Skip to content

feat(26.04): update ca-certificates(-java)#908

Open
lczyk wants to merge 9 commits intocanonical:ubuntu-26.04from
lczyk:ROCKS-2456/update-ca-certificates-java-26.04
Open

feat(26.04): update ca-certificates(-java)#908
lczyk wants to merge 9 commits intocanonical:ubuntu-26.04from
lczyk:ROCKS-2456/update-ca-certificates-java-26.04

Conversation

@lczyk
Copy link
Collaborator

@lczyk lczyk commented Feb 15, 2026
edited
Loading

Proposed changes

  • update ca-certificates and ca-certificates-java slices from bins to scripts and jars
  • tighter slicing of ca-certificates_scripts
  • subsliced relevant coreutils

Related issues/PRs

n/a

Forward porting

n/a

Checklist

@lczyk lczyk requested review from a team and vpa1977 February 15, 2026 13:22
@ROCKsBot ROCKsBot requested a review from a team February 16, 2026 01:41
@github-actions
Copy link

github-actions bot commented Feb 16, 2026

Test Coverage

Average Total Coverage: 42.99%

Arch: aarch64

Coverage: 42.99%

ca-certificates: 🌂 5.97% (63 missing) 
ca-certificates_basename
ca-certificates_basic-operations
ca-certificates_bins
ca-certificates_cat
ca-certificates_changing-file-attributes
ca-certificates_chmod
ca-certificates_chown
ca-certificates_conditions
ca-certificates_cut
ca-certificates_date
ca-certificates_dd-utility
ca-certificates_delaying
ca-certificates_dir
ca-certificates_directory-listing
ca-certificates_dirname
ca-certificates_echo
ca-certificates_env
ca-certificates_expr
ca-certificates_file-name-manipulation
ca-certificates_file-space-usage
ca-certificates_formatting-file-contents
ca-certificates_head
ca-certificates_id-utility
ca-certificates_install
ca-certificates_jars
ca-certificates_join
ca-certificates_libs
ca-certificates_link
ca-certificates_ln-utility
ca-certificates_ls-utility
ca-certificates_mkdir
ca-certificates_mktemp
ca-certificates_modified-command-invocation
ca-certificates_mv-utility
ca-certificates_numeric-operations
ca-certificates_od-utility
ca-certificates_operating-on-characters
ca-certificates_operating-on-fields
ca-certificates_operating-on-sorted-files
ca-certificates_output-of-entire-files
ca-certificates_output-of-parts-of-files
ca-certificates_printf
ca-certificates_printing-text
ca-certificates_readlink
ca-certificates_redirection
ca-certificates_rm-utility
ca-certificates_rmdir
ca-certificates_selinux-context
ca-certificates_sort
ca-certificates_special-file-types
ca-certificates_split
ca-certificates_stat
ca-certificates_summarizing-files
ca-certificates_system-context
ca-certificates_tail
ca-certificates_test
ca-certificates_timeout
ca-certificates_touch
ca-certificates_tr-utility
ca-certificates_unlink
ca-certificates_user-information
ca-certificates_wc-utility
ca-certificates_working-context
ca-certificates-java: 🌂 4.48% (64 missing) 
ca-certificates-java_basename
ca-certificates-java_basic-operations
ca-certificates-java_bins
ca-certificates-java_cat
ca-certificates-java_changing-file-attributes
ca-certificates-java_chmod
ca-certificates-java_chown
ca-certificates-java_conditions
ca-certificates-java_cut
ca-certificates-java_data
ca-certificates-java_date
ca-certificates-java_dd-utility
ca-certificates-java_delaying
ca-certificates-java_dir
ca-certificates-java_directory-listing
ca-certificates-java_dirname
ca-certificates-java_echo
ca-certificates-java_env
ca-certificates-java_expr
ca-certificates-java_file-name-manipulation
ca-certificates-java_file-space-usage
ca-certificates-java_formatting-file-contents
ca-certificates-java_head
ca-certificates-java_id-utility
ca-certificates-java_install
ca-certificates-java_join
ca-certificates-java_libs
ca-certificates-java_link
ca-certificates-java_ln-utility
ca-certificates-java_ls-utility
ca-certificates-java_mkdir
ca-certificates-java_mktemp
ca-certificates-java_modified-command-invocation
ca-certificates-java_mv-utility
ca-certificates-java_numeric-operations
ca-certificates-java_od-utility
ca-certificates-java_operating-on-characters
ca-certificates-java_operating-on-fields
ca-certificates-java_operating-on-sorted-files
ca-certificates-java_output-of-entire-files
ca-certificates-java_output-of-parts-of-files
ca-certificates-java_printf
ca-certificates-java_printing-text
ca-certificates-java_readlink
ca-certificates-java_redirection
ca-certificates-java_rm-utility
ca-certificates-java_rmdir
ca-certificates-java_scripts
ca-certificates-java_selinux-context
ca-certificates-java_sort
ca-certificates-java_special-file-types
ca-certificates-java_split
ca-certificates-java_stat
ca-certificates-java_summarizing-files
ca-certificates-java_system-context
ca-certificates-java_tail
ca-certificates-java_test
ca-certificates-java_timeout
ca-certificates-java_touch
ca-certificates-java_tr-utility
ca-certificates-java_unlink
ca-certificates-java_user-information
ca-certificates-java_wc-utility
ca-certificates-java_working-context
coreutils: 🌂 16.42% (56 missing) 
coreutils_basic-operations
coreutils_bins
coreutils_changing-file-attributes
coreutils_chown
coreutils_conditions
coreutils_cut
coreutils_data
coreutils_data-with-certs
coreutils_date
coreutils_dd-utility
coreutils_delaying
coreutils_dir
coreutils_directory-listing
coreutils_dirname
coreutils_echo
coreutils_env
coreutils_expr
coreutils_file-name-manipulation
coreutils_file-space-usage
coreutils_formatting-file-contents
coreutils_head
coreutils_id-utility
coreutils_install
coreutils_jars
coreutils_join
coreutils_libs
coreutils_link
coreutils_ls-utility
coreutils_mkdir
coreutils_modified-command-invocation
coreutils_numeric-operations
coreutils_od-utility
coreutils_operating-on-characters
coreutils_operating-on-fields
coreutils_operating-on-sorted-files
coreutils_output-of-entire-files
coreutils_output-of-parts-of-files
coreutils_printf
coreutils_printing-text
coreutils_redirection
coreutils_rmdir
coreutils_scripts
coreutils_selinux-context
coreutils_special-file-types
coreutils_split
coreutils_stat
coreutils_summarizing-files
coreutils_system-context
coreutils_tail
coreutils_test
coreutils_timeout
coreutils_touch
coreutils_tr-utility
coreutils_unlink
coreutils_user-information
coreutils_working-context
coreutils-from-gnu: 🌂 94.03% (4 missing) 
coreutils-from-gnu_data
coreutils-from-gnu_data-with-certs
coreutils-from-gnu_jars
coreutils-from-gnu_scripts
gnu-coreutils: 🌂 94.03% (4 missing) 
gnu-coreutils_data
gnu-coreutils_data-with-certs
gnu-coreutils_jars
gnu-coreutils_scripts

Arch: x86_64

Coverage: 42.99%

ca-certificates: 🌂 5.97% (63 missing) 
ca-certificates_basename
ca-certificates_basic-operations
ca-certificates_bins
ca-certificates_cat
ca-certificates_changing-file-attributes
ca-certificates_chmod
ca-certificates_chown
ca-certificates_conditions
ca-certificates_cut
ca-certificates_date
ca-certificates_dd-utility
ca-certificates_delaying
ca-certificates_dir
ca-certificates_directory-listing
ca-certificates_dirname
ca-certificates_echo
ca-certificates_env
ca-certificates_expr
ca-certificates_file-name-manipulation
ca-certificates_file-space-usage
ca-certificates_formatting-file-contents
ca-certificates_head
ca-certificates_id-utility
ca-certificates_install
ca-certificates_jars
ca-certificates_join
ca-certificates_libs
ca-certificates_link
ca-certificates_ln-utility
ca-certificates_ls-utility
ca-certificates_mkdir
ca-certificates_mktemp
ca-certificates_modified-command-invocation
ca-certificates_mv-utility
ca-certificates_numeric-operations
ca-certificates_od-utility
ca-certificates_operating-on-characters
ca-certificates_operating-on-fields
ca-certificates_operating-on-sorted-files
ca-certificates_output-of-entire-files
ca-certificates_output-of-parts-of-files
ca-certificates_printf
ca-certificates_printing-text
ca-certificates_readlink
ca-certificates_redirection
ca-certificates_rm-utility
ca-certificates_rmdir
ca-certificates_selinux-context
ca-certificates_sort
ca-certificates_special-file-types
ca-certificates_split
ca-certificates_stat
ca-certificates_summarizing-files
ca-certificates_system-context
ca-certificates_tail
ca-certificates_test
ca-certificates_timeout
ca-certificates_touch
ca-certificates_tr-utility
ca-certificates_unlink
ca-certificates_user-information
ca-certificates_wc-utility
ca-certificates_working-context
ca-certificates-java: 🌂 4.48% (64 missing) 
ca-certificates-java_basename
ca-certificates-java_basic-operations
ca-certificates-java_bins
ca-certificates-java_cat
ca-certificates-java_changing-file-attributes
ca-certificates-java_chmod
ca-certificates-java_chown
ca-certificates-java_conditions
ca-certificates-java_cut
ca-certificates-java_data
ca-certificates-java_date
ca-certificates-java_dd-utility
ca-certificates-java_delaying
ca-certificates-java_dir
ca-certificates-java_directory-listing
ca-certificates-java_dirname
ca-certificates-java_echo
ca-certificates-java_env
ca-certificates-java_expr
ca-certificates-java_file-name-manipulation
ca-certificates-java_file-space-usage
ca-certificates-java_formatting-file-contents
ca-certificates-java_head
ca-certificates-java_id-utility
ca-certificates-java_install
ca-certificates-java_join
ca-certificates-java_libs
ca-certificates-java_link
ca-certificates-java_ln-utility
ca-certificates-java_ls-utility
ca-certificates-java_mkdir
ca-certificates-java_mktemp
ca-certificates-java_modified-command-invocation
ca-certificates-java_mv-utility
ca-certificates-java_numeric-operations
ca-certificates-java_od-utility
ca-certificates-java_operating-on-characters
ca-certificates-java_operating-on-fields
ca-certificates-java_operating-on-sorted-files
ca-certificates-java_output-of-entire-files
ca-certificates-java_output-of-parts-of-files
ca-certificates-java_printf
ca-certificates-java_printing-text
ca-certificates-java_readlink
ca-certificates-java_redirection
ca-certificates-java_rm-utility
ca-certificates-java_rmdir
ca-certificates-java_scripts
ca-certificates-java_selinux-context
ca-certificates-java_sort
ca-certificates-java_special-file-types
ca-certificates-java_split
ca-certificates-java_stat
ca-certificates-java_summarizing-files
ca-certificates-java_system-context
ca-certificates-java_tail
ca-certificates-java_test
ca-certificates-java_timeout
ca-certificates-java_touch
ca-certificates-java_tr-utility
ca-certificates-java_unlink
ca-certificates-java_user-information
ca-certificates-java_wc-utility
ca-certificates-java_working-context
coreutils: 🌂 16.42% (56 missing) 
coreutils_basic-operations
coreutils_bins
coreutils_changing-file-attributes
coreutils_chown
coreutils_conditions
coreutils_cut
coreutils_data
coreutils_data-with-certs
coreutils_date
coreutils_dd-utility
coreutils_delaying
coreutils_dir
coreutils_directory-listing
coreutils_dirname
coreutils_echo
coreutils_env
coreutils_expr
coreutils_file-name-manipulation
coreutils_file-space-usage
coreutils_formatting-file-contents
coreutils_head
coreutils_id-utility
coreutils_install
coreutils_jars
coreutils_join
coreutils_libs
coreutils_link
coreutils_ls-utility
coreutils_mkdir
coreutils_modified-command-invocation
coreutils_numeric-operations
coreutils_od-utility
coreutils_operating-on-characters
coreutils_operating-on-fields
coreutils_operating-on-sorted-files
coreutils_output-of-entire-files
coreutils_output-of-parts-of-files
coreutils_printf
coreutils_printing-text
coreutils_redirection
coreutils_rmdir
coreutils_scripts
coreutils_selinux-context
coreutils_special-file-types
coreutils_split
coreutils_stat
coreutils_summarizing-files
coreutils_system-context
coreutils_tail
coreutils_test
coreutils_timeout
coreutils_touch
coreutils_tr-utility
coreutils_unlink
coreutils_user-information
coreutils_working-context
coreutils-from-gnu: 🌂 94.03% (4 missing) 
coreutils-from-gnu_data
coreutils-from-gnu_data-with-certs
coreutils-from-gnu_jars
coreutils-from-gnu_scripts
gnu-coreutils: 🌂 94.03% (4 missing) 
gnu-coreutils_data
gnu-coreutils_data-with-certs
gnu-coreutils_jars
gnu-coreutils_scripts

vpa1977
vpa1977 approved these changes Feb 18, 2026
View reviewed changes
Copy link

@vpa1977 vpa1977 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, some nits present.
I am not sure about renaming the slice - we are breaking the backwards compatibility here.

tests/spread/integration/ca-certificates-java/test_jars.sh
chroot . find /etc/ssl/certs/ -name *.pem -exec echo +{} \; > "$rootfs/certs"

mkdir -p proc/self
for java in $(find /usr/lib/jvm -name java -type f); do
Copy link

@vpa1977 vpa1977 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can use a newer pattern from opendk-25 https://github.com/canonical/chisel-releases/blob/ed7f68cf72626e709cd38e5580262e7bb1dab19f/tests/spread/integration/openjdk-25-jdk-headless/task.yaml#L15C1-L17C1

java=/$(find "$ROOTFS" -name java -type f -printf '%P\n' -quit 2>/dev/null)

slices/ca-certificates-java.yaml

slices:
bins:
jars:
Copy link

@vpa1977 vpa1977 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

General note: not sure if we can remove slice without leaving an alias for the backwards compatibility? @cjdcordeiro

slices/coreutils-from-gnu.yaml
# https://www.gnu.org/software/coreutils/manual/html_node/Summarizing-files.html
summarizing-files:
essential:
- coreutils-from-gnu_wc-utility
Copy link

@vpa1977 vpa1977 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit/no action: This looks like a separate PR for coreutils update, but there are already too many open PRs here =)

tests/spread/integration/ca-certificates/test_data.sh

rootfs="$(install-slices ca-certificates_data python3.13_core)"
cp /etc/resolv.conf "$rootfs/etc/"
chroot "$rootfs" /usr/bin/python3.13 -c "import urllib.request;urllib.request.urlopen('https://example.com')" No newline at end of file
Copy link

@vpa1977 vpa1977 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: eol

tests/spread/integration/coreutils-from-gnu/task.yaml
echo -e "line1\nline2\nline3" > "$rootfs_wc/test_file"
test "$(chroot "$rootfs_wc" gnuwc -l test_file | awk '{print $1}')" = "3"
test "$(chroot "$rootfs_wc" gnuwc -w test_file | awk '{print $1}')" = "3"
test "$(chroot "$rootfs_wc" gnuwc -c test_file | awk '{print $1}')" = "18" No newline at end of file
Copy link

@vpa1977 vpa1977 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: eol

tests/spread/integration/gnu-coreutils/task.yaml
echo -e "line1\nline2\nline3" > "$rootfs_wc/test_file"
test "$(chroot "$rootfs_wc" gnuwc -l test_file | awk '{print $1}')" = "3"
test "$(chroot "$rootfs_wc" gnuwc -w test_file | awk '{print $1}')" = "3"
test "$(chroot "$rootfs_wc" gnuwc -c test_file | awk '{print $1}')" = "18" No newline at end of file
Copy link

@vpa1977 vpa1977 Feb 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: eol

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@vpa1977 vpa1977 vpa1977 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lczyk @vpa1977