[arch-dev-public] Rethinking our CA certificate setup

Guillaume ALAUX guillaume at archlinux.org
Sun Nov 16 15:15:36 UTC 2014

On 16 November 2014 16:13, Jan Alexander Steffens
<jan.steffens at gmail.com> wrote:
> On Sun, Nov 16, 2014 at 3:54 PM, Guillaume Alaux <guillaume at alaux.net> wrote:
>> So the "ca-certificates-utils" from testing (20140923-5) declares a
>> "provides" and "conflict" on "ca-certificates-java". Unfortunately jre
>> and jdk packages use a "init-jks-keystore" script provided by
>> "ca-certificates-java" but not "ca-certificates-utils". This scripts
>> only computes file /etc/ssl/certs/java/cacerts which is actually also
>> computed by "update-ca-trust".
>> So I could just make jre and jdk packages depend on
>> ca-certificates-utils and then "ca-certificates-java" could be
>> dropped: is that the whole plan?
> Yes. Since p11-kit can construct the Java cert store and
> update-ca-trust always does so, ca-certificates-java becomes obsolete.

Excellent. I am going to rebuild OpenJDK7 and 8 and will push them to
testing then.

More information about the arch-dev-public mailing list