[Git][java-team/ca-certificates-java][master] 6 commits: Don't create a jvm-*.cfg file in jks-keystore hook

Emmanuel Bourg gitlab at salsa.debian.org
Wed May 16 21:58:54 BST 2018 

Emmanuel Bourg pushed to branch master at Debian Java Maintainers / ca-certificates-java


Commits:
2504a0a8 by Tiago Stürmer Daitx at 2018-05-16T16:45:33-03:00
Don't create a jvm-*.cfg file in jks-keystore hook

* debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
  with the right configuration is already supplied by the openjdk packages.

- - - - -
34609c04 by Tiago Stürmer Daitx at 2018-05-16T16:50:04-03:00
Depend on openjdk-11-jre-headless for Ubuntu and deviratives

[ Matthias Klose ]
* debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
  configure.

- - - - -
e37ec9ab by Tiago Stürmer Daitx at 2018-05-16T16:53:53-03:00
Only export JAVA_HOME and update PATH if a jvm is found

* debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
  and update PATH if a known jvm was found.

- - - - -
08c6362d by Tiago Stürmer Daitx at 2018-05-16T17:06:27-03:00
Move setup_path function up

- - - - -
73ddff39 by Tiago Stürmer Daitx at 2018-05-16T17:08:36-03:00
Extract the /proc mountpoint check to a check_proc function

- - - - -
813b8c49 by Tiago Stürmer Daitx at 2018-05-16T17:31:09-03:00
Detect and convert PKCS12 cacerts to JKS

* debian/postinst.in: Detect PKCS12 cacert keystore generated by
  previous ca-certificates-java and convert them to JKS. (Closes: #898678)
  (LP: #1771363)

- - - - -


4 changed files:

- debian/changelog
- debian/jks-keystore.hook.in
- debian/postinst.in
- debian/rules


Changes:

=====================================
debian/changelog
=====================================
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+ca-certificates-java (20180516) unstable; urgency=medium
+
+  [ Tiago Stürmer Daitx ]
+  * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
+    with the right configuration is already supplied by the openjdk packages.
+  * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
+    and update PATH if a known jvm was found.
+  * debian/postinst.in: Detect PKCS12 cacert keystore generated by
+    previous ca-certificates-java and convert them to JKS. (Closes: #898678)
+    (LP: #1771363)
+
+  [ Matthias Klose ]
+  * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
+    configure.
+
+ -- Tiago Stürmer Daitx <tiago.daitx at ubuntu.com>  Tue, 15 May 2018 02:16:43 +0000
+
 ca-certificates-java (20180413) unstable; urgency=medium
 
   * Team upload.


=====================================
debian/jks-keystore.hook.in
=====================================
--- a/debian/jks-keystore.hook.in
+++ b/debian/jks-keystore.hook.in
@@ -45,20 +45,12 @@ for jvm in java-7-openjdk-$arch java-7-openjdk \
            oracle-java10-jre-$arch oracle-java10-server-jre-$arch oracle-java10-jdk-$arch \
            java-11-openjdk-$arch java-11-openjdk \
            oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do
-if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+    if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+        export JAVA_HOME=/usr/lib/jvm/$jvm
+        PATH=$JAVA_HOME/bin:$PATH
     	break
-fi
+    fi
 done
-export JAVA_HOME=/usr/lib/jvm/$jvm
-PATH=$JAVA_HOME/bin:$PATH
-
-temp_jvm_cfg=
-if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
-    # the jre is not yet configured, but jvm.cfg is needed to run it
-    temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
-    mkdir -p /etc/${jvm%-$arch}
-    printf -- "-server KNOWN\n" > $temp_jvm_cfg
-fi
 
 if dpkg-query --version >/dev/null; then
     nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1)


=====================================
debian/postinst.in
=====================================
--- a/debian/postinst.in
+++ b/debian/postinst.in
@@ -35,12 +35,41 @@ setup_path()
                oracle-java10-jre-$arch oracle-java10-server-jre-$arch oracle-java10-jdk-$arch \
                java-11-openjdk-$arch java-11-openjdk \
                oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do
-    if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
-        break
+        if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
+            export JAVA_HOME=/usr/lib/jvm/$jvm
+            PATH=$JAVA_HOME/bin:$PATH
+            break
         fi
     done
-    export JAVA_HOME=/usr/lib/jvm/$jvm
-    PATH=$JAVA_HOME/bin:$PATH
+}
+
+check_proc()
+{
+    if ! mountpoint -q /proc; then
+        echo >&2 "the keytool command requires a mounted proc fs (/proc)."
+        exit 1
+    fi
+}
+
+convert_pkcs12_keystore_to_jks()
+{
+    if ! keytool -importkeystore \
+                 -srckeystore /etc/ssl/certs/java/cacerts \
+                 -destkeystore /etc/ssl/certs/java/cacerts.dpkg-new \
+                 -srcstoretype PKCS12 \
+                 -deststoretype JKS \
+                 -srcstorepass "$storepass" \
+                 -deststorepass "$storepass" \
+                 -noprompt; then
+        echo "failed to convert PKCS12 keystore to JKS" >&2
+        exit 1
+    fi
+
+    # only update if /etc/default/cacerts allows
+    if [ "$cacerts_updates" = "yes" ]; then
+        mv -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
+        mv -f /etc/ssl/certs/java/cacerts.dpkg-new /etc/ssl/certs/java/cacerts
+    fi
 }
 
 first_install()
@@ -91,14 +120,19 @@ case "$1" in
                 cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
             fi
         fi
-        if [ -z "$2" -o -n "$FIXOLD" ]; then
-            setup_path
 
-            if ! mountpoint -q /proc; then
-                echo >&2 "the keytool command requires a mounted proc fs (/proc)."
-                exit 1
+        setup_path
+
+        if dpkg --compare-versions "$2" lt "20180516"; then
+            if [ -e /etc/ssl/certs/java/cacerts \
+                 -a "$(head -c4 /etc/ssl/certs/java/cacerts)" != "$(echo -en '\xfe\xed\xfe\xed')" ]; then
+                check_proc
+                convert_pkcs12_keystore_to_jks
             fi
+        fi
 
+        if [ -z "$2" -o -n "$FIXOLD" ]; then
+            check_proc
             trap do_cleanup EXIT
             first_install
         fi


=====================================
debian/rules
=====================================
--- a/debian/rules
+++ b/debian/rules
@@ -6,7 +6,7 @@
 
 ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)
 	SUBSTVARS = -Vnss:Depends="libnss3 (>= 3.12.9+ckbi-1.82-0ubuntu3~)" \
-				-Vjre:Depends="openjdk-8-jre-headless"
+				-Vjre:Depends="openjdk-11-jre-headless"
 	nss_lib = libnss3
 else
 	SUBSTVARS = -Vnss:Depends="libnss3 (>= 3.12.10-2~)" \



View it on GitLab: https://salsa.debian.org/java-team/ca-certificates-java/compare/08b3360a3bc47ddecde5fa4925c11b56dc3aa079...813b8c4973e6c4bb273d5d02f8d4e0aa0b226c50

---
View it on GitLab: https://salsa.debian.org/java-team/ca-certificates-java/compare/08b3360a3bc47ddecde5fa4925c11b56dc3aa079...813b8c4973e6c4bb273d5d02f8d4e0aa0b226c50
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20180516/9b0a0acc/attachment.html>

More information about the pkg-java-commits mailing list