[pkg-java] r15797 - trunk/ca-certificates-java/debian
Damien Raude-Morvan
drazzib at alioth.debian.org
Sat Feb 25 11:45:04 UTC 2012
Author: drazzib
Date: 2012-02-25 11:45:04 +0000 (Sat, 25 Feb 2012)
New Revision: 15797
Added:
trunk/ca-certificates-java/debian/jks-keystore.hook.in
trunk/ca-certificates-java/debian/postinst.in
trunk/ca-certificates-java/debian/preinst
Removed:
trunk/ca-certificates-java/debian/jks-keystore.hook
trunk/ca-certificates-java/debian/postinst
Modified:
trunk/ca-certificates-java/debian/changelog
trunk/ca-certificates-java/debian/control
trunk/ca-certificates-java/debian/rules
Log:
* debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d,
don't remove files from the filesystem in do_cleanup(),
since this has a nasty tendency of nuking system libraries.
LP: #855171.
* debian/preinst, debian/postinst: when upgrading from version
20110912ubuntu1, disable the buggy hook script early to prevent it from
being run before our new version is configured; and re-enable the script
in the postinst. LP: #855246.
* Mark as Multi-Arch: foreign.
* Adjust the libnss3-1d versioned dependency.
* Add myself to Uploaders.
* Use dh_gencontrol and dpkg-vendor to allow:
- New substvar ${nss:Depends} for libnss3-1d versionning.
- New @NSS_LIB@ parameter for debian/*.in files.
Modified: trunk/ca-certificates-java/debian/changelog
===================================================================
--- trunk/ca-certificates-java/debian/changelog 2012-02-24 23:42:13 UTC (rev 15796)
+++ trunk/ca-certificates-java/debian/changelog 2012-02-25 11:45:04 UTC (rev 15797)
@@ -1,3 +1,27 @@
+ca-certificates-java (20120225) UNRELEASED; urgency=low
+
+ [ Steve Langasek ]
+ * debian/jks-keystore.hook: If we *don't* find libnss3 / libnss3-1d,
+ don't remove files from the filesystem in do_cleanup(),
+ since this has a nasty tendency of nuking system libraries.
+ LP: #855171.
+ * debian/preinst, debian/postinst: when upgrading from version
+ 20110912ubuntu1, disable the buggy hook script early to prevent it from
+ being run before our new version is configured; and re-enable the script
+ in the postinst. LP: #855246.
+
+ [ Matthias Klose ]
+ * Mark as Multi-Arch: foreign.
+ * Adjust the libnss3-1d versioned dependency.
+
+ [ Damien Raude-Morvan ]
+ * Add myself to Uploaders.
+ * Use dh_gencontrol and dpkg-vendor to allow:
+ - New substvar ${nss:Depends} for libnss3-1d versionning.
+ - New @NSS_LIB@ parameter for debian/*.in files.
+
+ -- Damien Raude-Morvan <drazzib at debian.org> Sat, 25 Feb 2012 12:40:51 +0100
+
ca-certificates-java (20111223) unstable; urgency=low
* Support new multiarch JRE packages in postinst.
Modified: trunk/ca-certificates-java/debian/control
===================================================================
--- trunk/ca-certificates-java/debian/control 2012-02-24 23:42:13 UTC (rev 15796)
+++ trunk/ca-certificates-java/debian/control 2012-02-25 11:45:04 UTC (rev 15797)
@@ -2,7 +2,7 @@
Section: java
Priority: optional
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
-Uploaders: Matthias Klose <doko at ubuntu.com>, Torsten Werner <twerner at debian.org>
+Uploaders: Matthias Klose <doko at ubuntu.com>, Torsten Werner <twerner at debian.org>, Damien Raude-Morvan <drazzib at debian.org>
Build-Depends: debhelper (>= 6), default-jdk
Standards-Version: 3.8.4
Vcs-Svn: svn://svn.debian.org/svn/pkg-java/trunk/ca-certificates-java
@@ -10,7 +10,8 @@
Package: ca-certificates-java
Architecture: all
-Depends: ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless, ${misc:Depends}, libnss3-1d (>= 3.12.10-2~)
+Multi-Arch: foreign
+Depends: ca-certificates (>= 20090814), openjdk-6-jre-headless (>= 6b16-1.6.1-2) | java6-runtime-headless, ${misc:Depends}, ${nss:Depends}
# We need a versioned Depends due to multiarch changes (bug #635571).
#Recommends: libnss3-1d
Description: Common CA certificates (JKS keystore)
Deleted: trunk/ca-certificates-java/debian/jks-keystore.hook
===================================================================
--- trunk/ca-certificates-java/debian/jks-keystore.hook 2012-02-24 23:42:13 UTC (rev 15796)
+++ trunk/ca-certificates-java/debian/jks-keystore.hook 2012-02-25 11:45:04 UTC (rev 15797)
@@ -1,75 +0,0 @@
-#! /bin/sh
-
-set -e
-
-# use the locale C.UTF-8
-unset LC_ALL
-LC_CTYPE=C.UTF-8
-export LC_CTYPE
-
-storepass='changeit'
-if [ -f /etc/default/cacerts ]; then
- . /etc/default/cacerts
-fi
-
-echo ""
-if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
- echo "updates of cacerts keystore disabled."
- exit 0
-fi
-
-if ! mountpoint -q /proc; then
- echo >&2 "the keytool command requires a mounted proc fs (/proc)."
- exit 1
-fi
-
-for jdir in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
- if [ -x $jdir/bin/java ]; then
- break
- fi
-done
-export JAVA_HOME=$jdir
-PATH=$JAVA_HOME/bin:$PATH
-
-temp_jvm_cfg=
-if [ ! -f /etc/$jvm/jvm.cfg ]; then
- # the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/$jvm/jvm.cfg
- mkdir -p /etc/$jvm
- printf -- "-server KNOWN\n" > $temp_jvm_cfg
-fi
-
-if dpkg-query --version >/dev/null; then
- nsspkg=$(dpkg-query -L libnss3-1d | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
- nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $jdir/jre/lib/security/nss.cfg)
- if [ "$nsspkg" != "$nssjdk" ]; then
- ln -sf $nsspkg/libnss3.so $nssjdk/
- fi
- softokn3pkg=$(dpkg-query -L libnss3-1d | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p')
- if [ "$softokn3pkg" != "$nssjdk" ]; then
- ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/
- fi
-fi
-
-do_cleanup()
-{
- [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
- if [ "$nsspkg" != "$nssjdk" ]; then
- rm -f $nssjdk/libnss3.so
- fi
- if [ "$softokn3pkg" != "$nssjdk" ]; then
- rm -f $nssjdk/libsoftokn3.so
- fi
-}
-
-CLASSPATH=/usr/share/ca-certificates-java
-export CLASSPATH
-
-if java UpdateCertificates -storepass "$storepass"; then
- do_cleanup
-else
- do_cleanup
- exit 1
-fi
-
-echo "done."
Copied: trunk/ca-certificates-java/debian/jks-keystore.hook.in (from rev 15789, trunk/ca-certificates-java/debian/jks-keystore.hook)
===================================================================
--- trunk/ca-certificates-java/debian/jks-keystore.hook.in (rev 0)
+++ trunk/ca-certificates-java/debian/jks-keystore.hook.in 2012-02-25 11:45:04 UTC (rev 15797)
@@ -0,0 +1,78 @@
+#! /bin/sh
+
+set -e
+
+# use the locale C.UTF-8
+unset LC_ALL
+LC_CTYPE=C.UTF-8
+export LC_CTYPE
+
+storepass='changeit'
+if [ -f /etc/default/cacerts ]; then
+ . /etc/default/cacerts
+fi
+
+echo ""
+if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
+ echo "updates of cacerts keystore disabled."
+ exit 0
+fi
+
+if ! mountpoint -q /proc; then
+ echo >&2 "the keytool command requires a mounted proc fs (/proc)."
+ exit 1
+fi
+
+for jdir in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
+ if [ -x $jdir/bin/java ]; then
+ break
+ fi
+done
+export JAVA_HOME=$jdir
+PATH=$JAVA_HOME/bin:$PATH
+
+temp_jvm_cfg=
+if [ ! -f /etc/$jvm/jvm.cfg ]; then
+ # the jre is not yet configured, but jvm.cfg is needed to run it
+ temp_jvm_cfg=/etc/$jvm/jvm.cfg
+ mkdir -p /etc/$jvm
+ printf -- "-server KNOWN\n" > $temp_jvm_cfg
+fi
+
+if dpkg-query --version >/dev/null; then
+ nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
+ nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $jdir/jre/lib/security/nss.cfg)
+ if [ "$nsspkg" != "$nssjdk" ]; then
+ ln -sf $nsspkg/libnss3.so $nssjdk/
+ fi
+ softokn3pkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p')
+ if [ "$softokn3pkg" != "$nssjdk" ]; then
+ ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/
+ fi
+fi
+
+do_cleanup()
+{
+ [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
+ if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
+ then
+ rm -f $nssjdk/libnss3.so
+ fi
+ if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] \
+ && [ "$softokn3pkg" != "$nssjdk" ]
+ then
+ rm -f $nssjdk/libsoftokn3.so
+ fi
+}
+
+CLASSPATH=/usr/share/ca-certificates-java
+export CLASSPATH
+
+if java UpdateCertificates -storepass "$storepass"; then
+ do_cleanup
+else
+ do_cleanup
+ exit 1
+fi
+
+echo "done."
Deleted: trunk/ca-certificates-java/debian/postinst
===================================================================
--- trunk/ca-certificates-java/debian/postinst 2012-02-24 23:42:13 UTC (rev 15796)
+++ trunk/ca-certificates-java/debian/postinst 2012-02-25 11:45:04 UTC (rev 15797)
@@ -1,102 +0,0 @@
-#!/bin/bash
-
-set -e
-
-storepass='changeit'
-if [ -f /etc/default/cacerts ]; then
- . /etc/default/cacerts
-fi
-
-setup_path()
-{
- for JAVA_HOME in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
- if [ -x $JAVA_HOME/bin/java ]; then
- break
- fi
- done
- jvm=$(basename $JAVA_HOME | sed 's,-openjdk-.*,-openjdk,') # multiarch fixup
- PATH=$JAVA_HOME/bin:$PATH
-
- CLASSPATH=/usr/share/ca-certificates-java
- export CLASSPATH
-}
-
-first_install()
-{
- if which dpkg-query --version >/dev/null; then
- nsspkg=$(dpkg-query -L libnss3 | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
- nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/$jvm/security/nss.cfg)
- if [ "$nsspkg" != "$nssjdk" ]; then
- ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
- fi
- fi
-
- find /etc/ssl/certs -name \*.pem | \
- while read filename; do
- alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
- alias=${alias%*_}
- if [ -n "$FIXOLD" ]; then
- echo "-${alias}"
- echo "-${alias}_pem"
- fi
- echo "+${filename}"
- done | \
- java UpdateCertificates -storepass "$storepass"
- echo "done."
-}
-
-do_cleanup()
-{
- [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
- if [ "$nsspkg" != "$nssjdk" ]; then
- rm -f $nssjdk/libnss3.so
- fi
-}
-
-case "$1" in
- configure)
- if dpkg --compare-versions "$2" le "20100412"; then
- FIXOLD="true"
- if [ -e /etc/ssl/certs/java/cacerts ]; then
- cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
- fi
- fi
- if [ -z "$2" -o -n "$FIXOLD" ]; then
- setup_path
-
- if ! mountpoint -q /proc; then
- echo >&2 "the keytool command requires a mounted proc fs (/proc)."
- exit 1
- fi
-
- if [ ! -f /etc/$jvm/jvm.cfg ]; then
- # the jre is not yet configured, but jvm.cfg is needed to run it
- temp_jvm_cfg=/etc/$jvm/jvm.cfg
- mkdir -p /etc/$jvm
- printf -- "-server KNOWN\n" > $temp_jvm_cfg
- fi
-
- if first_install; then
- do_cleanup
- else
- do_cleanup
- exit 1
- fi
- fi
- chmod 600 /etc/default/cacerts || true
- ;;
-
- abort-upgrade|abort-remove|abort-deconfigure)
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-#DEBHELPER#
-
-exit 0
-
-
Copied: trunk/ca-certificates-java/debian/postinst.in (from rev 15789, trunk/ca-certificates-java/debian/postinst)
===================================================================
--- trunk/ca-certificates-java/debian/postinst.in (rev 0)
+++ trunk/ca-certificates-java/debian/postinst.in 2012-02-25 11:45:04 UTC (rev 15797)
@@ -0,0 +1,110 @@
+#!/bin/bash
+
+set -e
+
+# Disable a critically buggy hook script during upgrade; to be removed
+# after oneiric release
+if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ]
+then
+ chmod +x /etc/ca-certificates/update.d/jks-keystore
+fi
+
+storepass='changeit'
+if [ -f /etc/default/cacerts ]; then
+ . /etc/default/cacerts
+fi
+
+setup_path()
+{
+ for JAVA_HOME in /usr/lib/jvm/java-[67]-openjdk* /usr/lib/jvm/java-6-sun; do
+ if [ -x $JAVA_HOME/bin/java ]; then
+ break
+ fi
+ done
+ jvm=$(basename $JAVA_HOME | sed 's,-openjdk-.*,-openjdk,') # multiarch fixup
+ PATH=$JAVA_HOME/bin:$PATH
+
+ CLASSPATH=/usr/share/ca-certificates-java
+ export CLASSPATH
+}
+
+first_install()
+{
+ if which dpkg-query --version >/dev/null; then
+ nsspkg=$(dpkg-query -L @NSS_LIB@ | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
+ nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/$jvm/security/nss.cfg)
+ if [ "$nsspkg" != "$nssjdk" ]; then
+ ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
+ fi
+ fi
+
+ find /etc/ssl/certs -name \*.pem | \
+ while read filename; do
+ alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
+ alias=${alias%*_}
+ if [ -n "$FIXOLD" ]; then
+ echo "-${alias}"
+ echo "-${alias}_pem"
+ fi
+ echo "+${filename}"
+ done | \
+ java UpdateCertificates -storepass "$storepass"
+ echo "done."
+}
+
+do_cleanup()
+{
+ [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
+ if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]
+ then
+ rm -f $nssjdk/libnss3.so
+ fi
+}
+
+case "$1" in
+ configure)
+ if dpkg --compare-versions "$2" le "20100412"; then
+ FIXOLD="true"
+ if [ -e /etc/ssl/certs/java/cacerts ]; then
+ cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
+ fi
+ fi
+ if [ -z "$2" -o -n "$FIXOLD" ]; then
+ setup_path
+
+ if ! mountpoint -q /proc; then
+ echo >&2 "the keytool command requires a mounted proc fs (/proc)."
+ exit 1
+ fi
+
+ if [ ! -f /etc/$jvm/jvm.cfg ]; then
+ # the jre is not yet configured, but jvm.cfg is needed to run it
+ temp_jvm_cfg=/etc/$jvm/jvm.cfg
+ mkdir -p /etc/$jvm
+ printf -- "-server KNOWN\n" > $temp_jvm_cfg
+ fi
+
+ if first_install; then
+ do_cleanup
+ else
+ do_cleanup
+ exit 1
+ fi
+ fi
+ chmod 600 /etc/default/cacerts || true
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
+
+
Added: trunk/ca-certificates-java/debian/preinst
===================================================================
--- trunk/ca-certificates-java/debian/preinst (rev 0)
+++ trunk/ca-certificates-java/debian/preinst 2012-02-25 11:45:04 UTC (rev 15797)
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+# Disable a critically buggy hook script during upgrade; to be removed
+# after oneiric release
+if [ "$2" = 20110912ubuntu1 ] && [ -e /etc/ca-certificates/update.d/jks-keystore ]
+then
+ chmod -x /etc/ca-certificates/update.d/jks-keystore
+fi
+
+#DEBHELPER#
+
Modified: trunk/ca-certificates-java/debian/rules
===================================================================
--- trunk/ca-certificates-java/debian/rules 2012-02-24 23:42:13 UTC (rev 15796)
+++ trunk/ca-certificates-java/debian/rules 2012-02-25 11:45:04 UTC (rev 15797)
@@ -4,6 +4,14 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
+ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)
+ SUBSTVARS = -Vnss:Depends="libnss3-1d (>= 3.12.9+ckbi-1.82-0ubuntu3~)"
+ nss_lib = libnss3
+else
+ SUBSTVARS = -Vnss:Depends="libnss3-1d (>= 3.12.10-2~)"
+ nss_lib = libnss3-1d
+endif
+
JAVA_HOME := /usr/lib/jvm/default-java
d = debian/ca-certificates-java
@@ -18,7 +26,11 @@
dh_testdir
dh_testroot
$(RM) build-stamp UpdateCertificates.class
- dh_clean
+ dh_clean
+ for f in debian/*.in; do \
+ f2=$$(echo $$f | sed ';s/\.in$$//'); \
+ rm -f $$f2; \
+ done
install: build
dh_testdir
@@ -28,8 +40,12 @@
usr/share/ca-certificates-java \
etc/default \
etc/ssl/certs/java \
- etc/ca-certificates/update.d \
-
+ etc/ca-certificates/update.d
+ for f in debian/*.in; do \
+ f2=$$(echo $$f | sed 's/\.in$$//'); \
+ sed -e 's/@NSS_LIB@/$(nss_lib)/g' \
+ $$f > $$f2; \
+ done
install -m755 debian/jks-keystore.hook \
$(d)/etc/ca-certificates/update.d/jks-keystore
install -m600 debian/default \
@@ -45,7 +61,7 @@
dh_compress
dh_fixperms
dh_installdeb
- dh_gencontrol
+ dh_gencontrol -- $(SUBSTVARS)
dh_md5sums
dh_builddeb
More information about the pkg-java-commits
mailing list