pesign/pesign-no-db.patch

143 lines
3.0 KiB
Diff
Raw Normal View History

From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 7 Nov 2013 16:58:04 +0800
Subject: [PATCH] Allow some commands to proceed without a NSS db
The NSS db is not necessary to calculate the hash, to show the
signature or to export the signed attributes.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
1 file changed, 53 insertions(+), 38 deletions(-)
diff --git a/src/pesign.c b/src/pesign.c
index c7313a6..0cd47a8 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
int daemon = 0;
int fork = 1;
int padding = 0;
+ int need_db = 0;
char *digest_name = "sha256";
char *tokenname = "NSS Certificate DB";
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
}
}
+ int action = 0;
+ if (daemon)
+ action |= DAEMONIZE;
+
+ if (ctxp->rawsig) {
+ action |= IMPORT_RAW_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->insattrs)
+ action |= IMPORT_SATTRS;
+
+ if (ctxp->outsattrs)
+ action |= EXPORT_SATTRS;
+
+ if (ctxp->insig)
+ action |= IMPORT_SIGNATURE;
+
+ if (ctxp->outkey) {
+ action |= EXPORT_PUBKEY;
+ need_db = 1;
+ }
+
+ if (ctxp->outcert) {
+ action |= EXPORT_CERT;
+ need_db = 1;
+ }
+
+ if (ctxp->outsig)
+ action |= EXPORT_SIGNATURE;
+
+ if (remove != 0)
+ action |= REMOVE_SIGNATURE;
+
+ if (list != 0)
+ action |= LIST_SIGNATURES;
+
+ if (ctxp->sign) {
+ action |= GENERATE_SIGNATURE;
+ if (!(action & EXPORT_SIGNATURE))
+ action |= IMPORT_SIGNATURE;
+ need_db = 1;
+ }
+
+ if (ctxp->hash)
+ action |= GENERATE_DIGEST|PRINT_DIGEST;
+
if (!daemon) {
- SECStatus status = NSS_Init(certdir);
+ SECStatus status;
+ if (need_db)
+ status = NSS_Init(certdir);
+ else
+ status = NSS_NoDB_Init(NULL);
if (status != SECSuccess) {
fprintf(stderr, "Could not initialize nss: %s\n",
PORT_ErrorToString(PORT_GetError()));
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
if (certname)
free(certname);
- int action = 0;
- if (daemon)
- action |= DAEMONIZE;
-
- if (ctxp->rawsig)
- action |= IMPORT_RAW_SIGNATURE;
-
- if (ctxp->insattrs)
- action |= IMPORT_SATTRS;
-
- if (ctxp->outsattrs)
- action |= EXPORT_SATTRS;
-
- if (ctxp->insig)
- action |= IMPORT_SIGNATURE;
-
- if (ctxp->outkey)
- action |= EXPORT_PUBKEY;
-
- if (ctxp->outcert)
- action |= EXPORT_CERT;
-
- if (ctxp->outsig)
- action |= EXPORT_SIGNATURE;
-
- if (remove != 0)
- action |= REMOVE_SIGNATURE;
-
- if (list != 0)
- action |= LIST_SIGNATURES;
if (ctxp->sign) {
- action |= GENERATE_SIGNATURE;
- if (!(action & EXPORT_SIGNATURE))
- action |= IMPORT_SIGNATURE;
-
if (!ctxp->cms_ctx->certname) {
fprintf(stderr, "pesign: signing requested but no "
"certificate nickname provided\n");
@@ -614,9 +632,6 @@ main(int argc, char *argv[])
}
}
- if (ctxp->hash)
- action |= GENERATE_DIGEST|PRINT_DIGEST;
-
ssize_t sigspace = 0;
switch (action) {
--
1.8.1.4