Closed
Bug 66603
Opened 24 years ago
Closed 21 years ago
Signtool insists on only using cert7.db in $HOME/.netscape directory
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: arshad.noor, Assigned: kirk.erickson)
Details
When attempting to verify a signed jar file using signtool, it is not possible to tell signtool that the cert7.db is in another directory. It keeps insisting on using $HOME/.netscape (which is not desired). We want to sign software that will allow customers to verify the jar file with just the issuing CA's certificate in the cert7.db in a well known location (without having the verifier to require having a $HOME/.netscape directory) Reproducible: Always Steps to Reproduce: 1. Use an object signing certificate to sign a file. 2. Move the cert7.db file to another directory (tmp2, for example) 3. From the command line, type in signtool -v jarfile.jar Actual Results: You will see output such as follows: $ sophia:/home/anoor> signtool -v jarfile.jar signtool: No certificate database in "/home/anoor/.netscape" signtool: Check the -d arguments that you gave If you type in signtool -v -d tmp2 jarfile.jar, you see: $ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar warning: unrecognized option: tmp2 signtool: No certificate database in "/home/anoor/.netscape" signtool: Check the -d arguments that you gave Expected Results: Like certutil and keyutil, I was hoping that signtool would recognize the -d option for specifying database file location, instead of requiring them to be in $HOME/.netscape
Comment 2•24 years ago
|
||
marking signtool bugs as future until 3.3 plan is ready.
Assignee: wtc → mcgreer
Target Milestone: --- → Future
Comment 3•24 years ago
|
||
Technically this is a usage error. The next argument after the "-v" flag is supposed to be the JAR file to verify. Signtool is interpreting "-d" to be the name of the JAR file. I suppose we could have a nicer error message. Changing the argument parsing code so that you could put the JAR filename at the end would be more complicated.
Comment 4•24 years ago
|
||
Set Target Milestone to NSS 3.3. Assigned the bug to Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3
Updated•23 years ago
|
Target Milestone: 3.3 → 3.4
Comment 6•22 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Comment 8•22 years ago
|
||
Assigned the bug to Kirk. Target NSS 3.7.
Assignee: ian.mcgreer → kirk.erickson
Target Milestone: 3.5 → 3.7
Comment 9•22 years ago
|
||
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Comment 10•21 years ago
|
||
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Assignee | ||
Comment 11•21 years ago
|
||
Not likely to get to this in the 3.9 timeframe. Set Target Milestone to Future.
Target Milestone: --- → Future
Assignee | ||
Updated•21 years ago
|
Target Milestone: Future → ---
Assignee | ||
Comment 12•21 years ago
|
||
The first command line does not specify '-d <dbdir>' which is clearly required to change the default $HOME/.netscape: $ sophia:/home/anoor> signtool -v jarfile.jar signtool: No certificate database in "/home/anoor/.netscape" Jamie identified the problem with the second command line: $ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar warning: unrecognized option: tmp2 signtool: No certificate database in "/home/anoor/.netscape" signtool: Check the -d arguments that you gave This is also a pilot error. The '-v' needs 'jarfile.jar'. Running 'signtool -v' indicates the argument is required, as well as the usage information. I verified this works, and apparently yields the desired behavior: ke119340@iws-files[28] signtool -v it.jar -d dbdir using certificate directory: dbdir WORKSFORME. Closing
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•