On Tue, Feb 19, 2019 at 12:53:58PM -0800, Steven Ihde wrote: > Package: ca-certificates-java > Version: 20170929~deb9u1 > Severity: important > > Dear Maintainer, > > After upgrading to Debian 9.8 today, the following error results > whenever I run update-ca-certificates: > > ------ > $ sudo update-ca-certificates > Updating certificates in /etc/ssl/certs... > 0 added, 0 removed; done. > Running hooks in /etc/ca-certificates/update.d... > > /etc/ca-certificates/update.d/jks-keystore: 56: [: amd64: unexpected operator > done. > done. > ------ > > This appears to be due to a bashism introduced by the fix for 874276: > > ------- > $ checkbashisms /etc/ca-certificates/update.d/jks-keystore > possible bashism in /etc/ca-certificates/update.d/jks-keystore line 56 > (should be 'b = a'): > if [ "$arch" == "armhf" ]; then > -------
Ugh - that's no good! Thank you for reporting this. I'll prepare an updated package for stable [1] which should end up in the proposed-updates queue [2]. BTW, it looks like there is another bashism in the postinst as well, although that code won't be exercised unless someone is upgrading from an older Ubuntu release: possible bashism in debian/postinst.in line 56 (echo -e): echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \ java -Xmx64m -jar $JAR -storepass "$storepass" The "echo -e" will echo a literal '-e' into JAR invocation: $ ash -c 'echo -e "foo\nbar"' -e foo bar $ dash -c 'echo -e "foo\nbar"' -e foo bar $ bash -c 'echo -e "foo\nbar"' foo bar It looks printf [3] is a better choice for this. Cheers, tony [1] https://www.debian.org/doc/manuals/developers-reference/ch05.html#upload-stable [2] https://release.debian.org/proposed-updates/stable.html [3] https://pubs.opengroup.org/onlinepubs/9699919799/utilities/printf.html
signature.asc
Description: PGP signature