Use 'sql:' prefix in nss.fips.cfg

Fedora 35 and better no longer ship the legacy secmod.db file as part of the nss package. Explicitly tell OpenJDK to use sqlite-based sec mode. Resolves: rhbz#2023535
2021-12-02 02:39:26 +00:00 · 2021-12-02 02:39:26 +00:00 · 0fd8f1db3f
parent bdb34159ca
commit 0fd8f1db3f
2 changed files with 7 additions and 3 deletions
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@ -345,7 +345,7 @@
 %global top_level_dir_name   %{origin}
 %global top_level_dir_name_backup %{top_level_dir_name}-backup
 %global buildver        8
-%global rpmrelease      3
+%global rpmrelease      4
 #%%global tagsuffix     %%{nil}
 # Priority must be 8 digits in total; up to openjdk 1.8, we were using 18..... so when we moved to 11, we had to add another digit
 %if %is_system_jdk
@ -1728,7 +1728,6 @@ sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE11} > nss.cfg

 # Setup nss.fips.cfg
 sed -e "s:@NSS_LIBDIR@:%{NSS_LIBDIR}:g" %{SOURCE17} > nss.fips.cfg
-sed -i -e "s:@NSS_SECMOD@:/etc/pki/nssdb:g" nss.fips.cfg

 %build
 # How many CPU's do we have?
@ -2431,6 +2430,11 @@ require "copy_jdk_configs.lua"
 %endif

 %changelog
+* Thu Dec 02 2021 Severin Gehwolf <sgehwolf@redhat.com> - 1:11.0.13.0.8-4
+- Use 'sql:' prefix in nss.fips.cfg as F35+ no longer ship the legacy
+  secmod.db file as part of NSS
+- Resolves: rhbz#2023535
+
 * Wed Dec 01 2021 Jiri Vanek <jvanek@redhat.com> - 1:11.0.13.0.8-3
 - Replaced hardcoded 11 by featurever where appropriate
 - Fixed comment of `for slowdebug` to correct `any debug`
--- a/nss.fips.cfg.in
+++ b/nss.fips.cfg.in
@ -1,6 +1,6 @@
 name = NSS-FIPS
 nssLibraryDirectory = @NSS_LIBDIR@
-nssSecmodDirectory = @NSS_SECMOD@
+nssSecmodDirectory = sql:/etc/pki/nssdb
 nssDbMode = readOnly
 nssModule = fips