fedora-extras-list-bounces@xxxxxxxxxx wrote on 06/07/2006 09:18:15 AM: > On Wed, 7 Jun 2006 07:58:33 -0500, Daniel H Jones wrote: > > > There is a versioned .so file, however, applications that use this package > > often perform a dlopen(libopencryptoki.so, ...) at runtime. Removing this > > link from the base package would cause problems for those applications > > (or force the installer to create the symlinks themselves). > > No application should ever dlopen the non-versioned .so at run-time. If it > does, it needs to be patched. An application is built for a specific > API/ABI and must not expect an arbitrary .so to be the right one. You are absolutely correct under normal circumstances, but this is a bit of a special case. libopencryptoki.so implements the PKCS#11 API, which is designed to be used in exactly this way. PKCS#11 apps routinely provide a way for you to specify which PKCS#11 API .so you'd like to use. This is because different PKCS#11 implementations *should* be interchangeable, since they each provide the same API, but may support different hardware under the covers. In fact, fedora already ships one such program with the opensc package, "pkcs11-tool". > > DHJ> W: opencryptoki devel-file-in-non-devel-package > > DHJ> /usr/lib/libopencryptoki.so > > Also note that ldconfig creates a symbolic link from *.so to the most > recent versioned *.so.X, which would break such an application badly when > multiple versions are installed. In this case it shouldn't, and if it does, we have a bug to fix. :-) The PKCS#11 API actually provides an API to get its own list of implemented functions and API version level. PKCS#11 apps must be designed in such a way as to query these in order to keep from breaking. Thanks, Kent > > -- > fedora-extras-list mailing list > fedora-extras-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-extras-list -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
