Bug#701141: [PATCH 2/2] add several useful crypto utilities to libnss3-tools (Closes: #701141)

Matthew Hall mhall at mhcomputing.net
Fri Mar 22 04:47:51 UTC 2013 

BEAUTIFUL bug fix. Thank you so much for doing this, it is a big help for usage of NSS, especially symkeyutil, despite the bad documentation I really needed that one so much I had to recompile from deb src and hand copy it into place.
-- 
Sent from my mobile device.

Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

>Listed below are the tools in mozilla/dist/bin which we could ship in
>debian's libnss3-tools package (see http://bugs.debian.org/701141)
>
>I'm noting my consideration here about which tools to ship or not
>ship.
>
>"YES" means the binary was already shipped in 2:3.14.3-1
>"NO" means we should not ship
>"ADD" means we should ship
>
>(these last two categories are my own opinion, and i'm willing to be
>convinced otherwise)
>
>addbuiltin - output certs in suitable format for builtin trust module -
>ADD
>atob - base64 decoding: already handled by /usr/bin/base64 (coreutils)
>- NO
>baddbdir - no useful help output or documentation aside from source -
>NO
>bltest - cannot find libfreebl3.so via libdl, despite it being in
>/usr/lib/x86_64-linux-gnu/nss - NO
>btoa - base64 encoding: already handled by /usr/bin/base64 (coreutils)
>- NO
>certcgi - no useful help output or documentation aside from source - NO
>certutil - YES
>checkcert - segfaults when tested - NO
>chktest - verification counterpoint for shlibsign - ADD
>cmsutil - YES
>conflict - no useful help output or documentation aside from source -
>NO
>crlutil - YES
>crmftest - i do not know what CRMF/CMMF files are - NO
>dbtest - basic NSS db verification (name fairly generic, but no
>existing conflicts) - ADD
>derdump - ASN.1 parser/explainer - ADD
>dertimetest - no useful help output or documentation aside from source
>- NO
>digest - error: "NSS_Init failed in directory /tmp" - looks like it
>would be useful as a counterpoint to "openssl dgst" if it weren't for
>this hardcoded path - NO
>encodeinttest - no useful help output or documentation aside from
>source - NO
>fipstest - no useful help output or documentation aside from source -
>NO
>httpserv - appears to be an HTTP echo server (just returns the request
>headers as Content-Type: text/plain) - ADD
>listsuites - no useful help output or documentation aside from source -
>NO
>lowhashtest - same problem as bltest - NO
>makepqg - equivalent of certtool --generate-dh-params - NO
>mangle - "Usage:mangle -i shared_library_name -o byte_offset -b bit" -
>no useful help output or documentation aside from source - NO
>modutil - YES
>multinit - initialize up to three NSS databases while doing some
>key/slot manipulation in one of them (not sure how it's useful?) - NO
>nonspr10 - no useful help output or documentation aside from source -
>NO
>ocspclnt - OCSP client - ADD
>ocspresp - "runs an internal selftest for OCSP response creation" (not
>useful?) - NO
>oidcalc - no useful help output or documentation aside from source - NO
>p7content - decrypt PKCS#7 content (used for S/MIME) - ADD
>p7env - encrypt PKCS#7 content (used for S/MIME) - ADD
>p7sign - sign PKCS#7 content (used for S/MIME) - ADD
>p7verify - verify PKCS#7 signatures (used for S/MIME) - ADD
>pk11mode - "pk11mode test program" -- fails for me with "Assertion
>failure: lib != NULL, at prlink.c:1215" - NO
>pk12util - YES
>pk1sign - PKCS#1 signing tool - ADD
>pkix-errcodes - verbose, does not seem too useful - NO
>pp - pretty-print x.509-related key and certificate material (name
>seems very generic though) - ADD
>pwdecrypt - YES
>remtest - no useful help output or documentation aside from source - NO
>rsaperf - RSA performance checker -- usable with PKCS#11 tokens - ADD
>sdrtest - "secret decoder test" - not clear that this is useful outside
>of development - NO
>secmodtest - no useful help output or documentation aside from source -
>NO
>selfserv - looks like an echo server similar to gnutls-serv --echo -
>ADD
>shlibsign - YES
>signtool - YES
>signver - YES
>ssltap - YES
>strsclnt - TLS stress tester - makes concurrent connections and
>handshakes - ADD
>symkeyutil - symmetric key utility - poorly documented, could not
>convince it to add a new key to a test db - ADD
>tstclnt - TLS client wrapper like gnutls-cli or "openssl s_client" -
>very useful - ADD
>vfychain - X.509 certificate verification - ADD
>vfyserv - verify certificates from remote web site using local NSS
>store (does not appear to consider intermediate certs offered in the
>handshake) - ADD
>---
> debian/rules |   19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
>diff --git a/debian/rules b/debian/rules
>index 839dfd4..152a0cb 100755
>--- a/debian/rules
>+++ b/debian/rules
>@@ -84,16 +84,35 @@ override_dh_auto_install: $(PREPROCESS_FILES:.in=)
> 
> 	install -m 755 -t debian/libnss3-tools/usr/bin \
> 		$(foreach bin, \
>+			addbuiltin \
> 			certutil \
>+			chktest \
> 			cmsutil \
> 			crlutil \
>+			dbtest \
>+			derdump \
>+			httpserv \
> 			modutil \
>+			ocspclnt \
>+			p7content \
>+			p7env \
>+			p7sign \
>+			p7verify \
> 			pk12util \
>+			pk1sign \
>+			pp \
> 			pwdecrypt \
>+			rsaperf \
>+			selfserv \
> 			shlibsign \
> 			signtool \
> 			signver \
> 			ssltap \
>+			strsclnt \
>+			symkeyutil \
>+			tstclnt \
>+			vfychain \
>+			vfyserv \
> 	 	, $(DISTDIR)/bin/$(bin))
> 
> override_dh_strip:

More information about the pkg-mozilla-maintainers mailing list