Your message dated Fri, 15 Apr 2016 19:38:07 +0000 with message-id <[email protected]> and subject line Bug#820703: Removed package(s) from unstable has caused the Debian Bug report #742831, regarding enabling OpenSC as PKCS#11 provider in openjdk to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 742831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742831 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: openjdk-7-jre-headless Version: 7u21-2.3.9-5 Severity: normal OpenSC has become a common standard way of accessing Hardware Security Modules (HSMs), it is also build into OSX, and available for Windows. It would make it much easier for people to get started using HSMs with Java if OpenSC could be pre-configured in the openjdk. The changes needed are quite small, its just a question of how best to manage them. There could be an /etc/java-7-openjdk/security/opensc.cfg like the nss.cfg that is already there. It would include something like this: name = OpenSC description = SunPKCS11 w/ OpenSC Smart card Framework library = /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so Then to enable it, java.security would include something like this: security.provider.10=sun.security.pkcs11.SunPKCS11 \ ${java.home}/lib/security/opensc.cfg This should co-exist with the NSS config that is already there, according to the java docs: "To use more than one slot per PKCS#11 implementation, or to use more than one PKCS#11 implementation, simply repeat the installation for each with the appropriate configuration file. This will result in a Sun PKCS#11 provider instance for each slot of each PKCS#11 implementation."[1] With this configuration, many HSMs would "just work" with keytool and jarsigner. For example, the command line would work without any extra setup: keytool -providerName SunPKCS11-OpenSC \ -keystore NONE -storetype PKCS11 -list Versus now, you have to find where opensc-pkcs11.so is installed, then put that into a conf file like in the opensc.cfg example, and run it like this: keytool -providerClass sun.security.pkcs11.SunPKCS11 \ -providerArg my-opensc-java.cfg -providerName SunPKCS11-OpenSC \ -keystore NONE -storetype PKCS11 -list [1] http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Version: 7u95-2.6.4-1+rm Dear submitter, as the package openjdk-7 has just been removed from the Debian archive unstable we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/820703 The version of this package that was in Debian prior to this removal can still be found using http://snapshot.debian.org/. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
