Closed Bug 933688 Opened 11 years ago Closed 11 years ago

NSS: certutil should allow shell script or user to set empty password non-interactively when creating certificate database using -N option

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.15.4

People

(Reporter: eric.wong, Unassigned)

Details

Attachments

(1 file, 1 obsolete file)

certutil_empty_password.diff
2.64 KB, patch
KaiE
: review+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release)
Build ID: 20130911164256

Steps to reproduce:

# mkdir test
# certutil -N -d ./test



Actual results:

# mkdir test
# certutil -N -d ./test
Enter a password which will be used to encrypt your keys.
The password should be at least 8 characters long,
and should contain at least one non-alphabetic character.

Enter new password:
Re-enter password:



Expected results:

# mkdir test
# certutil -N -d ./test --empty-password
#
You need to request reviewing when you attach a patch. ;)
Assignee: nobody → nobody
Component: General → Tools
Product: Core → NSS
Version: Trunk → trunk
(In reply to Loic from comment #1)
> You need to request reviewing when you attach a patch. ;)

Thanks for your note, I am new to bugzilla system and I also sent an email to one of the reviewer(from the log of hg repository)
Attachment #825817 - Flags: review?(kaie)
I'm cc'ing Bob and Wan-Teh, in case they want to veto.

I think your proposal is reasonable.

It's already possible to create a database with an empty password automatically, by using a password file that contains a newline only, e.g. as created using:
  echo > password-file

Nevertheless, in my opinion the parameter you propose is an improvement, because it makes it more easily discoverable how to do it.

I looked at your patch, and it seems correct to me. However, I'd like to ask that you also add the command line parameter to the alternative help output, which is printed by executing
  certutil -H -N

That's done in function LuN()
Comment on attachment 825817 [details] [diff] [review]
Patch: add a "--empty-password" option to set the empty password non-interactively when creating cert database using -N command

r- because I proposed an enhancement for completeness
Attachment #825817 - Flags: review?(kaie) → review-
Note, attaching the changes to the .html and the .1 file isn't necessary, because they are generated automatically. Attaching the changes to the .xml input file is sufficient.
Status: UNCONFIRMED → NEW
Ever confirmed: true

        Attachment #827223 -
        Flags: review?(kaie)

    
    

    
  
(In reply to Kai Engert (:kaie) from comment #3)
> It's already possible to create a database with an empty password
> automatically, by using a password file that contains a newline only, e.g.
> as created using:
>   echo > password-file

Noted, thanks.

> I looked at your patch, and it seems correct to me. However, I'd like to ask
> that you also add the command line parameter to the alternative help output,
> which is printed by executing
>   certutil -H -N
> 
> That's done in function LuN()

I think I have implemented this in my patch, do I misunderstand what you are saying?

# certutil -N -H
-N              Create a new certificate database
   -d certdir        Cert database directory (default is ~/.netscape)
   -P dbprefix       Cert & Key database prefix
   --empty-password  use empty password when creating a new database
#

Anyway, I have attached a new patch, please review, thanks!

    
    

    
  
(In reply to Eric Wong from comment #7)
> I think I have implemented this in my patch, do I misunderstand what you are
> saying?

You are right, somehow I didn't see it earlier, sorry!

I suggest that you create/edit file ~/.hgrc on your system, and configure hg to produce more readable diffs. You could add the following section. After that, your patch will include the names of the function that is related to each chunk.

[diff]
git = 1
showfunc = 1
unified = 8

    
  

        Attachment #825817 -
        Attachment is obsolete: true

        Attachment #825817 -
        Flags: review-

    
    

    
  
Comment on attachment 827223 [details] [diff] [review]
certutil_empty_password.diff

r=kaie

        Attachment #827223 -
        Flags: review?(kaie) → review+

    
  
Keywords: checkin-needed

    
    

    
  
checked in:
https://hg.mozilla.org/projects/nss/rev/0560a4f7312a

Thanks for your contribution, Eric!
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED

    
  
Target Milestone: --- → 3.15.3

    
    

    
  
(In reply to Kai Engert (:kaie) from comment #8)
> 
> I suggest that you create/edit file ~/.hgrc on your system, and configure hg
> to produce more readable diffs. You could add the following section. After
> that, your patch will include the names of the function that is related to
> each chunk.
> 
> [diff]
> git = 1
> showfunc = 1
> unified = 8

OK, got it!

    
    

    
  
(In reply to Kai Engert (:kaie) from comment #10)
> checked in:
> https://hg.mozilla.org/projects/nss/rev/0560a4f7312a

Thanks for reviewing the patch!

    
    

    
  
changing target milestone to 3.15.4
Target Milestone: 3.15.3 → 3.15.4

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: