Bug 99797

Summary: Different modifiable attribute, BEGIN TRUSTED CERTIFICATE vs [p11-kit-object-v1]
Product: p11-glue Reporter: Kai Engert <kaie>
Component: p11-kitAssignee: Stef Walter <stefw>
Status: NEW --- QA Contact:
Severity: normal    
Priority: medium CC: ueno
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Kai Engert 2017-02-13 14:47:02 UTC 
I'm using the new trust dump command for comparison purposes.

If the input to p11-kit-trust is BEGIN TRUSTED CERTIFICATE, the resulting object has
  modifiable: false

If the input is [p11-kit-object-v1], the resulting object has
  modifiable: true

Even if the attribute
  modifiable: false
is added to the [p11-kit-object-v1] input format,
the resuling object is listed as
  modifiable: true
Comment 1 Daiki Ueno 2017-02-17 15:30:36 UTC 
It seems that the behavior was introduced when p11-kit persist files gained writing support:
https://github.com/p11-glue/p11-kit/commit/96771f49dc945800ae28c77ff407753cbb995c7f

I am not sure if it is intended, but I have opened a PR that respects "modifiable" settings from the file itself:
https://github.com/p11-glue/p11-kit/pull/51

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.