CoolKey build environment and packaging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



My name is Alon Bar-Lev, and I am a crypto maintainer at Gentoo, we 
were requested to add a package for your component at:

I did not know about this project, from documentation available on 
your site I could not understand why you opened a new project and not 
contributed to MUSCLE or OpenSC...

I am a big fan of PKCS#11 and I thing that you implementing a PKCS#11 
interface is a great thing... I work in integrating PKCS#11 into 
existing application, refer to:

I can help you stabilize your provider if you like. But first I would 
like to discuss the build environment and the packaging, in order to 
allow distribution for none RPM based distributions, such as Gentoo.

Please receive this in good spirit, I would like very much to help.


First I would like to discuss the NSS dependency.

CoolKey build is NSS awared in two aspects:
a. It uses PKCS#11 NSS hack specifics.
b. It uses NSS in order to automatically install the the provider into 

For (a) if you write a standard PKCS#11 provider, it should work with 
NSS and any PKCS#11 enabled application. So you should have a good 
reason why you hack your implementation to be NSS awared.

For (b) It is highly none standard to force installation of a PKCS#11 
provider automatically affecting the whole system. Common scenario is 
a user installing his own providers as requested.

But if you like to auto install the provider into NSS, please 
add --disable-nss-install option to configure so this behavior may be 
disabled, and NSS dependency can be removed.

As common NSS should not be a dependency of a PKCS#11 provider, since 
there are so much applications, so it is likeley the user will choose 
a none NSS implementation to use his token with.


The second issue is "make install"

Manual installation and of course Gentoo installation relays on 
maintainers to have "make install" which install the correct files to 
correct locations. Currently you install the following files which 
are not needed:

You probably remove them in your packaging, but please modify your 
build so that these will not be installed.


The third issue is source tarball

Can you please release source tarballs of your component? Currently 
you offer only source rpm... It would be very nice if you can release 
regular source tarball for none rpm based systems.


The fourth issue is "libckyapplet"

Can you please release this as a separate package? I understand that 
not only PKCS#11 provider is using this package... So it can be 
distrubuted as a standalone package and tarball.


And a minor warning that needs to be solved, just #include <cstdlib>

coolkey.cpp:37:1: warning: "NULL" redefined
In file included from /usr/include/wchar.h:48,                 
from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/cwchar:56, 
from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/bits/postypes.h:46,
from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/iosfwd:50,
from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/bits/stl_algobase.h:69,
from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/bits/char_traits.h:46,
from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/string:47,
from coolkey.cpp:23:
/usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/stddef.h:400:1: warning: 
this is the location of the previous definition


So to summerize:

1. Consider dropping NSS specific hacks... We can discuss this if you 
like, and I will try to help to understand why any is needed.
2. Add --disable-nss-install to configure to allow disabling NSS auto 
3. Fix "make install" so that the static/linkage files will not be 
installed. Only the so is needed.
4. Release standard source tarballs for versions.
5. Optionally split "libckyapplet" in to its own package.

I can probably creat some patches to fix (2), (3), (5), but I don't 
like your contribution statement... Never saw such in other projects 
I help.

And I am curios if your current implementation works with OpenSSH, 
OpenVPN and GnuPG.... :) I don't have the device in order to test 
this my-self.

Best Regards,
Alon Bar-Lev.

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux