Use 'sql:' prefix in nss.fips.cfg

Fedora 35 and better no longer ship the legacy
secmod.db file as part of the nss package. Explicitly
tell OpenJDK to use sqlite-based sec mode.

Resolves: RHBZ#2019555
This commit is contained in:
Severin Gehwolf 2021-11-03 11:50:39 +01:00
parent 5260220ba1
commit a762184537
2 changed files with 6 additions and 3 deletions

View File

@ -298,7 +298,7 @@
%global top_level_dir_name %{origin} %global top_level_dir_name %{origin}
%global top_level_dir_name_backup %{top_level_dir_name}-backup %global top_level_dir_name_backup %{top_level_dir_name}-backup
%global buildver 12 %global buildver 12
%global rpmrelease 1 %global rpmrelease 2
# Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
%if %is_system_jdk %if %is_system_jdk
# Using 10 digits may overflow the int used for priority, so we combine the patch and build versions # Using 10 digits may overflow the int used for priority, so we combine the patch and build versions
@ -1600,7 +1600,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg
# Setup nss.fips.cfg # Setup nss.fips.cfg
sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg
%build %build
# How many CPU's do we have? # How many CPU's do we have?
@ -2276,6 +2275,10 @@ cjc.mainProgram(args)
%endif %endif
%changelog %changelog
* Wed Nov 03 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:17.0.1.0.12-2.rolling
- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
secmod.db file as part of nss
* Wed Oct 20 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-1.rolling * Wed Oct 20 2021 Petra Alice Mikova <pmikova@redhat.com> - 1:17.0.1.0.12-1.rolling
- October CPU update to jdk 17.0.1+12 - October CPU update to jdk 17.0.1+12
- dropped commented-out source line - dropped commented-out source line

View File

@ -1,6 +1,6 @@
name = NSS-FIPS name = NSS-FIPS
nssLibraryDirectory = @NSS_LIBDIR@ nssLibraryDirectory = @NSS_LIBDIR@
nssSecmodDirectory = @NSS_SECMOD@ nssSecmodDirectory = sql:/etc/pki/nssdb
nssDbMode = readOnly nssDbMode = readOnly
nssModule = fips nssModule = fips