"James Cassell" <fedoraproject@xxxxxxxxxxxxx> writes: > On Sat, Apr 25, 2020, at 6:21 AM, Ondrej Mosnacek wrote: >> On Fri, Apr 24, 2020 at 11:12 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: >> > On Fri, Apr 24, 2020 at 8:50 PM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote: >> > > On Wed, Apr 22, 2020 at 10:12 AM Daiki Ueno >> > > <ueno@xxxxxxxxxxxxxxxxx> wrote: >> > > > Hello, >> > > > >> > > > I am not sure if this deserves a Fedora Change proposal, so I'd like to >> > > > hear any opinions first before proceeding with the process. >> > > > >> > > > NSS (the crypto library used by Firefox) historically supports 2 >> > > > database formats: SQLite and DBM. The latter is considered legacy and >> > > > we switched the default database format to SQLite in F28[1]. Since then >> > > > I presume most of the applications have switched to the new format. >> > > > Therefore we are planning to phase out the support of DBM, targetting >> > > > F33+. >> > > > >> > > > Please let me know if there is any concern. >> > > >> > > It seems this broke the kernel build. I did some scratch build today >> > > to test some patches, but it failed with this: >> > > >> > > + /usr/bin/pesign -c 'Red Hat Test Certificate' --certdir >> > > /etc/pki/pesign-rh-test -i arch/x86/boot/bzImage -o vmlinuz.signed -s >> > > pesign: Could not initialize nss. >> > > NSS says "The certificate/key database is in an old, unsupported >> > > format." errno says "No such file or directory" >> > > error: Bad exit status from /var/tmp/rpm-tmp.YKqoK0 (%build) >> > > RPM build errors: >> > > Bad exit status from /var/tmp/rpm-tmp.YKqoK0 (%build) >> > > Child return code was: 1 >> > >> > Probably related: https://github.com/rhboot/pesign/issues/34 >> >> I filed a bug against pesign here: >> https://bugzilla.redhat.com/show_bug.cgi?id=1827902 >> > > Shouldn't > https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql have > prevented such bugs? I.e., why didn't the default change get picked up > automatically here? Usually, if the NSS database is created on-the-fly on the system, it should be automatically migrated. However, it doesn't help in this case because the pesign package embeds NSS database only in the old format (as you see with rpm -ql pesign). Regards, -- Daiki Ueno _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
