On 02/17/10 04:27 AM, Robert Relyea wrote:
On 02/13/2010 11:07 PM, Kevin Reinholz wrote:
Replying to myself on this one...
On 06/14/09 10:24 AM, Kevin Reinholz wrote:
I'm
running OpenSolaris 2009.06 (snv_111b) and trying to build coolkey.
I built pcsc-lite-1.5.3 using the Sun Studio tools (Sun Ceres Studio
IDE 9.0 SunOS_i386 2009/03/06)) and the following commands:
./configure CCC=/opt/SunStudioExpress/bin/CC
CC=/opt/SunStudioExpress/bin/cc
make
pfexec make install
I've since "improved" my method of building pcsc-lite-1.5.5 with the
following options under Sun Studio 12.1 (and to reflect the
availability of libusb packages through OpenSolaris' Image Packaging
System (IPS) which install in the standard /usr directory):
env LIBUSB_CLFAGS="-I/usr/include" LIBUSB_LIBS="-L/usr/lib -lusb"
./configure CCC=/opt/sunstudio12.1/bin/CC CC=/opt/sunstudio12.1/bin/cc
--sysconfdir=/etc --prefix=/usr/local --disable-libhal --enable-libusb
--enable-debugatr --enable-scf
make
pfexec make install
I
then
built ccid-1.3.10 (again, using the Sun Studio tools) using the
following commands:
env PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib
-lpcsclite" LIBUSB_CFLAGS=-I/usr/sfw/include
LIBUSB_LIBS="-L/usr/sfw/lib -lusb" ./configure
CCC=/opt/SunStudioExpress/bin/CC CC=/opt/SunStudioExpress/bin/cc
--enable-usbdropdir=/usr/sfw/lib/libusb_plugins/
make
pfexec make install
"Better" way to compile ccid-1.3.11 using Sun Studio 12.1:
env PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib
-lpcsclite" LIBUSB_CFLAGS=-I/usr/include LIBUSB_LIBS="-L/usr/lib -lusb"
./configure CCC=/opt/sunstudio12.1/bin/CC CC=/opt/sunstudio12.1/bin/cc
--sysconfdir=/etc --prefix=/usr/local
--enable-usbdropdir=/usr/local/pcsc/drivers
make
pfexec make install
This gets me a working pcscd.
<snip>
I don't think it's (at least not without a lot of work)
possible to compile coolkey-1.1.0 with the Sun Studio compiler. I can
compile it with gcc-3.4.3 (default version on OpenSolaris snv_132)
using the following options:
>From the coolkey-1.1.0 top source directory:
vi src/coolkey/machdep.cpp
Add the following lines:
#ifndef MAP_FILE
#define MAP_FILE 0
#endif
Between:
#endif
#ifdef _WIN32
vi src/coolkey/coolkeypk11.def
And delete line 19, which is empty.
env LIBUSB_CFLAGS="-I/usr/include" LIBUSB_LIBS="-L/usr/lib -lusb"
PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib
-lpcsclite" ./configure --sysconfdir=/etc --prefix=/usr/local
make
pfexec make install
This causes coolkey to compile cleanly, but results in numerous linker
errors at runtime. I suspect that's because pcsc-lite was compiled with
the Sun Studio compiler while coolkey was compiled with gcc. (This
issue has been resolved. See below).
As of the current pcsc-lite and ccid "betas" provided on Ludovic
Rouseau's website
(http://ludovic.rousseau.free.fr/softwares/pcsc-lite/),
it
is now
possible to compile both pcsc-lite and ccid on OpenSolaris:
Here are the compiler flags I used to compile pcsc-lite-1.5.6-svn-4744
with gcc-3.4.3:
env CFLAGS="-g" CPPFLAGS="-DDEBUG" LDFLAGS="-g"
PTHREAD_CFLAGS="-pthreads" LIBUSB_CFLAGS="-I/usr/include"
LIBUSB_LDFLAGS="-L/usr/lib -lusb" CPPFLAGS="-D_TS_ERRNO"
LDFLAGS="-R/usr/local/lib:/usr/lib"
PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --disable-libhal
--enable-libusb
make
pfexec make install
And ccid-1.3.11-svn-4750 also using gcc-3.4.3:
env PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib
-lpcsclite" LIBUSB_CFLAGS=-I/usr/include LIBUSB_LIBS="-L/usr/lib -lusb"
./configure --sysconfdir=/etc --prefix=/usr/local
--enable-usbdropdir=/usr/local/pcsc/drivers
make
pfexec make install
And coolkey-1.1.0 is compiled as noted above, once again with gcc-3.4.3.
There are no more readily apparent linker errors at runtime, and the
gcc-compiled pcsc-lite and ccid appear to function normally.
Unfortunately, attempting to add
/usr/local/lib/pkcs11/libcoolkeypk11.so as a Security Module in
Firefox-3.5.7 fails with an "unable to add module" error. This error
occurs whether pcscd is running or not, whether a card reader is
plugged in or not, and whether a Common Access Card is inserted into
the card reader and recognized by pcsc or not. Firefox refuses to add
the module every time.
I don't suppose I'm missing anything obvious here?
Nothing I can see.
I would expect libcoolkeypk11 to load even if there are no readers.
The most obvious issue would be missing library dependencies. On linux
we have an ldd command that will dump what libraries are used, I
suspsect solaris has something similar.
Here's what ldd reveals:
reinholz@etrenank:~$ ldd /usr/local/lib/pkcs11/libcoolkeypk11.so
libckyapplet.so.1 => /usr/local/lib/libckyapplet.so.1
libdl.so.1 => /lib/libdl.so.1
libz.so.1 => /lib/libz.so.1
libstdc++.so.6 => /usr/lib/libstdc++.so.6
libm.so.2 => /lib/libm.so.2
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
libc.so.1 => /lib/libc.so.1
Looks normal, but ld reveals a problem:
reinholz@etrenank:~$ ld /usr/local/lib/pkcs11/libcoolkeypk11.so
ld: warning: cannot find entry symbol _start; not setting start address
So it looks like something is not linked correctly...
The next think might be grab a copy of NSS and build it
(https://developer.mozilla.org/NSS_3.12.5_release_notes).
In the
mozilla/security/nss/cmd there is a tool called pk11util, and some
sample scripts. It will let you try to initialize pkcs 11 modules
without all the rest of NSS and firefox.
You can at least see what stage the failure is coming from (dlopen,
C_Initialize, etc).
bob
I messed around with the nss source a little. I can build it on
OpenSolaris by executing the following commands within the
mozilla/security/nss subdirectories of the nss source:
make NS_USE_GCC=1 NO_MDUPDATE=1 nss_build_all
pfexec make NS_USE_GCC=1 NO_MDUPDATE=1 install
However, attempting to run modutil results in an error about ssl3:
ld.so.1: modutil: fatal: libssl3.so: open failed: No such file or
directory
Killed
I'm not particularly inclined to troubleshoot nss and turn this project
into something bigger than it already is. I think the ld error relating
to libcoolkeypk11.so is a good hint that something is not linked
correctly. Perhaps with more tinkering I can figure out a way forward.
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
|
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
