[meta-java,2/3] ca-certificates-java: Don't fail when called via hook on do_rootfs

Submitted by Yevgeny Popovych on Sept. 7, 2018, 6:10 p.m. | Patch ID: 154721

Details

Message ID 1536343810-87649-3-git-send-email-yevgenyp@pointgrab.com
State Changes Requested
Delegated to: Richard Leitner
Headers show

Commit Message

Yevgeny Popovych Sept. 7, 2018, 6:10 p.m.
It is possible that ca-certificates-java hook will be called via
update-ca-certificates hook during do_roofs (the case when D is set
and JVM_LIBDIR is not).
This is a valid case so don't fail.

Change-Id: I908e2f0acec487c41499543014014e29919bd6ab
Signed-off-by: Yevgeny Popovych <yevgenyp@pointgrab.com>
---
 .../ca-certificates-java/ca-certificates-java.hook.in               | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/recipes-core/ca-certificates-java/ca-certificates-java/ca-certificates-java.hook.in b/recipes-core/ca-certificates-java/ca-certificates-java/ca-certificates-java.hook.in
index 89c764f..611a4ef 100755
--- a/recipes-core/ca-certificates-java/ca-certificates-java/ca-certificates-java.hook.in
+++ b/recipes-core/ca-certificates-java/ca-certificates-java/ca-certificates-java.hook.in
@@ -14,9 +14,9 @@  jvm_libdir="@@libdir_jvm@@"
 if [ -n "${D:-}" ] ; then
     # called from postinst as part of image build on host
     if [ -z "${JVM_LIBDIR:-}" ] ; then
-        # should never happen, this is supposed to be passed in
-        echo "$0: no JVM_LIBDIR specified" >&2
-        false
+        # if JVM_LIBDIR is not present - we were called as a hook
+        echo "called as a hook of ca-certificates on do_rootfs, exiting"
+        exit 0
     fi
 fi
 if [ -n "${JVM_LIBDIR:-}" ] ; then

Comments

André Draszik Sept. 17, 2018, 2:44 p.m.
On Fri, 2018-09-07 at 21:10 +0300, Yevgeny Popovych wrote:
> It is possible that ca-certificates-java hook will be called via
> update-ca-certificates hook during do_roofs (the case when D is set
> and JVM_LIBDIR is not).
> This is a valid case so don't fail.
> 
> Change-Id: I908e2f0acec487c41499543014014e29919bd6ab
> Signed-off-by: Yevgeny Popovych <yevgenyp@pointgrab.com>
> ---
>  .../ca-certificates-java/ca-certificates-java.hook.in               | 6
> +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/recipes-core/ca-certificates-java/ca-certificates-java/ca-
> certificates-java.hook.in b/recipes-core/ca-certificates-java/ca-
> certificates-java/ca-certificates-java.hook.in
> index 89c764f..611a4ef 100755
> --- a/recipes-core/ca-certificates-java/ca-certificates-java/ca-
> certificates-java.hook.in
> +++ b/recipes-core/ca-certificates-java/ca-certificates-java/ca-
> certificates-java.hook.in
> @@ -14,9 +14,9 @@ jvm_libdir="@@libdir_jvm@@"
>  if [ -n "${D:-}" ] ; then
>      # called from postinst as part of image build on host
>      if [ -z "${JVM_LIBDIR:-}" ] ; then
> -        # should never happen, this is supposed to be passed in
> -        echo "$0: no JVM_LIBDIR specified" >&2
> -        false
> +        # if JVM_LIBDIR is not present - we were called as a hook
> +        echo "called as a hook of ca-certificates on do_rootfs, exiting"
> +        exit 0

I don't understand how silently not creating / updating the Java certificate
store any more is good? True, there is an issue here, but I'd say that this
should actually do something useful, not just pretend to have done
something.

Cheers,
Andre'
Yevgeny Popovych Sept. 19, 2018, 9:49 a.m.
On 09/17/2018 05:44 PM, André Draszik wrote:
> On Fri, 2018-09-07 at 21:10 +0300, Yevgeny Popovych wrote:
>> It is possible that ca-certificates-java hook will be called via
>> update-ca-certificates hook during do_roofs (the case when D is set
>> and JVM_LIBDIR is not).
>> This is a valid case so don't fail.
>>
>> Change-Id: I908e2f0acec487c41499543014014e29919bd6ab
>> Signed-off-by: Yevgeny Popovych <yevgenyp@pointgrab.com>
>> ---
>>  .../ca-certificates-java/ca-certificates-java.hook.in               | 6
>> +++---
>>  1 file changed, 3 insertions(+), 3 deletions(-)
>>
>> diff --git a/recipes-core/ca-certificates-java/ca-certificates-java/ca-
>> certificates-java.hook.in b/recipes-core/ca-certificates-java/ca-
>> certificates-java/ca-certificates-java.hook.in
>> index 89c764f..611a4ef 100755
>> --- a/recipes-core/ca-certificates-java/ca-certificates-java/ca-
>> certificates-java.hook.in
>> +++ b/recipes-core/ca-certificates-java/ca-certificates-java/ca-
>> certificates-java.hook.in
>> @@ -14,9 +14,9 @@ jvm_libdir="@@libdir_jvm@@"
>>  if [ -n "${D:-}" ] ; then
>>      # called from postinst as part of image build on host
>>      if [ -z "${JVM_LIBDIR:-}" ] ; then
>> -        # should never happen, this is supposed to be passed in
>> -        echo "$0: no JVM_LIBDIR specified" >&2
>> -        false
>> +        # if JVM_LIBDIR is not present - we were called as a hook
>> +        echo "called as a hook of ca-certificates on do_rootfs, exiting"
>> +        exit 0
> 
> I don't understand how silently not creating / updating the Java certificate
> store any more is good? True, there is an issue here, but I'd say that this
> should actually do something useful, not just pretend to have done
> something.

I have explained the issue in cover letter thread, quick summary:

I don't like how it is now, but this patch is just a fix.
IMO (as outlined in cover letter thread),
it would be nicer to have the ca-certificates call the hook,
and make postinst of this recipe a no-op.
I can implement this if you agree (either instead of this change or on top of it - I would prefer on top).

> 
> Cheers,
> Andre'
> 
>