Re: ca-certificates and backport to bullseye => ca-certificates-java problem

To: Julien Plissonneau Duquène <sre4ever@free.fr>, Vladimir Petko <vladimir.petko@canonical.com>, debian-java@lists.debian.org, "Security@Ubuntu.com" <security@ubuntu.com>
Cc: debian-lts@lists.debian.org, Emmanuel Bourg <ebourg@apache.org>, doko@debian.org, Bastien Roucaries <rouca@debian.org>, Marc Deslauriers <marc.deslauriers@canonical.com>
Subject: Re: ca-certificates and backport to bullseye => ca-certificates-java problem
From: Bastien Roucaries <rouca@debian.org>
Date: Wed, 06 Aug 2025 08:28:05 +0200
Message-id: <[🔎] 8983750.qOBuL9xsDt@debian-ei>
In-reply-to: <[🔎] 3461172.otXNkdZ6W1@debian-ei>
References: <3032477.3Lj2Plt8kZ@debian-ei> <3429696.TLnPLrj5Ze@debian-ei> <[🔎] 3461172.otXNkdZ6W1@debian-ei>

Le vendredi 1 août 2025, 21:25:05 heure d’été d’Europe centrale Bastien 
Roucaries a écrit :
Hi Vladimir, Hi Marc,

Could you review this upgradre of ca-certificates-java and view if it is 
upgrade safe ? I will after a few week upload a ca-certificates

rouca
> Le jeudi 31 juillet 2025, 22:43:35 heure d’été d’Europe centrale Bastien
> Roucaries a écrit : Hi
> 
> I have just pushed a version here:
> https://salsa.debian.org/java-team/ca-certificates-java/-/tree/bullseye?ref_
> type=heads
> 
> Can you review ?
> 
> rouca
> 
> > Le jeudi 31 juillet 2025, 22:30:11 heure d’été d’Europe centrale Vladimir
> > 
> > Petko a écrit :
> > > Hi,
> > > 
> > > As far as I remember, 20230707 removes the circular dependency that
> > > caused upgrade issues[1][2][3]. It also requires openjdk to trigger
> > > ca-certificates-java:
> > > ----JB-jre-headless.postinst.in----
> > > # Now that java is fully registered and configured,
> > > # call update-ca-certificates-java
> > > dpkg-trigger update-ca-certificates-java
> > > ------
> > > Please check that this snippet is present in bullseye's
> > > JB-jre-headless.postinst.in of openjdk package.
> > 
> > No it is not, so that it the path to fix this ?
> > 
> > 1. first upload a openjdk  that trigger update-ca-certificates-java
> > 2. upload a backport of ca-certificates-java
> > 3. upload ca-certificates
> > 
> > rouca
> > 
> > > Best Regards,
> > > 
> > >  Vladimir.
> > > 
> > > [1]
> > > https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2003
> > > 75
> > > 0
> > > [2]
> > > https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1999
> > > 10
> > > 3
> > > [3]
> > > https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/2004
> > > 06
> > > 1
> > > 
> > > On Fri, Aug 1, 2025 at 1:14 AM Julien Plissonneau Duquène
> > > 
> > > <sre4ever@free.fr> wrote:
> > > > Hi,
> > > > 
> > > > I can't help you much there as I didn't check what could break in your
> > > > case (bullseye). The last time this was discussed on the list was
> > > > 
> > > > https://lists.debian.org/debian-java/2023/02/msg00011.html
> > > > 
> > > > According to the PT in bullseye it depends on default-jre-headless
> > > > which
> > > > depends on openjdk-11-jre-headless which depends on
> > > > ca-certificates-java, but I don't see how updating it could cause
> > > > issues.
> > > > 
> > > > Maybe Emmanuel or doko could share more details about what could go
> > > > wrong?
> > > > 
> > > > Cheers,
> > > > 
> > > > --
> > > > Julien Plissonneau Duquène

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Re: ca-certificates and backport to bullseye => ca-certificates-java problem
  - From: Bastien Roucaries <rouca@debian.org>

Prev by Date: Bug#1110468: ITP: jtreg8 -- Regression Test Harness for the OpenJDK platform
Next by Date: Re: ca-certificates and backport to bullseye => ca-certificates-java problem
Previous by thread: Re: ca-certificates and backport to bullseye => ca-certificates-java problem
Next by thread: DebConf25 Java/JVM BoF report
Index(es):
- Date
- Thread