Your message dated Mon, 07 Nov 2016 13:03:49 +0000
with message-id <e1c3jax-0004ki...@fasolo.debian.org>
and subject line Bug#822201: fixed in ca-certificates-java 20161107
has caused the Debian Bug report #822201,
regarding ca-certificates-java: postinst and trigger should fail if no known
jvm is found
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
822201: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822201
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: ca-certificates-java
Version: 20160321
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
the setup_path routine in ca-certificates-java.postinst does not take
into account that it might not find a known jre.
In that case $jvm and $JAVA_HOME will be invalid.
This usually happens if a new package starts providing java7-runtime-headless.
I simulated this in a minimal chroot by creating a java7-runtime-headless
package with equivs and installing it (but installing no other jre).
Thereafter installing ca-certificates-java results in:
# apt-get install ca-certificates-java
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libnspr4 libnss3
The following NEW packages will be installed:
ca-certificates-java libnspr4 libnss3
0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/1286 kB of archives.
After this operation, 4204 kB of additional disk space will be used.
Do you want to continue? [Y/n]
debconf: unable to initialize frontend: Dialog
debconf: (No usable dialog-like program is installed, so the dialog based
frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line
76, <> line 3.)
debconf: falling back to frontend: Readline
Selecting previously unselected package libnspr4:amd64.
(Reading database ... 16913 files and directories currently installed.)
Preparing to unpack .../libnspr4_2%3a4.12-2_amd64.deb ...
Unpacking libnspr4:amd64 (2:4.12-2) ...
Selecting previously unselected package libnss3:amd64.
Preparing to unpack .../libnss3_2%3a3.23-2_amd64.deb ...
Unpacking libnss3:amd64 (2:3.23-2) ...
Selecting previously unselected package ca-certificates-java.
Preparing to unpack .../ca-certificates-java_20160321_all.deb ...
Unpacking ca-certificates-java (20160321) ...
Processing triggers for libc-bin (2.22-6) ...
Processing triggers for ca-certificates (20160104) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.
Setting up libnspr4:amd64 (2:4.12-2) ...
Setting up libnss3:amd64 (2:3.23-2) ...
Setting up ca-certificates-java (20160321) ...
/var/lib/dpkg/info/ca-certificates-java.postinst: line 57: java: command not
found
/var/lib/dpkg/info/ca-certificates-java.postinst: line 70: java: command not
found
done.
Processing triggers for libc-bin (2.22-6) ...
Processing triggers for ca-certificates (20160104) ...
Updating certificates in /etc/ssl/certs...
0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
/etc/ca-certificates/update.d/jks-keystore: 86:
/etc/ca-certificates/update.d/jks-keystore: java: not found
E: /etc/ca-certificates/update.d/jks-keystore exited with code 1.
done.
# echo $?
0
Postinst and trigger spew a lot of errors, no java keystore has been
created/updated, but apt-get finished successfully.
I assume that ca-certificates-java is *not correctly installed* in
this situation and will cause failures in packages that Depend on it
and actually do use it. Thus the Severity: serious.
I noticed this problem in a piuparts log where ca-certificates-java (20140324)
was installed along openjdk-8-jre-headless:amd64 (8u72-b15-2), producing the
same
'java: command not found' errors. The piuparts test finished successfully, that
logfile is attached.
equivs was just an easy way to reproduce it with current ca-certificates-java.
Current ca-certificates-java knows about openjdk-{7,8,9} and the oracle
equivalents, but there will probably be a -10 in the future (or some
vendor might provide yet another implementation of java7-runtime-headless
in yet another path ... /usr/lib/jvm/vendor-java-42-yet-another-jre).
Andreas
libeasymock-java_3.3.1+ds-3.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---
Source: ca-certificates-java
Source-Version: 20161107
We believe that the bug you reported is fixed in the latest version of
ca-certificates-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 822...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Benjamin Drung <benjamin.dr...@profitbricks.com> (supplier of updated
ca-certificates-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 07 Nov 2016 13:45:23 +0100
Source: ca-certificates-java
Binary: ca-certificates-java
Architecture: source
Version: 20161107
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Benjamin Drung <benjamin.dr...@profitbricks.com>
Description:
ca-certificates-java - Common CA certificates (JKS keystore)
Closes: 822201
Changes:
ca-certificates-java (20161107) unstable; urgency=medium
.
* Team upload.
* postinst: Use exit trap instead of if condition to not fail silently
(e.g. in case the java binary is not found) (Closes: #822201)
* Bump Standards-Version to 3.9.8 (no changes)
Checksums-Sha1:
bc347f95d1557307fe8d75e2e839ee7a58723e11 1843 ca-certificates-java_20161107.dsc
2a299deb4b6e5651d13454894d8d93dddeb08df4 15964
ca-certificates-java_20161107.tar.xz
Checksums-Sha256:
ed71bb743d1a3d362b352feed1f5f802a5b906134f7ca91f5f86ab40ed397ca7 1843
ca-certificates-java_20161107.dsc
e62fac18522012dc3c5cc37b310c16568c5bd909049e3a73ce2b487f2407d698 15964
ca-certificates-java_20161107.tar.xz
Files:
67c0552d96b81241b64582fdc579dffe 1843 java optional
ca-certificates-java_20161107.dsc
a56bdf79c5429dfffd87debb8a54c98d 15964 java optional
ca-certificates-java_20161107.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJYIHkBAAoJEN2M1aXejH56nBoQAIZioqBwK+eEyrsjDnsnmWgT
JdDLmaBfrTVRW7dwh4+54qOswckVvC/yJT2SKQEjpsP4WwZ5DbfZGYtLt0e9S8iz
3FD8nwjb6IpfYfi9ODw8prN8dX3vcv+qij+K3ddnO7Rv9LGLuJU9EpLcd10LIM0X
1updjGWVFbUSelibPfOfD/7qyPs2h8tZhTyioQlAYZzguNkE+YQ5Kbwknb4PY8jB
w9axJHLgeAqlslbU9B+3dS+kAqILNjp5LPXovMrgtlyZkYCxVXWrzLCrxWrNXxTC
YpPh8Nvw4syjRzW+NbajX0D1VyNBo7q4fYGZOd00rbToO4kjU9K3+xG9NLoh7QF6
oSGZ1QTgKIjBK4YA80HZ72dPaLaNo5JLw3L0MsW0wWwCRezmdg9KOBYQsCikmlul
mHH2McJ9TbVD8OPqlHHQVTk00rrZj3H3FvgszS+llYCFWLVq/2ch8b8clqc9xiLE
KElwlUPgzbU8Z2vl7E4cyCktf0y+feU1YvJ5ygrIuD+HhTkuGhvDUkZvrHgNO2ds
9/eX+KFQeav+kbYwdJm4Rc81uMCTK1ECWKI6FQMxm5C0+xEM5mezbg8ljVhl0jkM
Yb3mXApvKqe0VQjFL4CoCJe4h2o961Q4Gq+RNnkTITBYcfEuueH2gHCMMMdFHEM3
mG+7UhQK9HjIzpBnJ1rT
=8VrS
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
