Hi Wolfgang. On Do 04 Apr 2019 17:18:38 CEST, Wolfgang Schweer wrote:
On Thu, Apr 04, 2019 at 01:03:50PM +0000, Mike Gabriel wrote:Feel free to keep this bug open for bullseye, so we can re-discuss this approach or close it.Yes, let's consider this for bullseye.
Yep.
Just for the record: [ pkcs11.txt ] On a 64-bit PC Buster system this is working ok:library=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so name=PKCS#11 Trust Module NSS=trustOrder=100
Nice.
To get it working for a mixed 64-bit / 32-bit setup this content seems to work: library=/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so library=/usr/lib/i386-linux-gnu/pkcs11/p11-kit-trust.so name=PKCS#11 Trust Module NSS=trustOrder=100
Nice add-on information.
For already existing accounts:
[ Firefox-ESR ]
Checking the existence and then removing
~/.mozilla/firefox/debian-edu.default/{cert8.db,key3.db,cert9.db,key4.db}
after replacing the exsting pkcs11.txt file seems to work.
That is not necessary IMHO. If pkcs11.txt exists, the above text config block needs to be appended to it. If it does not exist, copying over the above pkcs11.txt is sufficient.
[ Thunderbird ]
Similar to Firefox-ESR; location:
~/.thunderbird/debian-edu.default/{cert8.db,key3.db,cert9.db,key4.db}
Same here. The .db files can stay. If pkcs11.txt exists, append the above config block.
[ Chromium, Konqueror, and others using PKI ]
Check the existence and then remove
~/.pki/{cert9.db,key4.db}
after replacing the exsting pkcs11.txt file
Same here. Again, not replacing pkcs11.txt, but appending to it, if it exists. The .db files can stay.
Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Attachment:
pgp5RqFJNYAJN.pgp
Description: Digitale PGP-Signatur