The attached patch fixes this behavior by:
1) Detecting if a PKCS12 cacert exists
2) Converting it to JKS and saving it to cacerts.dpkg-new
Finally, if, and only if, 'cacerts_updates' is set to 'yes':
3) Moving the old PKCS12 cacerts to a cacerts.dpkg-old and the dpkg-new into /etc/ssl/certs/java/cacerts.
Additionally, this the proposed debdiff also takes care of only setting JAVA_HOME if a jvm is found. Previously if none of the the jvms in the list were found the last one jvm was used - although that didn't cause any unexpected errors, it was wrong.
The attached patch fixes this behavior by:
1) Detecting if a PKCS12 cacert exists
2) Converting it to JKS and saving it to cacerts.dpkg-new
Finally, if, and only if, 'cacerts_updates' is set to 'yes': certs/java/ cacerts.
3) Moving the old PKCS12 cacerts to a cacerts.dpkg-old and the dpkg-new into /etc/ssl/
Additionally, this the proposed debdiff also takes care of only setting JAVA_HOME if a jvm is found. Previously if none of the the jvms in the list were found the last one jvm was used - although that didn't cause any unexpected errors, it was wrong.