tags 823590 - important + wishlist found 823590 20190405 thanks Hi there,
On Fri, 04 May 2018 22:58:16 +0200, Emmanuel Bourg wrote:
> Why are you changing the password of a keystore holding the public keys
> of the certification authorities? There is nothing secret inside.
Not speaking for Guillaume, but the Debian package explicitly supports
this configuration, for more than 10 years now:
```
root@harlock:~# zless /usr/share/doc/ca-certificates-java/changelog.gz
[...]
ca-certificates-java (20081022) unstable; urgency=low
* debian/jks-keystore.hook:
- Don't stop after first error during the update. LP: #244412.
Closes: #489748.
- Call keytool with -noprompt.
* On initial install, add locally added certificates. LP: #244410.
Closes: #489748.
* Install /etc/default/cacerts to set options:
- storepass, holding the password for the keystore.
- updates, to enable/disable updates of the keystore.
* Only use the keytool command from OpenJDK or Sun Java. Closes: #496587.
-- Matthias Klose <[email protected]> Wed, 22 Oct 2008 20:51:24 +0200
[...]
root@harlock:~# ls -ld /etc/default/cacerts
-rw------- 1 root root 384 Apr 2 14:03 /etc/default/cacerts
root@harlock:~# cat /etc/default/cacerts
# defaults for ca-certificates-java
# The password which is used to protect the integrity of the keystore.
# storepass must be at least 6 characters long. It must be provided to
# all commands that access the keystore contents.
# Only change this if adding private certificates.
#storepass=''
# enable/disable updates of the keystore /etc/ssl/certs/java/cacerts
cacerts_updates=yes
root@harlock:~#
```
Never mind, what Guillaume experienced is the expected behavior, the
fact that Guillaume would have liked a prompt for the password is a
wishlist feature, bug updated accordingly.
BTW, this is still true on buster as well, bug updated accordingly),
thanks to Pierre Deshayes here at unige.ch for the notice.
Thx, bye,
Luca
--
Dr. Luca Capello
Ingénieur HPC
Division du Système et des Technologies de l'Information et de la Communication
Université de Genève | 24 rue Général-Dufour
Tél +41 22 379 72 42 | Bureau 151
https://hpc-community.unige.ch
mailto:[email protected]
signature.asc
Description: PGP signature
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
