Timo Aaltonen kirjoitti 21.12.2017 klo 11:43: > Hi, I need nss-pem for certmonger which is used on a FreeIPA client to > refresh certificates. Without it shipping FreeIPA server with a CA is > pointless. > > Six months have passed, how about just merging this patch? It wouldn't > affect packages using libnss3-dev.
It's not just freeipa client, setting up current freeipa server fails if libnsspem.so is not available. https://pagure.io/freeipa/issue/7422 Upstream/nss-pem folks are quite clear that nssb can't be made dynamic, and they won't touch the others either. So while nss-pem could technically just copy the necessary headers, it would still require the libs from nss.. https://bugzilla.mozilla.org/show_bug.cgi?id=1429692 I've filed a bug on Ubuntu to add libnss3-pkcs11-dev https://bugs.launchpad.net/ubuntu/+source/nss/+bug/1751140 because bionic can't wait any longer. -- t