← Back to branch summary

~ubuntu-branches/ubuntu/trusty/ca-certificates-java/trusty-proposed

« back to all changes in this revision

Viewing changes to debian/postinst

  • Committer: Bazaar Package Importer
  • Author(s): Torsten Werner
  • Date: 2011-04-25 15:28:55 UTC
  • Revision ID: james.westby@ubuntu.com-20110425152855-op4b3mqmb8k23s88
Tags: 20110425
http://bugs.debian.org/607245
http://bugs.debian.org/623671
http://bugs.debian.org/623888
* Add Java code to update the keystore and support UTF-8 encoded filenames.
  (Closes: #607245, #623671)
* Change Maintainer to Debian Java Maintainers and add myself to Uploaders.
* Update Build-Depends.
* Replace old inconsistent keystore aliases. (Closes: #623888)
* Add support for openjdk-7 and remove support for old cacao VM.
* Add a NEWS file explaining the update.
* Update README.Debian.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/postinst
2
2
 
3
3
set -e
4
4
 
5
 
KEYSTORE=/etc/ssl/certs/java/cacerts
6
 
 
7
5
storepass='changeit'
8
6
if [ -f /etc/default/cacerts ]; then
9
7
    . /etc/default/cacerts
11
9
 
12
10
setup_path()
13
11
{
14
 
    for jvm in java-6-openjdk java-6-sun; do
15
 
        if [ -x /usr/lib/jvm/$jvm/bin/keytool ]; then
 
12
    for jvm in java-6-openjdk java-7-openjdk java-6-sun; do
 
13
        if [ -x /usr/lib/jvm/$jvm/bin/java ]; then
16
14
            break
17
15
        fi
18
16
    done
19
17
    export JAVA_HOME=/usr/lib/jvm/$jvm
20
18
    PATH=$JAVA_HOME/bin:$PATH
 
19
 
 
20
    CLASSPATH=/usr/share/ca-certificates-java
 
21
    export CLASSPATH
21
22
}
22
23
 
23
24
first_install()
24
25
{
25
 
    cacertdir=/usr/share/ca-certificates
26
 
    log=$(tempfile)
27
 
 
28
 
    # aliases of pregenerated files
29
 
    pregenerated=$(tempfile)
30
 
    LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -list -keystore $KEYSTORE -storepass "$storepass" \
31
 
        | awk -F, '/^Certificate fingerprint/ { print s } { s=$1 } ' \
32
 
        | sort > $pregenerated
33
 
 
34
 
    grep -v -E '^ *$|^#' /etc/ca-certificates.conf | ( \
35
 
    errors=0
36
 
    while read line; do
37
 
        pem=${line#!*}
38
 
        alias=$(basename $pem .crt | tr A-Z a-z | tr -cs a-z0-9 _)
 
26
    find /etc/ssl/certs -name \*.pem | \
 
27
    while read filename; do
 
28
        alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _)
39
29
        alias=${alias%*_}
40
 
        case "$line" in
41
 
            !*)
42
 
                # remove untrusted certificate
43
 
                if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -delete -keystore $KEYSTORE \
44
 
                    -storepass "$storepass" -alias "$alias" >/dev/null
45
 
                then
46
 
                    echo "  removed untrusted certificate $pem"
47
 
                else
48
 
                    # not (anymore) in keystore
49
 
                    :
50
 
                fi;;
51
 
            *)
52
 
                # add certificate not yet in keystore
53
 
                if [ ! -f "$cacertdir/$pem" ]; then
54
 
                    echo >&2 "warning: /etc/ca-certificates.conf lists $pem,"
55
 
                    echo >&2 "warning:   but $cacertdir/$pem does not exist."
56
 
                    continue
57
 
                fi
58
 
                if ! grep -q "^${alias}$" $pregenerated; then
59
 
                  if LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
60
 
                        -noprompt -storepass "$storepass" \
61
 
                        -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
62
 
                  then
63
 
                      echo "  added certificate $pem"
64
 
                  elif LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 keytool -importcert -trustcacerts -keystore $KEYSTORE \
65
 
                        -providerClass sun.security.pkcs11.SunPKCS11 \
66
 
                        -providerArg '${java.home}/lib/security/nss.cfg' \
67
 
                        -noprompt -storepass "$storepass" \
68
 
                        -alias "$alias" -file "$cacertdir/$pem" > $log 2>&1
69
 
                  then
70
 
                      echo "  added certificate $pem (using NSS provider)"
71
 
                  elif grep -q 'Signature not available' $log; then
72
 
                      echo "  ignored import, signature not available: ${line#+*}"
73
 
                      sed -e 's/^/   -> /' $log
74
 
                  else
75
 
                      echo >&2 "  error adding ${line#+*}"
76
 
                      errors=$(expr $errors + 1)
77
 
                  fi
78
 
                fi
79
 
        esac
80
 
    done
81
 
    rm -f $log
82
 
    rm -f $pregenerated
83
 
    if [ $errors -gt 0 ]; then
84
 
        echo >&2 "failed (VM used: $jvm)."
85
 
        [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg
86
 
        exit 1
87
 
    fi
 
30
        if [ -n "$FIXOLD" ]; then
 
31
            echo "-${alias}"
 
32
            echo "-${alias}_pem"
 
33
        fi
 
34
        echo "+${filename}"
 
35
    done | \
 
36
    java UpdateCertificates -storepass "$storepass"
88
37
    echo "done."
89
 
    )
90
38
}
91
39
 
92
40
case "$1" in
93
41
    configure)
94
 
        if [ -z "$2" ]; then
 
42
        if dpkg --compare-versions "$2" le "20100412"; then
 
43
            FIXOLD="true"
 
44
            cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old
 
45
        fi
 
46
        if [ -z "$2" -o -n "$FIXOLD" ]; then
95
47
            setup_path
96
48
 
97
49
            if ! mountpoint -q /proc; then
106
58
                printf -- "-server KNOWN\n" > $temp_jvm_cfg
107
59
            fi
108
60
 
109
 
            # on first install, remove certs untrusted by the
110
 
            # user/admininstrator, add locally added certs
111
 
            echo "creating $KEYSTORE..."
112
 
            cp /usr/share/ca-certificates-java/cacerts $KEYSTORE
113
61
            first_install
114
62
 
115
63
            [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg