Bug#578578: sun-java6: crypto policy configuration files violate Debian policy
Markus at hochholdinger.net
Mon Jun 28 09:31:57 UTC 2010
I've now testet:
dpkg-divert --rename /usr/lib/jvm/java-6-sun-126.96.36.199/jre/lib/security/local_policy.jar
dpkg-divert --rename /usr/lib/jvm/java-6-sun-188.8.131.52/jre/lib/security/US_export_policy.jar
out of the README.Debian (6.20-dlj-4), but I tested this for Debian 5.0.4, so
I had to use:
dpkg-divert --rename /usr/lib/jvm/java-6-sun-184.108.40.206/jre/lib/security/local_policy.jar
dpkg-divert --rename /usr/lib/jvm/java-6-sun-220.127.116.11/jre/lib/security/US_export_policy.jar
After aptitude safe-upgrade the directory /usr/lib/jvm/java-6-sun-18.104.22.168
vanished and in /usr/lib/jvm/java-6-sun-22.214.171.124/jre/lib/security/ the files
from the debian package were used. My changed files "local_policy.jar"
and "US_export_policy.jar" were deleted!
So I assume this "workaround" doesn't work if the version of java (like here
126.96.36.199 to 188.8.131.52) changes.
(It's very dangerous because you notice the change only after the java vm is
restartet. This can happen long after the upgrade of java, so the java
developers will be puzzled what's suddenly wrong!)
Isn't it possible to put these two files in /etc/java-6-sun/security/ , like
the file cacerts, and symlink? With this I'll be asked if I want to overwrite
my changes or not, with cacerts this works very well!
Apropos configuration files in /etc, the file /etc/java-6-sun/security/cacerts
doesn't seem to look well in vi, so i suppose local_policy.jar and
US_export_policy.jar could be also there. Upstream - cacerts,
local_policy.jar and US_export_policy.jar ARE in the same dirctory
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: This is a digitally signed message part.
More information about the pkg-java-maintainers