Author: drazzib Date: 2013-08-15 12:46:11 +0000 (Thu, 15 Aug 2013) New Revision: 17146
Added: tags/ca-certificates-java/20130815/ tags/ca-certificates-java/20130815/UpdateCertificatesTest.java tags/ca-certificates-java/20130815/debian/ca-certificates-java.triggers tags/ca-certificates-java/20130815/debian/changelog tags/ca-certificates-java/20130815/debian/control tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in tags/ca-certificates-java/20130815/debian/postinst.in Removed: tags/ca-certificates-java/20130815/UpdateCertificatesTest.java tags/ca-certificates-java/20130815/debian/changelog tags/ca-certificates-java/20130815/debian/control tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in tags/ca-certificates-java/20130815/debian/postinst.in Log: [svn-buildpackage] Tagging ca-certificates-java 20130815 Deleted: tags/ca-certificates-java/20130815/UpdateCertificatesTest.java =================================================================== --- trunk/ca-certificates-java/UpdateCertificatesTest.java 2013-08-13 21:42:16 UTC (rev 17144) +++ tags/ca-certificates-java/20130815/UpdateCertificatesTest.java 2013-08-15 12:46:11 UTC (rev 17146) @@ -1,221 +0,0 @@ -/* - * Copyright (C) 2012 Damien Raude-Morvan <[email protected]> - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - */ - -import java.io.File; -import java.io.IOException; -import java.security.GeneralSecurityException; - -import junit.framework.Assert; - -import org.junit.Before; -import org.junit.Test; - -/** - * Tests for {@link UpdateCertificates}. - * - * @author Damien Raude-Morvan - */ -public class UpdateCertificatesTest { - - private static final String ALIAS_CACERT = "debian:cacert.org.crt"; - private static final String INVALID_CACERT = "x/usr/share/ca-certificates/cacert.org/cacert.org.crt"; - private static final String REMOVE_CACERT = "-/usr/share/ca-certificates/cacert.org/cacert.org.crt"; - private static final String ADD_CACERT = "+/usr/share/ca-certificates/cacert.org/cacert.org.crt"; - - private String ksFilename = null; - private String ksPassword = null; - - @Before - public void start() { - this.ksFilename = "./tests-cacerts"; - this.ksPassword = "changeit"; - // Delete any previous file - File keystore = new File(this.ksFilename); - keystore.delete(); - } - - /** - * Test a simple open then write without any modification. - */ - @Test - public void testNoop() throws IOException, GeneralSecurityException, - Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.writeKeyStore(); - } - - /** - * Test a to open a keystore and write without any modification - * and then try to open it again with wrong password : will throw a - * InvalidKeystorePassword - */ - @Test - public void testWriteThenOpenWrongPwd() throws IOException, - GeneralSecurityException, Exceptions.UnableToSaveKeystore { - try { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.writeKeyStore(); - } catch (Exceptions.InvalidKeystorePassword e) { - Assert.fail(); - } - - try { - UpdateCertificates uc = new UpdateCertificates("wrongpassword", - this.ksFilename); - Assert.fail(); - uc.writeKeyStore(); - } catch (Exceptions.InvalidKeystorePassword e) { - Assert.assertEquals( - "Cannot open Java keystore. Is the password correct?", - e.getMessage()); - } - } - - /** - * Test a to open a keystore then remove its backing File (and replace it - * with a directory with the same name) and try to write in to disk : - * will throw an UnableToSaveKeystore - */ - @Test - public void testDeleteThenWrite() throws IOException, - GeneralSecurityException, Exceptions.InvalidKeystorePassword { - try { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - - // Replace actual file by a directory ! - File keystore = new File(this.ksFilename); - keystore.delete(); - keystore.mkdir(); - - // Will fail with some IOException - uc.writeKeyStore(); - Assert.fail(); - } catch (Exceptions.UnableToSaveKeystore e) { - Assert.assertEquals( - "There was a problem saving the new Java keystore.", - e.getMessage()); - } - } - - /** - * Try to send an invalid command ("x") in parseLine : throw UnknownInput - */ - @Test - public void testWrongCommand() throws IOException, - GeneralSecurityException, Exceptions.InvalidKeystorePassword { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - try { - uc.parseLine(INVALID_CACERT); - Assert.fail(); - } catch (Exceptions.UnknownInput e) { - Assert.assertEquals(INVALID_CACERT, e.getMessage()); - } - } - - /** - * Test to insert a valid certificate and then check if it's really in KS. - */ - @Test - public void testAdd() throws IOException, GeneralSecurityException, - Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, - Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine(ADD_CACERT); - uc.writeKeyStore(); - - Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); - } - - /** - * Test to insert a invalide certificate : no exception, but check there - * is no alias created with that name - */ - @Test - public void testAddInvalidCert() throws IOException, - GeneralSecurityException, Exceptions.UnknownInput, - Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine("+/usr/share/ca-certificates/null.crt"); - uc.writeKeyStore(); - - Assert.assertEquals(false, uc.contains("debian:null.crt")); - } - - /** - * Try to add same certificate multiple time : we replace it and - * there is only one alias. - */ - @Test - public void testReplace() throws IOException, GeneralSecurityException, - Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, - Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine(ADD_CACERT); - uc.parseLine(ADD_CACERT); - uc.writeKeyStore(); - - Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); - } - - /** - * Try to remove a non-existant certificate : it's a no-op. - */ - @Test - public void testRemove() throws IOException, GeneralSecurityException, - Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, - Exceptions.UnableToSaveKeystore { - UpdateCertificates uc = new UpdateCertificates(this.ksPassword, - this.ksFilename); - uc.parseLine(REMOVE_CACERT); - uc.writeKeyStore(); - - // We start with empty KS, so it shouldn't do anything - Assert.assertEquals(false, uc.contains(ALIAS_CACERT)); - } - - /** - * Try to add cert, write to disk, then open keystore again and remove. - */ - @Test - public void testAddThenRemove() throws IOException, - GeneralSecurityException, Exceptions.UnknownInput, - Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { - UpdateCertificates ucAdd = new UpdateCertificates(this.ksPassword, - this.ksFilename); - ucAdd.parseLine(ADD_CACERT); - ucAdd.writeKeyStore(); - - Assert.assertEquals(true, ucAdd.contains(ALIAS_CACERT)); - - UpdateCertificates ucRemove = new UpdateCertificates(this.ksPassword, - this.ksFilename); - ucRemove.parseLine(REMOVE_CACERT); - ucRemove.writeKeyStore(); - - Assert.assertEquals(false, ucRemove.contains(ALIAS_CACERT)); - } - -} Copied: tags/ca-certificates-java/20130815/UpdateCertificatesTest.java (from rev 17145, trunk/ca-certificates-java/UpdateCertificatesTest.java) =================================================================== --- tags/ca-certificates-java/20130815/UpdateCertificatesTest.java (rev 0) +++ tags/ca-certificates-java/20130815/UpdateCertificatesTest.java 2013-08-15 12:46:11 UTC (rev 17146) @@ -0,0 +1,221 @@ +/* + * Copyright (C) 2012 Damien Raude-Morvan <[email protected]> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + */ + +import java.io.File; +import java.io.IOException; +import java.security.GeneralSecurityException; + +import junit.framework.Assert; + +import org.junit.Before; +import org.junit.Test; + +/** + * Tests for {@link UpdateCertificates}. + * + * @author Damien Raude-Morvan + */ +public class UpdateCertificatesTest { + + private static final String ALIAS_CACERT = "debian:cacert.org_class3.crt"; + private static final String INVALID_CACERT = "x/usr/share/ca-certificates/cacert.org/cacert.org_class3.crt"; + private static final String REMOVE_CACERT = "-/usr/share/ca-certificates/cacert.org/cacert.org_class3.crt"; + private static final String ADD_CACERT = "+/usr/share/ca-certificates/cacert.org/cacert.org_class3.crt"; + + private String ksFilename = null; + private String ksPassword = null; + + @Before + public void start() { + this.ksFilename = "./tests-cacerts"; + this.ksPassword = "changeit"; + // Delete any previous file + File keystore = new File(this.ksFilename); + keystore.delete(); + } + + /** + * Test a simple open then write without any modification. + */ + @Test + public void testNoop() throws IOException, GeneralSecurityException, + Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.writeKeyStore(); + } + + /** + * Test a to open a keystore and write without any modification + * and then try to open it again with wrong password : will throw a + * InvalidKeystorePassword + */ + @Test + public void testWriteThenOpenWrongPwd() throws IOException, + GeneralSecurityException, Exceptions.UnableToSaveKeystore { + try { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.writeKeyStore(); + } catch (Exceptions.InvalidKeystorePassword e) { + Assert.fail(); + } + + try { + UpdateCertificates uc = new UpdateCertificates("wrongpassword", + this.ksFilename); + Assert.fail(); + uc.writeKeyStore(); + } catch (Exceptions.InvalidKeystorePassword e) { + Assert.assertEquals( + "Cannot open Java keystore. Is the password correct?", + e.getMessage()); + } + } + + /** + * Test a to open a keystore then remove its backing File (and replace it + * with a directory with the same name) and try to write in to disk : + * will throw an UnableToSaveKeystore + */ + @Test + public void testDeleteThenWrite() throws IOException, + GeneralSecurityException, Exceptions.InvalidKeystorePassword { + try { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + + // Replace actual file by a directory ! + File keystore = new File(this.ksFilename); + keystore.delete(); + keystore.mkdir(); + + // Will fail with some IOException + uc.writeKeyStore(); + Assert.fail(); + } catch (Exceptions.UnableToSaveKeystore e) { + Assert.assertEquals( + "There was a problem saving the new Java keystore.", + e.getMessage()); + } + } + + /** + * Try to send an invalid command ("x") in parseLine : throw UnknownInput + */ + @Test + public void testWrongCommand() throws IOException, + GeneralSecurityException, Exceptions.InvalidKeystorePassword { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + try { + uc.parseLine(INVALID_CACERT); + Assert.fail(); + } catch (Exceptions.UnknownInput e) { + Assert.assertEquals(INVALID_CACERT, e.getMessage()); + } + } + + /** + * Test to insert a valid certificate and then check if it's really in KS. + */ + @Test + public void testAdd() throws IOException, GeneralSecurityException, + Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, + Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine(ADD_CACERT); + uc.writeKeyStore(); + + Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); + } + + /** + * Test to insert a invalide certificate : no exception, but check there + * is no alias created with that name + */ + @Test + public void testAddInvalidCert() throws IOException, + GeneralSecurityException, Exceptions.UnknownInput, + Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine("+/usr/share/ca-certificates/null.crt"); + uc.writeKeyStore(); + + Assert.assertEquals(false, uc.contains("debian:null.crt")); + } + + /** + * Try to add same certificate multiple time : we replace it and + * there is only one alias. + */ + @Test + public void testReplace() throws IOException, GeneralSecurityException, + Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, + Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine(ADD_CACERT); + uc.parseLine(ADD_CACERT); + uc.writeKeyStore(); + + Assert.assertEquals(true, uc.contains(ALIAS_CACERT)); + } + + /** + * Try to remove a non-existant certificate : it's a no-op. + */ + @Test + public void testRemove() throws IOException, GeneralSecurityException, + Exceptions.UnknownInput, Exceptions.InvalidKeystorePassword, + Exceptions.UnableToSaveKeystore { + UpdateCertificates uc = new UpdateCertificates(this.ksPassword, + this.ksFilename); + uc.parseLine(REMOVE_CACERT); + uc.writeKeyStore(); + + // We start with empty KS, so it shouldn't do anything + Assert.assertEquals(false, uc.contains(ALIAS_CACERT)); + } + + /** + * Try to add cert, write to disk, then open keystore again and remove. + */ + @Test + public void testAddThenRemove() throws IOException, + GeneralSecurityException, Exceptions.UnknownInput, + Exceptions.InvalidKeystorePassword, Exceptions.UnableToSaveKeystore { + UpdateCertificates ucAdd = new UpdateCertificates(this.ksPassword, + this.ksFilename); + ucAdd.parseLine(ADD_CACERT); + ucAdd.writeKeyStore(); + + Assert.assertEquals(true, ucAdd.contains(ALIAS_CACERT)); + + UpdateCertificates ucRemove = new UpdateCertificates(this.ksPassword, + this.ksFilename); + ucRemove.parseLine(REMOVE_CACERT); + ucRemove.writeKeyStore(); + + Assert.assertEquals(false, ucRemove.contains(ALIAS_CACERT)); + } + +} Copied: tags/ca-certificates-java/20130815/debian/ca-certificates-java.triggers (from rev 17145, trunk/ca-certificates-java/debian/ca-certificates-java.triggers) =================================================================== --- tags/ca-certificates-java/20130815/debian/ca-certificates-java.triggers (rev 0) +++ tags/ca-certificates-java/20130815/debian/ca-certificates-java.triggers 2013-08-15 12:46:11 UTC (rev 17146) @@ -0,0 +1 @@ +activate update-ca-certificates Deleted: tags/ca-certificates-java/20130815/debian/changelog =================================================================== --- trunk/ca-certificates-java/debian/changelog 2013-08-13 21:42:16 UTC (rev 17144) +++ tags/ca-certificates-java/20130815/debian/changelog 2013-08-15 12:46:11 UTC (rev 17146) @@ -1,246 +0,0 @@ -ca-certificates-java (20120721) unstable; urgency=low - - * Fix jks-keystore and postinst to work on multi-arch system. - Use dpkg-query -L package:arch. (Closes: #680618). - * As libnss3-1d is a transitional package on both Debian and Ubuntu, - upgrade Depends to use libnss3. - - -- Damien Raude-Morvan <[email protected]> Sat, 21 Jul 2012 01:06:32 +0200 - -ca-certificates-java (20120608) unstable; urgency=low - - [ James Page ] - * Switch primary JRE dependency from openjdk-6 to openjdk-7 to support - demotion of openjdk-6 to universe in Ubuntu: - - d/control, rules: Generate primary JRE dependency at build time to - allow differentiation between Ubuntu and Debian. - * Added myself to uploaders. - - [ Damien Raude-Morvan ] - * Update to unstable. - * Set DMUA flag for James Page. - - -- James Page <[email protected]> Fri, 08 Jun 2012 09:44:58 +0100 - -ca-certificates-java (20120603) unstable; urgency=low - - * Use javahelper as buildsystem: - - d/control: Add Build-Depends on javahelper. - - d/rules: Use jh_build to call javac. - * Create a testsuite for this package: - - Refactor UpdateCertificates code to send exceptions instead of - System.exit(1). - - New testsuite: UpdateCertificatesTest. - - d/control: Build-Depends on junit4. - - d/rules: Launch junit after build and handle "nocheck" option in - DEB_BUILD_OPTIONS. - - -- Damien Raude-Morvan <[email protected]> Sun, 03 Jun 2012 12:10:26 +0200 - -ca-certificates-java (20120524) unstable; urgency=low - - [ Marc Deslauriers ] - * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around - since it is no longer needed. - * debian/postinst: don't put a symlink in / if jvm doesn't contain nss - configuration. (Closes: #665754, #665749). - * debian/postinst: force migration to new alias names again. The - migration was supposed to occur on upgrades to Oneiric, but failed - because of an NSS error. - * debian/postinst: forcibly remove diginotar cert. It could be left - behind under certain circumstances. (LP: #920758) - * debian/postinst: also look for jvm in multiarch locations (LP: #962378) - * debian/postinst: retrigger first_install to properly get cert store. - - [ James Page ] - * d/rules: Ensure java is built with source/target == 1.6 for backwards - compatibility with openjdk-6. - - [ Damien Raude-Morvan ] - * Sync handling of nss.cfg between debian/jks-keystore.hook.in and - debian/postinst.in. - * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). - * Improve handling of certificate with UTF-8 filenames: - - UpdateCertificates: Force read System.in with UTF-8 - - debian/postinst: Set LC_CTYPE to C.UTF-8 - - -- Damien Raude-Morvan <[email protected]> Tue, 22 May 2012 23:41:41 +0200 - -ca-certificates-java (20120225) unstable; urgency=low - - [ Steve Langasek ] - * debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d, - don't remove files from the filesystem in do_cleanup(), - since this has a nasty tendency of nuking system libraries. - LP: #855171. - * debian/preinst, debian/postinst: when upgrading from version - 20110912ubuntu1, disable the buggy hook script early to prevent it from - being run before our new version is configured; and re-enable the script - in the postinst. LP: #855246. - - [ Matthias Klose ] - * Mark as Multi-Arch: foreign. - * Adjust the libnss3-1d versioned dependency. - - [ Damien Raude-Morvan ] - * Add myself to Uploaders. - * Use dh_gencontrol and dpkg-vendor to allow: - - New substvar ${nss:Depends} for libnss3-1d versionning. - - New @NSS_LIB@ parameter for debian/*.in files. - * Bump Standards-Version to 3.9.3: - - Add recommended build-arch / build-indep targets. - - -- Damien Raude-Morvan <[email protected]> Sat, 25 Feb 2012 15:06:32 +0100 - -ca-certificates-java (20111223) unstable; urgency=low - - * Support new multiarch JRE packages in postinst. - - -- Torsten Werner <[email protected]> Fri, 23 Dec 2011 13:46:15 +0100 - -ca-certificates-java (20110912) unstable; urgency=low - - * Support new multiarch JRE packages in jks-keystore. (Closes: #641306) - * Support OpenJDK 7. (Closes: #641305) - - -- Torsten Werner <[email protected]> Mon, 12 Sep 2011 21:23:22 +0200 - -ca-certificates-java (20110816) unstable; urgency=low - - * Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch - changes. (Closes: #635571) - * Use the locale C.UTF-8 for the hook script to be more robust. - - -- Torsten Werner <[email protected]> Tue, 16 Aug 2011 11:00:33 +0200 - -ca-certificates-java (20110531) unstable; urgency=low - - * Prepare for multiarch libnss3 update. - - -- Matthias Klose <[email protected]> Tue, 31 May 2011 15:20:52 +0200 - -ca-certificates-java (20110426) unstable; urgency=low - - * Test for existing file in postinst before copying it. (Closes: #624152) - * Add Vcs headers to debian/control. - - -- Torsten Werner <[email protected]> Tue, 26 Apr 2011 09:23:03 +0200 - -ca-certificates-java (20110425) unstable; urgency=low - - * Add Java code to update the keystore and support UTF-8 encoded filenames. - (Closes: #607245, #623671) - * Change Maintainer to Debian Java Maintainers and add myself to Uploaders. - * Update Build-Depends. - * Replace old inconsistent keystore aliases. (Closes: #623888) - * Add support for openjdk-7 and remove support for old cacao VM. - * Add a NEWS file explaining the update. - * Update README.Debian. - - -- Torsten Werner <[email protected]> Mon, 25 Apr 2011 15:28:55 +0200 - -ca-certificates-java (20100412) unstable; urgency=low - - * Upload to unstable. - - -- Matthias Klose <[email protected]> Mon, 12 Apr 2010 03:15:47 +0200 - -ca-certificates-java (20100406ubuntu1) lucid; urgency=low - - * Make the installation and import of certificates more robust, - if the NSS based security provider is disabled or not built. - - -- Matthias Klose <[email protected]> Sun, 11 Apr 2010 20:54:43 +0200 - -ca-certificates-java (20100406) unstable; urgency=low - - * Explicitely fail the installation, if /proc is not mounted. - Currently required by the java tools, changed in OpenJDK7. - Closes: #576453. LP: #556044. - * Print name of JVM in case of errors. - * Set priority to optional, set section to java. Closes: #566855. - * Remove /etc/ssl/certs on package purge, if empty. Closes: #566853. - - -- Matthias Klose <[email protected]> Tue, 06 Apr 2010 21:41:39 +0200 - -ca-certificates-java (20091021) unstable; urgency=low - - * Clarify output for keytool errors (although it shouldnn't be - necessary anymore). Closes: #540490. - - -- Matthias Klose <[email protected]> Wed, 21 Oct 2009 22:00:53 +0200 - -ca-certificates-java (20090928) karmic; urgency=low - - * Rebuild with OpenJDK supporting PKCS11 cryptography, rebuild with - ca-certificates 20090814. - - -- Matthias Klose <[email protected]> Mon, 28 Sep 2009 16:47:09 +0200 - -ca-certificates-java (20090629) unstable; urgency=low - - * debian/rules, debian/postinst, debian/jks-keystore.hook: Filter out - SHA384withECDSA certificates since keytool won't support them. - LP: #392104, closes: #534520. - * Fix typo in hook. Closes: #534533. - * Use java6-runtime-headless as alternative dependency. Closes: #512293. - - -- Matthias Klose <[email protected]> Mon, 29 Jun 2009 11:27:59 +0200 - -ca-certificates-java (20081028) unstable; urgency=low - - * Ignore LANG and LC_ALL setting when running keytool. LP: #289934. - - -- Matthias Klose <[email protected]> Tue, 28 Oct 2008 07:20:16 +0100 - -ca-certificates-java (20081027) unstable; urgency=medium - - * Merge from Ubuntu: - - Don't try to import certificates, which are listed in - /etc/ca-certificates.conf, but not available on the system. - Just warn about those. LP: #289091. - - Need to run keytool, when the jre is unpacked, but not yet configured. - Create a temporary jvm.cfg for the time in that postinst and the - jks-keystore.hook are run, and remove it afterwards. LP: #289199. - - -- Matthias Klose <[email protected]> Mon, 27 Oct 2008 13:58:14 +0100 - -ca-certificates-java (20081024) unstable; urgency=low - - * Install /etc/default/cacerts with mode 600. - - -- Matthias Klose <[email protected]> Fri, 24 Oct 2008 15:10:48 +0200 - -ca-certificates-java (20081022) unstable; urgency=low - - * debian/jks-keystore.hook: - - Don't stop after first error during the update. LP: #244412. - Closes: #489748. - - Call keytool with -noprompt. - * On initial install, add locally added certificates. LP: #244410. - Closes: #489748. - * Install /etc/default/cacerts to set options: - - storepass, holding the password for the keystore. - - updates, to enable/disable updates of the keystore. - * Only use the keytool command from OpenJDK or Sun Java. Closes: #496587. - - -- Matthias Klose <[email protected]> Wed, 22 Oct 2008 20:51:24 +0200 - -ca-certificates-java (20080712) unstable; urgency=low - - * Upload to main. - - -- Matthias Klose <[email protected]> Sat, 12 Jul 2008 12:19:00 +0200 - -ca-certificates-java (20080711) unstable; urgency=low - - * debian/jks-keystore.hook: Fix typo. Closes: #489747, LP: #244408. - - -- Matthias Klose <[email protected]> Fri, 11 Jul 2008 20:38:04 +0200 - -ca-certificates-java (20080514) unstable; urgency=low - - * Initial release. - - -- Matthias Klose <[email protected]> Mon, 02 Jun 2008 14:52:46 +0000 - Copied: tags/ca-certificates-java/20130815/debian/changelog (from rev 17145, trunk/ca-certificates-java/debian/changelog) =================================================================== --- tags/ca-certificates-java/20130815/debian/changelog (rev 0) +++ tags/ca-certificates-java/20130815/debian/changelog 2013-08-15 12:46:11 UTC (rev 17146) @@ -0,0 +1,281 @@ +ca-certificates-java (20130815) unstable; urgency=low + + * Acknowledge NMU done by Don Armstrong and Andreas Beckmann. + * Fix tests to works with new cacert certificates names (Closes: + #713138). + * d/control: Use canonical value for Vcs-* fields. + * d/control: Remove deprecated DMUA flag. + * d/control: Bump Standards-Version to 3.9.4 (no changes needed). + + -- Damien Raude-Morvan <[email protected]> Thu, 15 Aug 2013 13:52:46 +0200 + +ca-certificates-java (20121112+nmu2) unstable; urgency=medium + + * Non-maintainer upload. + * postinst, jks-keystore.hook: Do not fail if nss.cfg does not (yet) exist, + i.e. if openjdk-?-jre-headless is unpacked but not yet configured. + (Closes: #694888) + * Set urgency to medium for RC bugfix. + + -- Andreas Beckmann <[email protected]> Sun, 27 Jan 2013 14:19:41 +0100 + +ca-certificates-java (20121112+nmu1) unstable; urgency=low + + * Non-maintainer upload + * Fix test for dpkg-query in postinst; there was an extraneous --version + here. [Probably don't even need to bother to check for dpkg-query, but + why not.] (Closes: #690204) + * Library path for softokn3pkg and nsspkg is potentially wrong if there + are multiple different paths; fix it. + * Do not run the hook if ca-certificates-java has been removed but not + purged. + * Use the new trigger support provided by ca-certificates (>=20121114). + + -- Don Armstrong <[email protected]> Mon, 12 Nov 2012 15:45:50 -0800 + +ca-certificates-java (20120721) unstable; urgency=low + + * Fix jks-keystore and postinst to work on multi-arch system. + Use dpkg-query -L package:arch. (Closes: #680618). + * As libnss3-1d is a transitional package on both Debian and Ubuntu, + upgrade Depends to use libnss3. + + -- Damien Raude-Morvan <[email protected]> Sat, 21 Jul 2012 01:06:32 +0200 + +ca-certificates-java (20120608) unstable; urgency=low + + [ James Page ] + * Switch primary JRE dependency from openjdk-6 to openjdk-7 to support + demotion of openjdk-6 to universe in Ubuntu: + - d/control, rules: Generate primary JRE dependency at build time to + allow differentiation between Ubuntu and Debian. + * Added myself to uploaders. + + [ Damien Raude-Morvan ] + * Update to unstable. + * Set DMUA flag for James Page. + + -- James Page <[email protected]> Fri, 08 Jun 2012 09:44:58 +0100 + +ca-certificates-java (20120603) unstable; urgency=low + + * Use javahelper as buildsystem: + - d/control: Add Build-Depends on javahelper. + - d/rules: Use jh_build to call javac. + * Create a testsuite for this package: + - Refactor UpdateCertificates code to send exceptions instead of + System.exit(1). + - New testsuite: UpdateCertificatesTest. + - d/control: Build-Depends on junit4. + - d/rules: Launch junit after build and handle "nocheck" option in + DEB_BUILD_OPTIONS. + + -- Damien Raude-Morvan <[email protected]> Sun, 03 Jun 2012 12:10:26 +0200 + +ca-certificates-java (20120524) unstable; urgency=low + + [ Marc Deslauriers ] + * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around + since it is no longer needed. + * debian/postinst: don't put a symlink in / if jvm doesn't contain nss + configuration. (Closes: #665754, #665749). + * debian/postinst: force migration to new alias names again. The + migration was supposed to occur on upgrades to Oneiric, but failed + because of an NSS error. + * debian/postinst: forcibly remove diginotar cert. It could be left + behind under certain circumstances. (LP: #920758) + * debian/postinst: also look for jvm in multiarch locations (LP: #962378) + * debian/postinst: retrigger first_install to properly get cert store. + + [ James Page ] + * d/rules: Ensure java is built with source/target == 1.6 for backwards + compatibility with openjdk-6. + + [ Damien Raude-Morvan ] + * Sync handling of nss.cfg between debian/jks-keystore.hook.in and + debian/postinst.in. + * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). + * Improve handling of certificate with UTF-8 filenames: + - UpdateCertificates: Force read System.in with UTF-8 + - debian/postinst: Set LC_CTYPE to C.UTF-8 + + -- Damien Raude-Morvan <[email protected]> Tue, 22 May 2012 23:41:41 +0200 + +ca-certificates-java (20120225) unstable; urgency=low + + [ Steve Langasek ] + * debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d, + don't remove files from the filesystem in do_cleanup(), + since this has a nasty tendency of nuking system libraries. + LP: #855171. + * debian/preinst, debian/postinst: when upgrading from version + 20110912ubuntu1, disable the buggy hook script early to prevent it from + being run before our new version is configured; and re-enable the script + in the postinst. LP: #855246. + + [ Matthias Klose ] + * Mark as Multi-Arch: foreign. + * Adjust the libnss3-1d versioned dependency. + + [ Damien Raude-Morvan ] + * Add myself to Uploaders. + * Use dh_gencontrol and dpkg-vendor to allow: + - New substvar ${nss:Depends} for libnss3-1d versionning. + - New @NSS_LIB@ parameter for debian/*.in files. + * Bump Standards-Version to 3.9.3: + - Add recommended build-arch / build-indep targets. + + -- Damien Raude-Morvan <[email protected]> Sat, 25 Feb 2012 15:06:32 +0100 + +ca-certificates-java (20111223) unstable; urgency=low + + * Support new multiarch JRE packages in postinst. + + -- Torsten Werner <[email protected]> Fri, 23 Dec 2011 13:46:15 +0100 + +ca-certificates-java (20110912) unstable; urgency=low + + * Support new multiarch JRE packages in jks-keystore. (Closes: #641306) + * Support OpenJDK 7. (Closes: #641305) + + -- Torsten Werner <[email protected]> Mon, 12 Sep 2011 21:23:22 +0200 + +ca-certificates-java (20110816) unstable; urgency=low + + * Upgrade Recommends: libnss3-1d to a versioned Depends due to multiarch + changes. (Closes: #635571) + * Use the locale C.UTF-8 for the hook script to be more robust. + + -- Torsten Werner <[email protected]> Tue, 16 Aug 2011 11:00:33 +0200 + +ca-certificates-java (20110531) unstable; urgency=low + + * Prepare for multiarch libnss3 update. + + -- Matthias Klose <[email protected]> Tue, 31 May 2011 15:20:52 +0200 + +ca-certificates-java (20110426) unstable; urgency=low + + * Test for existing file in postinst before copying it. (Closes: #624152) + * Add Vcs headers to debian/control. + + -- Torsten Werner <[email protected]> Tue, 26 Apr 2011 09:23:03 +0200 + +ca-certificates-java (20110425) unstable; urgency=low + + * Add Java code to update the keystore and support UTF-8 encoded filenames. + (Closes: #607245, #623671) + * Change Maintainer to Debian Java Maintainers and add myself to Uploaders. + * Update Build-Depends. + * Replace old inconsistent keystore aliases. (Closes: #623888) + * Add support for openjdk-7 and remove support for old cacao VM. + * Add a NEWS file explaining the update. + * Update README.Debian. + + -- Torsten Werner <[email protected]> Mon, 25 Apr 2011 15:28:55 +0200 + +ca-certificates-java (20100412) unstable; urgency=low + + * Upload to unstable. + + -- Matthias Klose <[email protected]> Mon, 12 Apr 2010 03:15:47 +0200 + +ca-certificates-java (20100406ubuntu1) lucid; urgency=low + + * Make the installation and import of certificates more robust, + if the NSS based security provider is disabled or not built. + + -- Matthias Klose <[email protected]> Sun, 11 Apr 2010 20:54:43 +0200 + +ca-certificates-java (20100406) unstable; urgency=low + + * Explicitely fail the installation, if /proc is not mounted. + Currently required by the java tools, changed in OpenJDK7. + Closes: #576453. LP: #556044. + * Print name of JVM in case of errors. + * Set priority to optional, set section to java. Closes: #566855. + * Remove /etc/ssl/certs on package purge, if empty. Closes: #566853. + + -- Matthias Klose <[email protected]> Tue, 06 Apr 2010 21:41:39 +0200 + +ca-certificates-java (20091021) unstable; urgency=low + + * Clarify output for keytool errors (although it shouldnn't be + necessary anymore). Closes: #540490. + + -- Matthias Klose <[email protected]> Wed, 21 Oct 2009 22:00:53 +0200 + +ca-certificates-java (20090928) karmic; urgency=low + + * Rebuild with OpenJDK supporting PKCS11 cryptography, rebuild with + ca-certificates 20090814. + + -- Matthias Klose <[email protected]> Mon, 28 Sep 2009 16:47:09 +0200 + +ca-certificates-java (20090629) unstable; urgency=low + + * debian/rules, debian/postinst, debian/jks-keystore.hook: Filter out + SHA384withECDSA certificates since keytool won't support them. + LP: #392104, closes: #534520. + * Fix typo in hook. Closes: #534533. + * Use java6-runtime-headless as alternative dependency. Closes: #512293. + + -- Matthias Klose <[email protected]> Mon, 29 Jun 2009 11:27:59 +0200 + +ca-certificates-java (20081028) unstable; urgency=low + + * Ignore LANG and LC_ALL setting when running keytool. LP: #289934. + + -- Matthias Klose <[email protected]> Tue, 28 Oct 2008 07:20:16 +0100 + +ca-certificates-java (20081027) unstable; urgency=medium + + * Merge from Ubuntu: + - Don't try to import certificates, which are listed in + /etc/ca-certificates.conf, but not available on the system. + Just warn about those. LP: #289091. + - Need to run keytool, when the jre is unpacked, but not yet configured. + Create a temporary jvm.cfg for the time in that postinst and the + jks-keystore.hook are run, and remove it afterwards. LP: #289199. + + -- Matthias Klose <[email protected]> Mon, 27 Oct 2008 13:58:14 +0100 + +ca-certificates-java (20081024) unstable; urgency=low + + * Install /etc/default/cacerts with mode 600. + + -- Matthias Klose <[email protected]> Fri, 24 Oct 2008 15:10:48 +0200 + +ca-certificates-java (20081022) unstable; urgency=low + + * debian/jks-keystore.hook: + - Don't stop after first error during the update. LP: #244412. + Closes: #489748. + - Call keytool with -noprompt. + * On initial install, add locally added certificates. LP: #244410. + Closes: #489748. + * Install /etc/default/cacerts to set options: + - storepass, holding the password for the keystore. + - updates, to enable/disable updates of the keystore. + * Only use the keytool command from OpenJDK or Sun Java. Closes: #496587. + + -- Matthias Klose <[email protected]> Wed, 22 Oct 2008 20:51:24 +0200 + +ca-certificates-java (20080712) unstable; urgency=low + + * Upload to main. + + -- Matthias Klose <[email protected]> Sat, 12 Jul 2008 12:19:00 +0200 + +ca-certificates-java (20080711) unstable; urgency=low + + * debian/jks-keystore.hook: Fix typo. Closes: #489747, LP: #244408. + + -- Matthias Klose <[email protected]> Fri, 11 Jul 2008 20:38:04 +0200 + +ca-certificates-java (20080514) unstable; urgency=low + + * Initial release. + + -- Matthias Klose <[email protected]> Mon, 02 Jun 2008 14:52:46 +0000 + Deleted: tags/ca-certificates-java/20130815/debian/control =================================================================== --- trunk/ca-certificates-java/debian/control 2013-08-13 21:42:16 UTC (rev 17144) +++ tags/ca-certificates-java/20130815/debian/control 2013-08-15 12:46:11 UTC (rev 17146) @@ -1,25 +0,0 @@ -Source: ca-certificates-java -Section: java -Priority: optional -Maintainer: Debian Java Maintainers <[email protected]> -Uploaders: Matthias Klose <[email protected]>, - Torsten Werner <[email protected]>, - Damien Raude-Morvan <[email protected]>, - James Page <[email protected]> -Build-Depends: debhelper (>= 6), default-jdk, javahelper, junit4 -Standards-Version: 3.9.3 -DM-Upload-Allowed: yes -Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/ca-certificates-java -Vcs-Browser: http://svn.debian.org/wsvn/pkg-java/trunk/ca-certificates-java/ - -Package: ca-certificates-java -Architecture: all -Multi-Arch: foreign -Depends: ca-certificates (>= 20090814), - ${jre:Depends} | java6-runtime-headless, - ${misc:Depends}, - ${nss:Depends} -# We need a versioned Depends due to multiarch changes (bug #635571). -Description: Common CA certificates (JKS keystore) - This package uses the hooks of the ca-certificates package to update the - cacerts JKS keystore used for many java runtimes. Copied: tags/ca-certificates-java/20130815/debian/control (from rev 17145, trunk/ca-certificates-java/debian/control) =================================================================== --- tags/ca-certificates-java/20130815/debian/control (rev 0) +++ tags/ca-certificates-java/20130815/debian/control 2013-08-15 12:46:11 UTC (rev 17146) @@ -0,0 +1,24 @@ +Source: ca-certificates-java +Section: java +Priority: optional +Maintainer: Debian Java Maintainers <[email protected]> +Uploaders: Matthias Klose <[email protected]>, + Torsten Werner <[email protected]>, + Damien Raude-Morvan <[email protected]>, + James Page <[email protected]> +Build-Depends: debhelper (>= 6), default-jdk, javahelper, junit4 +Standards-Version: 3.9.4 +Vcs-Svn: svn://anonscm.debian.org/pkg-java/trunk/ca-certificates-java +Vcs-Browser: http://anonscm.debian.org/viewvc/pkg-java/trunk/ca-certificates-java/ + +Package: ca-certificates-java +Architecture: all +Multi-Arch: foreign +Depends: ca-certificates (>= 20121114), + ${jre:Depends} | java6-runtime-headless, + ${misc:Depends}, + ${nss:Depends} +# We need a versioned Depends due to multiarch changes (bug #635571). +Description: Common CA certificates (JKS keystore) + This package uses the hooks of the ca-certificates package to update the + cacerts JKS keystore used for many java runtimes. Deleted: tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in =================================================================== --- trunk/ca-certificates-java/debian/jks-keystore.hook.in 2013-08-13 21:42:16 UTC (rev 17144) +++ tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in 2013-08-15 12:46:11 UTC (rev 17146) @@ -1,88 +0,0 @@ -#!/bin/sh - -set -e - -# use the locale C.UTF-8 -unset LC_ALL -LC_CTYPE=C.UTF-8 -export LC_CTYPE - -storepass='changeit' -if [ -f /etc/default/cacerts ]; then - . /etc/default/cacerts -fi - -arch=`dpkg --print-architecture` -JAR=/usr/share/ca-certificates-java/ca-certificates-java.jar - -nsslib_name() -{ - if dpkg --assert-multi-arch 2>/dev/null; then - echo "@NSS_LIB@:${arch}" - else - echo "@NSS_LIB@" - fi -} - -echo "" -if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then - echo "updates of cacerts keystore disabled." - exit 0 -fi - -if ! mountpoint -q /proc; then - echo >&2 "the keytool command requires a mounted proc fs (/proc)." - exit 1 -fi - -for jvm in java-6-openjdk-$arch java-6-openjdk \ - java-7-openjdk-$arch java-7-openjdk java-6-sun; do -if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - break -fi -done -export JAVA_HOME=/usr/lib/jvm/$jvm -PATH=$JAVA_HOME/bin:$PATH - -temp_jvm_cfg= -if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then - # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg - mkdir -p /etc/${jvm%-$arch} - printf -- "-server KNOWN\n" > $temp_jvm_cfg -fi - -if dpkg-query --version >/dev/null; then - nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p') - nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg) - if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then - ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so - fi - softokn3pkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p') - if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] && [ "$softokn3pkg" != "$nssjdk" ]; then - ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/libsoftokn3.so - fi -fi - -do_cleanup() -{ - [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg - if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] - then - rm -f $nssjdk/libnss3.so - fi - if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \ - && [ "$softokn3pkg" != "$nssjdk" ] - then - rm -f $nssjdk/libsoftokn3.so - fi -} - -if java -jar $JAR -storepass "$storepass"; then - do_cleanup -else - do_cleanup - exit 1 -fi - -echo "done." Copied: tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in (from rev 17145, trunk/ca-certificates-java/debian/jks-keystore.hook.in) =================================================================== --- tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in (rev 0) +++ tags/ca-certificates-java/20130815/debian/jks-keystore.hook.in 2013-08-15 12:46:11 UTC (rev 17146) @@ -0,0 +1,89 @@ +#!/bin/sh + +set -e + +# use the locale C.UTF-8 +unset LC_ALL +LC_CTYPE=C.UTF-8 +export LC_CTYPE + +storepass='changeit' +if [ -f /etc/default/cacerts ]; then + . /etc/default/cacerts +fi + +arch=`dpkg --print-architecture` +JAR=/usr/share/ca-certificates-java/ca-certificates-java.jar + +nsslib_name() +{ + if dpkg --assert-multi-arch 2>/dev/null; then + echo "@NSS_LIB@:${arch}" + else + echo "@NSS_LIB@" + fi +} + +echo "" +if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ] || [ ! -e $JAR ]; then + echo "updates of cacerts keystore disabled." + exit 0 +fi + +if ! mountpoint -q /proc; then + echo >&2 "the keytool command requires a mounted proc fs (/proc)." + exit 1 +fi + +for jvm in java-6-openjdk-$arch java-6-openjdk \ + java-7-openjdk-$arch java-7-openjdk java-6-sun; do +if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + break +fi +done +export JAVA_HOME=/usr/lib/jvm/$jvm +PATH=$JAVA_HOME/bin:$PATH + +temp_jvm_cfg= +if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then + # the jre is not yet configured, but jvm.cfg is needed to run it + temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg + mkdir -p /etc/${jvm%-$arch} + printf -- "-server KNOWN\n" > $temp_jvm_cfg +fi + +if dpkg-query --version >/dev/null; then + nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1) + nsscfg=/etc/${jvm%-$arch}/security/nss.cfg + nssjdk=$(test ! -f $nsscfg || sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $nsscfg) + if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then + ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so + fi + softokn3pkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p'|head -n 1) + if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] && [ "$softokn3pkg" != "$nssjdk" ]; then + ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/libsoftokn3.so + fi +fi + +do_cleanup() +{ + [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg + if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] + then + rm -f $nssjdk/libnss3.so + fi + if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \ + && [ "$softokn3pkg" != "$nssjdk" ] + then + rm -f $nssjdk/libsoftokn3.so + fi +} + +if java -jar $JAR -storepass "$storepass"; then + do_cleanup +else + do_cleanup + exit 1 +fi + +echo "done." Deleted: tags/ca-certificates-java/20130815/debian/postinst.in =================================================================== --- trunk/ca-certificates-java/debian/postinst.in 2013-08-13 21:42:16 UTC (rev 17144) +++ tags/ca-certificates-java/20130815/debian/postinst.in 2013-08-15 12:46:11 UTC (rev 17146) @@ -1,125 +0,0 @@ -#!/bin/bash - -set -e - -# use the locale C.UTF-8 -unset LC_ALL -LC_CTYPE=C.UTF-8 -export LC_CTYPE - -storepass='changeit' -if [ -f /etc/default/cacerts ]; then - . /etc/default/cacerts -fi - -arch=`dpkg --print-architecture` -JAR=/usr/share/ca-certificates-java/ca-certificates-java.jar - -nsslib_name() -{ - if dpkg --assert-multi-arch 2>/dev/null; then - echo "@NSS_LIB@:${arch}" - else - echo "@NSS_LIB@" - fi -} - -setup_path() -{ - for jvm in java-6-openjdk-$arch java-6-openjdk \ - java-7-openjdk-$arch java-7-openjdk java-6-sun; do - if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - break - fi - done - export JAVA_HOME=/usr/lib/jvm/$jvm - PATH=$JAVA_HOME/bin:$PATH -} - -first_install() -{ - if which dpkg-query --version >/dev/null; then - nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p') - nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg) - if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then - ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so - fi - fi - - # Forcibly remove diginotar cert (LP: #920758) - if [ -n "$FIXOLD" ]; then - echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \ - java -jar $JAR -storepass "$storepass" - fi - - find /etc/ssl/certs -name \*.pem | \ - while read filename; do - alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _) - alias=${alias%*_} - if [ -n "$FIXOLD" ]; then - echo "-${alias}" - echo "-${alias}_pem" - fi - echo "+${filename}" - done | \ - java -jar $JAR -storepass "$storepass" - echo "done." -} - -do_cleanup() -{ - [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg - if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] - then - rm -f $nssjdk/libnss3.so - fi -} - -case "$1" in - configure) - if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then - FIXOLD="true" - if [ -e /etc/ssl/certs/java/cacerts ]; then - cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old - fi - fi - if [ -z "$2" -o -n "$FIXOLD" ]; then - setup_path - - if ! mountpoint -q /proc; then - echo >&2 "the keytool command requires a mounted proc fs (/proc)." - exit 1 - fi - - temp_jvm_cfg= - if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then - # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg - mkdir -p /etc/${jvm%-$arch} - printf -- "-server KNOWN\n" > $temp_jvm_cfg - fi - - if first_install; then - do_cleanup - else - do_cleanup - exit 1 - fi - fi - chmod 600 /etc/default/cacerts || true - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 - - Copied: tags/ca-certificates-java/20130815/debian/postinst.in (from rev 17145, trunk/ca-certificates-java/debian/postinst.in) =================================================================== --- tags/ca-certificates-java/20130815/debian/postinst.in (rev 0) +++ tags/ca-certificates-java/20130815/debian/postinst.in 2013-08-15 12:46:11 UTC (rev 17146) @@ -0,0 +1,126 @@ +#!/bin/bash + +set -e + +# use the locale C.UTF-8 +unset LC_ALL +LC_CTYPE=C.UTF-8 +export LC_CTYPE + +storepass='changeit' +if [ -f /etc/default/cacerts ]; then + . /etc/default/cacerts +fi + +arch=`dpkg --print-architecture` +JAR=/usr/share/ca-certificates-java/ca-certificates-java.jar + +nsslib_name() +{ + if dpkg --assert-multi-arch 2>/dev/null; then + echo "@NSS_LIB@:${arch}" + else + echo "@NSS_LIB@" + fi +} + +setup_path() +{ + for jvm in java-6-openjdk-$arch java-6-openjdk \ + java-7-openjdk-$arch java-7-openjdk java-6-sun; do + if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + break + fi + done + export JAVA_HOME=/usr/lib/jvm/$jvm + PATH=$JAVA_HOME/bin:$PATH +} + +first_install() +{ + if which dpkg-query >/dev/null; then + nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1) + nsscfg=/etc/${jvm%-$arch}/security/nss.cfg + nssjdk=$(test ! -f $nsscfg || sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $nsscfg) + if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then + ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so + fi + fi + + # Forcibly remove diginotar cert (LP: #920758) + if [ -n "$FIXOLD" ]; then + echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \ + java -jar $JAR -storepass "$storepass" + fi + + find /etc/ssl/certs -name \*.pem | \ + while read filename; do + alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _) + alias=${alias%*_} + if [ -n "$FIXOLD" ]; then + echo "-${alias}" + echo "-${alias}_pem" + fi + echo "+${filename}" + done | \ + java -jar $JAR -storepass "$storepass" + echo "done." +} + +do_cleanup() +{ + [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg + if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] + then + rm -f $nssjdk/libnss3.so + fi +} + +case "$1" in + configure) + if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then + FIXOLD="true" + if [ -e /etc/ssl/certs/java/cacerts ]; then + cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old + fi + fi + if [ -z "$2" -o -n "$FIXOLD" ]; then + setup_path + + if ! mountpoint -q /proc; then + echo >&2 "the keytool command requires a mounted proc fs (/proc)." + exit 1 + fi + + temp_jvm_cfg= + if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then + # the jre is not yet configured, but jvm.cfg is needed to run it + temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg + mkdir -p /etc/${jvm%-$arch} + printf -- "-server KNOWN\n" > $temp_jvm_cfg + fi + + if first_install; then + do_cleanup + else + do_cleanup + exit 1 + fi + fi + chmod 600 /etc/default/cacerts || true + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + + _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
