Bug 527048

Summary: nss-sysinit: system-wide nss sql empty key database shouldn't have a password
Product: [Fedora] Fedora Reporter: Elio Maldonado Batiz <emaldona>
Component: nssAssignee: Elio Maldonado Batiz <emaldona>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: high    
Version: rawhideCC: awilliam, dcantrell, emaldona, kdudka, kengert
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-21 22:49:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 473303, 517000    

Description Elio Maldonado Batiz 2009-10-03 18:11:11 UTC 
Description of problem: The new nss-system subpackage installs an empty sql type database in the NSS system wide location at /etc/pki/nssdb. The database is supposed to be empty and devoid of any password for uers to start from scratch. It has a password and it shouldn't.

Version-Release number of selected component (if applicable): nss-sysinit-3.12.4-12.fc12. 

How reproducible: always

Steps to Reproduce:
1. As root execute 'yum install nss-sysinit'
2. As root execute 'certutil -K -d sql:/etc/pki/nssdb' to list the keys

Actual results: certutil prints
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
(Hit CRIL-C will to get out

Expected results: certutil prints
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found

Additional info: The wrong "empty" key4.db database was checked in after the packager had been running tests.
Comment 1 Adam Williamson 2009-10-05 17:44:14 UTC 
what's the impact of this? bugs should only be tagged as 'urgent' severity if they cause the affected package to be more or less entirely unusable, and this has negative effects on the entire system.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 2 Elio Maldonado Batiz 2009-10-05 18:27:53 UTC 
(In reply to comment #1) Come to think about it NSS is still as usable as before. At this time it will only affect users who want to take advantage of functionality in optional sub-package. No urgency to fix it by Beta though we should have a fix by Final. I'm downgrading the Priority and severity to high and medium, respectively.
Comment 3 Adam Williamson 2009-10-05 18:34:34 UTC 
if it should be fixed by final release - i.e. if you think we should hold the final release if it's not fixed - it should block F12Blocker. If you aim to fix it by final release but we shouldn't delay the entire release if you don't make it, then we don't put it on F12Blocker list, but you can add it to F12Target if you like, where it'll be pretty much ignored =)

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 4 Jesse Keating 2009-10-21 22:49:14 UTC 
This appears to be fixed in the latest build of nss.