I'm here becuase I followed https://ubuntu.com/tutorials/enable-smart- cards-in-snapped-browsers and got the modutil error while trying to set up Chromium
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to nss in Ubuntu. https://bugs.launchpad.net/bugs/2115561 Title: modutil Fails with SEC_ERROR_BAD_DATABASE on Ubuntu 24.04 Status in nss package in Ubuntu: Incomplete Bug description: ### Bug Report: `modutil` Fails with `SEC_ERROR_BAD_DATABASE` on Ubuntu 24.04 #### 1. Problem Description On an Ubuntu 24.04 LTS (Noble Numbat) machine with GNOME Shell 46.0, the `modutil` command (from `libnss3-tools`) consistently fails with `SEC_ERROR_BAD_DATABASE: security library: bad database.` when attempting to add the `opensc-pkcs11.so` module to the user's default NSS database (`~/.pki/nssdb`). This issue persists despite extensive troubleshooting and system-level reinstallations. The exact same software versions (NSS, OpenSC, PCSC) work correctly on a duplicate home machine running the same Ubuntu version. #### 2. Steps to Reproduce 1. Ensure `opensc` and `libnss3-tools` are installed: `sudo apt install opensc libnss3-tools` 2. Cleanly re-initialize the user's default NSS database (ensure no Firefox/Chrome/Thunderbird processes are running, as they can conflict): ```bash pkill -f firefox pkill -f chrome pkill -f thunderbird # Add if applicable mv ~/.pki/nssdb ~/.pki/nssdb_backup_$(date +%Y%m%d%H%M%S) # Backup existing mkdir -p ~/.pki/nssdb certutil -N -d ~/.pki/nssdb # Leave password blank for testing ``` (Enter `Enter` twice for password) 3. Attempt to add the OpenSC PKCS#11 module: ```bash MODUTIL_DEBUG=1 modutil -add opensc -libfile /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so -force ``` #### 3. Expected Behavior The `modutil` command should successfully add the OpenSC module to the NSS database without reporting a database error, as observed on a duplicate Ubuntu 24.04 system with identical software versions. #### 4. Actual Behavior The `modutil` command fails with the following output: `modutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.` #### 5. System Information * **Operating System:** Ubuntu 24.04 LTS (Noble Numbat) * **GNOME Shell Version:** `GNOME Shell 46.0` * **NSS Package Version:** ``` apt-cache policy libnss3 libnss3: Installed: 2:3.98-1build1 Candidate: 2:3.98-1build1 Version table: *** 2:3.98-1build1 500 500 [http://us.archive.ubuntu.com/ubuntu](http://us.archive.ubuntu.com/ubuntu) noble/main amd64 Packages 100 /var/lib/dpkg/status ``` * **Other Relevant Package Versions (identical to working home machine):** * `libnss3-tools`: `2:3.98-1build1` * `libpcsclite1`: `2.0.3-1build1` * `opensc`: `0.25.0-1ubuntu2.1` (assuming standard install) * **SELinux Status:** `disabled` (from `sestatus` output) * **`~/.pki/nssdb` Contents (after `certutil -N`):** (Example content after successful `certutil -N`, indicating `cert9.db`, `key4.db`, `pkcs11.txt`, and `secmod.db` are present with `rw-------` permissions. `secmod.db` creation was verified via `strace`.) ``` total 68 -rw------- 1 xphileprof xphileprof 28672 <date> cert9.db -rw------- 1 xphileprof xphileprof 36864 <date> key4.db -rw------- 1 xphileprof xphphileprof 508 <date> pkcs11.txt -rw------- 1 xphileprof xphileprof 12288 <date> secmod.db ``` #### 6. Crucial Diagnostic Logs These logs provide critical low-level detail about the failure. Please link to them as specified. * **Ultimate `strace` Log of `modutil` (demonstrates success of low-level ops):** * **Link:** [https://pastebin.com/DrBW3ejn](https://pastebin.com/DrBW3ejn) * **Context:** This log, generated with `strace -f -v -s 2048`, confirms: * Successful loading of `opensc-pkcs11.so` and `libpcsclite.so.1`. * Successful IPC communication with `pcscd.comm` (socket `9`) including retrieval of reader names ("Dell Dell Smart Card Reader Keyboard"). * Successful `openat`, `read`, `write`, `fsync`, `fcntl` (for locking) operations on `cert9.db`, `key4.db`, `secmod.db`, and `pkcs11.txt` within `~/.pki/nssdb` **without any kernel-level errors (all `0` return values)**. * The `SEC_ERROR_BAD_DATABASE` error is issued without any immediately preceding failing system call directly related to the database files. * **OpenSC Verbose Log (from `modutil` failure):** * **Link:** [https://pastebin.com/e5vJfhjD](https://pastebin.com/e5vJfhjD) * **Context:** This log (generated with `OPENSC_DEBUG=9 OPENSC_DRIVER=9`) initially showed `SCARD_E_NO_READERS_AVAILABLE`. This was later determined to be a misleading error at the OpenSC layer, as `strace` proved `pcscd` communication and reader enumeration were successful. * **`certutil -N` `strace` Log (confirming `secmod.db` creation):** * **Link:** [https://pastebin.com/Qb4RHdA1](https://pastebin.com/Qb4RHdA1) * **Context:** This log explicitly confirmed that `secmod.db` was successfully created and written to during the `certutil -N` operation, which resolved a previous hurdle. * **Note on NSS Internal Debugging:** Attempts to use `NSS_LOG_FILE` and `NSS_LOG_MODULES="ALL:5"` did not produce a log file, suggesting a very early or fundamental failure within NSS that prevents its logging mechanism from initializing. ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: libnss3 2:3.98-1build1 ProcVersionSignature: Ubuntu 6.8.0-62.65-generic 6.8.12 Uname: Linux 6.8.0-62-generic x86_64 NonfreeKernelModules: nvidia_modeset nvidia ApportVersion: 2.28.1-0ubuntu3.7 Architecture: amd64 CasperMD5CheckResult: unknown CurrentDesktop: ubuntu:GNOME Date: Sat Jun 28 12:16:13 2025 InstallationDate: Installed on 2018-12-26 (2376 days ago) InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725) SourcePackage: nss UpgradeStatus: Upgraded to noble on 2024-10-01 (270 days ago) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss/+bug/2115561/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
