The Chromium browser is using NSS on Linux. Chromium has been using NSS without databases (NSS_NoDB_Init), but it's time for Chromium to use NSS with databases (NSS_InitReadWrite) so that it can support the addition of root CA certificates and SSL client authentication. Most of the Linux Chromium developers develop on Ubuntu 8.04, the latest Ubuntu long-term support (LTS) release. The system NSS in Ubuntu 8.04 is NSS 126.96.36.199. I need to tell the Linux Chromium developers how to initialize NSS (http://bugs.chromium.org/12348). Based on the info in https://wiki.mozilla.org/NSS_Shared_DB_And_LINUX, I advised them to use ~/.pki/nssdb. The patch is being reviewed at http://codereview.chromium.org/115626. But there is a document http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html that suggests using ~/.config for user-specific configuration files. Chromium follows that standard and stores its configuration files in ~/.config/chromium. If NSS follows that standard, the NSS databases should be stored in ~/.config/pki/nssdb. But I'm not sure if that standard has been widely adopted. So, should the user-specific NSS shared databases be stored in ~/.pki/nssdb or ~/.config/pki/nssdb? Note that Chromium can't use /etc/pki/nssdb yet because it has to use the system NSS (188.8.131.52) in Ubuntu 8.04.
Summary: Determine the location of user-specific NSS shared databases on Linux → Decide the location of user-specific NSS shared databases on Linux
Perhaps NSS can place a shortcut from ~/.pki/nssdb to ~/.config/pki/nssdb for max. compatibility. BTW, I find /etc/pki64/nssdb rather odd. How about /etc/pki/nssdb64? Is this needed at all, isn't the DB architecture neutral? It would certainly break some RH based implementations. Or perhaps the system wide DB shouldn't be in /etc at all, instead somewhere in /usr/share or /var/lib.
Looking at recent developments, i.e. package nss-sysinit in Fedora Linux, I think the defaults have been decided. /etc/pki/nssdb/ and $USER/.pki/nssdb/
Assignee: kaie → nobody
FWIW, chrome/chromium also uses $HOME/.pki/nssdb for its nss database.
Sorry for the pointless message, that was in comment 0.
I propose to mark this resolved fixed. If I understand correctly, chrome appears to use the ~/.pki/nssdb directory now, too.
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.