841788 - nss-tools certutil -H does not list all options, misses -F

Status: RESOLVED FIXED

(NSS :: Tools, defect, P2)

Description

[Elio Maldonado]

Attachment: document -F as a command option

As reported by on RHEL:

Description of problem: when issuing certutil -H it does not list -F to delete private keys.

Version-Release number of selected component (if applicable):

nss-tools-3.12.7-2

How reproducible:

always

Expected results:

list all options, ex as shown at http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html

...

-H sould show -F as an option.

Comment 1

[Kai Engert [:KaiE:]]

I think new work should include code and docbook patch at the same time.

Comment 2

[Jason Pyeron]

This is not new work (it is not adding -F), it is only making the in program help the same as the documentation.

Is there a specific update to the docs that you see as missing?

Comment 3

[Jason Pyeron]

RHEL bug: https://bugzilla.redhat.com/show_bug.cgi?id=807419

Comment 4

[Kai Engert [:KaiE:]]

(In reply to Jason Pyeron from comment #2)
> This is not new work (it is not adding -F), it is only making the in program
> help the same as the documentation.
> 
> Is there a specific update to the docs that you see as missing?

Debating this takes more time than adding those short strings to the docbook.

It's preferable to have both synchronized. It takes greater efforts to compare and resync them later.

Comment 5

[Kai Engert [:KaiE:]]

So I looked on my own, and the -F is actually already documented in the man page.

Comment 6

[Jason Pyeron]

Thanks! I probably should have said it better, but that is why the bug was opened. :)

Code supports it, docs say it, but internal help disavows it.

Comment 7

[Kai Engert [:KaiE:]]

Comment on attachment 714438 [details] [diff] [review]
document -F as a command option

>+    FPS "\t%s -F -n nickname [-d certdir] [-P dbprefix] \n", 

unnecessary space:                                       ^


>+static void luF(enum usage_level ul, const char *command)
>+{
>+    int is_my_command = (command && 0 == strcmp(command, "F"));
>+    if (ul == usage_all || !command || is_my_command)
>+    FPS "%-15s Delete a key from the database\n",
>+        "-D");

            ^
That should be F, right?
Please build and look at the output to verify your change is correct.


>+    if (ul == usage_selected && !is_my_command)
>+        return;
>+    FPS "%-20s The nickname of the key to delete\n",
>+        "   -n cert-name");
>+    FPS "%-20s Cert database directory (default is ~/.netscape)\n",
>+        "   -d certdir");
>+    FPS "%-20s Cert & Key database prefix\n",
>+        "   -P dbprefix");
>+    FPS "\n");


It looks like you have copied the options for -F from the -D command section.

But the manual page documentation for -F lists different options, which one is correct?

Please find out which one is correct and please ensure that help output produced by 
certutil is syncronized with the listing of options in the man page.

If the manual page is correct, then remove the -P option from the above code,
and add the -k option.


=============================================================
-F
Delete a private key from a key database. Specify the key to delete with the -n argument. 
Specify the database from which to delete the key with the -d argument. Use the -k argument 
to specify explicitly whether to delete a DSA, RSA, or ECC key. If you
don't use the -k argument, the option looks for an RSA key matching the specified nickname.

When you delete keys, be sure to also remove any certificates associated with those keys from
the certificate database, by using -D. Some smart cards do not let you remove a public key 
you have generated. In such a case, only the private key is deleted
from the key pair. You can display the public key with the command certutil -K -h tokenname.
=============================================================

Comment 8

[Elio Maldonado]

I have run through the command and also traced in the debugger.  The man pages is correct as far as the -P option is concerned but it also mentions the -k option for key type, which tracing with gdb revals, is ignored when deleting a key. One more thing to fix when I submit manpages revisions for review.

Comment 9

[Elio Maldonado]

Attachment: document -F as a command option - V2

Comment 10

[Kai Engert [:KaiE:]]

Comment on attachment 720051 [details] [diff] [review]
document -F as a command option - V2

> 
> >+static void luF(enum usage_level ul, const char *command)
> >+{
> >+    int is_my_command = (command && 0 == strcmp(command, "F"));
> >+    if (ul == usage_all || !command || is_my_command)
> >+    FPS "%-15s Delete a key from the database\n",
> >+        "-D");
> 
>             ^
> That should be F, right?
> Please build and look at the output to verify your change is correct.


You didn't fix this.

Comment 11

[Kai Engert [:KaiE:]]

(In reply to Elio Maldonado from comment #8)
> I have run through the command and also traced in the debugger.  The man
> pages is correct as far as the -P option is concerned but it also mentions
> the -k option for key type, which tracing with gdb revals, is ignored when
> deleting a key. One more thing to fix when I submit manpages revisions for
> review.

Where do you track these pending items?

Comment 12

[Elio Maldonado]

(In reply to Kai Engert (:kaie) from comment #11)
> Where do you track these pending items?

I'm planning to use Bug 836477. We could make it a tracking bug dependent on separate ones for each of the tools. What do you think?

Comment 13

[Elio Maldonado]

Attachment: document -F as a command option V3

Comment 14

[Kai Engert [:KaiE:]]

Comment on attachment 737820 [details] [diff] [review]
document -F as a command option V3

r=kaie

Comment 15

[Elio Maldonado]

Checked in: https://hg.mozilla.org/projects/nss/rev/2e23c889a322