[Opendnssec-user] Semi-Urgent: Production SoftHSM with Wrong schema version

Rickard Bellgrim rickard at opendnssec.org
Mon Jun 6 07:38:26 UTC 2011

It appears that dumping the database does not keep the pragma. You can
add it back by running this command:
sqlite3 <path to your token> "PRAGMA user_version = 100;"

I will investigate more on this issue.

// Rickard

On Sun, Jun 5, 2011 at 12:25 AM, Peter Olsson <pol at leissner.se> wrote:
> Hello!
> Some details first:
> I have less than a week to solve this problem, current
> signatures expire at 20110611.
> FreeBSD 8.1-RELEASE-p4
> OpenDNSSEC 1.2.1 (installed from FreeBSD ports)
> SoftHSM 1.2.1 (installed from FreeBSD ports)
> Two weeks ago we started using OpenDNSSEC for the main three
> production domains of a customer. No problems at all until
> today, when I upgraded sqlite3 from to
> The release notes for the sqlite3 upgrade seemed to indicate
> that it was safe, but after the upgrade and a reboot
> /usr/local/var (which I have softlinked to
> /var/named/usr/local/var because named is chrooted)
> had disappeared completely.
> I may have caused this myself since I was stupid enough not
> to stop ods-signer and ods-enforcerd during the sqlite3 upgrade.
> I restored from yesterdays backup, but now I get these errors:
> ods-enforcerd: SoftHSM: init: Wrong database schema version: /usr/local/var/softhsm/slot0.db
> ods-enforcerd: hsm_get_slot_id(): could not find token with the name OpenDNSSEC
> ods-signerd: SoftHSM: init: Wrong database schema version: /usr/local/var/softhsm/slot0.db
> ods-signerd: setup failed: error initializing libhsm (errno 268435457)
> ods-signerd: signer engine setup failed
> ods-signerd: shutdown signer engine
> I tried reverting to version of sqlite3, but I get the
> same errors whatever I do now. I have compared the dump of the
> current slot0.db with dumps from backuped slot0.db, and they
> have no diffs.
> If I understand lib/SoftDatabase.cpp in SoftHSM source correctly
> the cause of the error is that there should be a
> PRAGMA user_version=100;
> or something like that in the SoftHSM db. But the only PRAGMA
> I have in there, even in the old backups, is
> PRAGMA foreign_keys=OFF;
> My first idea is to enter a PRAGMA user_version into slot0.db,
> but since I don't know if that will solve the problem and also
> I'm no good at SQL, I'm not trying that right now. If anyone can
> confirm that this is the solution and give me the steps to fix it
> I would be very grateful.
> Otherwise I guess I'll have to reset the SoftHSM database,
> but I don't know how to export current keys from slot0.db
> when I can't start the SoftHSM application.
> Starting from scratch with fresh keys is the least preferred
> solution.
> Any ideas are welcome!
> Thanks!
> --
> Peter Olsson                    pol at leissner.se
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

More information about the Opendnssec-user mailing list