Bug 1082235

Summary: mozilla-nss 3.35 causes pesign failures
Product: [openSUSE] openSUSE Tumbleweed Reporter: Dominique Leuenberger <dimstar>
Component: OtherAssignee: Gary Ching-Pang Lin <glin>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Dominique Leuenberger 2018-02-22 08:50:07 UTC
mozilla-nss is in progress of being updated to version 3.35

In staging, with this update, all pesign based packages fail though, with an error like:

[   69s] + certutil -N -d /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db -f /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db/passwd
[   69s] + certutil -A -d /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db -n cert -t CT,CT,CT -i cert.x509
[   69s] Error opening input terminal for read
[   69s] certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
[   69s] error: Bad exit status from /var/tmp/rpm-tmp.8Ftdmv (%install)
Comment 1 Dominique Leuenberger 2018-02-22 08:51:25 UTC
This is currently all staged in Staging:M

- so more detailed build logs and an overview of what all breaks can be found there
Comment 2 Gary Ching-Pang Lin 2018-02-22 09:13:39 UTC
For a quick check, I guess it's caused by the change in certutil:


PK11_NeedLogin(slot) was added since 3.35 and it would request the password to the database. Adding '-f password' to 'certutil -A' probably could fix the error.
Comment 3 Gary Ching-Pang Lin 2018-02-23 02:50:31 UTC
I submitted the fix for pesign-obs-integration (sr#579228) and verified in my branch. Feel free to reopen the bug if the fix doesn't work.
Comment 5 Swamp Workflow Management 2018-05-10 03:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1082235) was mentioned in
https://build.opensuse.org/request/show/606022 42.3 / pesign-obs-integration
Comment 6 Swamp Workflow Management 2018-05-10 22:13:42 UTC
openSUSE-OU-2018:1210-1: An update that has one optional fix can now be installed.

Category: optional (low)
Bug References: 1082235
CVE References: 
Sources used:
openSUSE Leap 42.3 (src):    pesign-obs-integration-10.0-31.6.1
Comment 9 Swamp Workflow Management 2018-06-21 16:33:09 UTC
SUSE-RU-2018:1776-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1082235
CVE References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    pesign-obs-integration-10.0-30.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    pesign-obs-integration-10.0-30.8.1
Comment 11 Swamp Workflow Management 2020-08-10 13:16:58 UTC
SUSE-RU-2020:14446-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1082235
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    pesign-obs-integration-10.0-
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    pesign-obs-integration-10.0-

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.