Bug 527048 - nss-sysinit: system-wide nss sql empty key database shouldn't have a password
Summary: nss-sysinit: system-wide nss sql empty key database shouldn't have a password
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: nss
Version: rawhide
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Elio Maldonado Batiz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: F12Blocker, F12FinalBlocker 517000
TreeView+ depends on / blocked
 
Reported: 2009-10-03 18:11 UTC by Elio Maldonado Batiz
Modified: 2013-01-10 05:30 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2009-10-21 22:49:14 UTC


Attachments (Terms of Use)

Description Elio Maldonado Batiz 2009-10-03 18:11:11 UTC
Description of problem: The new nss-system subpackage installs an empty sql type database in the NSS system wide location at /etc/pki/nssdb. The database is supposed to be empty and devoid of any password for uers to start from scratch. It has a password and it shouldn't.

Version-Release number of selected component (if applicable): nss-sysinit-3.12.4-12.fc12. 

How reproducible: always

Steps to Reproduce:
1. As root execute 'yum install nss-sysinit'
2. As root execute 'certutil -K -d sql:/etc/pki/nssdb' to list the keys

Actual results: certutil prints
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
(Hit CRIL-C will to get out

Expected results: certutil prints
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found

Additional info: The wrong "empty" key4.db database was checked in after the packager had been running tests.

Comment 1 Adam Williamson 2009-10-05 17:44:14 UTC
what's the impact of this? bugs should only be tagged as 'urgent' severity if they cause the affected package to be more or less entirely unusable, and this has negative effects on the entire system.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 2 Elio Maldonado Batiz 2009-10-05 18:27:53 UTC
(In reply to comment #1) Come to think about it NSS is still as usable as before. At this time it will only affect users who want to take advantage of functionality in optional sub-package. No urgency to fix it by Beta though we should have a fix by Final. I'm downgrading the Priority and severity to high and medium, respectively.

Comment 3 Adam Williamson 2009-10-05 18:34:34 UTC
if it should be fixed by final release - i.e. if you think we should hold the final release if it's not fixed - it should block F12Blocker. If you aim to fix it by final release but we shouldn't delay the entire release if you don't make it, then we don't put it on F12Blocker list, but you can add it to F12Target if you like, where it'll be pretty much ignored =)

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 4 Jesse Keating 2009-10-21 22:49:14 UTC
This appears to be fixed in the latest build of nss.


Note You need to log in before you can comment on or make changes to this bug.