Last Comment Bug 66603 - Signtool insists on only using cert7.db in $HOME/.netscape directory
: Signtool insists on only using cert7.db in $HOME/.netscape directory
Status: RESOLVED WORKSFORME
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: unspecified
: Sun Solaris
: P2 normal (vote)
: ---
Assigned To: Kirk Erickson
: Bishakha Banerjee
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2001-01-25 17:37 PST by Arshad Noor
Modified: 2003-06-05 22:37 PDT (History)
3 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Arshad Noor 2001-01-25 17:37:35 PST
When attempting to verify a signed jar file using signtool, it is not
possible to tell signtool that the cert7.db is in another directory.
It keeps insisting on using $HOME/.netscape (which is not desired).

We want to sign software that will allow customers to verify the jar
file with just the issuing CA's certificate in the cert7.db in a well
known location (without having the verifier to require having a 
$HOME/.netscape directory)

Reproducible: Always
Steps to Reproduce:
1.  Use an object signing certificate to sign a file.
2.  Move the cert7.db file to another directory (tmp2, for example)
3.  From the command line, type in signtool -v jarfile.jar

Actual Results:  You will see output such as follows:

$ sophia:/home/anoor> signtool -v jarfile.jar         
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave

If you type in signtool -v -d tmp2 jarfile.jar, you see:

$ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar
warning: unrecognized option: tmp2
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave



Expected Results:  
Like certutil and keyutil, I was hoping that signtool would recognize
the -d option for specifying database file location, instead of requiring
them to be in $HOME/.netscape
Comment 1 Keyser Sose 2001-01-28 14:38:22 PST
Marking NEW.
Comment 2 Ian McGreer 2001-01-29 08:24:39 PST
marking signtool bugs as future until 3.3 plan is ready.
Comment 3 Jamie Nicolson 2001-01-29 17:51:16 PST
Technically this is a usage error. The next argument after the "-v" flag is 
supposed to be the JAR file to verify. Signtool is interpreting "-d" to be the 
name of the JAR file. I suppose we could have a nicer error message. Changing 
the argument parsing code so that you could put the JAR filename at the end 
would be more complicated.
Comment 4 Wan-Teh Chang 2001-02-27 15:51:20 PST
Set Target Milestone to NSS 3.3.  Assigned the bug to
Bob for evaluation.
Comment 5 Robert Relyea 2001-04-24 14:31:15 PDT
Only work on this if it's in the PRD.
Comment 6 Wan-Teh Chang 2002-04-25 16:34:27 PDT
Changed the QA contact to Bishakha.
Comment 7 Wan-Teh Chang 2002-05-08 17:06:48 PDT
Set target milestone to NSS 3.5.
Comment 8 Wan-Teh Chang 2002-10-01 14:04:24 PDT
Assigned the bug to Kirk.  Target NSS 3.7.
Comment 9 Wan-Teh Chang 2002-12-06 11:14:05 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 10 Nelson Bolyard (seldom reads bugmail) 2003-05-09 21:17:15 PDT
Remove target milestone of 3.8, since these bugs didn't get into that release.
Comment 11 Kirk Erickson 2003-05-19 00:06:18 PDT
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
Comment 12 Kirk Erickson 2003-06-05 22:37:47 PDT
The first command line does not specify '-d <dbdir>' which is clearly
required to change the default $HOME/.netscape:

$ sophia:/home/anoor> signtool -v jarfile.jar
signtool: No certificate database in "/home/anoor/.netscape"

Jamie identified the problem with the second command line:

$ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar
warning: unrecognized option: tmp2
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave

This is also a pilot error. The '-v' needs 'jarfile.jar'.
Running 'signtool -v' indicates the argument is required, as
well as the usage information.

I verified this works, and apparently yields the desired 
behavior:

    ke119340@iws-files[28] signtool -v it.jar -d dbdir
    using certificate directory: dbdir

WORKSFORME.
Closing

Note You need to log in before you can comment on or make changes to this bug.