Re: Cool-Key on Solaris

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On 02/20/10 01:57 PM, Kevin Reinholz wrote:
On 02/17/10 04:27 AM, Robert Relyea wrote:
On 02/13/2010 11:07 PM, Kevin Reinholz wrote:

Here are the compiler flags I used to compile pcsc-lite-1.5.6-svn-4744 with gcc-3.4.3:

env CFLAGS="-g" CPPFLAGS="-DDEBUG" LDFLAGS="-g" PTHREAD_CFLAGS="-pthreads" LIBUSB_CFLAGS="-I/usr/include" LIBUSB_LDFLAGS="-L/usr/lib -lusb" CPPFLAGS="-D_TS_ERRNO" LDFLAGS="-R/usr/local/lib:/usr/lib" PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --disable-libhal --enable-libusb

pfexec make install

And ccid-1.3.11-svn-4750 also using gcc-3.4.3:

env PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib -lpcsclite" LIBUSB_CFLAGS=-I/usr/include LIBUSB_LIBS="-L/usr/lib -lusb" ./configure --sysconfdir=/etc --prefix=/usr/local --enable-usbdropdir=/usr/local/pcsc/drivers

pfexec make install

And coolkey-1.1.0 is compiled as noted above, once again with gcc-3.4.3.

There are no more readily apparent linker errors at runtime, and the gcc-compiled pcsc-lite and ccid appear to function normally.

Unfortunately, attempting to add /usr/local/lib/pkcs11/ as a Security Module in Firefox-3.5.7 fails with an "unable to add module" error. This error occurs whether pcscd is running or not, whether a card reader is plugged in or not, and whether a Common Access Card is inserted into the card reader and recognized by pcsc or not. Firefox refuses to add the module every time.

I don't suppose I'm missing anything obvious here?
Nothing I can see.

I would expect libcoolkeypk11 to load even if there are no readers.

The most obvious issue would be missing library dependencies. On linux we have an ldd command that will dump what libraries are used, I suspsect solaris has something similar.

Here's what ldd reveals:

reinholz@etrenank:~$ ldd /usr/local/lib/pkcs11/ =>     /usr/local/lib/ =>     /lib/ =>     /lib/ =>     /usr/lib/ =>     /lib/ =>     /usr/lib/ =>     /lib/

Looks normal, but ld reveals a problem:

reinholz@etrenank:~$ ld /usr/local/lib/pkcs11/
ld: warning: cannot find entry symbol _start; not setting start address

So it looks like something is not linked correctly...
A little research and the offender seems to be a failure to link against /usr/lib/crt1.o as it is found on OpenSolaris snv_133.

There is also a /usr/lib/amd64/crt1.o but I built coolkey for i386-pc-solaris2.11 so I don't think it should be confused about where to find crt1.o...

It seems this object can also be found as crt0.o on some systems so perhaps the numbering is throwing gcc off?

The next think might be grab a copy of NSS and build it ( In the mozilla/security/nss/cmd there is a tool called pk11util, and some sample scripts. It will let you try to initialize pkcs 11 modules without all the rest of NSS and firefox.
You can at least see what stage the failure is coming from (dlopen, C_Initialize, etc).


I messed around with the nss source a little. I can build it on OpenSolaris by executing the following commands within the mozilla/security/nss subdirectories of the nss source:

make NS_USE_GCC=1 NO_MDUPDATE=1 nss_build_all

pfexec make NS_USE_GCC=1 NO_MDUPDATE=1 install

However, attempting to run modutil results in an error about ssl3: modutil: fatal: open failed: No such file or directory

I'm not particularly inclined to troubleshoot nss and turn this project into something bigger than it already is. I think the ld error relating to is a good hint that something is not linked correctly. Perhaps with more tinkering I can figure out a way forward.
Unfortunately, Solaris on x86 seems to have some compiling problems that Solaris on SPARC doesn't face. Although I've read reports of folks successfully building and running coolkey on Solaris SPARC, I wonder if anyone's gotten it working on x86?
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux