Bug 1092913
Summary: | The default nss database created by ipsec can not be used | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Patrik Kis <pkis> |
Component: | openswan | Assignee: | Paul Wouters <pwouters> |
Status: | CLOSED ERRATA | QA Contact: | Aleš Mareček <amarecek> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.5 | CC: | amarecek, eparis, jaster, pwouters |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-14 08:19:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrik Kis
2014-04-30 08:57:17 UTC
Ok, the following snippet of code should be added to the spec file in the %post section: if [ ! -f %{_sysconfdir}/ipsec.d/cert8.db ] ; then TEMPFILE=$(/bin/mktemp %{_sysconfdir}/ipsec.d/nsspw.XXXXXXX) [ $? -gt 0 ] && TEMPFILE=%{_sysconfdir}/ipsec.d/nsspw.$$ echo > ${TEMPFILE} certutil -N -f ${TEMPFILE} -d %{_sysconfdir}/ipsec.d restorecon %{_sysconfdir}/ipsec.d/*db 2>/dev/null || : rm -f ${TEMPFILE} fi I can confirm it. Problem is that bug was fixed in spec file only, so after install openswan, db files are ok, but if you remove db files and openswan is restarted, broken files are created. this is now fixed within the _plutorun script with the new "ipsec --checknss" option. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2014-1588.html |