On Sat, Sep 30, 2017 at 10:18 AM, Emmanuel Bourg <[email protected]> wrote: > Hi Matthias, > > Le 30/09/2017 à 02:35, Debian FTP Masters a écrit : > >> - Stop fiddling around with jvm-*.cfg files. ca-certificates-java >> has no business with providing an initial cacerts file. This is >> implemented in the openjdk packages. We are not 2008 anymore. > > Are you suggesting that we should drop ca-certificates-java and just > rely on the root certificates from OpenJDK instead? I would welcome this > simplification, the certificates in OpenJDK are frequently updated > anyway, and that would improve the consistency with the Oracle JDK.
This change simply dropped the logic where the postinst script tried to detect a jvm.cfg in /etc/<jvm> and then created one in case it wasn't there. This is no longer required because OpenJDK was patched back in 2008 [1] to look for a "jvm.cfg-default" file that we ship with the package and is in a good and known state. The fact that ca-certificates-java failed just now is because of the introduction of aarch32 which does not have a C2 compiler (ie. server) as expected by the temporary jvm.cfg setup it uses. This was never a suggestion to actually drop the package. To give an overview of the issue, this happens during install time when both openjdk and ca-certificates are being installed because /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/jvm.cfg is a symlink to /etc/java-8-openjdk/jvm-amd64.cfg (on amd64) which does not exist until the openjdk package is configured. The patched openjdk looks instead for the other default jvm.cfg that we ship exactly for this reason. $ ls -l /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/jvm.cfg* lrwxrwxrwx 1 root root 33 Aug 23 15:41 /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/jvm.cfg -> /etc/java-8-openjdk/jvm-amd64.cfg -rw-r--r-- 1 root root 278 Aug 23 15:41 /usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/jvm.cfg-default [1] http://bazaar.launchpad.net/~openjdk/openjdk/openjdk6/revision/315 Regards, Tiago -- Tiago Stürmer Daitx Software Engineer [email protected] PGP Key: 4096R/F5B213BE (hkp://keyserver.ubuntu.com) Fingerprint = 45D0 FE5A 8109 1E91 866E 8CA4 1931 8D5E F5B2 13BE
