From 0db2c2791ba71dd41e6eb8339ba6d4435f94b404 Mon Sep 17 00:00:00 2001 From: Severin Gehwolf Date: Wed, 3 Nov 2021 11:50:39 +0100 Subject: [PATCH] Use 'sql:' prefix in nss.fips.cfg Fedora 35 and better no longer ship the legacy secmod.db file as part of the nss package. Explicitly tell OpenJDK to use sqlite-based sec mode. Resolves: RHBZ#2019555 --- java-latest-openjdk.spec | 7 +++++-- nss.fips.cfg.in | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/java-latest-openjdk.spec b/java-latest-openjdk.spec index 58a8519..c7eebd1 100644 --- a/java-latest-openjdk.spec +++ b/java-latest-openjdk.spec @@ -298,7 +298,7 @@ %global top_level_dir_name %{origin} %global top_level_dir_name_backup %{top_level_dir_name}-backup %global buildver 12 -%global rpmrelease 1 +%global rpmrelease 2 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit %if %is_system_jdk # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions @@ -1600,7 +1600,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg # Setup nss.fips.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg -sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg %build # How many CPU's do we have? @@ -2276,6 +2275,10 @@ cjc.mainProgram(args) %endif %changelog +* Wed Nov 03 2021 Severin Gehwolf - 1:17.0.1.0.12-2.rolling +- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy + secmod.db file as part of nss + * Wed Oct 20 2021 Petra Alice Mikova - 1:17.0.1.0.12-1.rolling - October CPU update to jdk 17.0.1+12 - dropped commented-out source line diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in index ead27be..1aff153 100644 --- a/nss.fips.cfg.in +++ b/nss.fips.cfg.in @@ -1,6 +1,6 @@ name = NSS-FIPS nssLibraryDirectory = @NSS_LIBDIR@ -nssSecmodDirectory = @NSS_SECMOD@ +nssSecmodDirectory = sql:/etc/pki/nssdb nssDbMode = readOnly nssModule = fips