diff -Nru ca-certificates-java-20160321ubuntu1/debian/ca-certificates-java.dirs ca-certificates-java-20160321ubuntu1.1/debian/ca-certificates-java.dirs --- ca-certificates-java-20160321ubuntu1/debian/ca-certificates-java.dirs 1970-01-01 12:00:00.000000000 +1200 +++ ca-certificates-java-20160321ubuntu1.1/debian/ca-certificates-java.dirs 2023-05-30 15:40:30.000000000 +1200 @@ -0,0 +1,2 @@ +etc/ssl/certs/java +var/lib/ca-certificates-java diff -Nru ca-certificates-java-20160321ubuntu1/debian/ca-certificates-java.triggers ca-certificates-java-20160321ubuntu1.1/debian/ca-certificates-java.triggers --- ca-certificates-java-20160321ubuntu1/debian/ca-certificates-java.triggers 2016-03-22 00:23:09.000000000 +1300 +++ ca-certificates-java-20160321ubuntu1.1/debian/ca-certificates-java.triggers 2023-05-30 15:40:30.000000000 +1200 @@ -1 +1,3 @@ activate update-ca-certificates +interest-await update-ca-certificates-java +interest-await update-ca-certificates-java-fresh diff -Nru ca-certificates-java-20160321ubuntu1/debian/changelog ca-certificates-java-20160321ubuntu1.1/debian/changelog --- ca-certificates-java-20160321ubuntu1/debian/changelog 2017-12-15 09:38:26.000000000 +1300 +++ ca-certificates-java-20160321ubuntu1.1/debian/changelog 2023-05-30 15:40:30.000000000 +1200 @@ -1,3 +1,19 @@ +ca-certificates-java (20160321ubuntu1.1) xenial; urgency=medium + + * Unable to install libreoffice due to ca-certificates-java installation + failure. Backport fix (LP: #2003750) + - d/postinst.in: remove setup_path, abort certificate update if java + is not in the path, add trigger handler to perform certificate + update. + - d/jks-keystore.hook.in: remove setup_path, abort certificate update if java + is not in the path. + - d/ca-certificates-java.triggers: add interest-await triggers to allow + openjdk packages to trigger certificate import. + - d/control: remove JRE dependency, add Breaks condition. + * d/t/*: add autopkgtests. + + -- Vladimir Petko Tue, 30 May 2023 15:40:30 +1200 + ca-certificates-java (20160321ubuntu1) xenial; urgency=medium * Depend on openjdk-8 instead of openjdk-7. (LP: #1723198) diff -Nru ca-certificates-java-20160321ubuntu1/debian/control ca-certificates-java-20160321ubuntu1.1/debian/control --- ca-certificates-java-20160321ubuntu1/debian/control 2016-03-22 02:33:54.000000000 +1300 +++ ca-certificates-java-20160321ubuntu1.1/debian/control 2023-05-30 15:40:30.000000000 +1200 @@ -1,7 +1,8 @@ Source: ca-certificates-java Section: java Priority: optional -Maintainer: Debian Java Maintainers +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian Java Maintainers Uploaders: Matthias Klose , Torsten Werner , Damien Raude-Morvan , @@ -15,9 +16,9 @@ Architecture: all Multi-Arch: foreign Depends: ca-certificates (>= 20121114), - ${jre:Depends} | java7-runtime-headless, ${misc:Depends}, ${nss:Depends} +Breaks: openjdk-8-jre-headless (<<8u362-ga-0ubuntu2~), # We need a versioned Depends due to multiarch changes (bug #635571). Description: Common CA certificates (JKS keystore) This package uses the hooks of the ca-certificates package to update the diff -Nru ca-certificates-java-20160321ubuntu1/debian/jks-keystore.hook.in ca-certificates-java-20160321ubuntu1.1/debian/jks-keystore.hook.in --- ca-certificates-java-20160321ubuntu1/debian/jks-keystore.hook.in 2016-03-22 02:23:13.000000000 +1300 +++ ca-certificates-java-20160321ubuntu1.1/debian/jks-keystore.hook.in 2023-05-30 15:40:30.000000000 +1200 @@ -35,25 +35,9 @@ exit 1 fi -for jvm in java-7-openjdk-$arch java-7-openjdk \ - oracle-java7-jre-$arch oracle-java7-server-jre-$arch oracle-java7-jdk-$arch \ - java-8-openjdk-$arch java-8-openjdk \ - oracle-java8-jre-$arch oracle-java8-server-jre-$arch oracle-java8-jdk-$arch \ - java-9-openjdk-$arch java-9-openjdk \ - oracle-java9-jre-$arch oracle-java9-server-jre-$arch oracle-java9-jdk-$arch; do -if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - break -fi -done -export JAVA_HOME=/usr/lib/jvm/$jvm -PATH=$JAVA_HOME/bin:$PATH - -temp_jvm_cfg= -if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then - # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg - mkdir -p /etc/${jvm%-$arch} - printf -- "-server KNOWN\n" > $temp_jvm_cfg +if ! which java >/dev/null; then + echo "No JRE found. Skipping Java certificates setup." + exit 0 fi if dpkg-query --version >/dev/null; then diff -Nru ca-certificates-java-20160321ubuntu1/debian/postinst.in ca-certificates-java-20160321ubuntu1.1/debian/postinst.in --- ca-certificates-java-20160321ubuntu1/debian/postinst.in 2016-03-22 02:22:05.000000000 +1300 +++ ca-certificates-java-20160321ubuntu1.1/debian/postinst.in 2023-05-30 15:40:30.000000000 +1200 @@ -24,20 +24,12 @@ fi } -setup_path() +check_proc() { - for jvm in java-7-openjdk-$arch java-7-openjdk \ - oracle-java7-jre-$arch oracle-java7-server-jre-$arch oracle-java7-jdk-$arch \ - java-8-openjdk-$arch java-8-openjdk \ - oracle-java8-jre-$arch oracle-java8-server-jre-$arch oracle-java8-jdk-$arch \ - java-9-openjdk-$arch java-9-openjdk \ - oracle-java9-jre-$arch oracle-java9-server-jre-$arch oracle-java9-jdk-$arch; do - if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - break - fi - done - export JAVA_HOME=/usr/lib/jvm/$jvm - PATH=$JAVA_HOME/bin:$PATH + if ! mountpoint -q /proc; then + echo >&2 "the keytool command requires a mounted proc fs (/proc)." + exit 1 + fi } first_install() @@ -68,7 +60,6 @@ echo "+${filename}" done | \ java -Xmx64m -jar $JAR -storepass "$storepass" - echo "done." } do_cleanup() @@ -80,6 +71,28 @@ fi } +update_cacerts() +{ + check_proc + + if ! which java >/dev/null; then + echo "No JRE found. Skipping Java certificates setup." + exit 0 + fi + + trap do_cleanup EXIT + + if [ -f /var/lib/ca-certificates-java/fresh ]; then + first_install + rm -f /var/lib/ca-certificates-java/fresh + else + java -Xmx64m -jar $JAR -storepass "$storepass"; + fi + + chmod 600 /etc/default/cacerts || true + echo "done." +} + case "$1" in configure) if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then @@ -88,35 +101,23 @@ cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old fi fi - if [ -z "$2" -o -n "$FIXOLD" ]; then - setup_path - - if ! mountpoint -q /proc; then - echo >&2 "the keytool command requires a mounted proc fs (/proc)." - exit 1 - fi - temp_jvm_cfg= - if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then - # the jre is not yet configured, but jvm.cfg is needed to run it - temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg - mkdir -p /etc/${jvm%-$arch} - printf -- "-server KNOWN\n" > $temp_jvm_cfg + if [ -z "$2" -o -n "$FIXOLD" ]; then + touch /var/lib/ca-certificates-java/fresh fi - if first_install; then - do_cleanup - else - do_cleanup - exit 1 - fi - fi - chmod 600 /etc/default/cacerts || true + update_cacerts ;; abort-upgrade|abort-remove|abort-deconfigure) ;; + triggered) + if [ ! -f /etc/ssl/certs/java/cacerts ]; then + touch /var/lib/ca-certificates-java/fresh + fi + update_cacerts + ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 diff -Nru ca-certificates-java-20160321ubuntu1/debian/tests/can-install-jre ca-certificates-java-20160321ubuntu1.1/debian/tests/can-install-jre --- ca-certificates-java-20160321ubuntu1/debian/tests/can-install-jre 1970-01-01 12:00:00.000000000 +1200 +++ ca-certificates-java-20160321ubuntu1.1/debian/tests/can-install-jre 2023-05-30 15:40:30.000000000 +1200 @@ -0,0 +1,51 @@ +#!/bin/bash +set -e +versions=$(apt-cache search jre-headless | awk '{print $1}') +for version in ${versions} +do +# WHEN openjdk-jre-headless package is installed from scratch + + # Java 18 is EOL 09.2022 but is present in Lunar so that we could do clean + # builds. Ignore it in certificate tests + if [[ ${version} == "openjdk-18-jre-headless" ]]; + then + continue + fi + # Java 19 is EOL, but it is present in archive so that we could do clean + # builds. Ignore it in certificate tests + if [[ ${version} == "openjdk-19-jre-headless" ]]; + then + continue + fi + # Java 13 is EOL, but it is present in archive so that we could do clean + # builds. Ignore it in certificate tests + if [[ ${version} == "openjdk-13-jre-headless" ]]; + then + continue + fi + # Java 16 is EOL, but it is present in archive so that we could do clean + # builds. Ignore it in certificate tests + if [[ ${version} == "openjdk-16-jre-headless" ]]; + then + continue + fi + + disabled_jres="gcj-5-jre-headless gcj-4.8-jre-headless gcj-4.9-jre-headless gcj-jre-headless openjdk-9-jre-headless" + if [[ ${disabled_jres} =~ ${version} ]]; then + echo Skip test for the unsupported JRE!!! + continue + fi + + output=`mktemp` + echo "installing ${version}" + apt-get install -y ${version} | tee ${output} +# THEN installation is successfull +# AND certificates are updated + if [[ $(grep -L "Adding debian:Amazon_Root_CA_1.pem" ${output}) ]]; then + echo "Certificates were not imported !!!" + exit 255 + fi + rm $output + # purge in order to remove keytstore + apt-get purge -y ca-certificates-java ${version} +done diff -Nru ca-certificates-java-20160321ubuntu1/debian/tests/can-install-libreoffice ca-certificates-java-20160321ubuntu1.1/debian/tests/can-install-libreoffice --- ca-certificates-java-20160321ubuntu1/debian/tests/can-install-libreoffice 1970-01-01 12:00:00.000000000 +1200 +++ ca-certificates-java-20160321ubuntu1.1/debian/tests/can-install-libreoffice 2023-05-18 09:21:46.000000000 +1200 @@ -0,0 +1,4 @@ +#!/bin/bash +set -e + +apt-get install -y libreoffice \ No newline at end of file diff -Nru ca-certificates-java-20160321ubuntu1/debian/tests/control ca-certificates-java-20160321ubuntu1.1/debian/tests/control --- ca-certificates-java-20160321ubuntu1/debian/tests/control 1970-01-01 12:00:00.000000000 +1200 +++ ca-certificates-java-20160321ubuntu1.1/debian/tests/control 2023-05-30 15:40:30.000000000 +1200 @@ -0,0 +1,4 @@ +Tests: can-install-jre, can-install-libreoffice +# No depends, this is a test for a clean install +Depends: +Restrictions: needs-root, allow-stderr