Signtool insists on only using cert7.db in $HOME/.netscape directory

RESOLVED WORKSFORME

Status

NSS
Tools
P2
normal
RESOLVED WORKSFORME
17 years ago
14 years ago

People

(Reporter: Arshad Noor, Assigned: Kirk Erickson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
When attempting to verify a signed jar file using signtool, it is not
possible to tell signtool that the cert7.db is in another directory.
It keeps insisting on using $HOME/.netscape (which is not desired).

We want to sign software that will allow customers to verify the jar
file with just the issuing CA's certificate in the cert7.db in a well
known location (without having the verifier to require having a 
$HOME/.netscape directory)

Reproducible: Always
Steps to Reproduce:
1.  Use an object signing certificate to sign a file.
2.  Move the cert7.db file to another directory (tmp2, for example)
3.  From the command line, type in signtool -v jarfile.jar

Actual Results:  You will see output such as follows:

$ sophia:/home/anoor> signtool -v jarfile.jar         
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave

If you type in signtool -v -d tmp2 jarfile.jar, you see:

$ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar
warning: unrecognized option: tmp2
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave



Expected Results:  
Like certutil and keyutil, I was hoping that signtool would recognize
the -d option for specifying database file location, instead of requiring
them to be in $HOME/.netscape

Comment 1

17 years ago
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

17 years ago
marking signtool bugs as future until 3.3 plan is ready.
Assignee: wtc → mcgreer
Target Milestone: --- → Future

Comment 3

17 years ago
Technically this is a usage error. The next argument after the "-v" flag is 
supposed to be the JAR file to verify. Signtool is interpreting "-d" to be the 
name of the JAR file. I suppose we could have a nicer error message. Changing 
the argument parsing code so that you could put the JAR filename at the end 
would be more complicated.

Comment 4

17 years ago
Set Target Milestone to NSS 3.3.  Assigned the bug to
Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3

Comment 5

17 years ago
Only work on this if it's in the PRD.
Assignee: relyea → mcgreer

Updated

16 years ago
Target Milestone: 3.3 → 3.4

Comment 6

16 years ago
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee

Comment 7

16 years ago
Set target milestone to NSS 3.5.
Target Milestone: 3.4 → 3.5

Comment 8

15 years ago
Assigned the bug to Kirk.  Target NSS 3.7.
Assignee: ian.mcgreer → kirk.erickson
Target Milestone: 3.5 → 3.7

Comment 9

15 years ago
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
(Assignee)

Comment 11

15 years ago
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
Target Milestone: --- → Future
(Assignee)

Updated

14 years ago
Target Milestone: Future → ---
(Assignee)

Comment 12

14 years ago
The first command line does not specify '-d <dbdir>' which is clearly
required to change the default $HOME/.netscape:

$ sophia:/home/anoor> signtool -v jarfile.jar
signtool: No certificate database in "/home/anoor/.netscape"

Jamie identified the problem with the second command line:

$ sophia:/home/anoor> signtool -v -d tmp2 jarfile.jar
warning: unrecognized option: tmp2
signtool: No certificate database in "/home/anoor/.netscape"
signtool: Check the -d arguments that you gave

This is also a pilot error. The '-v' needs 'jarfile.jar'.
Running 'signtool -v' indicates the argument is required, as
well as the usage information.

I verified this works, and apparently yields the desired 
behavior:

    ke119340@iws-files[28] signtool -v it.jar -d dbdir
    using certificate directory: dbdir

WORKSFORME.
Closing
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.