Closed Bug 66603 Opened 25 years ago Closed 22 years ago

Signtool insists on only using cert7.db in $HOME/.netscape directory

Categories

(NSS :: Tools, defect, P2)

Product:
NSS
Component:
Tools
Platform:
Sun
Solaris
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: arshad.noor, Assigned: kirk.erickson)

Details

When attempting to verify a signed jar file using signtool, it is not possible to tell signtool that the cert7.db is in another directory. It keeps insisting on using $HOME/.netscape (which is not desired). We want to sign software that will allow customers to verify the jar file with just the issuing CA's certificate in the cert7.db in a well known location (without having the verifier to require having a $HOME/.netscape directory) Reproducible: Always Steps to Reproduce: 1. Use an object signing certificate to sign a file. 2. Move the cert7.db file to another directory (tmp2, for example) 3. From the command line, type in signtool -v jarfile.jar Actual Results: You will see output such as follows: $ sophia:/home/anoor> signtool -v jarfile.jar signtool: No certificate database in "/home/anoor/.netscape" signtool: Check the -d arguments that you gave If you type in signtool -v -d tmp2 jarfile.jar, you see: $ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar warning: unrecognized option: tmp2 signtool: No certificate database in "/home/anoor/.netscape" signtool: Check the -d arguments that you gave Expected Results: Like certutil and keyutil, I was hoping that signtool would recognize the -d option for specifying database file location, instead of requiring them to be in $HOME/.netscape
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
marking signtool bugs as future until 3.3 plan is ready.
Assignee: wtc → mcgreer
Target Milestone: --- → Future
Technically this is a usage error. The next argument after the "-v" flag is supposed to be the JAR file to verify. Signtool is interpreting "-d" to be the name of the JAR file. I suppose we could have a nicer error message. Changing the argument parsing code so that you could put the JAR filename at the end would be more complicated.
Set Target Milestone to NSS 3.3. Assigned the bug to Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3
Only work on this if it's in the PRD.
Assignee: relyea → mcgreer
Target Milestone: 3.3 → 3.4
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Set target milestone to NSS 3.5.
Target Milestone: 3.4 → 3.5
Assigned the bug to Kirk. Target NSS 3.7.
Assignee: ian.mcgreer → kirk.erickson
Target Milestone: 3.5 → 3.7
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Not likely to get to this in the 3.9 timeframe. Set Target Milestone to Future.
Target Milestone: --- → Future
Target Milestone: Future → ---
The first command line does not specify '-d <dbdir>' which is clearly required to change the default $HOME/.netscape: $ sophia:/home/anoor> signtool -v jarfile.jar signtool: No certificate database in "/home/anoor/.netscape" Jamie identified the problem with the second command line: $ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar warning: unrecognized option: tmp2 signtool: No certificate database in "/home/anoor/.netscape" signtool: Check the -d arguments that you gave This is also a pilot error. The '-v' needs 'jarfile.jar'. Running 'signtool -v' indicates the argument is required, as well as the usage information. I verified this works, and apparently yields the desired behavior: ke119340@iws-files[28] signtool -v it.jar -d dbdir using certificate directory: dbdir WORKSFORME. Closing
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.