Bug 1082235 - mozilla-nss 3.35 causes pesign failures
mozilla-nss 3.35 causes pesign failures
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Gary Ching-Pang Lin
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-22 08:50 UTC by Dominique Leuenberger
Modified: 2020-08-10 13:16 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique Leuenberger 2018-02-22 08:50:07 UTC
mozilla-nss is in progress of being updated to version 3.35

In staging, with this update, all pesign based packages fail though, with an error like:

[   69s] + certutil -N -d /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db -f /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db/passwd
[   69s] + certutil -A -d /home/abuild/rpmbuild/BUILD/pesign-repackage-1.0/rsasigned/nss-db -n cert -t CT,CT,CT -i cert.x509
[   69s] Error opening input terminal for read
[   69s] certutil: could not authenticate to token NSS Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
[   69s] error: Bad exit status from /var/tmp/rpm-tmp.8Ftdmv (%install)
Comment 1 Dominique Leuenberger 2018-02-22 08:51:25 UTC
This is currently all staged in Staging:M
https://build.opensuse.org/project/show/openSUSE:Factory:Staging:M

- so more detailed build logs and an overview of what all breaks can be found there
Comment 2 Gary Ching-Pang Lin 2018-02-22 09:13:39 UTC
For a quick check, I guess it's caused by the change in certutil:

https://hg.mozilla.org/projects/nss/file/NSS_3_35_BRANCH/cmd/certutil/certutil.c#l3174

PK11_NeedLogin(slot) was added since 3.35 and it would request the password to the database. Adding '-f password' to 'certutil -A' probably could fix the error.
Comment 3 Gary Ching-Pang Lin 2018-02-23 02:50:31 UTC
I submitted the fix for pesign-obs-integration (sr#579228) and verified in my branch. Feel free to reopen the bug if the fix doesn't work.
Comment 5 Swamp Workflow Management 2018-05-10 03:40:06 UTC
This is an autogenerated message for OBS integration:
This bug (1082235) was mentioned in
https://build.opensuse.org/request/show/606022 42.3 / pesign-obs-integration
Comment 6 Swamp Workflow Management 2018-05-10 22:13:42 UTC
openSUSE-OU-2018:1210-1: An update that has one optional fix can now be installed.

Category: optional (low)
Bug References: 1082235
CVE References: 
Sources used:
openSUSE Leap 42.3 (src):    pesign-obs-integration-10.0-31.6.1
Comment 9 Swamp Workflow Management 2018-06-21 16:33:09 UTC
SUSE-RU-2018:1776-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1082235
CVE References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    pesign-obs-integration-10.0-30.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    pesign-obs-integration-10.0-30.8.1
Comment 11 Swamp Workflow Management 2020-08-10 13:16:58 UTC
SUSE-RU-2020:14446-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1082235
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-LTSS (src):    pesign-obs-integration-10.0-0.29.3.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    pesign-obs-integration-10.0-0.29.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.