Bug 1592206
Summary: | NSS load p11-kit modules by default | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Jan Kurik <jkurik> |
Component: | Changes Tracking | Assignee: | Daiki Ueno <dueno> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 29 | CC: | dueno, riehecky, rpattath |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | ChangeAcceptedF29,SystemWideChange | ||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-11-30 17:04:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1173577 | ||
Bug Blocks: |
Description
Jan Kurik
2018-06-18 07:45:40 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle. Changing version to '29'. Today is the '100% code complete deadline' Change Checkpoint[1], meaning that Fedora 29 Changes must now be code complete. All the code required to enable to the new change should now be finished. If your Change is code complete, please update the status of this tracker back to "ON_QA". The change does not have to be fully tested by this deadline. We have now reached the Beta freeze. If your Change is not code complete, you need to request a Freeze Exception[2] or invoke the contingency plan. [1] https://fedoraproject.org/wiki/Changes/Policy#Beta_deadline.2Faccepted_changes_100.25_complete [2] https://fedoraproject.org/wiki/QA:SOP_freeze_exception_bug_process [root@dhcp129-78 ~]# rpm -qi p11-kit Name : p11-kit Version : 0.23.14 Release : 4.el8 Architecture: x86_64 Install Date: Mon 05 Nov 2018 02:13:28 PM EST Group : Unspecified Size : 1395029 License : BSD Signature : RSA/SHA256, Tue 30 Oct 2018 11:06:11 AM EDT, Key ID 938a80caf21541eb Source RPM : p11-kit-0.23.14-4.el8.src.rpm Build Date : Mon 29 Oct 2018 05:33:51 AM EDT Build Host : x86-vm-10.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://p11-glue.freedesktop.org/p11-kit.html Summary : Library for loading and sharing PKCS#11 modules Description : p11-kit provides a way to load and enumerate PKCS#11 modules, as well as a standard configuration setup for installing PKCS#11 modules in such a way that they're discoverable. [root@dhcp129-78 ~]# rpm -qi opensc Name : opensc Version : 0.19.0 Release : 2.el8 Architecture: x86_64 Install Date: Mon 05 Nov 2018 02:15:50 PM EST Group : System Environment/Libraries Size : 3783991 License : LGPLv2+ Signature : RSA/SHA256, Mon 22 Oct 2018 10:22:29 AM EDT, Key ID 199e2f91fd431d51 Source RPM : opensc-0.19.0-2.el8.src.rpm Build Date : Mon 22 Oct 2018 09:02:15 AM EDT Build Host : x86-vm-05.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : https://github.com/OpenSC/OpenSC/wiki Summary : Smart card library and applications Description : OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations, and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS#11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS#15 standard and aims to be compatible with every software/card that does so, too. [root@dhcp129-78 ~]# rpm -qi nss Name : nss Version : 3.39.0 Release : 1.1.el8 Architecture: x86_64 Install Date: Mon 05 Nov 2018 02:14:46 PM EST Group : System Environment/Libraries Size : 3993849 License : MPLv2.0 Signature : RSA/SHA256, Mon 22 Oct 2018 05:33:18 AM EDT, Key ID 938a80caf21541eb Source RPM : nss-3.39.0-1.1.el8.src.rpm Build Date : Thu 18 Oct 2018 11:11:45 AM EDT Build Host : x86-vm-07.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.mozilla.org/projects/security/pki/nss/ Summary : Network Security Services Description : Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards. The following testes were successfully run: Using the following default modules under nssdb: [root@dhcp129-78 ~]# modutil -list -dbdir /etc/pki/nssdb/ Listing of PKCS #11 Modules ----------------------------------------------------------- 1. NSS Internal Crypto Services uri: pkcs11:library-manufacturer=Mozilla%20Foundation;library-description=NSS%20Internal%20Crypto%20Services;library-version=3.39 slots: 2 slots attached status: loaded slot: NSS Internal Cryptographic Services token: NSS Generic Crypto Services uri: pkcs11:token=NSS%20Generic%20Crypto%20Services;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 slot: NSS User Private Key and Certificate Services token: NSS Certificate DB uri: pkcs11:token=NSS%20Certificate%20DB;manufacturer=Mozilla%20Foundation;serial=0000000000000000;model=NSS%203 2. p11-kit-proxy library name: p11-kit-proxy.so uri: pkcs11:library-manufacturer=PKCS%2311%20Kit;library-description=PKCS%2311%20Kit%20Proxy%20Module;library-version=1.1 slots: 1 slot attached status: loaded slot: OMNIKEY AG CardMan 3121 00 00 token: Test Cardholder uri: pkcs11:token=Test%20Cardholder;manufacturer=piv_II;serial=c9d45c86501843e2;model=PKCS%2315%20emulated 1. Smartcard detection by pkcs11-tool 2. Smartcard authentication using one and multiple smartcards 3. Smartcard detection by Firefox using p11-kit module This Change appears to have been implemented for Fedora 29. If it is not closed, please let me know so I can re-open it against Rawhide. |