BEAUTIFUL bug fix. Thank you so much for doing this, it is a big help for usage of NSS, especially symkeyutil, despite the bad documentation I really needed that one so much I had to recompile from deb src and hand copy it into place. -- Sent from my mobile device.
Daniel Kahn Gillmor <[email protected]> wrote: >Listed below are the tools in mozilla/dist/bin which we could ship in >debian's libnss3-tools package (see http://bugs.debian.org/701141) > >I'm noting my consideration here about which tools to ship or not >ship. > >"YES" means the binary was already shipped in 2:3.14.3-1 >"NO" means we should not ship >"ADD" means we should ship > >(these last two categories are my own opinion, and i'm willing to be >convinced otherwise) > >addbuiltin - output certs in suitable format for builtin trust module - >ADD >atob - base64 decoding: already handled by /usr/bin/base64 (coreutils) >- NO >baddbdir - no useful help output or documentation aside from source - >NO >bltest - cannot find libfreebl3.so via libdl, despite it being in >/usr/lib/x86_64-linux-gnu/nss - NO >btoa - base64 encoding: already handled by /usr/bin/base64 (coreutils) >- NO >certcgi - no useful help output or documentation aside from source - NO >certutil - YES >checkcert - segfaults when tested - NO >chktest - verification counterpoint for shlibsign - ADD >cmsutil - YES >conflict - no useful help output or documentation aside from source - >NO >crlutil - YES >crmftest - i do not know what CRMF/CMMF files are - NO >dbtest - basic NSS db verification (name fairly generic, but no >existing conflicts) - ADD >derdump - ASN.1 parser/explainer - ADD >dertimetest - no useful help output or documentation aside from source >- NO >digest - error: "NSS_Init failed in directory /tmp" - looks like it >would be useful as a counterpoint to "openssl dgst" if it weren't for >this hardcoded path - NO >encodeinttest - no useful help output or documentation aside from >source - NO >fipstest - no useful help output or documentation aside from source - >NO >httpserv - appears to be an HTTP echo server (just returns the request >headers as Content-Type: text/plain) - ADD >listsuites - no useful help output or documentation aside from source - >NO >lowhashtest - same problem as bltest - NO >makepqg - equivalent of certtool --generate-dh-params - NO >mangle - "Usage:mangle -i shared_library_name -o byte_offset -b bit" - >no useful help output or documentation aside from source - NO >modutil - YES >multinit - initialize up to three NSS databases while doing some >key/slot manipulation in one of them (not sure how it's useful?) - NO >nonspr10 - no useful help output or documentation aside from source - >NO >ocspclnt - OCSP client - ADD >ocspresp - "runs an internal selftest for OCSP response creation" (not >useful?) - NO >oidcalc - no useful help output or documentation aside from source - NO >p7content - decrypt PKCS#7 content (used for S/MIME) - ADD >p7env - encrypt PKCS#7 content (used for S/MIME) - ADD >p7sign - sign PKCS#7 content (used for S/MIME) - ADD >p7verify - verify PKCS#7 signatures (used for S/MIME) - ADD >pk11mode - "pk11mode test program" -- fails for me with "Assertion >failure: lib != NULL, at prlink.c:1215" - NO >pk12util - YES >pk1sign - PKCS#1 signing tool - ADD >pkix-errcodes - verbose, does not seem too useful - NO >pp - pretty-print x.509-related key and certificate material (name >seems very generic though) - ADD >pwdecrypt - YES >remtest - no useful help output or documentation aside from source - NO >rsaperf - RSA performance checker -- usable with PKCS#11 tokens - ADD >sdrtest - "secret decoder test" - not clear that this is useful outside >of development - NO >secmodtest - no useful help output or documentation aside from source - >NO >selfserv - looks like an echo server similar to gnutls-serv --echo - >ADD >shlibsign - YES >signtool - YES >signver - YES >ssltap - YES >strsclnt - TLS stress tester - makes concurrent connections and >handshakes - ADD >symkeyutil - symmetric key utility - poorly documented, could not >convince it to add a new key to a test db - ADD >tstclnt - TLS client wrapper like gnutls-cli or "openssl s_client" - >very useful - ADD >vfychain - X.509 certificate verification - ADD >vfyserv - verify certificates from remote web site using local NSS >store (does not appear to consider intermediate certs offered in the >handshake) - ADD >--- > debian/rules | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > >diff --git a/debian/rules b/debian/rules >index 839dfd4..152a0cb 100755 >--- a/debian/rules >+++ b/debian/rules >@@ -84,16 +84,35 @@ override_dh_auto_install: $(PREPROCESS_FILES:.in=) > > install -m 755 -t debian/libnss3-tools/usr/bin \ > $(foreach bin, \ >+ addbuiltin \ > certutil \ >+ chktest \ > cmsutil \ > crlutil \ >+ dbtest \ >+ derdump \ >+ httpserv \ > modutil \ >+ ocspclnt \ >+ p7content \ >+ p7env \ >+ p7sign \ >+ p7verify \ > pk12util \ >+ pk1sign \ >+ pp \ > pwdecrypt \ >+ rsaperf \ >+ selfserv \ > shlibsign \ > signtool \ > signver \ > ssltap \ >+ strsclnt \ >+ symkeyutil \ >+ tstclnt \ >+ vfychain \ >+ vfyserv \ > , $(DISTDIR)/bin/$(bin)) > > override_dh_strip: -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

