Bug 99797 - Different modifiable attribute, BEGIN TRUSTED CERTIFICATE vs [p11-kit-object-v1]
Summary: Different modifiable attribute, BEGIN TRUSTED CERTIFICATE vs [p11-kit-object-v1]
Status: NEW
Alias: None
Product: p11-glue
Classification: Unclassified
Component: p11-kit (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Stef Walter
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-02-13 14:47 UTC by Kai Engert
Modified: 2017-02-17 15:30 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments

Description Kai Engert 2017-02-13 14:47:02 UTC
I'm using the new trust dump command for comparison purposes.

If the input to p11-kit-trust is BEGIN TRUSTED CERTIFICATE, the resulting object has
  modifiable: false

If the input is [p11-kit-object-v1], the resulting object has
  modifiable: true

Even if the attribute
  modifiable: false
is added to the [p11-kit-object-v1] input format,
the resuling object is listed as
  modifiable: true
Comment 1 Daiki Ueno 2017-02-17 15:30:36 UTC
It seems that the behavior was introduced when p11-kit persist files gained writing support:
https://github.com/p11-glue/p11-kit/commit/96771f49dc945800ae28c77ff407753cbb995c7f

I am not sure if it is intended, but I have opened a PR that respects "modifiable" settings from the file itself:
https://github.com/p11-glue/p11-kit/pull/51


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.