From d92474d3e5dc6a13bbd58554b3c3800d75d5451f Mon Sep 17 00:00:00 2001
From: rcritten <rcritten@fedoraproject.org>
Date: Jun 19 2008 02:44:51 +0000
Subject: Need to fix ownership and permissions of the NSS database as well so init

    after fork will work.

---

diff --git a/mod_nss.spec b/mod_nss.spec
index 4fdb684..d75aea4 100644
--- a/mod_nss.spec
+++ b/mod_nss.spec
@@ -1,6 +1,6 @@
 Name: mod_nss
 Version: 1.0.7
-Release: 3%{?dist}
+Release: 4%{?dist}
 Summary: SSL/TLS module for the Apache HTTP server
 Group: System Environment/Daemons
 License: Apache Software License
@@ -70,7 +70,7 @@ install -m 644 nss.conf $RPM_BUILD_ROOT%{_sysconfdir}/httpd/conf.d/
 install -m 755 .libs/libmodnss.so $RPM_BUILD_ROOT%{_libdir}/httpd/modules/
 install -m 755 nss_pcache $RPM_BUILD_ROOT%{_sbindir}/
 install -m 755 gencert $RPM_BUILD_ROOT%{_sbindir}/
-ln -s ../../..%{_libdir}/libnssckbi.so $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/
+ln -s ../../../%{_libdir}/libnssckbi.so $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/
 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/secmod.db
 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/cert8.db
 touch $RPM_BUILD_ROOT%{_sysconfdir}/httpd/alias/key3.db
@@ -91,6 +91,10 @@ if [ "$1" -eq 1 ] ; then
         echo "%{name} certificate database generated."
         echo ""
     fi
+
+    # Make sure that the database ownership is setup properly.
+    find /etc/httpd/alias -user root -name "*.db" -exec /bin/chgrp apache {} \;
+    find /etc/httpd/alias -user root -name "*.db" -exec /bin/chmod g+r {} \;
 fi
 
 %files
@@ -99,15 +103,19 @@ fi
 %config(noreplace) %{_sysconfdir}/httpd/conf.d/nss.conf
 %{_libdir}/httpd/modules/libmodnss.so
 %dir %{_sysconfdir}/httpd/alias/
-%ghost %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db
-%ghost %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db
-%ghost %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db
+%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/secmod.db
+%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/cert8.db
+%ghost %attr(0640,root,apache) %config(noreplace) %{_sysconfdir}/httpd/alias/key3.db
 %ghost %config(noreplace) %{_sysconfdir}/httpd/alias/install.log
 %{_sysconfdir}/httpd/alias/libnssckbi.so
 %{_sbindir}/nss_pcache
 %{_sbindir}/gencert
 
 %changelog
+* Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> 1.0.7-4
+- Need to fix ownership and permissions of the NSS database as well so
+  init after fork will work.
+
 * Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> 1.0.7-3
 - Apply patch so that mod_nss calls NSS_Init() after Apache forks a child
   and not before. This is in response to a change in the NSS softtokn code