This is an automated email from the git hooks/post-receive script. ebourg-guest pushed a commit to branch master in repository ca-certificates-java.
commit bf3f9c96fcbc7e59edf462a40860443b1561de9b Author: Torsten Werner <[email protected]> Date: Sun Apr 24 23:18:33 2011 +0000 Replace old inconsistent keystore aliases. (Closes: #623888) --- debian/changelog | 3 ++- debian/postinst | 80 +++++++++++++------------------------------------------- 2 files changed, 20 insertions(+), 63 deletions(-) diff --git a/debian/changelog b/debian/changelog index ab2066b..c76e608 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,8 +4,9 @@ ca-certificates-java (20110425) unstable; urgency=low * Add Java code to update the keystore. (Closes: #623671) * Change Maintainer to Debian Java Maintainers and add myself to Uploaders. * Update Build-Depends. + * Replace old inconsistent keystore aliases. (Closes: #623888) - -- Torsten Werner <[email protected]> Mon, 25 Apr 2011 00:29:23 +0200 + -- Torsten Werner <[email protected]> Mon, 25 Apr 2011 01:17:00 +0200 ca-certificates-java (20100412) unstable; urgency=low diff --git a/debian/postinst b/debian/postinst index 5261208..7cb7d52 100644 --- a/debian/postinst +++ b/debian/postinst @@ -2,8 +2,6 @@ set -e -KEYSTORE=/etc/ssl/certs/java/cacerts - storepass='changeit' if [ -f /etc/default/cacerts ]; then . /etc/default/cacerts @@ -11,8 +9,8 @@ fi setup_path() { - for jvm in java-6-openjdk java-6-sun; do - if [ -x /usr/lib/jvm/$jvm/bin/keytool ]; then + for jvm in java-6-openjdk java-7-openjdk java-6-sun; do + if [ -x /usr/lib/jvm/$jvm/bin/java ]; then break fi done @@ -22,64 +20,17 @@ setup_path() first_install() { - cacertdir=/usr/share/ca-certificates - log=$(tempfile) - - # aliases of pregenerated files - pregenerated=$(tempfile) - LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \ - | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \ - | sort > $pregenerated - - grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \ - errors=0 - while read line; do - pem=${line#!*} - alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _) + find /etc/ssl/certs -name \*.pem | \ + while read filename; do + alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _) alias=${alias%*_} - case "$line" in - !*) - # remove untrusted certificate - if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \ - -storepass "$storepass" -alias "$alias" >/dev/null - then - echo " removed untrusted certificate $pem" - else - # not (anymore) in keystore - : - fi;; - *) - # add certificate not yet in keystore - if [ ! -f "$cacertdir/$pem" ]; then - echo >&2 "warning: /etc/ca-certificates.conf lists $pem," - echo >&2 "warning: but $cacertdir/$pem does not exist." - continue - fi - if ! grep -q "^${alias}$" $pregenerated; then - if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \ - -noprompt -storepass "$storepass" \ - -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1 - then - echo " added certificate $pem" - elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \ - -providerClass sun.security.pkcs11.SunPKCS11 \ - -providerArg '${java.home}/lib/security/nss.cfg' \ - -noprompt -storepass "$storepass" \ - -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1 - then - echo " added certificate $pem (using NSS provider)" - elif grep -q 'Signature not available' $log; then - echo " ignored import, signature not available: ${line#+*}" - sed -e 's/^/ -> /' $log - else - echo >&2 " error adding ${line#+*}" - errors=$(expr $errors + 1) - fi - fi - esac - done - rm -f $log - rm -f $pregenerated + if [ -n "$FIXOLD" ]; then + echo "-${alias}" + echo "-${alias}_pem" + fi + echo "+${filename}" + done | \ + java UpdateCertificates -storepass "$storepass" if [ $errors -gt 0 ]; then echo >&2 "failed (VM used: $jvm)." [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg @@ -91,9 +42,14 @@ first_install() case "$1" in configure) - if [ -z "$2" ]; then + if dpkg --compare-versions "$2" le "20100412"; then + FIXOLD="true" + cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old + fi + if [ -z "$2" -o -n "$FIXOLD" ]; then setup_path + # TODO: check if we really need it if ! mountpoint -q /proc; then echo >&2 "the keytool command requires a mounted proc fs (/proc)." exit 1 -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/ca-certificates-java.git _______________________________________________ pkg-java-commits mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits
