Skip to content

[pkg] fix: add jri-N-ev3 self-dep to fix ca-certificates-java #64

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[pkg] fix: add jri-N-ev3 self-dep to fix ca-certificates-java #64

wants to merge 1 commit into from

Conversation

@JakubVanek
Copy link
Contributor

@JakubVanek JakubVanek commented May 25, 2020
edited
Loading

With this PR, new clean JRI installations should have working system-wide java ca certificates. This is a non-invasive alternative to #61 + #62 (orthogonal PR).

The problem is that ca-certificates-java depend on jri-N-ev3 when it is not yet ready; see #61 (comment) for the console output.

The fix is likely based on a trick for making dpkg configure this package first before configuring other packages that depend on it.

The downside of this solution is that pre-existing installations will not get fixed. They will still potentially have corrupted trust store from previous failed installations. I don't know what the state of ev3dev is, but if the package installation fails even in the ev3dev base image, then all EV3 installations have the trust store corrupted.

The trust store can be un-corrupted by completely removing and reinstalling ca-certificates-java. This is quite a heavy operation for EV3, so this is a reason why the other solution might be preferred.

EDIT: see comments in ev3dev-lang-java/ev3dev-lang-java#731 for further analysis

@JakubVanek
[pkg] fix: add jri-N-ev3 self-dep to fix ca-certificates-java
0993a5b 
With this, new clean installations should have working system-wide
java ca certificates. This is a non-invasive alternative to
#61 + #62.

The fix is likely based on a trick for making dpkg configure
this package first before configuring other packages that
depend on it.

The downside of this is that current installations will not get fixed.
They will still potentially have corrupted trust store from previous
failed installations. I don't know what the state of ev3dev is, but
if the package installation fails even in the ev3dev base image,
then *all* EV3 installations will have corrupted trust store.

The trust store can be un-corrupted by completely removing and
reinstalling ca-certificates-java. This is quite a heavy operation
for EV3, so this is a reason why the other solution might be preferred.
@JakubVanek JakubVanek mentioned this pull request May 25, 2020
Closed
@JakubVanek
Copy link
Contributor Author

JakubVanek commented May 25, 2020

Yep, unfortunately the jri-11-ev3 package installation in the ev3dev base package (here) does fail and so the java trust store shipped with the debian image is already corrupted.

@JakubVanek
Copy link
Contributor Author

JakubVanek commented May 25, 2020

I have realized that indeed, the first post of adoptium/installer#105 mentions the likely cause - the ca-certificates-java package includes a Debian-specific workaround for this issue. The self-dep trick may work, but it's not yet tested.

@JakubVanek
Copy link
Contributor Author

JakubVanek commented May 25, 2020

According to https://salsa.debian.org/java-team/ca-certificates-java/-/merge_requests/3#note_92769, the self-dep trick actually works.

@JakubVanek
Copy link
Contributor Author

JakubVanek commented May 25, 2020
edited
Loading

Yep, unfortunately the jri-11-ev3 package installation in the ev3dev base package (here) does fail and so the java trust store shipped with the debian image is already corrupted.

This also needs to be fixed by a separate upload of jri-11-ev3. I can rebuild the current 11.0.6 and repackage it so that at least new ev3dev images are not corrupted.

@JakubVanek JakubVanek mentioned this pull request May 26, 2020
Open
5 tasks
@JakubVanek
Copy link
Contributor Author

JakubVanek commented May 26, 2020

Continuing in ev3dev-lang-java/ev3dev-lang-java#731

@jabrena
Copy link
Member

jabrena commented May 26, 2020

This is another alternative to another PR.

I will contact you tomorrow to talk about the alternatives.

Cheers

@JakubVanek
Copy link
Contributor Author

JakubVanek commented May 28, 2020
edited
Loading

Solution rejected in favor of #61

@JakubVanek JakubVanek closed this May 28, 2020
@JakubVanek JakubVanek deleted the bugfix/alternative-cacerts-fix branch May 28, 2020 20:02
@JakubVanek JakubVanek mentioned this pull request Aug 24, 2020
Open
4 tasks
@JakubVanek JakubVanek restored the bugfix/alternative-cacerts-fix branch August 24, 2020 09:10
@JakubVanek
Copy link
Contributor Author

JakubVanek commented Aug 24, 2020

reopening

@JakubVanek JakubVanek reopened this Aug 24, 2020
@jabrena
Copy link
Member

jabrena commented Aug 24, 2020

I am going to close this PR too.

@jabrena jabrena closed this Aug 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JakubVanek @jabrena