New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NSS db migration #3221
Comments
Comment from slev (@stanislavlevin) at 2019-08-13 05:42:09 |
Comment from rcritten (@rcritten) at 2019-09-30 09:19:18 Perhaps NSS should not initiate a migration when opened with NSS_INIT_NOMODDB. I'm not sure this is a bug in certmonger. |
Comment from slev (@stanislavlevin) at 2019-09-30 09:24:03 I could open a ticket against NSS. But looks like the migration process is not standardized. |
Comment from slev (@stanislavlevin) at 2019-11-06 03:05:09 Mozilla upstream ticket: |
Comment from slev (@stanislavlevin) at 2019-11-08 06:42:51 With recent Certmonger changes (reopening without the first part of my problem is hidden:
Now as you can see there is |
This issue was migrated from Pagure Issue #3104. Originally filed by slev (@stanislavlevin) on 2019-08-13 05:41:24:
During FreeIPA upgrade from an old version (4.3.3) to a new one (4.7.2)
pki-tomcatd@pki-tomcat.service
fails with:There is a partially upgraded NSS db. As it's known,
( https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql ) an implicit migration takes place on
write
open.certmonger during the same RPM upgrade process restarted and re-read the tracked certs.
https://pagure.io/certmonger/blob/master/f/src/certread-n.c#_103
The root cause of this issue is
NSS_INIT_NOMODDB
flag, used by certmonger in NSS_InitContext. Actually, certmonger just triggers the issue.The very simple reproducer in pytest is attached.
The text was updated successfully, but these errors were encountered: