#162 Update #117 - NSS & SQLite
Merged 5 years ago by pbokoc. Opened 5 years ago by rkratky.
fedora-docs/ rkratky/release-notes i117-nss-sqlite  into  f28

file modified
+10 -2
@@ -20,15 +20,23 @@ 

  

  == NSS uses SQL as default file format

  

- In Fedora 28, the default file format used by the *NSS* library is changed to SQL. Unlike the previously used format, DBM, the SQL format allows parallel access to storage. This is particularly important for situations when the user wants to modify NSS storage while another concurrently running process, such as a daemon, accesses the database location at the same time. The use of the SQL format prevents data corruption in such cases.

+ In Fedora 28, the default file format used by the *NSS* library is changed to SQL.

  

- All applications that currently use the DBM file format will be automatically migrated to the SQL file format on their first run. Use the following command to trigger an explicit migration:

+ The Network Security Services (NSS) library, which is used by Mozilla Firefox, Gnome Evolution, Mozilla Thunderbird, and other applications, changed its default database format for storing keys, certificates, and trust information. The new database format is based on SQlite and uses the filenames `cert9.db`, `key4.db`, and `pkcs11.txt`. The previous database format used Berkeyley DB (DBM) and filenames `cert8.db`, `key3.db`, and `secmod.db`.

+ 

+ The primary benefit of the SQlite storage is support for concurrent access by multiple applications. When using the previous default file format based on DBM, accidental concurrent access could result in corrupted storage.

+ 

+ Unless an application explicitly requests either the DBM or SQL format, the NSS library will automatically migrate the application's NSS database from the old to the new format. The old database files will not be updated further. Most users should not experience differences in operation. Applications that perform many NSS read/write operations may experience a minor performance decrease. Use the following command to trigger an explicit migration:

  

  ----

  certutil -d sql:</path/to/database> -N -f </path/to/database/password/file> \

                                         -@ </path/to/database/password/file>

  ----

  

+ Users who store their system home or application data directory on a network filesystem are advised to set the `NSS_SDB_USE_CACHE=yes` environment variable prior to starting applications that use NSS. Without setting this environment variable, users of network filesystems may experience a major slowdown with some applications, such as Firefox. The environment variable enables the use of a caching strategy in NSS that works around the slowness of network filesystems. Because this caching strategy causes a performance decrease on fast filesystems.

+ 

+ Additional technical details can be found in the Fedora Wiki: link:https://fedoraproject.org/wiki/Changes/NSSDefaultFileFormatSql[].

+ 

  

  == Deprecate TCP wrappers

  

no initial comment

Pull-Request has been merged by pbokoc

5 years ago
Metadata