Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
On 2019-04-11 06:41, tony mancill wrote: > Andreas, please let me know if this looks okay to you and I'll file the > stretch-pu bug. Looks good to me. Andreas
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
On Wed, Apr 10, 2019 at 06:25:42AM -0700, tony mancill wrote: > On Wed, Apr 10, 2019 at 09:49:02AM +0200, Andreas Beckmann wrote: > > Hi Tony, > > > > do we have another error in the script? > > > > Setting up ca-certificates-java (20170929~deb9u2) ... > > /var/lib/dpkg/info/ca-certificates-java.postinst: line 55: printf: -d: > > invalid option > > printf: usage: printf [-v var] format [arguments] > > Adding debian:TrustCor_RootCert_CA-2.pem > > Adding debian:TrustCor_RootCert_CA-1.pem > > ... > > > > (noticed while looking for something different ..) > > Hello Andreas, > > Yes, and the error is due to this hunk in my patch: > > > --- ca-certificates-java-20170929~deb9u1/debian/postinst.in 2019-02-11 > > 04:14:23.0 -0800 > > +++ ca-certificates-java-20170929~deb9u2/debian/postinst.in 2019-02-24 > > 09:55:04.0 -0800 > > @@ -52,7 +52,7 @@ > > > > # Forcibly remove diginotar cert (LP: #920758) > > if [ -n "$FIXOLD" ]; then > > -echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \ > > +printf "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \ > > java -Xmx64m -jar $JAR -storepass "$storepass" > > fi > > I didn't realize that the behavior of printf varied between the shells. > > - printf "-dfoo" fails in dash and ash, but not in bash or zsh, etc. > - printf '-dfoo' fails in dash and ash as well. > - printf -- "-dfoo" works as expected. Bah! - please ignore my comments above. The `printf "-dfoo" fails in other shells too. And even more frustrating is that there wasn't any point in trying to address the "echo -e" bashism in the postinst in the first place, since it uses /bin/bash shebang anyway (unlike jks-keystore, which runs under /bin/sh). > Sorry for the hassle and thank you for noticing this. > > I will prepare another upload. Since Andreas fixed another bashism in the postinst with his proposed debdiff [1], I propose that we move forward with the fixed printf syntax (debdiff attached), since it matches other uses of printf in the postinst. I have tested locally in a chroot, including forcing the execution path to flow through the $FIXOLD path and believe it's fixed now. Andreas, please let me know if this looks okay to you and I'll file the stretch-pu bug. Thank you, tony [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=922996;filename=ca-certificates-java_20170929~deb9u2.dsc.diff.gz;msg=5 diff -Nru ca-certificates-java-20170929~deb9u2/debian/changelog ca-certificates-java-20170929~deb9u3/debian/changelog --- ca-certificates-java-20170929~deb9u2/debian/changelog 2019-02-24 09:55:04.0 -0800 +++ ca-certificates-java-20170929~deb9u3/debian/changelog 2019-04-10 19:59:01.0 -0700 @@ -1,3 +1,10 @@ +ca-certificates-java (20170929~deb9u3) stretch; urgency=medium + + * Team upload. + * Fix printf syntax problem introduced in 20170929~deb9u2 + + -- tony mancill Wed, 10 Apr 2019 19:59:01 -0700 + ca-certificates-java (20170929~deb9u2) stretch; urgency=medium * Team upload. diff -Nru ca-certificates-java-20170929~deb9u2/debian/postinst.in ca-certificates-java-20170929~deb9u3/debian/postinst.in --- ca-certificates-java-20170929~deb9u2/debian/postinst.in 2019-02-24 09:55:04.0 -0800 +++ ca-certificates-java-20170929~deb9u3/debian/postinst.in 2019-04-10 19:59:01.0 -0700 @@ -52,7 +52,7 @@ # Forcibly remove diginotar cert (LP: #920758) if [ -n "$FIXOLD" ]; then -printf "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \ +printf -- "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \ java -Xmx64m -jar $JAR -storepass "$storepass" fi signature.asc Description: PGP signature
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
On Wed, Apr 10, 2019 at 09:49:02AM +0200, Andreas Beckmann wrote: > Hi Tony, > > do we have another error in the script? > > Setting up ca-certificates-java (20170929~deb9u2) ... > /var/lib/dpkg/info/ca-certificates-java.postinst: line 55: printf: -d: > invalid option > printf: usage: printf [-v var] format [arguments] > Adding debian:TrustCor_RootCert_CA-2.pem > Adding debian:TrustCor_RootCert_CA-1.pem > ... > > (noticed while looking for something different ..) Hello Andreas, Yes, and the error is due to this hunk in my patch: > --- ca-certificates-java-20170929~deb9u1/debian/postinst.in 2019-02-11 > 04:14:23.0 -0800 > +++ ca-certificates-java-20170929~deb9u2/debian/postinst.in 2019-02-24 > 09:55:04.0 -0800 > @@ -52,7 +52,7 @@ > > # Forcibly remove diginotar cert (LP: #920758) > if [ -n "$FIXOLD" ]; then > -echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \ > +printf "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \ > java -Xmx64m -jar $JAR -storepass "$storepass" > fi I didn't realize that the behavior of printf varied between the shells. - printf "-dfoo" fails in dash and ash, but not in bash or zsh, etc. - printf '-dfoo' fails in dash and ash as well. - printf -- "-dfoo" works as expected. Sorry for the hassle and thank you for noticing this. I will prepare another upload. Cheers, tony signature.asc Description: PGP signature
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
Hi Tony, do we have another error in the script? Setting up ca-certificates-java (20170929~deb9u2) ... /var/lib/dpkg/info/ca-certificates-java.postinst: line 55: printf: -d: invalid option printf: usage: printf [-v var] format [arguments] Adding debian:TrustCor_RootCert_CA-2.pem Adding debian:TrustCor_RootCert_CA-1.pem ... (noticed while looking for something different ..) Andreas
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
On Wed, Feb 27, 2019 at 04:01:08PM +0100, Andreas Beckmann wrote: > Hi Tony, > > On 2019-02-25 00:53, tony mancill wrote: > > Andreas, since you handled the prior update, feel free to take care of > > this one as well. The only difference between our debdiffs is that mine > > addresses the "echo -e" bashism, but that would only be triggered for > > Ubuntu updates for versions older than trusty (14.04 LTS), and so I > > imagine that it is actually needed. > > I'm fine if you go ahead with your variant. I'm a bit short of time > currently. Hi Andreas, I know the feeling... :) I have performed the dput. I don't upload to s-p-u often, so I'll keep an eye and handle clean up if I've made a mistake in the process. (It seems that the Release Managers have done a lot of good work over the years to make the process simpler than it was.) Cheers, tony signature.asc Description: PGP signature
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
Hi Tony, On 2019-02-25 00:53, tony mancill wrote: > Andreas, since you handled the prior update, feel free to take care of > this one as well. The only difference between our debdiffs is that mine > addresses the "echo -e" bashism, but that would only be triggered for > Ubuntu updates for versions older than trusty (14.04 LTS), and so I > imagine that it is actually needed. I'm fine if you go ahead with your variant. I'm a bit short of time currently. Andreas
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
On Sun, Feb 24, 2019 at 07:45:00PM +, Adam D. Barratt wrote: > Control: forcemerge 922996 923176 > Control: tags 922996 + confirmed > > On Sun, 2019-02-24 at 11:03 -0800, tony mancill wrote: > > This update closes #922720 [1], which addresses a bashism that > > prevents the package upgrade from completing successfully. > > There's already a request filed as #922996. I don't mind which version > gets uploaded - please co-ordinate among yourselves. Hi Adam, Sorry for the duplicate request. We should really start using "owner" to claim Java Team bugs. Andreas, since you handled the prior update, feel free to take care of this one as well. The only difference between our debdiffs is that mine addresses the "echo -e" bashism, but that would only be triggered for Ubuntu updates for versions older than trusty (14.04 LTS), and so I imagine that it is actually needed. Thank you, tony signature.asc Description: PGP signature
Bug#922996: Bug#923176: stretch-pu: package ca-certificates-java/20170929~deb9u1
Control: forcemerge 922996 923176 Control: tags 922996 + confirmed On Sun, 2019-02-24 at 11:03 -0800, tony mancill wrote: > This update closes #922720 [1], which addresses a bashism that > prevents the package upgrade from completing successfully. There's already a request filed as #922996. I don't mind which version gets uploaded - please co-ordinate among yourselves. Regards, Adam