Package: secrets Version: 9.6-2 Severity: normal X-Debbugs-CC: [email protected] Control: found -1 10.1-1
Hi,
While fooling around with Secrets and trying to open a password-protected
database, I thought I'd push the refresh arrow on the smartcard list just to be
silly. To my surprise, Secrets crashed:
src/dyn_unix.c:34:SYS_dyn_LoadLibrary()
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: cannot open shared object file: No
such file or directory
16-12-24 02:30:09 | WARNING | Could not load pkcs11 library: Load
(/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so)
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/gsecrets/provider/pkcs11_provider.py",
line 158, in pkcs11_refresh
self._pkcs11.load(const.PKCS11_LIB)
File "/usr/lib/python3/dist-packages/PyKCS11/__init__.py", line 481, in load
raise PyKCS11Error(rv, pkcs11dll_filename)
PyKCS11.PyKCS11Error: Load (/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/gsecrets/provider/pkcs11_provider.py",
line 161, in pkcs11_refresh
task.return_error(err)
There's a few things going on it seems. For some reason it tries to find
OpenSC's PKCS #11 module, but I don't have it installed and I wonder why it's
trying to look for it in the first place? The appeal of PKCS #11 is you can use
any module you want according to your needs. I use Scute to do PKCS #11
operations using GnuPG's tools, and GNOME Keyring also (at least at one time?)
also had a PKCS #11 module. OpenSC is definitely one of the more popular ones
and it supports a wide variety of security modules, but I wonder where it's
hard-coded that it should be tried in the first place?
There's been a few initiatives within the GnuTLS, GNOME, and FreeDesktop.org
ecosystems to make shims and things to make finding modules easier, so it seems
especially strange it's not smart here. I'm sure if I install opensc-pkcs11
then the crash may not happen, but this should probably not be made a Depends
or Recommends. Installing extraneous PKCS #11 modules increases the odds an
application will try the wrong ones or keep exclusive access to cards. The
whole point of PKCS #11 is that modules are swappable to accommodate different
kinds of key stores and Secrets really shouldn't have any reason to want OpenSC
in particular.
This could be an issue in pykcs11; I don't know Python very well so maybe they
can lay eyes on this.
Thanks
signature.asc
Description: This is a digitally signed message part
