Your message dated Mon, 07 Nov 2016 13:03:49 +0000 with message-id <e1c3jax-0004ki...@fasolo.debian.org> and subject line Bug#822201: fixed in ca-certificates-java 20161107 has caused the Debian Bug report #822201, regarding ca-certificates-java: postinst and trigger should fail if no known jvm is found to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 822201: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822201 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ca-certificates-java Version: 20160321 Severity: serious User: debian...@lists.debian.org Usertags: piuparts Hi, the setup_path routine in ca-certificates-java.postinst does not take into account that it might not find a known jre. In that case $jvm and $JAVA_HOME will be invalid. This usually happens if a new package starts providing java7-runtime-headless. I simulated this in a minimal chroot by creating a java7-runtime-headless package with equivs and installing it (but installing no other jre). Thereafter installing ca-certificates-java results in: # apt-get install ca-certificates-java Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: libnspr4 libnss3 The following NEW packages will be installed: ca-certificates-java libnspr4 libnss3 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/1286 kB of archives. After this operation, 4204 kB of additional disk space will be used. Do you want to continue? [Y/n] debconf: unable to initialize frontend: Dialog debconf: (No usable dialog-like program is installed, so the dialog based frontend cannot be used. at /usr/share/perl5/Debconf/FrontEnd/Dialog.pm line 76, <> line 3.) debconf: falling back to frontend: Readline Selecting previously unselected package libnspr4:amd64. (Reading database ... 16913 files and directories currently installed.) Preparing to unpack .../libnspr4_2%3a4.12-2_amd64.deb ... Unpacking libnspr4:amd64 (2:4.12-2) ... Selecting previously unselected package libnss3:amd64. Preparing to unpack .../libnss3_2%3a3.23-2_amd64.deb ... Unpacking libnss3:amd64 (2:3.23-2) ... Selecting previously unselected package ca-certificates-java. Preparing to unpack .../ca-certificates-java_20160321_all.deb ... Unpacking ca-certificates-java (20160321) ... Processing triggers for libc-bin (2.22-6) ... Processing triggers for ca-certificates (20160104) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. Setting up libnspr4:amd64 (2:4.12-2) ... Setting up libnss3:amd64 (2:3.23-2) ... Setting up ca-certificates-java (20160321) ... /var/lib/dpkg/info/ca-certificates-java.postinst: line 57: java: command not found /var/lib/dpkg/info/ca-certificates-java.postinst: line 70: java: command not found done. Processing triggers for libc-bin (2.22-6) ... Processing triggers for ca-certificates (20160104) ... Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... /etc/ca-certificates/update.d/jks-keystore: 86: /etc/ca-certificates/update.d/jks-keystore: java: not found E: /etc/ca-certificates/update.d/jks-keystore exited with code 1. done. # echo $? 0 Postinst and trigger spew a lot of errors, no java keystore has been created/updated, but apt-get finished successfully. I assume that ca-certificates-java is *not correctly installed* in this situation and will cause failures in packages that Depend on it and actually do use it. Thus the Severity: serious. I noticed this problem in a piuparts log where ca-certificates-java (20140324) was installed along openjdk-8-jre-headless:amd64 (8u72-b15-2), producing the same 'java: command not found' errors. The piuparts test finished successfully, that logfile is attached. equivs was just an easy way to reproduce it with current ca-certificates-java. Current ca-certificates-java knows about openjdk-{7,8,9} and the oracle equivalents, but there will probably be a -10 in the future (or some vendor might provide yet another implementation of java7-runtime-headless in yet another path ... /usr/lib/jvm/vendor-java-42-yet-another-jre). Andreaslibeasymock-java_3.3.1+ds-3.log.gz
Description: application/gzip
--- End Message ---
--- Begin Message ---Source: ca-certificates-java Source-Version: 20161107 We believe that the bug you reported is fixed in the latest version of ca-certificates-java, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 822...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Benjamin Drung <benjamin.dr...@profitbricks.com> (supplier of updated ca-certificates-java package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 07 Nov 2016 13:45:23 +0100 Source: ca-certificates-java Binary: ca-certificates-java Architecture: source Version: 20161107 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Benjamin Drung <benjamin.dr...@profitbricks.com> Description: ca-certificates-java - Common CA certificates (JKS keystore) Closes: 822201 Changes: ca-certificates-java (20161107) unstable; urgency=medium . * Team upload. * postinst: Use exit trap instead of if condition to not fail silently (e.g. in case the java binary is not found) (Closes: #822201) * Bump Standards-Version to 3.9.8 (no changes) Checksums-Sha1: bc347f95d1557307fe8d75e2e839ee7a58723e11 1843 ca-certificates-java_20161107.dsc 2a299deb4b6e5651d13454894d8d93dddeb08df4 15964 ca-certificates-java_20161107.tar.xz Checksums-Sha256: ed71bb743d1a3d362b352feed1f5f802a5b906134f7ca91f5f86ab40ed397ca7 1843 ca-certificates-java_20161107.dsc e62fac18522012dc3c5cc37b310c16568c5bd909049e3a73ce2b487f2407d698 15964 ca-certificates-java_20161107.tar.xz Files: 67c0552d96b81241b64582fdc579dffe 1843 java optional ca-certificates-java_20161107.dsc a56bdf79c5429dfffd87debb8a54c98d 15964 java optional ca-certificates-java_20161107.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJYIHkBAAoJEN2M1aXejH56nBoQAIZioqBwK+eEyrsjDnsnmWgT JdDLmaBfrTVRW7dwh4+54qOswckVvC/yJT2SKQEjpsP4WwZ5DbfZGYtLt0e9S8iz 3FD8nwjb6IpfYfi9ODw8prN8dX3vcv+qij+K3ddnO7Rv9LGLuJU9EpLcd10LIM0X 1updjGWVFbUSelibPfOfD/7qyPs2h8tZhTyioQlAYZzguNkE+YQ5Kbwknb4PY8jB w9axJHLgeAqlslbU9B+3dS+kAqILNjp5LPXovMrgtlyZkYCxVXWrzLCrxWrNXxTC YpPh8Nvw4syjRzW+NbajX0D1VyNBo7q4fYGZOd00rbToO4kjU9K3+xG9NLoh7QF6 oSGZ1QTgKIjBK4YA80HZ72dPaLaNo5JLw3L0MsW0wWwCRezmdg9KOBYQsCikmlul mHH2McJ9TbVD8OPqlHHQVTk00rrZj3H3FvgszS+llYCFWLVq/2ch8b8clqc9xiLE KElwlUPgzbU8Z2vl7E4cyCktf0y+feU1YvJ5ygrIuD+HhTkuGhvDUkZvrHgNO2ds 9/eX+KFQeav+kbYwdJm4Rc81uMCTK1ECWKI6FQMxm5C0+xEM5mezbg8ljVhl0jkM Yb3mXApvKqe0VQjFL4CoCJe4h2o961Q4Gq+RNnkTITBYcfEuueH2gHCMMMdFHEM3 mG+7UhQK9HjIzpBnJ1rT =8VrS -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.