Bug#701141: [PATCH 2/2] add several useful crypto utilities to libnss3-tools (Closes: #701141)

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Mar 22 02:54:18 UTC 2013 

Listed below are the tools in mozilla/dist/bin which we could ship in
debian's libnss3-tools package (see http://bugs.debian.org/701141)

I'm noting my consideration here about which tools to ship or not
ship.

"YES" means the binary was already shipped in 2:3.14.3-1
"NO" means we should not ship
"ADD" means we should ship

(these last two categories are my own opinion, and i'm willing to be
convinced otherwise)

addbuiltin - output certs in suitable format for builtin trust module - ADD
atob - base64 decoding: already handled by /usr/bin/base64 (coreutils) - NO
baddbdir - no useful help output or documentation aside from source - NO
bltest - cannot find libfreebl3.so via libdl, despite it being in /usr/lib/x86_64-linux-gnu/nss - NO
btoa - base64 encoding: already handled by /usr/bin/base64 (coreutils) - NO
certcgi - no useful help output or documentation aside from source - NO
certutil - YES
checkcert - segfaults when tested - NO
chktest - verification counterpoint for shlibsign - ADD
cmsutil - YES
conflict - no useful help output or documentation aside from source - NO
crlutil - YES
crmftest - i do not know what CRMF/CMMF files are - NO
dbtest - basic NSS db verification (name fairly generic, but no existing conflicts) - ADD
derdump - ASN.1 parser/explainer - ADD
dertimetest - no useful help output or documentation aside from source - NO
digest - error: "NSS_Init failed in directory /tmp" - looks like it would be useful as a counterpoint to "openssl dgst" if it weren't for this hardcoded path - NO
encodeinttest - no useful help output or documentation aside from source - NO
fipstest - no useful help output or documentation aside from source - NO
httpserv - appears to be an HTTP echo server (just returns the request headers as Content-Type: text/plain) - ADD
listsuites - no useful help output or documentation aside from source - NO
lowhashtest - same problem as bltest - NO
makepqg - equivalent of certtool --generate-dh-params - NO
mangle - "Usage:mangle -i shared_library_name -o byte_offset -b bit" - no useful help output or documentation aside from source - NO
modutil - YES
multinit - initialize up to three NSS databases while doing some key/slot manipulation in one of them (not sure how it's useful?) - NO
nonspr10 - no useful help output or documentation aside from source - NO
ocspclnt - OCSP client - ADD
ocspresp - "runs an internal selftest for OCSP response creation" (not useful?) - NO
oidcalc - no useful help output or documentation aside from source - NO
p7content - decrypt PKCS#7 content (used for S/MIME) - ADD
p7env - encrypt PKCS#7 content (used for S/MIME) - ADD
p7sign - sign PKCS#7 content (used for S/MIME) - ADD
p7verify - verify PKCS#7 signatures (used for S/MIME) - ADD
pk11mode - "pk11mode test program" -- fails for me with "Assertion failure: lib != NULL, at prlink.c:1215" - NO
pk12util - YES
pk1sign - PKCS#1 signing tool - ADD
pkix-errcodes - verbose, does not seem too useful - NO
pp - pretty-print x.509-related key and certificate material (name seems very generic though) - ADD
pwdecrypt - YES
remtest - no useful help output or documentation aside from source - NO
rsaperf - RSA performance checker -- usable with PKCS#11 tokens - ADD
sdrtest - "secret decoder test" - not clear that this is useful outside of development - NO
secmodtest - no useful help output or documentation aside from source - NO
selfserv - looks like an echo server similar to gnutls-serv --echo - ADD
shlibsign - YES
signtool - YES
signver - YES
ssltap - YES
strsclnt - TLS stress tester - makes concurrent connections and handshakes - ADD
symkeyutil - symmetric key utility - poorly documented, could not convince it to add a new key to a test db - ADD
tstclnt - TLS client wrapper like gnutls-cli or "openssl s_client" - very useful - ADD
vfychain - X.509 certificate verification - ADD
vfyserv - verify certificates from remote web site using local NSS store (does not appear to consider intermediate certs offered in the handshake) - ADD
---
 debian/rules |   19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/debian/rules b/debian/rules
index 839dfd4..152a0cb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -84,16 +84,35 @@ override_dh_auto_install: $(PREPROCESS_FILES:.in=)
 
 	install -m 755 -t debian/libnss3-tools/usr/bin \
 		$(foreach bin, \
+			addbuiltin \
 			certutil \
+			chktest \
 			cmsutil \
 			crlutil \
+			dbtest \
+			derdump \
+			httpserv \
 			modutil \
+			ocspclnt \
+			p7content \
+			p7env \
+			p7sign \
+			p7verify \
 			pk12util \
+			pk1sign \
+			pp \
 			pwdecrypt \
+			rsaperf \
+			selfserv \
 			shlibsign \
 			signtool \
 			signver \
 			ssltap \
+			strsclnt \
+			symkeyutil \
+			tstclnt \
+			vfychain \
+			vfyserv \
 	 	, $(DISTDIR)/bin/$(bin))
 
 override_dh_strip:
-- 
1.7.10.4

More information about the pkg-mozilla-maintainers mailing list