certmonger/0002-SQLite-databases-require-a-password-to-modify-trust-.patch
Rob Crittenden 6155daa274 Fixes for F28 switch to sqlite as the default NSS database type
- Patch to fix NSS handling of keys in sqlite databases
- Patches to fix tests now that sqlite is the NSS default.

Also fix building in rawhide due to packaging changes

- Remove BR on mktemp. It is now provided by coreutils.
2018-01-16 16:14:56 -05:00

53 lines
1.9 KiB
Diff

From f1b7eeceef117606c060f61542754f5556739469 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 9 Jan 2018 22:13:49 -0500
Subject: [PATCH 2/6] SQLite databases require a password to modify trust and
to sign
This affects certutil -M and cmsutil -S. Need to add -f pinfile.
https://pagure.io/certmonger/issue/88
---
tests/030-rekey/run.sh | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/tests/030-rekey/run.sh b/tests/030-rekey/run.sh
index 9b50da4a..07fea683 100755
--- a/tests/030-rekey/run.sh
+++ b/tests/030-rekey/run.sh
@@ -140,11 +140,11 @@ for preserve in 1 0 ; do
echo "This is the plaintext." > plain.txt
echo "NSS Signing:"
- certutil -M -d $tmpdir -n i$size -t P,P,P
- cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed
+ certutil -M -d $tmpdir -n i$size -t P,P,P -f pinfile
+ cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed -f pinfile
echo "NSS Verify:"
- cmsutil -D -d $tmpdir -f pinfile -i signed
- certutil -M -d $tmpdir -n i$size -t ,,
+ cmsutil -D -d $tmpdir -f pinfile -i signed -f pinfile
+ certutil -M -d $tmpdir -n i$size -t ,, -f pinfile
# Go and save the new certs and keys (NSS).
echo '(saving)'
@@ -163,11 +163,11 @@ for preserve in 1 0 ; do
echo "This is the plaintext." > plain.txt
echo "NSS Signing:"
- certutil -M -d $tmpdir -n i$size -t P,P,P
- cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed
+ certutil -M -d $tmpdir -n i$size -t P,P,P -f pinfile
+ cmsutil -S -d $tmpdir -f pinfile -N i$size -i plain.txt -o signed -f pinfile
echo "NSS Verify:"
- cmsutil -D -d $tmpdir -f pinfile -i signed
- certutil -M -d $tmpdir -n i$size -t ,,
+ cmsutil -D -d $tmpdir -f pinfile -i signed -f pinfile
+ certutil -M -d $tmpdir -n i$size -t ,, -f pinfile
# Now generate new keys, CSRs, and certificates (OpenSSL).
echo "PEM keys before re-keygen (preserve=$preserve,pin=\"$pin\"):"
--
2.15.1