Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1174191 - On 64-bit RHEL 7.0/7.1, shared-system-certs is never active for 32-bit multiarch
On 64-bit RHEL 7.0/7.1, shared-system-certs is never active for 32-bit multiarch
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: releng (Show other bugs)
7.1
Unspecified Unspecified
high Severity unspecified
: rc
: ---
Assigned To: Lubos Kocman
Release Test Team
:
Depends On:
Blocks: 1295396 1110750
  Show dependency treegraph
 
Reported: 2014-12-15 05:43 EST by Kai Engert (:kaie) (inactive account)
Modified: 2018-10-30 03:23 EDT (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-10-30 03:21:39 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3014 None None None 2018-10-30 03:23 EDT

  None (edit)
Description Kai Engert (:kaie) (inactive account) 2014-12-15 05:43:01 EST 
On 64-bit systems, the shared-system-certs feature, which is implemented by the p11-kit-trust.so module, is never active for 32-bit applications,
because the p11-kit-trust package is available only as a 64-bit package.

For example, on x86_64, the p11-kit-trust.x86_64.rpm package is available,
but the p11-kit-trust.i686.rpm package isn't.

As a result, 32-bit applications using NSS will always use the statically built NSS version of the root CA list.

Expected: 32-bit applications using NSS on a 64-bit system should use the dynamically provided CA list.

In order to fix this bug, the p11-kit-trust package must be made available as a 32-bit version on multiarch systems
Comment 5 Lubos Kocman 2017-03-14 05:43:40 EDT 
I'm adding devel ack, since seems that there is a scenario which is currently blocked. Rel-eng needs to add a multilib whitelist for this specific package + remaining p11-kit-trust.

Is PM okay witch such change (it will result into shipping i686 rpms, which we haven't previously shipped).

Also closing https://projects.engineering.redhat.com/browse/RCM-13414 in favour of this bug.

Lubos
Comment 9 Lubos Kocman 2018-06-22 09:11:26 EDT 
Right thing would be to deliver this update via advisory. Do we have any update, or will we re-push last advisory for p11-kit-trust?

Fixed in https://code.engineering.redhat.com/gerrit/142223
Comment 13 errata-xmlrpc 2018-10-30 03:21:39 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3014
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.