Bug#578578: sun-java6: crypto policy configuration files violate Debian policy
Markus Hochholdinger
Markus at hochholdinger.net
Mon Jun 28 09:31:57 UTC 2010
Hello,
I've now testet:
sudo
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/local_policy.jar
sudo
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/US_export_policy.jar
out of the README.Debian (6.20-dlj-4), but I tested this for Debian 5.0.4, so
I had to use:
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.12/jre/lib/security/local_policy.jar
dpkg-divert --rename /usr/lib/jvm/java-6-sun-1.6.0.12/jre/lib/security/US_export_policy.jar
After aptitude safe-upgrade the directory /usr/lib/jvm/java-6-sun-1.6.0.12
vanished and in /usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/ the files
from the debian package were used. My changed files "local_policy.jar"
and "US_export_policy.jar" were deleted!
So I assume this "workaround" doesn't work if the version of java (like here
1.6.0.12 to 1.6.0.20) changes.
(It's very dangerous because you notice the change only after the java vm is
restartet. This can happen long after the upgrade of java, so the java
developers will be puzzled what's suddenly wrong!)
Isn't it possible to put these two files in /etc/java-6-sun/security/ , like
the file cacerts, and symlink? With this I'll be asked if I want to overwrite
my changes or not, with cacerts this works very well!
Apropos configuration files in /etc, the file /etc/java-6-sun/security/cacerts
doesn't seem to look well in vi, so i suppose local_policy.jar and
US_export_policy.jar could be also there. Upstream - cacerts,
local_policy.jar and US_export_policy.jar ARE in the same dirctory
(lib/security/)!
--
greetings
eMHa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20100628/11b2b7f6/attachment-0001.pgp>
More information about the pkg-java-maintainers
mailing list