On 06.02.2018 10:33, Mike Hommey wrote: > On Tue, Feb 06, 2018 at 09:16:05AM +0200, Timo Aaltonen wrote: >> Package: nss >> Severity: grave >> >> Hi, please revert this commit which switched the default certificate >> database format to SQL: >> >> https://github.com/nss-dev/nss/commit/33b114e38278c4ffbb6b244a0ebc9910e5245cd3 >> >> Several packages are not ready for it yet, including but likely not limited >> to: >> >> certmonger >> libapache2-mod-nss >> dogtag-pki >> freeipa >> >> respective upstreams are working on it but getting everything merged will >> take a month or two. > > Can you be more specific in how this affects those packages? Because > AFAIR, this is supposed to kind of be transparent.
For example it changes how certutil is run, which would now need a 'dbm:'(?) prefix when accessing an old DB like when setting up Freeipa as shown here: https://bugs.launchpad.net/bugs/1746947 and it also breaks an installed Dogtag instance though I don't know how exactly: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889526 these all use an internal cert DB. -- t