From Bugzilla Helper: User-Agent: Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u) BuildID: When attempting to verify a signed jar file, with just the cert7.db in $HOME/.netscape (we definitely don't want the key3.db involved in any verification purposes; we'd prefer that the secumodule.db also not be involved, but I have no preference about this), signtool -v reports an incorrect and unnecessary error message. Reproducible: Always Steps to Reproduce: 1. Sign an object with an object signing certificate. 2. Remove or Move the $HOME/.netscape/key3.db file temporarily. 3. From the command line, type in signtool -v jarfile.jar Actual Results: You will see output such as follows: $ sophia:/home/anoor> signtool -v *.jar using certificate directory: /home/anoor/.netscape WARNING: No password set on internal key database. Most operations will fail. You must use Communicator to create a password. . . Expected Results: No messages regarding key database. For verification operations the private key is unnecessary.
marking signtool bugs as future until 3.3 plan is ready.
forgot to reassign
Set Target Milestone to NSS 3.3. Assigned the bug to Bob for evaluation.
reassign to Ian. work on this if it's in the prd.
Changed the QA contact to Bishakha.
Set target milestone to NSS 3.5.
Assigned the bug to Kirk. Target NSS 3.7.
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Remove target milestone of 3.8, since these bugs didn't get into that release.
Not likely to get to this in the 3.9 timeframe. Set Target Milestone to Future.
I provided a password in reproducing this failure: signtool -v nojs.jar -d ../alicedir -p nss signtool: NSS_Initialize failed: security library: bad database. signtool is calling NSS_Init(): NSS_Init(configdir = 0x3367f0 "../alicedir"), line 493 in "nssinit.c" which has no provision for startup without key3.db. Arshad is asking for a new feature. Changed this Severity to "enhancement" In addition to relaxing nss_Init(), facilities downstream that assume the key3.db has been opened would need to check for its existence and fail gracefully in the case it wasn't opened as part of NSS_Init(). Unfortunately, Arshad is no longer at Sun, so I need to find out whose taken his place and query further to understand the motivation for this. Perhaps we can offer another means to accomplish their goal.
2003-0609-1720 Back from Michael Hein: Kirk, I don't know who Arshad is.....or what group he was in. I would say just leave the bug for now......if it is very important I'm sure someone will ping us. Michael
Mass reassign of Kirk's bugs.