Red Hat Bugzilla – Full Text Bug Listing
|Summary:||nss-sysinit: system-wide nss sql empty key database shouldn't have a password|
|Product:||[Fedora] Fedora||Reporter:||Elio Maldonado Batiz <emaldona>|
|Component:||nss||Assignee:||Elio Maldonado Batiz <emaldona>|
|Status:||CLOSED RAWHIDE||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||rawhide||CC:||awilliam, dcantrell, emaldona, kdudka, kengert|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2009-10-21 18:49:14 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
|Bug Blocks:||473303, 517000|
Description Elio Maldonado Batiz 2009-10-03 14:11:11 EDT
Description of problem: The new nss-system subpackage installs an empty sql type database in the NSS system wide location at /etc/pki/nssdb. The database is supposed to be empty and devoid of any password for uers to start from scratch. It has a password and it shouldn't. Version-Release number of selected component (if applicable): nss-sysinit-3.12.4-12.fc12. How reproducible: always Steps to Reproduce: 1. As root execute 'yum install nss-sysinit' 2. As root execute 'certutil -K -d sql:/etc/pki/nssdb' to list the keys Actual results: certutil prints certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" Enter Password or Pin for "NSS Certificate DB": (Hit CRIL-C will to get out Expected results: certutil prints certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services" certutil: no keys found Additional info: The wrong "empty" key4.db database was checked in after the packager had been running tests.
Comment 1 Adam Williamson 2009-10-05 13:44:14 EDT
what's the impact of this? bugs should only be tagged as 'urgent' severity if they cause the affected package to be more or less entirely unusable, and this has negative effects on the entire system. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Comment 2 Elio Maldonado Batiz 2009-10-05 14:27:53 EDT
(In reply to comment #1) Come to think about it NSS is still as usable as before. At this time it will only affect users who want to take advantage of functionality in optional sub-package. No urgency to fix it by Beta though we should have a fix by Final. I'm downgrading the Priority and severity to high and medium, respectively.
Comment 3 Adam Williamson 2009-10-05 14:34:34 EDT
if it should be fixed by final release - i.e. if you think we should hold the final release if it's not fixed - it should block F12Blocker. If you aim to fix it by final release but we shouldn't delay the entire release if you don't make it, then we don't put it on F12Blocker list, but you can add it to F12Target if you like, where it'll be pretty much ignored =) -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
Comment 4 Jesse Keating 2009-10-21 18:49:14 EDT
This appears to be fixed in the latest build of nss.