--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bookworm-pu: package ca-certificates-java/20230103+x
- From: Andreas Beckmann <anbe@debian.org>
- Date: Wed, 12 Jul 2023 14:45:12 +0200
- Message-id: <168916591280.2009803.13837042242706242269.reportbug@zam504.zam.kfa-juelich.de>
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: Matthias Klose <doko@debian.org>
This request comes without a patch since I don't know how to properly
fix it in stable. But it definitively needs to be addressed for the
point release because the bookworm-security upload of openjdk-17 broke
the very fragile assumption in ca-certificates-java that a jre can be
used even before it was configured for the first time.
As a result new installations of openjdk-17-jre-headless from
bookworm-security (or -pu) (and its circular dependency
ca-certificates-java from bookworm) will fail, #1039472, (but
upgrades seem to work fine, since the jre has been configured at
least once in the past).
bookworm had the packages prepared to move the java certificate setup to
trigger processing (after the jre got configured) and break the
dependency loop, but in the end this was not activated before the
bookworm release. It is now enabled in sid.
I tried rebuilding the sid package for bookworm, but that is not
installable since it has Breaks against jre versions newer than what
is in bookworm-security. I'm not sure if the Breaks really need to be
that strict (because some new feature is being used) or whether they
could be relaxed for bookworm.
Andreas
--- End Message ---