Author: drazzib Date: 2012-05-24 20:17:42 +0000 (Thu, 24 May 2012) New Revision: 16063
Removed: trunk/ca-certificates-java/debian/preinst Modified: trunk/ca-certificates-java/UpdateCertificates.java trunk/ca-certificates-java/debian/changelog trunk/ca-certificates-java/debian/jks-keystore.hook.in trunk/ca-certificates-java/debian/postinst.in trunk/ca-certificates-java/debian/rules Log: * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around since it is no longer needed. * debian/postinst: don't put a symlink in / if jvm doesn't contain nss configuration. (Closes: #665754, #665749). * debian/postinst: force migration to new alias names again. The migration was supposed to occur on upgrades to Oneiric, but failed because of an NSS error. * debian/postinst: forcibly remove diginotar cert. It could be left behind under certain circumstances. (LP: #920758) * debian/postinst: also look for jvm in multiarch locations (LP: #962378) * debian/postinst: retrigger first_install to properly get cert store. * d/rules: Ensure java is built with source/target == 1.6 for backwards compatibility with openjdk-6. * Sync handling of nss.cfg between debian/jks-keystore.hook.in and debian/postinst.in. * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). * Improve handling of certificate with UTF-8 filenames: - UpdateCertificates: Force read System.in with UTF-8 - debian/postinst: Set LC_CTYPE to C.UTF-8 Modified: trunk/ca-certificates-java/UpdateCertificates.java =================================================================== --- trunk/ca-certificates-java/UpdateCertificates.java 2012-05-24 15:25:32 UTC (rev 16062) +++ trunk/ca-certificates-java/UpdateCertificates.java 2012-05-24 20:17:42 UTC (rev 16063) @@ -50,7 +50,8 @@ password = passwordString.toCharArray(); keystore = createKeyStore(); certFactory = CertificateFactory.getInstance("X.509"); - processChanges(new InputStreamReader(System.in)); + // Force reading of inputstream int UTF-8 + processChanges(new InputStreamReader(System.in, "UTF8")); writeKeyStore(); } Modified: trunk/ca-certificates-java/debian/changelog =================================================================== --- trunk/ca-certificates-java/debian/changelog 2012-05-24 15:25:32 UTC (rev 16062) +++ trunk/ca-certificates-java/debian/changelog 2012-05-24 20:17:42 UTC (rev 16063) @@ -1,3 +1,32 @@ +ca-certificates-java (20120524) unstable; urgency=low + + [ Marc Deslauriers ] + * debian/preinst, debian/postinst: remove the 20110912ubuntu1 work-around + since it is no longer needed. + * debian/postinst: don't put a symlink in / if jvm doesn't contain nss + configuration. (Closes: #665754, #665749). + * debian/postinst: force migration to new alias names again. The + migration was supposed to occur on upgrades to Oneiric, but failed + because of an NSS error. + * debian/postinst: forcibly remove diginotar cert. It could be left + behind under certain circumstances. (LP: #920758) + * debian/postinst: also look for jvm in multiarch locations (LP: #962378) + * debian/postinst: retrigger first_install to properly get cert store. + + [ James Page ] + * d/rules: Ensure java is built with source/target == 1.6 for backwards + compatibility with openjdk-6. + + [ Damien Raude-Morvan ] + * Sync handling of nss.cfg between debian/jks-keystore.hook.in and + debian/postinst.in. + * Merge changes from Ubuntu (Thanks to James Page and Marc Deslauriers). + * Improve handling of certificate with UTF-8 filenames: + - UpdateCertificates: Force read System.in with UTF-8 + - debian/postinst: Set LC_CTYPE to C.UTF-8 + + -- Damien Raude-Morvan <draz...@debian.org> Tue, 22 May 2012 23:41:41 +0200 + ca-certificates-java (20120225) unstable; urgency=low [ Steve Langasek ] Modified: trunk/ca-certificates-java/debian/jks-keystore.hook.in =================================================================== --- trunk/ca-certificates-java/debian/jks-keystore.hook.in 2012-05-24 15:25:32 UTC (rev 16062) +++ trunk/ca-certificates-java/debian/jks-keystore.hook.in 2012-05-24 20:17:42 UTC (rev 16063) @@ -1,4 +1,4 @@ -#! /bin/sh +#!/bin/sh set -e @@ -12,6 +12,8 @@ . /etc/default/cacerts fi +arch=`dpkg --print-architecture` + echo "" if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then echo "updates of cacerts keystore disabled." @@ -23,31 +25,32 @@ exit 1 fi -for jdir in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do - if [ -x $jdir/bin/java ]; then - break - fi +for jvm in java-6-openjdk-$arch java-6-openjdk \ + java-7-openjdk-$arch java-7-openjdk java-6-sun; do +if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + break +fi done -export JAVA_HOME=$jdir +export JAVA_HOME=/usr/lib/jvm/$jvm PATH=$JAVA_HOME/bin:$PATH temp_jvm_cfg= -if [ ! -f /etc/$jvm/jvm.cfg ]; then +if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/$jvm/jvm.cfg - mkdir -p /etc/$jvm + temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg + mkdir -p /etc/${jvm%-$arch} printf -- "-server KNOWN\n" > $temp_jvm_cfg fi if dpkg-query --version >/dev/null; then nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p') - nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $jdir/jre/lib/security/nss.cfg) - if [ "$nsspkg" != "$nssjdk" ]; then - ln -sf $nsspkg/libnss3.so $nssjdk/ + nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg) + if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then + ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so fi softokn3pkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p') - if [ "$softokn3pkg" != "$nssjdk" ]; then - ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/ + if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] && [ "$softokn3pkg" != "$nssjdk" ]; then + ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/libsoftokn3.so fi fi @@ -56,12 +59,12 @@ [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] then - rm -f $nssjdk/libnss3.so + rm -f $nssjdk/libnss3.so fi if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \ && [ "$softokn3pkg" != "$nssjdk" ] then - rm -f $nssjdk/libsoftokn3.so + rm -f $nssjdk/libsoftokn3.so fi } Modified: trunk/ca-certificates-java/debian/postinst.in =================================================================== --- trunk/ca-certificates-java/debian/postinst.in 2012-05-24 15:25:32 UTC (rev 16062) +++ trunk/ca-certificates-java/debian/postinst.in 2012-05-24 20:17:42 UTC (rev 16063) @@ -2,26 +2,27 @@ set -e -# Disable a critically buggy hook script during upgrade; to be removed -# after oneiric release -if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ] -then - chmod +x /etc/ca-certificates/update.d/jks-keystore -fi +# use the locale C.UTF-8 +unset LC_ALL +LC_CTYPE=C.UTF-8 +export LC_CTYPE storepass='changeit' if [ -f /etc/default/cacerts ]; then . /etc/default/cacerts fi +arch=`dpkg --print-architecture` + setup_path() { - for JAVA_HOME in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do - if [ -x $JAVA_HOME/bin/java ]; then - break + for jvm in java-6-openjdk-$arch java-6-openjdk \ + java-7-openjdk-$arch java-7-openjdk java-6-sun; do + if [ -x /usr/lib/jvm/$jvm/bin/java ]; then + break fi done - jvm=$(basename $JAVA_HOME | sed 's,-openjdk-.*,-openjdk,') # multiarch fixup + export JAVA_HOME=/usr/lib/jvm/$jvm PATH=$JAVA_HOME/bin:$PATH CLASSPATH=/usr/share/ca-certificates-java @@ -31,17 +32,23 @@ first_install() { if which dpkg-query --version >/dev/null; then - nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p') - nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/$jvm/security/nss.cfg) - if [ "$nsspkg" != "$nssjdk" ]; then - ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so - fi + nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p') + nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg) + if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then + ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so fi + fi + # Forcibly remove diginotar cert (LP: #920758) + if [ -n "$FIXOLD" ]; then + echo -e "-diginotar_root_ca\n-diginotar_root_ca_pem" | \ + java UpdateCertificates -storepass "$storepass" + fi + find /etc/ssl/certs -name \*.pem | \ while read filename; do - alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _) - alias=${alias%*_} + alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _) + alias=${alias%*_} if [ -n "$FIXOLD" ]; then echo "-${alias}" echo "-${alias}_pem" @@ -57,41 +64,42 @@ [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] then - rm -f $nssjdk/libnss3.so + rm -f $nssjdk/libnss3.so fi } case "$1" in configure) - if dpkg --compare-versions "$2" le "20100412"; then + if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then FIXOLD="true" if [ -e /etc/ssl/certs/java/cacerts ]; then cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old fi fi if [ -z "$2" -o -n "$FIXOLD" ]; then - setup_path + setup_path - if ! mountpoint -q /proc; then - echo >&2 "the keytool command requires a mounted proc fs (/proc)." - exit 1 - fi + if ! mountpoint -q /proc; then + echo >&2 "the keytool command requires a mounted proc fs (/proc)." + exit 1 + fi - if [ ! -f /etc/$jvm/jvm.cfg ]; then - # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/$jvm/jvm.cfg - mkdir -p /etc/$jvm - printf -- "-server KNOWN\n" > $temp_jvm_cfg - fi + temp_jvm_cfg= + if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then + # the jre is not yet configured, but jvm.cfg is needed to run it + temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg + mkdir -p /etc/${jvm%-$arch} + printf -- "-server KNOWN\n" > $temp_jvm_cfg + fi - if first_install; then - do_cleanup - else - do_cleanup - exit 1 - fi - fi - chmod 600 /etc/default/cacerts || true + if first_install; then + do_cleanup + else + do_cleanup + exit 1 + fi + fi + chmod 600 /etc/default/cacerts || true ;; abort-upgrade|abort-remove|abort-deconfigure) Deleted: trunk/ca-certificates-java/debian/preinst =================================================================== --- trunk/ca-certificates-java/debian/preinst 2012-05-24 15:25:32 UTC (rev 16062) +++ trunk/ca-certificates-java/debian/preinst 2012-05-24 20:17:42 UTC (rev 16063) @@ -1,13 +0,0 @@ -#!/bin/sh - -set -e - -# Disable a critically buggy hook script during upgrade; to be removed -# after oneiric release -if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ] -then - chmod -x /etc/ca-certificates/update.d/jks-keystore -fi - -#DEBHELPER# - Modified: trunk/ca-certificates-java/debian/rules =================================================================== --- trunk/ca-certificates-java/debian/rules 2012-05-24 15:25:32 UTC (rev 16062) +++ trunk/ca-certificates-java/debian/rules 2012-05-24 20:17:42 UTC (rev 16063) @@ -21,7 +21,7 @@ build: build-stamp build-stamp: dh_testdir - $(JAVA_HOME)/bin/javac UpdateCertificates.java + $(JAVA_HOME)/bin/javac -source 1.6 -target 1.6 UpdateCertificates.java touch $@ clean: _______________________________________________ pkg-java-commits mailing list pkg-java-comm...@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-commits