[PR #6732] [MERGED] profiles: remove mkdir ~/.pki #6143

New issue

Closed

opened 2026-05-05 10:51:33 -06:00 by gitea-mirror · 0 comments

gitea-mirror commented

2026-05-05 10:51:33 -06:00

Owner

📋 Pull Request Information

Original PR: https://github.com/netblue30/firejail/pull/6732
Author: @kmk3
Created: 5/2/2025
Status: ✅ Merged
Merged: 5/4/2025
Merged by: @kmk3

Base: master ← Head: remove-mkdir-pki

📝 Commits (1)

39438e8 profiles: remove mkdir ~/.pki

📊 Changes

9 files changed (+0 additions, -9 deletions)

View changed files

📝 etc/profile-a-l/chromium-common.profile (+0 -1)
📝 etc/profile-a-l/ephemeral.profile (+0 -1)
📝 etc/profile-a-l/ferdi.profile (+0 -1)
📝 etc/profile-a-l/firefox-common.profile (+0 -1)
📝 etc/profile-a-l/franz.profile (+0 -1)
📝 etc/profile-m-z/midori.profile (+0 -1)
📝 etc/profile-m-z/otter-browser.profile (+0 -1)
📝 etc/profile-m-z/rambox.profile (+0 -1)
📝 etc/profile-m-z/seamonkey.profile (+0 -1)

📄 Description

To reduce clutter in the user home.

This appears to be a legacy path and the relevant profiles already
create an XDG path as well:

mkdir ${HOME}/.local/share/pki

From nss 3.111[1]:

/**
 * Return the path to user's NSS database.
 * We search in the following dirs in order:
 * (1) $HOME/.pki/nssdb;
 * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set;
 * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value).
 * If (1) does not exist, then the returned dir will be set to either
 * (2) or (3), depending if XDG_DATA_HOME is set.
 */

The XDG path has apparently been supported since nss 3.42, which was
released on 2019-01-25[2] [3] [4].

Misc: The original path was first added on commit 3a71eb2af ("added
mkdir in all whitelisted profiles", 2016-02-18) and the XDG path was
first added on commit 63c35052b ("Add '$HOME/.local/share/pki' to
blacklist", 2019-02-03).

Relates to #4262.

[1] https://github.com/nss-dev/nss/blob/NSS_3_111_RTM/lib/sysinit/nsssysinit.c#L64-L72
[2] https://github.com/nss-dev/nss/blob/NSS_3_42_RTM/lib/sysinit/nsssysinit.c#L65-L73
[3] 7f21d4f497
[4] https://github.com/nss-dev/nss/releases/tag/NSS_3_42_RTM

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/netblue30/firejail/pull/6732 **Author:** [@kmk3](https://github.com/kmk3) **Created:** 5/2/2025 **Status:** ✅ Merged **Merged:** 5/4/2025 **Merged by:** [@kmk3](https://github.com/kmk3) **Base:** `master` ← **Head:** `remove-mkdir-pki` --- ### 📝 Commits (1) - [`39438e8`](https://github.com/netblue30/firejail/commit/39438e86ca0f4c7e68afed28381e6d0d2e8f1ca4) profiles: remove mkdir ~/.pki ### 📊 Changes **9 files changed** (+0 additions, -9 deletions) <details> <summary>View changed files</summary> 📝 `etc/profile-a-l/chromium-common.profile` (+0 -1) 📝 `etc/profile-a-l/ephemeral.profile` (+0 -1) 📝 `etc/profile-a-l/ferdi.profile` (+0 -1) 📝 `etc/profile-a-l/firefox-common.profile` (+0 -1) 📝 `etc/profile-a-l/franz.profile` (+0 -1) 📝 `etc/profile-m-z/midori.profile` (+0 -1) 📝 `etc/profile-m-z/otter-browser.profile` (+0 -1) 📝 `etc/profile-m-z/rambox.profile` (+0 -1) 📝 `etc/profile-m-z/seamonkey.profile` (+0 -1) </details> ### 📄 Description To reduce clutter in the user home. This appears to be a legacy path and the relevant profiles already create an XDG path as well: mkdir ${HOME}/.local/share/pki From nss 3.111[1]: /** * Return the path to user's NSS database. * We search in the following dirs in order: * (1) $HOME/.pki/nssdb; * (2) $XDG_DATA_HOME/pki/nssdb if XDG_DATA_HOME is set; * (3) $HOME/.local/share/pki/nssdb (default XDG_DATA_HOME value). * If (1) does not exist, then the returned dir will be set to either * (2) or (3), depending if XDG_DATA_HOME is set. */ The XDG path has apparently been supported since nss 3.42, which was released on 2019-01-25[2] [3] [4]. Misc: The original path was first added on commit 3a71eb2af ("added mkdir in all whitelisted profiles", 2016-02-18) and the XDG path was first added on commit 63c35052b ("Add '$HOME/.local/share/pki' to blacklist", 2019-02-03). Relates to #4262. [1] https://github.com/nss-dev/nss/blob/NSS_3_111_RTM/lib/sysinit/nsssysinit.c#L64-L72 [2] https://github.com/nss-dev/nss/blob/NSS_3_42_RTM/lib/sysinit/nsssysinit.c#L65-L73 [3] https://github.com/nss-dev/nss/commit/7f21d4f49716d9f0c18123ca8c1330671e67ec7c [4] https://github.com/nss-dev/nss/releases/tag/NSS_3_42_RTM --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

gitea-mirror

2026-05-05 10:51:33 -06:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#6143

No description provided.

Rows
Columns