Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#798455: nss: Create (and populate?) /etc/pki/nssdb
67 views
Skip to first unread message
Laurent Bigonville
Sep 9, 2015, 10:10:03 AM9/9/15
to
Source: nss
Version: 2:3.20-1
Severity: wishlist
Hi,
Shouldn't one of the nss package at least create /etc/pki/nssdb (and
maybe initialize it with an empty database?). Fedora is doing such
thing.
Without an proper nss database in /etc/pki/nssdb (and chmod 755), the
virtual (host) smartcard functionality of libvirt/qemu is not working
(qemu is not even starting).
Cheers,
Laurent Bigonville
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Version: 2:3.20-1
Severity: wishlist
Hi,
Shouldn't one of the nss package at least create /etc/pki/nssdb (and
maybe initialize it with an empty database?). Fedora is doing such
thing.
Without an proper nss database in /etc/pki/nssdb (and chmod 755), the
virtual (host) smartcard functionality of libvirt/qemu is not working
(qemu is not even starting).
Cheers,
Laurent Bigonville
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.1.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Jarl Gullberg
Feb 24, 2023, 11:50:03 AM2/24/23
to
This issue is currently causing nondeterministic failures in the
freeipa-server package via certmonger, which is preventing successful
server installations and subsequently packaging of the full software
suite.
The discussion about the problem is over in the dogtag PKI repo
(https://github.com/dogtagpki/pki/issues/4334). It would be very good
if this could be resolved in the main nss package.
What's the reasoning for the current wontfix tag? I'm happy to put
together a postinst patch for this if need be.
freeipa-server package via certmonger, which is preventing successful
server installations and subsequently packaging of the full software
suite.
The discussion about the problem is over in the dogtag PKI repo
(https://github.com/dogtagpki/pki/issues/4334). It would be very good
if this could be resolved in the main nss package.
What's the reasoning for the current wontfix tag? I'm happy to put
together a postinst patch for this if need be.
0 new messages