#!/bin/bash set -e # use the locale C.UTF-8 unset LC_ALL LC_CTYPE=C.UTF-8 export LC_CTYPE storepass='changeit' if [ -f /etc/default/cacerts ]; then . /etc/default/cacerts fi arch=`dpkg --print-architecture` JAR=/usr/share/ca-certificates-java/ca-certificates-java.jar nsslib_name() { if dpkg --assert-multi-arch 2>/dev/null; then echo "libnss3:${arch}" else echo "libnss3" fi } setup_path() { for jvm in java-7-openjdk-$arch java-7-openjdk \ oracle-java7-jre-$arch oracle-java7-server-jre-$arch oracle-java7-jdk-$arch \ java-8-openjdk-$arch java-8-openjdk \ oracle-java8-jre-$arch oracle-java8-server-jre-$arch oracle-java8-jdk-$arch \ java-9-openjdk-$arch java-9-openjdk \ oracle-java9-jre-$arch oracle-java9-server-jre-$arch oracle-java9-jdk-$arch; do if [ -x /usr/lib/jvm/$jvm/bin/java ]; then break fi done export JAVA_HOME=/usr/lib/jvm/$jvm PATH=$JAVA_HOME/bin:$PATH } first_install() { if which dpkg-query >/dev/null; then nsspkg=$(dpkg-query -L "$(nsslib_name)" | sed -n 's,\(.*\)/libnss3\.so$,\1,p'|head -n 1) nsscfg=/etc/${jvm%-$arch}/security/nss.cfg nssjdk=$(test ! -f $nsscfg || sed -n '/nssLibraryDirectory/s/.*= *\(.*\)/\1/p' $nsscfg) if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ]; then ln -sf $nsspkg/libnss3.so $nssjdk/libnss3.so fi fi # Forcibly remove diginotar cert (LP: #920758) if [ -n "$FIXOLD" ]; then printf -- "-diginotar_root_ca\n-diginotar_root_ca_pem\n" | \ java -Xmx64m -jar $JAR -storepass "$storepass" fi find /etc/ssl/certs -name \*.pem | \ while read filename; do alias=$(basename $filename .pem | tr A-Z a-z | tr -cs a-z0-9 _) alias=${alias%*_} if [ -n "$FIXOLD" ]; then echo "-${alias}" echo "-${alias}_pem" fi echo "+${filename}" done | \ java -Xmx64m -jar $JAR -storepass "$storepass" echo "done." } do_cleanup() { [ -z "$temp_jvm_cfg" ] || rm -f $temp_jvm_cfg if [ -n "$nsspkg" ] && [ -n "$nssjdk" ] && [ "$nsspkg" != "$nssjdk" ] then rm -f $nssjdk/libnss3.so fi } case "$1" in configure) if dpkg --compare-versions "$2" lt "20110912ubuntu6"; then FIXOLD="true" if [ -e /etc/ssl/certs/java/cacerts ]; then cp -f /etc/ssl/certs/java/cacerts /etc/ssl/certs/java/cacerts.dpkg-old fi fi if [ -z "$2" -o -n "$FIXOLD" ]; then setup_path if ! mountpoint -q /proc; then echo >&2 "the keytool command requires a mounted proc fs (/proc)." exit 1 fi temp_jvm_cfg= if [ ! -f /etc/${jvm%-$arch}/jvm-$arch.cfg ]; then # the jre is not yet configured, but jvm.cfg is needed to run it temp_jvm_cfg=/etc/${jvm%-$arch}/jvm-$arch.cfg mkdir -p /etc/${jvm%-$arch} if [ "$arch" = "armhf" ]; then printf -- "-client KNOWN\n-server ALIASED_TO -client\n" > $temp_jvm_cfg else printf -- "-server KNOWN\n" > $temp_jvm_cfg fi fi trap do_cleanup EXIT first_install fi chmod 600 /etc/default/cacerts || true ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac exit 0