Closed Bug 462919 Opened 11 years ago Closed 10 years ago

Override NSS database path for xulrunner application


(Core :: Security: PSM, defect)

Not set



Tracking Status
status1.9.2 --- .2-fixed
status1.9.1 --- .9-fixed


(Reporter: kaie, Assigned: kaie)



(2 files)

I'm working on an application which uses Xulrunner to modify an NSS database.

I want that application to be flexible and allow to operate on NSS databases anywhere in the system.

As of today, PSM is hardcoded to use the NSS database stored in same directory where the other Mozilla profile files live. It's obviously not a good idea to create such a Mozilla profile for each directory where an NSS database might live...

I propose to introduce an override mechanism, that allows to specify the desired NSS database directory at Mozilla/Xulrunner startup time.

This could be done as a parameter to the application or as an environment variable. Doing it as an environment variable has the advantage that it can be a change locally in the PSM module.
Attached patch Patch v1Splinter Review
This patch allows the use of a new environment variable named MOZPSM_NSSDBDIR_OVERRIDE (for: Mozilla PSM, NSS database directory override).

Bob, do you agree this is a reasonable approach, or do you have different proposals?

Description of today's behavior and the patch:

- as of today, we always pass the directory path of the Mozilla profile
  application as the NSS init path parameter

- with the patch, PSM would look for env var MOZPSM_NSSDBDIR_OVERRIDE

- if MOZPSM_NSSDBDIR_OVERRIDE is set, it will be used when calling NSS
  init. (This allows for any special syntax that NSS might allow
  as part of the init string.)

- if env variable is NOT set, will continue to use the current behavior
Attachment #346130 - Flags: review?(rrelyea)
Attachment #346130 - Flags: review?(rrelyea) → review+
Attached patch merged to trunkSplinter Review
Comment on attachment 427342 [details] [diff] [review]
merged to trunk

Kai, if you didn't generate this patch ignoring whitespace,
could you indent the original code that is now inside the
"else" body?
I've indented as proposed.
Closed: 10 years ago
Resolution: --- → FIXED
Comment on attachment 427342 [details] [diff] [review]
merged to trunk

It would help me if this gets included into the stable branches.

It shouldn't cause any harm, as the default is "environment variable not set", and when not set, the behavior is unchanged.
Attachment #427342 - Flags: approval1.9.2.2?
Attachment #427342 - Flags: approval1.9.1.9?
Kai, is there a way to pass the NSS database directory to XULRunner
using XUL?  Is a XULRunner application written entirely in XUL?
Comment on attachment 427342 [details] [diff] [review]
merged to trunk

a=beltzner for 1.9.2 and 1.9.1, though I'd really rather there be tests for this, too!
Attachment #427342 - Flags: approval1.9.2.2?
Attachment #427342 - Flags: approval1.9.2.2+
Attachment #427342 - Flags: approval1.9.1.9?
Attachment #427342 - Flags: approval1.9.1.9+

The patch does not affect the default behaviour, it provides an optional external mechanism, so I think a test is not required.
Attachment #346130 - Flags: approval1.9.0.19?
Comment on attachment 346130 [details] [diff] [review]
Patch v1

I don't think we need this on the 1.9.0 branch.
Attachment #346130 - Flags: approval1.9.0.19? → approval1.9.0.19-
Kai, is there anything for QA to verify here? If so, what do you suggest?
(In reply to comment #10)
> Kai, is there anything for QA to verify here? If so, what do you suggest?

I don't think there is a need for QA.

By default, not having the environment variable set, nobody will see a difference. It there were a difference, we would have heard complaints immediately.

And I can confirm the new feature works, I use it in this tool:
You need to log in before you can comment on or make changes to this bug.