Bug#922720: ca-certificates-java: update-ca-certificates fails with bashism in jks-keystore
tony mancill
tmancill at debian.org
Sun Feb 24 17:47:42 GMT 2019
On Tue, Feb 19, 2019 at 12:53:58PM -0800, Steven Ihde wrote:
> Package: ca-certificates-java
> Version: 20170929~deb9u1
> Severity: important
>
> Dear Maintainer,
>
> After upgrading to Debian 9.8 today, the following error results
> whenever I run update-ca-certificates:
>
> ------
> $ sudo update-ca-certificates
> Updating certificates in /etc/ssl/certs...
> 0 added, 0 removed; done.
> Running hooks in /etc/ca-certificates/update.d...
>
> /etc/ca-certificates/update.d/jks-keystore: 56: [: amd64: unexpected operator
> done.
> done.
> ------
>
> This appears to be due to a bashism introduced by the fix for 874276:
>
> -------
> $ checkbashisms /etc/ca-certificates/update.d/jks-keystore
> possible bashism in /etc/ca-certificates/update.d/jks-keystore line 56 (should be 'b = a'):
> if [ "$arch" == "armhf" ]; then
> -------
Ugh - that's no good! Thank you for reporting this. I'll prepare an
updated package for stable [1] which should end up in the
proposed-updates queue [2].
BTW, it looks like there is another bashism in the postinst as well,
although that code won't be exercised unless someone is upgrading from
an older Ubuntu release:
possible bashism in debian/postinst.in line 56 (echo -e):
echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \
java -Xmx64m -jar $JAR -storepass "$storepass"
The "echo -e" will echo a literal '-e' into JAR invocation:
$ ash -c 'echo -e "foo\nbar"'
-e foo
bar
$ dash -c 'echo -e "foo\nbar"'
-e foo
bar
$ bash -c 'echo -e "foo\nbar"'
foo
bar
It looks printf [3] is a better choice for this.
Cheers,
tony
[1] https://www.debian.org/doc/manuals/developers-reference/ch05.html#upload-stable
[2] https://release.debian.org/proposed-updates/stable.html
[3] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/printf.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20190224/6eded4ff/attachment.sig>
More information about the pkg-java-maintainers
mailing list