Description of problem: certutil -N (new database) exists with error code 1 although the database is created sucessfully. There is no error message either. Version-Release number of selected component (if applicable): nss-tools-3.39.0-2.fc29.x86_64 How reproducible: always Steps to Reproduce: $ mkdir /tmp/testdb $ echo Secret123 > /tmp/testdb/pwdfile.txt $ certutil -N -d /tmp/testdb/ -f /tmp/testdb/pwdfile.txt Actual results: $ echo $? 1 Expected results: $ echo $? 0 Additional info: Database is created successfully $ ls /tmp/testdb/ cert9.db key4.db pkcs11.txt pwdfile.txt
It might be related to PKCS#11. After I unplugged my Yubikey, certutil is no longer failing.
Confirmed, the problem is triggered by my Yubikey NEO and gpg-agent. As soon as gpg-agent process uses my Yubikey for ssh authentication, certutil fails with error code 1. Reproducer: * configure a Yubikey NEO to have three GPG keys * use gpg-agent as ssh-agent * ssh into another machine using the GPG identity key on the Yubikey NEO * create a new NSS database with certutil -N -> certutil exits with error code 1, probably in NSS_shutdown() call. * kill gpg-agent * create a new NSS database with certutil -N -> certutil exits with error code 0 This problem popped up today after I upgraded from F28 to F29. I never had any issues with Yubikey and gpg-agent integration on F28.
gdb reveals that SECMOD_Shutdown() is failing because it still sees one private module loaded: Breakpoint 1, SECMOD_Shutdown () at pk11util.c:47 ... 91 if (secmod_PrivateModuleCount) { (gdb) n 92 PORT_SetError(SEC_ERROR_BUSY); (gdb) n 93 return SECFailure; (gdb) p secmod_PrivateModuleCount $1 = 1
Daiki, can we get this addressed soonest? It is blocking IdM team development in many cases.
nss-3.43.0-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8584d9df0c
nss-3.43.0-2.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f540724f6
nss-3.43.0-2.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f540724f6
nss-3.43.0-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8584d9df0c
nss-3.43.0-2.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.44.0-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2f5e10754
nss-3.44.0-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2f5e10754
nss-3.44.0-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.