Closed Bug 66603 Opened 24 years ago Closed 21 years ago

Signtool insists on only using cert7.db in $HOME/.netscape directory

Categories

(NSS :: Tools, defect, P2)

Product:
NSS
Component:
Tools
Platform:
Sun
Solaris
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: arshad.noor, Assigned: kirk.erickson)

Details

When attempting to verify a signed jar file using signtool, it is not
possible to tell signtool that the cert7.db is in another directory.
It keeps insisting on using $HOME/.netscape (which is not desired).

We want to sign software that will allow customers to verify the jar
file with just the issuing CA's certificate in the cert7.db in a well
known location (without having the verifier to require having a 
$HOME/.netscape directory)

Reproducible: Always
Steps to Reproduce:
1.  Use an object signing certificate to sign a file.
2.  Move the cert7.db file to another directory (tmp2, for example)
3.  From the command line, type in signtool -v jarfile.jar

Actual Results:  You will see output such as follows:

$ sophia:/home/anoor> signtool -v jarfile.jar         
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave

If you type in signtool -v -d tmp2 jarfile.jar, you see:

$ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar
warning: unrecognized option: tmp2
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave



Expected Results:  
Like certutil and keyutil, I was hoping that signtool would recognize
the -d option for specifying database file location, instead of requiring
them to be in $HOME/.netscape
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
marking signtool bugs as future until 3.3 plan is ready.
Assignee: wtc → mcgreer
Target Milestone: --- → Future
Technically this is a usage error. The next argument after the "-v" flag is 
supposed to be the JAR file to verify. Signtool is interpreting "-d" to be the 
name of the JAR file. I suppose we could have a nicer error message. Changing 
the argument parsing code so that you could put the JAR filename at the end 
would be more complicated.
Set Target Milestone to NSS 3.3.  Assigned the bug to
Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3
Only work on this if it's in the PRD.
Assignee: relyea → mcgreer
Target Milestone: 3.3 → 3.4
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Set target milestone to NSS 3.5.
Target Milestone: 3.4 → 3.5
Assigned the bug to Kirk.  Target NSS 3.7.
Assignee: ian.mcgreer → kirk.erickson
Target Milestone: 3.5 → 3.7
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
Target Milestone: --- → Future
Target Milestone: Future → ---
The first command line does not specify '-d <dbdir>' which is clearly
required to change the default $HOME/.netscape:

$ sophia:/home/anoor> signtool -v jarfile.jar
signtool: No certificate database in "/home/anoor/.netscape"

Jamie identified the problem with the second command line:

$ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar
warning: unrecognized option: tmp2
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave

This is also a pilot error. The '-v' needs 'jarfile.jar'.
Running 'signtool -v' indicates the argument is required, as
well as the usage information.

I verified this works, and apparently yields the desired 
behavior:

    ke119340@iws-files[28] signtool -v it.jar -d dbdir
    using certificate directory: dbdir

WORKSFORME.
Closing
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.