diff --git a/cert8.db.xml b/cert8.db.xml
deleted file mode 100644
index e82948d..0000000
--- a/cert8.db.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="cert8.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>cert8.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>cert8.db</refname>
-    <refpurpose>Legacy NSS certificate database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>cert8.db</emphasis> is an NSS certificate database.</para>
-  <para>This certificate database is in the legacy database format. Consider migrating to cert9.db and key4.db which are the new sqlite-based shared database format with support for concurrent access.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/cert8.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>
diff --git a/key3.db.xml b/key3.db.xml
deleted file mode 100644
index 444d7aa..0000000
--- a/key3.db.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="key3.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>key3.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>key3.db</refname>
-    <refpurpose>Legacy NSS certificate database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>key3.db</emphasis> is an NSS certificate database.</para>
-  <para>This is a key database in the legacy database format. Consider migrating to cert9.db and key4.db which  which are the new sqlite-based shared database format with support for concurrent access.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/key3.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>cert9.db(5), key4.db(5), pkcs11.txt(5), </para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat,  Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>
diff --git a/nss.spec b/nss.spec
index 19777dc..3c5aa6a 100644
--- a/nss.spec
+++ b/nss.spec
@@ -4,7 +4,7 @@
 # - increment %%{nspr_version}, when updating the NSS part only
 # - put the nss_release number here next to nspr, as they both
 #   need to be updated on a given release
-%global nss_release 3
+%global nss_release 4
 %global nspr_release %[ %nss_release+2]
 %global nss_version 3.71.0
 # only need to update this as we added new
@@ -90,21 +90,25 @@ Source6:          nss-softokn-dracut-module-setup.sh
 Source7:          nss-softokn-dracut.conf
 Source8:          nss.pc.in
 Source9:          nss-config.in
+%if %{with dbm}
 Source10:         blank-cert8.db
 Source11:         blank-key3.db
 Source12:         blank-secmod.db
+%endif
 Source13:         blank-cert9.db
 Source14:         blank-key4.db
 Source15:         system-pkcs11.txt
 Source16:         setup-nsssysinit.sh
 Source20:         nss-config.xml
 Source21:         setup-nsssysinit.xml
-Source22:         pkcs11.txt.xml
+%if %{with dbm}
 Source23:         cert8.db.xml
-Source24:         cert9.db.xml
 Source25:         key3.db.xml
-Source26:         key4.db.xml
 Source27:         secmod.db.xml
+%endif
+Source22:         pkcs11.txt.xml
+Source24:         cert9.db.xml
+Source26:         key4.db.xml
 Source28:         nss-p11-kit.config
 
 Source100:        nspr-%{nspr_archive_version}.tar.gz
@@ -540,20 +544,22 @@ date +"%e %B %Y" | tr -d '\n' > date.xml
 echo -n %{nss_version} > version.xml
 
 # configuration files and setup script
-for m in %{SOURCE20} %{SOURCE21} %{SOURCE22}; do
+for m in %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE24} %{SOURCE26}; do
   cp ${m} .
 done
-for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml; do
+for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml cert9.db.xml key4.db.xml; do
   xmlto man ${m}
 done
 
-# nss databases considered to be configuration files
-for m in %{SOURCE23} %{SOURCE24} %{SOURCE25} %{SOURCE26} %{SOURCE27}; do
+%if %{with dbm}
+# nss dbm databases 
+for m in %{SOURCE23} %{SOURCE25} %{SOURCE27}; do
   cp ${m} .
 done
-for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml; do
+for m in cert8.db.xml key3.db.xml secmod.db.xml; do
   xmlto man ${m}
 done
+%endif
 
 
 %check
@@ -704,9 +710,11 @@ done
 # Install the empty NSS db files
 # Legacy db
 mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb
+%if %{with dbm}
 install -p -m 644 %{SOURCE10} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert8.db
 install -p -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key3.db
 install -p -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/secmod.db
+%endif
 # Shared db
 install -p -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/cert9.db
 install -p -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{_sysconfdir}/pki/nssdb/key4.db
@@ -782,13 +790,15 @@ install -c -m 644 ./dist/docs/nroff/pp.1 $RPM_BUILD_ROOT%{_datadir}/doc/nss-tool
 %endif
 
 # Copy the man pages for the configuration files
-for f in pkcs11.txt; do
+for f in pkcs11.txt cert9.db key4.db; do
    install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
 done
-# Copy the man pages for the nss databases
-for f in cert8.db cert9.db key3.db key4.db secmod.db; do
+# Copy the man pages for the nss dbm databases
+%if %{with dbm}
+for f in cert8.db key3.db secmod.db; do
    install -c -m 644 ${f}.5 $RPM_BUILD_ROOT%{_mandir}/man5/${f}.5
 done
+%endif
 
 # Copy the crypto-policies configuration file
 install -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d
@@ -823,16 +833,20 @@ update-crypto-policies &> /dev/null || :
 %{_libdir}/libssl3.so
 %{_libdir}/libsmime3.so
 %dir %{_sysconfdir}/pki/nssdb
+%if %{with dbm}
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert8.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key3.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/secmod.db
+%endif
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/cert9.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/key4.db
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/pki/nssdb/pkcs11.txt
 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/crypto-policies/local.d/nss-p11-kit.config
+%if %{with dbm}
 %doc %{_mandir}/man5/cert8.db.5*
 %doc %{_mandir}/man5/key3.db.5*
 %doc %{_mandir}/man5/secmod.db.5*
+%endif
 %doc %{_mandir}/man5/cert9.db.5*
 %doc %{_mandir}/man5/key4.db.5*
 %doc %{_mandir}/man5/pkcs11.txt.5*
diff --git a/secmod.db.xml b/secmod.db.xml
deleted file mode 100644
index afc9dce..0000000
--- a/secmod.db.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version='1.0' encoding='utf-8'?>
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
-<!ENTITY date SYSTEM "date.xml">
-<!ENTITY version SYSTEM "version.xml">
-]>
-
-<refentry id="secmod.db">
-
-  <refentryinfo>
-    <date>&date;</date>
-    <title>Network Security Services</title>
-    <productname>nss</productname>
-    <productnumber>&version;</productnumber>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>secmod.db</refentrytitle>
-    <manvolnum>5</manvolnum>
-  </refmeta>
-
-  <refnamediv>
-    <refname>secmod.db</refname>
-    <refpurpose>Legacy NSS security modules database</refpurpose>
-  </refnamediv>
-
-<refsection id="description">
-    <title>Description</title>
-    <para><emphasis>secmod.db</emphasis> is an NSS security modules database.</para>
-  <para>The security modules database is used to keep track of the NSS security modules. The NSS security modules export their services via the PKCS #11 API which NSS uses as its Services Provider Interface.
-  </para>
-  <para>The command line utility <emphasis>modutil</emphasis> is used for managing PKCS #11 module information both within secmod.db files and within hardware tokens.
-  </para>
-  <para>For new applications the recommended way of tracking security modules is via the pkcs11.txt configuration file used in conjunction the new sqlite-based shared database format for certificate and key databases.
-  </para>
-  </refsection>
-
-  <refsection>
-    <title>Files</title>
-    <para><filename>/etc/pki/nssdb/secmod.db</filename></para>
-  </refsection>
-
-  <refsection>
-    <title>See also</title>
-    <para>modutil(1), cert8.db(5), cert9.db(5), key3.db(5), key4.db(5), pkcs11.txt(5)</para>
-  </refsection>
-
-  <refsection id="authors">
-    <title>Authors</title>
-    <para>The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google.</para>
-    <para>Authors: Elio Maldonado &lt;emaldona@redhat.com>.</para>
-  </refsection>
-
-<!-- don't change -->
-  <refsection id="license">
-    <title>LICENSE</title>
-    <para>Licensed under the Mozilla Public License, v. 2.0.  If a copy of the MPL was not distributed with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
-    </para>
-
-  </refsection>
-
-
-</refentry>
diff --git a/sources b/sources
index ee7146c..8d9b1e3 100644
--- a/sources
+++ b/sources
@@ -1,7 +1,4 @@
-SHA512 (blank-cert8.db) = ac131d15708c5f1b5e467831f919f4fc4ba13b60a4bb5fe260c845fa9afcd899a588d21ed52060abaa1bbb29f2b53af8b495d28407183cb03aff1974f95f1d3d
 SHA512 (blank-cert9.db) = 2f8eab4c0612210ee47db8a3a80c1b58a0b43849551af78c7da403fda3e3d4e7757838061ae56ccf5aac335cb54f254f0a9e6e9c0dd5920b4155a39264525b06
-SHA512 (blank-key3.db) = 01f7314e9fc8a7c9aa997652624cfcde213d18a6b3bb31840c1a60bbd662e56b5bc3221d13874abb42ce78163b225a6dfce2e1326cf6dd29366ad9c28ba5a71c
 SHA512 (blank-key4.db) = 8fedae93af7163da23fe9492ea8e785a44c291604fa98e58438448efb69c85d3253fc22b926d5c3209c62e58a86038fd4d78a1c4c068bc00600a7f3e5382ebe7
-SHA512 (blank-secmod.db) = 06a2dbd861839ef6315093459328b500d3832333a34b30e6fac4a2503af337f014a4d319f0f93322409e719142904ce8bc08252ae9a4f37f30d4c3312e900310
 SHA512 (nspr-4.32.tar.gz) = da9b65b374783d20a2e589211b411816d899e296e91175d376e59df1919144c1808c155a234d6ceefdf7b8ae8f47cec98d92a5aa3150a579513251860e50dcb7
 SHA512 (nss-3.71.tar.gz) = a4a724dc4e8677965b6245ea2309790d31ec7719658e2b349eb67c9008082132c76277340d15e4fdd8d2fe1f560ae6803fb038d023c3dfd2e3772fa3b77720e2