The problem has to do with signtool signing a directory with hidden
files (e.g. .emacs). These kind of files do not get signed and
included into the final jar file.
It seems that the foreach function in util.c ignores any file with a
"." prefix. It should have only ignored files that have "." prefix AND
have filename size of 1.
verified that signtool does not put the hidden files in the jar archive.
Currently signtool just skips files that start with "." or "#". It is very easy
to modify the code so it doesn't do this anymore (it will still skip "." and
"..", of course).
I don't know of any reason why signtool skips these files. It looks like the
original intent was to skip temporary vi and emacs files.
Assigned the bug to Jamie.
We would like to have the fix of this bug rolled into NSS3.3. This bug
is significantly serious since it could render signtool unusable in
the situation where hidden files are involved. We found that this
situation is very common.
Unfortunately we have already frozen 3.3 and are pushing the candidate now.
It is too late for 3.3, we already pushed the release candidate, and neither Wan
Teh, nor I (for QA) will be here most next week.
Since the fix is in a binary, maybe we could just make a one file patch?
Checked in the fix to the trunk, marking fixed.
Jamie, could you please merge the fix of this bug
on the NSS_3_3_BRANCH so that it is included with
the upcoming NSS 3.3.1 release? Thanks.
Checked in the fix to the NSS_3_3_BRANCH.
/cvsroot/mozilla/security/nss/cmd/signtool/util.c,v <-- util.c
new revision: 126.96.36.199; previous revision: 1.5
I am wondering if the old behavior (not picking up
hidden files) should be considered a feature or a bug.
Should we keep the old behavior for backward compatibility
and add a "-a" option (inspired by "ls -a" of Unix) to
pick up hidden files? I think we don't need to worry
about this. I just wanted to make sure that we considered