From Bugzilla Helper:
User-Agent: Mozilla/4.7 [en] (X11; I; SunOS 5.8 sun4u)
When attempting to verify a signed jar file, with just the cert7.db in
$HOME/.netscape (we definitely don't want the key3.db involved in any
verification purposes; we'd prefer that the secumodule.db also not be
involved, but I have no preference about this), signtool -v reports an
incorrect and unnecessary error message.
Steps to Reproduce:
1. Sign an object with an object signing certificate.
2. Remove or Move the $HOME/.netscape/key3.db file temporarily.
3. From the command line, type in signtool -v jarfile.jar
Actual Results: You will see output such as follows:
$ sophia:/home/anoor> signtool -v *.jar
using certificate directory: /home/anoor/.netscape
WARNING: No password set on internal key database. Most operations will fail.
You must use Communicator to create a password.
Expected Results: No messages regarding key database. For verification
operations the private key is unnecessary.
marking signtool bugs as future until 3.3 plan is ready.
forgot to reassign
Set Target Milestone to NSS 3.3. Assigned the bug to
Bob for evaluation.
reassign to Ian. work on this if it's in the prd.
Changed the QA contact to Bishakha.
Set target milestone to NSS 3.5.
Assigned the bug to Kirk. Target NSS 3.7.
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Remove target milestone of 3.8, since these bugs didn't get into that release.
Not likely to get to this in the 3.9 timeframe.
Set Target Milestone to Future.
I provided a password in reproducing this failure:
signtool -v nojs.jar -d ../alicedir -p nss
signtool: NSS_Initialize failed: security library: bad database.
signtool is calling NSS_Init():
NSS_Init(configdir = 0x3367f0 "../alicedir"), line 493 in "nssinit.c"
which has no provision for startup without key3.db. Arshad is asking
for a new feature.
Changed this Severity to "enhancement"
In addition to relaxing nss_Init(), facilities downstream that assume
the key3.db has been opened would need to check for its existence and
fail gracefully in the case it wasn't opened as part of NSS_Init().
Unfortunately, Arshad is no longer at Sun, so I need to find out whose
taken his place and query further to understand the motivation for this.
Perhaps we can offer another means to accomplish their goal.
2003-0609-1720 Back from Michael Hein:
I don't know who Arshad is.....or what group he was in. I would say just
leave the bug for now......if it is very important I'm sure someone will
Mass reassign of Kirk's bugs.