Bug 679748

Summary: mod_nss's postinstall script doesn't work properly
Product: Red Hat Enterprise Linux 5 Reporter: RHEL Program Management <pm-rhel>
Component: mod_nssAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: high Docs Contact:
Priority: high    
Version: 5.6CC: aenright, benl, Colin.Simpson, dave.armin, dpal, ekuric, ernie.joynt, kchamart, madadmin, massi.ergosum, mmatsuya, mpoole, mworsham, ohudlick, pm-eus, rcritten, redhatbugzilla, sweigand, ubeck, yasuhiro.ozone
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: mod_nss-1.0.8-4.el5_6.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-04 07:06:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 669963    
Bug Blocks:    

Description RHEL Program Management 2011-02-23 12:28:59 UTC 
This bug has been copied from bug #669963 and has been proposed
to be backported to 5.6 z-stream (EUS).
Comment 4 Rob Crittenden 2011-03-02 17:02:27 UTC 
Backported fix to handle upgrades.
Comment 6 Kashyap Chamarthy 2011-03-15 14:15:58 UTC 
Verified successfully.

Env:

RHEL 5.6 - x86_64 
mod_nss-1.0.8-4.el5 (picked the build from -brew-)


Verification procedure (as noted by Rob in Errata)

1/ Install mod_nss 1.0.3 
2/ Confirm that only root can read /etc/httpd/alias/*.db 
3/ Upgrade mod_nss 
4/ Confirm that the db files in /etc/httpd/alias/*.db are mode 0640

Result: Database file in /etc/httpd/alias/ are mode 0640
==============================================================================
[root@tornado mod-nss-test-mar152011]# ls
mod_nss-1.0.3-8.el5.x86_64.rpm  mod_nss-1.0.8-4.el5.x86_64.rpm
==============================================================================
[root@tornado mod-nss-test-mar152011]# rpm -ivh mod_nss-1.0.3-8.el5.x86_64.rpm
Preparing...                ########################################### [100%]
   1:mod_nss                ########################################### [100%]

mod_nss certificate database generated.
==============================================================================
[root@tornado mod-nss-test-mar152011]# ll /etc/httpd/alias/
total 128
-rw------- 1 root root 65536 Mar 15 19:18 cert8.db
-rw------- 1 root root  4395 Mar 15 19:18 install.log
-rw------- 1 root root 16384 Mar 15 19:18 key3.db
lrwxrwxrwx 1 root root    32 Mar 15 19:18 libnssckbi.so -> ../../../usr/lib64/libnssckbi.so
-rw------- 1 root root 16384 Mar 15 19:18 secmod.db
==============================================================================
[root@tornado mod-nss-test-mar152011]# ls
mod_nss-1.0.3-8.el5.x86_64.rpm  mod_nss-1.0.8-4.el5.x86_64.rpm
==============================================================================
[root@tornado mod-nss-test-mar152011]# rpm -Uvh mod_nss-1.0.8-4.el5.x86_64.rpm
Preparing...                ########################################### [100%]
   1:mod_nss                ########################################### [100%]
==============================================================================
[root@tornado mod-nss-test-mar152011]# ll /etc/httpd/alias/
total 128
-rw-r----- 1 root apache 65536 Mar 15 19:18 cert8.db
-rw------- 1 root root    4395 Mar 15 19:18 install.log
-rw-r----- 1 root apache 16384 Mar 15 19:18 key3.db
lrwxrwxrwx 1 root root      33 Mar 15 19:19 libnssckbi.so -> ../../..//usr/lib64/libnssckbi.so
-rw-r----- 1 root apache 16384 Mar 15 19:18 secmod.db
==============================================================================
[root@tornado mod-nss-test-mar152011]# 
==============================================================================
Comment 7 errata-xmlrpc 2011-04-04 07:06:11 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0411.html