File pesign-no-db.patch of Package pesign

From b55ecad4b6ec280d7d17caa5e02c20a7391b8a05 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Thu, 7 Nov 2013 16:58:04 +0800
Subject: [PATCH] Allow some commands to proceed without a NSS db

The NSS db is not necessary to calculate the hash, to show the
signature or to export the signed attributes.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 src/pesign.c | 91 +++++++++++++++++++++++++++++++++++-------------------------
 1 file changed, 53 insertions(+), 38 deletions(-)

diff --git a/src/pesign.c b/src/pesign.c
index c7313a6..0cd47a8 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -405,6 +405,7 @@ main(int argc, char *argv[])
 	int daemon = 0;
 	int fork = 1;
 	int padding = 0;
+	int need_db = 0;
 
 	char *digest_name = "sha256";
 	char *tokenname = "NSS Certificate DB";
@@ -526,8 +527,59 @@ main(int argc, char *argv[])
 		}
 	}
 
+	int action = 0;
+	if (daemon)
+		action |= DAEMONIZE;
+
+	if (ctxp->rawsig) {
+		action |= IMPORT_RAW_SIGNATURE;
+		need_db = 1;
+	}
+
+	if (ctxp->insattrs)
+		action |= IMPORT_SATTRS;
+
+	if (ctxp->outsattrs)
+		action |= EXPORT_SATTRS;
+
+	if (ctxp->insig)
+		action |= IMPORT_SIGNATURE;
+
+	if (ctxp->outkey) {
+		action |= EXPORT_PUBKEY;
+		need_db = 1;
+	}
+
+	if (ctxp->outcert) {
+		action |= EXPORT_CERT;
+		need_db = 1;
+	}
+
+	if (ctxp->outsig)
+		action |= EXPORT_SIGNATURE;
+
+	if (remove != 0)
+		action |= REMOVE_SIGNATURE;
+
+	if (list != 0)
+		action |= LIST_SIGNATURES;
+
+	if (ctxp->sign) {
+		action |= GENERATE_SIGNATURE;
+		if (!(action & EXPORT_SIGNATURE))
+			action |= IMPORT_SIGNATURE;
+		need_db = 1;
+	}
+
+	if (ctxp->hash)
+		action |= GENERATE_DIGEST|PRINT_DIGEST;
+
 	if (!daemon) {
-		SECStatus status = NSS_Init(certdir);
+		SECStatus status;
+		if (need_db)
+			status = NSS_Init(certdir);
+		else
+			status = NSS_NoDB_Init(NULL);
 		if (status != SECSuccess) {
 			fprintf(stderr, "Could not initialize nss: %s\n",
 				PORT_ErrorToString(PORT_GetError()));
@@ -571,42 +623,8 @@ main(int argc, char *argv[])
 	if (certname)
 		free(certname);
 
-	int action = 0;
-	if (daemon)
-		action |= DAEMONIZE;
-
-	if (ctxp->rawsig)
-		action |= IMPORT_RAW_SIGNATURE;
-
-	if (ctxp->insattrs)
-		action |= IMPORT_SATTRS;
-
-	if (ctxp->outsattrs)
-		action |= EXPORT_SATTRS;
-
-	if (ctxp->insig)
-		action |= IMPORT_SIGNATURE;
-
-	if (ctxp->outkey)
-		action |= EXPORT_PUBKEY;
-
-	if (ctxp->outcert)
-		action |= EXPORT_CERT;
-
-	if (ctxp->outsig)
-		action |= EXPORT_SIGNATURE;
-
-	if (remove != 0)
-		action |= REMOVE_SIGNATURE;
-
-	if (list != 0)
-		action |= LIST_SIGNATURES;
 
 	if (ctxp->sign) {
-		action |= GENERATE_SIGNATURE;
-		if (!(action & EXPORT_SIGNATURE))
-			action |= IMPORT_SIGNATURE;
-
 		if (!ctxp->cms_ctx->certname) {
 			fprintf(stderr, "pesign: signing requested but no "
 				"certificate nickname provided\n");
@@ -614,9 +632,6 @@ main(int argc, char *argv[])
 		}
 	}
 
-	if (ctxp->hash)
-		action |= GENERATE_DIGEST|PRINT_DIGEST;
-
 	ssize_t sigspace = 0;
 
 	switch (action) {
-- 
1.8.1.4