert_pkcs12_keystore_to_jks
fi
+ fi
+ if [ -z "$2" -o -n "$FIXOLD" ]; then
+ check_proc
trap do_cleanup EXIT
first_install
fi
=====================================
debian/rules
=====================================
--- a/debian/rules
+++ b/debian/rules
@@ -6,7 +6,7 @@
ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)
SUBSTVARS = -Vnss:Depends="libnss3 (>= 3.12.9+ckbi-1.82-0ubuntu3~)" \
- -Vjre:Depends="openjdk-8-jre-headless"
+ -Vjre:Depends="openjdk-11-jre-headless"
nss_lib = libnss3
else
SUBSTVARS = -Vnss:Depends="libnss3 (>= 3.12.10-2~)" \
View it on GitLab: https://salsa.debian.org/java-team/ca-certificates-java/compare/08b3360a3bc47ddecde5fa4925c11b56dc3aa079...813b8c4973e6c4bb273d5d02f8d4e0aa0b226c50
---
View it on GitLab: https://salsa.debian.org/java-team/ca-certificates-java/compare/08b3360a3bc47ddecde5fa4925c11b56dc3aa079...813b8c4973e6c4bb273d5d02f8d4e0aa0b226c50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180516/9b0a0acc/attachment.html>
More information about the pkg-java-commits
mailing list