From 8ae46fa97fbf2391a61e99345f31aa660a0c5427 Mon Sep 17 00:00:00 2001 From: Elio Maldonado Date: Fri, 19 Jul 2013 10:42:57 -0700 Subject: [PATCH] Fix errors in the man pages - Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util - Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit --- manpages-fixes.patch | 209 +++++++++++++++++++++++++++++++++++++++++++ nss.spec | 21 +++-- setup-nsssysinit.xml | 2 +- 3 files changed, 226 insertions(+), 6 deletions(-) create mode 100644 manpages-fixes.patch diff --git a/manpages-fixes.patch b/manpages-fixes.patch new file mode 100644 index 0000000..dd419b9 --- /dev/null +++ b/manpages-fixes.patch @@ -0,0 +1,209 @@ +diff --git a/doc/certutil.xml b/doc/certutil.xml +--- a/doc/certutil.xml ++++ b/doc/certutil.xml +@@ -634,16 +634,37 @@ of the attribute codes: + + + + --extSKID + Add the Subject Key ID extension to the certificate. X.509 certificate extensions are described in RFC 5280. + + + ++ --extNC ++ Add a Name Constraint extension to the certificate. X.509 certificate extensions are described in RFC 5280. ++ ++ ++ ++ --keyAttrFlags attrflags ++ ++PKCS #11 key Attributes. Comma separated list of key attribute flags, selected from the following list of choices: {token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} ++ ++ ++ ++ --keyFlagsOn opflags ++ --keyFlagsOff opflags ++ ++PKCS #11 key Operation Flags. ++Comma separated list of one or more of the following: ++{token | session} {public | private} {sensitive | insensitive} {modifiable | unmodifiable} {extractable | unextractable} ++ ++ ++ ++ + --source-dir certdir + Identify the certificate database directory to upgrade. + + + + --source-prefix certdir + Give the prefix of the certificate and key databases to upgrade. + +@@ -795,17 +816,17 @@ JyBVgFqDXRYSyTBNw1DrxUU/3GvWA/ngjAwHEv0C + XRzPORlC2WY3gkk7vmlsLvYpyecNazAi/NAwVnU/66HOsaoVFWE+gBQo99UrN2yk + 0BiK/GMFlLm5dXQROgA9ZKKyFdI0LIXtf6SbAgMBAAGjMzAxMBEGCWCGSAGG+EIB + AQQEAwIHADAMBgNVHRMEBTADAQH/MA4GA1UdDwEB/wQEAwICBDANBgkqhkiG9w0B + AQUFAAOBgQA6chkzkACN281d1jKMrc+RHG2UMaQyxiteaLVZO+Ro1nnRUvseDf09 + XKYFwPMJjWCihVku6bw/ihZfuMHhxK22Nue6inNQ6eDu7WmrqL8z3iUrQwxs+WiF + ob2rb8XRVVJkzXdXxlk4uo3UtNvw8sAz7sWD71qxKaIHU5q49zijfg== + -----END CERTIFICATE----- + +-For a humam-readable display ++For a human-readable display + $ certutil -L -d sql:$HOME/nssdb -n my-ca-cert + Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3650 (0xe42) + Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption + Issuer: "CN=Example CA" + Validity: +diff --git a/doc/cmsutil.xml b/doc/cmsutil.xml +--- a/doc/cmsutil.xml ++++ b/doc/cmsutil.xml +@@ -84,19 +84,26 @@ The options and arguments for the cmsuti + + -S + Sign a message. + + + + + Arguments +- Option arguments modify an action and are lowercase. ++ Option arguments modify an action. + + ++ -b ++ ++ Decode a batch of files named in infile. ++ ++ ++ ++ + -c content + + Use this detached content (decode only). + + + + + -d dbdir +@@ -108,37 +115,58 @@ The options and arguments for the cmsuti + + -e envfile + + Specify a file containing an enveloped message for a set of recipients to which you would like to send an encrypted message. If this is the first encrypted message for that set of recipients, a new enveloped message will be created that you can then use for future messages (encrypt only). + + + + ++ -f pwfile ++ ++ Use password file to set password on all PKCS#11 tokens. ++ ++ ++ ++ + -G + + Include a signing time attribute (sign only). + + +- ++ ++ ++ -H hash ++ ++ Use specified hash algorithm (default:SHA1). ++ ++ ++ + + -h num + + Generate email headers with info about CMS message (decode only). + + + + + -i infile + + Use infile as a source of data (default is stdin). + + + + ++ -k ++ ++ Keep decoded encryption certs in permanent cert db. ++ ++ ++ ++ + -N nickname + + Specify nickname of certificate to sign with (sign only). + + + + + -n +@@ -188,16 +216,23 @@ For certificates-only message, list of c + + -u certusage + + Set type of cert usage (default is certUsageEmailSigner). + + + + ++ -v ++ ++ Print debugging information. ++ ++ ++ ++ + -Y ekprefnick + + Specify an encryption key preference by nickname. + + + + + +diff --git a/doc/crlutil.xml b/doc/crlutil.xml +--- a/doc/crlutil.xml ++++ b/doc/crlutil.xml +@@ -261,16 +261,30 @@ Specify type of CRL. possible types are: + -u url + + + Specify the url. + + + + ++ ++ -w pwd-string ++ ++ Provide db password in command line. ++ ++ ++ ++ ++ -Z algorithm ++ ++ Specify the hash algorithm to use for signing the CRL. ++ ++ ++ + + + + + CRL Generation script syntax + CRL generation script file has the following syntax: + + * Line with comments should have # as a first symbol of a line diff --git a/nss.spec b/nss.spec index dcdbba8..d15c8bb 100644 --- a/nss.spec +++ b/nss.spec @@ -20,7 +20,7 @@ Summary: Network Security Services Name: nss Version: 3.15.1 -Release: 1%{?dist} +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Group: System Environment/Libraries @@ -102,8 +102,10 @@ Patch47: utilwrap-include-templates.patch # TODO submit this patch upstream Patch48: nss-versus-softoken-tests.patch # TODO remove when we switch to building nss without softoken -Patch49: nss-skip-bltest-and-fipstest.patch -Patch50: iquote.patch +Patch49: nss-skip-bltest-and-fipstest.patch +Patch50: iquote.patch +# Upstream: https://bugzilla.mozilla.org/show_bug_cgi?id=836477 +Patch51: manpages-fixes.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -198,6 +200,9 @@ low level services. %patch48 -p0 -b .crypto %patch49 -p0 -b .skipthem %patch50 -p0 -b .iquote +pushd nss +%patch51 -p1 -b .948495 +popd ######################################################### # Higher-level libraries and test tools need access to @@ -466,7 +471,8 @@ echo "test suite completed" %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig -mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man1 +mkdir -p $RPM_BUILD_ROOT%{_mandir}/man5 touch $RPM_BUILD_ROOT%{_libdir}/libnssckbi.so %{__install} -p -m 755 dist/*.OBJ/lib/libnssckbi.so $RPM_BUILD_ROOT/%{_libdir}/nss/libnssckbi.so @@ -527,7 +533,7 @@ done for f in nss-config setup-nsssysinit; do install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 done -# Copy the man pages the nss tools +# Copy the man pages for the nss tools for f in "%{allTools}"; do install -c -m 644 ${f}.1 $RPM_BUILD_ROOT%{_mandir}/man1/${f}.1 done @@ -723,6 +729,11 @@ fi %changelog +* Fri Jul 19 2013 Elio Maldonado - 3.15.1-2 +- Fix errors in the man pages +- Resolves: rhbz#984106 - Add missing option descriptions to man pages for {cert|cms|crl}util +- Resolves: rhbz#982856 - Fix path to script in man page for nss-sysinit + * Tue Jul 02 2013 Elio Maldonado - 3.15.1-1 - Update to NSS_3_15_1_RTM - Enable the iquote.patch to access newly introduced types diff --git a/setup-nsssysinit.xml b/setup-nsssysinit.xml index 4335d85..0560cc1 100644 --- a/setup-nsssysinit.xml +++ b/setup-nsssysinit.xml @@ -95,7 +95,7 @@ Authors - The nss liraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. + The nss libraries were written and maintained by developers with Netscape, Red Hat, Sun, Oracle, Mozilla, and Google. Authors: Elio Maldonado <emaldona@redhat.com>.