Bug 527048 - nss-sysinit: system-wide nss sql empty key database shouldn't have a password
nss-sysinit: system-wide nss sql empty key database shouldn't have a password
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: nss (Show other bugs)
rawhide
All Linux
high Severity medium
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12Blocker/F12FinalBlocker 517000
  Show dependency treegraph
 
Reported: 2009-10-03 14:11 EDT by Elio Maldonado Batiz
Modified: 2013-01-10 00:30 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-21 18:49:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Elio Maldonado Batiz 2009-10-03 14:11:11 EDT
Description of problem: The new nss-system subpackage installs an empty sql type database in the NSS system wide location at /etc/pki/nssdb. The database is supposed to be empty and devoid of any password for uers to start from scratch. It has a password and it shouldn't.

Version-Release number of selected component (if applicable): nss-sysinit-3.12.4-12.fc12. 

How reproducible: always

Steps to Reproduce:
1. As root execute 'yum install nss-sysinit'
2. As root execute 'certutil -K -d sql:/etc/pki/nssdb' to list the keys

Actual results: certutil prints
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
(Hit CRIL-C will to get out

Expected results: certutil prints
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
certutil: no keys found

Additional info: The wrong "empty" key4.db database was checked in after the packager had been running tests.
Comment 1 Adam Williamson 2009-10-05 13:44:14 EDT
what's the impact of this? bugs should only be tagged as 'urgent' severity if they cause the affected package to be more or less entirely unusable, and this has negative effects on the entire system.

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 2 Elio Maldonado Batiz 2009-10-05 14:27:53 EDT
(In reply to comment #1) Come to think about it NSS is still as usable as before. At this time it will only affect users who want to take advantage of functionality in optional sub-package. No urgency to fix it by Beta though we should have a fix by Final. I'm downgrading the Priority and severity to high and medium, respectively.
Comment 3 Adam Williamson 2009-10-05 14:34:34 EDT
if it should be fixed by final release - i.e. if you think we should hold the final release if it's not fixed - it should block F12Blocker. If you aim to fix it by final release but we shouldn't delay the entire release if you don't make it, then we don't put it on F12Blocker list, but you can add it to F12Target if you like, where it'll be pretty much ignored =)

-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 4 Jesse Keating 2009-10-21 18:49:14 EDT
This appears to be fixed in the latest build of nss.

Note You need to log in before you can comment on or make changes to this bug.