Ubuntu
ca-certificates-java package

Please merge ca-certificates-java 20180413 (main) from Debian unstable (main)

Bug #1769013 reported by Tiago Stürmer Daitx
64
This bug affects 12 people
Affects Status Importance Assigned to Milestone
JOSM
Unknown
Critical
ca-certificates-java (Ubuntu)
Fix Released
Undecided
Julian Andres Klode
Nominated for Bionic by Omer Akram
Bionic
Fix Released
Undecided
Unassigned

Bug Description

[Original Merge description]
There's a new ca-certificates-java package in debian unstable versioned 20180413 which conflicts with cosmic's version 20170930ubuntu1 [1] and requires a merge.

The following changes should be kept:
1) debian/control: Bump javahelper build dependency.
2) debian/rules:
2a) Explicitly depend on openjdk-11-jre-headless, needed to configure.
2b) Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
    as, per JEP-247, it also takes care of setting the right -bootclasspath
    argument.

And a new change should be considered:
- remove the creation of a default jvm-*.cfg file from debian/jks-keystore.hook.in as openjdk packages already provides a default jvm with the right configuration.

[Impact]
Besides the fix in bug 1739631 this merge also removes the usage of a fixed jvm config file by ca-certificates-java. A long long time ago ca-certificates-java failed to be installed together with openjdk because during configuration its scripts/hooks will call java, which would then be missing the jvm config file (as openjdk was only configured but not yet installed by dpkg). Still this was wrong as such solution requires that every package that depended on openjdk during dpkg configuration to provide their own jvm cfg - since that file tells openjdk which VM are available and their alias this configuration might not match what VMs (client, server, jamvm, zero, etc) are available with any given openjdk package.

This usage is no longer required since OpenJDK packages have provided their own default exactly for this scenario since 2009 back to Jaunty's openjdk version 6b14-0ubuntu4 [2] - which is the correct approach for this problem as the openjdk maintainers known what jvm should default to in each architecture.

This has already been fixed in the postinst script by debian 874276 [3], but unfortunately the jks-keystore hook was not fixed at the time.

[Test Case]
* Install ca-certificates-java in a clean bionic install, it should be able to configured correctly by dpkg while openjdk is also being configured.

[Regression Potential]
* if the openjdk package ever fail to ship a default jvm config file (or ships a badly configured one) the configuration step of ca-certificates-java might fail, but this is no worse than it shipping its own misconfigured jvm config file.

[Other Info]

[References]
[1] https://merges.ubuntu.com/main.html?query=ca-certificates-java
[2] https://bazaar.launchpad.net/~openjdk/openjdk/openjdk8/revision/311
[3] https://bugs.debian.org/874276

See original description
Tiago Stürmer Daitx (tdaitx)
tags: added: cosmic
tags: added: upgrade-software-version
Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

Debdiff from Ubuntu version 20170930ubuntu1.

Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

Debdiff from Debian version 20180413.

Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

Updated debdiffs with the right LP fix number (bug #1739631 instead of #1767726).

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "ca-certificates-java_20170930ubuntu1_debdiff_20180413ubuntu1.patch" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Don-vip (vincent-privat)
Changed in josm:
importance: Unknown → Critical
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ca-certificates-java (Ubuntu):
status: New → Confirmed
Julian Andres Klode (juliank)
Changed in ca-certificates-java (Ubuntu):
assignee: nobody → Julian Andres Klode (juliank)
status: Confirmed → In Progress
Revision history for this message
Julian Andres Klode (juliank) wrote :

Uploaded

Changed in ca-certificates-java (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ca-certificates-java - 20180413ubuntu1

---------------
ca-certificates-java (20180413ubuntu1) cosmic; urgency=medium

  * Merge from debian unstable. Remaining changes: (LP: #1769013,
    LP: #1739631)
    + debian/control: Bump javahelper build dependency.
    + debian/rules:
      - Explicitly depend on openjdk-11-jre-headless, needed to configure.
      - Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
        as, per JEP-247, it also takes care of setting the right -bootclasspath
        argument.
  * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
    with the right configuration is already supplied by the openjdk packages.

ca-certificates-java (20180413) unstable; urgency=medium

  * Team upload.
  * Always generate a JKS keystore instead of using the default format
    (Closes: #894979)
  * Look for Java 10 and Java 11 when detecting the JRE
  * Removed Damien Raude-Morvan from the uploaders (Closes: #889412)
  * Standards-Version updated to 4.1.4
  * Switch to debhelper level 11

 -- Tiago Stürmer Daitx <email address hidden> Fri, 04 May 2018 01:31:24 +0000

Changed in ca-certificates-java (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Omer Akram (om26er) wrote :

Please backport this to Bionic. Java there is pretty much broken for my use cases, installing ca-certificates-java from Cosmic fixed my issues.

Tiago Stürmer Daitx (tdaitx)
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Tiago, or anyone else affected,

Accepted ca-certificates-java into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/ca-certificates-java/20180516ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in ca-certificates-java (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-bionic
Revision history for this message
Mikael Gueck (gumi) wrote :

I've successfully verified the proposed fix, as documented at issue #1739631
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1739631/comments/13

tags: added: verification-done verification-done-bionic
removed: verification-needed verification-needed-bionic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ca-certificates-java - 20180516ubuntu1~18.04.1

---------------
ca-certificates-java (20180516ubuntu1~18.04.1) bionic; urgency=medium

  * Backport from Cosmic. (LP: #1770553)

ca-certificates-java (20180516ubuntu1) cosmic; urgency=low

  * Merge from Debian unstable (LP: #1771815). Remaining changes:
    - debian/control: Bump javahelper build dependency.
    - debian/rules:
      + Explicitly depend on openjdk-11-jre-headless, needed to configure.
      + Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
        as, per JEP-247, it also takes care of setting the right -bootclasspath
        argument.

ca-certificates-java (20180516) unstable; urgency=medium

  * Team upload.

  [ Tiago Stürmer Daitx ]
  * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
    with the right configuration is already supplied by the openjdk packages.
  * debian/jks-keystore.hook.in, debian/postinst.in: Only export JAVA_HOME
    and update PATH if a known jvm was found.
  * debian/postinst.in: Detect PKCS12 cacert keystore generated by
    previous ca-certificates-java and convert them to JKS. (Closes: #898678)
    (LP: #1771363)

  [ Matthias Klose ]
  * debian/rules: Explicitly depend on openjdk-11-jre-headless, needed to
    configure.

  [ Emmanuel Bourg ]
  * Use salsa.debian.org Vcs-* URLs

ca-certificates-java (20180413ubuntu1) cosmic; urgency=medium

  * Merge from debian unstable. Remaining changes: (LP: #1769013,
    LP: #1739631)
    + debian/control: Bump javahelper build dependency.
    + debian/rules:
      - Explicitly depend on openjdk-11-jre-headless, needed to configure.
      - Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
        as, per JEP-247, it also takes care of setting the right -bootclasspath
        argument.
  * debian/jks-keystore.hook.in: don't create a jvm-*.cfg file, a default file
    with the right configuration is already supplied by the openjdk packages.

ca-certificates-java (20180413) unstable; urgency=medium

  * Team upload.
  * Always generate a JKS keystore instead of using the default format
    (Closes: #894979)
  * Look for Java 10 and Java 11 when detecting the JRE
  * Removed Damien Raude-Morvan from the uploaders (Closes: #889412)
  * Standards-Version updated to 4.1.4
  * Switch to debhelper level 11

 -- Tiago Stürmer Daitx <email address hidden> Thu, 17 May 2018 14:10:59 +0000

Changed in ca-certificates-java (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for ca-certificates-java has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.