Bug#690204: ca-certificates{, -java}: many errors during squeeze->wheezy upgrades, probably related to configuration order and update.d/

Michael Shuler michael at pbandjelly.org
Thu Oct 11 18:29:56 UTC 2012


merge 690204 537051
thanks

Same errors in the attached log during a squeeze to wheezy dist-upgrade.
However, immediately following the dist-upgrade, re-running
'update-ca-certificates --fresh' completes successfully and sets up the
java keystore properly.

In all cases, the end of the ca-certificates package update is:

  151 added, 0 removed; done.

and the hook for ca-certificates-java begins:

  Running hooks in /etc/ca-certificates/update.d....
  updating keystore /etc/ssl/certs/java/cacerts...
  (errors..)

From the lack of update errors after dist-upgrade and the new openjdk is
installed makes me think that ca-certificates-java might need to
pre-depend on a specific version of openjdk-6-jre-headless. (Does this
sound reasonable?)

I would be happy to add something to ca-certificates to delay the update
hooks only when needed.  Perhaps if a suggested patch could be
submitted, since I'm not entirely sure what I would key off to make that
delay happen only when needed.  FWIW, there are no update errors with
ca-certificates when ca-certificates-java is not installed.

-- 
Kind regards,
Michael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squeeze2wheezy_dist-upgrade.log.gz
Type: application/gzip
Size: 16356 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20121011/a3d561b3/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20121011/a3d561b3/attachment-0001.pgp>


More information about the pkg-java-maintainers mailing list