The problem has to do with signtool signing a directory with hidden files (e.g. .emacs). These kind of files do not get signed and included into the final jar file. It seems that the foreach function in util.c ignores any file with a "." prefix. It should have only ignored files that have "." prefix AND have filename size of 1.
verified that signtool does not put the hidden files in the jar archive.
Currently signtool just skips files that start with "." or "#". It is very easy to modify the code so it doesn't do this anymore (it will still skip "." and "..", of course). I don't know of any reason why signtool skips these files. It looks like the original intent was to skip temporary vi and emacs files.
Assigned the bug to Jamie.
We would like to have the fix of this bug rolled into NSS3.3. This bug is significantly serious since it could render signtool unusable in the situation where hidden files are involved. We found that this situation is very common.
Unfortunately we have already frozen 3.3 and are pushing the candidate now. bob
It is too late for 3.3, we already pushed the release candidate, and neither Wan Teh, nor I (for QA) will be here most next week. Since the fix is in a binary, maybe we could just make a one file patch?
Checked in the fix to the trunk, marking fixed.
Jamie, could you please merge the fix of this bug on the NSS_3_3_BRANCH so that it is included with the upcoming NSS 3.3.1 release? Thanks.
Checked in the fix to the NSS_3_3_BRANCH. /cvsroot/mozilla/security/nss/cmd/signtool/util.c,v <-- util.c new revision: 126.96.36.199; previous revision: 1.5
I am wondering if the old behavior (not picking up hidden files) should be considered a feature or a bug. Should we keep the old behavior for backward compatibility and add a "-a" option (inspired by "ls -a" of Unix) to pick up hidden files? I think we don't need to worry about this. I just wanted to make sure that we considered this issue.