Re: Cool-Key on Solaris

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Just to close the loop on this, due to lack of time I've been unable to further debug my Coolkey issues on OpenSolaris/Solaris 11 Express.

I found an alternate solution for the newer PIV-compliant CACs DoD has begun issuing:


I've posted build instructions using the Sun Studio compiler 12 tools on Solaris 11 Express snv_151a on the opensolaris crypto-discuss mailing list. If anyone wants/needs to use a PIV-compliant DoD CAC on Solaris 11 Express, that message thread is readily findable on Google by searching the terms "OpenSolaris DoD CAC." I'd also be happy to pass along what I did if anyone wants to drop me a line.

It's a shame I couldn't get this working with Coolkey, but as the older CACs are phased out in favor of the newer PIV-compliant CACs, the need for older CAC support should become an unhappy memory.

Thank you to everyone for your help with this!

On 06/10/10 01:31 AM, John Magne wrote:
Perhaps you could try running pk11util in the debugger and set a break point right before trying your first pkcs11 operation?

----- Original Message -----
From: "Kevin Reinholz" <kreinholz@xxxxxxxxx>
To: Coolkey-devel@xxxxxxxxxx
Sent: Tuesday, June 8, 2010 11:17:02 PM GMT -08:00 US/Canada Pacific
Subject: Re:  Cool-Key on Solaris

Still hitting a brick wall. 

On 04/28/10 10:19 AM, Kevin Reinholz wrote: 

According to this link ( ), there were some recent bug fixes introduced into Coolkey. However, the source listed and linked to here ( ) is version 1.1.0 from 2007... 

Are there more up-to-date sources available for Coolkey? The Jan 2010 bug fix advisory mentioning version 1.1.0-14 for RHEL referenced two bugs that would probably cause similar symptoms to what I'm experiencing on OpenSolaris: 

Are there more up-to-date sources I should be attempting to build and install Coolkey from? 

Found bug fix patches for coolkey-1.1.0 here: 

(Any Fedora mirror with source rpms should work). 

Downloaded the file: 


There are 5 patches included along with a tar.gz archive of the coolkey-1.1.0 source. 

I manually applied the patches and did the Solaris 10 workarounds (adding a few lines regarding MAP_FILE to src/coolkey/machdep.cpp and deleting the blank line 19 from src/coolkey/coolkeypk11.def 

Then I built coolkey the same way I've been doing on OpenSolaris: 

env LIBUSB_CLFAGS="-I/usr/include" LIBUSB_LIBS="-L/usr/lib -lusb" PCSC_CFLAGS=-I/usr/local/include/PCSC PCSC_LIBS="-L/usr/local/lib -lpcsclite" ./configure --sysconfdir=/etc --prefix=/usr/local 


pfexec make install 

Unfortunately Firefox still complains that it is unable to add as a security module. 

I tried to initialize with pk11util: 

pkcs11> C_Initialize /usr/local/lib/pkcs11/ 
Segmentation Fault (core dumped) 

Doesn't look encouraging. 

On 04/20/10 10:22 AM, Kevin Reinholz wrote: 

On 04/20/10 10:03 AM, John Magne wrote: 

Yeah it sounds like maybe the module is not getting hit. 

Have you tried doing the ldd on the module file to see if there are any missing dependencies? 
reinholz@etrenank:~$ ldd /usr/local/lib/pkcs11/ => /usr/local/lib/ => /lib/ => /lib/ => /usr/sfw/lib/ => /lib/ => /usr/sfw/lib/ => /lib/ 

The same exact libs show as linked to after compiling the patched version. 

Nothing jumps out as missing.. 


----- Original Message ----- 
From: "Kevin Reinholz" <kreinholz@xxxxxxxxx> 
To: Coolkey-devel@xxxxxxxxxx 
Sent: Monday, April 19, 2010 5:39:22 PM GMT -08:00 US/Canada Pacific 
Subject: Re:  Cool-Key on Solaris 

On 04/20/10 01:30 AM, John Magne wrote: 

Here is something to try. 

Before starting firefix, set this variable: 


Then start firefox in the same terminal. 

After the module load fails, you can see if there is something in the log file. 

I tried by doing the following: 

export COOL_KEY_LOG_FILE=/tmp/cool.log 

Then attempting to add /usr/local/lib/pkcs11/ as a 
Security Module in Firefox. Unfortunately, the log file was empty/not 
created, implying my error is very early in the loading process(?) 

Same as before, attempting to create a coolkey log file before launching Firefox resulted in no file being created... 

I've built pk11util so with some examples I can run some tests on using pk11util. 

Thanks for your help! 


I'm out of ideas unless anyone has additional suggestions. It looks like the differences between Solaris 10 and OpenSolaris are preventing coolkey from giving me any love. 

Coolkey-devel mailing list 

Coolkey-devel mailing list
Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux