Kent E Yoder wrote: > fedora-extras-list-bounces@xxxxxxxxxx wrote on 06/07/2006 09:18:15 AM: > >> On Wed, 7 Jun 2006 07:58:33 -0500, Daniel H Jones wrote: >> >>> There is a versioned .so file, however, applications that use this > package >>> often perform a dlopen(libopencryptoki.so, ...) at runtime. Removing > this >>> link from the base package would cause problems for those applications >>> (or force the installer to create the symlinks themselves). >> No application should ever dlopen the non-versioned .so at run-time. If > it >> does, it needs to be patched. An application is built for a specific >> API/ABI and must not expect an arbitrary .so to be the right one. > > You are absolutely correct under normal circumstances, but this is a bit > of a special case. libopencryptoki.so implements the PKCS#11 API, which > is designed to be used in exactly this way. PKCS#11 apps routinely provide > a way for you to specify which PKCS#11 API .so you'd like to use. This is > because different PKCS#11 implementations *should* be interchangeable, > since they each provide the same API, but may support different hardware > under the covers. In fact, fedora already ships one such program with the > opensc package, "pkcs11-tool". > Then this is indeed very similar to the ctapi case, to be more precise, its exactly the same. May I suggest that you take a look at the ctapi-cyberjack review: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188369 An identical problem has been discussed and solved in this review and Ville, the maintainer of opensc was involved in this fix, I'm sure he is more then willing to "fix" opensc in much the same way he fixed the ctapi part of openct. Regards, Hans -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
