r1723 - in /unstable/evolution/debian: changelog patches/04_login-to-nss-on-demand.patch patches/series

corsac at users.alioth.debian.org corsac at users.alioth.debian.org
Mon Sep 13 19:43:12 UTC 2010 

Author: corsac
Date: Mon Sep 13 19:43:06 2010
New Revision: 1723

URL: http://svn.debian.org/wsvn/pkg-evolution/?sc=1&rev=1723
Log:
04_login-to-nss-on-demand added, only init nss when needed. 

Added:
    unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch
Modified:
    unstable/evolution/debian/changelog
    unstable/evolution/debian/patches/series

Modified: unstable/evolution/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution/debian/changelog?rev=1723&op=diff
==============================================================================
--- unstable/evolution/debian/changelog (original)
+++ unstable/evolution/debian/changelog Mon Sep 13 19:43:06 2010
@@ -3,8 +3,9 @@
   * debian/patches:
     - 03_correctly-init-nss added, fix nss initialisation by login to NSS
       database before invoking certificate manager.
-
- -- Yves-Alexis Perez <corsac at debian.org>  Sun, 12 Sep 2010 20:00:59 +0200
+    - 04_login-to-nss-on-demand added, only init nss when needed. 
+
+ -- Yves-Alexis Perez <corsac at debian.org>  Mon, 13 Sep 2010 20:54:55 +0200
 
 evolution (2.30.3-1) unstable; urgency=low
 

Added: unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch?rev=1723&op=file
==============================================================================
--- unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch (added)
+++ unstable/evolution/debian/patches/04_login-to-nss-on-demand.patch Mon Sep 13 19:43:06 2010
@@ -1,0 +1,127 @@
+diff --git a/smime/gui/cert-trust-dialog.c b/smime/gui/cert-trust-dialog.c
+index 9c87c66..66ce69b 100644
+--- a/smime/gui/cert-trust-dialog.c
++++ b/smime/gui/cert-trust-dialog.c
+@@ -73,7 +73,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data)
+ 		e_cert_trust_add_peer_trust (&trust, FALSE,
+ 					     gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON (data->trust_button)),
+ 					     FALSE);
+-		CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust);
++		e_cert_db_change_cert_trust (icert, &trust);
+ 		break;
+ 	case GTK_RESPONSE_ACCEPT: {
+ 		/* just *what on earth* was chris thinking here!?!?!  copied from certificate-manager.c */
+@@ -101,7 +101,7 @@ ctd_response(GtkWidget *w, guint id, CertTrustDialogData *data)
+ 						   trust_email,
+ 						   trust_objsign);
+ 
+-			CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), icert, &trust);
++			e_cert_db_change_cert_trust (icert, &trust);
+ 		}
+ 
+ 		gtk_widget_destroy (dialog);
+diff --git a/smime/gui/certificate-manager.c b/smime/gui/certificate-manager.c
+index f0c68f2..a59b54e 100644
+--- a/smime/gui/certificate-manager.c
++++ b/smime/gui/certificate-manager.c
+@@ -592,7 +592,7 @@ edit_ca (GtkWidget *widget, CertificateManagerData *cfm)
+ 							   trust_email,
+ 							   trust_objsign);
+ 
+-				CERT_ChangeCertTrust (CERT_GetDefaultCertDB(), icert, &trust);
++				e_cert_db_change_cert_trust (icert, &trust);
+ 			}
+ 
+ 			gtk_widget_destroy (dialog);
+@@ -1000,15 +1000,11 @@ certificate_manager_config_init (EShell *shell)
+ 	CertificateManagerData *cfm_data;
+ 	GtkWidget *preferences_window;
+ 	GtkWidget *widget;
+-	PK11SlotInfo* slot;
+-	ECertDB *cert_db;
+ 
+ 	g_return_if_fail (E_IS_SHELL (shell));
+ 
+ 	/* We need to peek the db here to make sure it (and NSS) are fully initialized. */
+-	cert_db = e_cert_db_peek();
+-	slot = PK11_GetInternalKeySlot();
+-	e_cert_db_login_to_slot(cert_db, slot);
++	e_cert_db_peek ();
+ 
+ 	cfm_data = g_new0 (CertificateManagerData, 1);
+ 
+diff --git a/smime/lib/e-cert-db.c b/smime/lib/e-cert-db.c
+index 52545f3..c3517ba 100644
+--- a/smime/lib/e-cert-db.c
++++ b/smime/lib/e-cert-db.c
+@@ -66,6 +66,7 @@
+ #include "p12plcy.h"
+ #include "pk11func.h"
+ #include "nssckbi.h"
++#include <secerr.h>
+ #include "secmod.h"
+ #include "certdb.h"
+ #include "plstr.h"
+@@ -716,6 +717,16 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error)
+ 		srv = CERT_AddTempCertToPerm(tmpCert,
+ 					     nickname,
+ 					     &trust);
++		/*
++		  If this fails with SEC_ERROR_TOKEN_NOT_LOGGED_IN, it seems
++		  that the import *has* worked, but the setting of trust bits
++		  failed -- so only set the trust. This *has* to be an NSS bug?
++		*/
++		if (srv != SECSuccess &&
++		    PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
++		    e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
++			srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++						    tmpCert, &trust);
+ 
+ 		if (srv != SECSuccess) {
+ 			/* XXX gerror */
+@@ -752,6 +763,23 @@ handle_ca_cert_download(ECertDB *cert_db, GList *certs, GError **error)
+ 		return TRUE;
+ 	}
+ }
++gboolean e_cert_db_change_cert_trust(CERTCertificate *cert, CERTCertTrust *trust)
++{
++	SECStatus srv;
++
++	srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++				    cert, trust);
++	if (srv != SECSuccess &&
++	    PORT_GetError () == SEC_ERROR_TOKEN_NOT_LOGGED_IN &&
++	    e_cert_db_login_to_slot (NULL, PK11_GetInternalKeySlot()))
++		srv = CERT_ChangeCertTrust (CERT_GetDefaultCertDB (),
++					    cert, trust);
++
++	if (srv != SECSuccess)
++		return FALSE;
++	return TRUE;
++}
++
+ 
+ /* deleting certificates */
+ gboolean
+@@ -779,8 +807,7 @@ e_cert_db_delete_cert (ECertDB *certdb,
+ 		CERTCertTrust trust;
+ 
+ 		e_cert_trust_init_with_values (&trust, 0, 0, 0);
+-		srv = CERT_ChangeCertTrust(CERT_GetDefaultCertDB(),
+-					   cert, &trust);
++		srv = e_cert_db_change_cert_trust (cert, &trust);
+ 	}
+ 
+ 	/*PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("cert deleted: %d", srv));*/
+diff --git a/smime/lib/e-cert-db.h b/smime/lib/e-cert-db.h
+index 0e19e00..25c8dfd 100644
+--- a/smime/lib/e-cert-db.h
++++ b/smime/lib/e-cert-db.h
+@@ -135,4 +135,7 @@ gboolean             e_cert_db_export_pkcs12_file (ECertDB *cert_db,
+ gboolean             e_cert_db_login_to_slot      (ECertDB *cert_db,
+ 						   PK11SlotInfo *slot);
+ 
++gboolean	     e_cert_db_change_cert_trust  (CERTCertificate *cert,
++						   CERTCertTrust *trust);
++
+ #endif /* _E_CERT_DB_H_ */

Modified: unstable/evolution/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-evolution/unstable/evolution/debian/patches/series?rev=1723&op=diff
==============================================================================
--- unstable/evolution/debian/patches/series (original)
+++ unstable/evolution/debian/patches/series Mon Sep 13 19:43:06 2010
@@ -1,2 +1,3 @@
 02_let-nss-search-for-nssckbi.patch
 03_correctly-init-nss.patch
+04_login-to-nss-on-demand.patch

More information about the pkg-evolution-commits mailing list