We intend to change the default database format that NSS will use, if an application doesn't specify their preference. (Only on Fedora 28 and later.) The reason is that the old default (dbm) is old legacy code, which doesn't work with concurrent access, and the NSS developers would like to declare dbm as deprecated. The new default (sql) is based on sqlite. We must be careful that: - Firefox on Fedora 27 never uses the sqlite database, even if upstream changes to enforce it, independently of the NSS default (we might potentially require a small patch to Firefox to keep the old default) It would be good to have a test that confirms that Fedora 27 and older create files cert8.db/key3.db in the Firefox profile directory. - Firefox on Fedora 28 always uses the sqlite database It would be good to have a test that confirms that Fedora 28 and newer create files cert9.db/key4.db in the Firefox profile directory. We should be very careful, and avoid that any environment accidentally uses the wrong database, to avoid dataloss. (Can happen if someone converts from dbm to sql because of an accident, and then must convert back to dbm, which is very difficult.) In addition, firefox will require patches to ensure compatibility with the sql database, and avoid that users require any manual adjustments. Upstream Firefox is working on the required changes, and I expect they will be part of Firefox 58. However, to avoid a mess on Fedora, we should change the "Firefox database format" and the "NSS default database format" at the same time. And we want to change the NSS default earlier than the Firefox 58 release date. This means, we should backport the required changes for the Firefox version shipped on Fedora 28 / Rawhide. I'll help with that. Upstream bugs are: https://bugzilla.mozilla.org/show_bug.cgi?id=730495 https://bugzilla.mozilla.org/show_bug.cgi?id=783994
Sure, please let me know when the Firefox patch is ready. Thanks.
Fedora 28 rawhide already uses a beta version of Firefox 57. Firefox 57 require the following backported fix: https://bugzilla.mozilla.org/show_bug.cgi?id=730495 "Need to guarantee that sqlite3_config is called before any other SQLite function" Here is a scratch build with that patch backported: https://koji.fedoraproject.org/koji/taskinfo?taskID=22568884
Created attachment 1342277 [details] sqlcompat-ff57-1-backport-730495
For testing on my local machine, I've created a scratch build of FF 56 for Fedora 26, which contains the attached backport, plus some additional backports which aren't yet contained in FF 56. https://koji.fedoraproject.org/koji/taskinfo?taskID=22650443 https://bugzilla.mozilla.org/show_bug.cgi?id=1389664 "have PSM always initialize the user's pin to the empty string if necessary at startup" https://bugzilla.mozilla.org/show_bug.cgi?id=1394871 "profile migration code will need to know about key4.db"
Martin, if you agree to this backport, could you please submit an updated rawhide firefox build that adds the attached patch? (Only Rawhide Fedora 28 needs it.) (I don't know how to do a rawhide build from the private branch that you are using for Firefox 57 beta.) +Patch481: sqlcompat-ff57-1-backport-730495 +%patch481 -p1 -b .sqlcompat-1 Thanks! Please let me know if I should help more.
coordinated with Martin on IRC. Rawhide build with the patch running here: https://koji.fedoraproject.org/koji/taskinfo?taskID=22664542
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.
This message is a reminder that Fedora 28 is nearing its end of life. On 2019-May-28 Fedora will stop maintaining and issuing updates for Fedora 28. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '28'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 28 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
(In reply to Kai Engert (:kaie) (inactive account) from comment #6) > coordinated with Martin on IRC. > > Rawhide build with the patch running here: > https://koji.fedoraproject.org/koji/taskinfo?taskID=22664542 Does this mean the change has landed already?
Already solved.