Hello, My name is Alon Bar-Lev, and I am a crypto maintainer at Gentoo, we were requested to add a package for your component at: http://bugs.gentoo.org/show_bug.cgi?id=163395 I did not know about this project, from documentation available on your site I could not understand why you opened a new project and not contributed to MUSCLE or OpenSC... I am a big fan of PKCS#11 and I thing that you implementing a PKCS#11 interface is a great thing... I work in integrating PKCS#11 into existing application, refer to: http://alon.barlev.googlepages.com/open-source I can help you stabilize your provider if you like. But first I would like to discuss the build environment and the packaging, in order to allow distribution for none RPM based distributions, such as Gentoo. Please receive this in good spirit, I would like very much to help. --- First I would like to discuss the NSS dependency. CoolKey build is NSS awared in two aspects: a. It uses PKCS#11 NSS hack specifics. b. It uses NSS in order to automatically install the the provider into NSS. For (a) if you write a standard PKCS#11 provider, it should work with NSS and any PKCS#11 enabled application. So you should have a good reason why you hack your implementation to be NSS awared. For (b) It is highly none standard to force installation of a PKCS#11 provider automatically affecting the whole system. Common scenario is a user installing his own providers as requested. But if you like to auto install the provider into NSS, please add --disable-nss-install option to configure so this behavior may be disabled, and NSS dependency can be removed. As common NSS should not be a dependency of a PKCS#11 provider, since there are so much applications, so it is likeley the user will choose a none NSS implementation to use his token with. --- The second issue is "make install" Manual installation and of course Gentoo installation relays on maintainers to have "make install" which install the correct files to correct locations. Currently you install the following files which are not needed: libcoolkeypk11.la libcoolkeypk11.a You probably remove them in your packaging, but please modify your build so that these will not be installed. --- The third issue is source tarball Can you please release source tarballs of your component? Currently you offer only source rpm... It would be very nice if you can release regular source tarball for none rpm based systems. --- The fourth issue is "libckyapplet" Can you please release this as a separate package? I understand that not only PKCS#11 provider is using this package... So it can be distrubuted as a standalone package and tarball. --- And a minor warning that needs to be solved, just #include <cstdlib> coolkey.cpp:37:1: warning: "NULL" redefined In file included from /usr/include/wchar.h:48, from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/cwchar:56, from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/bits/postypes.h:46, from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/iosfwd:50, from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/bits/stl_algobase.h:69, from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/bits/char_traits.h:46, from /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/g++-v4/string:47, from coolkey.cpp:23: /usr/lib/gcc/i686-pc-linux-gnu/4.1.1/include/stddef.h:400:1: warning: this is the location of the previous definition --- So to summerize: 1. Consider dropping NSS specific hacks... We can discuss this if you like, and I will try to help to understand why any is needed. 2. Add --disable-nss-install to configure to allow disabling NSS auto installation. 3. Fix "make install" so that the static/linkage files will not be installed. Only the so is needed. 4. Release standard source tarballs for versions. 5. Optionally split "libckyapplet" in to its own package. I can probably creat some patches to fix (2), (3), (5), but I don't like your contribution statement... Never saw such in other projects I help. And I am curios if your current implementation works with OpenSSH, OpenVPN and GnuPG.... :) I don't have the device in order to test this my-self. Best Regards, Alon Bar-Lev. _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel