Skip to content
Commits on Source (6)
Show whitespace changes
Inline Side-by-side
debian/changelog
View file @ 813b8c49
ca-certificates-java (20180516) unstable; urgency=medium
[ Tiago Stürmer Daitx ]
* debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
with the right configuration is already supplied by the openjdk packages.
* debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
and update PATH if a known jvm was found.
* debian/postinst.in: Detect PKCS12 cacert keystore generated by
previous ca-certificates-java and convert them to JKS. (Closes: #898678)
(LP: #1771363)
[ Matthias Klose ]
* debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
configure.
-- Tiago Stürmer Daitx <tiago.daitx@ubuntu.com> Tue, 15 May 2018 02:16:43 +0000
ca-certificates-java (20180413) unstable; urgency=medium
* Team upload.
......
debian/jks-keystore.hook.in
View file @ 813b8c49
......@@ -46,19 +46,11 @@ for jvm in java-7-openjdk-$arch java-7-openjdk \
java-11-openjdk-$arch java-11-openjdk \
oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do
if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
break
fi
done
export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
temp_jvm_cfg=
if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then
# the jre is not yet configured, but jvm.cfg is needed to run it
temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg
mkdir -p /etc/${jvm%-$arch}
printf -- "-server KNOWN\n" > $temp_jvm_cfg
break
fi
done
if dpkg-query --version >/dev/null; then
nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1)
......
debian/postinst.in
View file @ 813b8c49
......@@ -36,11 +36,40 @@ setup_path()
java-11-openjdk-$arch java-11-openjdk \
oracle-java11-jre-$arch oracle-java11-server-jre-$arch oracle-java11-jdk-$arch; do
if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
break
fi
done
export JAVA_HOME=/usr/lib/jvm/$jvm
PATH=$JAVA_HOME/bin:$PATH
}
check_proc()
{
if ! mountpoint -q /proc; then
echo >&2 "the keytool command requires a mounted proc fs (/proc)."
exit 1
fi
}
convert_pkcs12_keystore_to_jks()
{
if ! keytool -importkeystore \
-srckeystore /etc/ssl/certs/java/cacerts \
-destkeystore /etc/ssl/certs/java/cacerts.dpkg-new \
-srcstoretype PKCS12 \
-deststoretype JKS \
-srcstorepass "$storepass" \
-deststorepass "$storepass" \
-noprompt; then
echo "failed to convert PKCS12 keystore to JKS" >&2
exit 1
fi
# only update if /etc/default/cacerts allows
if [ "$cacerts_updates" = "yes" ]; then
mv -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
mv -f /etc/ssl/certs/java/cacerts.dpkg-new /etc/ssl/certs/java/cacerts
fi
}
first_install()
......@@ -91,14 +120,19 @@ case "$1" in
cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
fi
fi
if [ -z "$2" -o -n "$FIXOLD" ]; then
setup_path
if ! mountpoint -q /proc; then
echo >&2 "the keytool command requires a mounted proc fs (/proc)."
exit 1
if dpkg --compare-versions "$2" lt "20180516"; then
if [ -e /etc/ssl/certs/java/cacerts \
-a "$(head -c4 /etc/ssl/certs/java/cacerts)" != "$(echo -en '\xfe\xed\xfe\xed')" ]; then
check_proc
convert_pkcs12_keystore_to_jks
fi
fi
if [ -z "$2" -o -n "$FIXOLD" ]; then
check_proc
trap do_cleanup EXIT
first_install
fi
......
debian/rules
View file @ 813b8c49
......@@ -6,7 +6,7 @@
ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)
SUBSTVARS = -Vnss:Depends="libnss3 (>= 3.12.9+ckbi-1.82-0ubuntu3~)" \
-Vjre:Depends="openjdk-8-jre-headless"
-Vjre:Depends="openjdk-11-jre-headless"
nss_lib = libnss3
else
SUBSTVARS = -Vnss:Depends="libnss3 (>= 3.12.10-2~)" \
......