On 04/18/10 03:30 PM, Kevin Reinholz wrote:
Bob,
On 02/20/10 01:57 PM, Kevin Reinholz wrote:
On 02/17/10 04:27 AM, Robert Relyea wrote:
On 02/13/2010 11:07 PM, Kevin Reinholz wrote:
<snip>
There are no more readily apparent linker errors at runtime, and the
gcc-compiled pcsc-lite and ccid appear to function normally.
Unfortunately, attempting to add
/usr/local/lib/pkcs11/libcoolkeypk11.so as a Security Module in
Firefox-3.5.7 fails with an "unable to add module" error. This error
occurs whether pcscd is running or not, whether a card reader is
plugged in or not, and whether a Common Access Card is inserted into
the card reader and recognized by pcsc or not. Firefox refuses to add
the module every time.
I don't suppose I'm missing anything obvious here?
Nothing I can see.
I would expect libcoolkeypk11 to load even if there are no readers.
The most obvious issue would be missing library dependencies. On linux
we have an ldd command that will dump what libraries are used, I
suspsect solaris has something similar.
Here's what ldd reveals:
reinholz@etrenank:~$ ldd /usr/local/lib/pkcs11/libcoolkeypk11.so
libckyapplet.so.1 => /usr/local/lib/libckyapplet.so.1
libdl.so.1 => /lib/libdl.so.1
libz.so.1 => /lib/libz.so.1
libstdc++.so.6 => /usr/lib/libstdc++.so.6
libm.so.2 => /lib/libm.so.2
libgcc_s.so.1 => /usr/lib/libgcc_s.so.1
libc.so.1 => /lib/libc.so.1
Looks normal, but ld reveals a problem:
reinholz@etrenank:~$ ld /usr/local/lib/pkcs11/libcoolkeypk11.so
ld: warning: cannot find entry symbol _start; not setting start address
So it looks like something is not linked correctly...
The next think might be grab a copy of NSS and build it
(https://developer.mozilla.org/NSS_3.12.5_release_notes).
In
the
mozilla/security/nss/cmd
there
is
a tool called pk11util, and some
sample scripts. It will let you try to initialize pkcs 11 modules
without all the rest of NSS and firefox.
You can at least see what stage the failure is coming from (dlopen,
C_Initialize, etc).
bob
I messed around with the nss source a little. I can build it on
OpenSolaris by executing the following commands within the
mozilla/security/nss subdirectories of the nss source:
make NS_USE_GCC=1 NO_MDUPDATE=1 nss_build_all
pfexec make NS_USE_GCC=1 NO_MDUPDATE=1 install
However, attempting to run modutil results in an error about ssl3:
ld.so.1: modutil: fatal: libssl3.so: open failed: No such file or
directory
Killed
I'm not particularly inclined to troubleshoot nss and turn this project
into something bigger than it already is. I think the ld error relating
to libcoolkeypk11.so is a good hint that something is not linked
correctly. Perhaps with more tinkering I can figure out a way forward.
I messed around with NSS a little more. Turns out buried in the
documentation from Mozilla that 'make install' within the NSS source
does not behave as we're used to on GNU and other systems using the GNU
build tools. (i.e. configure, make, make install). Doing some manual
lib copying, and adding a directory to my PATH, I was able to get the
NSS binaries to execute without any lib errors. :)
The bad news is that while pk11mode built and apparently runs just
fine, pk11util was not built, even though it's included within the NSS
source.
Attempting to build pk11util by entering its subdirectory directly:
cd
Download/nss-3.12.5-with-nspr-4.8.2/mozilla/security/nss/cmd/pk11util/
And build pk11util yields the following error:
reinholz@etrenank:~/Download/nss-3.12.5-with-nspr-4.8.2/mozilla/security/nss/cmd/pk11util$
make NS_USE_GCC=1 NO_MDUPDATE=1
gcc -o SunOS5.11_i86pc_gcc_DBG.OBJ/pk11util.o -c -g -Wall -Wno-format
-Werror-implicit-function-declaration -Wno-switch -fPIC -DSVR4 -DSYSV
-D__svr4 -D__svr4__ -DSOLARIS -D_REENTRANT -Di386 -DSOLARIS2_11
-D_SVID_GETTOD -DXP_UNIX -DNSPR20 -DDEBUG -UNDEBUG -DDEBUG_reinholz
-DUSE_UTIL_DIRECTLY -I/usr/dt/include -I/usr/openwin/include
-I../../../../dist/SunOS5.11_i86pc_gcc_DBG.OBJ/include
-I../../../../dist/public/nss -I../../../../dist/private/nss
-I../../../../dist/public/seccmd pk11util.c
pk11util.c: In function `restore':
pk11util.c:913: error: implicit declaration of function `open'
make: *** [SunOS5.11_i86pc_gcc_DBG.OBJ/pk11util.o] Error 1
reinholz@etrenank:~/Download/nss-3.12.5-with-nspr-4.8.2/mozilla/security/nss/cmd/pk11util$
I don't suppose there are any meaningful tests I can perform on
libcoolkeypk11.so using pk11mode?
Do you have any specific examples of coolkey-related tests using
pk11util or any other Mozilla NSS components?
In the mean time without being able to build pk11util, I did a quick
test using modutil:
modutil -add 'coolkey' -libfile /usr/local/lib/pkcs11/libcoolkeypk11.so
-dbdir ~/.evolution
Which yielded the following (not particularly helpful) error message:
ERROR: Failed to add module "coolkey". Probable cause : "A PKCS #11
module returned CKR_GENERAL_ERROR, indicating that an unrecoverable
error has occurred.".
That doesn't seem to shed much light on my Coolkey on OpenSolaris
woes...
If
pk11util is the critical debugging tool I'm missing to try to
pinpoint why coolkey won't work for me with Firefox on OpenSolaris,
I'll work on troubleshooting/building pk11util on OpenSolaris.
Thanks again for your help.
Kevin
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
|
_______________________________________________
Coolkey-devel mailing list
Coolkey-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/coolkey-devel
