[pkg-java] r13569 - trunk/ca-certificates-java/debian
Torsten Werner
twerner at alioth.debian.org
Sun Apr 24 23:18:35 UTC 2011
Author: twerner
Date: 2011-04-24 23:18:33 +0000 (Sun, 24 Apr 2011)
New Revision: 13569
Modified:
trunk/ca-certificates-java/debian/changelog
trunk/ca-certificates-java/debian/postinst
Log:
Replace old inconsistent keystore aliases. (Closes: #623888)
Modified: trunk/ca-certificates-java/debian/changelog
===================================================================
--- trunk/ca-certificates-java/debian/changelog 2011-04-24 22:59:25 UTC (rev 13568)
+++ trunk/ca-certificates-java/debian/changelog 2011-04-24 23:18:33 UTC (rev 13569)
@@ -4,8 +4,9 @@
* Add Java code to update the keystore. (Closes: #623671)
* Change Maintainer to Debian Java Maintainers and add myself to Uploaders.
* Update Build-Depends.
+ * Replace old inconsistent keystore aliases. (Closes: #623888)
- -- Torsten Werner <twerner at debian.org> Mon, 25 Apr 2011 00:29:23 +0200
+ -- Torsten Werner <twerner at debian.org> Mon, 25 Apr 2011 01:17:00 +0200
ca-certificates-java (20100412) unstable; urgency=low
Modified: trunk/ca-certificates-java/debian/postinst
===================================================================
--- trunk/ca-certificates-java/debian/postinst 2011-04-24 22:59:25 UTC (rev 13568)
+++ trunk/ca-certificates-java/debian/postinst 2011-04-24 23:18:33 UTC (rev 13569)
@@ -2,8 +2,6 @@
set -e
-KEYSTORE=/etc/ssl/certs/java/cacerts
-
storepass='changeit'
if [ -f /etc/default/cacerts ]; then
. /etc/default/cacerts
@@ -11,8 +9,8 @@
setup_path()
{
- for jvm in java-6-openjdk java-6-sun; do
- if [ -x /usr/lib/jvm/$jvm/bin/keytool ]; then
+ for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
+ if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
break
fi
done
@@ -22,64 +20,17 @@
first_install()
{
- cacertdir=/usr/share/ca-certificates
- log=$(tempfile)
-
- # aliases of pregenerated files
- pregenerated=$(tempfile)
- LANG=C LC_ALL=C keytool -list -keystore $KEYSTORE -storepass "$storepass" \
- | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
- | sort > $pregenerated
-
- grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
- errors=0
- while read line; do
- pem=${line#!*}
- alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
+ find /etc/ssl/certs -name \*.pem | \
+ while read filename; do
+ alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
alias=${alias%*_}
- case "$line" in
- !*)
- # remove untrusted certificate
- if LANG=C LC_ALL=C keytool -delete -keystore $KEYSTORE \
- -storepass "$storepass" -alias "$alias" >/dev/null
- then
- echo " removed untrusted certificate $pem"
- else
- # not (anymore) in keystore
- :
- fi;;
- *)
- # add certificate not yet in keystore
- if [ ! -f "$cacertdir/$pem" ]; then
- echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
- echo >&2 "warning: but $cacertdir/$pem does not exist."
- continue
- fi
- if ! grep -q "^${alias}$" $pregenerated; then
- if LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
- -noprompt -storepass "$storepass" \
- -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
- then
- echo " added certificate $pem"
- elif LANG=C LC_ALL=C keytool -importcert -trustcacerts -keystore $KEYSTORE \
- -providerClass sun.security.pkcs11.SunPKCS11 \
- -providerArg '${java.home}/lib/security/nss.cfg' \
- -noprompt -storepass "$storepass" \
- -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
- then
- echo " added certificate $pem (using NSS provider)"
- elif grep -q 'Signature not available' $log; then
- echo " ignored import, signature not available: ${line#+*}"
- sed -e 's/^/ -> /' $log
- else
- echo >&2 " error adding ${line#+*}"
- errors=$(expr $errors + 1)
- fi
- fi
- esac
- done
- rm -f $log
- rm -f $pregenerated
+ if [ -n "$FIXOLD" ]; then
+ echo "-${alias}"
+ echo "-${alias}_pem"
+ fi
+ echo "+${filename}"
+ done | \
+ java UpdateCertificates -storepass "$storepass"
if [ $errors -gt 0 ]; then
echo >&2 "failed (VM used: $jvm)."
[ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
@@ -91,9 +42,14 @@
case "$1" in
configure)
- if [ -z "$2" ]; then
+ if dpkg --compare-versions "$2" le "20100412"; then
+ FIXOLD="true"
+ cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
+ fi
+ if [ -z "$2" -o -n "$FIXOLD" ]; then
setup_path
+ # TODO: check if we really need it
if ! mountpoint -q /proc; then
echo >&2 "the keytool command requires a mounted proc fs (/proc)."
exit 1
More information about the pkg-java-commits
mailing list