diff -Nru ca-certificates-java-20180516ubuntu1~18.04.2/debian/ca-certificates-java.dirs ca-certificates-java-20180516ubuntu1~18.04.3/debian/ca-certificates-java.dirs --- ca-certificates-java-20180516ubuntu1~18.04.2/debian/ca-certificates-java.dirs 1970-01-01 12:00:00.000000000 +1200 +++ ca-certificates-java-20180516ubuntu1~18.04.3/debian/ca-certificates-java.dirs 2023-05-30 08:24:33.000000000 +1200 @@ -0,0 +1,2 @@ +etc/ssl/certs/java +var/lib/ca-certificates-java diff -Nru ca-certificates-java-20180516ubuntu1~18.04.2/debian/ca-certificates-java.triggers ca-certificates-java-20180516ubuntu1~18.04.3/debian/ca-certificates-java.triggers --- ca-certificates-java-20180516ubuntu1~18.04.2/debian/ca-certificates-java.triggers 2017-06-01 00:39:26.000000000 +1200 +++ ca-certificates-java-20180516ubuntu1~18.04.3/debian/ca-certificates-java.triggers 2023-05-30 08:47:01.000000000 +1200 @@ -1 +1,3 @@ activate update-ca-certificates +interest-await update-ca-certificates-java +interest-await update-ca-certificates-java-fresh diff -Nru ca-certificates-java-20180516ubuntu1~18.04.2/debian/changelog ca-certificates-java-20180516ubuntu1~18.04.3/debian/changelog --- ca-certificates-java-20180516ubuntu1~18.04.2/debian/changelog 2023-05-18 09:21:46.000000000 +1200 +++ ca-certificates-java-20180516ubuntu1~18.04.3/debian/changelog 2023-05-30 08:47:01.000000000 +1200 @@ -1,3 +1,18 @@ +ca-certificates-java (20180516ubuntu1~18.04.3) bionic; urgency=medium + + * Unable to install libreoffice due to ca-certificates-java installation + failure. Backport fix (LP: #2003750) + - d/postinst.in: remove setup_path, abort certificate update if java + is not in the path, add trigger handler to perform certificate + update. + - d/jks-keystore.hook.in: remove setup_path, abort certificate update if java + is not in the path. + - d/ca-certificates-java.triggers: add interest-await triggers to allow + openjdk packages to trigger certificate import. + - d/control: remove JRE dependency, add Breaks condition. + + -- Vladimir Petko Tue, 30 May 2023 08:47:01 +1200 + ca-certificates-java (20180516ubuntu1~18.04.2) bionic-security; urgency=medium * REGRESSION UPDATE: ca-certificates-java can fail to install with diff -Nru ca-certificates-java-20180516ubuntu1~18.04.2/debian/control ca-certificates-java-20180516ubuntu1~18.04.3/debian/control --- ca-certificates-java-20180516ubuntu1~18.04.2/debian/control 2018-05-18 02:10:59.000000000 +1200 +++ ca-certificates-java-20180516ubuntu1~18.04.3/debian/control 2023-05-30 08:47:01.000000000 +1200 @@ -14,9 +14,11 @@ Architecture: all Multi-Arch: foreign Depends: ca-certificates (>= 20121114), - ${jre:Depends} | java8-runtime-headless, ${misc:Depends}, ${nss:Depends} +Breaks: openjdk-8-jre-headless (<<8u362-ga-0ubuntu2~), + openjdk-11-jre-headless (<<11.0.18+10-0ubuntu3~), + openjdk-17-jre-headless (<<17.0.6+10-1ubuntu1~), # We need a versioned Depends due to multiarch changes (bug #635571). Description: Common CA certificates (JKS keystore) This package uses the hooks of the ca-certificates package to update the diff -Nru ca-certificates-java-20180516ubuntu1~18.04.2/debian/jks-keystore.hook.in ca-certificates-java-20180516ubuntu1~18.04.3/debian/jks-keystore.hook.in --- ca-certificates-java-20180516ubuntu1~18.04.2/debian/jks-keystore.hook.in 2023-05-18 09:21:46.000000000 +1200 +++ ca-certificates-java-20180516ubuntu1~18.04.3/debian/jks-keystore.hook.in 2023-05-30 08:47:01.000000000 +1200 @@ -35,28 +35,10 @@ exit 1 fi -for version in 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 ; do - for jvm in \ - java-${version}-openjdk-${arch} \ - java-${version}-openjdk \ - oracle-java${version}-jre-${arch} \ - oracle-java${version}-server-jre-${arch} \ - oracle-java${version}-jdk-${arch} - do - if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - export JAVA_HOME=/usr/lib/jvm/$jvm - PATH=$JAVA_HOME/bin:$PATH - # copy java.security to allow import to function - security_conf=/etc/java-${version}-openjdk/security - if [ -f ${security_conf}/java.security.dpkg-new ] \ - && [ ! -f ${security_conf}/java.security ]; then - cp ${security_conf}/java.security.dpkg-new \ - ${security_conf}/java.security - fi - break 2 - fi - done -done +if ! which java >/dev/null; then + echo "No JRE found. Skipping Java certificates setup." + exit 0 +fi if dpkg-query --version >/dev/null; then nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1) diff -Nru ca-certificates-java-20180516ubuntu1~18.04.2/debian/postinst.in ca-certificates-java-20180516ubuntu1~18.04.3/debian/postinst.in --- ca-certificates-java-20180516ubuntu1~18.04.2/debian/postinst.in 2023-05-18 09:21:46.000000000 +1200 +++ ca-certificates-java-20180516ubuntu1~18.04.3/debian/postinst.in 2023-05-30 08:47:01.000000000 +1200 @@ -23,32 +23,6 @@ fi } -setup_path() -{ - for version in 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 ; do - for jvm in \ - java-${version}-openjdk-${arch} \ - java-${version}-openjdk \ - oracle-java${version}-jre-${arch} \ - oracle-java${version}-server-jre-${arch} \ - oracle-java${version}-jdk-${arch} - do - if [ -x /usr/lib/jvm/$jvm/bin/java ]; then - export JAVA_HOME=/usr/lib/jvm/$jvm - PATH=$JAVA_HOME/bin:$PATH - # copy java.security to allow import to function - security_conf=/etc/java-${version}-openjdk/security - if [ -f ${security_conf}/java.security.dpkg-new ] \ - && [ ! -f ${security_conf}/java.security ]; then - cp ${security_conf}/java.security.dpkg-new \ - ${security_conf}/java.security - fi - break 2 - fi - done - done -} - check_proc() { if ! mountpoint -q /proc; then @@ -106,7 +80,6 @@ echo "+${filename}" done | \ java -Xmx64m -jar $JAR -storepass "$storepass" - echo "done." } do_cleanup() @@ -118,6 +91,32 @@ fi } +update_cacerts() +{ + check_proc + + if ! which java >/dev/null; then + echo "No JRE found. Skipping Java certificates setup." + exit 0 + fi + + if [ -f /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks ]; then + convert_pkcs12_keystore_to_jks + rm /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks + fi + + trap do_cleanup EXIT + if [ -f /var/lib/ca-certificates-java/fresh ]; then + first_install + rm -f /var/lib/ca-certificates-java/fresh + else + java -Xmx64m -jar $JAR -storepass "$storepass"; + fi + + chmod 600 /etc/default/cacerts || true + echo "done." +} + case "$1" in configure) if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then @@ -126,28 +125,29 @@ cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old fi fi - - setup_path - if dpkg --compare-versions "$2" lt "20180516"; then if [ -e /etc/ssl/certs/java/cacerts \ -a "$(head -c4 /etc/ssl/certs/java/cacerts)" != "$(echo -en '\xfe\xed\xfe\xed')" ]; then - check_proc - convert_pkcs12_keystore_to_jks + touch /var/lib/ca-certificates-java/convert_pkcs12_keystore_to_jks fi fi if [ -z "$2" -o -n "$FIXOLD" ]; then - check_proc - trap do_cleanup EXIT - first_install + touch /var/lib/ca-certificates-java/fresh fi - chmod 600 /etc/default/cacerts || true + + update_cacerts ;; abort-upgrade|abort-remove|abort-deconfigure) ;; + triggered) + if [ ! -f /etc/ssl/certs/java/cacerts ]; then + touch /var/lib/ca-certificates-java/fresh + fi + update_cacerts + ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1