Bug 2097896

Summary: certmonger startup very slow using default NSS sqlite database backend [rhel-9.0.0.z]
Product: Red Hat Enterprise Linux 9 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: nssAssignee: Bob Relyea <rrelyea>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: medium    
Version: 9.0CC: kranz, rcritten, rrelyea, ssorce
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---Flags: pm-rhel: mirror+
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: When upgrading dbm databases with lots of Certificates with private keys, the resulting sqlite database becomes extremely slow to access. This is because the sqlite db will contain extra Trust objects for these certs that are unneccessary. NOTE: upgrade would have happenned on RHEL-8 or RHEL-7. RHEL-9 cannot access dbm databases. Consequence: Accessing the resulting sqlite database becomes extremely slow Fix: this patch speeds up accessing trust objects that don't affect the actual trust values. 2) fixes dbm so that it no longer creates the extra trust Result: Access to these sqlite databases are now faster. Customers can get faster still results by reupdating the databases from the original dbm on the source operations system (RHEL-8 or RHEL-7) after the corresponding patch on that operation system has been applied.
 Story Points: ---
Clone Of: 2097816 Environment:
Last Closed: 2022-09-20 14:00:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2097816    
Bug Blocks:    

Comment 19 errata-xmlrpc 2022-09-20 14:00:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (nss bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:6596