Description of problem: setup-nsssysinit.sh re-writes / re-creates pkcs11.txt. When new file is created, current umask is taken into an account. If run with restrictive umask settings, the file may be created with permission that do no allow non-privileged users to read the file, hence sysinit may remain disabled for users even when it's intended to be enabled. The script should either set umask before running sed, let sed take care of preserving correct permissions (using in-place edit mode), or chmod file at the end of run. Version-Release number of selected component (if applicable): nss-3.12.7-6.fc13 Additional info: # ll /etc/pki/nssdb/pkcs11.txt -rw-r--r--. 1 root root 451 Sep 23 11:10 /etc/pki/nssdb/pkcs11.txt # umask 0077 # setup-nsssysinit.sh on # ll /etc/pki/nssdb/pkcs11.txt -rw-------. 1 root root 451 Sep 23 12:09 /etc/pki/nssdb/pkcs11.txt # umask 022 # setup-nsssysinit.sh on # ll /etc/pki/nssdb/pkcs11.txt -rw-r--r--. 1 root root 451 Sep 23 12:09 /etc/pki/nssdb/pkcs11.txt
Created attachment 450265 [details] Changes to create system pkcs11.txt with correct permissions Includes enhancement to report nss-sysinit status requested in bug 636801.
nss-3.12.7-8.fc14,nss-softokn-3.12.7-7.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/nss-3.12.7-8.fc14,nss-softokn-3.12.7-7.fc14
nss-3.12.7-8.fc13,nss-softokn-3.12.7-7.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/nss-3.12.7-8.fc13,nss-softokn-3.12.7-7.fc13
nss-3.12.7-8.fc14, nss-softokn-3.12.7-7.fc14 has been pushed to the Fedora 14 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update nss nss-softokn'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/nss-3.12.7-8.fc14,nss-softokn-3.12.7-7.fc14
nss-3.12.8-2.fc14,nss-softokn-3.12.8-1.fc14,nss-util-3.12.8-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/nss-3.12.8-2.fc14,nss-softokn-3.12.8-1.fc14,nss-util-3.12.8-1.fc14
nss-util-3.12.8-1.fc12,nss-softokn-3.12.8-1.fc12,nss-3.12.8-2.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/nss-util-3.12.8-1.fc12,nss-softokn-3.12.8-1.fc12,nss-3.12.8-2.fc12
nss-3.12.8-2.fc13, nss-softokn-3.12.8-1.fc13, nss-util-3.12.8-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
nss-3.12.8-2.fc14, nss-softokn-3.12.8-1.fc14, nss-util-3.12.8-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
In F14, when updating to nss-sysinit-3.12.8-2.fc14, pkcs11.txt is created as pkcs11.txt.rpmnew even though the file hasn't changed. At the time of package cleanup, the modification date on pkcs11.txt is updated to the current value, so the package no longer verifies. output of "ls -l" before installing new version (note that the time is that of my original F14 install): -rw-r--r--. 1 root root 451 Oct 28 00:21 pkcs11.txt output after installing new version and before cleaning up old version: -rw-r--r--. 1 root root 451 Oct 28 00:21 pkcs11.txt -rw-r--r--. 1 root root 451 Oct 7 01:19 pkcs11.txt.rpmnew output after cleaning up old version: -rw-r--r--. 1 root root 451 Oct 29 20:16 pkcs11.txt (time is the instant the old package is cleaned up): -rw-r--r--. 1 root root 451 Oct 7 01:19 pkcs11.txt.rpmnew [root@dell-pc nssdb]# rpm -V nss-sysinit .......T. c /etc/pki/nssdb/pkcs11.txt [root@dell-pc nssdb]#
Never mind, I noticed that after "mv pkcs11.txt.rpmnew pkcs11.txt", the package verifies.
nss-util-3.12.8-1.fc12, nss-softokn-3.12.8-1.fc12, nss-3.12.8-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.