Description of problem: When building nss there are a large number of tests run. In previous versions of nss the results of dbtests.sh was not checked because the output of dbtests.sh were written to a separate file (dbtest.log). In those older versions and the current version two tests fail (using ronlydir) because when root does build writing is always possible. Unfortunately the latests nss versions merge dbtests.sh output into the common output.log and those two failures are detected causing the build to fail. Version-Release number of selected component (if applicable): nss-3.12.7-6 How reproducible: Always Steps to Reproduce: 1. rpmbuild nss.spec Actual results: two tests fail Expected results: no test should fail Additional info: When doing readonly checks in ronlydir then the id of the users should be checked because as we all know root can do anything including writing to readonly directories and writing to readonly files.
Please modify the subject line to "nss build fails when user is root". Wish I could change the subject but I cannot see how.
Created attachment 455374 [details] check user id and fail read donly test only when non-root When the user modifies an nssdb in a read-only diroctory fail the test only if user isn't root. Fix a few typos.
This message is a reminder that Fedora 12 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 12. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '12'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 12's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 12 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
But you obviously never read the previous post did you, Bug Zapper? The prior post said "When the user modifies an nssdb in a read-only diroctory fail the test only if user isn't root. Fix a few typos." So why didn't Elio Maldonado Batiz close the bug? Come on Bug Zapper - surely you can be a bit more intelligent about this?
Elio, given that you have created an attachment to fix this bug why have you chosen to close this as "NOTABUG"? Can you please explain?
Comment on attachment 455374 [details] check user id and fail read donly test only when non-root On self-review I must give reject my own patch. We do want to know that nss does prevent unauthorized users from modifying the database. This patch would just hide the problem from us. The problem is rather one of testing mis-configuration.
Obviously if one of the tests is to test whether an ordinary user can write to a read-only directory then the first thing to do would be to become an ordinary user! User nobody, or some other fallback user, might be a good choice. But in any case, testing whether an ordinary user can write to a file in a read-only directory is not really something that nss should be doing. That is something that configure/autoconf should be able to determine if there is some variability from platform to platform. Should nss build also run tests to check whether the "r" option of fopen does indeed prevent writing with a file pointer? It is somewhat absurd to create tests that create new problems rather than detect or cure (non-existent) old problems. Maybe such tests should be confined to use by developers for their own benefit only - to test that their assumptions and coding is correct - not for every single build.
nss-3.12.10-5.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/nss-3.12.10-5.fc15
Package nss-3.12.10-5.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing nss-3.12.10-5.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/nss-3.12.10-5.fc15 then log in and leave karma (feedback).
nss-3.12.10-5.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.