On 2010-06-13 17:24 PDT, Robin H. Johnson wrote: > On Sun, Jun 13, 2010 at 03:08:07PM -0700, Nelson B Bolyard wrote: >> On 2010-06-13 13:02 PDT, Robin H. Johnson wrote:
>>> As an intermediate related question, is there a standalone >>> verification tool for the CHK files >>> >>> shlibsign -V -i .... seems to just sign again, not verify. >> >> Yes. modutil is that test tool. You already know how to use it. Just >> drop the -force argument. > > I should have clarified, that I want to verify without any disk writes, > nor assuming a pre-setup database. The "without any disk writes" part is easy. But without a setup database, it's not easy. > # modutil -chkfips true modutil: function failed: security library: bad > database. > > Just exactly that the chk files are valid, and nothing else. No. If you wanted to add an option to shlibsign for that purpose, I believe we'd consider it. Perhaps the easiest thing to do is rerun shlibsign and compare the old and new files. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
