[arch-dev-public] Rethinking our CA certificate setup

Jan Alexander Steffens jan.steffens at gmail.com
Sun Nov 16 15:13:32 UTC 2014

On Sun, Nov 16, 2014 at 3:54 PM, Guillaume Alaux <guillaume at alaux.net> wrote:
> So the "ca-certificates-utils" from testing (20140923-5) declares a
> "provides" and "conflict" on "ca-certificates-java". Unfortunately jre
> and jdk packages use a "init-jks-keystore" script provided by
> "ca-certificates-java" but not "ca-certificates-utils". This scripts
> only computes file /etc/ssl/certs/java/cacerts which is actually also
> computed by "update-ca-trust".
> So I could just make jre and jdk packages depend on
> ca-certificates-utils and then "ca-certificates-java" could be
> dropped: is that the whole plan?

Yes. Since p11-kit can construct the Java cert store and
update-ca-trust always does so, ca-certificates-java becomes obsolete.

More information about the arch-dev-public mailing list