Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1648351
Summary: | certutil -N returns error code 1 on success | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christian Heimes <cheimes> |
Component: | nss | Assignee: | Daiki Ueno <dueno> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 29 | CC: | dueno, elio.maldonado.batiz, kdudka, kengert, ssorce |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | nss-3.43.0-2.fc30 nss-3.44.0-2.fc29 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-05-10 00:47:30 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christian Heimes
2018-11-09 13:51:09 UTC
It might be related to PKCS#11. After I unplugged my Yubikey, certutil is no longer failing. Confirmed, the problem is triggered by my Yubikey NEO and gpg-agent. As soon as gpg-agent process uses my Yubikey for ssh authentication, certutil fails with error code 1. Reproducer: * configure a Yubikey NEO to have three GPG keys * use gpg-agent as ssh-agent * ssh into another machine using the GPG identity key on the Yubikey NEO * create a new NSS database with certutil -N -> certutil exits with error code 1, probably in NSS_shutdown() call. * kill gpg-agent * create a new NSS database with certutil -N -> certutil exits with error code 0 This problem popped up today after I upgraded from F28 to F29. I never had any issues with Yubikey and gpg-agent integration on F28. gdb reveals that SECMOD_Shutdown() is failing because it still sees one private module loaded: Breakpoint 1, SECMOD_Shutdown () at pk11util.c:47 ... 91 if (secmod_PrivateModuleCount) { (gdb) n 92 PORT_SetError(SEC_ERROR_BUSY); (gdb) n 93 return SECFailure; (gdb) p secmod_PrivateModuleCount $1 = 1 Daiki, can we get this addressed soonest? It is blocking IdM team development in many cases. nss-3.43.0-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-8584d9df0c nss-3.43.0-2.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f540724f6 nss-3.43.0-2.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f540724f6 nss-3.43.0-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-8584d9df0c nss-3.43.0-2.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report. nss-3.44.0-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2f5e10754 nss-3.44.0-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e2f5e10754 nss-3.44.0-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. |