Override NSS database path for xulrunner application

RESOLVED FIXED

Status

()

Core
Security: PSM
RESOLVED FIXED
9 years ago
7 years ago

People

(Reporter: kaie, Assigned: kaie)

Tracking

Trunk
x86
Linux
Points:
---

Firefox Tracking Flags

(status1.9.2 .2-fixed, status1.9.1 .9-fixed)

Details

Attachments

(2 attachments)

(Assignee)

Description

9 years ago
I'm working on an application which uses Xulrunner to modify an NSS database.

I want that application to be flexible and allow to operate on NSS databases anywhere in the system.

As of today, PSM is hardcoded to use the NSS database stored in same directory where the other Mozilla profile files live. It's obviously not a good idea to create such a Mozilla profile for each directory where an NSS database might live...

I propose to introduce an override mechanism, that allows to specify the desired NSS database directory at Mozilla/Xulrunner startup time.

This could be done as a parameter to the application or as an environment variable. Doing it as an environment variable has the advantage that it can be a change locally in the PSM module.
(Assignee)

Comment 1

9 years ago
Created attachment 346130 [details] [diff] [review]
Patch v1


This patch allows the use of a new environment variable named MOZPSM_NSSDBDIR_OVERRIDE (for: Mozilla PSM, NSS database directory override).

Bob, do you agree this is a reasonable approach, or do you have different proposals?

Description of today's behavior and the patch:

- as of today, we always pass the directory path of the Mozilla profile
  application as the NSS init path parameter

- with the patch, PSM would look for env var MOZPSM_NSSDBDIR_OVERRIDE

- if MOZPSM_NSSDBDIR_OVERRIDE is set, it will be used when calling NSS
  init. (This allows for any special syntax that NSS might allow
  as part of the init string.)

- if env variable is NOT set, will continue to use the current behavior
Attachment #346130 - Flags: review?(rrelyea)

Updated

9 years ago
Attachment #346130 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 2

7 years ago
Created attachment 427342 [details] [diff] [review]
merged to trunk

Comment 3

7 years ago
Comment on attachment 427342 [details] [diff] [review]
merged to trunk

Kai, if you didn't generate this patch ignoring whitespace,
could you indent the original code that is now inside the
"else" body?
(Assignee)

Comment 4

7 years ago
I've indented as proposed.

http://hg.mozilla.org/mozilla-central/rev/77dab2533801
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

7 years ago
Comment on attachment 427342 [details] [diff] [review]
merged to trunk

It would help me if this gets included into the stable branches.

It shouldn't cause any harm, as the default is "environment variable not set", and when not set, the behavior is unchanged.
Attachment #427342 - Flags: approval1.9.2.2?
Attachment #427342 - Flags: approval1.9.1.9?

Comment 6

7 years ago
Kai, is there a way to pass the NSS database directory to XULRunner
using XUL?  Is a XULRunner application written entirely in XUL?
Comment on attachment 427342 [details] [diff] [review]
merged to trunk

a=beltzner for 1.9.2 and 1.9.1, though I'd really rather there be tests for this, too!
Attachment #427342 - Flags: approval1.9.2.2?
Attachment #427342 - Flags: approval1.9.2.2+
Attachment #427342 - Flags: approval1.9.1.9?
Attachment #427342 - Flags: approval1.9.1.9+
(Assignee)

Comment 8

7 years ago
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/142ec4e82778
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/f3151d415275

The patch does not affect the default behaviour, it provides an optional external mechanism, so I think a test is not required.
status1.9.1: --- → .9-fixed
status1.9.2: --- → .2-fixed
(Assignee)

Updated

7 years ago
Attachment #346130 - Flags: approval1.9.0.19?
Comment on attachment 346130 [details] [diff] [review]
Patch v1

I don't think we need this on the 1.9.0 branch.
Attachment #346130 - Flags: approval1.9.0.19? → approval1.9.0.19-
Kai, is there anything for QA to verify here? If so, what do you suggest?
(Assignee)

Comment 11

7 years ago
(In reply to comment #10)
> Kai, is there anything for QA to verify here? If so, what do you suggest?

I don't think there is a need for QA.

By default, not having the environment variable set, nobody will see a difference. It there were a difference, we would have heard complaints immediately.

And I can confirm the new feature works, I use it in this tool:
https://fedorahosted.org/nss-gui/
You need to log in before you can comment on or make changes to this bug.