From f459bf728742c266d13596209942c83994312440 Mon Sep 17 00:00:00 2001 From: Andrew Hughes Date: Mon, 6 Dec 2021 01:03:47 +0000 Subject: [PATCH] Use 'sql:' prefix in nss.fips.cfg Fedora 35 and better no longer ship the legacy secmod.db file as part of the nss package. Explicitly tell OpenJDK to use sqlite-based sec mode. Resolves: rhbz#2023533 --- java-1.8.0-openjdk.spec | 8 ++++++-- nss.fips.cfg.in | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/java-1.8.0-openjdk.spec b/java-1.8.0-openjdk.spec index b91826d..15a7e55 100644 --- a/java-1.8.0-openjdk.spec +++ b/java-1.8.0-openjdk.spec @@ -291,7 +291,7 @@ %global updatever %(VERSION=%{whole_update}; echo ${VERSION##*u}) # eg jdk8u60-b27 -> b27 %global buildver %(VERSION=%{version_tag}; echo ${VERSION##*-}) -%global rpmrelease 1 +%global rpmrelease 2 # Define milestone (EA for pre-releases, GA ("fcs") for releases) # Release will be (where N is usually a number starting at 1): # - 0.N%%{?extraver}%%{?dist} for EA releases, @@ -1832,7 +1832,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg # Setup nss.fips.cfg sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg -sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg %build # How many CPU's do we have? @@ -2496,6 +2495,11 @@ cjc.mainProgram(args) %endif %changelog +* Sun Dec 05 2021 Severin Gehwolf - 1:1.8.0.312.b07-2 +- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy + secmod.db file as part of nss +- Resolves: rhbz#2023533 + * Wed Nov 10 2021 Andrew Hughes - 1:1.8.0.312.b07-1 - Update to aarch64-shenandoah-jdk8u312-b07 (GA) - Update release notes for 8u312-b07. diff --git a/nss.fips.cfg.in b/nss.fips.cfg.in index ead27be..1aff153 100644 --- a/nss.fips.cfg.in +++ b/nss.fips.cfg.in @@ -1,6 +1,6 @@ name = NSS-FIPS nssLibraryDirectory = @NSS_LIBDIR@ -nssSecmodDirectory = @NSS_SECMOD@ +nssSecmodDirectory = sql:/etc/pki/nssdb nssDbMode = readOnly nssModule = fips