Bug#537051: Add no-await trigger support and Breaks to fix ca-certificates-java breakage

Tue, 13 Nov 2012 13:21:16 -0800 

Control: tag -1 patch

Please find the attached patches which fix this problem. I've tested
them a bit, but please review them.

ca-certificates (20121112+nmu1) unstable; urgency=low

  * Non-maintainer upload
  * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
  * Provide update-ca-certificates and update-ca-certificates-fresh
    triggers.
  * Call the triggers using no-await so that the configuration files from
    the newer version of ca-certificates-java are in places before the
    upgrade. Closes: #537051.

ca-certificates-java (20121112+nmu1) unstable; urgency=low

  * Non-maintainer upload
  * Fix test for dpkg-query in postinst; there was an extraneous --version
    here. [Probably don't even need to bother to check for dpkg-query, but
    why not.] (Closes: #690204)
  * Library path for softokn3pkg and nsspkg is potentially wrong if there
    are multiple different paths; fix it.
  * Do not run the hook if ca-certificates-java has been removed but not
    purged.
  * Use the new trigger support provided by ca-certificates (>=20121112).

 -- Don Armstrong <[email protected]>  Mon, 12 Nov 2012 15:45:50 -0800


I plan on uploading an NMU for ca-certificates-java as soon as I have
an ACK from the ca-certificates team that the fix looks reasonable
(unless I hear from ca-certificates-java that they want to do it.) [I
can also upload a fixed ca-certificates and pull my changes into
ca-certificates unless y'all want to handle that.]


Don Armstrong

-- 
THERE IS NO GRAVITY THE WORLD SUCKS
 -- Vietnam War Penquin Lighter
http://gallery.donarmstrong.com/clippings/vietnam_there_is_no_gravity.jpg

http://www.donarmstrong.com              http://rzlab.ucr.edu

From 7731133fe1266d1722cad212fd8750ca5e324c58 Mon Sep 17 00:00:00 2001
From: Don Armstrong <[email protected]>
Date: Tue, 13 Nov 2012 13:04:01 -0800
Subject: [PATCH 2/2] * Breaks ca-certificates-java (<<20121112+nmu1);
 partially fixing #537051. * Provide
 update-ca-certificates and update-ca-certificates-fresh
   triggers. * Call the triggers using no-await so that
 the configuration files from   the newer version of
 ca-certificates-java are in places before the  
 upgrade. Closes: #537051.

---
 debian/ca-certificates.triggers |    4 ++++
 debian/changelog                |   12 ++++++++++++
 debian/control                  |    2 ++
 debian/postinst                 |   21 +++++++++++++++++++--
 4 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 debian/ca-certificates.triggers

diff --git a/debian/ca-certificates.triggers b/debian/ca-certificates.triggers
new file mode 100644
index 0000000..14dec6e
--- /dev/null
+++ b/debian/ca-certificates.triggers
@@ -0,0 +1,4 @@
+interest-noawait update-ca-certificates
+interest-noawait update-ca-certificates-fresh
+interest update-ca-certificates
+interest update-ca-certificates-fresh
diff --git a/debian/changelog b/debian/changelog
index 861abed..a59fed5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+ca-certificates (20121112+nmu1) unstable; urgency=low
+
+  * Non-maintainer upload
+  * Breaks ca-certificates-java (<<20121112+nmu1); partially fixing #537051.
+  * Provide update-ca-certificates and update-ca-certificates-fresh
+    triggers.
+  * Call the triggers using no-await so that the configuration files from
+    the newer version of ca-certificates-java are in places before the
+    upgrade. Closes: #537051.
+
+ -- Don Armstrong <[email protected]>  Mon, 12 Nov 2012 15:58:11 -0800
+
 ca-certificates (20121105) unstable; urgency=low
 
   * Update mozilla/certdata.txt to version 1.86  Closes: #683728
diff --git a/debian/control b/debian/control
index 5ef776e..8f84573 100644
--- a/debian/control
+++ b/debian/control
@@ -13,9 +13,11 @@ Vcs-Browser: http://git.debian.org/?p=collab-maint/ca-certificates.git
 
 Package: ca-certificates
 Architecture: all
+Pre-Depends: dpkg (>= 1.16.1)
 Depends: openssl (>= 1.0.0), ${misc:Depends}
 Enhances: openssl
 Multi-Arch: foreign
+Breaks: ca-certificates-java (<<20121112+nmu1)
 Description: Common CA certificates
  This package includes PEM files of CA certificates to allow SSL-based
  applications to check for the authenticity of SSL connections.
diff --git a/debian/postinst b/debian/postinst
index 198c57e..9964e27 100644
--- a/debian/postinst
+++ b/debian/postinst
@@ -142,12 +142,29 @@ EOF
 	# fix bogus symlink to ca-certificates.crt on upgrades; see
 	# Debian #643667; drop after wheezy
 	if dpkg --compare-versions "$2" lt-nl 20111025; then
-	    update-ca-certificates --fresh
+	    dpkg-trigger --no-await update-ca-certificates-fresh
 	else
-	    update-ca-certificates
+	    dpkg-trigger --no-await update-ca-certificates
 	fi
     ;;
 
+    triggered)
+	for trigger in $2; do
+	    case "$trigger" in
+		update-ca-certificates)
+		    update-ca-certificates
+		    ;;
+		update-ca-certificates-fresh)
+		    update-ca-certificates --fresh
+		    ;;
+		*)
+		    echo "postinst called with unknown trigger \`$2'">&2
+		    exit 1
+		    ;;
+	    esac;
+	done;
+	;;
+	    
     abort-upgrade|abort-remove|abort-deconfigure)
 
     ;;
-- 
1.7.10.4


diff -Nru ca-certificates-java-20120721/debian/ca-certificates-java.triggers ca-certificates-java-20121112+nmu1/debian/ca-certificates-java.triggers
--- ca-certificates-java-20120721/debian/ca-certificates-java.triggers	1969-12-31 16:00:00.000000000 -0800
+++ ca-certificates-java-20121112+nmu1/debian/ca-certificates-java.triggers	2012-11-12 18:03:54.000000000 -0800
@@ -0,0 +1 @@
+activate update-ca-certificates
diff -Nru ca-certificates-java-20120721/debian/changelog ca-certificates-java-20121112+nmu1/debian/changelog
--- ca-certificates-java-20120721/debian/changelog	2012-07-21 05:05:01.000000000 -0700
+++ ca-certificates-java-20121112+nmu1/debian/changelog	2012-11-13 12:58:29.000000000 -0800
@@ -1,3 +1,17 @@
+ca-certificates-java (20121112+nmu1) unstable; urgency=low
+
+  * Non-maintainer upload
+  * Fix test for dpkg-query in postinst; there was an extraneous --version
+    here. [Probably don't even need to bother to check for dpkg-query, but
+    why not.] (Closes: #690204)
+  * Library path for softokn3pkg and nsspkg is potentially wrong if there
+    are multiple different paths; fix it.
+  * Do not run the hook if ca-certificates-java has been removed but not
+    purged.
+  * Use the new trigger support provided by ca-certificates (>=20121112).
+
+ -- Don Armstrong <[email protected]>  Mon, 12 Nov 2012 15:45:50 -0800
+
 ca-certificates-java (20120721) unstable; urgency=low
 
   * Fix jks-keystore and postinst to work on multi-arch system.
diff -Nru ca-certificates-java-20120721/debian/control ca-certificates-java-20121112+nmu1/debian/control
--- ca-certificates-java-20120721/debian/control	2012-06-08 15:05:19.000000000 -0700
+++ ca-certificates-java-20121112+nmu1/debian/control	2012-11-13 12:57:13.000000000 -0800
@@ -15,7 +15,7 @@
 Package: ca-certificates-java
 Architecture: all
 Multi-Arch: foreign
-Depends: ca-certificates (>= 20090814),
+Depends: ca-certificates (>= 20121112),
          ${jre:Depends} | java6-runtime-headless,
          ${misc:Depends},
          ${nss:Depends}
diff -Nru ca-certificates-java-20120721/debian/jks-keystore.hook.in ca-certificates-java-20121112+nmu1/debian/jks-keystore.hook.in
--- ca-certificates-java-20120721/debian/jks-keystore.hook.in	2012-07-21 04:30:21.000000000 -0700
+++ ca-certificates-java-20121112+nmu1/debian/jks-keystore.hook.in	2012-11-12 16:50:31.000000000 -0800
@@ -25,7 +25,7 @@
 }
 
 echo ""
-if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ]; then
+if [ "$cacerts_updates" != yes ] || [ "$CACERT_UPDATES" = disabled ] || [ ! -e $JAR ]; then
     echo "updates of cacerts keystore disabled."
     exit 0
 fi
@@ -53,12 +53,12 @@
 fi
 
 if dpkg-query --version >/dev/null; then
-    nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
+    nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1)
     nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg)
     if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then
         ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so
     fi
-    softokn3pkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p')
+    softokn3pkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libsoftokn3\.so$,\1,p'|head -n 1)
     if [ -n "$softokn3pkg" ] && [ -n "$nssjdk" ] && [ "$softokn3pkg" != "$nssjdk" ]; then
         ln -sf $softokn3pkg/libsoftokn3.so $nssjdk/libsoftokn3.so
     fi
diff -Nru ca-certificates-java-20120721/debian/postinst.in ca-certificates-java-20121112+nmu1/debian/postinst.in
--- ca-certificates-java-20120721/debian/postinst.in	2012-07-21 04:30:13.000000000 -0700
+++ ca-certificates-java-20121112+nmu1/debian/postinst.in	2012-11-12 16:44:54.000000000 -0800
@@ -38,8 +38,8 @@
 
 first_install()
 {
-    if which dpkg-query --version >/dev/null; then
-    nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p')
+    if which dpkg-query >/dev/null; then
+    nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1)
     nssjdk=$(sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' /etc/${jvm%-$arch}/security/nss.cfg)
     if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then
         ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so

From f69e12808f2dc2915cb4222e5b3c3cf9107d04a4 Mon Sep 17 00:00:00 2001
From: Don Armstrong <[email protected]>
Date: Tue, 13 Nov 2012 13:03:05 -0800
Subject: [PATCH 1/2] fix git-ignore to only ignore the build directory in
 debian

---
 .gitignore |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 2c8599c..704688d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 build-stamp
 configure-stamp
-debian/ca-certificates*
+debian/ca-certificates
 debian/config
 debian/files
 cacert.org/cacert.org.crt
-- 
1.7.10.4

Reply via email to