← Back to team overview

openjdk team mailing list archive

[Bug 1769013] Re: Please merge ca-certificates-java 20180413 (main) from Debian unstable (main)

 

** Description changed:

- There's a new ca-certificates-java package in debian unstable versioned
- 20180413 which conflicts with cosmic's version 20170930ubuntu1 [1] and
- requires a merge.
+ [Original Merge description]
+ There's a new ca-certificates-java package in debian unstable versioned 20180413 which conflicts with cosmic's version 20170930ubuntu1 [1] and requires a merge.
  
  The following changes should be kept:
  1) debian/control: Bump javahelper build dependency.
  2) debian/rules:
  2a) Explicitly depend on openjdk-11-jre-headless, needed to configure.
  2b) Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
-     as, per JEP-247, it also takes care of setting the right -bootclasspath
-     argument.
+     as, per JEP-247, it also takes care of setting the right -bootclasspath
+     argument.
  
  And a new change should be considered:
  - remove the creation of a default jvm-*.cfg file from debian/jks-keystore.hook.in as openjdk packages already provides a default jvm with the right configuration.
  
+ 
+ [Impact]
+ Besides the fix in bug 1739631 this merge also removes the usage of a fixed jvm config file by ca-certificates-java. A long long time ago ca-certificates-java failed to be installed together with openjdk because during configuration its scripts/hooks will call java, which would then be missing the jvm config file (as openjdk was only configured but not yet installed by dpkg). Still this was wrong as such solution requires that every package that depended on openjdk during dpkg configuration to provide their own jvm cfg - since that file tells openjdk which VM are available and their alias this configuration might not match what VMs (client, server, jamvm, zero, etc) are available with any given openjdk package.
+ 
+ This usage is no longer required since OpenJDK packages have provided
+ their own default exactly for this scenario since 2009 back to Jaunty's
+ openjdk version 6b14-0ubuntu4 [2] - which is the correct approach for
+ this problem as the openjdk maintainers known what jvm should default to
+ in each architecture.
+ 
+ This has already been fixed in the postinst script by debian 874276 [3],
+ but unfortunately the jks-keystore hook was not fixed at the time.
+ 
+ [Test Case]
+ * Install ca-certificates-java in a clean bionic install, it should be able to configured correctly by dpkg while openjdk is also being configured.
+ 
+ [Regression Potential]
+ * if the openjdk package ever fail to ship a default jvm config file (or ships a badly configured one) the configuration step of ca-certificates-java might fail, but this is no worse than it shipping its own misconfigured jvm config file.
+ 
+ [Other Info]
+ 
+ 
+ [References]
  [1] https://merges.ubuntu.com/main.html?query=ca-certificates-java
+ [2] https://bazaar.launchpad.net/~openjdk/openjdk/openjdk8/revision/311
+ [3] https://bugs.debian.org/874276

-- 
You received this bug notification because you are a member of OpenJDK,
which is subscribed to ca-certificates-java in Ubuntu.
https://bugs.launchpad.net/bugs/1769013

Title:
  Please merge ca-certificates-java 20180413 (main) from Debian unstable
  (main)

Status in JOSM:
  Unknown
Status in ca-certificates-java package in Ubuntu:
  Fix Released

Bug description:
  [Original Merge description]
  There's a new ca-certificates-java package in debian unstable versioned 20180413 which conflicts with cosmic's version 20170930ubuntu1 [1] and requires a merge.

  The following changes should be kept:
  1) debian/control: Bump javahelper build dependency.
  2) debian/rules:
  2a) Explicitly depend on openjdk-11-jre-headless, needed to configure.
  2b) Replace javac arguments '-source 1.7 -target 1.7' with '--release 7'
      as, per JEP-247, it also takes care of setting the right -bootclasspath
      argument.

  And a new change should be considered:
  - remove the creation of a default jvm-*.cfg file from debian/jks-keystore.hook.in as openjdk packages already provides a default jvm with the right configuration.

  
  [Impact]
  Besides the fix in bug 1739631 this merge also removes the usage of a fixed jvm config file by ca-certificates-java. A long long time ago ca-certificates-java failed to be installed together with openjdk because during configuration its scripts/hooks will call java, which would then be missing the jvm config file (as openjdk was only configured but not yet installed by dpkg). Still this was wrong as such solution requires that every package that depended on openjdk during dpkg configuration to provide their own jvm cfg - since that file tells openjdk which VM are available and their alias this configuration might not match what VMs (client, server, jamvm, zero, etc) are available with any given openjdk package.

  This usage is no longer required since OpenJDK packages have provided
  their own default exactly for this scenario since 2009 back to
  Jaunty's openjdk version 6b14-0ubuntu4 [2] - which is the correct
  approach for this problem as the openjdk maintainers known what jvm
  should default to in each architecture.

  This has already been fixed in the postinst script by debian 874276
  [3], but unfortunately the jks-keystore hook was not fixed at the
  time.

  [Test Case]
  * Install ca-certificates-java in a clean bionic install, it should be able to configured correctly by dpkg while openjdk is also being configured.

  [Regression Potential]
  * if the openjdk package ever fail to ship a default jvm config file (or ships a badly configured one) the configuration step of ca-certificates-java might fail, but this is no worse than it shipping its own misconfigured jvm config file.

  [Other Info]

  
  [References]
  [1] https://merges.ubuntu.com/main.html?query=ca-certificates-java
  [2] https://bazaar.launchpad.net/~openjdk/openjdk/openjdk8/revision/311
  [3] https://bugs.debian.org/874276

To manage notifications about this bug go to:
https://bugs.launchpad.net/josm/+bug/1769013/+subscriptions


References